add logout, better router
This commit is contained in:
parent
39bcb09a36
commit
2e726ac423
2 changed files with 61 additions and 36 deletions
|
@ -34,6 +34,11 @@ class AuthHelper {
|
|||
file_put_contents($path, $data, LOCK_EX);
|
||||
}
|
||||
|
||||
public function delete_session(Session $session): int {
|
||||
$path = "/tmp/{$session->token}";
|
||||
return unlink($path) ? 0 : 1;
|
||||
}
|
||||
|
||||
/**
|
||||
* Loads the auth session associated with a specific key
|
||||
* @param string $token - the session $key
|
||||
|
|
|
@ -50,10 +50,9 @@ class Router {
|
|||
* Gets the HTTP request information
|
||||
*/
|
||||
private function get_req(): array {
|
||||
return array(
|
||||
'path' => $_SERVER['REQUEST_URI'],
|
||||
'method' => $_SERVER['REQUEST_METHOD'],
|
||||
);
|
||||
$path = $_SERVER['REQUEST_URI'];
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
return [$method, $path];
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -85,14 +84,14 @@ class Router {
|
|||
$info = $this->get_post_info('username', 'password');
|
||||
if ($info == NULL) {
|
||||
http_response_code(400);
|
||||
$this->send_message('Bad Requet', 'Credentials were not supplied');
|
||||
$this->send_message('400', 'Credentials were not supplied');
|
||||
return;
|
||||
}
|
||||
|
||||
$user = $this->ldap->search($info['username']);
|
||||
if ($user == NULL || !count($user)) {
|
||||
http_response_code(400);
|
||||
$this->send_message('Bad Requst', 'User does not exist');
|
||||
$this->send_message('Error', 'User does not exist');
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -103,7 +102,7 @@ class Router {
|
|||
$info['password']
|
||||
)) {
|
||||
http_response_code(400);
|
||||
$this->send_message('Bad Requst', 'Invalid Credentials');
|
||||
$this->send_message('Error', 'Invalid Credentials');
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -114,41 +113,62 @@ class Router {
|
|||
$this->send_message('Success', 'Authenticated. You can now go back to your content');
|
||||
}
|
||||
|
||||
/**
|
||||
* Handles the HTTP request
|
||||
* @param array<string,string> $req
|
||||
*/
|
||||
private function handle_req(array $req): void {
|
||||
if ($req['method'] == 'POST') {
|
||||
$this->handle_login();
|
||||
return;
|
||||
}
|
||||
private function handle_logout(): void {
|
||||
$session = $this->auth->get_session();
|
||||
if ($session == NULL) {
|
||||
// user is NOT authenticated
|
||||
if ($req['path'] == '/login') {
|
||||
// user is requesting login page
|
||||
http_response_code(303);
|
||||
header("Location: http://{$this->domain}/login");
|
||||
return;
|
||||
}
|
||||
if ($this->auth->delete_session($session)) {
|
||||
http_response_code(500);
|
||||
$this->send_message('Error',
|
||||
'Could not log out.');
|
||||
return;
|
||||
}
|
||||
http_response_code(200);
|
||||
$this->send_message('Logged Out',
|
||||
'You have been logged out successfully.');
|
||||
}
|
||||
|
||||
private function handle_auth(): void {
|
||||
$session = $this->auth->get_session();
|
||||
if ($session == NULL) {
|
||||
// redirect them to login
|
||||
http_response_code(303);
|
||||
header("Location: http://{$this->domain}/login");
|
||||
} else {
|
||||
// update session expiry
|
||||
$session->reset_expiry();
|
||||
$this->auth->save_session($session);
|
||||
// send auth info
|
||||
http_response_code(200);
|
||||
$session->write_headers();
|
||||
$this->send_message('Authenticated',
|
||||
'You are already logged in.<br><br><a href="logout">Log Out</a>');
|
||||
}
|
||||
}
|
||||
|
||||
private function page_login(): void {
|
||||
http_response_code(200);
|
||||
$this->send_page('login', array(
|
||||
'title' => 'Login'
|
||||
));
|
||||
} else {
|
||||
// user is trying to forward auth
|
||||
// redirect them to login
|
||||
http_response_code(303);
|
||||
header("Location: http://{$this->domain}/login");
|
||||
}
|
||||
} else {
|
||||
// user is authenticated
|
||||
$session->reset_expiry();
|
||||
$session->write_headers();
|
||||
$this->auth->save_session($session);
|
||||
}
|
||||
|
||||
private function page_not_found(): void {
|
||||
http_response_code(404);
|
||||
$this->send_message('404', 'Not Found');
|
||||
}
|
||||
|
||||
public function handle(): void {
|
||||
$req = $this->get_req();
|
||||
$this->handle_req($req);
|
||||
match ($this->get_req()) {
|
||||
['GET', '/'] => $this->handle_auth(),
|
||||
['GET', '/login'] => $this->page_login(),
|
||||
['POST', '/login'] => $this->handle_login(),
|
||||
['GET', '/logout'] => $this->handle_logout(),
|
||||
_ => $this->page_not_found()
|
||||
};
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue