Compare commits

..

No commits in common. "62ed358a4b2ab9093660f456d2f82abba13b9323" and "e41f3faa4205872643f5ba03aee7f04afd6631ea" have entirely different histories.

10 changed files with 18 additions and 160 deletions

View File

@ -46,9 +46,6 @@ class AdminConsoleController extends ConsoleController
$out = $this->migrationService->runAtPath("kernel/modules/post/migrations"); $out = $this->migrationService->runAtPath("kernel/modules/post/migrations");
$this->out->r("create post table", "green"); $this->out->r("create post table", "green");
$out = $this->migrationService->runAtPath("kernel/modules/secure/migrations");
$this->out->r("create secret_code table", "green");
$this->optionService->createFromParams( $this->optionService->createFromParams(
key: "admin_theme_paths", key: "admin_theme_paths",
value: "{\"paths\": [\"{KERNEL_ADMIN_THEMES}\", \"{APP}/admin_themes\"]}", value: "{\"paths\": [\"{KERNEL_ADMIN_THEMES}\", \"{APP}/admin_themes\"]}",

View File

@ -11,7 +11,6 @@ use kernel\Mailing;
use kernel\modules\secure\models\forms\LoginEmailForm; use kernel\modules\secure\models\forms\LoginEmailForm;
use kernel\modules\secure\models\forms\LoginForm; use kernel\modules\secure\models\forms\LoginForm;
use kernel\modules\secure\models\forms\RegisterForm; use kernel\modules\secure\models\forms\RegisterForm;
use kernel\modules\secure\services\SecureService;
use kernel\modules\user\models\User; use kernel\modules\user\models\User;
use kernel\modules\user\service\UserService; use kernel\modules\user\service\UserService;
use kernel\Request; use kernel\Request;
@ -82,24 +81,21 @@ class SecureController extends AdminController
$user = $this->userService->getByField('email', $email); $user = $this->userService->getByField('email', $email);
if (!$user){ if (!$user){
$password = bin2hex(random_bytes(8)); $password = md5(microtime() . bin2hex(random_bytes(10)) . time());
UserService::createUserByEmailAndPassword($email, $password); UserService::createUserByEmailAndPassword($email, $password);
$user = $this->userService->getByField('email', $email); $user = $this->userService->getByField('email', $email);
SecureService::createSecretCode($user); $mailing->send_html("register_by_code.php", ['code' => $user->auth_code, 'password' => $password], [
$secretCode = SecureService::getByField("user_id", $user->id);
$mailing->send_html("register_by_code.php", ['code' => $secretCode->code, 'password' => $password], [
'address' => $email, 'address' => $email,
'subject' => "Код регистрации", 'subject' => "Код регистрации",
"from_name" => $_ENV['APP_NAME'] "from_name" => $_ENV['APP_NAME']
]); ]);
} else { } else {
SecureService::updateSecretCode($user); $user->auth_code = mt_rand(100000, 999999);;
$secretCode = SecureService::getByField("user_id", $user->id); $user->auth_code_expires_at = date("Y-m-d H:i:s", strtotime("+5 minutes"));
$mailing->send_html("login_by_code.php", ['code' => $secretCode->code], [ $user->save();
$mailing->send_html("login_by_code.php", ['code' => $user->auth_code], [
'address' => $email, 'address' => $email,
'subject' => "Код авторизации", 'subject' => "Код авторизации",
"from_name" => $_ENV['APP_NAME'] "from_name" => $_ENV['APP_NAME']
@ -123,13 +119,12 @@ class SecureController extends AdminController
throw new exception("User not found."); throw new exception("User not found.");
} }
$code = $request->post("code"); $code = $request->post("code");
$secretCode = SecureService::getByField("user_id", $user->id); if ($user->auth_code == $code && time() <= strtotime($user->auth_code_expires_at)) {
if ($secretCode->code == $code && time() <= strtotime($secretCode->code_expires_at)) {
setcookie('user_id', $user->id, time() + 60 * 60 * 24, '/', $_SERVER['SERVER_NAME'], false); setcookie('user_id', $user->id, time() + 60 * 60 * 24, '/', $_SERVER['SERVER_NAME'], false);
$this->redirect("/admin", code: 302); $this->redirect("/admin", code: 302);
} else { } else {
Flash::setMessage("error", "Wrong code."); Flash::setMessage("error", "Wrong code.");
$this->cgView->render("enter_code.php", ['email' => $_COOKIE["user_email"]]); $this->redirect("/admin/login", code: 302);
} }
} }

