Incoviba/oficial
1
0
Fork 0
Code Issues Pull Requests 2 Releases Wiki Activity

Base API, and more solid key and check

Browse Source
This commit is contained in:
Juan Pablo Vial
2024-03-20 23:07:49 -03:00
parent f3a5fa2cdc
commit 444ff687fc
8 changed files with 72 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/resources/routes/01_api.php
View File

@ -1,4 +1,6 @@
<?php
use Incoviba\Controller\API\Base;
$app->group('/api', function($app) {
$folder = implode(DIRECTORY_SEPARATOR, [__DIR__, 'api']);
if (file_exists($folder)) {
@ -10,4 +12,5 @@ $app->group('/api', function($app) {
include_once $file->getRealPath();
}
}
$app->get('[/]', Base::class);
})->add($app->getContainer()->get(Incoviba\Middleware\API::class));

14
app/resources/views/layout/body/scripts.blade.php
View File

@ -2,6 +2,13 @@
<script src="https://cdnjs.cloudflare.com/ajax/libs/fomantic-ui/2.9.3/semantic.min.js" integrity="sha512-gnoBksrDbaMnlE0rhhkcx3iwzvgBGz6mOEj4/Y5ZY09n55dYddx6+WYc72A55qEesV8VX2iMomteIwobeGK1BQ==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
<script type="text/javascript">
function cleanNoCache() {
const url = new URL(window.location.href)
if (url.searchParams.has('nocache')) {
url.searchParams.delete('nocache')
window.location.href = url.href
}
}
function fetchAPI(url, options=null) {
if (options === null) {
options = {}
@ -10,7 +17,11 @@
options['headers'] = {}
}
if (!Object.hasOwn(options['headers'], 'Authorization')) {
options['headers']['Authorization'] = 'Bearer {{md5($API_KEY)}}'
@if (!$login->isIn())
options['headers']['Authorization'] = 'Bearer {{md5($API_KEY)}}'
@else
options['headers']['Authorization'] = 'Bearer {{md5($API_KEY)}}{{$login->getSeparator()}}{{$login->getToken()}}'
@endif
}
return fetch(url, options).then(response => {
if (response.ok) {
@ -36,6 +47,7 @@
date: 'DD-MM-YYYY'
},
}
cleanNoCache()
</script>
@stack('page_scripts')

1
app/setup/setups/middlewares.php
View File

@ -14,6 +14,7 @@ return [
Incoviba\Middleware\API::class => function(ContainerInterface $container) {
return new Incoviba\Middleware\API(
$container->get(Psr\Http\Message\ResponseFactoryInterface::class),
$container->get(Incoviba\Service\Login::class),
$container->get('API_KEY')
);
}

3
app/setup/setups/services.php
View File

@ -9,7 +9,8 @@ return [
$container->get('COOKIE_NAME'),
$container->get('MAX_LOGIN_HOURS'),
$container->has('COOKIE_DOMAIN') ? $container->get('COOKIE_DOMAIN') : '',
$container->has('COOKIE_PATH') ? $container->get('COOKIE_PATH') : ''
$container->has('COOKIE_PATH') ? $container->get('COOKIE_PATH') : '',
$container->has('COOKIE_SEPARATOR') ? $container->get('COOKIE_SEPARATOR') : 'g'
);
},
Incoviba\Service\Money::class => function(ContainerInterface $container) {

20
app/src/Controller/API/Base.php Normal file
View File

@ -0,0 +1,20 @@
<?php
namespace Incoviba\Controller\API;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Incoviba\Common\Ideal\Controller;
class Base extends Controller
{
use withJson;
public function __invoke(ServerRequestInterface $request, ResponseInterface $response): ResponseInterface
{
$output = [
'version' => '2.0.0',
'organization' => 'Ingenieria y Construccion Vial Balmaceda Sociedad Anonima'
];
return $this->withJson($response, $output);
}
}

26
app/src/Middleware/API.php
View File

@ -6,10 +6,12 @@ use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
use Incoviba\Exception\MissingAuthorizationHeader;
use Incoviba\Service;
class API
{
public function __construct(protected ResponseFactoryInterface $responseFactory, protected string $key) {}
public function __construct(protected ResponseFactoryInterface $responseFactory, protected Service\Login $loginService,
protected string $key) {}
public function __invoke(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
{
@ -18,7 +20,7 @@ class API
} catch (MissingAuthorizationHeader $exception) {
return $this->responseFactory->createResponse(401);
}
if ($this->validate($key)) {
if ($this->validate($request, $key)) {
return $handler->handle($request);
}
return $this->responseFactory->createResponse(403);
@ -33,8 +35,26 @@ class API
}
throw new MissingAuthorizationHeader();
}
protected function validate($incoming_key): bool
protected function validate(ServerRequestInterface $request, $incoming_key): bool
{
if (str_contains($incoming_key, $this->loginService->getSeparator())) {
list($incoming_key, $selector, $token) = explode($this->loginService->getSeparator(), $incoming_key);
if (!$this->loginService->isIn()) {
return false;
}
}
if (!$this->loginService->isIn() and !$this->validPermitted($request)) {
return false;
}
return $incoming_key === md5($this->key);
}
protected function validPermitted(ServerRequestInterface $request): bool
{
$uri = $request->getUri();
$validPaths = [
'/api',
'/api/'
];
return in_array($uri->getPath(), $validPaths);
}
}

3
app/src/Middleware/Authentication.php
View File

@ -51,7 +51,7 @@ class Authentication
return true;
}
$valid_subpaths = [
'/api'
'/api/'
];
foreach ($valid_subpaths as $path) {
if (str_starts_with($current_path, $path)) {
@ -60,6 +60,7 @@ class Authentication
}
$valid_uris = [
$this->login_url,
"{$this->login_url}/",
];
if (in_array($current_url, $valid_uris, true)) {
return true;

8
app/src/Service/Login.php
View File

@ -47,6 +47,14 @@ class Login
}
return $login->user;
}
public function getToken(): string
{
return implode($this->cookie_separator, [$this->selector, $this->token]);
}
public function getSeparator(): string
{
return $this->cookie_separator;
}
public function validateUser(Model\User $user, string $encryptedPassword): bool
{
list($passphrase, $encrypted) = $this->splitPassword($encryptedPassword);