diff options
Diffstat (limited to 'src/web/router.php')
| -rw-r--r-- | src/web/router.php | 154 |
1 files changed, 154 insertions, 0 deletions
diff --git a/src/web/router.php b/src/web/router.php new file mode 100644 index 0000000..91deaa2 --- /dev/null +++ b/src/web/router.php @@ -0,0 +1,154 @@ +<?php /* Copyright (c) 2024 Freya Murphy */ + +class Router { + + private $ldap; + private $auth; + + private $domain; + + function __construct() { + $this->ldap = new LDAPHelper(); + $this->auth = new AuthHelper(); + + $this->domain = getenv("HTTP_HOST"); + } + + /** + * Displays a page to the user + * @param string $file + * @param array<string,mixed> $data + */ + private function send_page( + string $file, + array $data = array() + ): void { + extract($data); + $webroot = $GLOBALS['webroot']; + require($webroot . '/views/header.php'); + require($webroot . "/views/$file.php"); + require($webroot . '/views/footer.php'); + } + + /** + * Displays a message to the user (message page) + * @param string $title + * @param string $msg + * @param int $code + */ + private function send_message( + string $title, + string $msg + ): void { + $this->send_page('message', array( + 'title' => $title, + 'msg' => $msg + )); + } + + /** + * Gets the HTTP request information + */ + private function get_req(): array { + return array( + 'path' => $_SERVER['REQUEST_URI'], + 'method' => $_SERVER['REQUEST_METHOD'], + ); + } + + /** + * @param array<string> $fields + */ + private function get_post_info( + string ...$fields + ): ?array { + $values = array(); + + try { + $temp = NULL; + parse_str(file_get_contents('php://input'), $temp); + foreach ($temp as $key => $value) { + $_POST[$key] = $value; + } + } catch (Exception $_e) {} + + foreach ($fields as $key) { + if (!isset($_POST[$key])) + return NULL; + $values[$key] = $_POST[$key]; + } + + return $values; + } + + private function handle_login(): void { + $info = $this->get_post_info('username', 'password'); + if ($info == NULL) { + http_response_code(400); + $this->send_message('Bad Requet', 'Credentials were not supplied'); + return; + } + + $user = $this->ldap->search($info['username']); + if ($user == NULL || !count($user)) { + http_response_code(400); + $this->send_message('Bad Requst', 'User does not exist'); + return; + } + + $user = $user[0]; + + if ($this->ldap->bind( + $user->dn, + $info['password'] + )) { + http_response_code(400); + $this->send_message('Bad Requst', 'Invalid Credentials'); + return; + } + + $session = $this->auth->create_session($user); + + http_response_code(200); + $session->write_headers(); + $this->send_message('Success', 'Authenticated. You can now go back to your content'); + } + + /** + * Handles the HTTP request + * @param array<string,string> $req + */ + private function handle_req(array $req): void { + if ($req['method'] == 'POST') { + $this->handle_login(); + return; + } + $session = $this->auth->get_session(); + if ($session == NULL) { + // user is NOT authenticated + if ($req['path'] == '/login') { + // user is requesting login page + http_response_code(200); + $this->send_page('login', array( + 'title' => 'Login' + )); + } else { + // user is trying to forward auth + // redirect them to login + http_response_code(303); + header("Location: http://{$this->domain}/login"); + } + } else { + // user is authenticated + $session->reset_expiry(); + $session->write_headers(); + $this->auth->save_session($session); + } + } + + public function handle(): void { + $req = $this->get_req(); + $this->handle_req($req); + } + +} |