WIP: OAuth

a109f800 · Sibidharan · 0db7a0af · a109f800 · a109f800 · a109f800
Commit a109f800 authored 3 years ago by Sibidharan
--- a/api/apis/auth/login.php
+++ b/api/apis/auth/login.php
@@ -8,7 +8,7 @@ ${basename(__FILE__, '.php')} = function(){
            $auth = new Auth($username, $password);
            $data = [
                "message" => "Login success",
-                "token" => $auth->getAuthToken()
+                "tokens" => $auth->getAuthTokens()
            ];
            $data = $this->json($data);
            $this->response($data, 200);

--- a/api/apis/auth/refresh.php
+++ b/api/apis/auth/refresh.php
+<?php
+
+${basename(__FILE__, '.php')} = function(){
+    if($this->get_request_method() == "POST" and isset($this->_request['username']) and isset($this->_request['password'])){
+        $username = $this->_request['username'];
+        $password = $this->_request['password'];
+        try {
+            $auth = new Auth($username, $password);
+            $data = [
+                "message" => "Login success",
+                "tokens" => $auth->getAuthTokens()
+            ];
+            $data = $this->json($data);
+            $this->response($data, 200);
+        } catch(Exception $e){
+            $data = [
+                "error" => $e->getMessage()
+            ];
+            $data = $this->json($data);
+            $this->response($data, 406);
+        }
+    } else {
+        $data = [
+            "error" => "Bad request"
+        ];
+        $data = $this->json($data);
+        $this->response($data, 400);
+    }
+};
\ No newline at end of file
--- a/api/lib/Auth.class.php
+++ b/api/lib/Auth.class.php
@@ -2,13 +2,14 @@

 require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/Database.class.php');
 require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/User.class.php');
+require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/OAuth.class.php');
 require $_SERVER['DOCUMENT_ROOT'].'/vendor/autoload.php';

 class Auth {

    private $db;
    private $isTokenAuth = false;
-    private $loginToken = null;
+    private $loginTokens = null;

    public function __construct($username, $password = NULL){
        $this->db = Database::getConnection();
@@ -32,26 +33,21 @@ class Auth {
                if(!$user->isActive()){
                    throw new Exception("Please check your email and activate your account.");
                }
-                $this->loginToken = $this->addSession();
+                $this->loginTokens = $this->addSession();
            } else {
                throw new Exception("Password Mismatch");
            }
        }
    }

-    public function getAuthToken(){
-        return $this->loginToken;
+    public function getAuthTokens(){
+        return $this->loginTokens;
    }

    private function addSession(){
-        $token = Auth::generateRandomHash(32);
-        $query = "INSERT INTO `apis`.`session` (`username`, `token`) VALUES ('$this->username', '$token');";
-        if(mysqli_query($this->db, $query)){
-            return $token;
-        } else {
-            throw new Exception(mysqli_error($this->db));
-        }
-        
+        $oauth = new OAuth($this->username);
+        $session = $oauth->newSession();
+        return $session;
    }

    public static function generateRandomHash($len){

--- a/api/lib/OAuth.class.php
+++ b/api/lib/OAuth.class.php
+<?php
+
+require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/Auth.class.php');
+require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/Database.class.php');
+require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/User.class.php');
+
+class OAuth {
+    private $db;
+    private $refresh_token;
+    private $access_token;
+    private $valid_for = 7200;
+    private $username;
+
+    public function __construct($username, $refresh_token = NULL){
+        $this->refresh_token = $refresh_token;
+        $this->db = Database::getConnection();
+        $this->username = $username;
+        $u = new User($this->username);
+    }
+
+    public function newSession($valid_for = 7200){
+        $this->valid_for = $valid_for;
+        $this->access_token = Auth::generateRandomHash(32);
+        $this->refresh_token = Auth::generateRandomHash(32);
+        $query = "INSERT INTO `apis`.`session` (`username`, `access_token`, `refresh_token`, `valid_for`, `reference_token`) 
+                                        VALUES ('$this->username', '$this->access_token', '$this->refresh_token', $this->valid_for, 'auth_grant');";
+        if(mysqli_query($this->db, $query)){
+            return array(
+                "access_token" => $this->access_token,
+                "valid_for" => $this->valid_for,
+                "refresh_token" => $this->refresh_token,
+                "type" => 'api'
+            );
+        } else {
+            throw new Exception(mysqli_error($this->db));
+        }
+    }
+
+    public function refreshAccess(){
+        if($this->refresh_token){
+            $query = "SELECT * FROM apis.session WHERE refresh_token = '$this->refresh_token';";
+            $result = mysqli_query($this->db, $query);
+            if($result){
+                $data = mysqli_fetch_assoc($result);
+                if($data['valid'] == 1){
+
+                } else {
+                    throw new Exception("Expired token");
+                }
+            } else {
+                throw new Exception("Invalid request");
+            }
+        }
+    }
+}
\ No newline at end of file
--- a/api/lib/Signup.class.php
+++ b/api/lib/Signup.class.php
@@ -26,7 +26,7 @@ class Signup {
        //Homework - make a proper flow to throw username already exists
        $query = "INSERT INTO `apis`.`auth` (`username`, `password`, `email`, `active`, `token`) VALUES ('$username', '$password', '$email', 0, '$token');";
        if(!mysqli_query($this->db, $query)){
-            throw new Exception("Unable to signup.");
+            throw new Exception("Unable to signup, user account might already exist.");
        } else {
            $this->id = mysqli_insert_id($this->db);
            $this->sendVerificationMail();