Skip to content
Snippets Groups Projects
Commit c2298a81 authored by Sibidharan's avatar Sibidharan :speech_balloon:
Browse files

Auth done

parent 0803b82e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
api/apis/auth/current.php 0 → 100644
+ 26
0
View file @ c2298a81
<?php
${basename(__FILE__, '.php')} = function(){
if($this->get_request_method() == "POST" and $this->isAuthenticated()){
try{
$data = [
"username" => $this->getUsername(),
];
$data = $this->json($data);
$this->response($data, 200);
} catch(Exception $e){
$data = [
"error" => $e->getMessage()
];
$data = $this->json($data);
$this->response($data, 403);
}
} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};
\ No newline at end of file
api/apis/auth/login.php
+ 7
0
View file @ c2298a81
<?php
${basename(__FILE__, '.php')} = function(){
if($this->isAuthenticated()){
$data = [
"error" => "Already logged in"
];
$data = $this->json($data);
$this->response($data, 400);
}
if($this->get_request_method() == "POST" and isset($this->_request['username']) and isset($this->_request['password'])){
$username = $this->_request['username'];
$password = $this->_request['password'];
......
api/apis/auth/refresh.php
+ 5
6
View file @ c2298a81
<?php
${basename(__FILE__, '.php')} = function(){
if($this->get_request_method() == "POST" and isset($this->_request['username']) and isset($this->_request['password'])){
$username = $this->_request['username'];
$password = $this->_request['password'];
if($this->get_request_method() == "POST" and isset($this->_request['refresh_token'])){
$refresh_token = $this->_request['refresh_token'];
try {
$auth = new Auth($username, $password);
$auth = new OAuth($refresh_token);
$data = [
"message" => "Login success",
"tokens" => $auth->getAuthTokens()
"message" => "Refresh Success",
"tokens" => $auth->refreshAccess()
];
$data = $this->json($data);
$this->response($data, 200);
......
api/index.php
+ 65
15
View file @ c2298a81
......@@ -12,6 +12,7 @@ class API extends REST {
private $db = NULL;
private $current_call;
private $auth = null;
public function __construct(){
parent::__construct(); // Init parent contructor
......@@ -31,27 +32,70 @@ class API extends REST {
else {
if(isset($_GET['namespace'])){
$dir = $_SERVER['DOCUMENT_ROOT'].'/api/apis/'.$_GET['namespace'];
$methods = scandir($dir);
//var_dump($methods);
foreach($methods as $m){
if($m == "." or $m == ".."){
continue;
}
$basem = basename($m, '.php');
//echo "Trying to call $basem() for $func()\n";
if($basem == $func){
include $dir."/".$m;
$this->current_call = Closure::bind(${$basem}, $this, get_class());
$this->$basem();
}
$file = $dir.'/'.$func.'.php';
if(file_exists($file)){
include $file;
$this->current_call = Closure::bind(${$func}, $this, get_class());
$this->$func();
} else {
$this->response($this->json(['error'=>'method_not_found']),404);
}
/**
* Use the following snippet if you want to include multiple files
*/
// $methods = scandir($dir);
// //var_dump($methods);
// foreach($methods as $m){
// if($m == "." or $m == ".."){
// continue;
// }
// $basem = basename($m, '.php');
// //echo "Trying to call $basem() for $func()\n";
// if($basem == $func){
// include $dir."/".$m;
// $this->current_call = Closure::bind(${$basem}, $this, get_class());
// $this->$basem();
// }
// }
} else {
//we can even process functions without namespace here.
$this->response($this->json(['error'=>'methood_not_found']),404);
$this->response($this->json(['error'=>'method_not_found']),404);
}
}
}
public function auth(){
$headers = getallheaders();
if(isset($headers['Authorization'])){
$token = explode(' ', $headers['Authorization']);
$this->auth = new Auth($token[1]);
}
}
public function isAuthenticated(){
if($this->auth == null){
return false;
}
if($this->auth->getOAuth()->authenticate() and isset($_SESSION['username'])){
return true;
} else {
return false;
}
}
public function getUsername(){
return $_SESSION['username'];
}
public function die($e){
$data = [
"error" => $e->getMessage()
];
$data = $this->json($data);
$this->response($data,400);
}
public function __call($method, $args){
if(is_callable($this->current_call)){
return call_user_func_array($this->current_call, $args);
......@@ -131,5 +175,11 @@ class API extends REST {
// Initiiate Library
$api = new API;
$api->processApi();
try {
$api->auth();
$api->processApi();
} catch (Exception $e){
$api->die($e);
}
?>
\ No newline at end of file
api/lib/Auth.class.php
+ 21
3
View file @ c2298a81
......@@ -10,6 +10,7 @@ class Auth {
private $db;
private $isTokenAuth = false;
private $loginTokens = null;
private $oauth;
public function __construct($username, $password = NULL){
$this->db = Database::getConnection();
......@@ -24,7 +25,8 @@ class Auth {
}
if($this->isTokenAuth){
throw new Exception("Not Implemented");
$this->oauth = new OAuth($this->token);
$this->oauth->authenticate();
} else {
$user = new User($this->username);
$hash = $user->getPasswordHash();
......@@ -33,19 +35,35 @@ class Auth {
if(!$user->isActive()){
throw new Exception("Please check your email and activate your account.");
}
$this->loginTokens = $this->addSession();
$this->loginTokens = $this->addSession(7200);
} else {
throw new Exception("Password Mismatch");
}
}
}
/**
* Returns the username of authenticated user
*/
public function getUsername(){
if($this->oauth->authenticate()){
return $this->oauth->getUsername();
} else {
return "a";
}
}
public function getOAuth(){
return $this->oauth;
}
public function getAuthTokens(){
return $this->loginTokens;
}
private function addSession(){
$oauth = new OAuth($this->username);
$oauth = new OAuth();
$oauth->setUsername($this->username);
$session = $oauth->newSession();
return $session;
}
......
api/lib/OAuth.class.php
+ 73
12
View file @ c2298a81
......@@ -6,29 +6,82 @@ require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/User.class.php');
class OAuth {
private $db;
private $refresh_token;
private $access_token;
private $refresh_token = null;
private $access_token = null;
private $valid_for = 7200;
private $username;
private $user;
public function __construct($username, $refresh_token = NULL){
$this->refresh_token = $refresh_token;
/**
* Can construct without refresh token for new session
* Can construct with refresh token for refresh session
*/
public function __construct($token = NULL){
$this->db = Database::getConnection();
if($token != NULL){
if($this->startsWith($token, 'a.')){
$this->access_token = $token;
} else if($this->startsWith($token, 'r.')){
$this->refresh_token = $token;
} else {
$this->setUsername($token);
}
}
}
public function setUsername($username){
$this->username = $username;
$u = new User($this->username);
$this->user = new User($this->username);
}
public function getUsername(){
return $this->username;
}
public function newSession($valid_for = 7200){
public function authenticate(){
if($this->access_token != null){
$query = "SELECT * FROM apis.session WHERE access_token = '$this->access_token';";
$result = mysqli_query($this->db, $query);
if($result){
$data = mysqli_fetch_assoc($result);
$created_at = strtotime($data['created_at']);
$expires_at = $created_at + $data['valid_for'];
if(time() <= $expires_at){
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
$this->username = $_SESSION['username'] = $data['username'];
$_SESSION['token'] = $this->access_token;
return true;
} else {
throw new Exception("Expired token");
}
} else {
throw new Exception(mysqli_error($this->db));
}
}
}
public function newSession($valid_for = 7200, $reference_token = 'auth_grant'){
if($this->username == NULL){
throw new Exception("Username not set for OAuth");
}
$this->valid_for = $valid_for;
$this->access_token = Auth::generateRandomHash(32);
$this->refresh_token = Auth::generateRandomHash(32);
$this->access_token = 'a.'.Auth::generateRandomHash(32);
if($reference_token == 'auth_grant'){
$this->refresh_token = 'r.'.Auth::generateRandomHash(32);
} else {
$this->refresh_token = 'd.'.Auth::generateRandomHash(16);
}
$query = "INSERT INTO `apis`.`session` (`username`, `access_token`, `refresh_token`, `valid_for`, `reference_token`)
VALUES ('$this->username', '$this->access_token', '$this->refresh_token', $this->valid_for, 'auth_grant');";
VALUES ('$this->username', '$this->access_token', '$this->refresh_token', $this->valid_for, '$reference_token');";
if(mysqli_query($this->db, $query)){
return array(
"access_token" => $this->access_token,
"valid_for" => $this->valid_for,
"refresh_token" => $this->refresh_token,
"reference_token" => $reference_token,
"type" => 'api'
);
} else {
......@@ -37,19 +90,27 @@ class OAuth {
}
public function refreshAccess(){
if($this->refresh_token){
if($this->refresh_token != NULL and !$this->startsWith($this->refresh_token, 'd.')){
$query = "SELECT * FROM apis.session WHERE refresh_token = '$this->refresh_token';";
$result = mysqli_query($this->db, $query);
if($result){
$data = mysqli_fetch_assoc($result);
$this->username = $data['username'];
if($data['valid'] == 1){
return $this->newSession(7200, $this->refresh_token);
} else {
throw new Exception("Expired token");
}
} else {
throw new Exception("Invalid request");
throw new Exception("Error: "+mysqli_error($this->db));
}
} else {
throw new Exception("Invalid request");
}
}
private function startsWith ($string, $startString){
$len = strlen($startString);
return (substr($string, 0, $len) === $startString);
}
}
\ No newline at end of file
call.php
+ 6
1
View file @ c2298a81
......@@ -46,10 +46,15 @@ class Superhero {
}
$hero = new Superhero("Batman");
echo date_default_timezone_get();
echo date("Y-m-d h:i:s a", time());
echo $hero->getName()."\n";
echo $hero->get_powers();
//session_start();
$_SESSION['hello'] = 'world';
print_r($_SESSION);
var_dump($_SERVER);
//var_dump($_SERVER);
?>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment