Compare commits

..

No commits in common. "34eeb10c2785f2470cdecd0c73106ff72627d94b" and "45a22c2dd44532c42d99ad08926987aca78c3606" have entirely different histories.

8 changed files with 42 additions and 50 deletions

View File

@ -10,7 +10,7 @@
} }
], ],
"require": { "require": {
"esoko/soko-web": "0.3", "esoko/soko-web": "0.2.1",
"firebase/php-jwt": "^6.4" "firebase/php-jwt": "^6.4"
}, },
"require-dev": { "require-dev": {

8
composer.lock generated
View File

@ -4,15 +4,15 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"content-hash": "64c21f0e5181bd39d8977af72e2aeddc", "content-hash": "695034ad53031c4fdacbc6f551d610e3",
"packages": [ "packages": [
{ {
"name": "esoko/soko-web", "name": "esoko/soko-web",
"version": "v0.3", "version": "v0.2.1",
"source": { "source": {
"type": "git", "type": "git",
"url": "https://git.esoko.eu/esoko/soko-web.git", "url": "https://git.esoko.eu/esoko/soko-web.git",
"reference": "014a5480967c03c00dda5ee34c7eaf4be224b96e" "reference": "4af7ae352108e7ba151fca2633ff4b40b3194b32"
}, },
"require": { "require": {
"phpmailer/phpmailer": "^6.8", "phpmailer/phpmailer": "^6.8",
@ -33,7 +33,7 @@
"GNU GPL 3.0" "GNU GPL 3.0"
], ],
"description": "Lightweight web framework", "description": "Lightweight web framework",
"time": "2023-04-16T14:54:22+00:00" "time": "2023-04-16T14:00:29+00:00"
}, },
{ {
"name": "firebase/php-jwt", "name": "firebase/php-jwt",

View File

@ -1,12 +1,7 @@
<?php <?php
use SokoWeb\Interfaces\Response\IRedirect; use SokoWeb\Interfaces\Response\IRedirect;
use SokoWeb\Interfaces\Response\IContent;
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired;
use SokoWeb\Interfaces\Authorization\ISecured;
use SokoWeb\Response\Redirect; use SokoWeb\Response\Redirect;
use SokoWeb\Response\HtmlContent;
use SokoWeb\Response\JsonContent;
require '../web.php'; require '../web.php';
@ -27,11 +22,13 @@ if ($match !== null) {
$handler = $route->getHandler(); $handler = $route->getHandler();
$controller = new $handler[0](Container::$request); $controller = new $handler[0](Container::$request);
if ( if ($controller instanceof SokoWeb\Interfaces\Authorization\ISecured) {
$controller instanceof IAuthenticationRequired && $authorized = $controller->authorize();
$controller->isAuthenticationRequired() && } else {
Container::$request->user() === null $authorized = true;
) { }
if (!$authorized) {
Container::$request->session()->set('redirect_after_login', substr($_SERVER['REQUEST_URI'], strlen('/'))); Container::$request->session()->set('redirect_after_login', substr($_SERVER['REQUEST_URI'], strlen('/')));
$response = new Redirect(Container::$routeCollection->getRoute('login')->generateLink(), IRedirect::TEMPORARY); $response = new Redirect(Container::$routeCollection->getRoute('login')->generateLink(), IRedirect::TEMPORARY);
header('Location: ' . $response->getUrl(), true, $response->getHttpCode()); header('Location: ' . $response->getUrl(), true, $response->getHttpCode());
@ -39,28 +36,23 @@ if ($match !== null) {
} }
if ($method === 'post' && !in_array($url, $antiCsrfTokenExceptions) && Container::$request->post('anti_csrf_token') !== Container::$request->session()->get('anti_csrf_token')) { if ($method === 'post' && !in_array($url, $antiCsrfTokenExceptions) && Container::$request->post('anti_csrf_token') !== Container::$request->session()->get('anti_csrf_token')) {
$content = new JsonContent(['error' => 'no_valid_anti_csrf_token']); $content = new SokoWeb\Response\JsonContent(['error' => 'no_valid_anti_csrf_token']);
header('Content-Type: text/html; charset=UTF-8', true, 403); header('Content-Type: text/html; charset=UTF-8', true, 403);
$content->render(); $content->render();
return; return;
} }
if (
!($controller instanceof ISecured) ||
$controller->authorize()
) {
$response = call_user_func([$controller, $handler[1]]); $response = call_user_func([$controller, $handler[1]]);
if ($response instanceof IContent) { if ($response instanceof SokoWeb\Interfaces\Response\IContent) {
header('Content-Type: ' . $response->getContentType() . '; charset=UTF-8'); header('Content-Type: ' . $response->getContentType() . '; charset=UTF-8');
$response->render(); $response->render();
return; return;
} elseif ($response instanceof IRedirect) { } elseif ($response instanceof SokoWeb\Interfaces\Response\IRedirect) {
header('Location: ' . $response->getUrl(), true, $response->getHttpCode()); header('Location: ' . $response->getUrl(), true, $response->getHttpCode());
return; return;
} }
}
} }
$content = new HtmlContent('error/404'); $content = new SokoWeb\Response\HtmlContent('error/404');
header('Content-Type: text/html; charset=UTF-8', true, 404); header('Content-Type: text/html; charset=UTF-8', true, 404);
$content->render(); $content->render();

View File

@ -7,14 +7,14 @@ use RVR\PersistentData\Model\User;
use RVR\Repository\CommunityRepository; use RVR\Repository\CommunityRepository;
use RVR\Repository\CommunityMemberRepository; use RVR\Repository\CommunityMemberRepository;
use RVR\Repository\UserRepository; use RVR\Repository\UserRepository;
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired; use SokoWeb\Interfaces\Authorization\ISecured;
use SokoWeb\Interfaces\Request\IRequest; use SokoWeb\Interfaces\Request\IRequest;
use SokoWeb\Interfaces\Response\IContent; use SokoWeb\Interfaces\Response\IContent;
use SokoWeb\PersistentData\PersistentDataManager; use SokoWeb\PersistentData\PersistentDataManager;
use SokoWeb\Response\HtmlContent; use SokoWeb\Response\HtmlContent;
use SokoWeb\Response\JsonContent; use SokoWeb\Response\JsonContent;
class CommunityController implements IAuthenticationRequired class CommunityController implements ISecured
{ {
private IRequest $request; private IRequest $request;
@ -35,9 +35,9 @@ class CommunityController implements IAuthenticationRequired
$this->communityMemberRepository = new CommunityMemberRepository(); $this->communityMemberRepository = new CommunityMemberRepository();
} }
public function isAuthenticationRequired(): bool public function authorize(): bool
{ {
return true; return $this->request->user() !== null;
} }
public function getCommunityHome(): ?IContent public function getCommunityHome(): ?IContent

View File

@ -2,12 +2,12 @@
use RVR\PersistentData\Model\User; use RVR\PersistentData\Model\User;
use RVR\Repository\CommunityMemberRepository; use RVR\Repository\CommunityMemberRepository;
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired; use SokoWeb\Interfaces\Authorization\ISecured;
use SokoWeb\Interfaces\Request\IRequest; use SokoWeb\Interfaces\Request\IRequest;
use SokoWeb\Interfaces\Response\IContent; use SokoWeb\Interfaces\Response\IContent;
use SokoWeb\Response\HtmlContent; use SokoWeb\Response\HtmlContent;
class HomeController implements IAuthenticationRequired class HomeController implements ISecured
{ {
private IRequest $request; private IRequest $request;
@ -19,9 +19,9 @@ class HomeController implements IAuthenticationRequired
$this->communityMemberRepository = new CommunityMemberRepository(); $this->communityMemberRepository = new CommunityMemberRepository();
} }
public function isAuthenticationRequired(): bool public function authorize(): bool
{ {
return true; return $this->request->user() !== null;
} }
public function getHome(): IContent public function getHome(): IContent

View File

@ -4,14 +4,14 @@ use DateTime;
use RVR\PersistentData\Model\OAuthToken; use RVR\PersistentData\Model\OAuthToken;
use RVR\PersistentData\Model\User; use RVR\PersistentData\Model\User;
use RVR\Repository\OAuthClientRepository; use RVR\Repository\OAuthClientRepository;
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired; use SokoWeb\Interfaces\Authorization\ISecured;
use SokoWeb\Interfaces\Request\IRequest; use SokoWeb\Interfaces\Request\IRequest;
use SokoWeb\Interfaces\Response\IRedirect; use SokoWeb\Interfaces\Response\IRedirect;
use SokoWeb\Response\Redirect; use SokoWeb\Response\Redirect;
use SokoWeb\PersistentData\PersistentDataManager; use SokoWeb\PersistentData\PersistentDataManager;
use SokoWeb\Response\HtmlContent; use SokoWeb\Response\HtmlContent;
class OAuthAuthController implements IAuthenticationRequired class OAuthAuthController implements ISecured
{ {
private IRequest $request; private IRequest $request;
@ -26,9 +26,9 @@ class OAuthAuthController implements IAuthenticationRequired
$this->oAuthClientRepository = new OAuthClientRepository(); $this->oAuthClientRepository = new OAuthClientRepository();
} }
public function isAuthenticationRequired(): bool public function authorize(): bool
{ {
return true; return $this->request->user() !== null;
} }
public function auth() public function auth()

View File

@ -2,7 +2,7 @@
use DateTime; use DateTime;
use SokoWeb\Http\Request; use SokoWeb\Http\Request;
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired; use SokoWeb\Interfaces\Authorization\ISecured;
use SokoWeb\Interfaces\Request\IRequest; use SokoWeb\Interfaces\Request\IRequest;
use SokoWeb\Interfaces\Response\IContent; use SokoWeb\Interfaces\Response\IContent;
use SokoWeb\Interfaces\Response\IRedirect; use SokoWeb\Interfaces\Response\IRedirect;
@ -15,7 +15,7 @@ use SokoWeb\Response\Redirect;
use SokoWeb\Util\JwtParser; use SokoWeb\Util\JwtParser;
use RVR\Repository\UserRepository; use RVR\Repository\UserRepository;
class UserController implements IAuthenticationRequired class UserController implements ISecured
{ {
private IRequest $request; private IRequest $request;
@ -30,9 +30,9 @@ class UserController implements IAuthenticationRequired
$this->userRepository = new UserRepository(); $this->userRepository = new UserRepository();
} }
public function isAuthenticationRequired(): bool public function authorize(): bool
{ {
return true; return $this->request->user() !== null;
} }
public function getAccount(): IContent public function getAccount(): IContent

View File

@ -1,12 +1,12 @@
<?php namespace RVR\Controller; <?php namespace RVR\Controller;
use RVR\Repository\UserRepository; use RVR\Repository\UserRepository;
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired; use SokoWeb\Interfaces\Authorization\ISecured;
use SokoWeb\Interfaces\Request\IRequest; use SokoWeb\Interfaces\Request\IRequest;
use SokoWeb\Interfaces\Response\IContent; use SokoWeb\Interfaces\Response\IContent;
use SokoWeb\Response\JsonContent; use SokoWeb\Response\JsonContent;
class UserSearchController implements IAuthenticationRequired class UserSearchController implements ISecured
{ {
private IRequest $request; private IRequest $request;
@ -18,9 +18,9 @@ class UserSearchController implements IAuthenticationRequired
$this->userRepository = new UserRepository(); $this->userRepository = new UserRepository();
} }
public function isAuthenticationRequired(): bool public function authorize(): bool
{ {
return true; return $this->request->user() !== null;
} }
public function searchUser(): IContent public function searchUser(): IContent