Stuff, nmigration not done

This commit is contained in:
Kekskurse 2019-06-20 16:46:50 +02:00
parent fe2c37f7d7
commit 2905af6489
11 changed files with 216 additions and 37 deletions

View file

@ -29,6 +29,7 @@ class AccountController extends BaseController
$users->lastPage(), $users->lastPage(),
$users->perPage() $users->perPage()
); );
return $response->withData(\App\Http\Resources\API\User::collection(($users))); return $response->withData(\App\Http\Resources\API\User::collection(($users)));
} }

View file

@ -22,6 +22,10 @@ class AppController extends BaseController
throw new NotLoggedInException(); throw new NotLoggedInException();
} }
if(!app('currentAccess')->getApp()->access_read_apps) {
throw new NoPermissionException(403, "App has no access to perform this request.");
}
$apps = \App\Models\App::query()->where("user_id", "=", Auth::user()->id)->get(); $apps = \App\Models\App::query()->where("user_id", "=", Auth::user()->id)->get();
return $response->withData(AppForOwner::collection(collect($apps))); return $response->withData(AppForOwner::collection(collect($apps)));

View file

@ -58,12 +58,16 @@ class UserController extends BaseController
throw new HTTPException("400", "Username or Password wrong"); throw new HTTPException("400", "Username or Password wrong");
} }
$app = App::query()->where("name", "=", "PHP-GUI")->firstOrFail()->id;
//Create Access Permission for WebGUI //Create Access Permission for WebGUI
$access = AppAccess::getOrCreate($user->id, App::query()->where("name", "=", "PHP-GUI")->firstOrFail()->id); $access = AppAccess::getOrCreate($user->id, $app);
$token = \App\Models\AccessToken::createToken($access); $token = \App\Models\AccessToken::createToken($access);
//Save Token to Session //Save Token to Session
if(getenv("SAVE_TOKEN_TO_SESSION")) {
$_SESSION["token"] = $token->token; $_SESSION["token"] = $token->token;
}
return new AccessToken($token); return new AccessToken($token);
} }

View file

@ -0,0 +1,58 @@
<?php
namespace App\Http\Controllers\API;
use App\Entity\Token;
use App\Exceptions\HTTPException;
use App\Exceptions\NotLoggedInException;
use App\Exceptions\ResourceNotFound;
use App\Models\AccessToken;
use App\Models\App;
use App\Models\AppAccess;
use App\Models\AppCode;
use App\Models\RefreshToken;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Log;
use TaGeSo\APIResponse\Response;
class oAuthController extends Controller
{
/**
* Create a new controller instance.
*
* @return void
*/
public function __construct()
{
//
}
public function getAccess(Response $response, Request $request, $id) {
if(!Auth::check()) {
throw new NotLoggedInException();
}
$app = App::query()->where("id", "=", $id);
if($request->get("create", false)) {
$access = AppAccess::getOrCreate(Auth::user()->id, $id);
} else {
$access = AppAccess::query()
->where("user_id", "=", Auth::user()->id)
->where("app_id", "=", $id)->first();
}
if(empty($access)) {
throw new ResourceNotFound();
}
//Auto Allow
if($app->auto_accept) {
$access->status = "allowed";
}
return $response->withData(new \App\Http\Resources\API\App($access));
}
}

View file

@ -22,6 +22,16 @@ class App extends JsonResource
'description' => $this->description, 'description' => $this->description,
'directUrl' => $this->direct_url, 'directUrl' => $this->direct_url,
'url' => $this->url, 'url' => $this->url,
'access' => [
'oAuth' => (bool)$this->access_oAuth,
'api' => (bool)$this->access_api,
'update_apps' => (bool)$this->access_update_apps,
'update_profile' => (bool)$this->access_update_profile,
'update_access' => (bool)$this->access_update_access,
'read_access' => (bool)$this->access_read_access,
'read_apps' => (bool)$this->access_read_apps,
'read_profile' => (bool)$this->access_read_profile,
]
/*'properties' => [ /*'properties' => [
#'autoAccept' => $this->auto_accept, #'autoAccept' => $this->auto_accept,
#'untrustedWarning' => $this->untrusted_warning, #'untrustedWarning' => $this->untrusted_warning,

View file

@ -0,0 +1,23 @@
<?php
namespace App\Http\Resources\API;
use Illuminate\Http\Resources\Json\JsonResource;
class AppAccess extends JsonResource
{
/**
* Transform the resource into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return [
'app_id' => $this->app_id,
'user_id' => $this->user_id,
'status' => $this->status
];
}
}

View file

@ -25,13 +25,23 @@ class AppForOwner extends JsonResource
'apiKey' => $this->apiKey, 'apiKey' => $this->apiKey,
'apiSecret' => $this->apiSecret, 'apiSecret' => $this->apiSecret,
'properties' => [ 'properties' => [
'testingWarning' => $this->testing_warning, 'testingWarning' => (bool)$this->testing_warning,
'autoAccept' => $this->auto_accept, 'autoAccept' => (bool)$this->auto_accept,
'untrustedWarning' => $this->untrusted_warning, 'untrustedWarning' => (bool)$this->untrusted_warning,
'showOnWebpage' => $this->show_on_webpage, 'showOnWebpage' => (bool)$this->show_on_webpage,
'stopAutoRedirect' => $this->stop_auto_redirect, 'stopAutoRedirect' => (bool)$this->stop_auto_redirect,
'hideInAppList' => $this->hide_in_app_list, 'hideInAppList' => (bool)$this->hide_in_app_list,
'userCantRemoveApp' => $this->user_cant_remove_app 'userCantRemoveApp' => (bool)$this->user_cant_remove_app
],
'access' => [
'oAuth' => (bool)$this->access_oAuth,
'api' => (bool)$this->access_api,
'update_apps' => (bool)$this->access_update_apps,
'update_profile' => (bool)$this->access_update_profile,
'update_access' => (bool)$this->access_update_access,
'read_access' => (bool)$this->access_read_access,
'read_apps' => (bool)$this->access_read_apps,
'read_profile' => (bool)$this->access_read_profile,
] ]
]; ];

