esoko/rvr-nextgen
esoko/rvr-nextgen
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 5 Wiki Activity

Compare commits

base: esoko:master
Branches Tags
esoko:master
esoko:Release_2411.1
esoko:Release_2403.1
esoko:Release_2309.3
esoko:Release_2309.2.1
esoko:Release_2309.2
esoko:Release_2309.1
esoko:Release_2307.4.1
esoko:Release_2307.4
esoko:Release_2307.3
esoko:Release_2307.2
esoko:Release_2307.1
esoko:Release_2306.1
esoko:Release_2305.7.1
esoko:Release_2305.7
esoko:Release_2305.6
esoko:Release_2305.5
esoko:Release_2305.4.1
esoko:Release_2305.4
esoko:Release_2305.3
esoko:Release_2305.2
esoko:Release_2305.1
esoko:Release_2304.15
esoko:Release_2304.14
esoko:Release_2304.13
esoko:Release_2304.12
esoko:Release_2304.11
esoko:Release_2304.10
esoko:Release_2304.9
esoko:Release_2304.8
esoko:Release_2304.7
esoko:Release_2304.6
esoko:Release_2304.5
esoko:Release_2304.4
esoko:Release_2304.3
esoko:Release_2304.2
esoko:Release_2304.1
..
compare: esoko:Release_2307.1
Branches Tags
esoko:master
esoko:Release_2411.1
esoko:Release_2403.1
esoko:Release_2309.3
esoko:Release_2309.2.1
esoko:Release_2309.2
esoko:Release_2309.1
esoko:Release_2307.4.1
esoko:Release_2307.4
esoko:Release_2307.3
esoko:Release_2307.2
esoko:Release_2307.1
esoko:Release_2306.1
esoko:Release_2305.7.1
esoko:Release_2305.7
esoko:Release_2305.6
esoko:Release_2305.5
esoko:Release_2305.4.1
esoko:Release_2305.4
esoko:Release_2305.3
esoko:Release_2305.2
esoko:Release_2305.1
esoko:Release_2304.15
esoko:Release_2304.14
esoko:Release_2304.13
esoko:Release_2304.12
esoko:Release_2304.11
esoko:Release_2304.10
esoko:Release_2304.9
esoko:Release_2304.8
esoko:Release_2304.7
esoko:Release_2304.6
esoko:Release_2304.5
esoko:Release_2304.4
esoko:Release_2304.3
esoko:Release_2304.2
esoko:Release_2304.1

No commits in common. "master" and "Release_2307.1" have entirely different histories.
master ... Release_23

40 changed files with 1191 additions and 1553 deletions
Show Stats Expand all files Collapse all files

1
.env.example
View File

@ -21,4 +21,3 @@ RECAPTCHA_SITEKEY=your_recaptcha_sitekey
RECAPTCHA_SECRET=your_recaptcha_secret
JWT_RSA_PRIVATE_KEY=jwt-rsa256-private.pem
JWT_RSA_PUBLIC_KEY=jwt-rsa256-public.pem
JWT_KEY_KID=1

61
Jenkinsfile vendored
View File

@ -13,9 +13,8 @@ pipeline {
}
agent {
dockerfile {
filename 'docker/Dockerfile'
filename 'docker/Dockerfile-test'
dir '.'
additionalBuildArgs '--target rvr_base'
reuseNode true
}
}
@ -27,9 +26,8 @@ pipeline {
stage('Unit Testing') {
agent {
dockerfile {
filename 'docker/Dockerfile'
filename 'docker/Dockerfile-test'
dir '.'
additionalBuildArgs '--target rvr_base'
reuseNode true
}
}
@ -46,9 +44,8 @@ pipeline {
stage('Static Code Analysis') {
agent {
dockerfile {
filename 'docker/Dockerfile'
filename 'docker/Dockerfile-test'
dir '.'
additionalBuildArgs '--target rvr_base'
reuseNode true
}
}
@ -61,57 +58,5 @@ pipeline {
}
}
}
stage('Prepare Docker release') {
environment {
COMPOSER_HOME="${WORKSPACE}/.composer"
npm_config_cache="${WORKSPACE}/.npm"
}
agent {
dockerfile {
filename 'docker/Dockerfile'
dir '.'
additionalBuildArgs '--target rvr_base'
reuseNode true
}
}
steps {
script {
sh script: 'git clean -ffdx', label: 'Clean repository'
env.VERSION = sh(script: 'git describe --tags --always --match "Release_*" HEAD', returnStdout: true).trim()
sh script: 'docker/scripts/release.sh', label: 'Release script'
sh script: "rm -rf ${env.COMPOSER_HOME} ${env.npm_config_cache}"
}
}
}
stage('Release Docker image') {
steps {
script {
withDockerRegistry([credentialsId: 'gitea-system-user', url: 'https://git.esoko.eu/']) {
sh script: 'docker buildx create --use --bootstrap --platform=linux/arm64,linux/amd64 --name multi-platform-builder'
sh script: """docker buildx build \
--platform linux/amd64,linux/arm64 \
-f docker/Dockerfile \
--target rvr_release \
-t git.esoko.eu/esoko/rvr:${env.VERSION} \
--push \
.""",
label: 'Build Docker image'
if (env.BRANCH_NAME == 'master') {
if (env.VERSION ==~ '.*-\\d+-g[a-f0-9]{7}') {
env.FIXED_VERSION = 'dev'
} else {
env.FIXED_VERSION = 'stable'
}
sh script: """docker buildx imagetools create \
-t git.esoko.eu/esoko/rvr:${env.FIXED_VERSION} \
git.esoko.eu/esoko/rvr:${env.VERSION}"""
}
}
}
}
}
}
}

118
README.md
View File

@ -2,81 +2,81 @@
[![Build Status](https://ci.esoko.eu/job/rvr-nextgen/job/master/badge/icon)](https://ci.esoko.eu/job/rvr-nextgen/job/master/)
This is the RVR Application project.
This is the RVR Application project. This is a game about guessing where you are based on a street view panorama - inspired by existing applications.
## Installation
### Set environment variables
### Clone the Git repository
The `.env` file contains several environment variables that are needed by the application to work properly. These should be configured for your environment. Check `.env.example` for reference.
**Important: `DEV` should NOT be set for production! See section Development if you want to use the application in development mode.**
### Docker Compose
Create a `docker-compose.yml` file. The example code below assumes that `.env` is placed in the same folder.
```yml
version: '3'
services:
app:
image: git.esoko.eu/esoko/rvr:latest
depends_on:
mariadb:
condition: service_healthy
ports:
- 80:80
volumes:
- .env:/var/www/rvr/.env
mariadb:
image: mariadb:10.3
volumes:
- mysql:/var/lib/mysql
environment:
MYSQL_ROOT_PASSWORD: 'root'
MYSQL_DATABASE: 'rvr'
MYSQL_USER: 'rvr'
MYSQL_PASSWORD: 'rvr'
healthcheck:
test: ["CMD-SHELL", "mysqladmin -u $$MYSQL_USER -p$$MYSQL_PASSWORD ping -h localhost || exit 1"]
start_period: 5s
start_interval: 1s
interval: 5s
timeout: 5s
retries: 5
volumes:
mysql:
The first step is obviously cloning the repository to your machine:
```
git clone https://git.esoko.eu/esoko/rvr-nextgen.git
```
Execute the following command:
```bash
All the commands listed here should be executed from the repository root.
### Setup Docker stack (recommended)
The easiest way to build up a fully working application with web server and database is to use Docker Compose with the included `docker-compose.yml`.
All you have to do is executing the following command:
```
docker compose up -d
```
Attach shell to the container of `rvr-nextgen-app`:
**And you are done!** The application is ready to use. You can create the first administrative user with the following command after attaching to the `app` container:
```
docker exec -it rvr-nextgen-app bash
```
All of the following commands should be executed there.
### Manual setup (alternative)
If you don't use the Docker stack you need to install your environment manually. Check `docker-compose.yml` and `docker/Dockerfile` to see the system requirements.
### Initialize project
This command installes all of the Composer requirements and creates a copy of the example `.env` file.
```
composer create-project
```
### Set environment variables
The `.env` file contains several environment variables that are needed by the application to work properly. These should be configured for your environment.
One very important variable is `DEV`. This indicates that the application operates in development (staging) and not in production mode.
**Hint:** If you install the application in the Docker stack for development (staging) environment, only the variables for external dependencies (API keys, map attribution, etc.) should be adapted. All other variables (for DB connection, static root, mailing, multiplayer, etc.) are fine with the default value.
### (Production only) Create cron job
To maintain database (delete inactive users, old sessions etc.), the command `db:maintain` should be regularly executed. It is recommended to create a cron job that runs every hour:
```
0 * * * * /path/to/your/installation/rvr db:maintain >>/var/log/cron-rvr.log 2>&1
```
### Finalize installation
After you followed the above steps, execute the following command:
```
scripts/install.sh
```
**And you are done!** The application is ready to use and develop. In development mode an administrative user is also created by the installation script, email is **rvr@rvr.dev**, password is **123456**. In production mode you should create the first administrative user with the following command:
```
./rvr user:add EMAIL PASSWORD admin
```
## Development
### Set environment variables
`.env.example` should be copied to `.env` into the repo root. Only the variables for external dependencies (API keys, map attribution, etc.) should be adapted. All other variables (for DB connection, static root, mailing, multiplayer, etc.) are fine with the default value. **`DEV=1` should be set for development!**
### Docker Compose
Execute the following command from the repo root:
```bash
docker compose up -d
```
**And you are done!** You can reach the application on http://localhost. The mails that are sent by the application can be found on http://localhost:8080. If needed, the database server can be directly reached on localhost:3306, or you can use Adminer web interface on http://localhost:9090
You might have to attach to the `app` container, e.g. for creating users, `composer update`, etc.
If you installed it in the Docker stack, you can reach it on http://localhost. The mails that are sent by the application can be found on http://localhost:8080/. If needed, the database server can be directly reached on localhost:3306.
---

4
composer.json
View File

@ -10,11 +10,11 @@
}
],
"require": {
"esoko/soko-web": "0.15",
"esoko/soko-web": "0.13.1",
"firebase/php-jwt": "^6.4"
},
"require-dev": {
"phpunit/phpunit": "^10.3",
"phpunit/phpunit": "^9.6",
"phpstan/phpstan": "^1.10"
},
"autoload": {

972
composer.lock generated
View File

File diff suppressed because it is too large Load Diff

26
database/migrations/structure/202411226_2042_oauth_update.sql
View File

@ -1,26 +0,0 @@
CREATE TABLE `oauth_sessions` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`client_id` varchar(255) CHARACTER SET ascii COLLATE ascii_bin NOT NULL,
`scope` varchar(255) NOT NULL DEFAULT '',
`nonce` varchar(255) CHARACTER SET ascii COLLATE ascii_bin NOT NULL,
`user_id` int(10) unsigned DEFAULT NULL,
`code` varchar(255) CHARACTER SET ascii COLLATE ascii_bin NOT NULL,
`code_challenge` varchar(128) NULL,
`code_challenge_method` enum('plain', 'S256') NULL,
`token_claimed` tinyint(1) NOT NULL DEFAULT 0,
`created` timestamp NOT NULL DEFAULT current_timestamp(),
`expires` timestamp NOT NULL DEFAULT current_timestamp() ON UPDATE current_timestamp(),
PRIMARY KEY (`id`),
UNIQUE KEY `code` (`code`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
ALTER TABLE `oauth_tokens`
ADD `session_id` int(10) unsigned NULL,
ADD CONSTRAINT `oauth_tokens_session_id` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`),
DROP INDEX `code`,
DROP INDEX `access_token`,
DROP `scope`,
DROP `nonce`,
DROP `user_id`,
DROP `code`,
DROP `access_token`;

16
docker-compose.yml
View File

@ -2,17 +2,12 @@ version: '3'
services:
app:
build:
context: .
dockerfile: docker/Dockerfile
target: rvr_dev
depends_on:
mariadb:
condition: service_healthy
context: ./docker
dockerfile: Dockerfile-app
ports:
- 80:80
volumes:
- .:/var/www/rvr
working_dir: /var/www/rvr
mariadb:
image: mariadb:10.3
ports:
@ -24,13 +19,6 @@ services:
MYSQL_DATABASE: 'rvr'
MYSQL_USER: 'rvr'
MYSQL_PASSWORD: 'rvr'
healthcheck:
test: ["CMD-SHELL", "mysqladmin -u $$MYSQL_USER -p$$MYSQL_PASSWORD ping -h localhost || exit 1"]
start_period: 5s
start_interval: 1s
interval: 5s
timeout: 5s
retries: 5
adminer:
image: adminer:4.8.1-standalone
ports:

44
docker/Dockerfile
View File

@ -1,44 +0,0 @@
FROM ubuntu:22.04 AS rvr_base
ENV DEBIAN_FRONTEND noninteractive
RUN apt update --fix-missing && apt install -y sudo curl git unzip mariadb-client nginx \
php-apcu php8.1-cli php8.1-curl php8.1-fpm php8.1-mbstring php8.1-mysql php8.1-zip php8.1-xml
RUN mkdir -p /run/php
COPY docker/configs/nginx.conf /etc/nginx/sites-available/default
COPY docker/scripts/install-composer.sh install-composer.sh
RUN ./install-composer.sh
COPY docker/scripts/install-nodejs.sh install-nodejs.sh
RUN ./install-nodejs.sh
RUN npm install -g uglify-js clean-css-cli svgo yarn
FROM rvr_base AS rvr_dev
RUN apt update --fix-missing && apt install -y php-xdebug
RUN echo "xdebug.remote_enable = 1" >> /etc/php/8.1/mods-available/xdebug.ini &&\
echo "xdebug.remote_autostart = 1" >> /etc/php/8.1/mods-available/xdebug.ini &&\
echo "xdebug.remote_connect_back = 1" >> /etc/php/8.1/mods-available/xdebug.ini
EXPOSE 80
EXPOSE 5000
EXPOSE 8090
EXPOSE 9229
ENTRYPOINT docker/scripts/entry-point-dev.sh
FROM rvr_base AS rvr_release
RUN apt update --fix-missing && apt install -y cron
WORKDIR /var/www/rvr
COPY ./ /var/www/rvr
RUN rm -rf /var/www/rvr/.git
EXPOSE 80
EXPOSE 8090
ENTRYPOINT docker/scripts/entry-point.sh

30
docker/Dockerfile-app Normal file
View File

@ -0,0 +1,30 @@
FROM ubuntu:focal
ENV DEBIAN_FRONTEND noninteractive
# Install Nginx, PHP and further necessary packages
RUN apt update --fix-missing
RUN apt install -y curl git unzip mariadb-client nginx \
php-apcu php-xdebug php7.4-cli php7.4-curl php7.4-fpm php7.4-mbstring php7.4-mysql php7.4-zip php7.4-xml
# Configure Nginx with PHP
RUN mkdir -p /run/php
COPY configs/nginx.conf /etc/nginx/sites-available/default
RUN echo "xdebug.remote_enable = 1" >> /etc/php/7.4/mods-available/xdebug.ini
RUN echo "xdebug.remote_autostart = 1" >> /etc/php/7.4/mods-available/xdebug.ini
RUN echo "xdebug.remote_connect_back = 1" >> /etc/php/7.4/mods-available/xdebug.ini
# Install Composer
COPY scripts/install-composer.sh install-composer.sh
RUN ./install-composer.sh
# Install Node.js and required packages
RUN curl -sL https://deb.nodesource.com/setup_14.x | bash -
RUN apt install -y nodejs
RUN npm install -g uglify-js clean-css-cli svgo yarn
EXPOSE 80
VOLUME /var/www/rvr
WORKDIR /var/www/rvr
ENTRYPOINT /usr/sbin/php-fpm7.4 -F & /usr/sbin/nginx -g 'daemon off;'

6
docker/Dockerfile-test Normal file
View File

@ -0,0 +1,6 @@
FROM ubuntu:focal
ENV DEBIAN_FRONTEND noninteractive
RUN apt update && apt install -y curl git unzip php7.4-cli php7.4-mbstring php7.4-xml
RUN curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer

9
docker/configs/nginx.conf
View File

@ -1,9 +1,3 @@
map $http_x_forwarded_proto $forwarded_scheme {
default $scheme;
http http;
https https;
}
server {
listen 80 default_server;
listen [::]:80 default_server;
@ -20,8 +14,7 @@ server {
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_param REQUEST_SCHEME $forwarded_scheme;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
location ~ /\.ht {

1
docker/scripts/cron
View File

@ -1 +0,0 @@
0 * * * * /var/www/rvr/rvr db:maintain

36
docker/scripts/entry-point-dev.sh
View File

@ -1,36 +0,0 @@
#!/bin/bash
set -e
echo "Installing Composer packages..."
if [ -f .env ]; then
composer install
else
composer create-project
fi
echo "Installing Yarn packages..."
(cd public/static && yarn install)
echo "Migrating DB..."
./rvr db:migrate
echo "Set runner user based on owner of .env..."
if ! getent group rvr; then
USER_GID=$(stat -c "%g" .env)
groupadd --gid $USER_GID rvr
fi
if ! id -u rvr; then
USER_UID=$(stat -c "%u" .env)
useradd --uid $USER_UID --gid $USER_GID rvr
fi
sed -i -e "s/^user = .*$/user = rvr/g" -e "s/^group = .*$/group = rvr/g" /etc/php/8.1/fpm/pool.d/www.conf
set +e
/usr/sbin/php-fpm8.1 -F &
/usr/sbin/nginx -g 'daemon off;' &
wait -n
exit $?

31
docker/scripts/entry-point.sh
View File

@ -1,31 +0,0 @@
#!/bin/bash
set -e
echo "Migrating DB..."
./rvr db:migrate
echo "Installing crontab..."
/usr/bin/crontab docker/scripts/cron
echo "Set runner user based on owner of .env..."
if ! getent group rvr; then
USER_GID=$(stat -c "%g" .env)
groupadd --gid $USER_GID rvr
fi
if ! id -u rvr; then
USER_UID=$(stat -c "%u" .env)
useradd --uid $USER_UID --gid $USER_GID rvr
fi
chown -R rvr:rvr cache
sed -i -e "s/^user = .*$/user = rvr/g" -e "s/^group = .*$/group = rvr/g" /etc/php/8.1/fpm/pool.d/www.conf
set +e
/usr/sbin/cron -f &
/usr/sbin/php-fpm8.1 -F &
/usr/sbin/nginx -g 'daemon off;' &
wait -n
exit $?

14
docker/scripts/install-nodejs.sh
View File

@ -1,14 +0,0 @@
#!/bin/sh
set -e
apt update
apt install -y ca-certificates curl gnupg
mkdir -p /etc/apt/keyrings
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
NODE_MAJOR=18
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
apt update
apt install -y nodejs

27
docker/scripts/release.sh
View File

@ -1,27 +0,0 @@
#!/bin/bash
set -e
echo "Installing Composer packages..."
composer create-project --no-dev
echo "Installing Yarn packages..."
(cd public/static && yarn install)
echo "Updating version info..."
VERSION=$(git describe --tags --always --match "Release_*" HEAD)
REVISION=$(git rev-parse --short HEAD)
REVISION_DATE=$(git show -s --format=%aI HEAD)
sed -i -E "s/const VERSION = '(.*)';/const VERSION = '${VERSION}';/" app.php
sed -i -E "s/const REVISION = '(.*)';/const REVISION = '${REVISION}';/" app.php
sed -i -E "s/const REVISION_DATE = '(.*)';/const REVISION_DATE = '${REVISION_DATE}';/" app.php
echo "Minifying JS, CSS and SVG files..."
find public/static/js -type f -iname '*.js' -exec uglifyjs {} -c -m -o {} \;
find public/static/css -type f -iname '*.css' -exec cleancss {} -o {} \;
find public/static/img -type f -iname '*.svg' -exec svgo {} -o {} \;
echo "Linking view files..."
./rvr view:link
rm .env

25
public/static/yarn.lock
View File

@ -2,23 +2,6 @@
# yarn lockfile v1
"@fortawesome/fontawesome-free@^6.4.0":
version "6.7.1"
resolved "https://registry.yarnpkg.com/@fortawesome/fontawesome-free/-/fontawesome-free-6.7.1.tgz#160a48730d533ec77578ed0141661a8f0150a71d"
integrity sha512-ALIk/MOh5gYe1TG/ieS5mVUsk7VUIJTJKPMK9rFFqOgfp0Q3d5QiBXbcOMwUvs37fyZVCz46YjOE6IFeOAXCHA==
"@orchidjs/sifter@^1.1.0":
version "1.1.0"
resolved "https://registry.yarnpkg.com/@orchidjs/sifter/-/sifter-1.1.0.tgz#b36154ad0cda4898305d1ac44f318b41048a0438"
integrity sha512-mYwHCfr736cIWWdhhSZvDbf90AKt2xyrJspKFC3qyIJG1LtrJeJunYEqCGG4Aq2ijENbc4WkOjszcvNaIAS/pQ==
dependencies:
"@orchidjs/unicode-variants" "^1.1.2"
"@orchidjs/unicode-variants@^1.1.2":
version "1.1.2"
resolved "https://registry.yarnpkg.com/@orchidjs/unicode-variants/-/unicode-variants-1.1.2.tgz#1fd71791a67fdd1591ebe0dcaadd3964537a824e"
integrity sha512-5DobW1CHgnBROOEpFlEXytED5OosEWESFvg/VYmH0143oXcijYTprRYJTs+55HzGM4IqxiLFSuqEzu9mPNwVsA==
leaflet.markercluster@^1.4.1:
version "1.4.1"
resolved "https://registry.yarnpkg.com/leaflet.markercluster/-/leaflet.markercluster-1.4.1.tgz#b53f2c4f2ca7306ddab1dbb6f1861d5e8aa6c5e5"
@ -28,11 +11,3 @@ leaflet@^1.6.0:
version "1.6.0"
resolved "https://registry.yarnpkg.com/leaflet/-/leaflet-1.6.0.tgz#aecbb044b949ec29469eeb31c77a88e2f448f308"
integrity sha512-CPkhyqWUKZKFJ6K8umN5/D2wrJ2+/8UIpXppY7QDnUZW5bZL5+SEI2J7GBpwh4LIupOKqbNSQXgqmrEJopHVNQ==
tom-select@^2.2.2:
version "2.4.1"
resolved "https://registry.yarnpkg.com/tom-select/-/tom-select-2.4.1.tgz#6a0b6df8af3df7b09b22dd965eb75ce4d1c547bc"
integrity sha512-adI8H8+wk8RRzHYLQ3bXSk2Q+FAq/kzAATrcWlJ2fbIrEzb0VkwaXzKHTAlBwSJrhqbPJvhV/0eypFkED/nAug==
dependencies:
"@orchidjs/sifter" "^1.1.0"
"@orchidjs/unicode-variants" "^1.1.2"

162
scripts/deploy-to-multiple-worktrees.py Executable file
View File

@ -0,0 +1,162 @@
#!/usr/bin/python3
# Usage: ./deploy-to-multiple-worktrees.py REPO_PATH WORKTREE_DEVELOPMENT_PATH WORKTREE_PRODUCTION_PATH
import sys
import os
import subprocess
import re
WORKTREE_REGEX = r"^worktree (.*)\nHEAD ([a-f0-9]*)\n(?:branch refs\/heads\/(.*)|detached)$"
if len(sys.argv) < 4:
print("Usage: ./deploy-to-multiple-worktrees.py REPO_PATH WORKTREE_DEVELOPMENT_PATH WORKTREE_PRODUCTION_PATH")
exit(1)
REPO = os.path.abspath(sys.argv[1])
WORKTREE_DEVELOPMENT = os.path.abspath(sys.argv[2])
WORKTREE_PRODUCTION = os.path.abspath(sys.argv[3])
class Worktree:
def __init__(self, path, branch, revision, version):
self.path = path
self.branch = branch
self.revision = revision
self.version = version
self.newRevision = None
self.newVersion = None
def getDataForWorktrees():
ret = subprocess.check_output(["git", "worktree", "list", "--porcelain"], cwd=REPO).decode().strip()
blocks = ret.split("\n\n")
worktrees = []
for block in blocks:
matches = re.search(WORKTREE_REGEX, block)
if matches:
path = matches.group(1)
revision = matches.group(2)
branch = matches.group(3)
version = getVersion(revision)
worktrees.append(Worktree(path, branch, revision, version))
return worktrees
def findWorktree(path):
for worktree in worktrees:
if worktree.path == path:
return worktree
return None
def getVersion(branch):
return subprocess.check_output(["git", "describe", "--tags", "--always", "--match", "Release_*", branch], cwd=REPO).decode().strip()
def getRevisionForRef(ref):
return subprocess.check_output(["git", "rev-list", "-1", ref], cwd=REPO).decode().strip()
def getLatestReleaseTag():
process = subprocess.Popen(["git", "for-each-ref", "refs/tags/Release*", "--sort=-creatordate", "--format=%(refname:short)"], stdout=subprocess.PIPE, cwd=REPO)
for line in process.stdout:
tag = line.decode().rstrip()
if isTagVerified(tag):
return tag
print(f"[WARNING] Tag '{tag}' is not verified, skipping.")
raise Exception("No verified 'Release*' tag found!")
def isTagVerified(tag):
process = subprocess.run(["git", "tag", "--verify", tag], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, cwd=REPO)
return process.returncode == 0
def updateRepoFromRemote():
subprocess.call(["git", "fetch", "origin", "--prune", "--prune-tags"], cwd=REPO)
def checkoutWorktree(worktreePath, ref):
subprocess.call(["git", "checkout", "-f", ref], cwd=worktreePath)
def cleanWorktree(worktreePath):
subprocess.call(["git", "clean", "-f", "-d"], cwd=worktreePath)
def updateAppInWorktree(worktreePath):
subprocess.call([worktreePath + "/scripts/update.sh"], cwd=worktreePath)
def updateAppVersionInWorktree(worktreePath):
subprocess.call([worktreePath + "/scripts/update-version.sh"], cwd=worktreePath)
worktrees = getDataForWorktrees()
updateRepoFromRemote()
print("Repo is updated from origin")
print("----------------------------------------------")
print("----------------------------------------------")
developmentWorktree = findWorktree(WORKTREE_DEVELOPMENT)
developmentWorktree.newRevision = getRevisionForRef(developmentWorktree.branch)
developmentWorktree.newVersion = getVersion(developmentWorktree.revision)
print("DEVELOPMENT (" + developmentWorktree.path + ") is on branch " + developmentWorktree.branch)
print(developmentWorktree.revision + " = " + developmentWorktree.branch + " (" + developmentWorktree.version + ")")
print(developmentWorktree.newRevision + " = origin/" + developmentWorktree.branch + " (" + developmentWorktree.newVersion + ")")
if developmentWorktree.revision != developmentWorktree.newRevision:
print("-> DEVELOPMENT (" + developmentWorktree.path + ") will be UPDATED")
print("----------------------------------------------")
checkoutWorktree(developmentWorktree.path, developmentWorktree.branch)
cleanWorktree(developmentWorktree.path)
print(developmentWorktree.path + " is checked out to " + developmentWorktree.branch + " and cleaned")
updateAppInWorktree(developmentWorktree.path)
updateAppVersionInWorktree(developmentWorktree.path)
print("RVR is updated in " + developmentWorktree.path)
elif developmentWorktree.version != developmentWorktree.newVersion:
print("-> DEVELOPMENT " + developmentWorktree.path + "'s version info will be UPDATED")
updateAppVersionInWorktree(developmentWorktree.path)
print("RVR version is updated in " + developmentWorktree.path)
else:
print("-> DEVELOPMENT (" + developmentWorktree.path + ") WON'T be updated")
print("----------------------------------------------")
print("----------------------------------------------")
productionWorktree = findWorktree(WORKTREE_PRODUCTION)
productionWorktree.newVersion = getLatestReleaseTag()
productionWorktree.newRevision = getRevisionForRef(productionWorktree.newVersion)
print("PRODUCTION (" + productionWorktree.path + ")")
print(productionWorktree.revision + " = " + productionWorktree.version)
print(productionWorktree.newRevision + " = " + productionWorktree.newVersion)
if productionWorktree.revision != productionWorktree.newRevision:
print("-> PRODUCTION (" + productionWorktree.path + ") will be UPDATED")
checkoutWorktree(productionWorktree.path, productionWorktree.newRevision)
cleanWorktree(productionWorktree.path)
print(productionWorktree.path + " is checked out to " + productionWorktree.newRevision + " and cleaned")
updateAppInWorktree(productionWorktree.path)
updateAppVersionInWorktree(productionWorktree.path)
print("RVR is updated in " + productionWorktree.path)
else:
print("-> PRODUCTION (" + productionWorktree.path + ") WON'T be updated")
print("----------------------------------------------")
print("----------------------------------------------")

32
scripts/install.sh Executable file
View File

@ -0,0 +1,32 @@
#!/bin/bash
ROOT_DIR=$(dirname $(readlink -f "$0"))/..
. ${ROOT_DIR}/.env
if [ -f ${ROOT_DIR}/installed ]; then
echo "RVR is already installed! To force reinstall, delete file 'installed' from the root directory!"
exit 1
fi
echo "Installing Yarn packages..."
(cd ${ROOT_DIR}/public/static && yarn install)
echo "Installing RVR DB..."
mysql --host=${DB_HOST} --user=${DB_USER} --password=${DB_PASSWORD} ${DB_NAME} < ${ROOT_DIR}/database/rvr.sql
echo "Migrating DB..."
(cd ${ROOT_DIR} && ./rvr db:migrate)
if [ -z "${DEV}" ] || [ "${DEV}" -eq "0" ]; then
echo "Minifying JS, CSS and SVG files..."
${ROOT_DIR}/scripts/minify.sh
echo "Linking view files..."
(cd ${ROOT_DIR} && ./rvr view:link)
else
echo "Creating the first user..."
(cd ${ROOT_DIR} && ./rvr user:add rvr@rvr.dev 123456 admin)
fi
touch ${ROOT_DIR}/installed

11
scripts/minify.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/bash
ROOT_DIR=$(dirname $(readlink -f "$0"))/..
. ${ROOT_DIR}/.env
find ${ROOT_DIR}/public/static/js -type f -iname '*.js' -exec uglifyjs {} -c -m -o {} \;
find ${ROOT_DIR}/public/static/css -type f -iname '*.css' -exec cleancss {} -o {} \;
find ${ROOT_DIR}/public/static/img -type f -iname '*.svg' -exec svgo {} -o {} \;

17
scripts/update-version.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
ROOT_DIR=$(dirname $(readlink -f "$0"))/..
. ${ROOT_DIR}/.env
cd ${ROOT_DIR}
echo "Updating version info..."
VERSION=$(git describe --tags --always --match "Release_*" HEAD)
REVISION=$(git rev-parse --short HEAD)
REVISION_DATE=$(git show -s --format=%aI HEAD)
sed -i -E "s/const VERSION = '(.*)';/const VERSION = '${VERSION}';/" app.php
sed -i -E "s/const REVISION = '(.*)';/const REVISION = '${REVISION}';/" app.php
sed -i -E "s/const REVISION_DATE = '(.*)';/const REVISION_DATE = '${REVISION_DATE}';/" app.php

26
scripts/update.sh Executable file
View File

@ -0,0 +1,26 @@
#!/bin/bash
ROOT_DIR=$(dirname $(readlink -f "$0"))/..
. ${ROOT_DIR}/.env
echo "Installing Composer packages..."
if [ -z "${DEV}" ] || [ "${DEV}" -eq "0" ]; then
(cd ${ROOT_DIR} && composer install --no-dev)
else
(cd ${ROOT_DIR} && composer install --dev)
fi
echo "Installing Yarn packages..."
(cd ${ROOT_DIR}/public/static && yarn install)
echo "Migrating DB..."
(cd ${ROOT_DIR} && ./rvr db:migrate)
if [ -z "${DEV}" ] || [ "${DEV}" -eq "0" ]; then
echo "Minifying JS, CSS and SVG files..."
${ROOT_DIR}/scripts/minify.sh
echo "Linking view files..."
(cd ${ROOT_DIR} && ./rvr view:link)
fi

29
src/Cli/MaintainDatabaseCommand.php
View File

@ -5,8 +5,6 @@ use SokoWeb\Database\Query\Modify;
use SokoWeb\Database\Query\Select;
use SokoWeb\Interfaces\Database\IResultSet;
use RVR\Repository\UserPasswordResetterRepository;
use RVR\Repository\OAuthTokenRepository;
use RVR\Repository\OAuthSessionRepository;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
@ -15,17 +13,11 @@ class MaintainDatabaseCommand extends Command
{
private UserPasswordResetterRepository $userPasswordResetterRepository;
private OAuthTokenRepository $oauthTokenRepository;
private OAuthSessionRepository $oauthSessionRepository;
public function __construct()
{
parent::__construct();
$this->userPasswordResetterRepository = new UserPasswordResetterRepository();
$this->oauthTokenRepository = new OAuthTokenRepository();
$this->oauthSessionRepository = new OAuthSessionRepository();
}
public function configure(): void
@ -39,8 +31,6 @@ class MaintainDatabaseCommand extends Command
try {
$this->deleteExpiredPasswordResetters();
$this->deleteExpiredSessions();
$this->deleteExpiredOauthTokens();
$this->deleteExpiredOauthSessions();
} catch (\Exception $e) {
$output->writeln('<error>Maintenance failed!</error>');
$output->writeln('');
@ -69,7 +59,7 @@ class MaintainDatabaseCommand extends Command
//TODO: model may be used for sessions too
$select = new Select(\Container::$dbConnection, 'sessions');
$select->columns(['id']);
$select->where('updated', '<', (new DateTime('-1 days'))->format('Y-m-d H:i:s'));
$select->where('updated', '<', (new DateTime('-7 days'))->format('Y-m-d H:i:s'));
$result = $select->execute();
@ -79,21 +69,4 @@ class MaintainDatabaseCommand extends Command
$modify->delete();
}
}
private function deleteExpiredOauthTokens(): void
{
foreach ($this->oauthTokenRepository->getAllExpired() as $oauthToken) {
\Container::$persistentDataManager->deleteFromDb($oauthToken);
}
}
private function deleteExpiredOauthSessions(): void
{
foreach ($this->oauthSessionRepository->getAllExpired() as $oauthSession) {
if ($this->oauthTokenRepository->countAllBySession($oauthSession) > 0) {
continue;
}
\Container::$persistentDataManager->deleteFromDb($oauthSession);
}
}
}

31
src/Cli/MigrateDatabaseCommand.php
View File

@ -19,8 +19,6 @@ class MigrateDatabaseCommand extends Command
{
$db = \Container::$dbConnection;
$this->createBaseDb();
$db->startTransaction();
$success = [];
@ -64,8 +62,10 @@ class MigrateDatabaseCommand extends Command
return 0;
}
private function createBaseDb()
private function readDir(string $type): array
{
$done = [];
$migrationTableExists = \Container::$dbConnection->query('SELECT count(*)
FROM information_schema.tables
WHERE table_schema = \'' . $_ENV['DB_NAME'] . '\'
@ -73,25 +73,16 @@ class MigrateDatabaseCommand extends Command
->fetch(IResultSet::FETCH_NUM)[0];
if ($migrationTableExists != 0) {
return;
}
$select = new Select(\Container::$dbConnection, 'migrations');
$select->columns(['migration']);
$select->where('type', '=', $type);
$select->orderBy('migration');
\Container::$dbConnection->multiQuery(file_get_contents(ROOT . '/database/rvr.sql'));
}
$result = $select->execute();
private function readDir(string $type): array
{
$done = [];
$select = new Select(\Container::$dbConnection, 'migrations');
$select->columns(['migration']);
$select->where('type', '=', $type);
$select->orderBy('migration');
$result = $select->execute();
while ($migration = $result->fetch(IResultSet::FETCH_ASSOC)) {
$done[] = $migration['migration'];
while ($migration = $result->fetch(IResultSet::FETCH_ASSOC)) {
$done[] = $migration['migration'];
}
}
$path = ROOT . '/database/migrations/' . $type;

33
src/Controller/CommunityController.php
View File

@ -59,21 +59,32 @@ class CommunityController implements IAuthenticationRequired
\Container::$persistentDataManager->loadRelationsFromDb($community, false, ['main_currency']);
/**
* @var User $user
*/
$user = \Container::$request->user();
$balanceCalculator = new BalanceCalculator($community, $user);
$balance = $balanceCalculator->calculate();
$balanceCalculator = new BalanceCalculator($community);
$debts = $balanceCalculator->calculate();
$debtItems = [];
$debtBalance = 0.0;
$outstandingItems = [];
$outstandingBalance = 0.0;
foreach ($debts as $debt) {
if ($debt['payer']->getId() === \Container::$request->user()->getUniqueId()) {
$debtBalance += $debt['amount'];
$debtItems[] = $debt;
}
if ($debt['payee']->getId() === \Container::$request->user()->getUniqueId()) {
$outstandingBalance += $debt['amount'];
$outstandingItems[] = $debt;
}
}
$balance = $outstandingBalance - $debtBalance;
return new HtmlContent('communities/community', [
'community' => $community,
'upcomingAndRecentEvents' => iterator_to_array($this->eventRepository->getUpcomingAndRecentByCommunity($community, new DateTime(), 30, 3)),
'debtItems' => $balance['debtItems'],
'debtBalance' => $balance['debtBalance'],
'outstandingItems' => $balance['outstandingItems'],
'outstandingBalance' => $balance['outstandingBalance'],
'balance' => $balance['absoluteBalance'],
'debtItems' => $debtItems,
'debtBalance' => $debtBalance,
'outstandingItems' => $outstandingItems,
'outstandingBalance' => $outstandingBalance,
'balance' => $balance,
'editPermission' => $ownCommunityMember->getOwner()
]);
}

15
src/Controller/EventController.php
View File

@ -2,7 +2,6 @@
use Container;
use DateTime;
use RVR\Finance\BalanceCalculator;
use RVR\Finance\ExchangeRateCalculator;
use RVR\PersistentData\Model\Community;
use RVR\PersistentData\Model\CommunityMember;
@ -106,22 +105,10 @@ class EventController implements IAuthenticationRequired, ISecured
}
Container::$persistentDataManager->loadRelationsFromDb($this->community, true, ['main_currency']);
/**
* @var User $user
*/
$user = \Container::$request->user();
$balanceCalculator = new BalanceCalculator($this->community, $user, $event);
$balance = $balanceCalculator->calculate();
return new HtmlContent('events/event', [
'community' => $this->community,
'event' => $event,
'totalCost' => $this->sumTransactions($event),
'debtItems' => $balance['debtItems'],
'debtBalance' => $balance['debtBalance'],
'outstandingItems' => $balance['outstandingItems'],
'outstandingBalance' => $balance['outstandingBalance'],
'balance' => $balance['absoluteBalance'],
'totalCost' => $this->sumTransactions($event)
]);
}

70
src/Controller/EventRedirectController.php
View File

@ -1,70 +0,0 @@
<?php namespace RVR\Controller;
use DateTime;
use Container;
use RVR\PersistentData\Model\Event;
use RVR\PersistentData\Model\User;
use RVR\Repository\EventRepository;
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired;
use SokoWeb\Interfaces\Response\IRedirect;
use SokoWeb\Response\HtmlContent;
use SokoWeb\Response\Redirect;
class EventRedirectController implements IAuthenticationRequired
{
private EventRepository $eventRepository;
public function __construct()
{
$this->eventRepository = new EventRepository();
}
public function isAuthenticationRequired(): bool
{
return true;
}
public function getEvent()
{
$currentEvent = $this->getCurrentEvent();
if ($currentEvent === null) {
return new HtmlContent('event_redirect/no_event');
}
return new Redirect(
\Container::$routeCollection->getRoute('community.event')
->generateLink([
'communitySlug' => $currentEvent->getCommunity()->getSlug(),
'eventSlug' => $currentEvent->getSlug()
]),
IRedirect::TEMPORARY
);
}
public function getEventNewTransaction()
{
$currentEvent = $this->getCurrentEvent();
if ($currentEvent === null) {
return new HtmlContent('event_redirect/no_event');
}
return new Redirect(
\Container::$routeCollection->getRoute('community.transactions.new')
->generateLink([
'communitySlug' => $currentEvent->getCommunity()->getSlug(),
'event' => $currentEvent->getSlug()
]),
IRedirect::TEMPORARY
);
}
private function getCurrentEvent(): ?Event
{
/**
* @var User $user
*/
$user = Container::$request->user();
return $this->eventRepository->getCurrentByUser($user, new DateTime(), 30, true, ['community']);
}
}

79
src/Controller/OAuthAuthController.php Normal file
View File

@ -0,0 +1,79 @@
<?php namespace RVR\Controller;
use DateTime;
use RVR\PersistentData\Model\OAuthToken;
use RVR\PersistentData\Model\User;
use RVR\Repository\OAuthClientRepository;
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired;
use SokoWeb\Interfaces\Response\IRedirect;
use SokoWeb\Response\Redirect;
use SokoWeb\Response\HtmlContent;
class OAuthAuthController implements IAuthenticationRequired
{
private OAuthClientRepository $oAuthClientRepository;
public function __construct()
{
$this->oAuthClientRepository = new OAuthClientRepository();
}
public function isAuthenticationRequired(): bool
{
return true;
}
public function auth()
{
$redirectUri = \Container::$request->query('redirect_uri');
$clientId = \Container::$request->query('client_id');
$scope = \Container::$request->query('scope') ? \Container::$request->query('scope'): '';
$state = \Container::$request->query('state');
$nonce = \Container::$request->query('nonce') ? \Container::$request->query('nonce'): '';
if (!$clientId || !$redirectUri || !$state) {
return new HtmlContent('oauth/oauth_error', ['error' => 'An invalid request was made. Please start authentication again.']);
}
$client = $this->oAuthClientRepository->getByClientId($clientId);
if ($client === null) {
return new HtmlContent('oauth/oauth_error', ['error' => 'Client is not authorized.']);
}
$redirectUriParsed = parse_url($redirectUri);
$redirectUriBase = $redirectUriParsed['scheme'] . '://' . $redirectUriParsed['host'] . $redirectUriParsed['path'];
$redirectUriQuery = [];
if (isset($redirectUriParsed['query'])) {
parse_str($redirectUriParsed['query'], $redirectUriQuery);
}
if (!in_array($redirectUriBase, $client->getRedirectUrisArray())) {
return new HtmlContent('oauth/oauth_error', ['error' => 'Redirect URI \'' . $redirectUriBase .'\' is not allowed for this client.']);
}
/**
* @var ?User $user
*/
$user = \Container::$request->user();
$code = bin2hex(random_bytes(16));
$accessToken = bin2hex(random_bytes(16));
$token = new OAuthToken();
$token->setNonce($nonce);
$token->setScope($scope);
$token->setUser($user);
$token->setCode($code);
$token->setAccessToken($accessToken);
$token->setCreatedDate(new DateTime());
$token->setExpiresDate(new DateTime('+5 minutes'));
\Container::$persistentDataManager->saveToDb($token);
$redirectUriQuery = array_merge($redirectUriQuery, [
'state' => $state,
'code' => $code
]);
$finalRedirectUri = $redirectUriBase . '?' . http_build_query($redirectUriQuery);
return new Redirect($finalRedirectUri, IRedirect::TEMPORARY);
}
}

242
src/Controller/OAuthController.php
View File

@ -2,16 +2,9 @@
use DateTime;
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use Firebase\JWT\SignatureInvalidException;
use Firebase\JWT\BeforeValidException;
use Firebase\JWT\ExpiredException;
use RVR\Repository\OAuthSessionRepository;
use RVR\Repository\OAuthTokenRepository;
use RVR\Repository\UserRepository;
use RVR\PersistentData\Model\User;
use RVR\PersistentData\Model\OAuthSession;
use RVR\PersistentData\Model\OAuthToken;
use RVR\Repository\OAuthClientRepository;
use SokoWeb\Interfaces\Response\IContent;
use SokoWeb\Response\JsonContent;
@ -20,8 +13,6 @@ class OAuthController
{
private OAuthClientRepository $oAuthClientRepository;
private OAuthSessionRepository $oAuthSessionRepository;
private OAuthTokenRepository $oAuthTokenRepository;
private UserRepository $userRepository;
@ -29,181 +20,60 @@ class OAuthController
public function __construct()
{
$this->oAuthClientRepository = new OAuthClientRepository();
$this->oAuthSessionRepository = new OAuthSessionRepository();
$this->oAuthTokenRepository = new OAuthTokenRepository();
$this->userRepository = new UserRepository();
}
public function generateToken(): ?IContent
public function getToken(): ?IContent
{
$credentials = $this->getClientCredentials();
$clientId = \Container::$request->post('client_id');
$clientSecret = \Container::$request->post('client_secret');
$code = \Container::$request->post('code');
$redirectUri = \Container::$request->post('redirect_uri');
if (!$credentials['clientId'] || !$code || !$redirectUri) {
if (!$clientId || !$clientSecret || !$code) {
return new JsonContent([
'error' => 'An invalid request was made.'
]);
}
$client = $this->oAuthClientRepository->getByClientId($credentials['clientId']);
if ($client === null) {
$client = $this->oAuthClientRepository->getByClientId($clientId);
if ($client === null || $client->getClientSecret() !== $clientSecret) {
return new JsonContent([
'error' => 'Client is not found.'
'error' => 'Client is not authorized.'
]);
}
$redirectUriBase = explode('?', $redirectUri)[0];
if (!in_array($redirectUriBase, $client->getRedirectUrisArray())) {
return new JsonContent([
'error' => 'Redirect URI \'' . $redirectUriBase .'\' is not allowed for this client.'
]);
}
$session = $this->oAuthSessionRepository->getByCode($code);
if ($session === null || $session->getTokenClaimed() || $session->getExpiresDate() < new DateTime()) {
$token = $this->oAuthTokenRepository->getByCode($code);
if ($token === null || $token->getExpiresDate() < new DateTime()) {
return new JsonContent([
'error' => 'The provided code is invalid.'
]);
}
$codeChallenge = $session->getCodeChallenge();
if ($codeChallenge === null && $client->getClientSecret() !== $credentials['clientSecret']) {
return new JsonContent([
'error' => 'Client is not authorized.'
]);
}
if ($session->getClientId() !== $credentials['clientId']) {
return new JsonContent([
'error' => 'This code cannot be used by this client!'
]);
}
if ($codeChallenge !== null) {
$codeVerifier = \Container::$request->post('code_verifier') ?: '';
if ($session->getCodeChallengeMethod() === 'S256') {
$hash = rtrim(strtr(base64_encode(hash('sha256', $codeVerifier, true)), '+/', '-_'), '=');
} else {
$hash = $codeVerifier;
}
if ($codeChallenge !== $hash) {
return new JsonContent([
'error' => 'Code challenge failed!'
]);
}
}
$session->setTokenClaimed(true);
\Container::$persistentDataManager->saveToDb($session);
$token = new OAuthToken();
$token->setSession($session);
$token->setCreatedDate(new DateTime());
$token->setExpiresDate(new DateTime('+1 hours'));
\Container::$persistentDataManager->saveToDb($token);
$commonPayload = [
$payload = array_merge([
'iss' => $_ENV['APP_URL'],
'iat' => $token->getCreatedDate()->getTimestamp(),
'nbf' => $session->getCreatedDate()->getTimestamp(),
'exp' => $token->getExpiresDate()->getTimestamp(),
'aud' => $session->getClientId(),
'nonce' => $session->getNonce()
];
$idTokenPayload = array_merge($commonPayload, $this->getUserInfoInternal(
$this->userRepository->getById($session->getUserId()),
$session->getScopeArray())
'iat' => (int)$token->getCreatedDate()->getTimestamp(),
'nbf' => (int)$token->getCreatedDate()->getTimestamp(),
'exp' => (int)$token->getExpiresDate()->getTimestamp(),
'aud' => $clientId,
'nonce' => $token->getNonce()
], $this->getUserInfoInternal(
$this->userRepository->getById($token->getUserId()),
$token->getScopeArray())
);
$accessTokenPayload = array_merge($commonPayload, [
'jti' => $token->getId(),
]);
$privateKey = file_get_contents(ROOT . '/' . $_ENV['JWT_RSA_PRIVATE_KEY']);
$idToken = JWT::encode($idTokenPayload, $privateKey, 'RS256', $_ENV['JWT_KEY_KID']);
$accessToken = JWT::encode($accessTokenPayload, $privateKey, 'RS256', $_ENV['JWT_KEY_KID']);
$jwt = JWT::encode($payload, $privateKey, 'RS256');
return new JsonContent([
'access_token' => $accessToken,
'access_token' => $token->getAccessToken(),
'expires_in' => $token->getExpiresDate()->getTimestamp() - (new DateTime())->getTimestamp(),
'scope' => $session->getScope(),
'id_token' => $idToken,
'scope' => $token->getScope(),
'id_token' => $jwt,
'token_type' => 'Bearer'
]);
}
public function introspectToken(): ?IContent
{
$credentials = $this->getClientCredentials();
$accessToken = \Container::$request->post('token');
if (!$credentials['clientId'] || !$credentials['clientSecret'] || !$accessToken) {
return new JsonContent([
'error' => 'An invalid request was made.'
]);
}
$client = $this->oAuthClientRepository->getByClientId($credentials['clientId']);
if ($client === null || $client->getClientSecret() !== $credentials['clientSecret']) {
return new JsonContent([
'error' => 'Client is not authorized.'
]);
}
$tokenValidated = $this->validateTokenAndSession($accessToken, $token, $session);
if (!$tokenValidated) {
return new JsonContent([
'active' => false
]);
}
if ($session->getClientId() !== $credentials['clientId']) {
return new JsonContent([
'active' => false
]);
}
return new JsonContent([
'active' => true,
'scope' => $session->getScope(),
'client_id' => $session->getClientId(),
'exp' => $token->getExpiresDate()->getTimestamp(),
]);
}
public function revokeToken(): ?IContent
{
$credentials = $this->getClientCredentials();
$accessToken = \Container::$request->post('token');
if (!$credentials['clientId'] || !$credentials['clientSecret'] || !$accessToken) {
return new JsonContent([
'error' => 'An invalid request was made.'
]);
}
$client = $this->oAuthClientRepository->getByClientId($credentials['clientId']);
if ($client === null || $client->getClientSecret() !== $credentials['clientSecret']) {
return new JsonContent([
'error' => 'Client is not authorized.'
]);
}
$tokenValidated = $this->validateTokenAndSession($accessToken, $token, $session);
if (!$tokenValidated) {
return new JsonContent([]);
}
$session = $this->oAuthSessionRepository->getById($token->getSessionId());
if ($session->getClientId() !== $credentials['clientId']) {
return new JsonContent([]);
}
\Container::$persistentDataManager->deleteFromDb($token);
return new JsonContent([]);
}
public function getUserInfo() : IContent
{
$authorization = \Container::$request->header('Authorization');
@ -214,8 +84,9 @@ class OAuthController
}
$accessToken = substr($authorization, strlen('Bearer '));
$tokenValidated = $this->validateTokenAndSession($accessToken, $token, $session);
if (!$tokenValidated) {
$token = $this->oAuthTokenRepository->getByAccessToken($accessToken);
if ($token === null || $token->getExpiresDate() < new DateTime()) {
return new JsonContent([
'error' => 'The provided access token is invalid.'
]);
@ -223,8 +94,8 @@ class OAuthController
return new JsonContent(
$this->getUserInfoInternal(
$this->userRepository->getById($session->getUserId()),
$session->getScopeArray()
$this->userRepository->getById($token->getUserId()),
$token->getScopeArray()
)
);
}
@ -235,10 +106,7 @@ class OAuthController
'issuer' => $_ENV['APP_URL'],
'authorization_endpoint' => \Container::$request->getBase() . \Container::$routeCollection->getRoute('oauth.auth')->generateLink(),
'token_endpoint' => \Container::$request->getBase() . \Container::$routeCollection->getRoute('oauth.token')->generateLink(),
'introspection_endpoint' => \Container::$request->getBase() . \Container::$routeCollection->getRoute('oauth.token.introspect')->generateLink(),
'revocation_endpoint' => \Container::$request->getBase() . \Container::$routeCollection->getRoute('oauth.token.revoke')->generateLink(),
'userinfo_endpoint' => \Container::$request->getBase() . \Container::$routeCollection->getRoute('oauth.userinfo')->generateLink(),
'end_session_endpoint' => \Container::$request->getBase() . \Container::$routeCollection->getRoute('logout')->generateLink(),
'jwks_uri' => \Container::$request->getBase() . \Container::$routeCollection->getRoute('oauth.certs')->generateLink(),
'response_types_supported' =>
[
@ -260,7 +128,6 @@ class OAuthController
],
'token_endpoint_auth_methods_supported' =>
[
'client_secret_basic',
'client_secret_post',
],
'claims_supported' =>
@ -300,66 +167,13 @@ class OAuthController
'kty' => 'RSA',
'alg' => 'RS256',
'use' => 'sig',
'kid' => $_ENV['JWT_KEY_KID'],
'kid' => '1',
'n' => str_replace(['+', '/'], ['-', '_'], base64_encode($keyInfo['rsa']['n'])),
'e' => str_replace(['+', '/'], ['-', '_'], base64_encode($keyInfo['rsa']['e'])),
]
]]);
}
private function getClientCredentials(): array
{
$authorization = \Container::$request->header('Authorization');
if ($authorization !== null) {
$basicAuthEncoded = substr($authorization, strlen('Basic '));
$basicAuth = explode(':', base64_decode($basicAuthEncoded));
if (count($basicAuth) === 2) {
$clientId = rawurldecode($basicAuth[0]);
$clientSecret = rawurldecode($basicAuth[1]);
} else {
$clientId = null;
$clientSecret = null;
}
} else {
$clientId = \Container::$request->post('client_id');
$clientSecret = \Container::$request->post('client_secret');
}
return ['clientId' => $clientId, 'clientSecret' => $clientSecret];
}
private function validateTokenAndSession(
string $accessToken,
?OAuthToken &$token,
?OAuthSession &$session): bool
{
$publicKey = file_get_contents(ROOT . '/' . $_ENV['JWT_RSA_PUBLIC_KEY']);
try {
$payload = JWT::decode($accessToken, new Key($publicKey, 'RS256'));
$token = $this->oAuthTokenRepository->getById($payload->jti);
} catch (SignatureInvalidException | BeforeValidException | ExpiredException) {
$token = null;
} catch (\UnexpectedValueException $e) {
error_log($e->getMessage() . ' Token was: ' . $accessToken);
$token = null;
}
if ($token === null || $token->getExpiresDate() < new DateTime()) {
return false;
}
$session = $this->oAuthSessionRepository->getById($token->getSessionId());
if ($session === null) {
return false;
}
return true;
}
/**
* @param User $user
* @param string[] $scope
* @return array<string, string>
*/
private function getUserInfoInternal(User $user, array $scope): array
{
$userInfo = [];

