From 2905af64898b6f53b77d00ab16f03380282a2de6 Mon Sep 17 00:00:00 2001 From: Kekskurse Date: Thu, 20 Jun 2019 16:46:50 +0200 Subject: [PATCH] Stuff, nmigration not done --- .../Controllers/API/AccountController.php | 1 + app/Http/Controllers/API/AppController.php | 4 ++ app/Http/Controllers/API/UserController.php | 8 ++- app/Http/Controllers/API/oAuthController.php | 58 ++++++++++++++++ app/Http/Resources/API/App.php | 10 +++ app/Http/Resources/API/AppAccess.php | 23 +++++++ app/Http/Resources/API/AppForOwner.php | 24 +++++-- app/Models/AccessToken.php | 4 ++ app/Providers/AuthServiceProvider.php | 66 +++++++++++-------- .../2019_06_20_130513_app_permission.php | 54 +++++++++++++++ routes/web.php | 1 + 11 files changed, 216 insertions(+), 37 deletions(-) create mode 100644 app/Http/Controllers/API/oAuthController.php create mode 100644 app/Http/Resources/API/AppAccess.php create mode 100644 database/migrations/2019_06_20_130513_app_permission.php diff --git a/app/Http/Controllers/API/AccountController.php b/app/Http/Controllers/API/AccountController.php index 95e48a2..5c667b2 100644 --- a/app/Http/Controllers/API/AccountController.php +++ b/app/Http/Controllers/API/AccountController.php @@ -29,6 +29,7 @@ class AccountController extends BaseController $users->lastPage(), $users->perPage() ); + return $response->withData(\App\Http\Resources\API\User::collection(($users))); } diff --git a/app/Http/Controllers/API/AppController.php b/app/Http/Controllers/API/AppController.php index acc23ca..16c5c0f 100644 --- a/app/Http/Controllers/API/AppController.php +++ b/app/Http/Controllers/API/AppController.php @@ -22,6 +22,10 @@ class AppController extends BaseController throw new NotLoggedInException(); } + if(!app('currentAccess')->getApp()->access_read_apps) { + throw new NoPermissionException(403, "App has no access to perform this request."); + } + $apps = \App\Models\App::query()->where("user_id", "=", Auth::user()->id)->get(); return $response->withData(AppForOwner::collection(collect($apps))); diff --git a/app/Http/Controllers/API/UserController.php b/app/Http/Controllers/API/UserController.php index 98abff6..0048c72 100644 --- a/app/Http/Controllers/API/UserController.php +++ b/app/Http/Controllers/API/UserController.php @@ -58,12 +58,16 @@ class UserController extends BaseController throw new HTTPException("400", "Username or Password wrong"); } + $app = App::query()->where("name", "=", "PHP-GUI")->firstOrFail()->id; + //Create Access Permission for WebGUI - $access = AppAccess::getOrCreate($user->id, App::query()->where("name", "=", "PHP-GUI")->firstOrFail()->id); + $access = AppAccess::getOrCreate($user->id, $app); $token = \App\Models\AccessToken::createToken($access); //Save Token to Session - $_SESSION["token"] = $token->token; + if(getenv("SAVE_TOKEN_TO_SESSION")) { + $_SESSION["token"] = $token->token; + } return new AccessToken($token); } diff --git a/app/Http/Controllers/API/oAuthController.php b/app/Http/Controllers/API/oAuthController.php new file mode 100644 index 0000000..cf57b27 --- /dev/null +++ b/app/Http/Controllers/API/oAuthController.php @@ -0,0 +1,58 @@ +where("id", "=", $id); + + if($request->get("create", false)) { + $access = AppAccess::getOrCreate(Auth::user()->id, $id); + } else { + $access = AppAccess::query() + ->where("user_id", "=", Auth::user()->id) + ->where("app_id", "=", $id)->first(); + } + + if(empty($access)) { + throw new ResourceNotFound(); + } + + //Auto Allow + if($app->auto_accept) { + $access->status = "allowed"; + } + + return $response->withData(new \App\Http\Resources\API\App($access)); + } +} \ No newline at end of file diff --git a/app/Http/Resources/API/App.php