From 0ea15ae4b201331a160748abdcfa1c41f6f84bcf Mon Sep 17 00:00:00 2001
From: Ro <ro@playvicio.us>
Date: Sun, 28 Mar 2021 15:22:00 -0700
Subject: [PATCH] added custom session manager, moved index to safe directory

---
 brain/controller/APIControl.inc.php   | 10 +++--
 brain/controller/DashControl.inc.php  |  8 ++--
 brain/controller/IndexControl.inc.php |  3 +-
 brain/controller/RouteControl.inc.php |  6 +--
 brain/data/Auth.inc.php               | 37 ++++++++++++---
 brain/data/Session.inc.php            | 65 +++++++++++++++++++++++++++
 brain/data/Settings.inc.php           | 18 +++++---
 brain/utility/StringTools.inc.php     | 22 +++++++++
 brain/views/dash/_frame.twig          |  8 ++--
 brain/views/dash/start.twig           |  6 ++-
 composer.json                         |  3 +-
 composer.lock                         | 60 ++++++++++++++++++++++++-
 config/folks.json                     | 27 +++++------
 index.php                             | 21 ---------
 14 files changed, 228 insertions(+), 66 deletions(-)
 create mode 100644 brain/data/Session.inc.php
 create mode 100644 brain/utility/StringTools.inc.php
 delete mode 100644 index.php

diff --git a/brain/controller/APIControl.inc.php b/brain/controller/APIControl.inc.php
index c1d0847..caad565 100644
--- a/brain/controller/APIControl.inc.php
+++ b/brain/controller/APIControl.inc.php
@@ -1,5 +1,4 @@
 <?php
-
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 
@@ -11,7 +10,7 @@ class APIControl
     ServerRequestInterface $request,
     ResponseInterface $response,
     array $args
-  ) {
+  ): ResponseInterface {
     $contentType = $request->getHeaderLine("Content-Type");
     switch ($contentType) {
       case "application/json":
@@ -24,7 +23,11 @@ class APIControl
     //there's only one verion of the api for now
     switch (isset($args["third"]) ? $args["third"] : "none") {
       case "login":
-        $result = (new Auth())->login($body);
+        $result = Auth::login($body);
+
+        break;
+      case "logout":
+        $result = Auth::logout($body);
         break;
       default:
         $result = [
@@ -35,6 +38,7 @@ class APIControl
     }
 
     $response->getBody()->write(json_encode($result));
+
     return $response->withHeader("Content-Type", "application/json");
   }
 }
diff --git a/brain/controller/DashControl.inc.php b/brain/controller/DashControl.inc.php
index 869c736..10a6b00 100644
--- a/brain/controller/DashControl.inc.php
+++ b/brain/controller/DashControl.inc.php
@@ -1,10 +1,9 @@
 <?php
-
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Slim\Views\Twig;
 
-include "brain/data/Book.inc.php";
+include "../brain/data/Book.inc.php";
 
 class DashControl
 {
@@ -20,14 +19,15 @@ class DashControl
         $content = [];
         break;
       default:
+        //$_SESSION["TEST"] = "TESTERZ";
+        //session_unset();
         $pageOptions = [
           "title" => "Fipamo Dashboard",
-          "status" => (new Auth())->sessionStatus(),
+          "status" => Session::active(),
           "pages" => (new Book("content/pages"))->getContents(),
         ];
         break;
     }
-
     return $view->render($response, "dash/start.twig", $pageOptions);
   }
 }
diff --git a/brain/controller/IndexControl.inc.php b/brain/controller/IndexControl.inc.php
index 039f72a..d9ad0f1 100644
--- a/brain/controller/IndexControl.inc.php
+++ b/brain/controller/IndexControl.inc.php
@@ -1,5 +1,4 @@
 <?php
-
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Slim\Views\Twig;
@@ -11,8 +10,8 @@ class IndexControl
     ResponseInterface $response,
     array $args
   ): ResponseInterface {
+    //unset($_SESSION);
     $view = Twig::fromRequest($request);
-
     return $view->render($response, "front/start.twig", [
       "title" => "Fipamo Dash",
       "status" => false,
diff --git a/brain/controller/RouteControl.inc.php b/brain/controller/RouteControl.inc.php
index fc24e25..8b80ec8 100644
--- a/brain/controller/RouteControl.inc.php
+++ b/brain/controller/RouteControl.inc.php
@@ -2,9 +2,9 @@
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 
-include "brain/controller/IndexControl.inc.php";
-include "brain/controller/DashControl.inc.php";
-include "brain/controller/APIControl.inc.php";
+include "../brain/controller/IndexControl.inc.php";
+include "../brain/controller/DashControl.inc.php";
+include "../brain/controller/APIControl.inc.php";
 
 class RouteControl
 {
diff --git a/brain/data/Auth.inc.php b/brain/data/Auth.inc.php
index b365777..38c4851 100644
--- a/brain/data/Auth.inc.php
+++ b/brain/data/Auth.inc.php
@@ -1,17 +1,15 @@
 <?php
+include "../brain/data/Settings.inc.php";
 use function _\find;
-
-include "brain/data/Settings.inc.php";
+use ReallySimpleJWT\Token;
 
 class Auth
 {
-  private $configs;
-
   public function __construct()
   {
   }
 
-  public function sessionStatus()
+  public static function sessionStatus()
   {
     if (isset($_SESSION["member"])) {
       return true;
@@ -21,7 +19,7 @@ class Auth
     //return $this->secret;
   }
 
-  public function login($who)
+  public static function login($who)
   {
     //grab member list
     $folks = (new Settings())->getFolks();
@@ -30,6 +28,23 @@ class Auth
     if ($found) {
       //name is found, verify password
       if (password_verify($who["password"], $found["password"])) {
+        $member = [
+          "handle" => $found["handle"],
+          "email" => $found["email"],
+          "role" => $found["role"],
+          "avatar" => $found["avi"],
+        ];
+
+        $token = Token::create(
+          $found["id"],
+          $found["secret"],
+          time() + 3600,
+          "localhost"
+        ); //expires in an hour
+        Session::start();
+        Session::set("member", $member);
+        Session::set("token", $token);
+
         $result = [
           "message" => "Welcome back",
           "type" => "TASK_LOGIN",
@@ -49,4 +64,14 @@ class Auth
     }
     return $result;
   }
+
+  public static function logout()
+  {
+    Session::kill();
+    $result = [
+      "message" => "Till next time, g.",
+      "type" => "TASK_LOGOUT",
+    ];
+    return $result;
+  }
 }
diff --git a/brain/data/Session.inc.php b/brain/data/Session.inc.php
new file mode 100644
index 0000000..c3a2266
--- /dev/null
+++ b/brain/data/Session.inc.php
@@ -0,0 +1,65 @@
+<?php
+use function _\find;
+use ReallySimpleJWT\Token;
+
+class Session
+{
+  private static $file = "../content/.session";
+  private static $data = [
+    "member" => "",
+    "token" => "",
+  ];
+  public static function start()
+  {
+    if (!is_file(self::$file)) {
+      file_put_contents(self::$file, json_encode(self::$data));
+    } else {
+      ($new = fopen(self::$file, "w")) or die("Unable to open file!");
+      fwrite($new, json_encode(self::$data));
+      fclose($new);
+    }
+  }
+
+  public static function active()
+  {
+    $data = json_decode(file_get_contents(self::$file), true);
+    if ($data["member"] != null) {
+      $secret = (new Settings())->getFolks("secret");
+      if (
+        Token::validate($data["token"], $secret) &&
+        Token::validateExpiration($data["token"], $secret)
+      ) {
+        true;
+      } else {
+        false;
+      }
+
+      return true;
+    } else {
+      return false;
+    }
+  }
+
+  public static function set($key, $value)
+  {
+    $data = json_decode(file_get_contents(self::$file), true);
+    $data[$key] = $value;
+    ($fresh = fopen(self::$file, "w")) or die("Unable to open file!");
+    fwrite($fresh, json_encode($data));
+    fclose($fresh);
+  }
+
+  public static function get($key)
+  {
+    $data = json_decode(file_get_contents(self::$file), true);
+
+    return $data[$key];
+  }
+
+  public static function kill()
+  {
+    ($fresh = fopen(self::$file, "w")) or die("Unable to open file!");
+    fwrite($fresh, json_encode(self::$data));
+    fclose($fresh);
+  }
+}
diff --git a/brain/data/Settings.inc.php b/brain/data/Settings.inc.php
index adf3fce..d540bce 100644
--- a/brain/data/Settings.inc.php
+++ b/brain/data/Settings.inc.php
@@ -1,5 +1,5 @@
 <?php
-
+use function _\find;
 class Settings
 {
   private $folks;
@@ -9,16 +9,22 @@ class Settings
   public function __construct()
   {
     //gets all settings files and converts to php objects
-    $this->folks = json_decode(file_get_contents("config/folks.json"), true);
-    $this->tags = json_decode(file_get_contents("config/tags.json"), true);
+    $this->folks = json_decode(file_get_contents("../config/folks.json"), true);
+    $this->tags = json_decode(file_get_contents("../config/tags.json"), true);
     $this->settings = json_decode(
-      file_get_contents("config/settings.json"),
+      file_get_contents("../config/settings.json"),
       true
     );
   }
 
