forked from projects/fipamo
added custom session manager, moved index to safe directory
This commit is contained in:
parent
b1cc12673c
commit
0ea15ae4b2
14 changed files with 228 additions and 66 deletions
|
@ -1,5 +1,4 @@
|
|||
<?php
|
||||
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
|
||||
|
@ -11,7 +10,7 @@ class APIControl
|
|||
ServerRequestInterface $request,
|
||||
ResponseInterface $response,
|
||||
array $args
|
||||
) {
|
||||
): ResponseInterface {
|
||||
$contentType = $request->getHeaderLine("Content-Type");
|
||||
switch ($contentType) {
|
||||
case "application/json":
|
||||
|
@ -24,7 +23,11 @@ class APIControl
|
|||
//there's only one verion of the api for now
|
||||
switch (isset($args["third"]) ? $args["third"] : "none") {
|
||||
case "login":
|
||||
$result = (new Auth())->login($body);
|
||||
$result = Auth::login($body);
|
||||
|
||||
break;
|
||||
case "logout":
|
||||
$result = Auth::logout($body);
|
||||
break;
|
||||
default:
|
||||
$result = [
|
||||
|
@ -35,6 +38,7 @@ class APIControl
|
|||
}
|
||||
|
||||
$response->getBody()->write(json_encode($result));
|
||||
|
||||
return $response->withHeader("Content-Type", "application/json");
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
<?php
|
||||
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Slim\Views\Twig;
|
||||
|
||||
include "brain/data/Book.inc.php";
|
||||
include "../brain/data/Book.inc.php";
|
||||
|
||||
class DashControl
|
||||
{
|
||||
|
@ -20,14 +19,15 @@ class DashControl
|
|||
$content = [];
|
||||
break;
|
||||
default:
|
||||
//$_SESSION["TEST"] = "TESTERZ";
|
||||
//session_unset();
|
||||
$pageOptions = [
|
||||
"title" => "Fipamo Dashboard",
|
||||
"status" => (new Auth())->sessionStatus(),
|
||||
"status" => Session::active(),
|
||||
"pages" => (new Book("content/pages"))->getContents(),
|
||||
];
|
||||
break;
|
||||
}
|
||||
|
||||
return $view->render($response, "dash/start.twig", $pageOptions);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
<?php
|
||||
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
use Slim\Views\Twig;
|
||||
|
@ -11,8 +10,8 @@ class IndexControl
|
|||
ResponseInterface $response,
|
||||
array $args
|
||||
): ResponseInterface {
|
||||
//unset($_SESSION);
|
||||
$view = Twig::fromRequest($request);
|
||||
|
||||
return $view->render($response, "front/start.twig", [
|
||||
"title" => "Fipamo Dash",
|
||||
"status" => false,
|
||||
|
|
|
@ -2,9 +2,9 @@
|
|||
use Psr\Http\Message\ResponseInterface;
|
||||
use Psr\Http\Message\ServerRequestInterface;
|
||||
|
||||
include "brain/controller/IndexControl.inc.php";
|
||||
include "brain/controller/DashControl.inc.php";
|
||||
include "brain/controller/APIControl.inc.php";
|
||||
include "../brain/controller/IndexControl.inc.php";
|
||||
include "../brain/controller/DashControl.inc.php";
|
||||
include "../brain/controller/APIControl.inc.php";
|
||||
|
||||
class RouteControl
|
||||
{
|
||||
|
|
|
@ -1,17 +1,15 @@
|
|||
<?php
|
||||
include "../brain/data/Settings.inc.php";
|
||||
use function _\find;
|
||||
|
||||
include "brain/data/Settings.inc.php";
|
||||
use ReallySimpleJWT\Token;
|
||||
|
||||
class Auth
|
||||
{
|
||||
private $configs;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
}
|
||||
|
||||
public function sessionStatus()
|
||||
public static function sessionStatus()
|
||||
{
|
||||
if (isset($_SESSION["member"])) {
|
||||
return true;
|
||||
|
@ -21,7 +19,7 @@ class Auth
|
|||
//return $this->secret;
|
||||
}
|
||||
|
||||
public function login($who)
|
||||
