amarildo.pereira
/
pabx-app
forked from SimplesIP/pabx-app
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Mudei forma como a API autentifica em AuthController.php

1.9
Claudio 3 months ago committed by Gitea
parent
55d5e28143
commit
9c03554453
9 changed files with 176 additions and 234 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      app/Repositories/AuditaFull.php
  2. 4
      app/Repositories/Bilhetes.php
  3. 2
      app/Repositories/Token.php
  4. 50
      app/Repositories/Usuario.php
  5. 100
      app/controllers/AuthController.php
  6. 216
      app/core/Repository.php
  7. 9
      app/shared/Logger.php
  8. 2
      include/util/display_errors.php
  9. 18
      public/api.php

9
app/Repositories/AuditaFull.php
Unescape View File

@ -1,10 +1,17 @@
<?php <?php
namespace app\models; namespace app\Repositories;
use app\core\Repository; use app\core\Repository;
class AuditaFull extends Repository class AuditaFull extends Repository
{ {
protected static $table = 'pbx_audita_full'; protected static $table = 'pbx_audita_full';
public static function create(array $data): int|bool
{
$query = "INSERT INTO pbx_audita_full (" . implode(', ', array_keys($data)) . ")
VALUES (:" . implode(',:', array_keys($data)) . ')';
return self::query($query, $data, 'count');
}
} }

4
app/Repositories/Bilhetes.php
Unescape View File

@ -8,7 +8,7 @@ class Bilhetes extends Repository
{ {
protected static string $table = 'pbx_bilhetes'; protected static string $table = 'pbx_bilhetes';
public static function getBilhetes(array $data): array public function getBilhetes(array $data): array
{ {
$query = "SELECT $query = "SELECT
a.id_bilhetes AS id, a.calldate AS data_hora, a.id_bilhetes AS id, a.calldate AS data_hora,
@ -43,6 +43,6 @@ class Bilhetes extends Repository
} }
$query .= " ORDER BY data_bilhete"; $query .= " ORDER BY data_bilhete";
return self::query($query, $data); return self::read($query, $data);
} }
} }

2
app/Repositories/Token.php
Unescape View File

@ -1,6 +1,6 @@
<?php <?php
namespace app\models; namespace app\Repositories;
use app\core\Repository; use app\core\Repository;

50
app/Repositories/Usuario.php
Unescape View File

@ -1,10 +1,56 @@
<?php <?php
namespace app\models; declare(strict_types=1);
namespace app\Repositories;
use app\core\Repository; use app\core\Repository;
// Repository class with static methods related to authentication
class Usuario extends Repository class Usuario extends Repository
{ {
protected static $table = 'pbx_usuarios'; //protected static string $table = 'pbx_usuarios';
public static function getUser(string $email): array|bool
{
$query = "SELECT id, nome, apelido, email, senha
FROM pbx_usuarios
WHERE email = :email";
$data = ["email" => $email];
return self::query($query, $data, 'one');
}
public static function getTokenByUserId(string $id): array|bool
{
$query = "SELECT * FROM pbx_tokens WHERE id_usuario = :id";
$data = ["id" => $id];
return self::query($query, $data, 'one');
}
public static function deleteTokenById(string $id): int|bool
{
if (empty($id)) {
return ["status" => "error", "mensage" => "ERROR! Delete method must have parameters!"];
}
$query = "DELETE from pbx_tokens WHERE id = :id";
$data = ["id" => $id];
return self::query($query, $data, 'count');
}
public static function createToken(array $data): int|bool
{
$query = "INSERT INTO pbx_tokens (" . implode(', ', array_keys($data)) . ")
VALUES (:" . implode(',:', array_keys($data)) . ')';
return self::query($query, $data, 'count');
}
public static function getOrgIdByUserId(string $userId): array
{
$query = "SELECT id_organizacao FROM pbx_organizacao_usuarios WHERE id_usuario = :user_id";
$data = ["user_id" => $userId];
return self::query($query, $data, 'one');
}
} }

100
app/controllers/AuthController.php
Unescape View File

@ -2,91 +2,121 @@
namespace app\controllers; namespace app\controllers;
use app\models\AuditaFull; require_once '/var/www/html/include/util/util.php';
use app\models\OrganizacaoUsuario;
use app\models\Token; use app\Repositories\AuditaFull;
use app\models\Usuario; use app\Repositories\Usuario;
use Slim\Routing\RouteCollectorProxy; use Slim\Routing\RouteCollectorProxy;
use Psr\Http\Message\ResponseInterface as Response; use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request; use Psr\Http\Message\ServerRequestInterface as Request;
use Firebase\JWT\JWT; use Firebase\JWT\JWT;
use app\shared\Logger;
use Valitron\Validator;
use DateTime; use DateTime;
use Exception;
class AuthController class AuthController
{ {
const LOG_ACTIVE = true;
const CONF_JWT_SECRET_KEY = '$2y$10$SfYYXbZxidLwSlFjoVIzJOOWbZzXQyvPDbCtI5E998Hn.TASJVnkm'; const CONF_JWT_SECRET_KEY = '$2y$10$SfYYXbZxidLwSlFjoVIzJOOWbZzXQyvPDbCtI5E998Hn.TASJVnkm';
private static Logger $logger;
static function route() public static function route()
{ {
self::$logger = new Logger('api' . date('Ymd'), self::LOG_ACTIVE);
self::$logger->debug('AuthController->route()', true);
return function (RouteCollectorProxy $group) { return function (RouteCollectorProxy $group) {
$group->post('/auth', [self::class, 'auth']); $group->post('/auth', [self::class, 'auth']);
}; };
} }
function auth(Request $request, Response $response, $args) public function auth(Request $request, Response $response, $args)
{ {
$body = json_decode($request->getBody()->getContents(), true); try {
self::$logger->debug('will set validation', true);
$validator = new Validator();
$validator->mapFieldsRules([
'email' => ['required', 'email'],
'senha' => ['required']
]);
$body = json_decode($request->getBody()->getContents(), true);
self::$logger->debug('will try to validate with body: ' . print_r($body, true), true);
$validator = $validator->withData($body);
if (!$validator->validate()) {
$response->getBody()
->write(json_encode($validator->errors()));
return $response->withStatus(422);
}
// wrong/no credentials - START self::$logger->debug("method: AuthController->auth()\nbody: " . print_r($body, true), true);
if (empty($body['senha']) || empty($body['email'])) { // wrong/no credentials - START
$response->getBody()->write(json_encode( self::$logger->debug('Will try to find user', true);
[ $usuario = null;
'status' => false, $usuario = Usuario::getUser($body['email']);
'data' => ["message" => "Por favor verifique as informacoes passadas!"] self::$logger->debug('returned user: ' . print_r($usuario, true), true);
] if (!$usuario || md5($body['senha']) != $usuario['senha']) {
)); $response->getBody()->write(json_encode(['status' => false, 'data' => ["message" => "Usuario e senha nao confere, por favor verifique as informacoes passadas!"]]));
return $response; self::$logger->debug('user not found', true);
return $response;
}
} catch (Exception $e) {
self::$logger->error('Error: ' . $e->getMessage(), true);
} }
$usuario = Usuario::find(["email" => $body['email']], ['id', 'nome', 'apelido', 'email', 'senha']);
if (!$usuario || md5($body['senha']) != $usuario->senha) {
$response->getBody()->write(json_encode(['status' => false, 'data' => ["message" => "Usuario e senha nao confere, por favor verifique as informacoes passadas!"]]));
return $response;
}
// wrong/no credentials - END // wrong/no credentials - END
self::$logger->debug('Credentials fine', true);
$expiredat = (new \DateTime())->modify('+1 days')->format('Y-m-d H:i:s'); $expiredat = (new \DateTime())->modify('+1 days')->format('Y-m-d H:i:s');
$tokenPayload = ['sub' => $usuario->id, 'name' => $usuario->nome, 'email' => $usuario->email, 'expired_at' => $expiredat]; $tokenPayload = ['sub' => $usuario['id'], 'name' => $usuario['nome'], 'email' => $usuario['email'], 'expired_at' => $expiredat];
// If token's expired: delete it and create another one // If token's expired: delete it and create another one
// else: just return it // else: just return it
$tokens = Token::find(["id_usuario" => $usuario->id]); $tokens = Usuario::getTokenByUserId($usuario['id']);
if ($tokens) { if ($tokens) {
$expiredDate = new DateTime($tokens->expired_at); $expiredDate = new DateTime($tokens['expired_at']);
$now = new DateTime(); $now = new DateTime();
if ($expiredDate < $now) { if ($expiredDate < $now) {
Token::delete(["id" => $tokens->id]); Usuario::deleteTokenById($tokens['id']);
} else { } else {
$response->getBody()->write(json_encode(['status' => true, 'data' => ["token" => $tokens->token, "refresh_token" => $tokens->refresh_token]])); $response->getBody()->write(json_encode([
'status' => true,
'data' => ["token" => $tokens['token'], "refresh_token" => $tokens['refresh_token']]
]));
return $response; return $response;
} }
} }
$token = JWT::encode($tokenPayload, self::CONF_JWT_SECRET_KEY, 'HS256'); $token = JWT::encode($tokenPayload, self::CONF_JWT_SECRET_KEY, 'HS256');
$refreshToken = JWT::encode(['email' => $usuario->email], self::CONF_JWT_SECRET_KEY, 'HS256'); $refreshToken = JWT::encode(['email' => $usuario['email']], self::CONF_JWT_SECRET_KEY, 'HS256');
$insert = [ $insert = [
"token" => $token, "token" => $token,
"id_usuario" => $usuario->id, "id_usuario" => $usuario['id'],
"refresh_token" => $refreshToken, "refresh_token" => $refreshToken,
"expired_at" => $expiredat, "expired_at" => $expiredat,
"updated_at" => date('Y-m-d H:i:s') "updated_at" => date('Y-m-d H:i:s')
]; ];
$isCreated = Token::create($insert); self::$logger->debug("Token insert: " . print_r($token, true), true);
$isCreated = Usuario::createToken($insert);
if (!$isCreated) { if (!$isCreated) {
self::$logger->debug("Token creation failed ", true);
$response->getBody()->write(json_encode(['status' => false, 'data' => ["message" => "Nao foi possivel gerar o Token de autenticacao!"]])); $response->getBody()->write(json_encode(['status' => false, 'data' => ["message" => "Nao foi possivel gerar o Token de autenticacao!"]]));
return $response; return $response;
} }
$org = OrganizacaoUsuario::find(['id_usuario' => $usuario->id], ['id_organizacao']);
$org_id = $org->id_organizacao ?? '0'; $org = Usuario::getOrgIdByUserId($usuario['id']);
$org_id = $org['id_organizacao'] ?? '0';
$auditoria = [ $auditoria = [
'login' => $usuario->apelido, 'login' => $usuario['apelido'],
'id_prog' => '1', 'id_prog' => '1',
'full_ip' => $_SERVER['REMOTE_ADDR'], 'full_ip' => $_SERVER['REMOTE_ADDR'],
'full_uid' => time(), 'full_uid' => time(),
@ -95,9 +125,9 @@ class AuthController
'full_log' => json_encode( 'full_log' => json_encode(
[ [
"usuario" => [ "usuario" => [
'id' => $usuario->id, 'id' => $usuario['id'],
'nome' => $usuario->nome, 'nome' => $usuario['nome'],
'email' => $usuario->email 'email' => $usuario['email']
], ],
"request" => $body, "request" => $body,
"server" => $_SERVER "server" => $_SERVER

216
app/core/Repository.php
Unescape View File

@ -2,202 +2,50 @@
namespace app\core; namespace app\core;
use app\core\Database; //use app\core\Database;
use app\core\Connection;
use PDO;
use Exception; use Exception;
use PDOException;
use stdClass; use stdClass;
use app\shared\Logger;
abstract class Repository abstract class Repository
{ {
public DataBase $db; public DataBase $db;
protected static $table; //protected static string $table;
protected static Logger $logger;
public static function create(array $params) private static function setLog()
{ {
$dados = []; self::$logger = new Logger('api' . date('Ymd'), true);
$db = new Database();
try {
$table = static::$table;
$query = "INSERT INTO $table (";
foreach ($params as $key => $value) {
$dados[$key] = $value;
if (array_key_last($params) == $key) {
$query .= " $key )";
} else {
$query .= " $key, ";
}
}
$query .= " VALUES( ";
foreach ($params as $key => $value) {
if (array_key_last($params) == $key) {
$query .= " :$key );";
} else {
$query .= " :$key, ";
}
}
return $db->create($query, $dados);
} catch (Exception $e) {
$db->databaseLog()->error(print_r(
[
'error' => $e->getMessage(),
__FUNCTION__ => $table,
'query' => $query,
'params' => $params
],
true
));
}
}
public static function query(string $query, array $params = [])
{
$db = new Database();
try {
$data = $db->read($query, $params);
if (!$data) {
return [];
}
return $data?->fetchAll();
} catch (Exception $e) {
$db->databaseLog()->error(print_r(
[
'error' => $e->getMessage(),
__FUNCTION__ => 'custom',
'query' => $query,
'params' => $params
],
true
));
}
} }
public static function find(array $params = [], array $columns = []): array | stdClass public static function query(string $query, array $params = [], string $fetch = 'all'): array|int|bool
{ {
$db = new Database();
try { try {
$table = static::$table; self::setLog();
$column = count($columns) > 0 ? implode(',', $columns) : "*"; self::$logger->debug("Getting connection", true);
$query = "SELECT $column FROM $table WHERE 1 = 1"; $stmt = Connection::getInstance()->prepare($query);
foreach ($params as $k => $v) { self::$logger->debug("Biding values for $query", true);
$query .= " AND $k = :$k"; foreach ($params as $key => $value) {
} $stmt->bindValue(":$key", $value, (is_int($value) ? PDO::PARAM_INT : PDO::PARAM_STR));
$db->databaseLog()->error($query); }
$stmt->execute();
$data = $db->read($query, $params);
if (!$data) { switch ($fetch) {
return []; case 'all':
} return $stmt->fetchAll();
return $data->fetch(); case 'one':
} catch (Exception $e) { return $stmt->fetch(PDO::FETCH_ASSOC);
$db->databaseLog()->error(print_r( case 'count':
[ return $stmt->rowCount();
'error' => $e->getMessage(), default:
__FUNCTION__ => $table, return $stmt->fetchAll();
'query' => $query, }
'params' => $params, } catch (PDOException $e) {
'columns' => $columns self::$logger->error(print_r(['error' => $e->getMessage(), 'query' => $query, 'params' => $params], true));
], return ['status' => false, 'data' => ['message' => 'Nenhum resultado encontrado!']];
true
));
}
}
public static function get(array $params = [], array $columns = []): array | stdClass
{
$db = new Database();
try {
$table = static::$table;
$column = count($columns) > 0 ? implode(',', $columns) : "*";
$query = "SELECT $column FROM $table WHERE 1 = 1";
foreach ($params as $k => $v) {
$query .= " AND $k = :$k";
}
$data = $db->read($query, $params);
if (!$data) {
return null;
}
return $data->fetchAll();
} catch (Exception $e) {
$db->databaseLog()->error(print_r(
[
'error' => $e->getMessage(),
__FUNCTION__ => $table,
'query' => $query,
'params' => $params,
'columns' => $columns
],
true
));
}
}
public static function update(array $params, array $where)
{
$db = new Database();
try {
$dados = array_filter($params);
$table = static::$table;
$query = "UPDATE $table SET ";
foreach ($dados as $key => $value) {
if (array_key_last($dados) == $key) {
$query .= " $key = :$key";
} else {
$query .= " $key = :$key, ";
}
}
$query .= " WHERE 1 = 1 ";
if (empty($where)) {
throw new Exception("Parâmetro (where) é obrigatório! [Table: $table] where: ['column' => 'value']");
}
foreach ($where as $column => $value) {
$query .= "AND $column = :$column";
$dados[$column] = $value;
}
return $db->update($query, $dados);
} catch (Exception $e) {
$db->databaseLog()->error(print_r(
[
'error' => $e->getMessage(),
__FUNCTION__ => $table,
'query' => $query,
'params' => $params,
'where' => $where
],
true
));
}
}
public static function delete(array $where): int
{
$db = new Database();
try {
$table = static::$table;
$dados = [];
$query = "DELETE FROM $table WHERE 1 = 1";
if (empty($where)) {
throw new Exception("Parâmetro (where) é obrigatório! [Table: $table] where: ['column' => 'value']");
}
foreach ($where as $column => $value) {
$query .= "AND $column = :$column";
$dados[$column] = $value;
}
return $db->delete($query, $dados);
} catch (Exception $e) {
$db->databaseLog()->error(print_r(
[
'error' => $e->getMessage(),
__FUNCTION__ => $table,
'query' => $query,
'where' => $where
],
true
));
} }
return 0;
} }
} }

9
app/shared/Logger.php
Unescape View File

@ -140,14 +140,15 @@ class Logger
## CONFIGS ## ## CONFIGS ##
######################################################################## ########################################################################
public function config($name, $exten = ".log", $prefix = null) public function config($name, $extern = ".log", $prefix = null)
{ {
if (file_exists($this->file)) { $this->file = $this->path . $name . $extern;
/* if (file_exists($this->file)) {
$contents = file_get_contents($this->file); $contents = file_get_contents($this->file);
} }
$this->file = trim($this->path . $prefix . ($name ? $name : $this->name) . $exten); $this->file = trim($this->path . $prefix . ($name ? $name : $this->name) . $extern);
file_put_contents($this->file, $contents ? $contents : "", FILE_APPEND); file_put_contents($this->file, $contents ? $contents : "", FILE_APPEND); */
} }
public function getType() public function getType()

2
include/util/display_errors.php
Unescape View File

@ -22,5 +22,3 @@ if (!file_exists('/var/log/asterisk/display_erros.log')) {
exec(" chown pbx:pbx {$filename}"); exec(" chown pbx:pbx {$filename}");
} }
} }

18
public/api.php
Unescape View File

@ -1,6 +1,8 @@
<?php <?php
require __DIR__ . '/../vendor/autoload.php'; require_once __DIR__ . '/../vendor/autoload.php';
require_once '/var/www/html/include/util/util.php';
//error_reporting(E_ALL); //error_reporting(E_ALL);
ini_set('display_errors', 0); ini_set('display_errors', 0);
@ -10,6 +12,8 @@ use app\controllers\CallController;
use app\controllers\AuthController; use app\controllers\AuthController;
use app\middleware\AuthMiddleware; use app\middleware\AuthMiddleware;
use app\controllers\MeetController; use app\controllers\MeetController;
use app\shared\Logger;
use Slim\Factory\AppFactory; use Slim\Factory\AppFactory;
use Slim\Routing\RouteCollectorProxy; use Slim\Routing\RouteCollectorProxy;
@ -21,25 +25,32 @@ header("Access-Control-Allow-Methods: HEAD, GET, POST, PUT, PATCH, DELETE, OPTIO
header("Access-Control-Allow-Headers: X-API-KEY, Origin, ngrok-skip-browser-warning, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization"); header("Access-Control-Allow-Headers: X-API-KEY, Origin, ngrok-skip-browser-warning, X-Requested-With, Content-Type, Accept, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization");
header('Content-Type: application/json'); header('Content-Type: application/json');
$method = $_SERVER['REQUEST_METHOD']; $method = $_SERVER['REQUEST_METHOD'];
/*if ($method == "OPTIONS") { if ($method == "OPTIONS") {
echo "teste OK"; echo "teste OK";
// header("HTTP/1.1 200 OK"); // header("HTTP/1.1 200 OK");
die(); die();
}*/ }
$logger = new Logger('api' . date('Ymd'), true);
$app = AppFactory::create(); $app = AppFactory::create();
$app->addRoutingMiddleware(); $app->addRoutingMiddleware();
$app->add(new CorsMiddleware()); $app->add(new CorsMiddleware());
$app->addErrorMiddleware(false, true, true); $app->addErrorMiddleware(false, true, true);
$logger->debug("calling API", true);
// Define app routes // Define app routes
$app->get('/api/v2/teste', function () { $app->get('/api/v2/teste', function () {
echo "teste OK"; echo "teste OK";
die();
}); });
$app->group('/api/v2', AuthController::route()); $app->group('/api/v2', AuthController::route());
$app->group('/api/v2/meet', MeetController::route()); $app->group('/api/v2/meet', MeetController::route());
$logger->debug("After auth", true);
$app->group('/api/v2', function (RouteCollectorProxy $group) { $app->group('/api/v2', function (RouteCollectorProxy $group) {
$group->group('/call', CallController::route()); $group->group('/call', CallController::route());
$group->group('/queue', QueueController::route()); $group->group('/queue', QueueController::route());
@ -49,5 +60,6 @@ $app->group('/api/v2', function (RouteCollectorProxy $group) {
try { try {
$app->run(); $app->run();
} catch (Exception $e) { } catch (Exception $e) {
$logger->error("Exeption running app: " . $e->getMessage(), true);
die(json_encode(array("status" => "failed", "message" => "This action is not allowed"))); die(json_encode(array("status" => "failed", "message" => "This action is not allowed")));
} }

Write Preview
Loading…
Cancel
Save