NotAuth.php000064400000000541150247573400006646 0ustar00redirect(url('main')); } } } Admin.php000064400000001146150247573400006316 0ustar00redirect(url('login')); } if (!Auth::user()->is_admin) { response()->redirect(url('user_access')); } } } Token.php000064400000003426150247573400006351 0ustar00id)) { $id = session_id(); } else { $id = Auth::user()->id; } $secretKey = hash_hmac('sha256', $id, env('APP_KEY')); $tokenId = base64_encode(random_bytes(16)); $issuedAt = new \DateTimeImmutable(); $expire = $issuedAt->modify('+30 minutes')->getTimestamp(); // Add 60 seconds $serverName = env('APP_URL'); // Create the token as an array $data = [ 'iat' => $issuedAt->getTimestamp(), // Issued at: time when the token was generated 'jti' => $tokenId, // Json Token Id: an unique identifier for the token 'iss' => $serverName, // Issuer 'nbf' => $issuedAt->getTimestamp(), // Not before 'exp' => $expire, // Expire 'data' => [ // Data related to the signer user 'id' => $id, // User name ] ]; // Encode the array to a JWT string. $jwt = JWT::encode( $data, //Data to be encoded in the JWT $secretKey, // The signing key 'HS512' // Algorithm used to sign the token, see https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-3 ); Cookie::put("Authorization", $jwt, (86400 * 30), '/', 'Strict', false, true); // response()->json(['key' => $jwt]); // echo $jwt; } } Auth.php000064400000002173150247573400006170 0ustar00redirect(url('login')); } //login using cookie if (empty(Session::get('uid')) && !empty(Cookie::get('uid'))) { $user_id = $user->getUserIdBySessionToken(array(Cookie::get('uid'))); $user_data = $user->getUser(array($user_id)); if (empty($user_data)) { response()->redirect(url('logout')); } Session::set(['uid' => $user_data['id'], 'agent' => $_SERVER['HTTP_USER_AGENT']]); } //check user status if (empty($user->getUserStatus(array(Session::get('uid'))))) { response()->redirect(url('logout')); } } } CsrfVerifier.php000064400000000357150247573400007662 0ustar00json(array('status' => 0, "message" => "Parameter (key) is required.")); } $api = new \App\Models\Api(); $api_data = $api->getApi(array(input('key'))); if (empty($api_data)) { response()->json(array('status' => 0, "message" => "Invalid key.")); } $api_access_uri_data = $api->getApiAccessUri(array($api_data['id'], url(null, null, array()))); if (empty($api_access_uri_data)) { response()->json(array('status' => 0, "message" => "Key has no access to this API.")); } $api_log_arr = array( $api_access_uri_data['id'], \App\Utilities\Utility::clientIP(), \App\Utilities\Utility::clientUserAgent(), null, ); $api->createApiLog($api_log_arr); } } TokenVerifier.php000064400000003532150247573400010043 0ustar00authenticated = true; // if (!preg_match('/Bearer\s(\S+)/', $_SERVER['HTTP_AUTHORIZATION'], $matches)) { // header('HTTP/1.0 400 Bad Request'); // exit; // } $id = null; if (empty(Auth::user()->id)) { $id = session_id(); } else { $id = Auth::user()->id; } // $jwt = $matches[1]; // Using httponly cookies $jwt = Cookie::get('Authorization'); //$jwt = ""; //debug // echo $jwt; // exit; if (!$jwt) { // No token was able to be extracted from the authorization header header('HTTP/1.0 400 Bad Request'); exit; } $secretKey = hash_hmac('sha256', $id, env('APP_KEY')); //env('APP_KEY'); // $token = JWT::decode((string)$jwt, $secretKey, ['HS512']); try { JWT::$leeway += 60; $token = JWT::decode($jwt, new Key($secretKey, 'HS512')); $now = new \DateTimeImmutable(); $serverName = env('APP_URL'); if ( $token->iss !== $serverName || $token->nbf > $now->getTimestamp() || $token->exp < $now->getTimestamp() || $token->data->id !== $id ) { header('HTTP/1.1 401 Unauthorized'); exit; } } catch (\Exception $e) { header('HTTP/1.1 401 Unauthorized'); exit; } } } ApiVerification1.php000064400000000355150247573400010424 0ustar00authenticated = true; } }