90
src/Controller/OAuthSessionController.php
View File

@ -1,90 +0,0 @@
<?php namespace RVR\Controller;
use DateTime;
use RVR\PersistentData\Model\OAuthSession;
use RVR\PersistentData\Model\User;
use RVR\Repository\OAuthClientRepository;
use SokoWeb\Interfaces\Authentication\IAuthenticationRequired;
use SokoWeb\Interfaces\Response\IRedirect;
use SokoWeb\Response\Redirect;
use SokoWeb\Response\HtmlContent;
class OAuthSessionController implements IAuthenticationRequired
{
private OAuthClientRepository $oAuthClientRepository;
public function __construct()
{
$this->oAuthClientRepository = new OAuthClientRepository();
}
public function isAuthenticationRequired(): bool
{
return true;
}
public function auth(): HtmlContent|Redirect
{
$redirectUri = \Container::$request->query('redirect_uri');
$clientId = \Container::$request->query('client_id');
$scope = \Container::$request->query('scope') ? \Container::$request->query('scope'): '';
$state = \Container::$request->query('state');
$nonce = \Container::$request->query('nonce') ? \Container::$request->query('nonce'): '';
$codeChallenge = \Container::$request->query('code_challenge') ?: null;
$codeChallengeMethod = \Container::$request->query('code_challenge_method') ?: null;
if (!$clientId || !$redirectUri || !$state || (!$codeChallenge && $codeChallengeMethod)) {
return new HtmlContent('oauth/oauth_error', ['error' => 'An invalid request was made. Please start authentication again.']);
}
if ($codeChallenge && (strlen($codeChallenge) < 43 || strlen($codeChallenge) > 128)) {
return new HtmlContent('oauth/oauth_error', ['error' => 'Code challenge should be one between 43 and 128 characters long.']);
}
$possibleCodeChallengeMethods = ['plain', 'S256'];
if ($codeChallenge && !in_array($codeChallengeMethod, $possibleCodeChallengeMethods)) {
return new HtmlContent('oauth/oauth_error', ['error' => 'Code challenge method should be one of the following: ' . implode(',', $possibleCodeChallengeMethods)]);
}
$client = $this->oAuthClientRepository->getByClientId($clientId);
if ($client === null) {
return new HtmlContent('oauth/oauth_error', ['error' => 'Client is not found.']);
}
$redirectUriQueryParsed = [];
if (str_contains('?', $redirectUri)) {
[$redirectUriBase, $redirectUriQuery] = explode('?', $redirectUri, 2);
parse_str($redirectUriQuery, $redirectUriQueryParsed);
} else {
$redirectUriBase = $redirectUri;
}
if (!in_array($redirectUriBase, $client->getRedirectUrisArray())) {
return new HtmlContent('oauth/oauth_error', ['error' => 'Redirect URI \'' . $redirectUriBase .'\' is not allowed for this client.']);
}
/**
* @var ?User $user
*/
$user = \Container::$request->user();
$code = bin2hex(random_bytes(16));
$session = new OAuthSession();
$session->setClientId($clientId);
$session->setNonce($nonce);
$session->setScope($scope);
$session->setCodeChallenge($codeChallenge);
$session->setCodeChallengeMethod($codeChallengeMethod);
$session->setUser($user);
$session->setCode($code);
$session->setCreatedDate(new DateTime());
$session->setExpiresDate(new DateTime('+5 minutes'));
\Container::$persistentDataManager->saveToDb($session);
$redirectUriQueryParsed = array_merge($redirectUriQueryParsed, [
'state' => $state,
'code' => $code
]);
$finalRedirectUri = $redirectUriBase . '?' . http_build_query($redirectUriQueryParsed);
return new Redirect($finalRedirectUri, IRedirect::TEMPORARY);
}
}

54
src/Finance/BalanceCalculator.php
View File

@ -2,8 +2,6 @@
use Container;
use RVR\PersistentData\Model\Community;
use RVR\PersistentData\Model\Event;
use RVR\PersistentData\Model\User;
use RVR\Repository\CommunityMemberRepository;
use RVR\Repository\TransactionRepository;
@ -11,10 +9,6 @@ class BalanceCalculator
{
private Community $community;
private User $user;
private ?Event $event;
private TransactionRepository $transactionRepository;
private CommunityMemberRepository $communityMemberRepository;
@ -25,13 +19,9 @@ class BalanceCalculator
private array $payments;
private array $actualDebts;
public function __construct(Community $community, User $user, ?Event $event = null)
public function __construct(Community $community)
{
$this->community = $community;
$this->user = $user;
$this->event = $event;
$this->transactionRepository = new TransactionRepository();
$this->communityMemberRepository = new CommunityMemberRepository();
$this->exchangeRateCalculator = new ExchangeRateCalculator($this->community->getMainCurrency());
@ -42,8 +32,7 @@ class BalanceCalculator
$this->collectMembers();
$this->createPaymentsMatrix();
$this->sumTransactions();
$this->calculateActualDebts();
return $this->calculateBalanceForUser();
return $this->calculateActualDebts();
}
private function collectMembers(): void
@ -68,11 +57,7 @@ class BalanceCalculator
private function sumTransactions(): void
{
$membersCount = count($this->members);
if ($this->event !== null) {
$transactions = iterator_to_array($this->transactionRepository->getAllByEvent($this->event, true, ['currency']));
} else {
$transactions = iterator_to_array($this->transactionRepository->getAllByCommunity($this->community, true, ['currency']));
}
$transactions = iterator_to_array($this->transactionRepository->getAllByCommunity($this->community, true, ['currency']));
Container::$persistentDataManager->loadMultiRelationsFromDb($transactions, 'payees');
foreach ($transactions as $transaction) {
@ -92,45 +77,20 @@ class BalanceCalculator
}
}
private function calculateActualDebts(): void
private function calculateActualDebts(): array
{
$this->actualDebts = [];
$actualDebts = [];
foreach ($this->payments as $payerUserId => $paymentsOfPayer) {
foreach ($paymentsOfPayer as $payeeUserId => $sum) {
$actualDebt = $this->payments[$payeeUserId][$payerUserId] - $sum;
if (round($actualDebt, $this->community->getMainCurrency()->getRoundDigits()) > 0.0) {
$this->actualDebts[] = ['payer' => $this->members[$payerUserId], 'payee' => $this->members[$payeeUserId], 'amount' => $actualDebt];
$actualDebts[] = ['payer' => $this->members[$payerUserId], 'payee' => $this->members[$payeeUserId], 'amount' => $actualDebt];
}
}
}
}
private function calculateBalanceForUser(): array
{
$debtItems = [];
$debtBalance = 0.0;
$outstandingItems = [];
$outstandingBalance = 0.0;
foreach ($this->actualDebts as $debt) {
if ($debt['payer']->getId() === $this->user->getId()) {
$debtBalance += $debt['amount'];
$debtItems[] = $debt;
}
if ($debt['payee']->getId() === $this->user->getId()) {
$outstandingBalance += $debt['amount'];
$outstandingItems[] = $debt;
}
}
$absoluteBalance = $outstandingBalance - $debtBalance;
return [
'absoluteBalance' => $absoluteBalance,
'debtItems' => $debtItems,
'debtBalance' => $debtBalance,
'outstandingItems' => $outstandingItems,
'outstandingBalance' => $outstandingBalance
];
return $actualDebts;
}
}