-  public function getFolks()
+  public function getFolks($key)
   {
-    return $this->folks;
+    if (isset($key)) {
+      $member = Session::get("member");
+      $found = find($this->folks, ["handle" => $member["handle"]]);
+      return $found[$key];
+    } else {
+      return $this->folks;
+    }
   }
 }
diff --git a/brain/utility/StringTools.inc.php b/brain/utility/StringTools.inc.php
new file mode 100644
index 0000000..2f1fb17
--- /dev/null
+++ b/brain/utility/StringTools.inc.php
@@ -0,0 +1,22 @@
+<?php
+
+//include "brain/data/Auth.inc.php";
+
+class StringTools
+{
+  public static function randomString(int $length)
+  {
+    $alphanum =
+      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+    $special = '*&!@%^#$';
+    $alphabet = $alphanum . $special;
+    $random = openssl_random_pseudo_bytes($length);
+    $alphabet_length = strlen($alphabet);
+    $string = "";
+    for ($i = 0; $i < $length; ++$i) {
+      $string .= $alphabet[ord($random[$i]) % $alphabet_length];
+    }
+
+    return $string;
+  }
+}
diff --git a/brain/views/dash/_frame.twig b/brain/views/dash/_frame.twig
index 4dd68dd..8605cac 100644
--- a/brain/views/dash/_frame.twig
+++ b/brain/views/dash/_frame.twig
@@ -13,13 +13,13 @@
         <div id="notifications" class="notifications">
             <div id="notifyMessage" class="notifyMessage">
                 <div id="notify-good" class="notify-icon">
-                    <svg class="menu-icon"><use xlink:href="/assets/images/global/sprite.svg#entypo-emoji-flirt"/></svg>
+                    <svg class="menu-icon"><use xlink:href="/images/global/sprite.svg#entypo-emoji-flirt"/></svg>
                 </div>
                 <div id="notify-lame" class="notify-icon">
-                    <svg class="menu-icon"><use xlink:href="/assets/images/global/sprite.svg#entypo-emoji-sad"/></svg>
+                    <svg class="menu-icon"><use xlink:href="/images/global/sprite.svg#entypo-emoji-sad"/></svg>
                 </div>
                 <div id="notify-working" class="notify-icon">
-                    <svg class="menu-icon"><use xlink:href="/assets/images/global/sprite.svg#entypo-cog"/></svg>
+                    <svg class="menu-icon"><use xlink:href="/images/global/sprite.svg#entypo-cog"/></svg>
                 </div>
             </div>
         </div>
@@ -28,7 +28,7 @@
                 <header id="header">
                     <div id="wrapper">
                         <div id="left">
-                            <a href="/dashboard"><img id="the-logo" src="/public/assets/images/global/the-logo.svg"/></a>
+                            <a href="/dashboard"><img id="the-logo" src="/assets/images/global/the-logo.svg"/></a>
                         </div>
 
                         <div id="right"></div>
diff --git a/brain/views/dash/start.twig b/brain/views/dash/start.twig
index 9621432..853f564 100644
--- a/brain/views/dash/start.twig
+++ b/brain/views/dash/start.twig
@@ -5,12 +5,14 @@
 {% endblock %}
 
 {% block stylesheets %}
-    <link rel="stylesheet" type="text/css" href="/public/assets/css/dash.css">
+    <link rel="stylesheet" type="text/css" href="/assets/css/dash.css">
     {% endblock %}
 
     {% block mainContent %}
         <div id="dash-index">
             <div id="dash-index-wrapper">
+                STATUS:
+                {{ you }}
                 {% if status %}
                     DASH INDEX
                 {% else %}
@@ -21,5 +23,5 @@
     {% endblock %}
 
