diff --git a/app/Http/Controllers/API/oAuthController.php b/app/Http/Controllers/API/oAuthController.php index cf57b27..e09c390 100644 --- a/app/Http/Controllers/API/oAuthController.php +++ b/app/Http/Controllers/API/oAuthController.php @@ -16,8 +16,9 @@ use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Log; use TaGeSo\APIResponse\Response; +use Laravel\Lumen\Routing\Controller as BaseController; -class oAuthController extends Controller +class oAuthController extends BaseController { /** * Create a new controller instance. @@ -34,7 +35,7 @@ class oAuthController extends Controller throw new NotLoggedInException(); } - $app = App::query()->where("id", "=", $id); + $app = App::query()->where("id", "=", $id)->firstOrFail(); if($request->get("create", false)) { $access = AppAccess::getOrCreate(Auth::user()->id, $id); @@ -53,6 +54,52 @@ class oAuthController extends Controller $access->status = "allowed"; } - return $response->withData(new \App\Http\Resources\API\App($access)); + return $response->withData(new \App\Http\Resources\API\AppAccess($access)); + } + + public function allowAccess(Response $response, Request $request, $id) { + if(!Auth::check()) { + throw new NotLoggedInException(); + } + + $this->validate($request, [ + 'redirect_uri' => 'required|url', + 'state' => '' + ]); + + $app = App::query()->where("id", "=", $id); + + $access = AppAccess::getOrCreate(Auth::user()->id, $id); + $access->status = "allowed"; + $access->saveOrFail(); + + $appCode = AppCode::createCode($access); + + + //Create Redirect URL + $returnUrl = urldecode($request->input("redirect_uri")); + if(strpos($returnUrl, "?") > 0) { + Log::debug("Found questionmark in redirect_uri"); + if(substr($returnUrl, -1, 1) != "&") { + Log::debug("Add & to the redirect_uri"); + $returnUrl .= "&"; + } + } else { + $returnUrl .= "?"; + } + + $returnUrl.="code=".$appCode->code; + if($request->input("state", null) !== null) { + $returnUrl .= "&state=".$request->input("state"); + } + + Log::debug("Return URL: ".$returnUrl); + + + $res = []; + $res["appCode"] = $appCode->code; + $res["redirectUrl"] = $returnUrl; + + return $response->withData($res); } } \ No newline at end of file diff --git a/app/Http/Controllers/oAuthController.php b/app/Http/Controllers/oAuthController.php index 79713a8..2a98786 100644 --- a/app/Http/Controllers/oAuthController.php +++ b/app/Http/Controllers/oAuthController.php @@ -55,13 +55,12 @@ class oAuthController extends Controller } } else { $returnUrl .= "?"; - } $appCode = AppCode::createCode($access); - $returnUrl.="code=".$appCode->code; - if($request->input("state", null) !== null) { - $returnUrl .= "&state=".$request->input("state"); - } + $returnUrl.="code=".$appCode->code; + if($request->input("state", null) !== null) { + $returnUrl .= "&state=".$request->input("state"); + } Log::debug("Return URL: ".$returnUrl); diff --git a/app/Http/Resources/API/App.php b/app/Http/Resources/API/App.php index 9bcaa30..6f0a772 100644 --- a/app/Http/Resources/API/App.php +++ b/app/Http/Resources/API/App.php @@ -16,12 +16,19 @@ class App extends JsonResource { return [ 'id' => (int)$this->id, - #'created_at' => $this->created_at, - #'updated_at' => $this->created_at, 'name' => $this->name, 'description' => $this->description, 'directUrl' => $this->direct_url, 'url' => $this->url, + 'properties' => [ + 'testingWarning' => (bool)$this->testing_warning, + #'autoAccept' => (bool)$this->auto_accept, + 'untrustedWarning' => (bool)$this->untrusted_warning, + 'showOnWebpage' => (bool)$this->show_on_webpage, + 'stopAutoRedirect' => (bool)$this->stop_auto_redirect, + 'hideInAppList' => (bool)$this->hide_in_app_list, + 'userCantRemoveApp' => (bool)$this->user_cant_remove_app + ], 'access' => [ 'oAuth' => (bool)$this->access_oAuth, 'api' => (bool)$this->access_api, @@ -32,15 +39,6 @@ class App extends JsonResource 'read_apps' => (bool)$this->access_read_apps, 'read_profile' => (bool)$this->access_read_profile, ] - /*'properties' => [ - #'autoAccept' => $this->auto_accept, - #'untrustedWarning' => $this->untrusted_warning, - #'showOnWebpage' => $this->show_on_webpage, - #'stopAutoRedirect' => $this->stop_auto_redirect, - #'hideInAppList' => $this->hide_in_app_list, - #'userCantRemoveApp' => $this->user_cant_remove_app - ]*/ - ]; } } \ No newline at end of file diff --git a/database/migrations/2019_06_20_130513_app_permission.php b/database/migrations/2019_06_20_130513_app_permission.php index 80181ec..dc656d5 100644 --- a/database/migrations/2019_06_20_130513_app_permission.php +++ b/database/migrations/2019_06_20_130513_app_permission.php @@ -31,6 +31,13 @@ class AppPermission extends Migration $app->access_update_access = true; $app->access_read_apps = true; $app->saveOrFail(); + + $setting = new \App\Models\Setting(); + $setting->name = "gui_url"; + $setting->description = "GUI Url for redirect User from API/PHP-GUI to WebGui"; + $setting->typ = "textinput"; + $setting->value = "http://localhost:8080"; + $setting->saveOrFail(); } /** @@ -50,5 +57,7 @@ class AppPermission extends Migration $table->dropColumn('access_read_apps'); $table->dropColumn('access_read_profile'); }); + + \App\Models\Setting::query()->where("name", "=", "gui_url")->delete(); } } diff --git a/routes/web.php b/routes/web.php index 7a7cee0..24ffe55 100644 --- a/routes/web.php +++ b/routes/web.php @@ -52,6 +52,7 @@ $router->group(['prefix' => 'api'], function () use ($router) { $router->group(['prefix' => '{id}'], function () use ($router) { $router->get("/", ['uses' => 'API\AppController@appDetails']); $router->get("/access", ["uses" => "API\oAuthController@getAccess"]); + $router->post("/access/allow", ["uses" => "API\oAuthController@allowAccess"]); }); });