Stuff, nmigration not done
This commit is contained in:
parent
fe2c37f7d7
commit
2905af6489
11 changed files with 216 additions and 37 deletions
|
@ -29,6 +29,7 @@ class AccountController extends BaseController
|
||||||
$users->lastPage(),
|
$users->lastPage(),
|
||||||
$users->perPage()
|
$users->perPage()
|
||||||
);
|
);
|
||||||
|
|
||||||
return $response->withData(\App\Http\Resources\API\User::collection(($users)));
|
return $response->withData(\App\Http\Resources\API\User::collection(($users)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -22,6 +22,10 @@ class AppController extends BaseController
|
||||||
throw new NotLoggedInException();
|
throw new NotLoggedInException();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!app('currentAccess')->getApp()->access_read_apps) {
|
||||||
|
throw new NoPermissionException(403, "App has no access to perform this request.");
|
||||||
|
}
|
||||||
|
|
||||||
$apps = \App\Models\App::query()->where("user_id", "=", Auth::user()->id)->get();
|
$apps = \App\Models\App::query()->where("user_id", "=", Auth::user()->id)->get();
|
||||||
|
|
||||||
return $response->withData(AppForOwner::collection(collect($apps)));
|
return $response->withData(AppForOwner::collection(collect($apps)));
|
||||||
|
|
|
@ -58,12 +58,16 @@ class UserController extends BaseController
|
||||||
throw new HTTPException("400", "Username or Password wrong");
|
throw new HTTPException("400", "Username or Password wrong");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$app = App::query()->where("name", "=", "PHP-GUI")->firstOrFail()->id;
|
||||||
|
|
||||||
//Create Access Permission for WebGUI
|
//Create Access Permission for WebGUI
|
||||||
$access = AppAccess::getOrCreate($user->id, App::query()->where("name", "=", "PHP-GUI")->firstOrFail()->id);
|
$access = AppAccess::getOrCreate($user->id, $app);
|
||||||
$token = \App\Models\AccessToken::createToken($access);
|
$token = \App\Models\AccessToken::createToken($access);
|
||||||
|
|
||||||
//Save Token to Session
|
//Save Token to Session
|
||||||
|
if(getenv("SAVE_TOKEN_TO_SESSION")) {
|
||||||
$_SESSION["token"] = $token->token;
|
$_SESSION["token"] = $token->token;
|
||||||
|
}
|
||||||
|
|
||||||
return new AccessToken($token);
|
return new AccessToken($token);
|
||||||
}
|
}
|
||||||
|
|
58
app/Http/Controllers/API/oAuthController.php
Normal file
58
app/Http/Controllers/API/oAuthController.php
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Http\Controllers\API;
|
||||||
|
|
||||||
|
use App\Entity\Token;
|
||||||
|
use App\Exceptions\HTTPException;
|
||||||
|
use App\Exceptions\NotLoggedInException;
|
||||||
|
use App\Exceptions\ResourceNotFound;
|
||||||
|
use App\Models\AccessToken;
|
||||||
|
use App\Models\App;
|
||||||
|
use App\Models\AppAccess;
|
||||||
|
use App\Models\AppCode;
|
||||||
|
use App\Models\RefreshToken;
|
||||||
|
use App\Models\User;
|
||||||
|
use Illuminate\Http\Request;
|
||||||
|
use Illuminate\Support\Facades\Auth;
|
||||||
|
use Illuminate\Support\Facades\Log;
|
||||||
|
use TaGeSo\APIResponse\Response;
|
||||||
|
|
||||||
|
class oAuthController extends Controller
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Create a new controller instance.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function __construct()
|
||||||
|
{
|
||||||
|
//
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getAccess(Response $response, Request $request, $id) {
|
||||||
|
if(!Auth::check()) {
|
||||||
|
throw new NotLoggedInException();
|
||||||
|
}
|
||||||
|
|
||||||
|
$app = App::query()->where("id", "=", $id);
|
||||||
|
|
||||||
|
if($request->get("create", false)) {
|
||||||
|
$access = AppAccess::getOrCreate(Auth::user()->id, $id);
|
||||||
|
} else {
|
||||||
|
$access = AppAccess::query()
|
||||||
|
->where("user_id", "=", Auth::user()->id)
|
||||||
|
->where("app_id", "=", $id)->first();
|
||||||
|
}
|
||||||
|
|
||||||
|
if(empty($access)) {
|
||||||
|
throw new ResourceNotFound();
|
||||||
|
}
|
||||||
|
|
||||||
|
//Auto Allow
|
||||||
|
if($app->auto_accept) {
|
||||||
|
$access->status = "allowed";
|
||||||
|
}
|
||||||
|
|
||||||
|
return $response->withData(new \App\Http\Resources\API\App($access));
|
||||||
|
}
|
||||||
|
}
|
|
@ -22,6 +22,16 @@ class App extends JsonResource
|
||||||
'description' => $this->description,
|
'description' => $this->description,
|
||||||
'directUrl' => $this->direct_url,
|
'directUrl' => $this->direct_url,
|
||||||
'url' => $this->url,
|
'url' => $this->url,
|
||||||
|
'access' => [
|
||||||
|
'oAuth' => (bool)$this->access_oAuth,
|
||||||
|
'api' => (bool)$this->access_api,
|
||||||
|
'update_apps' => (bool)$this->access_update_apps,
|
||||||
|
'update_profile' => (bool)$this->access_update_profile,
|
||||||
|
'update_access' => (bool)$this->access_update_access,
|
||||||
|
'read_access' => (bool)$this->access_read_access,
|
||||||
|
'read_apps' => (bool)$this->access_read_apps,
|
||||||
|
'read_profile' => (bool)$this->access_read_profile,
|
||||||
|
]
|
||||||
/*'properties' => [
|
/*'properties' => [
|
||||||
#'autoAccept' => $this->auto_accept,
|
#'autoAccept' => $this->auto_accept,
|
||||||
#'untrustedWarning' => $this->untrusted_warning,
|
#'untrustedWarning' => $this->untrusted_warning,
|
||||||
|
|
23
app/Http/Resources/API/AppAccess.php
Normal file
23
app/Http/Resources/API/AppAccess.php
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Http\Resources\API;
|
||||||
|
|
||||||
|
use Illuminate\Http\Resources\Json\JsonResource;
|
||||||
|
|
||||||
|
class AppAccess extends JsonResource
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Transform the resource into an array.
|
||||||
|
*
|
||||||
|
* @param \Illuminate\Http\Request $request
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
public function toArray($request)
|
||||||
|
{
|
||||||
|
return [
|
||||||
|
'app_id' => $this->app_id,
|
||||||
|
'user_id' => $this->user_id,
|
||||||
|
'status' => $this->status
|
||||||
|
];
|
||||||
|
}
|
||||||
|
}
|
|
@ -25,13 +25,23 @@ class AppForOwner extends JsonResource
|
||||||
'apiKey' => $this->apiKey,
|
'apiKey' => $this->apiKey,
|
||||||
'apiSecret' => $this->apiSecret,
|
'apiSecret' => $this->apiSecret,
|
||||||
'properties' => [
|
'properties' => [
|
||||||
'testingWarning' => $this->testing_warning,
|
'testingWarning' => (bool)$this->testing_warning,
|
||||||
'autoAccept' => $this->auto_accept,
|
'autoAccept' => (bool)$this->auto_accept,
|
||||||
'untrustedWarning' => $this->untrusted_warning,
|
'untrustedWarning' => (bool)$this->untrusted_warning,
|
||||||
'showOnWebpage' => $this->show_on_webpage,
|
'showOnWebpage' => (bool)$this->show_on_webpage,
|
||||||
'stopAutoRedirect' => $this->stop_auto_redirect,
|
'stopAutoRedirect' => (bool)$this->stop_auto_redirect,
|
||||||
'hideInAppList' => $this->hide_in_app_list,
|
'hideInAppList' => (bool)$this->hide_in_app_list,
|
||||||
'userCantRemoveApp' => $this->user_cant_remove_app
|
'userCantRemoveApp' => (bool)$this->user_cant_remove_app
|
||||||
|
],
|
||||||
|
'access' => [
|
||||||
|
'oAuth' => (bool)$this->access_oAuth,
|
||||||
|
'api' => (bool)$this->access_api,
|
||||||
|
'update_apps' => (bool)$this->access_update_apps,
|
||||||
|
'update_profile' => (bool)$this->access_update_profile,
|
||||||
|
'update_access' => (bool)$this->access_update_access,
|
||||||
|
'read_access' => (bool)$this->access_read_access,
|
||||||
|
'read_apps' => (bool)$this->access_read_apps,
|
||||||
|
'read_profile' => (bool)$this->access_read_profile,
|
||||||
]
|
]
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
|
@ -54,4 +54,8 @@ class AccessToken extends Model
|
||||||
return User::query()->where("id", "=", $this->getAppAccess()->user_id)->firstOrFail();
|
return User::query()->where("id", "=", $this->getAppAccess()->user_id)->firstOrFail();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function getApp(): App {
|
||||||
|
return $this->getAppAccess()->getApp();
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,6 +18,7 @@ class AuthServiceProvider extends ServiceProvider
|
||||||
public function register()
|
public function register()
|
||||||
{
|
{
|
||||||
//
|
//
|
||||||
|
$this->app->singleton('currentAccess', function() { return $this->getAccess(null); });
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -34,6 +35,24 @@ class AuthServiceProvider extends ServiceProvider
|
||||||
|
|
||||||
$this->app['auth']->viaRequest('api', function (Request $request) {
|
$this->app['auth']->viaRequest('api', function (Request $request) {
|
||||||
|
|
||||||
|
$accessToken = $this->getAccess($request);
|
||||||
|
if($accessToken == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
if(time() > strtotime($accessToken->expires_at)) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
if($accessToken->status =! "active") {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
return $accessToken->getUser();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
private function getAccess(?Request $request) {
|
||||||
$token = null;
|
$token = null;
|
||||||
if(isset($_SESSION["token"])) {
|
if(isset($_SESSION["token"])) {
|
||||||
$token = $_SESSION["token"];
|
$token = $_SESSION["token"];
|
||||||
|
@ -47,33 +66,24 @@ class AuthServiceProvider extends ServiceProvider
|
||||||
$token = $_GET["token"];