public static function login($who)
|
||||
{
|
||||
//grab member list
|
||||
$folks = (new Settings())->getFolks();
|
||||
|
@ -30,6 +28,23 @@ class Auth
|
|||
if ($found) {
|
||||
//name is found, verify password
|
||||
if (password_verify($who["password"], $found["password"])) {
|
||||
$member = [
|
||||
"handle" => $found["handle"],
|
||||
"email" => $found["email"],
|
||||
"role" => $found["role"],
|
||||
"avatar" => $found["avi"],
|
||||
];
|
||||
|
||||
$token = Token::create(
|
||||
$found["id"],
|
||||
$found["secret"],
|
||||
time() + 3600,
|
||||
"localhost"
|
||||
); //expires in an hour
|
||||
Session::start();
|
||||
Session::set("member", $member);
|
||||
Session::set("token", $token);
|
||||
|
||||
$result = [
|
||||
"message" => "Welcome back",
|
||||
"type" => "TASK_LOGIN",
|
||||
|
@ -49,4 +64,14 @@ class Auth
|
|||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
public static function logout()
|
||||
{
|
||||
Session::kill();
|
||||
$result = [
|
||||
"message" => "Till next time, g.",
|
||||
"type" => "TASK_LOGOUT",
|
||||
];
|
||||
return $result;
|
||||
}
|
||||
}
|
||||
|
|
65
brain/data/Session.inc.php
Normal file
65
brain/data/Session.inc.php
Normal file
|
@ -0,0 +1,65 @@
|
|||
<?php
|
||||
use function _\find;
|
||||
use ReallySimpleJWT\Token;
|
||||
|
||||
class Session
|
||||
{
|
||||
private static $file = "../content/.session";
|
||||
private static $data = [
|
||||
"member" => "",
|
||||
"token" => "",
|
||||
];
|
||||
public static function start()
|
||||
{
|
||||
if (!is_file(self::$file)) {
|
||||
file_put_contents(self::$file, json_encode(self::$data));
|
||||
} else {
|
||||
($new = fopen(self::$file, "w")) or die("Unable to open file!");
|
||||
fwrite($new, json_encode(self::$data));
|
||||
fclose($new);
|
||||
}
|
||||
}
|
||||
|
||||
public static function active()
|
||||
{
|
||||
$data = json_decode(file_get_contents(self::$file), true);
|
||||
if ($data["member"] != null) {
|
||||
$secret = (new Settings())->getFolks("secret");
|
||||
if (
|
||||
Token::validate($data["token"], $secret) &&
|
||||
Token::validateExpiration($data["token"], $secret)
|
||||
) {
|
||||
true;
|
||||
} else {
|
||||
false;
|
||||
}
|
||||
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public static function set($key, $value)
|
||||
{
|
||||
$data = json_decode(file_get_contents(self::$file), true);
|
||||
$data[$key] = $value;
|
||||
($fresh = fopen(self::$file, "w")) or die("Unable to open file!");
|
||||
fwrite($fresh, json_encode($data));
|
||||
fclose($fresh);
|
||||
}
|
||||
|
||||
public static function get($key)
|
||||
{
|
||||
$data = json_decode(file_get_contents(self::$file), true);
|
||||
|
||||
return $data[$key];
|
||||
}
|
||||
|
||||
public static function kill()
|
||||
{
|
||||
($fresh = fopen(self::$file, "w")) or die("Unable to open file!");
|
||||
fwrite($fresh, json_encode(self::$data));
|
||||
fclose($fresh);
|
||||
}
|
||||
}
|
|
@ -1,5 +1,5 @@
|
|||
<?php
|
||||
|
||||
use function _\find;
|
||||
class Settings
|
||||
{
|
||||
private $folks;
|
||||
|
@ -9,16 +9,22 @@ class Settings
|
|||
public function __construct()
|
||||
{
|
||||
//gets all settings files and converts to php objects
|
||||
$this->folks = json_decode(file_get_contents("config/folks.json"), true);
|
||||
$this->tags = json_decode(file_get_contents("config/tags.json"), true);
|
||||
$this->folks = json_decode(file_get_contents("../config/folks.json"), true);
|
||||
$this->tags = json_decode(file_get_contents("../config/tags.json"), true);
|
||||
$this->settings = json_decode(
|
||||
file_get_contents("config/settings.json"),
|
||||
file_get_contents("../config/settings.json"),
|
||||
true
|
||||
);
|
||||
}
|
||||
|
||||
public function getFolks()
|
||||
public function getFolks($key)
|
||||
{
|
||||
if (isset($key)) {
|
||||
$member = Session::get("member");
|
||||
$found = find($this->folks, ["handle" => $member["handle"]]);
|
||||
return $found[$key];
|
||||
} else {
|
||||
return $this->folks;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
22
brain/utility/StringTools.inc.php
Normal file
22
brain/utility/StringTools.inc.php
Normal file
|
@ -0,0 +1,22 @@
|
|||
<?php
|
||||
|
||||
//include "brain/data/Auth.inc.php";
|
||||
|
||||
class StringTools
|
||||
{
|
||||
public static function randomString(int $length)
|
||||
{
|
||||
$alphanum =
|
||||
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
||||
$special = '*&!@%^#$';
|
||||
$alphabet = $alphanum . $special;
|
||||
$random = openssl_random_pseudo_bytes($length);
|
||||
$alphabet_length = strlen($alphabet);
|
||||
$string = "";
|
||||
for ($i = 0; $i < $length; ++$i) {
|
||||
$string .= $alphabet[ord($random[$i]) % $alphabet_length];
|
||||
}
|
||||
|
||||
return $string;
|
||||
}
|
||||
}
|
|
@ -13,13 +13,13 @@
|
|||
<div id="notifications" class="notifications">
|
||||
<div id="notifyMessage" class="notifyMessage">
|
||||
<div id="notify-good" class="notify-icon">
|
||||
<svg class="menu-icon"><use xlink:href="/assets/images/global/sprite.svg#entypo-emoji-flirt"/></svg>
|
||||
<svg class="menu-icon"><use xlink:href="/images/global/sprite.svg#entypo-emoji-flirt"/></svg>
|
||||
</div>
|
||||
<div id="notify-lame" class="notify-icon">
|
||||
<svg class="menu-icon"><use xlink:href="/assets/images/global/sprite.svg#entypo-emoji-sad"/></svg>
|
||||
<svg class="menu-icon"><use xlink:href="/images/global/sprite.svg#entypo-emoji-sad"/></svg>
|
||||
</div>
|
||||
<div id="notify-working" class="notify-icon">
|
||||
<svg class="menu-icon"><use xlink:href="/assets/images/global/sprite.svg#entypo-cog"/></svg>
|
||||
<svg class="menu-icon"><use xlink:href="/images/global/sprite.svg#entypo-cog"/></svg>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
@ -28,7 +28,7 @@
|
|||
<header id="header">
|
||||
<div id="wrapper">
|
||||
<div id="left">
|
||||
<a href="/dashboard"><img id="the-logo" src="/public/assets/images/global/the-logo.svg"/></a>
|
||||
<a href="/dashboard"><img id="the-logo" src="/assets/images/global/the-logo.svg"/></a>
|
||||
</div>
|
||||
|
||||
<div id="right"></div>
|
||||
|
|
|
@ -5,12 +5,14 @@
|
|||
{% endblock %}
|
||||
|
||||
{% block stylesheets %}
|
||||
<link rel="stylesheet" type="text/css" href="/public/assets/css/dash.css">
|
||||
<link rel="stylesheet" type="text/css" href="/assets/css/dash.css">
|
||||
{% endblock %}
|
||||
|
||||
{% block mainContent %}
|
||||
<div id="dash-index">
|
||||
<div id="dash-index-wrapper">
|
||||
STATUS:
|
||||
{{ you }}
|
||||
{% if status %}
|
||||
DASH INDEX
|
||||
{% else %}
|
||||
|
@ -21,5 +23,5 @@
|
|||
{% endblock %}
|
||||
|
||||
{% block javascripts %}
|
||||
<script src="/public/assets/scripts/dash.min.js" type="text/javascript"></script>
|
||||
<script src="/assets/scripts/dash.min.js" type="text/javascript"></script>
|
||||
{% endblock %}
|
|
@ -5,6 +5,7 @@
|
|||
"twig/twig": "^3.0",
|
||||
"slim/twig-view": "^3.0",
|
||||
"mnapoli/front-yaml": "^1.8",
|
||||
"lodash-php/lodash-php": "^0.0.7"
|
||||
"lodash-php/lodash-php": "^0.0.7",
|
||||
"rbdwllr/reallysimplejwt": "^4.0"
|
||||
}
|
||||
}
|
||||
|
|