     {% block javascripts %}
-        <script src="/public/assets/scripts/dash.min.js" type="text/javascript"></script>
+        <script src="/assets/scripts/dash.min.js" type="text/javascript"></script>
     {% endblock %}
\ No newline at end of file
diff --git a/composer.json b/composer.json
index 597b982..055928b 100644
--- a/composer.json
+++ b/composer.json
@@ -5,6 +5,7 @@
         "twig/twig": "^3.0",
         "slim/twig-view": "^3.0",
         "mnapoli/front-yaml": "^1.8",
-        "lodash-php/lodash-php": "^0.0.7"
+        "lodash-php/lodash-php": "^0.0.7",
+        "rbdwllr/reallysimplejwt": "^4.0"
     }
 }
diff --git a/composer.lock b/composer.lock
index d0907d5..fbfaccd 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "0dea05f2df1df2495deae70b57c9afd1",
+    "content-hash": "0e243f32e05cb4ef6265ce19f141fdae",
     "packages": [
         {
             "name": "erusev/parsedown",
@@ -620,6 +620,64 @@
             },
             "time": "2019-03-08T08:55:37+00:00"
         },
+        {
+            "name": "rbdwllr/reallysimplejwt",
+            "version": "4.0.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/RobDWaller/ReallySimpleJWT.git",
+                "reference": "eba7970ab2e010157ec507d408ce5b94e84f31c2"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/RobDWaller/ReallySimpleJWT/zipball/eba7970ab2e010157ec507d408ce5b94e84f31c2",
+                "reference": "eba7970ab2e010157ec507d408ce5b94e84f31c2",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.4.0"
+            },
+            "require-dev": {
+                "infection/infection": "^0.20",
+                "phpbench/phpbench": "^0.17",
+                "phploc/phploc": "^7.0",
+                "phpmd/phpmd": "^2.9",
+                "phpstan/phpstan": "^0.12",
+                "phpunit/phpunit": "^9.5",
+                "sebastian/phpcpd": "^6.0",
+                "squizlabs/php_codesniffer": "^3.5"
+            },
+            "type": "library",
+            "autoload": {
+                "psr-4": {
+                    "ReallySimpleJWT\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Rob Waller",
+                    "email": "rdwaller1984@gmail.com"
+                }
+            ],
+            "description": "A really simple library to generate user authentication JSON Web Tokens.",
+            "keywords": [
+                "Authentication",
+                "json",
+                "json web tokens",
+                "jwt",
+                "php",
+                "tokens"
+            ],
+            "support": {
+                "issues": "https://github.com/RobDWaller/ReallySimpleJWT/issues",
+                "source": "https://github.com/RobDWaller/ReallySimpleJWT/tree/4.0.1"
+            },
+            "time": "2021-03-11T12:57:20+00:00"
+        },
         {
             "name": "sebastian/comparator",
             "version": "4.0.6",
diff --git a/config/folks.json b/config/folks.json
index 39c388f..12dd1f4 100644
--- a/config/folks.json
+++ b/config/folks.json
@@ -1,14 +1,15 @@
 [
-    {
-        "id": 1,
-        "handle": "ItsRo",
-        "avi": "/assets/images/user/2020/09/download20200802144459.png",
-        "email": "are0h@protonmail.com",
-        "password": "$2b$10$77PMC2W6aZ3gJP7TOA7OpeqQaz..SrRSO74WEa7cn61ehHI55.zKq",
-        "key": "fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a",
-        "role": "hnic",
-        "created": "2020-09-01T22:46:47+02:00",
-        "updated": "2020-09-01T22:46:47+02:00",
-        "deleted": null
-    }
-]
\ No newline at end of file
+  {
+    "id": 1,
+    "handle": "ItsRo",
+    "avi": "/assets/images/user/2020/09/download20200802144459.png",
+    "email": "are0h@protonmail.com",
+    "password": "$2b$10$77PMC2W6aZ3gJP7TOA7OpeqQaz..SrRSO74WEa7cn61ehHI55.zKq",
+    "key": "fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a",
+    "secret": "&eIWQ8E&@vh*",
+    "role": "hnic",
+    "created": "2020-09-01T22:46:47+02:00",
+    "updated": "2020-09-01T22:46:47+02:00",
+    "deleted": null
+  }
+]
diff --git a/index.php b/index.php
deleted file mode 100644
index 5057abe..0000000
--- a/index.php
+++ /dev/null
@@ -1,21 +0,0 @@
-<?php
-require __DIR__ . "/vendor/autoload.php";
-
-use Psr\Http\Message\ResponseInterface as Response;
-use Psr\Http\Message\ServerRequestInterface as Request;
-use Slim\Factory\AppFactory;
-use Slim\Views\Twig;
-use Slim\Views\TwigMiddleware;
-
-include "brain/controller/RouteControl.inc.php";
-include "brain/data/Auth.inc.php";
-
-$app = AppFactory::create();
-$twig = Twig::create("brain/views/");
-$app->add(TwigMiddleware::create($app, $twig));
-session_start();
-//set up routing
-$app->get("/[{first}[/{second}[/{third}[/{fourth}]]]]", "\RouteControl:get");
-$app->post("/[{first}[/{second}[/{third}[/{fourt}]]]]", "\RouteControl:post");
-//start the app
-$app->run();