added custom session manager, moved index to safe directory

This commit is contained in:
Ro 2021-03-28 15:22:00 -07:00
parent b1cc12673c
commit 0ea15ae4b2
14 changed files with 228 additions and 66 deletions

View file

@ -1,5 +1,4 @@
<?php
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
@ -11,7 +10,7 @@ class APIControl
ServerRequestInterface $request,
ResponseInterface $response,
array $args
) {
): ResponseInterface {
$contentType = $request->getHeaderLine("Content-Type");
switch ($contentType) {
case "application/json":
@ -24,7 +23,11 @@ class APIControl
//there's only one verion of the api for now
switch (isset($args["third"]) ? $args["third"] : "none") {
case "login":
$result = (new Auth())->login($body);
$result = Auth::login($body);
break;
case "logout":
$result = Auth::logout($body);
break;
default:
$result = [
@ -35,6 +38,7 @@ class APIControl
}
$response->getBody()->write(json_encode($result));
return $response->withHeader("Content-Type", "application/json");
}
}

View file

@ -1,10 +1,9 @@
<?php
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Slim\Views\Twig;
include "brain/data/Book.inc.php";
include "../brain/data/Book.inc.php";
class DashControl
{
@ -20,14 +19,15 @@ class DashControl
$content = [];
break;
default:
//$_SESSION["TEST"] = "TESTERZ";
//session_unset();
$pageOptions = [
"title" => "Fipamo Dashboard",
"status" => (new Auth())->sessionStatus(),
"status" => Session::active(),
"pages" => (new Book("content/pages"))->getContents(),
];
break;
}
return $view->render($response, "dash/start.twig", $pageOptions);
}
}

View file

@ -1,5 +1,4 @@
<?php
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Slim\Views\Twig;
@ -11,8 +10,8 @@ class IndexControl
ResponseInterface $response,
array $args
): ResponseInterface {
//unset($_SESSION);
$view = Twig::fromRequest($request);
return $view->render($response, "front/start.twig", [
"title" => "Fipamo Dash",
"status" => false,

View file

@ -2,9 +2,9 @@
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
include "brain/controller/IndexControl.inc.php";
include "brain/controller/DashControl.inc.php";
include "brain/controller/APIControl.inc.php";
include "../brain/controller/IndexControl.inc.php";
include "../brain/controller/DashControl.inc.php";
include "../brain/controller/APIControl.inc.php";
class RouteControl
{

View file

@ -1,17 +1,15 @@
<?php
include "../brain/data/Settings.inc.php";
use function _\find;
include "brain/data/Settings.inc.php";
use ReallySimpleJWT\Token;
class Auth
{
private $configs;
public function __construct()
{
}
public function sessionStatus()
public static function sessionStatus()
{
if (isset($_SESSION["member"])) {
return true;
@ -21,7 +19,7 @@ class Auth
//return $this->secret;
}
public function login($who)
public static function login($who)
{
//grab member list
$folks = (new Settings())->getFolks();
@ -30,6 +28,23 @@ class Auth
if ($found) {
//name is found, verify password
if (password_verify($who["password"], $found["password"])) {
$member = [
"handle" => $found["handle"],
"email" => $found["email"],
"role" => $found["role"],
"avatar" => $found["avi"],
];
$token = Token::create(
$found["id"],
$found["secret"],
time() + 3600,
"localhost"
); //expires in an hour
Session::start();
Session::set("member", $member);
Session::set("token", $token);
$result = [
"message" => "Welcome back",
"type" => "TASK_LOGIN",
@ -49,4 +64,14 @@ class Auth
}
return $result;
}
public static function logout()
{
Session::kill();
$result = [
"message" => "Till next time, g.",
"type" => "TASK_LOGOUT",
];
return $result;
}
}

View file

@ -0,0 +1,65 @@
<?php
use function _\find;
use ReallySimpleJWT\Token;
class Session
{
private static $file = "../content/.session";
private static $data = [
"member" => "",
"token" => "",
];
public static function start()
{
if (!is_file(self::$file)) {
file_put_contents(self::$file, json_encode(self::$data));
} else {
($new = fopen(self::$file, "w")) or die("Unable to open file!");
fwrite($new, json_encode(self::$data));
fclose($new);
}
}
public static function active()
{
$data = json_decode(file_get_contents(self::$file), true);
if ($data["member"] != null) {
$secret = (new Settings())->getFolks("secret");
if (
Token::validate($data["token"], $secret) &&
Token::validateExpiration($data["token"], $secret)
) {
true;
} else {
false;
}
return true;
} else {
return false;
}
}
public static function set($key, $value)
{
$data = json_decode(file_get_contents(self::$file), true);
$data[$key] = $value;
($fresh = fopen(self::$file, "w")) or die("Unable to open file!");
fwrite($fresh, json_encode($data));
fclose($fresh);
}
public static function get($key)
{
$data = json_decode(file_get_contents(self::$file), true);
return $data[$key];
}
public static function kill()
{
($fresh = fopen(self::$file, "w")) or die("Unable to open file!");
fwrite($fresh, json_encode(self::$data));
fclose($fresh);
}
}

View file

@ -1,5 +1,5 @@
<?php
use function _\find;
class Settings
{
private $folks;
@ -9,16 +9,22 @@ class Settings
public function __construct()
{
//gets all settings files and converts to php objects
$this->folks = json_decode(file_get_contents("config/folks.json"), true);
$this->tags = json_decode(file_get_contents("config/tags.json"), true);
$this->folks = json_decode(file_get_contents("../config/folks.json"), true);
$this->tags = json_decode(file_get_contents("../config/tags.json"), true);
$this->settings = json_decode(
file_get_contents("config/settings.json"),
file_get_contents("../config/settings.json"),
true
);
}
public function getFolks()
public function getFolks($key)
{
return $this->folks;
if (isset($key)) {
$member = Session::get("member");
$found = find($this->folks, ["handle" => $member["handle"]]);
return $found[$key];
} else {
return $this->folks;
}
}
}

View file

@ -0,0 +1,22 @@
<?php
//include "brain/data/Auth.inc.php";
class StringTools
{
public static function randomString(int $length)
{
$alphanum =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
$special = '*&!@%^#$';
$alphabet = $alphanum . $special;
$random = openssl_random_pseudo_bytes($length);
$alphabet_length = strlen($alphabet);
$string = "";
for ($i = 0; $i < $length; ++$i) {
$string .= $alphabet[ord($random[$i]) % $alphabet_length];
}
return $string;
}
}

View file

@ -13,13 +13,13 @@
<div id="notifications" class="notifications">
<div id="notifyMessage" class="notifyMessage">
<div id="notify-good" class="notify-icon">
<svg class="menu-icon"><use xlink:href="/assets/images/global/sprite.svg#entypo-emoji-flirt"/></svg>
<svg class="menu-icon"><use xlink:href="/images/global/sprite.svg#entypo-emoji-flirt"/></svg>
</div>
<div id="notify-lame" class="notify-icon">
<svg class="menu-icon"><use xlink:href="/assets/images/global/sprite.svg#entypo-emoji-sad"/></svg>
<svg class="menu-icon"><use xlink:href="/images/global/sprite.svg#entypo-emoji-sad"/></svg>
</div>
<div id="notify-working" class="notify-icon">
<svg class="menu-icon"><use xlink:href="/assets/images/global/sprite.svg#entypo-cog"/></svg>
<svg class="menu-icon"><use xlink:href="/images/global/sprite.svg#entypo-cog"/></svg>
</div>
</div>
</div>
@ -28,7 +28,7 @@
<header id="header">
<div id="wrapper">
<div id="left">
<a href="/dashboard"><img id="the-logo" src="/public/assets/images/global/the-logo.svg"/></a>
<a href="/dashboard"><img id="the-logo" src="/assets/images/global/the-logo.svg"/></a>
</div>
<div id="right"></div>

View file

@ -5,12 +5,14 @@
{% endblock %}
{% block stylesheets %}
<link rel="stylesheet" type="text/css" href="/public/assets/css/dash.css">
<link rel="stylesheet" type="text/css" href="/assets/css/dash.css">
{% endblock %}
{% block mainContent %}
<div id="dash-index">
<div id="dash-index-wrapper">
STATUS:
{{ you }}
{% if status %}
DASH INDEX
{% else %}
@ -21,5 +23,5 @@
{% endblock %}
{% block javascripts %}
<script src="/public/assets/scripts/dash.min.js" type="text/javascript"></script>
<script src="/assets/scripts/dash.min.js" type="text/javascript"></script>
{% endblock %}

