web-base/core/Objects/Session.class.php

<?php

namespace Objects;

use DateTime;
use \Driver\SQL\Condition\Compare;
use Exception;
use External\JWT;

class Session extends ApiObject {

  # in minutes
  const DURATION = 60*24;

  private ?int $sessionId;
  private User $user;
  private int $expires;
  private string $ipAddress;
  private ?string $os;
  private ?string $browser;
  private bool $stayLoggedIn;
  private string $csrfToken;

  public function __construct(User $user, ?int $sessionId, ?string $csrfToken) {
    $this->user = $user;
    $this->sessionId = $sessionId;
    $this->stayLoggedIn = true;
    $this->csrfToken = $csrfToken ?? generateRandomString(16);
  }

  public static function create($user, $stayLoggedIn): ?Session {
    $session = new Session($user, null, null);
    if($session->insert($stayLoggedIn)) {
      return $session;
    }

    return null;
  }

  private function updateMetaData() {
    $this->expires = time() + Session::DURATION * 60;
    $this->ipAddress = $_SERVER['REMOTE_ADDR'];
    try {
      $userAgent = @get_browser($_SERVER['HTTP_USER_AGENT'], true);
      $this->os = $userAgent['platform'] ?? "Unknown";
      $this->browser = $userAgent['parent'] ?? "Unknown";
    } catch(Exception $ex) {
      $this->os = "Unknown";
      $this->browser = "Unknown";
    }
  }

  public function setData($data) {
    foreach($data as $key => $value) {
      $_SESSION[$key] = $value;
    }
  }

  public function stayLoggedIn($val) {
    $this->stayLoggedIn = $val;
  }

  public function sendCookie() {
    $this->updateMetaData();
    $settings = $this->user->getConfiguration()->getSettings();
    $token = array('userId' => $this->user->getId(), 'sessionId' => $this->sessionId);
    $sessionCookie = JWT::encode($token, $settings->getJwtSecret());
    $secure = strcmp(getProtocol(), "https") === 0;
    setcookie('session', $sessionCookie, $this->getExpiresTime(), "/", "", $secure, true);
  }

  public function getExpiresTime(): int {
    return ($this->stayLoggedIn == 0 ? 0 : $this->expires);
  }

  public function getExpiresSeconds(): int {
    return ($this->stayLoggedIn == 0 ? -1 : $this->expires - time());
  }

  public function jsonSerialize(): array {
    return array(
      'uid' => $this->sessionId,
      'user_id' => $this->user->getId(),
      'expires' => $this->expires,
      'ipAddress' => $this->ipAddress,
      'os' => $this->os,
      'browser' => $this->browser,
      'csrf_token' => $this->csrfToken
    );
  }

  public function insert($stayLoggedIn): bool {
    $this->updateMetaData();
    $sql = $this->user->getSQL();

    $minutes = Session::DURATION;
    $columns = array("expires", "user_id", "ipAddress", "os", "browser", "data", "stay_logged_in", "csrf_token");

    $success = $sql
      ->insert("Session", $columns)
      ->addRow(
        (new DateTime())->modify("+$minutes minute"),
        $this->user->getId(),
        $this->ipAddress,
        $this->os,
        $this->browser,
        json_encode($_SESSION),
        $stayLoggedIn,
        $this->csrfToken)
      ->returning("uid")
      ->execute();

    if($success) {
      $this->sessionId = $this->user->getSQL()->getLastInsertId();
      return true;
    }

    return false;
  }

  public function destroy() {
    return $this->user->getSQL()->update("Session")
      ->set("active", false)
      ->where(new Compare("Session.uid", $this->sessionId))
      ->where(new Compare("Session.user_id", $this->user->getId()))
      ->execute();
  }

  public function update() {
    $this->updateMetaData();
    $minutes = Session::DURATION;

    $sql = $this->user->getSQL();
    return $sql->update("Session")
      ->set("Session.expires", (new DateTime())->modify("+$minutes minute"))
      ->set("Session.ipAddress", $this->ipAddress)
      ->set("Session.os", $this->os)
      ->set("Session.browser", $this->browser)
      ->set("Session.data", json_encode($_SESSION))
      ->set("Session.csrf_token", $this->csrfToken)
      ->where(new Compare("Session.uid", $this->sessionId))
      ->where(new Compare("Session.user_id", $this->user->getId()))
      ->execute();
  }

  public function getCsrfToken(): string {
    return $this->csrfToken;
  }
}
Initial Commit 2020-02-09 23:02:19 +01:00			`<?php`

			`namespace Objects;`

php 7.4 dev branch 2020-04-03 15:56:04 +02:00			`use DateTime;`
Database abstraction 2020-04-02 00:02:51 +02:00			`use \Driver\SQL\Condition\Compare;`
php 7.4 dev branch 2020-04-03 15:56:04 +02:00			`use Exception;`
			`use External\JWT;`
Database abstraction 2020-04-02 00:02:51 +02:00
Initial Commit 2020-02-09 23:02:19 +01:00			`class Session extends ApiObject {`

Frontend, Bugfixes 2020-04-04 01:15:59 +02:00			`# in minutes`
			`const DURATION = 60*24;`
Initial Commit 2020-02-09 23:02:19 +01:00
php 7.4 dev branch 2020-04-03 15:56:04 +02:00			`private ?int $sessionId;`
			`private User $user;`
			`private int $expires;`
			`private string $ipAddress;`
			`private ?string $os;`
			`private ?string $browser;`
			`private bool $stayLoggedIn;`
CSRF Token + small fixes 2020-06-14 19:39:52 +02:00			`private string $csrfToken;`
Initial Commit 2020-02-09 23:02:19 +01:00
CSRF Token + small fixes 2020-06-14 19:39:52 +02:00			`public function __construct(User $user, ?int $sessionId, ?string $csrfToken) {`
Initial Commit 2020-02-09 23:02:19 +01:00			`$this->user = $user;`
			`$this->sessionId = $sessionId;`
Database stuff 2020-02-17 00:18:37 +01:00			`$this->stayLoggedIn = true;`
CSRF Token + small fixes 2020-06-14 19:39:52 +02:00			`$this->csrfToken = $csrfToken ?? generateRandomString(16);`
Database stuff 2020-02-17 00:18:37 +01:00			`}`

Readme, some fixes, rel noopener for _blank links 2021-04-03 10:39:13 +02:00			`public static function create($user, $stayLoggedIn): ?Session {`
CSRF Token + small fixes 2020-06-14 19:39:52 +02:00			`$session = new Session($user, null, null);`
Database stuff 2020-02-17 00:18:37 +01:00			`if($session->insert($stayLoggedIn)) {`
			`return $session;`
			`}`

			`return null;`
Initial Commit 2020-02-09 23:02:19 +01:00			`}`

			`private function updateMetaData() {`
			`$this->expires = time() + Session::DURATION * 60;`
			`$this->ipAddress = $_SERVER['REMOTE_ADDR'];`
Some more functionalities 2020-02-10 00:52:25 +01:00			`try {`
			`$userAgent = @get_browser($_SERVER['HTTP_USER_AGENT'], true);`
			`$this->os = $userAgent['platform'] ?? "Unknown";`
			`$this->browser = $userAgent['parent'] ?? "Unknown";`
php 7.4 dev branch 2020-04-03 15:56:04 +02:00			`} catch(Exception $ex) {`
Some more functionalities 2020-02-10 00:52:25 +01:00			`$this->os = "Unknown";`
			`$this->browser = "Unknown";`
			`}`
Initial Commit 2020-02-09 23:02:19 +01:00			`}`

Database stuff 2020-02-17 00:18:37 +01:00			`public function setData($data) {`
			`foreach($data as $key => $value) {`
			`$_SESSION[$key] = $value;`
			`}`
			`}`

			`public function stayLoggedIn($val) {`
			`$this->stayLoggedIn = $val;`
			`}`

Initial Commit 2020-02-09 23:02:19 +01:00			`public function sendCookie() {`
			`$this->updateMetaData();`
Bugfixes, Postgres improved support 2020-06-25 16:54:58 +02:00			`$settings = $this->user->getConfiguration()->getSettings();`
			`$token = array('userId' => $this->user->getId(), 'sessionId' => $this->sessionId);`
			`$sessionCookie = JWT::encode($token, $settings->getJwtSecret());`
			`$secure = strcmp(getProtocol(), "https") === 0;`
1.3.0 2021-11-11 14:25:26 +01:00			`setcookie('session', $sessionCookie, $this->getExpiresTime(), "/", "", $secure, true);`
Initial Commit 2020-02-09 23:02:19 +01:00			`}`

Readme, some fixes, rel noopener for _blank links 2021-04-03 10:39:13 +02:00			`public function getExpiresTime(): int {`
Database stuff 2020-02-17 00:18:37 +01:00			`return ($this->stayLoggedIn == 0 ? 0 : $this->expires);`
Initial Commit 2020-02-09 23:02:19 +01:00			`}`

Readme, some fixes, rel noopener for _blank links 2021-04-03 10:39:13 +02:00			`public function getExpiresSeconds(): int {`
Database stuff 2020-02-17 00:18:37 +01:00			`return ($this->stayLoggedIn == 0 ? -1 : $this->expires - time());`
Initial Commit 2020-02-09 23:02:19 +01:00			`}`

Readme, some fixes, rel noopener for _blank links 2021-04-03 10:39:13 +02:00			`public function jsonSerialize(): array {`
Initial Commit 2020-02-09 23:02:19 +01:00			`return array(`
			`'uid' => $this->sessionId,`
Database stuff 2020-02-17 00:18:37 +01:00			`'user_id' => $this->user->getId(),`
Initial Commit 2020-02-09 23:02:19 +01:00			`'expires' => $this->expires,`
			`'ipAddress' => $this->ipAddress,`
			`'os' => $this->os,`
			`'browser' => $this->browser,`
CSRF Token + small fixes 2020-06-14 19:39:52 +02:00			`'csrf_token' => $this->csrfToken`
Initial Commit 2020-02-09 23:02:19 +01:00			`);`
			`}`

Readme, some fixes, rel noopener for _blank links 2021-04-03 10:39:13 +02:00			`public function insert($stayLoggedIn): bool {`
Initial Commit 2020-02-09 23:02:19 +01:00			`$this->updateMetaData();`
Database abstraction 2020-04-02 00:02:51 +02:00			`$sql = $this->user->getSQL();`

Frontend, Bugfixes 2020-04-04 01:15:59 +02:00			`$minutes = Session::DURATION;`
CSRF Token + small fixes 2020-06-14 19:39:52 +02:00			`$columns = array("expires", "user_id", "ipAddress", "os", "browser", "data", "stay_logged_in", "csrf_token");`
Database abstraction 2020-04-02 00:02:51 +02:00
			`$success = $sql`
			`->insert("Session", $columns)`
			`->addRow(`
Frontend, Bugfixes 2020-04-04 01:15:59 +02:00			`(new DateTime())->modify("+$minutes minute"),`
Database abstraction 2020-04-02 00:02:51 +02:00			`$this->user->getId(),`
			`$this->ipAddress,`
			`$this->os,`
			`$this->browser,`
			`json_encode($_SESSION),`
CSRF Token + small fixes 2020-06-14 19:39:52 +02:00			`$stayLoggedIn,`
			`$this->csrfToken)`
PostgreSQL INSERT+CREATE TABLE 2020-04-02 01:48:46 +02:00			`->returning("uid")`
Database abstraction 2020-04-02 00:02:51 +02:00			`->execute();`
Initial Commit 2020-02-09 23:02:19 +01:00
			`if($success) {`
			`$this->sessionId = $this->user->getSQL()->getLastInsertId();`
			`return true;`
			`}`

			`return false;`
			`}`

			`public function destroy() {`
php 7.4 dev branch 2020-04-03 15:56:04 +02:00			`return $this->user->getSQL()->update("Session")`
Database abstraction 2020-04-02 00:02:51 +02:00			`->set("active", false)`
			`->where(new Compare("Session.uid", $this->sessionId))`
			`->where(new Compare("Session.user_id", $this->user->getId()))`
			`->execute();`
Initial Commit 2020-02-09 23:02:19 +01:00			`}`

			`public function update() {`
			`$this->updateMetaData();`
Frontend, Bugfixes 2020-04-04 01:15:59 +02:00			`$minutes = Session::DURATION;`
Database abstraction 2020-04-02 00:02:51 +02:00
			`$sql = $this->user->getSQL();`
php 7.4 dev branch 2020-04-03 15:56:04 +02:00			`return $sql->update("Session")`
Frontend, Bugfixes 2020-04-04 01:15:59 +02:00			`->set("Session.expires", (new DateTime())->modify("+$minutes minute"))`
Database abstraction 2020-04-02 00:02:51 +02:00			`->set("Session.ipAddress", $this->ipAddress)`
			`->set("Session.os", $this->os)`
			`->set("Session.browser", $this->browser)`
			`->set("Session.data", json_encode($_SESSION))`
CSRF Token + small fixes 2020-06-14 19:39:52 +02:00			`->set("Session.csrf_token", $this->csrfToken)`
Database abstraction 2020-04-02 00:02:51 +02:00			`->where(new Compare("Session.uid", $this->sessionId))`
			`->where(new Compare("Session.user_id", $this->user->getId()))`
			`->execute();`
Initial Commit 2020-02-09 23:02:19 +01:00			`}`
CSRF Token + small fixes 2020-06-14 19:39:52 +02:00
			`public function getCsrfToken(): string {`
			`return $this->csrfToken;`
			`}`
Initial Commit 2020-02-09 23:02:19 +01:00			`}`