b/app/Http/Resources/API/App.php index fae25c2..9bcaa30 100644 --- a/app/Http/Resources/API/App.php +++ b/app/Http/Resources/API/App.php @@ -22,6 +22,16 @@ class App extends JsonResource 'description' => $this->description, 'directUrl' => $this->direct_url, 'url' => $this->url, + 'access' => [ + 'oAuth' => (bool)$this->access_oAuth, + 'api' => (bool)$this->access_api, + 'update_apps' => (bool)$this->access_update_apps, + 'update_profile' => (bool)$this->access_update_profile, + 'update_access' => (bool)$this->access_update_access, + 'read_access' => (bool)$this->access_read_access, + 'read_apps' => (bool)$this->access_read_apps, + 'read_profile' => (bool)$this->access_read_profile, + ] /*'properties' => [ #'autoAccept' => $this->auto_accept, #'untrustedWarning' => $this->untrusted_warning, diff --git a/app/Http/Resources/API/AppAccess.php b/app/Http/Resources/API/AppAccess.php new file mode 100644 index 0000000..025d691 --- /dev/null +++ b/app/Http/Resources/API/AppAccess.php @@ -0,0 +1,23 @@ + $this->app_id, + 'user_id' => $this->user_id, + 'status' => $this->status + ]; + } +} \ No newline at end of file diff --git a/app/Http/Resources/API/AppForOwner.php b/app/Http/Resources/API/AppForOwner.php index 4e584de..055809c 100644 --- a/app/Http/Resources/API/AppForOwner.php +++ b/app/Http/Resources/API/AppForOwner.php @@ -25,13 +25,23 @@ class AppForOwner extends JsonResource 'apiKey' => $this->apiKey, 'apiSecret' => $this->apiSecret, 'properties' => [ - 'testingWarning' => $this->testing_warning, - 'autoAccept' => $this->auto_accept, - 'untrustedWarning' => $this->untrusted_warning, - 'showOnWebpage' => $this->show_on_webpage, - 'stopAutoRedirect' => $this->stop_auto_redirect, - 'hideInAppList' => $this->hide_in_app_list, - 'userCantRemoveApp' => $this->user_cant_remove_app + 'testingWarning' => (bool)$this->testing_warning, + 'autoAccept' => (bool)$this->auto_accept, + 'untrustedWarning' => (bool)$this->untrusted_warning, + 'showOnWebpage' => (bool)$this->show_on_webpage, + 'stopAutoRedirect' => (bool)$this->stop_auto_redirect, + 'hideInAppList' => (bool)$this->hide_in_app_list, + 'userCantRemoveApp' => (bool)$this->user_cant_remove_app + ], + 'access' => [ + 'oAuth' => (bool)$this->access_oAuth, + 'api' => (bool)$this->access_api, + 'update_apps' => (bool)$this->access_update_apps, + 'update_profile' => (bool)$this->access_update_profile, + 'update_access' => (bool)$this->access_update_access, + 'read_access' => (bool)$this->access_read_access, + 'read_apps' => (bool)$this->access_read_apps, + 'read_profile' => (bool)$this->access_read_profile, ] ]; diff --git a/app/Models/AccessToken.php b/app/Models/AccessToken.php index c0f9c21..9347cbd 100644 --- a/app/Models/AccessToken.php +++ b/app/Models/AccessToken.php @@ -54,4 +54,8 @@ class AccessToken extends Model return User::query()->where("id", "=", $this->getAppAccess()->user_id)->firstOrFail(); } + public function getApp(): App { + return $this->getAppAccess()->getApp(); + } + } diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index 746d81e..eeddcfb 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -18,6 +18,7 @@ class AuthServiceProvider extends ServiceProvider public function register() { // + $this->app->singleton('currentAccess', function() { return $this->getAccess(null); }); } /** @@ -34,34 +35,7 @@ class AuthServiceProvider extends ServiceProvider $this->app['auth']->viaRequest('api', function (Request $request) { - $token = null; - if(isset($_SESSION["token"])) { - $token = $_SESSION["token"]; - } - - if(isset($_GET["access_token"])) { - $token = $_GET["access_token"]; - } - - if(isset($_GET["token"])) { - $token = $_GET["token"]; - } - - - - if($request->header("Authorization", false)) { - $token = trim($request->header("Authorization")); - $t = explode(" ", $token); - $token = last($t); - } - - - - if($token == null) { - return null; - } - - $accessToken = AccessToken::query()->where("token", "=", $token)->first(); + $accessToken = $this->getAccess($request); if($accessToken == null) { return null; } @@ -73,7 +47,43 @@ class AuthServiceProvider extends ServiceProvider return null; } + return $accessToken->getUser(); }); } + + private function getAccess(?Request $request) { + $token = null; + if(isset($_SESSION["token"])) { + $token = $_SESSION["token"]; + } + + if(isset($_GET["access_token"])) { + $token = $_GET["access_token"]; + } + + if(isset($_GET["token"])) { + $token = $_GET["token"]; + } + + if(!is_null($request)) { + if($request->header("Authorization", false)) { + $token = trim($request->header("Authorization")); + $t = explode(" ", $token); + $token = last($t); + } + } else { + $headers = getallheaders(); + $token = trim($headers["Authorization"]); + $t = explode(" ", $token); + $token = last($t); + } + + + if($token == null) { + return null; + } + + return AccessToken::query()->where("token", "=", $token)->first(); + } } diff --git a/database/migrations/2019_06_20_130513_app_permission.php b/database/migrations/2019_06_20_130513_app_permission.php new file mode 100644 index 0000000..80181ec --- /dev/null +++ b/database/migrations/2019_06_20_130513_app_permission.php @@ -0,0 +1,54 @@ +boolean('access_oAuth')->default(true)->comment('Perform oAuth Request and get user profile'); + $table->boolean('access_api')->default(true)->comment('App can Access the API, perform requests as user'); + $table->boolean('access_update_apps')->default(false)->comment("App can update App Data from all Apps the User has Access to"); + $table->boolean('access_update_profile')->default(false)->comment("App can Update the Profile Settings of the User"); + $table->boolean('access_update_access')->default(false)->comment("App can Update the User-Access to all Apps"); + $table->boolean('access_read_access')->default(false)->comment("App cann see which Apps the User give Access to"); + $table->boolean('access_read_apps')->default(false)->comment("App can see which App are managed by the User"); + $table->boolean('access_read_profile')->default(true)->comment("App can read the Profile Settings of the User"); + }); + + + $app = \App\Models\App::query()->where("name", "=", "PHP-GUI")->firstOrFail(); + $app->access_update_apps = true; + $app->access_update_profile = true; + $app->access_update_access = true; + $app->access_read_apps = true; + $app->saveOrFail(); + } + + /** + * Reverse the migrations. + * + * @return void + */ + public function down() + { + Schema::table('apps', function (Blueprint $table) { + $table->dropColumn('access_oAuth'); + $table->dropColumn('access_api'); + $table->dropColumn('access_update_apps'); + $table->dropColumn('access_update_profile'); + $table->dropColumn('access_update_access'); + $table->dropColumn('access_read_access'); + $table->dropColumn('access_read_apps'); + $table->dropColumn('access_read_profile'); + }); + } +} diff --git a/routes/web.php b/routes/web.php index c450598..7a7cee0 100644 --- a/routes/web.php +++ b/routes/web.php @@ -51,6 +51,7 @@ $router->group(['prefix' => 'api'], function () use ($router) { $router->get("/find", ['uses' => 'API\AppController@findApp']); $router->group(['prefix' => '{id}'], function () use ($router) { $router->get("/", ['uses' => 'API\AppController@appDetails']); + $router->get("/access", ["uses" => "API\oAuthController@getAccess"]); }); });