View file

@ -5,6 +5,7 @@
"twig/twig": "^3.0",
"slim/twig-view": "^3.0",
"mnapoli/front-yaml": "^1.8",
"lodash-php/lodash-php": "^0.0.7"
"lodash-php/lodash-php": "^0.0.7",
"rbdwllr/reallysimplejwt": "^4.0"
}
}

60
composer.lock generated
View file

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "0dea05f2df1df2495deae70b57c9afd1",
"content-hash": "0e243f32e05cb4ef6265ce19f141fdae",
"packages": [
{
"name": "erusev/parsedown",
@ -620,6 +620,64 @@
},
"time": "2019-03-08T08:55:37+00:00"
},
{
"name": "rbdwllr/reallysimplejwt",
"version": "4.0.1",
"source": {
"type": "git",
"url": "https://github.com/RobDWaller/ReallySimpleJWT.git",
"reference": "eba7970ab2e010157ec507d408ce5b94e84f31c2"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/RobDWaller/ReallySimpleJWT/zipball/eba7970ab2e010157ec507d408ce5b94e84f31c2",
"reference": "eba7970ab2e010157ec507d408ce5b94e84f31c2",
"shasum": ""
},
"require": {
"php": ">=7.4.0"
},
"require-dev": {
"infection/infection": "^0.20",
"phpbench/phpbench": "^0.17",
"phploc/phploc": "^7.0",
"phpmd/phpmd": "^2.9",
"phpstan/phpstan": "^0.12",
"phpunit/phpunit": "^9.5",
"sebastian/phpcpd": "^6.0",
"squizlabs/php_codesniffer": "^3.5"
},
"type": "library",
"autoload": {
"psr-4": {
"ReallySimpleJWT\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Rob Waller",
"email": "rdwaller1984@gmail.com"
}
],
"description": "A really simple library to generate user authentication JSON Web Tokens.",
"keywords": [
"Authentication",
"json",
"json web tokens",
"jwt",
"php",
"tokens"
],
"support": {
"issues": "https://github.com/RobDWaller/ReallySimpleJWT/issues",
"source": "https://github.com/RobDWaller/ReallySimpleJWT/tree/4.0.1"
},
"time": "2021-03-11T12:57:20+00:00"
},
{
"name": "sebastian/comparator",
"version": "4.0.6",

View file

@ -1,14 +1,15 @@
[
{
"id": 1,
"handle": "ItsRo",
"avi": "/assets/images/user/2020/09/download20200802144459.png",
"email": "are0h@protonmail.com",
"password": "$2b$10$77PMC2W6aZ3gJP7TOA7OpeqQaz..SrRSO74WEa7cn61ehHI55.zKq",
"key": "fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a",
"role": "hnic",
"created": "2020-09-01T22:46:47+02:00",
"updated": "2020-09-01T22:46:47+02:00",
"deleted": null
}
{
"id": 1,
"handle": "ItsRo",
"avi": "/assets/images/user/2020/09/download20200802144459.png",
"email": "are0h@protonmail.com",
"password": "$2b$10$77PMC2W6aZ3gJP7TOA7OpeqQaz..SrRSO74WEa7cn61ehHI55.zKq",
"key": "fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a",
"secret": "&eIWQ8E&@vh*",
"role": "hnic",
"created": "2020-09-01T22:46:47+02:00",
"updated": "2020-09-01T22:46:47+02:00",
"deleted": null
}
]

View file

@ -1,21 +0,0 @@
<?php
require __DIR__ . "/vendor/autoload.php";
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Slim\Factory\AppFactory;
use Slim\Views\Twig;
use Slim\Views\TwigMiddleware;
include "brain/controller/RouteControl.inc.php";
include "brain/data/Auth.inc.php";
$app = AppFactory::create();
$twig = Twig::create("brain/views/");
$app->add(TwigMiddleware::create($app, $twig));
session_start();
//set up routing
$app->get("/[{first}[/{second}[/{third}[/{fourth}]]]]", "\RouteControl:get");
$app->post("/[{first}[/{second}[/{third}[/{fourt}]]]]", "\RouteControl:post");
//start the app
$app->run();