Reauth endpoint
This commit is contained in:
@@ -27,7 +27,7 @@ class ApiError extends Exception
|
||||
]), 400);
|
||||
}
|
||||
|
||||
public static function unauthorized(string $message)
|
||||
public static function notAllowed(string $message)
|
||||
{
|
||||
return new ApiError(json_encode([
|
||||
"code" => "NotAllowed",
|
||||
@@ -35,6 +35,14 @@ class ApiError extends Exception
|
||||
]), 401);
|
||||
}
|
||||
|
||||
public static function unauthorized(string $message)
|
||||
{
|
||||
return new ApiError(json_encode([
|
||||
"code" => "Unauthorized",
|
||||
"message" => $message,
|
||||
]), 401);
|
||||
}
|
||||
|
||||
public static function notFound(string $entity)
|
||||
{
|
||||
return new ApiError(json_encode([
|
||||
|
||||
@@ -34,7 +34,7 @@ class AdminAuth implements IMiddleware
|
||||
->header("Access-Control-Allow-Methods: *")
|
||||
->header("Access-Control-Allow-Headers: *")
|
||||
->httpCode(401)
|
||||
->json(["code" => "Unauthorized", "message" => "Not Authorized"]);
|
||||
->json(["code" => "NotAllowed", "message" => "Not Authorized"]);
|
||||
}
|
||||
} catch (Exception $err) {
|
||||
// No user with this token exists
|
||||
|
||||
@@ -114,7 +114,8 @@ class User implements JsonSerializable
|
||||
FROM
|
||||
egb_benutzer AS b
|
||||
WHERE
|
||||
token = :TOKEN"
|
||||
token = :TOKEN AND
|
||||
tokenExpiry > NOW()"
|
||||
);
|
||||
$stmt->bindValue(":TOKEN", $token);
|
||||
$stmt->execute();
|
||||
@@ -154,18 +155,29 @@ class User implements JsonSerializable
|
||||
$stmt->bindValue(":ID", $user->getID());
|
||||
$stmt->execute();
|
||||
}
|
||||
// Generate token
|
||||
$stmt = $db->prepare("UPDATE egb_benutzer SET token = UUID() WHERE id = :ID");
|
||||
$stmt->bindValue(":ID", $user->getID());
|
||||
$stmt->execute();
|
||||
if (empty($data["token"]) || new DateTime($data["tokenExpiry"]) <= new DateTime()) {
|
||||
// Generate token
|
||||
$stmt = $db->prepare(
|
||||
"UPDATE
|
||||
egb_benutzer
|
||||
SET
|
||||
token = UUID(),
|
||||
tokenExpiry = DATE_ADD(NOW(), INTERVAL 1 HOUR),
|
||||
refreshToken = UUID(),
|
||||
refreshExpiry = DATE_ADD(NOW(), INTERVAL 30 DAY)
|
||||
WHERE id = :ID"
|
||||
);
|
||||
$stmt->bindValue(":ID", $user->getID());
|
||||
$stmt->execute();
|
||||
}
|
||||
// Get token
|
||||
$stmt = $db->prepare("SELECT token FROM egb_benutzer WHERE id = :ID");
|
||||
$stmt = $db->prepare("SELECT token, refreshToken FROM egb_benutzer WHERE id = :ID");
|
||||
$stmt->bindValue(":ID", $user->getID());
|
||||
$stmt->execute();
|
||||
$token = $stmt->fetch(PDO::FETCH_COLUMN, 0);
|
||||
// Return user and token
|
||||
[$token, $refresh] = $stmt->fetch(PDO::FETCH_NUM);
|
||||
// Return user and tokens
|
||||
if ($token) {
|
||||
return ["user" => $user, "token" => $token];
|
||||
return ["user" => $user, "token" => $token, "refreshToken" => $refresh];
|
||||
}
|
||||
// Token generation failed
|
||||
throw new Exception("Failed");
|
||||
@@ -261,6 +273,55 @@ class User implements JsonSerializable
|
||||
return ["pages" => intdiv($count, $limit + 1), "data" => $list];
|
||||
}
|
||||
|
||||
public static function refresh(string $token, string $refreshToken)
|
||||
{
|
||||
$db = Database::getInstance();
|
||||
$stmt = $db->prepare(
|
||||
"SELECT
|
||||
b.id, b.benutzer, b.status, b.email, b.image, b.isadmin, b.zeitstempel,
|
||||
(SELECT COUNT(*) FROM egb_gaestebuch WHERE benutzer_id = b.id) as postCount
|
||||
FROM
|
||||
egb_benutzer AS b
|
||||
WHERE
|
||||
token = :TOKEN AND
|
||||
refreshToken = :REFRESH AND
|
||||
refreshExpiry > NOW()"
|
||||
);
|
||||
$stmt->bindValue(":TOKEN", $token);
|
||||
$stmt->bindValue(":REFRESH", $refreshToken);
|
||||
$stmt->execute();
|
||||
$data = $stmt->fetch();
|
||||
|
||||
if (!$data) throw new Exception("NotFound");
|
||||
|
||||
$user = new User($data["id"], $data["benutzer"], $data["status"], $data["email"], $data["zeitstempel"], $data["image"], $data["isadmin"] === 1, $data["postCount"]);
|
||||
|
||||
$stmt = $db->prepare(
|
||||
"UPDATE
|
||||
egb_benutzer
|
||||
SET
|
||||
token = UUID(),
|
||||
tokenExpiry = DATE_ADD(NOW(), INTERVAL 1 HOUR),
|
||||
refreshToken = UUID(),
|
||||
refreshExpiry = DATE_ADD(NOW(), INTERVAL 30 DAY)
|
||||
WHERE id = :ID"
|
||||
);
|
||||
$stmt->bindValue(":ID", $user->getID());
|
||||
$stmt->execute();
|
||||
|
||||
// Get token
|
||||
$stmt = $db->prepare("SELECT token, refreshToken FROM egb_benutzer WHERE id = :ID");
|
||||
$stmt->bindValue(":ID", $user->getID());
|
||||
$stmt->execute();
|
||||
[$token, $refresh] = $stmt->fetch(PDO::FETCH_NUM);
|
||||
// Return user and tokens
|
||||
if ($token) {
|
||||
return ["user" => $user, "token" => $token, "refreshToken" => $refresh];
|
||||
}
|
||||
// Token generation failed
|
||||
throw new Exception("Failed");
|
||||
}
|
||||
|
||||
/*
|
||||
* Members
|
||||
*/
|
||||
@@ -268,7 +329,16 @@ class User implements JsonSerializable
|
||||
public function logOut(): bool
|
||||
{
|
||||
$db = Database::getInstance();
|
||||
$stmt = $db->prepare("UPDATE egb_benutzer SET token = NULL WHERE id = :ID");
|
||||
$stmt = $db->prepare(
|
||||
"UPDATE
|
||||
egb_benutzer
|
||||
SET
|
||||
token = NULL,
|
||||
tokenExpiry = NULL,
|
||||
refreshToken = NULL,
|
||||
refreshExpiry = NULL
|
||||
WHERE id = :ID"
|
||||
);
|
||||
$stmt->bindValue(":ID", $this->id);
|
||||
return $stmt->execute();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user