webinno/filesharing
1
0
Fork 0
mirror of https://github.com/axeloz/filesharing.git synced 2025-05-06 10:03:55 +02:00
Code Issues Projects Releases Wiki Activity

Refactoring User authentication

Browse source
This commit is contained in:
Axel 2023-05-21 18:16:46 +02:00
parent 9f05df5951
commit 1417cdf066
Signed by: axel
GPG key ID: 73C0A5961B6BC740
3 changed files with 119 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

86
app/Helpers/User.php Normal file
View file

@ -0,0 +1,86 @@
<?php
namespace App\Helpers;
use Exception;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Storage;
class User {
static function isLogged():Bool {
// Checking credentials auth
if (session()->get('authenticated', false) === true && session()->has('username')) {
// If user still exists
try {
self::getUserDetails(session()->get('username'));
return true;
}
catch (Exception $e) {}
}
return false;
}
static function loginUser(String $username, String $password):Bool {
try {
// Checking user existence
$user = self::getUserDetails($username);
// Checking password
if (true !== Hash::check($password, $user['password'])) {
throw new Exception('Invalid password');
}
// OK, user's credentials are OK
session()->put('username', $username);
session()->put('authenticated', true);
return true;
}
catch (Exception $e) {
throw $e;
}
}
static function getLoggedUserDetails():Array {
if (self::isLogged()) {
return self::getUserDetails(session()->get('username'));
}
throw new UnauthenticatedUser('User is not logged in');
}
static function getUserDetails(String $username):Array {
// Checking user existence
if (Storage::disk('users')->missing($username.'.json')) {
throw new Exception('No such user');
}
// Getting user.json
if (! $json = Storage::disk('users')->get($username.'.json')) {
throw new Exception('Could not fetch user details');
}
// Decoding JSON
if (! $user = json_decode($json, true)) {
throw new Exception('Cannot decode JSON file');
}
return $user;
}
static function setUserDetails(String $username, Array $data):Array {
$original = self::getUserDetails($username);
$updated = array_merge($original, $data);
if (Storage::disk('users')->put($username.'.json', json_encode($updated))) {
return $updated;
}
throw new Exception('Could not update user\'s details');
}
}
class UnauthenticatedUser extends Exception {}
?>

52
app/Http/Controllers/WebController.php
View file

@ -2,11 +2,9 @@
namespace App\Http\Controllers; namespace App\Http\Controllers;
use App\Helpers\Upload; use App\Helpers\Upload;
use App\Helpers\User;
use Exception; use Exception;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Session;
use Illuminate\Support\Facades\Storage;
class WebController extends Controller class WebController extends Controller
{ {
@ -23,38 +21,29 @@ class WebController extends Controller
abort_if(! $request->ajax(), 403); abort_if(! $request->ajax(), 403);
$request->validate([ $request->validate([
'login' => 'required', 'login' => 'required|alphanum|min:4|max:40',
'password' => 'required' 'password' => 'required|min:5|max:100'
]); ]);
try { try {
if (Storage::disk('users')->missing($request->login.'.json')) { if (true === User::loginUser($request->login, $request->password)) {
throw new Exception('Authentication failed');
}
$json = Storage::disk('users')->get($request->login.'.json');
if (! $user = json_decode($json, true)) {
throw new Exception('Cannot decode JSON file');
}
if (! Hash::check($request->password, $user['password'])) {
throw new Exception('Authentication failed');
}
$request->session()->put('login', $request->login);
$request->session()->put('authenticated', true);
return response()->json([ return response()->json([
'result' => true, 'result' => true,
]); ]);
} }
}
catch (Exception $e) { catch (Exception $e) {
return response()->json([ return response()->json([
'result' => false, 'result' => false,
'error' => $e->getMessage() 'error' => 'Authentication failed, please try again.'
]); ], 403);
} }
// This should never happen
return response()->json([
'result' => false,
'error' => 'Unexpected error'
]);
} }
function newBundle(Request $request) { function newBundle(Request $request) {
@ -66,7 +55,22 @@ class WebController extends Controller
'owner_token' => 'required' 'owner_token' => 'required'
]); ]);
$owner = null;
if (User::isLogged()) {
$user = User::getLoggedUserDetails();
$owner = $user['username'];
// If bundle dimension is not initialized
if (empty($user['bundles']) || ! is_array($user['bundles'])) {
$user['bundles'] = [];
}
array_push($user['bundles'], $request->bundle_id);
User::setUserDetails($user['username'], $user);
}
$metadata = [ $metadata = [
'owner' => $owner,
'created_at' => time(), 'created_at' => time(),
'completed' => false, 'completed' => false,
'expiry' => config('sharing.default-expiry', 86400), 'expiry' => config('sharing.default-expiry', 86400),

6
app/Http/Middleware/UploadAccess.php
View file

@ -6,6 +6,7 @@ use Closure;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use App\Helpers\Upload; use App\Helpers\Upload;
use App\Helpers\User;
use Illuminate\Support\Facades\Storage; use Illuminate\Support\Facades\Storage;
class UploadAccess class UploadAccess
@ -25,12 +26,9 @@ class UploadAccess
} }
// Checking credentials auth // Checking credentials auth
if ($request->session()->get('authenticated', false) === true && $request->session()->has('login')) { if (User::isLogged()) {
// If user still exists
if (Storage::disk('users')->exists($request->session()->get('login').'.json')) {
return $next($request); return $next($request);
} }
}
// Fallback, authentication required // Fallback, authentication required
if ($request->ajax()) { if ($request->ajax()) {