verdnatura/hedera-web
verdnatura
/
hedera-web
0
1
Fork 2
Code Issues Pull Requests 4 Releases Wiki Activity

Backup

This commit is contained in:
Juan Ferrer Toribio 2016-09-20 20:36:22 +02:00
parent d9829da5be
commit 5c159f3ceb
7 changed files with 123 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
conf/apache.conf
View File

@ -1,5 +1,5 @@
# Alias /hedera-web /usr/share/hedera-web/ # Alias /hedera-web /usr/share/hedera-web/
# Alias /vn-image-data /var/lib/hedera-web/image/ # Alias /vn-image-data /var/lib/hedera-web/image-db/
<Directory /usr/share/hedera-web/> <Directory /usr/share/hedera-web/>
@ -21,7 +21,7 @@
</Directory> </Directory>
<Directory /var/lib/hedera-web/image/> <Directory /var/lib/hedera-web/image-db/>
Options Indexes FollowSymLinks MultiViews Options Indexes FollowSymLinks MultiViews
AllowOverride FileInfo Options AllowOverride FileInfo Options

9
rest/core/login.php
View File

@ -1,13 +1,20 @@
<?php <?php
require_once ('vn/web/json-request.php'); require_once ('vn/web/json-request.php');
require_once ('vn/web/jwt.php');
class Login extends Vn\Web\JsonRequest class Login extends Vn\Web\JsonRequest
{ {
function run () function run ()
{ {
$token = Jwt::encode ([
'userName' => $_SESSION['user'],
'timestamp' => time ()
'exp' => time () + 7 * 24 * 60 * 60
]);
$this->updateCredentials (); $this->updateCredentials ();
return TRUE; return $token;
} }
/** /**

24
rest/core/query.php
View File

@ -10,13 +10,17 @@ class Query extends Vn\Web\JsonRequest
function run ($db) function run ($db)
{ {
$password = $db->getValue (
'SELECT password FROM user WHERE name = #', $_SESSION['user']);
$userDb = $this->createConnection ($_SESSION['user'], $password);
$results = []; $results = [];
try { try {
$db->multiQuery ($_REQUEST['sql']); $userDb->multiQuery ($_REQUEST['sql']);
do { do {
$result = $db->storeResult (); $result = $userDb->storeResult ();
if ($result !== FALSE) if ($result !== FALSE)
{ {
@ -26,12 +30,12 @@ class Query extends Vn\Web\JsonRequest
else else
$results[] = TRUE; $results[] = TRUE;
} }
while ($db->moreResults () && $db->nextResult ()); while ($userDb->moreResults () && $userDb->nextResult ());
// Checks for warnings // Checks for warnings
if ($db->checkWarnings () if ($userDb->checkWarnings ()
&& ($result = $db->query ('SHOW WARNINGS'))) && ($result = $userDb->query ('SHOW WARNINGS')))
{ {
$sql = 'SELECT description, @warn code '. $sql = 'SELECT description, @warn code '.
'FROM sql_message WHERE code = @warn'; 'FROM sql_message WHERE code = @warn';
@ -39,7 +43,7 @@ class Query extends Vn\Web\JsonRequest
while ($row = $result->fetch_assoc ()) while ($row = $result->fetch_assoc ())
{ {
if ($row['Code'] == 1265 if ($row['Code'] == 1265
&& ($warning = $db->getRow ($sql))) && ($warning = $userDb->getRow ($sql)))
trigger_error ("{$warning['code']}: {$warning['description']}", E_USER_WARNING); trigger_error ("{$warning['code']}: {$warning['description']}", E_USER_WARNING);
else else
trigger_error ("{$row['Code']}: {$row['Message']}", E_USER_WARNING); trigger_error ("{$row['Code']}: {$row['Message']}", E_USER_WARNING);
@ -48,7 +52,7 @@ class Query extends Vn\Web\JsonRequest
// Checks for errors // Checks for errors
$db->checkError (); $userDb->checkError ();
} }
catch (Vn\Db\Exception $e) catch (Vn\Db\Exception $e)
{ {
@ -62,7 +66,7 @@ class Query extends Vn\Web\JsonRequest
{ {
$sql = 'SELECT description, #code code '. $sql = 'SELECT description, #code code '.
'FROM sql_message WHERE code = #code'; 'FROM sql_message WHERE code = #code';
$row = $db->getRow ($sql, ['code' => $message]); $row = $userDb->getRow ($sql, ['code' => $message]);
break; break;
} }
case 1305: // ER_SP_DOES_NOT_EXIST case 1305: // ER_SP_DOES_NOT_EXIST
@ -72,7 +76,7 @@ class Query extends Vn\Web\JsonRequest
$sql = 'SELECT description, @err code '. $sql = 'SELECT description, @err code '.
'FROM sql_message WHERE code = @err'; 'FROM sql_message WHERE code = @err';
$row = $db->getRow ($sql); $row = $userDb->getRow ($sql);
break; break;
} }
} }
@ -87,7 +91,7 @@ class Query extends Vn\Web\JsonRequest
} }
/** /**
* Transforms the database result into a JSON parseable array. * Transforms the database result into a JSON parseable object.
**/ **/
function transformResult ($result) function transformResult ($result)
{ {

8
rest/image/image.php
View File

@ -1,5 +1,7 @@
<?php <?php
use Vn\Lib\UserException;
class Image class Image
{ {
/** /**
@ -24,10 +26,10 @@ class Image
$image = imagecreatefromgif ($srcFile); $image = imagecreatefromgif ($srcFile);
break; break;
default: default:
throw new Exception (s('Bad file format')); throw new UserException (s('Bad file format'));
} }
else else
throw new Exception (s('Image open error')); throw new UserException (s('Image open error'));
return $image; return $image;
} }
@ -138,7 +140,7 @@ class Image
} }
if (!$saved) if (!$saved)
throw new Exception (sprintf (s('File save error: %s'), $dstFile)); throw new UserException (sprintf (s('File save error: %s'), $dstFile));
} }
} }

119
vn/web/app.php
View File

@ -67,125 +67,6 @@ class App extends \Vn\Lib\App
else else
return parent::getConfigFile (); return parent::getConfigFile ();
} }
/**
* Tries to retrieve user credentials from many sources such as POST,
* SESSION or COOKIES. If $_POST['remember'] is defined the user credentials
* are saved on the client brownser for future logins, cookies names are
* 'vn_user' for the user name and 'vn_pass' for user password, the
* password is encoded using base64_encode() function and should be decoded
* using base64_decode().
*
* return Db\Conn The database connection
**/
function login ()
{
if ($this->conn)
return $this->conn;
$user = NULL;
$password = NULL;
$credentialsChanged = TRUE;
$wasLoged = isset ($_SESSION['user']);
if (isset ($_POST['guest']))
{
$sysConn = $this->getSysConn ();
$row = $sysConn->getRow (
'SELECT guest_user, guest_pass FROM config');
if ($row)
{
$user = $row['guest_user'];
$password = base64_decode ($row['guest_pass']);
}
}
elseif (isset ($_POST['user']) && isset ($_POST['password']))
{
$user = $_POST['user'];
$password = $_POST['password'];
}
elseif (isset ($_POST['token']) || isset ($_GET['token']))
{
$key = $sysDb->getValue ('SELECT jwt_key FROM config');
$jwtPayload = Jwt::decode ($_REQUEST['token'], $key);
$user = $jwtPayload['user'];
}
elseif (isset ($_SESSION['user']))
{
$user = $_SESSION['user'];
$password = $_SESSION['password'];
$credentialsChanged = FALSE;
}
if (!isset ($user))
throw new SessionExpiredException ();
$user = strtolower ($user);
try {
$db = $this->createConnection ($user, $password);
$db->query ('CALL userStartSession (#)', [session_id ()]);
$this->conn = $db;
$jwtToken = Jwt::encode ([
'userName' => $user,
'timestamp' => time ()
'exp' => NULL
]);
$_SESSION['user'] = $user;
$_SESSION['password'] = $password;
}
catch (\Exception $e)
{
$this->conn = NULL;
throw new BadLoginException ();
}
// Registering the user access
if (!$wasLoged)
unset ($_SESSION['visitUser']);
if (isset ($_SESSION['access'])
&& !isset ($_SESSION['visitUser']))
{
$sysConn = $this->getSysConn ();
$_SESSION['visitUser'] = $sysConn->getValue (
'CALL visitUserNew (#, #, #)',
[
$_SESSION['access']
,nullIf ($_SESSION, 'visitUser')
,session_id ()
]
);
if (!isset ($_SESSION['visitUnknown']))
$_SESSION['visitUnknown'] = $_SESSION['visitUser'];
}
return $db;
}
/**
* Logouts the current user. Cleans the last saved used credentials.
**/
function logout ()
{
$_SESSION['visitUser'] = nullIf ($_SESSION, 'visitUnknown');
setcookie ('vnPass', '', -1);
unset ($_SESSION['user']);
unset ($_SESSION['password']);
if ($this->conn)
{
$this->conn->query ('DELETE FROM user_session_view');
$this->conn->close ();
$this->conn = NULL;
}
}
} }
?> ?>

13
vn/web/db-session-handler.php
View File

@ -18,14 +18,14 @@ class DbSessionHandler implements SessionHandlerInterface
function destroy ($sessionId) function destroy ($sessionId)
{ {
$db->query ('DELETE FROM userSession WHERE id = #', [$sessionId]); $db->query ('DELETE FROM userSession WHERE ssid = #', [$sessionId]);
return TRUE; return TRUE;
} }
function gc ($maxLifeTime) function gc ($maxLifeTime)
{ {
$db->query ('DELETE FROM userSession $db->query ('DELETE FROM userSession
WHERE creationDate < TIMESTAMPADD(SECOND, -#, NOW())', WHERE lastUpdate < TIMESTAMPADD(SECOND, -#, NOW())',
[$maxLifeTime] [$maxLifeTime]
); );
return TRUE; return TRUE;
@ -38,20 +38,19 @@ class DbSessionHandler implements SessionHandlerInterface
function read ($sessionId) function read ($sessionId)
{ {
$db->query ('DO GET_LOCK(#, 30)', [$sessionId]); //$db->query ('DO GET_LOCK(#, 30)', [$sessionId]);
$sessionData = $db->getValue ( $sessionData = $db->getValue (
'SELECT data FROM userSession WHERE id = #', [$sessionId]); 'SELECT data FROM userSession WHERE ssid = #', [$sessionId]);
return isset ($sessionData) ? $sessionData : ''; return isset ($sessionData) ? $sessionData : '';
} }
function write ($sessionId, $sessionData) function write ($sessionId, $sessionData)
{ {
$db->query ('REPLACE INTO userSession SET id = #, data = #', $db->query ('REPLACE INTO userSession SET ssid = #, data = #',
[$sessionId, $sessionData]); [$sessionId, $sessionData]);
$db->query ('DO RELEASE_LOCK(#)', [$sessionId]); //$db->query ('DO RELEASE_LOCK(#)', [$sessionId]);
return TRUE; return TRUE;
} }
} }
?> ?>

90
vn/web/service.php
View File

@ -5,9 +5,7 @@ namespace Vn\Web;
require_once ('vn/lib/app.php'); require_once ('vn/lib/app.php');
require_once (__DIR__.'/db-session-handler.php'); require_once (__DIR__.'/db-session-handler.php');
use Vn\Lib;
use Vn\Lib\Locale; use Vn\Lib\Locale;
use Vn\Db\Conn;
/** /**
* Thrown when user credentials could not be fetched. * Thrown when user credentials could not be fetched.
@ -118,6 +116,94 @@ abstract class Service
$_SESSION['skipVisit'] = TRUE; $_SESSION['skipVisit'] = TRUE;
} }
/**
* Tries to retrieve user credentials from many sources such as POST,
* SESSION or COOKIES. If $_POST['remember'] is defined the user credentials
* are saved on the client brownser for future logins, cookies names are
* 'vn_user' for the user name and 'vn_pass' for user password, the
* password is encoded using base64_encode() function and should be decoded
* using base64_decode().
*
* return Db\Conn The database connection
**/
function login ()
{
$db = $this->getSysConn ();
$user = NULL;
$wasLoged = isset ($_SESSION['user']);
if (isset ($_POST['user']) && isset ($_POST['password']))
{
$user = strtolower ($_POST['user']);
try {
$db->query ('CALL account.userLogin (#, #)',
[$user, $_POST['password']]);
}
catch (\Exception $e)
{
throw new BadLoginException ();
}
}
else
{
if (isset ($_POST['token']) || isset ($_GET['token']))
{
if (isset ($_POST['token']))
$token = $_POST['token'];
if (isset ($_GET['token']))
$token = $_GET['token'];
$key = $db->getValue ('SELECT jwt_key FROM config');
$jwtPayload = Jwt::decode ($token, $key);
$expiration = $jwtPayload['exp'];
if (isset ($expiration) && $expiration > time())
throw new SessionExpiredException ();
$user = $jwtPayload['user'];
}
else
$user = $db->getValue ('SELECT guest_user FROM config');
$db->query ('CALL account.userLoginWithName (#)', [$user]);
}
$_SESSION['user'] = $user;
// Registering the user access
if (isset ($_SESSION['access'])
&& (!isset ($_SESSION['visitUser'] || $wasLoged)))
{
$_SESSION['visitUser'] = TRUE;
$db->query (
'CALL visitUserNew (#, #)',
[$_SESSION['access'], session_id ()]
);
}
$db->query ('CALL userSessionStart (#)', [session_id ()]);
}
function deinit ()
{
$db = $this->getSysConn ();
$db->query ('CALL userSessionEnd ()');
$db->query ('CALL account.userLogout ()');
}
/**
* Logouts the current user. Cleans the last saved used credentials.
**/
function logout ()
{
unset ($_SESSION['visitUser']);
unset ($_SESSION['user']);
}
/** /**
* Checks if the HTTP connection is secure. * Checks if the HTTP connection is secure.
* *