|
$token = $_GET["token"];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!is_null($request)) {
|
||||||
|
|
||||||
if($request->header("Authorization", false)) {
|
if($request->header("Authorization", false)) {
|
||||||
$token = trim($request->header("Authorization"));
|
$token = trim($request->header("Authorization"));
|
||||||
$t = explode(" ", $token);
|
$t = explode(" ", $token);
|
||||||
$token = last($t);
|
$token = last($t);
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
$headers = getallheaders();
|
||||||
|
$token = trim($headers["Authorization"]);
|
||||||
|
$t = explode(" ", $token);
|
||||||
|
$token = last($t);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
if($token == null) {
|
if($token == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
$accessToken = AccessToken::query()->where("token", "=", $token)->first();
|
return AccessToken::query()->where("token", "=", $token)->first();
|
||||||
if($accessToken == null) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
if(time() > strtotime($accessToken->expires_at)) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
if($accessToken->status =! "active") {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
return $accessToken->getUser();
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
54
database/migrations/2019_06_20_130513_app_permission.php
Normal file
54
database/migrations/2019_06_20_130513_app_permission.php
Normal file
|
@ -0,0 +1,54 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
use Illuminate\Support\Facades\Schema;
|
||||||
|
use Illuminate\Database\Schema\Blueprint;
|
||||||
|
use Illuminate\Database\Migrations\Migration;
|
||||||
|
|
||||||
|
class AppPermission extends Migration
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Run the migrations.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function up()
|
||||||
|
{
|
||||||
|
Schema::table('apps', function (Blueprint $table) {
|
||||||
|
$table->boolean('access_oAuth')->default(true)->comment('Perform oAuth Request and get user profile');
|
||||||
|
$table->boolean('access_api')->default(true)->comment('App can Access the API, perform requests as user');
|
||||||
|
$table->boolean('access_update_apps')->default(false)->comment("App can update App Data from all Apps the User has Access to");
|
||||||
|
$table->boolean('access_update_profile')->default(false)->comment("App can Update the Profile Settings of the User");
|
||||||
|
$table->boolean('access_update_access')->default(false)->comment("App can Update the User-Access to all Apps");
|
||||||
|
$table->boolean('access_read_access')->default(false)->comment("App cann see which Apps the User give Access to");
|
||||||
|
$table->boolean('access_read_apps')->default(false)->comment("App can see which App are managed by the User");
|
||||||
|
$table->boolean('access_read_profile')->default(true)->comment("App can read the Profile Settings of the User");
|
||||||
|
});
|
||||||
|
|
||||||
|
|
||||||
|
$app = \App\Models\App::query()->where("name", "=", "PHP-GUI")->firstOrFail();
|
||||||
|
$app->access_update_apps = true;
|
||||||
|
$app->access_update_profile = true;
|
||||||
|
$app->access_update_access = true;
|
||||||
|
$app->access_read_apps = true;
|
||||||
|
$app->saveOrFail();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Reverse the migrations.
|
||||||
|
*
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function down()
|
||||||
|
{
|
||||||
|
Schema::table('apps', function (Blueprint $table) {
|
||||||
|
$table->dropColumn('access_oAuth');
|
||||||
|
$table->dropColumn('access_api');
|
||||||
|
$table->dropColumn('access_update_apps');
|
||||||
|
$table->dropColumn('access_update_profile');
|
||||||
|
$table->dropColumn('access_update_access');
|
||||||
|
$table->dropColumn('access_read_access');
|
||||||
|
$table->dropColumn('access_read_apps');
|
||||||
|
$table->dropColumn('access_read_profile');
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
|
@ -51,6 +51,7 @@ $router->group(['prefix' => 'api'], function () use ($router) {
|
||||||
$router->get("/find", ['uses' => 'API\AppController@findApp']);
|
$router->get("/find", ['uses' => 'API\AppController@findApp']);
|
||||||
$router->group(['prefix' => '{id}'], function () use ($router) {
|
$router->group(['prefix' => '{id}'], function () use ($router) {
|
||||||
$router->get("/", ['uses' => 'API\AppController@appDetails']);
|
$router->get("/", ['uses' => 'API\AppController@appDetails']);
|
||||||
|
$router->get("/access", ["uses" => "API\oAuthController@getAccess"]);
|
||||||
|
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
Reference in a new issue