added custom session manager, moved index to safe directory

beta
Ro 4 years ago
parent b1cc12673c
commit 0ea15ae4b2

@ -1,5 +1,4 @@
<?php <?php
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface;
@ -11,7 +10,7 @@ class APIControl
ServerRequestInterface $request, ServerRequestInterface $request,
ResponseInterface $response, ResponseInterface $response,
array $args array $args
) { ): ResponseInterface {
$contentType = $request->getHeaderLine("Content-Type"); $contentType = $request->getHeaderLine("Content-Type");
switch ($contentType) { switch ($contentType) {
case "application/json": case "application/json":
@ -24,7 +23,11 @@ class APIControl
//there's only one verion of the api for now //there's only one verion of the api for now
switch (isset($args["third"]) ? $args["third"] : "none") { switch (isset($args["third"]) ? $args["third"] : "none") {
case "login": case "login":
$result = (new Auth())->login($body); $result = Auth::login($body);
break;
case "logout":
$result = Auth::logout($body);
break; break;
default: default:
$result = [ $result = [
@ -35,6 +38,7 @@ class APIControl
} }
$response->getBody()->write(json_encode($result)); $response->getBody()->write(json_encode($result));
return $response->withHeader("Content-Type", "application/json"); return $response->withHeader("Content-Type", "application/json");
} }
} }

@ -1,10 +1,9 @@
<?php <?php
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface;
use Slim\Views\Twig; use Slim\Views\Twig;
include "brain/data/Book.inc.php"; include "../brain/data/Book.inc.php";
class DashControl class DashControl
{ {
@ -20,14 +19,15 @@ class DashControl
$content = []; $content = [];
break; break;
default: default:
//$_SESSION["TEST"] = "TESTERZ";
//session_unset();
$pageOptions = [ $pageOptions = [
"title" => "Fipamo Dashboard", "title" => "Fipamo Dashboard",
"status" => (new Auth())->sessionStatus(), "status" => Session::active(),
"pages" => (new Book("content/pages"))->getContents(), "pages" => (new Book("content/pages"))->getContents(),
]; ];
break; break;
} }
return $view->render($response, "dash/start.twig", $pageOptions); return $view->render($response, "dash/start.twig", $pageOptions);
} }
} }

@ -1,5 +1,4 @@
<?php <?php
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface;
use Slim\Views\Twig; use Slim\Views\Twig;
@ -11,8 +10,8 @@ class IndexControl
ResponseInterface $response, ResponseInterface $response,
array $args array $args
): ResponseInterface { ): ResponseInterface {
//unset($_SESSION);
$view = Twig::fromRequest($request); $view = Twig::fromRequest($request);
return $view->render($response, "front/start.twig", [ return $view->render($response, "front/start.twig", [
"title" => "Fipamo Dash", "title" => "Fipamo Dash",
"status" => false, "status" => false,

@ -2,9 +2,9 @@
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface; use Psr\Http\Message\ServerRequestInterface;
include "brain/controller/IndexControl.inc.php"; include "../brain/controller/IndexControl.inc.php";
include "brain/controller/DashControl.inc.php"; include "../brain/controller/DashControl.inc.php";
include "brain/controller/APIControl.inc.php"; include "../brain/controller/APIControl.inc.php";
class RouteControl class RouteControl
{ {

@ -1,17 +1,15 @@
<?php <?php
include "../brain/data/Settings.inc.php";
use function _\find; use function _\find;
use ReallySimpleJWT\Token;
include "brain/data/Settings.inc.php";
class Auth class Auth
{ {
private $configs;
public function __construct() public function __construct()
{ {
} }
public function sessionStatus() public static function sessionStatus()
{ {
if (isset($_SESSION["member"])) { if (isset($_SESSION["member"])) {
return true; return true;
@ -21,7 +19,7 @@ class Auth
//return $this->secret; //return $this->secret;
} }
public function login($who) public static function login($who)
{ {
//grab member list //grab member list
$folks = (new Settings())->getFolks(); $folks = (new Settings())->getFolks();
@ -30,6 +28,23 @@ class Auth
if ($found) { if ($found) {
//name is found, verify password //name is found, verify password
if (password_verify($who["password"], $found["password"])) { if (password_verify($who["password"], $found["password"])) {
$member = [
"handle" => $found["handle"],
"email" => $found["email"],
"role" => $found["role"],
"avatar" => $found["avi"],
];
$token = Token::create(
$found["id"],
$found["secret"],
time() + 3600,
"localhost"
); //expires in an hour
Session::start();
Session::set("member", $member);
Session::set("token", $token);
$result = [ $result = [
"message" => "Welcome back", "message" => "Welcome back",
"type" => "TASK_LOGIN", "type" => "TASK_LOGIN",
@ -49,4 +64,14 @@ class Auth
} }
return $result; return $result;
} }
public static function logout()
{
Session::kill();
$result = [
"message" => "Till next time, g.",
"type" => "TASK_LOGOUT",
];
return $result;
}
} }