View File

@ -7,15 +7,10 @@ use Firebase\JWT\Key;
use JetBrains\PhpStorm\NoReturn; use JetBrains\PhpStorm\NoReturn;
use kernel\App; use kernel\App;
use kernel\helpers\Debug; use kernel\helpers\Debug;
use kernel\Mailing;
use kernel\modules\secure\models\SecretCode;
use kernel\modules\secure\services\SecureService;
use kernel\modules\user\models\User; use kernel\modules\user\models\User;
use kernel\modules\user\service\UserService;
use kernel\Request; use kernel\Request;
use kernel\RestController; use kernel\RestController;
use kernel\services\TokenService; use kernel\services\TokenService;
use PHPMailer\PHPMailer\Exception;
use Random\RandomException; use Random\RandomException;
class SecureRestController extends RestController class SecureRestController extends RestController
@ -56,42 +51,4 @@ class SecureRestController extends RestController
$this->renderApi($res); $this->renderApi($res);
} }
/** }
* @throws Exception
* @throws RandomException
*/
#[NoReturn] public function actionEmailAuth(): void
{
$mailing = new Mailing();
$request = new Request();
$data = $request->post();
$model = $this->model->where('email', $data['email'])->first();
if (!$model) {
$password = bin2hex(random_bytes(8));
UserService::createUserByEmailAndPassword($data['email'], $password);
$model = UserService::getByField('email', $data['email']);
SecureService::createSecretCode($model);
$secretCode = SecureService::getByField("user_id", $model->id);
$mailing->send_html("register_by_code.php", ['code' => $secretCode->code, 'password' => $password], [
'address' => $data['email'],
'subject' => "Код регистрации",
"from_name" => $_ENV['APP_NAME']
]);
} else {
SecureService::updateSecretCode($model);
$secretCode = SecureService::getByField("user_id", $model->id);
$mailing->send_html("login_by_code.php", ['code' => $secretCode->code], [
'address' => $data['email'],
'subject' => "Код авторизации",
"from_name" => $_ENV['APP_NAME']
]);
}
}
}

View File

@ -1,31 +0,0 @@
<?php
use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;
return new class extends Migration
{
/**
* Run the migrations.
*/
public function up(): void
{
\kernel\App::$db->schema->create('secret_code', function (Blueprint $table) {
$table->increments('id');
$table->integer('user_id');
$table->integer('code');
$table->dateTime('code_expires_at')->nullable(true);
$table->timestamps();
});
}
/**
* Reverse the migrations.
*/
public function down(): void
{
\kernel\App::$db->schema->dropIfExists('secret_code');
}
};

View File

@ -1,25 +0,0 @@
<?php
namespace kernel\modules\secure\models;
use Illuminate\Database\Eloquent\Model;
/**
* @property int $id
* @property int $user_id
* @property int $code
* @property string $code_expires_at
*/
class SecretCode extends Model {
protected $table = 'secret_code';
protected $fillable = ['user_id', 'code', 'code_expires_at'];
public static function labels(): array
{
return [
'user_id' => 'Пользователь',
'code' => 'Код',
'code_expires_at' => 'Срок жизни кода',
];
}
}