60
composer.lock
generated
60
composer.lock
generated
|
@ -4,7 +4,7 @@
|
|||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||
"This file is @generated automatically"
|
||||
],
|
||||
"content-hash": "0dea05f2df1df2495deae70b57c9afd1",
|
||||
"content-hash": "0e243f32e05cb4ef6265ce19f141fdae",
|
||||
"packages": [
|
||||
{
|
||||
"name": "erusev/parsedown",
|
||||
|
@ -620,6 +620,64 @@
|
|||
},
|
||||
"time": "2019-03-08T08:55:37+00:00"
|
||||
},
|
||||
{
|
||||
"name": "rbdwllr/reallysimplejwt",
|
||||
"version": "4.0.1",
|
||||
"source": {
|
||||
"type": "git",
|
||||
"url": "https://github.com/RobDWaller/ReallySimpleJWT.git",
|
||||
"reference": "eba7970ab2e010157ec507d408ce5b94e84f31c2"
|
||||
},
|
||||
"dist": {
|
||||
"type": "zip",
|
||||
"url": "https://api.github.com/repos/RobDWaller/ReallySimpleJWT/zipball/eba7970ab2e010157ec507d408ce5b94e84f31c2",
|
||||
"reference": "eba7970ab2e010157ec507d408ce5b94e84f31c2",
|
||||
"shasum": ""
|
||||
},
|
||||
"require": {
|
||||
"php": ">=7.4.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"infection/infection": "^0.20",
|
||||
"phpbench/phpbench": "^0.17",
|
||||
"phploc/phploc": "^7.0",
|
||||
"phpmd/phpmd": "^2.9",
|
||||
"phpstan/phpstan": "^0.12",
|
||||
"phpunit/phpunit": "^9.5",
|
||||
"sebastian/phpcpd": "^6.0",
|
||||
"squizlabs/php_codesniffer": "^3.5"
|
||||
},
|
||||
"type": "library",
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
"ReallySimpleJWT\\": "src/"
|
||||
}
|
||||
},
|
||||
"notification-url": "https://packagist.org/downloads/",
|
||||
"license": [
|
||||
"MIT"
|
||||
],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Rob Waller",
|
||||
"email": "rdwaller1984@gmail.com"
|
||||
}
|
||||
],
|
||||
"description": "A really simple library to generate user authentication JSON Web Tokens.",
|
||||
"keywords": [
|
||||
"Authentication",
|
||||
"json",
|
||||
"json web tokens",
|
||||
"jwt",
|
||||
"php",
|
||||
"tokens"
|
||||
],
|
||||
"support": {
|
||||
"issues": "https://github.com/RobDWaller/ReallySimpleJWT/issues",
|
||||
"source": "https://github.com/RobDWaller/ReallySimpleJWT/tree/4.0.1"
|
||||
},
|
||||
"time": "2021-03-11T12:57:20+00:00"
|
||||
},
|
||||
{
|
||||
"name": "sebastian/comparator",
|
||||
"version": "4.0.6",
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
"email": "are0h@protonmail.com",
|
||||
"password": "$2b$10$77PMC2W6aZ3gJP7TOA7OpeqQaz..SrRSO74WEa7cn61ehHI55.zKq",
|
||||
"key": "fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a",
|
||||
"secret": "&eIWQ8E&@vh*",
|
||||
"role": "hnic",
|
||||
"created": "2020-09-01T22:46:47+02:00",
|
||||
"updated": "2020-09-01T22:46:47+02:00",
|
||||
|
|
21
index.php
21
index.php
|
@ -1,21 +0,0 @@
|
|||
<?php
|
||||
require __DIR__ . "/vendor/autoload.php";
|
||||
|
||||
use Psr\Http\Message\ResponseInterface as Response;
|
||||
use Psr\Http\Message\ServerRequestInterface as Request;
|
||||
use Slim\Factory\AppFactory;
|
||||
use Slim\Views\Twig;
|
||||
use Slim\Views\TwigMiddleware;
|
||||
|
||||
include "brain/controller/RouteControl.inc.php";
|
||||
include "brain/data/Auth.inc.php";
|
||||
|
||||
$app = AppFactory::create();
|
||||
$twig = Twig::create("brain/views/");
|
||||
$app->add(TwigMiddleware::create($app, $twig));
|
||||
session_start();
|
||||
//set up routing
|
||||
$app->get("/[{first}[/{second}[/{third}[/{fourth}]]]]", "\RouteControl:get");
|
||||
$app->post("/[{first}[/{second}[/{third}[/{fourt}]]]]", "\RouteControl:post");
|
||||
//start the app
|
||||
$app->run();
|
Loading…
Reference in a new issue