@ -0,0 +1,65 @@
<?php
use function _\find;
use ReallySimpleJWT\Token;
class Session
{
private static $file = "../content/.session";
private static $data = [
"member" => "",
"token" => "",
];
public static function start()
{
if (!is_file(self::$file)) {
file_put_contents(self::$file, json_encode(self::$data));
} else {
($new = fopen(self::$file, "w")) or die("Unable to open file!");
fwrite($new, json_encode(self::$data));
fclose($new);
}
}
public static function active()
{
$data = json_decode(file_get_contents(self::$file), true);
if ($data["member"] != null) {
$secret = (new Settings())->getFolks("secret");
if (
Token::validate($data["token"], $secret) &&
Token::validateExpiration($data["token"], $secret)
) {
true;
} else {
false;
}
return true;
} else {
return false;
}
}
public static function set($key, $value)
{
$data = json_decode(file_get_contents(self::$file), true);
$data[$key] = $value;
($fresh = fopen(self::$file, "w")) or die("Unable to open file!");
fwrite($fresh, json_encode($data));
fclose($fresh);
}
public static function get($key)
{
$data = json_decode(file_get_contents(self::$file), true);
return $data[$key];
}
public static function kill()
{
($fresh = fopen(self::$file, "w")) or die("Unable to open file!");
fwrite($fresh, json_encode(self::$data));
fclose($fresh);
}
}

@ -1,5 +1,5 @@
<?php <?php
use function _\find;
class Settings class Settings
{ {
private $folks; private $folks;
@ -9,16 +9,22 @@ class Settings
public function __construct() public function __construct()
{ {
//gets all settings files and converts to php objects //gets all settings files and converts to php objects
$this->folks = json_decode(file_get_contents("config/folks.json"), true); $this->folks = json_decode(file_get_contents("../config/folks.json"), true);
$this->tags = json_decode(file_get_contents("config/tags.json"), true); $this->tags = json_decode(file_get_contents("../config/tags.json"), true);
$this->settings = json_decode( $this->settings = json_decode(
file_get_contents("config/settings.json"), file_get_contents("../config/settings.json"),
true true
); );
} }
public function getFolks() public function getFolks($key)
{ {
return $this->folks; if (isset($key)) {
$member = Session::get("member");
$found = find($this->folks, ["handle" => $member["handle"]]);
return $found[$key];
} else {
return $this->folks;
}
} }
} }

@ -0,0 +1,22 @@
<?php
//include "brain/data/Auth.inc.php";
class StringTools
{
public static function randomString(int $length)
{
$alphanum =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
$special = '*&!@%^#$';
$alphabet = $alphanum . $special;
$random = openssl_random_pseudo_bytes($length);
$alphabet_length = strlen($alphabet);
$string = "";
for ($i = 0; $i < $length; ++$i) {
$string .= $alphabet[ord($random[$i]) % $alphabet_length];
}
return $string;
}
}

@ -13,13 +13,13 @@
<div id="notifications" class="notifications"> <div id="notifications" class="notifications">
<div id="notifyMessage" class="notifyMessage"> <div id="notifyMessage" class="notifyMessage">
<div id="notify-good" class="notify-icon"> <div id="notify-good" class="notify-icon">
<svg class="menu-icon"><use xlink:href="/assets/images/global/sprite.svg#entypo-emoji-flirt"/></svg> <svg class="menu-icon"><use xlink:href="/images/global/sprite.svg#entypo-emoji-flirt"/></svg>
</div> </div>
<div id="notify-lame" class="notify-icon"> <div id="notify-lame" class="notify-icon">
<svg class="menu-icon"><use xlink:href="/assets/images/global/sprite.svg#entypo-emoji-sad"/></svg> <svg class="menu-icon"><use xlink:href="/images/global/sprite.svg#entypo-emoji-sad"/></svg>
</div> </div>
<div id="notify-working" class="notify-icon"> <div id="notify-working" class="notify-icon">
<svg class="menu-icon"><use xlink:href="/assets/images/global/sprite.svg#entypo-cog"/></svg> <svg class="menu-icon"><use xlink:href="/images/global/sprite.svg#entypo-cog"/></svg>
</div> </div>
</div> </div>
</div> </div>
@ -28,7 +28,7 @@
<header id="header"> <header id="header">
<div id="wrapper"> <div id="wrapper">
<div id="left"> <div id="left">
<a href="/dashboard"><img id="the-logo" src="/public/assets/images/global/the-logo.svg"/></a> <a href="/dashboard"><img id="the-logo" src="/assets/images/global/the-logo.svg"/></a>
</div> </div>
<div id="right"></div> <div id="right"></div>

