nas
/
todo_api
Watch 2
Star 1
Fork 0
Code Issues 1 Pull Requests 0 Releases 0 Wiki Activity
api de gestion de ticket, basé sur php-crud-api. Le but est de décorrélé les outils de gestion des données, afin
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1829 Commits
1 Branch
Tree: 9f988e81d2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9f988e81d2'
${ noResults }
todo_api/src/Tqdev/PhpCrudApi/Middleware/DbAuthMiddleware.php

DbAuthMiddleware.php 7.3KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153 
  1. <?php

  2. 

  3. namespace Tqdev\PhpCrudApi\Middleware;

  4. 

  5. use Psr\Http\Message\ResponseInterface;

  6. use Psr\Http\Message\ServerRequestInterface;

  7. use Psr\Http\Server\RequestHandlerInterface;

  8. use Tqdev\PhpCrudApi\Column\ReflectionService;

  9. use Tqdev\PhpCrudApi\Controller\Responder;

  10. use Tqdev\PhpCrudApi\Database\GenericDB;

  11. use Tqdev\PhpCrudApi\Middleware\Base\Middleware;

  12. use Tqdev\PhpCrudApi\Middleware\Router\Router;

  13. use Tqdev\PhpCrudApi\Record\Condition\ColumnCondition;

  14. use Tqdev\PhpCrudApi\Record\ErrorCode;

  15. use Tqdev\PhpCrudApi\Record\OrderingInfo;

  16. use Tqdev\PhpCrudApi\RequestUtils;

  17. 

  18. class DbAuthMiddleware extends Middleware

  19. {

  20.     private $reflection;

  21.     private $db;

  22.     private $ordering;

  23. 

  24.     public function __construct(Router $router, Responder $responder, array $properties, ReflectionService $reflection, GenericDB $db)

  25.     {

  26.         parent::__construct($router, $responder, $properties);

  27.         $this->reflection = $reflection;

  28.         $this->db = $db;

  29.         $this->ordering = new OrderingInfo();

  30.     }

  31. 

  32.     public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface

  33.     {

  34.         if (session_status() == PHP_SESSION_NONE) {

  35.             if (!headers_sent()) {

  36.                 $sessionName = $this->getProperty('sessionName', '');

  37.                 if ($sessionName) {

  38.                     session_name($sessionName);

  39.                 }

  40.                 session_start();

  41.             }

  42.         }

  43.         $path = RequestUtils::getPathSegment($request, 1);

  44.         $method = $request->getMethod();

  45.         if ($method == 'POST' && in_array($path, ['login', 'register', 'password'])) {

  46.             $body = $request->getParsedBody();

  47.             $username = isset($body->username) ? $body->username : '';

  48.             $password = isset($body->password) ? $body->password : '';

  49.             $newPassword = isset($body->newPassword) ? $body->newPassword : '';

  50.             $tableName = $this->getProperty('usersTable', 'users');

  51.             $table = $this->reflection->getTable($tableName);

  52.             $usernameColumnName = $this->getProperty('usernameColumn', 'username');

  53.             $usernameColumn = $table->getColumn($usernameColumnName);

  54.             $passwordColumnName = $this->getProperty('passwordColumn', 'password');

  55.             $passwordLength = $this->getProperty('passwordLength', '12');

  56.             $pkName = $table->getPk()->getName();

  57.             $registerUser = $this->getProperty('registerUser', '');

  58.             $condition = new ColumnCondition($usernameColumn, 'eq', $username);

  59.             $returnedColumns = $this->getProperty('returnedColumns', '');

  60.             if (!$returnedColumns) {

  61.                 $columnNames = $table->getColumnNames();

  62.             } else {

  63.                 $columnNames = array_map('trim', explode(',', $returnedColumns));

  64.                 $columnNames[] = $passwordColumnName;

  65.                 $columnNames[] = $pkName;

  66.                 $columnNames = array_values(array_unique($columnNames));