View File

@ -23,7 +23,6 @@ App::$collector->group(["prefix" => "admin"], function (RouteCollector $router){
App::$collector->group(["prefix" => "api"], function (CgRouteCollector $router){ App::$collector->group(["prefix" => "api"], function (CgRouteCollector $router){
App::$collector->group(["prefix" => "secure"], function (CgRouteCollector $router) { App::$collector->group(["prefix" => "secure"], function (CgRouteCollector $router) {
App::$collector->post('/auth', [\kernel\modules\secure\controllers\SecureRestController::class, 'actionAuth']); App::$collector->post('/auth', [\kernel\modules\secure\controllers\SecureRestController::class, 'actionAuth']);
App::$collector->post('/email_auth', [\kernel\modules\secure\controllers\SecureRestController::class, 'actionEmailAuth']);
}); });
}); });

View File

@ -1,40 +0,0 @@
<?php
namespace kernel\modules\secure\services;
use kernel\FormModel;
use kernel\helpers\Debug;
use kernel\modules\secure\models\SecretCode;
use kernel\modules\user\models\User;
use kernel\modules\user\service\UserService;
class SecureService
{
public static function createSecretCode(User $user): void
{
$secretCode = new SecretCode();
$secretCode->user_id = $user->id;
$secretCode->code = mt_rand(100000, 999999);
$secretCode->code_expires_at = date("Y-m-d H:i:s", strtotime("+5 minutes"));;
$secretCode->save();
}
public static function updateSecretCode(User $user): void
{
$secretCode = SecretCode::where('user_id', $user->id)->first();
$secretCode->code = mt_rand(100000, 999999);
$secretCode->save();
}
public static function getCodeByUserId(int $user_id)
{
return SecretCode::where('user_id', $user_id)->one()->code;
}
public static function getByField(string $field, mixed $value)
{
return SecretCode::where($field, $value)->first();
}
}

View File

@ -19,6 +19,8 @@ return new class extends Migration
$table->string('email', 255); $table->string('email', 255);
$table->string('password_hash', 255); $table->string('password_hash', 255);
$table->integer('role')->default(1); $table->integer('role')->default(1);
$table->integer('auth_code')->default(1);
$table->dateTime('auth_code_expires_at')->nullable(true);
$table->string('access_token', 255)->nullable(true); $table->string('access_token', 255)->nullable(true);
$table->dateTime('access_token_expires_at')->nullable(true); $table->dateTime('access_token_expires_at')->nullable(true);
$table->timestamps(); $table->timestamps();

View File

@ -7,6 +7,8 @@ use Illuminate\Database\Eloquent\Model;
* @property string $username * @property string $username
* @property string $email * @property string $email
* @property string $password_hash * @property string $password_hash
* @property int $auth_code
* @property string $auth_code_expires_at
* @property string $access_token * @property string $access_token
* @property string $access_token_expires_at * @property string $access_token_expires_at
* @method static find($id) * @method static find($id)
@ -17,7 +19,7 @@ class User extends Model {
const ADMIN_USER_ROLE = 9; const ADMIN_USER_ROLE = 9;
protected $table = 'user'; protected $table = 'user';
protected $fillable = ['username', 'email', 'password_hash', 'role', 'access_token', 'access_token_expires_at']; protected $fillable = ['username', 'email', 'password_hash', 'role', 'auth_code', 'auth_code_expires_at', 'access_token', 'access_token_expires_at'];
protected array $dates = ['deleted at']; protected array $dates = ['deleted at'];
public static function labels(): array public static function labels(): array

View File

@ -41,7 +41,7 @@ class UserService
* @param string $value * @param string $value
* @return mixed * @return mixed
*/ */
public static function getByField(string $field, string $value): mixed public function getByField(string $field, string $value)
{ {
return User::where($field, $value)->first(); return User::where($field, $value)->first();
} }
@ -91,6 +91,8 @@ class UserService
$user->email = $email; $user->email = $email;
$user->username = $email; $user->username = $email;
$user->password_hash = password_hash($password, PASSWORD_DEFAULT); $user->password_hash = password_hash($password, PASSWORD_DEFAULT);
$user->auth_code = mt_rand(100000, 999999);
$user->auth_code_expires_at = date("Y-m-d H:i:s", strtotime("+5 minutes"));
$user->save(); $user->save();
} }