@ -5,12 +5,14 @@
{% endblock %} {% endblock %}
{% block stylesheets %} {% block stylesheets %}
<link rel="stylesheet" type="text/css" href="/public/assets/css/dash.css"> <link rel="stylesheet" type="text/css" href="/assets/css/dash.css">
{% endblock %} {% endblock %}
{% block mainContent %} {% block mainContent %}
<div id="dash-index"> <div id="dash-index">
<div id="dash-index-wrapper"> <div id="dash-index-wrapper">
STATUS:
{{ you }}
{% if status %} {% if status %}
DASH INDEX DASH INDEX
{% else %} {% else %}
@ -21,5 +23,5 @@
{% endblock %} {% endblock %}
{% block javascripts %} {% block javascripts %}
<script src="/public/assets/scripts/dash.min.js" type="text/javascript"></script> <script src="/assets/scripts/dash.min.js" type="text/javascript"></script>
{% endblock %} {% endblock %}

@ -5,6 +5,7 @@
"twig/twig": "^3.0", "twig/twig": "^3.0",
"slim/twig-view": "^3.0", "slim/twig-view": "^3.0",
"mnapoli/front-yaml": "^1.8", "mnapoli/front-yaml": "^1.8",
"lodash-php/lodash-php": "^0.0.7" "lodash-php/lodash-php": "^0.0.7",
"rbdwllr/reallysimplejwt": "^4.0"
} }
} }

60
composer.lock generated

@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "0dea05f2df1df2495deae70b57c9afd1", "content-hash": "0e243f32e05cb4ef6265ce19f141fdae",
"packages": [ "packages": [
{ {
"name": "erusev/parsedown", "name": "erusev/parsedown",
@ -620,6 +620,64 @@
}, },
"time": "2019-03-08T08:55:37+00:00" "time": "2019-03-08T08:55:37+00:00"
}, },
{
"name": "rbdwllr/reallysimplejwt",
"version": "4.0.1",
"source": {
"type": "git",
"url": "https://github.com/RobDWaller/ReallySimpleJWT.git",
"reference": "eba7970ab2e010157ec507d408ce5b94e84f31c2"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/RobDWaller/ReallySimpleJWT/zipball/eba7970ab2e010157ec507d408ce5b94e84f31c2",
"reference": "eba7970ab2e010157ec507d408ce5b94e84f31c2",
"shasum": ""
},
"require": {
"php": ">=7.4.0"
},
"require-dev": {
"infection/infection": "^0.20",
"phpbench/phpbench": "^0.17",
"phploc/phploc": "^7.0",
"phpmd/phpmd": "^2.9",
"phpstan/phpstan": "^0.12",
"phpunit/phpunit": "^9.5",
"sebastian/phpcpd": "^6.0",
"squizlabs/php_codesniffer": "^3.5"
},
"type": "library",
"autoload": {
"psr-4": {
"ReallySimpleJWT\\": "src/"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Rob Waller",
"email": "rdwaller1984@gmail.com"
}
],
"description": "A really simple library to generate user authentication JSON Web Tokens.",
"keywords": [
"Authentication",
"json",
"json web tokens",
"jwt",
"php",
"tokens"
],
"support": {
"issues": "https://github.com/RobDWaller/ReallySimpleJWT/issues",
"source": "https://github.com/RobDWaller/ReallySimpleJWT/tree/4.0.1"
},
"time": "2021-03-11T12:57:20+00:00"
},
{ {
"name": "sebastian/comparator", "name": "sebastian/comparator",
"version": "4.0.6", "version": "4.0.6",

@ -1,14 +1,15 @@
[ [
{ {
"id": 1, "id": 1,
"handle": "ItsRo", "handle": "ItsRo",
"avi": "/assets/images/user/2020/09/download20200802144459.png", "avi": "/assets/images/user/2020/09/download20200802144459.png",
"email": "are0h@protonmail.com", "email": "are0h@protonmail.com",
"password": "$2b$10$77PMC2W6aZ3gJP7TOA7OpeqQaz..SrRSO74WEa7cn61ehHI55.zKq", "password": "$2b$10$77PMC2W6aZ3gJP7TOA7OpeqQaz..SrRSO74WEa7cn61ehHI55.zKq",
"key": "fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a", "key": "fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a",
"role": "hnic", "secret": "&eIWQ8E&@vh*",
"created": "2020-09-01T22:46:47+02:00", "role": "hnic",
"updated": "2020-09-01T22:46:47+02:00", "created": "2020-09-01T22:46:47+02:00",
"deleted": null "updated": "2020-09-01T22:46:47+02:00",
} "deleted": null
] }
]

@ -1,21 +0,0 @@
<?php
require __DIR__ . "/vendor/autoload.php";
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Slim\Factory\AppFactory;
use Slim\Views\Twig;
use Slim\Views\TwigMiddleware;
include "brain/controller/RouteControl.inc.php";
include "brain/data/Auth.inc.php";
$app = AppFactory::create();
$twig = Twig::create("brain/views/");
$app->add(TwigMiddleware::create($app, $twig));
session_start();
//set up routing
$app->get("/[{first}[/{second}[/{third}[/{fourth}]]]]", "\RouteControl:get");
$app->post("/[{first}[/{second}[/{third}[/{fourt}]]]]", "\RouteControl:post");
//start the app
$app->run();
Loading…
Cancel
Save