182
src/PersistentData/Model/OAuthSession.php
View File

@ -1,182 +0,0 @@
<?php namespace RVR\PersistentData\Model;
use DateTime;
use SokoWeb\PersistentData\Model\Model;
class OAuthSession extends Model
{
protected static string $table = 'oauth_sessions';
protected static array $fields = ['client_id', 'scope', 'nonce', 'code_challenge', 'code_challenge_method', 'user_id', 'code', 'created', 'expires', 'token_claimed'];
protected static array $relations = ['user' => User::class];
private static array $possibleScopeValues = ['openid', 'email', 'profile', 'union_profile'];
private static array $possibleCodeChallengeMethodValues = ['plain', 'S256'];
private string $clientId = '';
private array $scope = [];
private string $nonce = '';
private ?string $codeChallenge = null;
private ?string $codeChallengeMethod = null;
private ?User $user = null;
private ?int $userId = null;
private string $code = '';
private DateTime $created;
private DateTime $expires;
private bool $tokenClaimed = false;
public function setScopeArray(array $scope): void
{
$this->scope = array_intersect($scope, self::$possibleScopeValues);
}
public function setClientId(string $clientId): void
{
$this->clientId = $clientId;
}
public function setScope(string $scope): void
{
$this->setScopeArray(explode(' ', $scope));
}
public function setNonce(string $nonce): void
{
$this->nonce = $nonce;
}
public function setCodeChallenge(?string $codeChallenge): void
{
$this->codeChallenge = $codeChallenge;
}
public function setCodeChallengeMethod(?string $codeChallengeMethod): void
{
if ($codeChallengeMethod !== null && !in_array($codeChallengeMethod, self::$possibleCodeChallengeMethodValues)) {
throw new \UnexpectedValueException($codeChallengeMethod . ' is not possible for challengeMethod!');
}
$this->codeChallengeMethod = $codeChallengeMethod;
}
public function setUser(User $user): void
{
$this->user = $user;
}
public function setUserId(int $userId): void
{
$this->userId = $userId;
}
public function setCode(string $code): void
{
$this->code = $code;
}
public function setCreatedDate(DateTime $created): void
{
$this->created = $created;
}
public function setExpiresDate(DateTime $expires): void
{
$this->expires = $expires;
}
public function setCreated(string $created): void
{
$this->created = new DateTime($created);
}
public function setExpires(string $expires): void
{
$this->expires = new DateTime($expires);
}
public function setTokenClaimed(bool $tokenClaimed): void
{
$this->tokenClaimed = $tokenClaimed;
}
public function getClientId(): string
{
return $this->clientId;
}
public function getScope(): string
{
return implode(' ', $this->scope);
}
public function getScopeArray(): array
{
return $this->scope;
}
public function getNonce(): string
{
return $this->nonce;
}
public function getCodeChallenge(): ?string
{
return $this->codeChallenge;
}
public function getCodeChallengeMethod(): ?string
{
return $this->codeChallengeMethod;
}
public function getUser(): ?User
{
return $this->user;
}
public function getUserId(): ?int
{
return $this->userId;
}
public function getCode(): string
{
return $this->code;
}
public function getCreatedDate(): DateTime
{
return $this->created;
}
public function getCreated(): string
{
return $this->created->format('Y-m-d H:i:s');
}
public function getExpiresDate(): DateTime
{
return $this->expires;
}
public function getExpires(): string
{
return $this->expires->format('Y-m-d H:i:s');
}
public function getTokenClaimed(): bool
{
return $this->tokenClaimed;
}
}

84
src/PersistentData/Model/OAuthToken.php
View File

@ -7,26 +7,61 @@ class OAuthToken extends Model
{
protected static string $table = 'oauth_tokens';
protected static array $fields = ['session_id', 'created', 'expires'];
protected static array $fields = ['scope', 'nonce', 'user_id', 'code', 'access_token', 'created', 'expires'];
protected static array $relations = ['session' => OAuthSession::class];
protected static array $relations = ['user' => User::class];
private ?OAuthSession $session = null;
private static array $possibleScopeValues = ['openid', 'email', 'profile'];
private ?int $sessionId = null;
private array $scope = [];
private string $nonce = '';
private ?User $user = null;
private ?int $userId = null;
private string $code = '';
private string $accessToken = '';
private DateTime $created;
private DateTime $expires;
public function setSession(OAuthSession $session): void
public function setScopeArray(array $scope): void
{
$this->session = $session;
$this->scope = array_intersect($scope, self::$possibleScopeValues);
}
public function setSessionId(int $sessionId): void
public function setScope(string $scope): void
{
$this->sessionId = $sessionId;
$this->setScopeArray(explode(' ', $scope));
}
public function setNonce(string $nonce): void
{
$this->nonce = $nonce;
}
public function setUser(User $user): void
{
$this->user = $user;
}
public function setUserId(int $userId): void
{
$this->userId = $userId;
}
public function setCode(string $code): void
{
$this->code = $code;
}
public function setAccessToken(string $accessToken): void
{
$this->accessToken = $accessToken;
}
public function setCreatedDate(DateTime $created): void
@ -49,14 +84,39 @@ class OAuthToken extends Model
$this->expires = new DateTime($expires);
}
public function getSession(): ?OAuthSession
public function getScope(): string
{
return $this->session;
return implode(' ', $this->scope);
}
public function getSessionId(): ?int
public function getScopeArray(): array
{
return $this->sessionId;
return $this->scope;
}
public function getNonce(): string
{
return $this->nonce;
}
public function getUser(): ?User
{
return $this->user;
}
public function getUserId(): ?int
{
return $this->userId;
}
public function getCode(): string
{
return $this->code;
}
public function getAccessToken(): string
{
return $this->accessToken;
}
public function getCreatedDate(): DateTime

51
src/Repository/EventRepository.php
View File

@ -23,24 +23,19 @@ class EventRepository
public function getAllByCommunity(Community $community, bool $useRelations = false, array $withRelations = []): Generator
{
$select = new Select(Container::$dbConnection, Event::getTable());
$this->selectAllByCommunity($select, $community);
$select = $this->selectAllByCommunity($community);
yield from Container::$persistentDataManager->selectMultipleFromDb($select, Event::class, $useRelations, $withRelations);
}
public function countAllByCommunity(Community $community): int
{
$select = new Select(Container::$dbConnection, Event::getTable());
$this->selectAllByCommunity($select, $community);
return $select->count();
return $this->selectAllByCommunity($community)->count();
}
public function getUpcomingAndRecentByCommunity(Community $community, DateTime $from, int $days, int $limit, bool $useRelations = false, array $withRelations = []): Generator
{
$select = new Select(Container::$dbConnection, Event::getTable());
$this->selectAllByCommunity($select, $community);
$select = $this->selectAllByCommunity($community);
$this->selectUpcomingAndRecent($select, $from, $days);
$select->orderBy('start', 'DESC');
$select->limit($limit, 0);
@ -50,8 +45,7 @@ class EventRepository
public function getUpcomingAndRecentByUser(User $user, DateTime $from, int $days, int $limit, bool $useRelations = false, array $withRelations = []): Generator
{
$select = new Select(Container::$dbConnection, Event::getTable());
$this->selectAllByUser($select, $user);
$select = $this->selectAllByUser($user);
$this->selectUpcomingAndRecent($select, $from, $days);
$select->orderBy('start', 'DESC');
$select->limit($limit, 0);
@ -59,21 +53,9 @@ class EventRepository
yield from Container::$persistentDataManager->selectMultipleFromDb($select, Event::class, $useRelations, $withRelations);
}
public function getCurrentByUser(User $user, DateTime $from, int $days, bool $useRelations = false, array $withRelations = []): ?Event
{
$select = new Select(Container::$dbConnection, Event::getTable());
$this->selectAllByUser($select, $user);
$this->selectUpcomingAndRecent($select, $from, $days);
$select->orderBy('start', 'DESC');
$select->limit(1, 0);
return Container::$persistentDataManager->selectFromDb($select, Event::class, $useRelations, $withRelations);
}
public function getPagedByCommunity(Community $community, int $page, int $itemsPerPage, bool $useRelations = false, array $withRelations = []): Generator
{
$select = new Select(Container::$dbConnection, Event::getTable());
$this->selectAllByCommunity($select, $community);
$select = $this->selectAllByCommunity($community);
$select->orderBy('start', 'DESC');
$select->paginate($page, $itemsPerPage);
@ -82,8 +64,7 @@ class EventRepository
public function searchByTitle(Community $community, string $title): Generator
{
$select = new Select(Container::$dbConnection, Event::getTable());
$this->selectAllByCommunity($select, $community);
$select = $this->selectAllByCommunity($community);
$select->where('title', 'LIKE', '%' . $title . '%');
$select->orderBy('start', 'DESC');
$select->limit(10);
@ -91,29 +72,27 @@ class EventRepository
yield from Container::$persistentDataManager->selectMultipleFromDb($select, Event::class);
}
private function selectAllByCommunity(Select $select, Community $community): void
private function selectAllByCommunity(Community $community)
{
$select = new Select(Container::$dbConnection, Event::getTable());
$select->where('community_id', '=', $community->getId());
return $select;
}
private function selectAllByUser(Select $select, User $user): void
private function selectAllByUser(User $user)
{
$select = new Select(Container::$dbConnection, Event::getTable());
$select->innerJoin('communities', ['communities', 'id'], '=', ['events', 'community_id']);
$select->innerJoin('community_members', ['communities', 'id'], '=', ['community_members', 'community_id']);
$select->where(['community_members', 'user_id'], '=', $user->getId());
return $select;
}
private function selectUpcomingAndRecent(Select $select, DateTime $from, int $days): void
private function selectUpcomingAndRecent(Select $select, DateTime $from, int $days)
{
$select->where(function (Select $select) use ($from, $days) {
$select->where(function (Select $select) use ($from, $days) {
$select->where('start', '<', (clone $from)->add(DateInterval::createFromDateString("$days days"))->format('Y-m-d H:i:s'));
$select->where('end', '>', $from->format('Y-m-d H:i:s'));
});
$select->orWhere(function (Select $select) use ($from, $days) {
$select->where('end', '>', (clone $from)->sub(DateInterval::createFromDateString("$days days"))->format('Y-m-d H:i:s'));
$select->where('start', '<', $from->format('Y-m-d H:i:s'));
});
$select->where('start', '<', (clone $from)->add(DateInterval::createFromDateString("$days days"))->format('Y-m-d H:i:s'));
$select->orWhere('end', '>', (clone $from)->sub(DateInterval::createFromDateString("$days days"))->format('Y-m-d H:i:s'));
});
}
}

