Stuff, nmigration not done
This commit is contained in:
parent
fe2c37f7d7
commit
2905af6489
11 changed files with 216 additions and 37 deletions
|
@ -29,6 +29,7 @@ class AccountController extends BaseController
|
|||
$users->lastPage(),
|
||||
$users->perPage()
|
||||
);
|
||||
|
||||
return $response->withData(\App\Http\Resources\API\User::collection(($users)));
|
||||
}
|
||||
|
||||
|
|
|
@ -22,6 +22,10 @@ class AppController extends BaseController
|
|||
throw new NotLoggedInException();
|
||||
}
|
||||
|
||||
if(!app('currentAccess')->getApp()->access_read_apps) {
|
||||
throw new NoPermissionException(403, "App has no access to perform this request.");
|
||||
}
|
||||
|
||||
$apps = \App\Models\App::query()->where("user_id", "=", Auth::user()->id)->get();
|
||||
|
||||
return $response->withData(AppForOwner::collection(collect($apps)));
|
||||
|
|
|
@ -58,12 +58,16 @@ class UserController extends BaseController
|
|||
throw new HTTPException("400", "Username or Password wrong");
|
||||
}
|
||||
|
||||
$app = App::query()->where("name", "=", "PHP-GUI")->firstOrFail()->id;
|
||||
|
||||
//Create Access Permission for WebGUI
|
||||
$access = AppAccess::getOrCreate($user->id, App::query()->where("name", "=", "PHP-GUI")->firstOrFail()->id);
|
||||
$access = AppAccess::getOrCreate($user->id, $app);
|
||||
$token = \App\Models\AccessToken::createToken($access);
|
||||
|
||||
//Save Token to Session
|
||||
$_SESSION["token"] = $token->token;
|
||||
if(getenv("SAVE_TOKEN_TO_SESSION")) {
|
||||
$_SESSION["token"] = $token->token;
|
||||
}
|
||||
|
||||
return new AccessToken($token);
|
||||
}
|
||||
|
|
58
app/Http/Controllers/API/oAuthController.php
Normal file
58
app/Http/Controllers/API/oAuthController.php
Normal file
|
@ -0,0 +1,58 @@
|
|||
<?php
|
||||
|
||||
namespace App\Http\Controllers\API;
|
||||
|
||||
use App\Entity\Token;
|
||||
use App\Exceptions\HTTPException;
|
||||
use App\Exceptions\NotLoggedInException;
|
||||
use App\Exceptions\ResourceNotFound;
|
||||
use App\Models\AccessToken;
|
||||
use App\Models\App;
|
||||
use App\Models\AppAccess;
|
||||
use App\Models\AppCode;
|
||||
use App\Models\RefreshToken;
|
||||
use App\Models\User;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\Facades\Log;
|
||||
use TaGeSo\APIResponse\Response;
|
||||
|
||||
class oAuthController extends Controller
|
||||
{
|
||||
/**
|
||||
* Create a new controller instance.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
//
|
||||
}
|
||||
|
||||
public function getAccess(Response $response, Request $request, $id) {
|
||||
if(!Auth::check()) {
|
||||
throw new NotLoggedInException();
|
||||
}
|
||||
|
||||
$app = App::query()->where("id", "=", $id);
|
||||
|
||||
if($request->get("create", false)) {
|
||||
$access = AppAccess::getOrCreate(Auth::user()->id, $id);
|
||||
} else {
|
||||
$access = AppAccess::query()
|
||||
->where("user_id", "=", Auth::user()->id)
|
||||
->where("app_id", "=", $id)->first();
|
||||
}
|
||||
|
||||
if(empty($access)) {
|
||||
throw new ResourceNotFound();
|
||||
}
|
||||
|
||||
//Auto Allow
|
||||
if($app->auto_accept) {
|
||||
$access->status = "allowed";
|
||||
}
|
||||
|
||||
return $response->withData(new \App\Http\Resources\API\App($access));
|
||||
}
|
||||
}
|
|
@ -22,6 +22,16 @@ class App extends JsonResource
|
|||
'description' => $this->description,
|
||||
'directUrl' => $this->direct_url,
|
||||
'url' => $this->url,
|
||||
'access' => [
|
||||
'oAuth' => (bool)$this->access_oAuth,
|
||||
'api' => (bool)$this->access_api,
|
||||
'update_apps' => (bool)$this->access_update_apps,
|
||||
'update_profile' => (bool)$this->access_update_profile,
|
||||
'update_access' => (bool)$this->access_update_access,
|
||||
'read_access' => (bool)$this->access_read_access,
|
||||
'read_apps' => (bool)$this->access_read_apps,
|
||||