  67.             }

  68.             $columnOrdering = $this->ordering->getDefaultColumnOrdering($table);

  69.             if ($path == 'register') {

  70.                 if (!$registerUser) {

  71.                     return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);

  72.                 }

  73.                 if (strlen($password) < $passwordLength) {

  74.                     return $this->responder->error(ErrorCode::PASSWORD_TOO_SHORT, $passwordLength);

  75.                 }

  76.                 $users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);

  77.                 if (!empty($users)) {

  78.                     return $this->responder->error(ErrorCode::USER_ALREADY_EXIST, $username);

  79.                 }

  80.                 $data = json_decode($registerUser, true);

  81.                 $data = is_array($data) ? $data : [];

  82.                 $data[$usernameColumnName] = $username;

  83.                 $data[$passwordColumnName] = password_hash($password, PASSWORD_DEFAULT);

  84.                 $this->db->createSingle($table, $data);

  85.                 $users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);

  86.                 foreach ($users as $user) {

  87.                     unset($user[$passwordColumnName]);

  88.                     return $this->responder->success($user);

  89.                 }

  90.                 return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);

  91.             }

  92.             if ($path == 'login') {

  93.                 $users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);

  94.                 foreach ($users as $user) {

  95.                     if (password_verify($password, $user[$passwordColumnName]) == 1) {

  96.                         if (!headers_sent()) {

  97.                             session_regenerate_id(true);

  98.                         }

  99.                         unset($user[$passwordColumnName]);

  100.                         $_SESSION['user'] = $user;

  101.                         return $this->responder->success($user);

  102.                     }

  103.                 }

  104.                 return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);

  105.             }

  106.             if ($path == 'password') {

  107.                 if ($username != ($_SESSION['user'][$usernameColumnName] ?? '')) {

  108.                     return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);

  109.                 }

  110.                 if (strlen($newPassword) < $passwordLength) {

  111.                     return $this->responder->error(ErrorCode::PASSWORD_TOO_SHORT, $passwordLength);

  112.                 }

  113.                 $users = $this->db->selectAll($table, $columnNames, $condition, $columnOrdering, 0, 1);

  114.                 foreach ($users as $user) {

  115.                     if (password_verify($password, $user[$passwordColumnName]) == 1) {

  116.                         if (!headers_sent()) {

  117.                             session_regenerate_id(true);

  118.                         }

  119.                         $data = [$passwordColumnName => password_hash($newPassword, PASSWORD_DEFAULT)];

  120.                         $this->db->updateSingle($table, $data, $user[$pkName]);

  121.                         unset($user[$passwordColumnName]);

  122.                         return $this->responder->success($user);

  123.                     }

  124.                 }

  125.                 return $this->responder->error(ErrorCode::AUTHENTICATION_FAILED, $username);

  126.             }

  127.         }

  128.         if ($method == 'POST' && $path == 'logout') {

  129.             if (isset($_SESSION['user'])) {

  130.                 $user = $_SESSION['user'];

  131.                 unset($_SESSION['user']);

  132.                 if (session_status() != PHP_SESSION_NONE) {

  133.                     session_destroy();

  134.                 }

  135.                 return $this->responder->success($user);

  136.             }

  137.             return $this->responder->error(ErrorCode::AUTHENTICATION_REQUIRED, '');

  138.         }

  139.         if ($method == 'GET' && $path == 'me') {

  140.             if (isset($_SESSION['user'])) {

  141.                 return $this->responder->success($_SESSION['user']);

  142.             }

  143.             return $this->responder->error(ErrorCode::AUTHENTICATION_REQUIRED, '');

  144.         }

  145.         if (!isset($_SESSION['user']) || !$_SESSION['user']) {

  146.             $authenticationMode = $this->getProperty('mode', 'required');

  147.             if ($authenticationMode == 'required') {

  148.                 return $this->responder->error(ErrorCode::AUTHENTICATION_REQUIRED, '');

  149.             }

  150.         }

  151.         return $next->handle($request);

  152.     }

  153. }