ro
4337a20fb8
API Security has been reworked to check if request is secure, verifies the API token created on site setup given to every member, and then confirms the system is accepting API requests by way of the API enabled toggle in settings API usage is now only meant for backend use, so this needs to be noted in the docs
124 lines
3.6 KiB
PHP
124 lines
3.6 KiB
PHP
<?php
|
|
|
|
namespace App\Repositories;
|
|
|
|
use App\Services\Assets\DocService;
|
|
use App\Interfaces\MemberRepositoryInterface;
|
|
use ReallySimpleJWT\Token;
|
|
use Carbon\Carbon;
|
|
|
|
use function _\find;
|
|
use function _\findIndex;
|
|
|
|
class MemberRepository implements MemberRepositoryInterface
|
|
{
|
|
protected $folks;
|
|
protected $docs;
|
|
|
|
public function __construct(DocService $docService)
|
|
{
|
|
$this->docs = $docService;
|
|
if (file_exists(env('FOLKS_PATH'))) {
|
|
$this->folks = json_decode(file_get_contents(env('FOLKS_PATH')), true);
|
|
} else {
|
|
$this->folks = json_decode(file_get_contents(env('FIPAMO_INIT') . '/folks-template.json'), true);
|
|
}
|
|
}
|
|
|
|
public function getAll()
|
|
{
|
|
return $this->folks;
|
|
}
|
|
|
|
public function getById($id)
|
|
{
|
|
$member = find($this->folks, ['id' => $id]);
|
|
return $member;
|
|
}
|
|
|
|
public function getByHandle($handle)
|
|
{
|
|
$member = find($this->folks, ['handle' => $handle]);
|
|
return $member;
|
|
}
|
|
|
|
public function delete($id)
|
|
{
|
|
//delete member stuff
|
|
}
|
|
|
|
public function create($member)
|
|
{
|
|
//make new member
|
|
}
|
|
|
|
public function update($member)
|
|
{
|
|
$index = findIndex($this->folks, ['id' => $member->id]);
|
|
$this->folks[$index]['handle'] = $member->handle;
|
|
$this->folks[$index]['email'] = $member->email;
|
|
if (isset($member->avatar)) {
|
|
$this->folks[$index]['avatar'] = $member->avatar;
|
|
}
|
|
$this->folks[$index]['updated'] = Carbon::now();
|
|
//save new folks file
|
|
$this->docs::writeSettings($this->folks, env('FOLKS_PATH'));
|
|
//update session
|
|
session()->put('member', $this->folks[$index]);
|
|
}
|
|
|
|
public function auth($request)
|
|
{
|
|
//suth stuff
|
|
$folks = $this->folks;
|
|
$found = $this->getByHandle($request->handle);
|
|
if ($found) {
|
|
if (password_verify($request->password, $found['password'])) {
|
|
$member = [
|
|
'id' => $found['id'],
|
|
'handle' => $found['handle'],
|
|
'email' => $found['email'],
|
|
'role' => $found['role'],
|
|
'avatar' => $found['avatar'],
|
|
'key' => $found['key'],
|
|
'secret' => $found['secret'],
|
|
];
|
|
|
|
$token = Token::create(
|
|
$found['key'],
|
|
$found['secret'],
|
|
time() + 3600,
|
|
'localhost'
|
|
); //expires in an hour
|
|
$form_token = md5(uniqid(microtime(), true));
|
|
$request->session()->put('member', $member);
|
|
$request->session()->put('token', $token);
|
|
$request->session()->put('form_token', $form_token);
|
|
return ['status' => true, 'message' => 'HEY WELCOME BACK'];
|
|
//DO SESSION STUFF
|
|
} else {
|
|
return ['status' => false, 'message' => 'CHECK THAT PASSWORD'];
|
|
//RETURN ERROR
|
|
}
|
|
} else {
|
|
return ['status' => false, 'message' => 'CHECK THAT HANDLE'];
|
|
}
|
|
}
|
|
|
|
public static function status()
|
|
{
|
|
if (session('member') !== null) {
|
|
if (
|
|
Token::validate(session('token'), session('member')['secret']) &&
|
|
Token::validateExpiration(session('token'), session('member')['secret'])
|
|
) {
|
|
return true;
|
|
} else {
|
|
return false;
|
|
}
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
}
|