'read_profile' => (bool)$this->access_read_profile,
|
||||
]
|
||||
/*'properties' => [
|
||||
#'autoAccept' => $this->auto_accept,
|
||||
#'untrustedWarning' => $this->untrusted_warning,
|
||||
|
|
23
app/Http/Resources/API/AppAccess.php
Normal file
23
app/Http/Resources/API/AppAccess.php
Normal file
|
@ -0,0 +1,23 @@
|
|||
<?php
|
||||
|
||||
namespace App\Http\Resources\API;
|
||||
|
||||
use Illuminate\Http\Resources\Json\JsonResource;
|
||||
|
||||
class AppAccess extends JsonResource
|
||||
{
|
||||
/**
|
||||
* Transform the resource into an array.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @return array
|
||||
*/
|
||||
public function toArray($request)
|
||||
{
|
||||
return [
|
||||
'app_id' => $this->app_id,
|
||||
'user_id' => $this->user_id,
|
||||
'status' => $this->status
|
||||
];
|
||||
}
|
||||
}
|
|
@ -25,13 +25,23 @@ class AppForOwner extends JsonResource
|
|||
'apiKey' => $this->apiKey,
|
||||
'apiSecret' => $this->apiSecret,
|
||||
'properties' => [
|
||||
'testingWarning' => $this->testing_warning,
|
||||
'autoAccept' => $this->auto_accept,
|
||||
'untrustedWarning' => $this->untrusted_warning,
|
||||
'showOnWebpage' => $this->show_on_webpage,
|
||||
'stopAutoRedirect' => $this->stop_auto_redirect,
|
||||
'hideInAppList' => $this->hide_in_app_list,
|
||||
'userCantRemoveApp' => $this->user_cant_remove_app
|
||||
'testingWarning' => (bool)$this->testing_warning,
|
||||
'autoAccept' => (bool)$this->auto_accept,
|
||||
'untrustedWarning' => (bool)$this->untrusted_warning,
|
||||
'showOnWebpage' => (bool)$this->show_on_webpage,
|
||||
'stopAutoRedirect' => (bool)$this->stop_auto_redirect,
|
||||
'hideInAppList' => (bool)$this->hide_in_app_list,
|
||||
'userCantRemoveApp' => (bool)$this->user_cant_remove_app
|
||||
],
|
||||
'access' => [
|
||||
'oAuth' => (bool)$this->access_oAuth,
|
||||
'api' => (bool)$this->access_api,
|
||||
'update_apps' => (bool)$this->access_update_apps,
|
||||
'update_profile' => (bool)$this->access_update_profile,
|
||||
'update_access' => (bool)$this->access_update_access,
|
||||
'read_access' => (bool)$this->access_read_access,
|
||||
'read_apps' => (bool)$this->access_read_apps,
|
||||
'read_profile' => (bool)$this->access_read_profile,
|
||||
]
|
||||
|
||||
];
|
||||
|
|
|
@ -54,4 +54,8 @@ class AccessToken extends Model
|
|||
return User::query()->where("id", "=", $this->getAppAccess()->user_id)->firstOrFail();
|
||||
}
|
||||
|
||||
public function getApp(): App {
|
||||
return $this->getAppAccess()->getApp();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -18,6 +18,7 @@ class AuthServiceProvider extends ServiceProvider
|
|||
public function register()
|
||||
{
|
||||
//
|
||||
$this->app->singleton('currentAccess', function() { return $this->getAccess(null); });
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -34,34 +35,7 @@ class AuthServiceProvider extends ServiceProvider
|
|||
|
||||
$this->app['auth']->viaRequest('api', function (Request $request) {
|
||||
|
||||
$token = null;
|
||||
if(isset($_SESSION["token"])) {
|
||||
$token = $_SESSION["token"];
|
||||
}
|
||||
|
||||
if(isset($_GET["access_token"])) {
|
||||
$token = $_GET["access_token"];
|
||||
}
|
||||
|
||||
if(isset($_GET["token"])) {
|
||||
$token = $_GET["token"];
|
||||
}
|
||||
|
||||
|
||||
|
||||
if($request->header("Authorization", false)) {
|
||||
$token = trim($request->header("Authorization"));
|
||||
$t = explode(" ", $token);
|
||||
$token = last($t);
|
||||
}
|
||||
|
||||
|
||||
|
||||
if($token == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$accessToken = AccessToken::query()->where("token", "=", $token)->first();
|
||||
$accessToken = $this->getAccess($request);
|
||||
if($accessToken == null) {
|
||||
return null;
|
||||
}
|
||||
|
@ -73,7 +47,43 @@ class AuthServiceProvider extends ServiceProvider
|
|||
return null;
|
||||
}
|
||||
|
||||
|
||||
return $accessToken->getUser();
|
||||
});
|
||||
}
|
||||
|
||||
private function getAccess(?Request $request) {
|
||||
$token = null;
|
||||
if(isset($_SESSION["token"])) {
|
||||
$token = $_SESSION["token"];
|
||||
}
|
||||
|
||||
if(isset($_GET["access_token"])) {
|
||||
$token = $_GET["access_token"];
|
||||
}
|
||||
|
||||
if(isset($_GET["token"])) {
|
||||
$token = $_GET["token"];
|
||||
}
|
||||
|
||||
if(!is_null($request)) {
|
||||
if($request->header("Authorization", false)) {
|
||||
$token = trim($request->header("Authorization"));
|
||||
$t = explode(" ", $token);
|
||||
$token = last($t);
|
||||
}
|
||||
} else {
|
||||
$headers = getallheaders();
|
||||
$token = trim($headers["Authorization"]);
|
||||
$t = explode(" ", $token);
|
||||
$token = last($t);
|
||||
}
|
||||
|
||||
|
||||
if($token == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return AccessToken::query()->where("token", "=", $token)->first();
|
||||
}
|
||||
}
|
||||
|
|
54
database/migrations/2019_06_20_130513_app_permission.php
Normal file
54
database/migrations/2019_06_20_130513_app_permission.php
Normal file
|
@ -0,0 +1,54 @@
|
|||
<?php
|
||||
|
||||
use Illuminate\Support\Facades\Schema;
|
||||
use Illuminate\Database\Schema\Blueprint;
|
||||
use Illuminate\Database\Migrations\Migration;
|
||||
|
||||
class AppPermission extends Migration
|
||||
{
|
||||
/**
|
||||
* Run the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function up()
|
||||
{
|
||||
Schema::table('apps', function (Blueprint $table) {
|
||||
$table->boolean('access_oAuth')->default(true)->comment('Perform oAuth Request and get user profile');
|
||||
$table->boolean('access_api')->default(true)->comment('App can Access the API, perform requests as user');
|
||||
$table->boolean('access_update_apps')->default(false)->comment("App can update App Data from all Apps the User has Access to");
|
||||
$table->boolean('access_update_profile')->default(false)->comment("App can Update the Profile Settings of the User");
|
||||
$table->boolean('access_update_access')->default(false)->comment("App can Update the User-Access to all Apps");
|
||||
$table->boolean('access_read_access')->default(false)->comment("App cann see which Apps the User give Access to");
|
||||
$table->boolean('access_read_apps')->default(false)->comment("App can see which App are managed by the User");
|
||||
$table->boolean('access_read_profile')->default(true)->comment("App can read the Profile Settings of the User");
|
||||
});
|
||||
|
||||
|
||||
$app = \App\Models\App::query()->where("name", "=", "PHP-GUI")->firstOrFail();
|
||||
$app->access_update_apps = true;
|
||||
$app->access_update_profile = true;
|
||||
$app->access_update_access = true;
|
||||
$app->access_read_apps = true;
|
||||
$app->saveOrFail();
|
||||
}
|
||||
|
||||
/**
|
||||
* Reverse the migrations.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function down()
|
||||
{
|
||||
Schema::table('apps', function (Blueprint $table) {
|
||||
$table->dropColumn('access_oAuth');
|
||||
$table->dropColumn('access_api');
|
||||
$table->dropColumn('access_update_apps');
|
||||
$table->dropColumn('access_update_profile');
|
||||
$table->dropColumn('access_update_access');
|
||||
$table->dropColumn('access_read_access');
|
||||
$table->dropColumn('access_read_apps');
|
||||
$table->dropColumn('access_read_profile');
|
||||
});
|
||||
}
|
||||
}
|
|
@ -51,6 +51,7 @@ $router->group(['prefix' => 'api'], function () use ($router) {
|
|||
$router->get("/find", ['uses' => 'API\AppController@findApp']);
|
||||
$router->group(['prefix' => '{id}'], function () use ($router) {
|
||||
$router->get("/", ['uses' => 'API\AppController@appDetails']);
|
||||
$router->get("/access", ["uses" => "API\oAuthController@getAccess"]);
|
||||
|
||||
});
|
||||
});
|
||||
|
|
Reference in a new issue