View file

@ -54,4 +54,8 @@ class AccessToken extends Model
return User::query()->where("id", "=", $this->getAppAccess()->user_id)->firstOrFail(); return User::query()->where("id", "=", $this->getAppAccess()->user_id)->firstOrFail();
} }
public function getApp(): App {
return $this->getAppAccess()->getApp();
}
} }

View file

@ -18,6 +18,7 @@ class AuthServiceProvider extends ServiceProvider
public function register() public function register()
{ {
// //
$this->app->singleton('currentAccess', function() { return $this->getAccess(null); });
} }
/** /**
@ -34,6 +35,24 @@ class AuthServiceProvider extends ServiceProvider
$this->app['auth']->viaRequest('api', function (Request $request) { $this->app['auth']->viaRequest('api', function (Request $request) {
$accessToken = $this->getAccess($request);
if($accessToken == null) {
return null;
}
if(time() > strtotime($accessToken->expires_at)) {
return null;
}
if($accessToken->status =! "active") {
return null;
}
return $accessToken->getUser();
});
}
private function getAccess(?Request $request) {
$token = null; $token = null;
if(isset($_SESSION["token"])) { if(isset($_SESSION["token"])) {
$token = $_SESSION["token"]; $token = $_SESSION["token"];
@ -47,33 +66,24 @@ class AuthServiceProvider extends ServiceProvider
$token = $_GET["token"]; $token = $_GET["token"];
} }
if(!is_null($request)) {
if($request->header("Authorization", false)) { if($request->header("Authorization", false)) {
$token = trim($request->header("Authorization")); $token = trim($request->header("Authorization"));
$t = explode(" ", $token); $t = explode(" ", $token);
$token = last($t); $token = last($t);
} }
} else {
$headers = getallheaders();
$token = trim($headers["Authorization"]);
$t = explode(" ", $token);
$token = last($t);
}
if($token == null) { if($token == null) {
return null; return null;
} }
$accessToken = AccessToken::query()->where("token", "=", $token)->first(); return AccessToken::query()->where("token", "=", $token)->first();
if($accessToken == null) {
return null;
}
if(time() > strtotime($accessToken->expires_at)) {
return null;
}
if($accessToken->status =! "active") {
return null;
}
return $accessToken->getUser();
});
} }
} }

View file

@ -0,0 +1,54 @@
<?php
use Illuminate\Support\Facades\Schema;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Database\Migrations\Migration;
class AppPermission extends Migration
{
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::table('apps', function (Blueprint $table) {
$table->boolean('access_oAuth')->default(true)->comment('Perform oAuth Request and get user profile');
$table->boolean('access_api')->default(true)->comment('App can Access the API, perform requests as user');
$table->boolean('access_update_apps')->default(false)->comment("App can update App Data from all Apps the User has Access to");
$table->boolean('access_update_profile')->default(false)->comment("App can Update the Profile Settings of the User");
$table->boolean('access_update_access')->default(false)->comment("App can Update the User-Access to all Apps");
$table->boolean('access_read_access')->default(false)->comment("App cann see which Apps the User give Access to");
$table->boolean('access_read_apps')->default(false)->comment("App can see which App are managed by the User");
$table->boolean('access_read_profile')->default(true)->comment("App can read the Profile Settings of the User");
});
$app = \App\Models\App::query()->where("name", "=", "PHP-GUI")->firstOrFail();
$app->access_update_apps = true;
$app->access_update_profile = true;
$app->access_update_access = true;
$app->access_read_apps = true;
$app->saveOrFail();
}
/**
* Reverse the migrations.
*
* @return void
*/
public function down()
{
Schema::table('apps', function (Blueprint $table) {
$table->dropColumn('access_oAuth');
$table->dropColumn('access_api');
$table->dropColumn('access_update_apps');
$table->dropColumn('access_update_profile');
$table->dropColumn('access_update_access');
$table->dropColumn('access_read_access');
$table->dropColumn('access_read_apps');
$table->dropColumn('access_read_profile');
});
}
}

View file

@ -51,6 +51,7 @@ $router->group(['prefix' => 'api'], function () use ($router) {
$router->get("/find", ['uses' => 'API\AppController@findApp']); $router->get("/find", ['uses' => 'API\AppController@findApp']);
$router->group(['prefix' => '{id}'], function () use ($router) { $router->group(['prefix' => '{id}'], function () use ($router) {
$router->get("/", ['uses' => 'API\AppController@appDetails']); $router->get("/", ['uses' => 'API\AppController@appDetails']);
$router->get("/access", ["uses" => "API\oAuthController@getAccess"]);
}); });
}); });