File manager

File manager - Edit - /home/autoph/public_html/projects/api/public/Middlewares.tar

Back
NotAuth.php��0000644��00000000541�15024757340�0006646 0��ustar�00��<?php namespace App\Middlewares; use Pecee\Http\Middleware\IMiddleware; use Pecee\Http\Request; use App\Models\User; use App\Utilities\Session; class NotAuth implements IMiddleware { public function handle(Request $request): void { if (!empty(Session::get('uid'))) { response()->redirect(url('main')); } } } ��Admin.php��0000644��00000001146�15024757340�0006316 0��ustar�00��<?php namespace App\Middlewares; use Pecee\Http\Middleware\IMiddleware; use Pecee\Http\Request; use Firebase\JWT\JWT; use App\Utilities\Cookie; use App\Utilities\Session; use App\Utilities\Auth; class Admin implements IMiddleware { public function handle(Request $request): void { if (empty(Session::get('uid')) && empty(Cookie::get('uid'))) { Cookie::put("ref", url(), (86400 * 30), '/', 'Strict', false, true); response()->redirect(url('login')); } if (!Auth::user()->is_admin) { response()->redirect(url('user_access')); } } } ��Token.php��0000644��00000003426�15024757340�0006351 0��ustar�00��<?php namespace App\Middlewares; use Pecee\Http\Middleware\IMiddleware; use Pecee\Http\Request; use Firebase\JWT\JWT; use App\Utilities\Cookie; use App\Utilities\Auth; class Token implements IMiddleware { public function handle(Request $request): void { $id = null; if (empty(Auth::user()->id)) { $id = session_id(); } else { $id = Auth::user()->id; } $secretKey = hash_hmac('sha256', $id, env('APP_KEY')); $tokenId = base64_encode(random_bytes(16)); $issuedAt = new \DateTimeImmutable(); $expire = $issuedAt->modify('+30 minutes')->getTimestamp(); // Add 60 seconds $serverName = env('APP_URL'); // Create the token as an array $data = [ 'iat' => $issuedAt->getTimestamp(), // Issued at: time when the token was generated 'jti' => $tokenId, // Json Token Id: an unique identifier for the token 'iss' => $serverName, // Issuer 'nbf' => $issuedAt->getTimestamp(), // Not before 'exp' => $expire, // Expire 'data' => [ // Data related to the signer user 'id' => $id, // User name ] ]; // Encode the array to a JWT string. $jwt = JWT::encode( $data, //Data to be encoded in the JWT $secretKey, // The signing key 'HS512' // Algorithm used to sign the token, see https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-3 ); Cookie::put("Authorization", $jwt, (86400 * 30), '/', 'Strict', false, true); // response()->json(['key' => $jwt]); // echo $jwt; } } ��Auth.php��0000644��00000002173�15024757340�0006170 0��ustar�00��<?php namespace App\Middlewares; use Pecee\Http\Middleware\IMiddleware; use Pecee\Http\Request; use Firebase\JWT\JWT; use App\Utilities\Cookie; use App\Utilities\Session; use App\Models\User; class Auth implements IMiddleware { public function handle(Request $request): void { $user = new User(); if (empty(Session::get('uid')) && empty(Cookie::get('uid'))) { Cookie::put("ref", url(), (86400 * 30), '/', 'Strict', false, true); response()->redirect(url('login')); } //login using cookie if (empty(Session::get('uid')) && !empty(Cookie::get('uid'))) { $user_id = $user->getUserIdBySessionToken(array(Cookie::get('uid'))); $user_data = $user->getUser(array($user_id)); if (empty($user_data)) { response()->redirect(url('logout')); } Session::set(['uid' => $user_data['id'], 'agent' => $_SERVER['HTTP_USER_AGENT']]); } //check user status if (empty($user->getUserStatus(array(Session::get('uid'))))) { response()->redirect(url('logout')); } } } ��CsrfVerifier.php��0000644��00000000357�15024757340�0007662 0��ustar�00��<?php namespace App\Middlewares; use Pecee\Http\Middleware\BaseCsrfVerifier; class CsrfVerifier extends BaseCsrfVerifier { /** * CSRF validation will be ignored on the following urls. / protected $except = ['/api/', '/v1/']; } ��ApiVerification.php��0000644��00000002206�15024757340�0010340 0��ustar�00��<?php namespace App\Middlewares; use Pecee\Http\Middleware\IMiddleware; use Pecee\Http\Request; class ApiVerification implements IMiddleware { public function handle(Request $request): void { /* * Clarence Andaya API Logic 07-13-2022 * 0. check if key is present * 1. check if api key valid * 2. check if has access to current uri * 3. log the access */ // echo url(null, null, array()); // exit; if (empty(input('key'))) { response()->json(array('status' => 0, "message" => "Parameter (key) is required.")); } $api = new \App\Models\Api(); $api_data = $api->getApi(array(input('key'))); if (empty($api_data)) { response()->json(array('status' => 0, "message" => "Invalid key.")); } $api_access_uri_data = $api->getApiAccessUri(array($api_data['id'], url(null, null, array()))); if (empty($api_access_uri_data)) { response()->json(array('status' => 0, "message" => "Key has no access to this API.")); } $api_log_arr = array( $api_access_uri_data['id'], \App\Utilities\Utility::clientIP(), \App\Utilities\Utility::clientUserAgent(), null, ); $api->createApiLog($api_log_arr); } } ��TokenVerifier.php��0000644��00000003532�15024757340�0010043 0��ustar�00��<?php namespace App\Middlewares; use Pecee\Http\Middleware\IMiddleware; use Pecee\Http\Request; use App\Utilities\Cookie; use App\Utilities\Session; use Firebase\JWT\JWT; use Firebase\JWT\Key; use App\Utilities\Auth; class TokenVerifier implements IMiddleware { public function handle(Request $request): void { // Do authentication // $request->authenticated = true; // if (!preg_match('/Bearer\s(\S+)/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { // header('HTTP/1.0 400 Bad Request'); // exit; // } $id = null; if (empty(Auth::user()->id)) { $id = session_id(); } else { $id = Auth::user()->id; } // $jwt = $matches[1]; // Using httponly cookies $jwt = Cookie::get('Authorization'); //$jwt = ""; //debug // echo $jwt; // exit; if (!$jwt) { // No token was able to be extracted from the authorization header header('HTTP/1.0 400 Bad Request'); exit; } $secretKey = hash_hmac('sha256', $id, env('APP_KEY')); //env('APP_KEY'); // $token = JWT::decode((string)$jwt, $secretKey, ['HS512']); try { JWT::$leeway += 60; $token = JWT::decode($jwt, new Key($secretKey, 'HS512')); $now = new \DateTimeImmutable(); $serverName = env('APP_URL'); if ( $token->iss !== $serverName \|\| $token->nbf > $now->getTimestamp() \|\| $token->exp < $now->getTimestamp() \|\| $token->data->id !== $id ) { header('HTTP/1.1 401 Unauthorized'); exit; } } catch (\Exception $e) { header('HTTP/1.1 401 Unauthorized'); exit; } } } ��ApiVerification1.php��0000644��00000000355�15024757340�0010424 0��ustar�00��<?php namespace App\Middlewares; use Pecee\Http\Middleware\IMiddleware; use Pecee\Http\Request; class ApiVerification1 implements IMiddleware { public function handle(Request $request): void { $request->authenticated = true; } } ��

| ver. 1.4 | . | PHP 8.0.30 | Generation time: 0 | proxy | phpinfo | Settings