30
src/Repository/OAuthSessionRepository.php
View File

@ -1,30 +0,0 @@
<?php namespace RVR\Repository;
use DateTime;
use Generator;
use SokoWeb\Database\Query\Select;
use RVR\PersistentData\Model\OAuthSession;
class OAuthSessionRepository
{
public function getById(int $id): ?OAuthSession
{
return \Container::$persistentDataManager->selectFromDbById($id, OAuthSession::class);
}
public function getByCode(string $code): ?OAuthSession
{
$select = new Select(\Container::$dbConnection);
$select->where('code', '=', $code);
return \Container::$persistentDataManager->selectFromDb($select, OAuthSession::class);
}
public function getAllExpired(): Generator
{
$select = new Select(\Container::$dbConnection);
$select->where('expires', '<', (new DateTime())->format('Y-m-d H:i:s'));
yield from \Container::$persistentDataManager->selectMultipleFromDb($select, OAuthSession::class);
}
}

22
src/Repository/OAuthTokenRepository.php
View File

@ -4,7 +4,6 @@ use DateTime;
use Generator;
use SokoWeb\Database\Query\Select;
use RVR\PersistentData\Model\OAuthToken;
use RVR\PersistentData\Model\OAuthSession;
class OAuthTokenRepository
{
@ -13,16 +12,20 @@ class OAuthTokenRepository
return \Container::$persistentDataManager->selectFromDbById($id, OAuthToken::class);
}
public function getAllBySession(OAuthSession $session, bool $useRelations = false, array $withRelations = []): Generator
public function getByCode(string $code): ?OAuthToken
{
$select = $this->selectAllBySession($session);
$select = new Select(\Container::$dbConnection);
$select->where('code', '=', $code);
yield from \Container::$persistentDataManager->selectMultipleFromDb($select, OAuthToken::class, $useRelations, $withRelations);
return \Container::$persistentDataManager->selectFromDb($select, OAuthToken::class);
}
public function countAllBySession(OAuthSession $session): int
public function getByAccessToken(string $accessToken): ?OAuthToken
{
return $this->selectAllBySession($session)->count();
$select = new Select(\Container::$dbConnection);
$select->where('access_token', '=', $accessToken);
return \Container::$persistentDataManager->selectFromDb($select, OAuthToken::class);
}
public function getAllExpired(): Generator
@ -32,11 +35,4 @@ class OAuthTokenRepository
yield from \Container::$persistentDataManager->selectMultipleFromDb($select, OAuthToken::class);
}
private function selectAllBySession(OAuthSession $session): Select
{
$select = new Select(\Container::$dbConnection, OAuthToken::getTable());
$select->where('session_id', '=', $session->getId());
return $select;
}
}

9
views/communities/transaction_edit.php
View File

@ -7,11 +7,11 @@
@section(main)
<h2>
<a href="<?= Container::$routeCollection->getRoute('community')->generateLink(['communitySlug' => $community->getSlug()]) ?>"><?= $community->getName() ?></a> »
<a href="<?= Container::$routeCollection->getRoute('community.transactions')->generateLink(['communitySlug' => $community->getSlug()]) ?>">Transactions</a> »
<?php if (isset($event)): ?>
<a href="<?= Container::$routeCollection->getRoute('community.events')->generateLink(['communitySlug' => $community->getSlug()]) ?>">Events</a> »
<a href="<?= Container::$routeCollection->getRoute('community.event')->generateLink(['communitySlug' => $community->getSlug(), 'eventSlug' => $event->getSlug()]) ?>"><?= $event->getTitle() ?></a> »
<?php endif; ?>
<a href="<?= Container::$routeCollection->getRoute('community.transactions')->generateLink(['communitySlug' => $community->getSlug(), 'event' => isset($event) ? $event->getSlug() : null]) ?>">Transactions</a> »
<?php if (isset($transaction)): ?>
Edit transaction
<?php else: ?>
@ -36,12 +36,7 @@
<select class="big fullWidth" name="payer_user_id" required>
<option value="" hidden></option>
<?php foreach ($members as $member): ?>
<option value="<?= $member->getUser()->getId() ?>"
<?= isset($transaction) ?
($transaction->getPayerUserId() === $member->getUser()->getId() ? 'selected' : '') :
(Container::$request->user()->getUniqueId() == $member->getUser()->getId() ? 'selected' : '') ?>>
<?= $member->getUser()->getDisplayName() ?>
</option>
<option value="<?= $member->getUser()->getId() ?>" <?= isset($transaction) && $transaction->getPayerUserId() === $member->getUser()->getId() ? 'selected' : '' ?>><?= $member->getUser()->getDisplayName() ?></option>
<?php endforeach; ?>
</select>
<p class="formLabel marginTop">Payee(s)</p>

8
views/event_redirect/no_event.php
View File

@ -1,8 +0,0 @@
@extends(templates/layout_normal)
@section(main)
<h2>No event found</h2>
<div class="box compactBox">
<p class="error justify">No upcoming or recent event was found. <a href="<?= Container::$routeCollection->getRoute('home')->generateLink() ?>" title="<?= $_ENV['APP_NAME'] ?>">Back to start.</a></p>
</div>
@endsection

27
views/events/event.php
View File

@ -22,33 +22,6 @@
<td class="mono" style="text-align: right;"><?= number_format($totalCost, $mainCurrencyRoundDigits) ?> <?= $mainCurrencyCode ?></td>
</tr>
</table>
<table class="fullWidth marginTop">
<tr>
<td class="bold">You owe*</td>
<td class="mono red" style="text-align: right;"><?= number_format($debtBalance, $mainCurrencyRoundDigits) ?> <?= $mainCurrencyCode ?></td>
</tr>
<?php foreach ($debtItems as $item): ?>
<tr>
<td class="small"><?= $item['payee']->getUser()->getDisplayName() ?></td>
<td class="small mono red" style="text-align: right;"><?= number_format($item['amount'], $mainCurrencyRoundDigits) ?> <?= $mainCurrencyCode ?></td>
</tr>
<?php endforeach; ?>
<tr>
<td class="bold">You're owed*</td>
<td class="mono green" style="text-align: right;"><?= number_format($outstandingBalance, $mainCurrencyRoundDigits) ?> <?= $mainCurrencyCode ?></td>
</tr>
<?php foreach ($outstandingItems as $item): ?>
<tr>
<td class="small"><?= $item['payer']->getUser()->getDisplayName() ?></td>
<td class="small mono green" style="text-align: right;"><?= number_format($item['amount'], $mainCurrencyRoundDigits) ?> <?= $mainCurrencyCode ?></td>
</tr>
<?php endforeach; ?>
<tr>
<td class="bold">Your balance*</td>
<td class="mono <?= $balance < 0 ? 'red' : ($balance > 0 ? 'green' : '') ?>" style="text-align: right;;"><?= number_format($balance, $mainCurrencyRoundDigits) ?> <?= $mainCurrencyCode ?></td>
</tr>
</table>
<p class="small right">* Virtual balance only for this event. Check <a href="<?= Container::$routeCollection->getRoute('community')->generateLink(['communitySlug' => $community->getSlug()]) ?>">community</a> finances for your real balance.</p>
</div>
</div>
@endsection

19
web.php
View File

@ -7,20 +7,20 @@ use SokoWeb\Request\Request;
use SokoWeb\Request\Session;
use RVR\Controller\HomeController;
use RVR\Controller\LoginController;
use RVR\Controller\OAuthSessionController;
use RVR\Controller\OAuthAuthController;
use RVR\Controller\OAuthController;
use RVR\Controller\UserController;
use RVR\Controller\UserSearchController;
use RVR\Controller\CommunityController;
use RVR\Controller\TransactionController;
use RVR\Controller\EventRedirectController;
use RVR\Controller\EventController;
use RVR\Repository\UserRepository;
require 'app.php';
error_reporting(E_ALL);
if (!empty($_ENV['DEV'])) {
error_reporting(E_ALL);
ini_set('display_errors', '1');
} else {
ini_set('display_errors', '0');
@ -29,7 +29,6 @@ if (!empty($_ENV['DEV'])) {
Container::$routeCollection = new RouteCollection();
Container::$routeCollection->get('home', '', [HomeController::class, 'getHome']);
Container::$routeCollection->get('oauth-config-root', '.well-known/openid-configuration', [OAuthController::class, 'getConfig']);
Container::$routeCollection->group('login', function (RouteCollection $routeCollection) {
$routeCollection->get('login', '', [LoginController::class, 'getLoginForm']);
$routeCollection->post('login-action', '', [LoginController::class, 'login']);
@ -37,10 +36,8 @@ Container::$routeCollection->group('login', function (RouteCollection $routeColl
$routeCollection->get('login.google-action', 'google/code', [LoginController::class, 'loginWithGoogle']);
});
Container::$routeCollection->group('oauth', function (RouteCollection $routeCollection) {
$routeCollection->get('oauth.auth', 'auth', [OAuthSessionController::class, 'auth']);
$routeCollection->post('oauth.token', 'token', [OAuthController::class, 'generateToken']);
$routeCollection->post('oauth.token.introspect', 'token/introspect', [OAuthController::class, 'introspectToken']);
$routeCollection->post('oauth.token.revoke', 'token/revoke', [OAuthController::class, 'revokeToken']);
$routeCollection->get('oauth.auth', 'auth', [OAuthAuthController::class, 'auth']);
$routeCollection->post('oauth.token', 'token', [OAuthController::class, 'getToken']);
$routeCollection->get('oauth.userinfo', 'userinfo', [OAuthController::class, 'getUserInfo']);
$routeCollection->get('oauth.config', '.well-known/openid-configuration', [OAuthController::class, 'getConfig']);
$routeCollection->get('oauth.certs', 'certs', [OAuthController::class, 'getCerts']);
@ -65,10 +62,6 @@ Container::$routeCollection->group('account', function (RouteCollection $routeCo
$routeCollection->get('account.googleAuthenticate-action', 'googleAuthenticate/code', [UserController::class, 'authenticateWithGoogle']);
});
Container::$routeCollection->get('searchUser', 'searchUser', [UserSearchController::class, 'searchUser']);
Container::$routeCollection->group('now', function (RouteCollection $routeCollection) {
$routeCollection->get('now.event', '', [EventRedirectController::class, 'getEvent']);
$routeCollection->get('now.transactions.new', 'transaction', [EventRedirectController::class, 'getEventNewTransaction']);
});
Container::$routeCollection->group('communities', function (RouteCollection $routeCollection) {
$routeCollection->get('community.new', 'new', [CommunityController::class, 'getCommunityNew']);
$routeCollection->post('community.new-action', 'new', [CommunityController::class, 'saveCommunity']);
@ -118,7 +111,7 @@ Container::$routeCollection->group('communities', function (RouteCollection $rou
Container::$sessionHandler = new DatabaseSessionHandler(
Container::$dbConnection,
'sessions',
new DateTime('-1 days')
new DateTime('-7 days')
);
session_set_save_handler(Container::$sessionHandler, true);