From 1417cdf0660846bc0e993a6a9ad9572ecbe73fda Mon Sep 17 00:00:00 2001
From: Axel <axel@webinno.fr>
Date: Sun, 21 May 2023 18:16:46 +0200
Subject: [PATCH] Refactoring User authentication

---
 app/Helpers/User.php                   | 86 ++++++++++++++++++++++++++
 app/Http/Controllers/WebController.php | 56 +++++++++--------
 app/Http/Middleware/UploadAccess.php   |  8 +--
 3 files changed, 119 insertions(+), 31 deletions(-)
 create mode 100644 app/Helpers/User.php

diff --git a/app/Helpers/User.php b/app/Helpers/User.php
new file mode 100644
index 0000000..5eba397
--- /dev/null
+++ b/app/Helpers/User.php
@@ -0,0 +1,86 @@
+<?php
+
+namespace App\Helpers;
+
+use Exception;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Storage;
+
+class User {
+
+	static function isLogged():Bool {
+		// Checking credentials auth
+		if (session()->get('authenticated', false) === true && session()->has('username')) {
+			// If user still exists
+			try {
+				self::getUserDetails(session()->get('username'));
+				return true;
+			}
+			catch (Exception $e) {}
+		}
+		return false;
+	}
+
+	static function loginUser(String $username, String $password):Bool {
+		try {
+			// Checking user existence
+			$user = self::getUserDetails($username);
+
+			// Checking password
+			if (true !== Hash::check($password, $user['password'])) {
+				throw new Exception('Invalid password');
+			}
+
+			// OK, user's credentials are OK
+			session()->put('username', $username);
+			session()->put('authenticated', true);
+			return true;
+		}
+		catch (Exception $e) {
+			throw $e;
+		}
+	}
+
+	static function getLoggedUserDetails():Array {
+		if (self::isLogged()) {
+			return self::getUserDetails(session()->get('username'));
+		}
+		throw new UnauthenticatedUser('User is not logged in');
+	}
+
+	static function getUserDetails(String $username):Array {
+
+		// Checking user existence
+		if (Storage::disk('users')->missing($username.'.json')) {
+			throw new Exception('No such user');
+		}
+
+		// Getting user.json
+		if (! $json = Storage::disk('users')->get($username.'.json')) {
+			throw new Exception('Could not fetch user details');
+		}
+
+		// Decoding JSON
+		if (! $user = json_decode($json, true)) {
+			throw new Exception('Cannot decode JSON file');
+		}
+
+		return $user;
+	}
+
+	static function setUserDetails(String $username, Array $data):Array {
+		$original = self::getUserDetails($username);
+		$updated = array_merge($original, $data);
+
+		if (Storage::disk('users')->put($username.'.json', json_encode($updated))) {
+			return $updated;
+		}
+
+		throw new Exception('Could not update user\'s details');
+	}
+}
+
+
+class UnauthenticatedUser extends Exception {}
+
+?>
diff --git a/app/Http/Controllers/WebController.php b/app/Http/Controllers/WebController.php
index 961ce52..f1d8db7 100644
--- a/app/Http/Controllers/WebController.php
+++ b/app/Http/Controllers/WebController.php
@@ -2,11 +2,9 @@
 
 namespace App\Http\Controllers;
 use App\Helpers\Upload;
+use App\Helpers\User;
 use Exception;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Hash;
-use Illuminate\Support\Facades\Session;
-use Illuminate\Support\Facades\Storage;
 
 class WebController extends Controller
 {
@@ -23,38 +21,29 @@ class WebController extends Controller
 		abort_if(! $request->ajax(), 403);
 
 		$request->validate([
-			'login'		=> 'required',
-			'password'	=> 'required'
+			'login'		=> 'required|alphanum|min:4|max:40',
+			'password'	=> 'required|min:5|max:100'
 		]);
 
 		try {
-			if (Storage::disk('users')->missing($request->login.'.json')) {
-				throw new Exception('Authentication failed');
+			if (true === User::loginUser($request->login, $request->password)) {
+				return response()->json([
+					'result'	=> true,
+				]);
 			}
-
-			$json = Storage::disk('users')->get($request->login.'.json');
-
-			if (! $user = json_decode($json, true)) {
-				throw new Exception('Cannot decode JSON file');
-			}
-
-			if (! Hash::check($request->password, $user['password'])) {
-				throw new Exception('Authentication failed');
-			}
-
-			$request->session()->put('login', $request->login);
-			$request->session()->put('authenticated', true);
-
-			return response()->json([
-				'result'	=> true,
-			]);
 		}
 		catch (Exception $e) {
 			return response()->json([
 				'result'	=> false,
-				'error'		=> $e->getMessage()
-			]);
+				'error'		=> 'Authentication failed, please try again.'
+			], 403);
 		}
+
+		// This should never happen
+		return response()->json([
+			'result'	=> false,
+			'error'		=> 'Unexpected error'
+		]);
 	}
 
 	function newBundle(Request $request) {
@@ -66,7 +55,22 @@ class WebController extends Controller
 			'owner_token'	=> 'required'
 		]);
 
+		$owner = null;
+		if (User::isLogged()) {
+			$user = User::getLoggedUserDetails();
+			$owner = $user['username'];
+
+			// If bundle dimension is not initialized
+			if (empty($user['bundles']) || ! is_array($user['bundles'])) {
+				$user['bundles'] = [];
+			}
+
+			array_push($user['bundles'], $request->bundle_id);
+			User::setUserDetails($user['username'], $user);
+		}
+
 		$metadata = [
+			'owner'			=> $owner,
 			'created_at'	=> time(),
 			'completed' 	=> false,
 			'expiry'		=> config('sharing.default-expiry', 86400),
diff --git a/app/Http/Middleware/UploadAccess.php b/app/Http/Middleware/UploadAccess.php
index 413ea53..4eddef8 100644
--- a/app/Http/Middleware/UploadAccess.php
+++ b/app/Http/Middleware/UploadAccess.php
@@ -6,6 +6,7 @@ use Closure;
 use Illuminate\Http\Request;
 use Symfony\Component\HttpFoundation\Response;
 use App\Helpers\Upload;
+use App\Helpers\User;
 use Illuminate\Support\Facades\Storage;
 
 class UploadAccess
@@ -25,11 +26,8 @@ class UploadAccess
 		}
 
 		// Checking credentials auth
-		if ($request->session()->get('authenticated', false) === true && $request->session()->has('login')) {
-			// If user still exists
-			if (Storage::disk('users')->exists($request->session()->get('login').'.json')) {
-				return $next($request);
-			}
+		if (User::isLogged()) {
+			return $next($request);
 		}
 
 		// Fallback, authentication required