ItGuild/svo
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bcf8b6621b8cbd1007fa18bd462a9ecedcf69e75
svo/kernel/modules/secure/controllers/SecureRestController.php
Kavalar 1d7ed112a7 secure fix
2024-12-13 17:29:36 +03:00

133 lines
4.4 KiB
PHP
Raw Blame History

<?php
namespace kernel\modules\secure\controllers;
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use JetBrains\PhpStorm\NoReturn;
use kernel\App;
use kernel\helpers\Debug;
use kernel\Mailing;
use kernel\modules\secure\models\SecretCode;
use kernel\modules\secure\services\SecureService;
use kernel\modules\user\models\User;
use kernel\modules\user\service\UserService;
use kernel\Request;
use kernel\RestController;
use kernel\services\TokenService;
use PHPMailer\PHPMailer\Exception;
use Random\RandomException;
class SecureRestController extends RestController
{
public function __construct()
{
$this->model = new User();
}
/**
* @throws RandomException
*/
#[NoReturn] public function actionAuth(): void
{
$request = new Request();
$data = $request->post();
$model = $this->model->where('username', $data['username'])->first();
$res = [];
if ($model) {
if (password_verify($data["password"], $model->password_hash)) {
if ($model->access_token_expires_at < date("Y-m-d H:i:s") or $model->access_token === null){
$model->access_token_expires_at = date("Y-m-d H:i:s", strtotime(App::$secure['token_expired_time']));
$model->access_token = match (App::$secure['token_type']) {
"JWT" => TokenService::JWT($_ENV['SECRET_KEY'], 'HS256'),
"md5" => TokenService::md5(),
"crypt" => TokenService::crypt(),
"hash" => TokenService::hash('sha256'),
default => TokenService::random_bytes(20),
};
}
$res = [
"access_token" => $model->access_token,
"access_token_expires_at" => $model->access_token_expires_at,
];
}
$model->save();
}
$this->renderApi($res);
}
/**
* @throws Exception
* @throws RandomException
*/
#[NoReturn] public function actionEmailAuth(): void
{
$mailing = new Mailing();
$request = new Request();
$data = $request->post();
$model = $this->model->where('email', $data['email'])->first();
if (!$model) {
$password = bin2hex(random_bytes(8));
UserService::createUserByEmailAndPassword($data['email'], $password);
$model = UserService::getByField('email', $data['email']);
SecureService::createSecretCode($model);
$secretCode = SecureService::getByField("user_id", $model->id);
$mailing->send_html("register_by_code.php", ['code' => $secretCode->code, 'password' => $password], [
'address' => $data['email'],
'subject' => "Код регистрации",
"from_name" => $_ENV['APP_NAME']
]);
} else {
SecureService::updateSecretCode($model);
$secretCode = SecureService::getByField("user_id", $model->id);
$mailing->send_html("login_by_code.php", ['code' => $secretCode->code], [
'address' => $data['email'],
'subject' => "Код авторизации",
"from_name" => $_ENV['APP_NAME']
]);
}
$res = [
"status" => "success",
"code_expires_at" => $secretCode->code_expires_at,
];
setcookie('user_email', $data['email'], time()+60*15, '/', $_SERVER['SERVER_NAME'], false);
$this->renderApi($res);
}
/**
* @throws Exception
*/
#[NoReturn] public function actionCodeCheck(): void
{
$request = new Request();
$code = $request->post("code");
$model = SecretCode::where("code", $code)->first();
if (time() <= strtotime($model->code_expires_at)) {
$user = $this->model->where("id", $model->user_id)->first();
if ($user){
$user->access_token_expires_at = date("Y-m-d H:i:s", strtotime(App::$secure['token_expired_time']));
$user->access_token = SecureService::generateAccessToken();
$user->save();
$this->renderApi([
"access_token" => $user->access_token,
"access_token_expires_at" => $user->access_token_expires_at,
]);
}
}
$this->renderApi(['status' => 'error', 'message' => 'incorrect code']);
}
}
Reference in New Issue View Git Blame Copy Permalink