ItGuild/igfs
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

new kernel, ms bearer

Browse Source
This commit is contained in:
Kavalar
2024-10-23 16:16:47 +03:00
parent 5285acae12
commit 2470c5dba8
62 changed files with 892 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
kernel/modules/secure/controllers/SecureController.php
View File

@ -4,6 +4,8 @@ namespace kernel\modules\secure\controllers;
use JetBrains\PhpStorm\NoReturn;
use kernel\AdminController;
use kernel\Flash;
use kernel\helpers\Debug;
use kernel\modules\secure\models\forms\LoginForm;
use kernel\modules\user\service\UserService;
@ -25,7 +27,7 @@ class SecureController extends AdminController
$this->cgView->render('login.php');
}
public function actionAuth(): void
#[NoReturn] public function actionAuth(): void
{
$loginForm = new LoginForm();
$loginForm->load($_REQUEST);
@ -39,21 +41,23 @@ class SecureController extends AdminController
$user = $this->userService->getByField($field, $loginForm->getItem("username"));
if (!$user){
throw new \Exception(message: "User not found");
Flash::setMessage("error", "User not found.");
$this->redirect("/admin/login", code: 302);
}
if (password_verify($loginForm->getItem("password"), $user->password_hash)) {
setcookie('user_id', $user->id, time()+60*60*24, '/', $_SERVER['SERVER_NAME'], false);
$this->redirect("/admin");
$this->redirect("/admin", code: 302);
} else {
$this->redirect("/admin/login");
Flash::setMessage("error", "Username or password incorrect.");
$this->redirect("/admin/login", code: 302);
}
}
#[NoReturn] public function actionLogout(): void
{
unset($_COOKIE['user_id']);
setcookie('user_id', "", -1, '/', $_SERVER['SERVER_NAME'], false);
setcookie('user_id', "", -1, '/', ".".$_SERVER['SERVER_NAME'], false);
$this->redirect("/", code: 302);
}

54
kernel/modules/secure/controllers/SecureRestController.php Normal file
View File

@ -0,0 +1,54 @@
<?php
namespace kernel\modules\secure\controllers;
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use JetBrains\PhpStorm\NoReturn;
use kernel\App;
use kernel\helpers\Debug;
use kernel\modules\user\models\User;
use kernel\Request;
use kernel\RestController;
use kernel\services\TokenService;
use Random\RandomException;
class SecureRestController extends RestController
{
public function __construct()
{
$this->model = new User();
}
/**
* @throws RandomException
*/
#[NoReturn] public function actionAuth(): void
{
$request = new Request();
$data = $request->post();
$model = $this->model->where('username', $data['username'])->first();
$res = [];
if ($model) {
if (password_verify($data["password"], $model->password_hash)) {
$model->access_token_expires_at = date("Y-m-d H:i:s", strtotime(App::$secure['token_expired_time']));
$model->access_token = match (App::$secure['token_type']) {
"JWT" => TokenService::JWT($_ENV['SECRET_KEY'], 'HS256'),
"md5" => TokenService::md5(),
"crypt" => TokenService::crypt(),
"hash" => TokenService::hash('sha256'),
default => TokenService::random_bytes(20),
};
$res = [
"access_token" => $model->access_token,
"access_token_expires_at" => $model->access_token_expires_at,
];
}
$model->save();
}
$this->renderApi($res);
}
}

4
kernel/modules/secure/manifest.json
View File

@ -4,5 +4,7 @@
"author": "ITGuild",
"slug": "secure",
"description": "Secure module",
"routs": "routs/secure.php"
"routs": "routs/secure.php",
"dependence": "user",
"show_in_admin": 0
}

48
kernel/modules/secure/middlewares/BearerAuthMiddleware.php Normal file
View File

@ -0,0 +1,48 @@
<?php
namespace kernel\modules\secure\middlewares;
use JetBrains\PhpStorm\NoReturn;
use kernel\App;
use kernel\helpers\Debug;
use kernel\Middleware;
use kernel\modules\user\service\UserService;
use kernel\Request;
class BearerAuthMiddleware extends Middleware
{
protected UserService $userService;
public function __construct()
{
$this->userService = new UserService();
}
function handler(): void
{
$request = new Request();
$authorization = $request->getHeader("Authorization");
if ($authorization){
$authorization = explode(" ", $authorization);
$type = $authorization[0];
$token = $authorization[1];
if ($type === "Bearer"){
$user = $this->userService->getByAccessToken($token);
if ($user){
if ($user->access_token_expires_at > date("Y-m-d")){
App::$user = $user;
return;
}
}
}
}
$this->returnError(403);
}
#[NoReturn] public function returnError(int $code): void
{
http_response_code($code);
die('Forbidden');
}
}

20
kernel/modules/secure/routs/secure.php
View File

@ -1,16 +1,11 @@
<?php
use kernel\App;
use kernel\CgRouteCollector;
use Phroute\Phroute\RouteCollector;
App::$collector->filter("auth", function (){
if(!isset($_COOKIE['user_id']))
{
header('Location: /admin/login', true, 302);
return false;
}
});
App::$collector->filter("auth", [\kernel\middlewares\AuthMiddleware::class, "handler"]);
App::$collector->filter('bearer', [\kernel\modules\secure\middlewares\BearerAuthMiddleware::class, "handler"]);
App::$collector->group(["prefix" => "admin"], function (RouteCollector $router){
App::$collector->group(["before" => "auth"], function (RouteCollector $router){
@ -19,4 +14,11 @@ App::$collector->group(["prefix" => "admin"], function (RouteCollector $router){
App::$collector->get('/login', [\kernel\modules\secure\controllers\SecureController::class, 'actionLogin']);
App::$collector->get('/logout', [\kernel\modules\secure\controllers\SecureController::class, 'actionLogout']);
App::$collector->post('/auth', [\kernel\modules\secure\controllers\SecureController::class, 'actionAuth']);
});
});
App::$collector->group(["prefix" => "api"], function (CgRouteCollector $router){
App::$collector->group(["prefix" => "secure"], function (CgRouteCollector $router) {
App::$collector->post('/auth', [\kernel\modules\secure\controllers\SecureRestController::class, 'actionAuth']);
});
});