web-base/core/Objects/Session.class.php

163 lines
4.6 KiB
PHP
Raw Normal View History

2020-02-09 23:02:19 +01:00
<?php
namespace Objects;
2020-04-03 15:56:04 +02:00
use DateTime;
2020-04-02 00:02:51 +02:00
use \Driver\SQL\Condition\Compare;
2021-12-08 16:53:43 +01:00
use Driver\SQL\Expression\CurrentTimeStamp;
2020-04-03 15:56:04 +02:00
use Exception;
use External\JWT;
2020-04-02 00:02:51 +02:00
2020-02-09 23:02:19 +01:00
class Session extends ApiObject {
2020-04-04 01:15:59 +02:00
# in minutes
2022-02-20 16:53:26 +01:00
const DURATION = 60*60*24*14;
2020-02-09 23:02:19 +01:00
2020-04-03 15:56:04 +02:00
private ?int $sessionId;
private User $user;
private int $expires;
private string $ipAddress;
private ?string $os;
private ?string $browser;
private bool $stayLoggedIn;
2020-06-14 19:39:52 +02:00
private string $csrfToken;
2020-02-09 23:02:19 +01:00
2020-06-14 19:39:52 +02:00
public function __construct(User $user, ?int $sessionId, ?string $csrfToken) {
2020-02-09 23:02:19 +01:00
$this->user = $user;
$this->sessionId = $sessionId;
2022-02-20 16:53:26 +01:00
$this->stayLoggedIn = false;
2020-06-14 19:39:52 +02:00
$this->csrfToken = $csrfToken ?? generateRandomString(16);
2020-02-17 00:18:37 +01:00
}
2022-02-20 16:53:26 +01:00
public static function create(User $user, bool $stayLoggedIn = false): ?Session {
2020-06-14 19:39:52 +02:00
$session = new Session($user, null, null);
2022-02-20 16:53:26 +01:00
if ($session->insert($stayLoggedIn)) {
$session->stayLoggedIn = $stayLoggedIn;
2020-02-17 00:18:37 +01:00
return $session;
}
return null;
2020-02-09 23:02:19 +01:00
}
private function updateMetaData() {
2022-02-20 16:53:26 +01:00
$this->expires = time() + Session::DURATION;
$this->ipAddress = is_cli() ? "127.0.0.1" : $_SERVER['REMOTE_ADDR'];
2020-02-10 00:52:25 +01:00
try {
$userAgent = @get_browser($_SERVER['HTTP_USER_AGENT'], true);
$this->os = $userAgent['platform'] ?? "Unknown";
$this->browser = $userAgent['parent'] ?? "Unknown";
2020-04-03 15:56:04 +02:00
} catch(Exception $ex) {
2020-02-10 00:52:25 +01:00
$this->os = "Unknown";
$this->browser = "Unknown";
}
2020-02-09 23:02:19 +01:00
}
2022-02-20 16:53:26 +01:00
public function setData(array $data) {
2020-02-17 00:18:37 +01:00
foreach($data as $key => $value) {
$_SESSION[$key] = $value;
}
}
2022-02-20 16:53:26 +01:00
public function stayLoggedIn(bool $val) {
2020-02-17 00:18:37 +01:00
$this->stayLoggedIn = $val;
}
2022-02-20 16:53:26 +01:00
public function getCookie(): string {
2020-02-09 23:02:19 +01:00
$this->updateMetaData();
2020-06-25 16:54:58 +02:00
$settings = $this->user->getConfiguration()->getSettings();
2022-02-20 16:53:26 +01:00
$token = ['userId' => $this->user->getId(), 'sessionId' => $this->sessionId];
return JWT::encode($token, $settings->getJwtSecret());
}
public function sendCookie(?string $domain = null) {
$domain = empty($domain) ? "" : $domain;
$sessionCookie = $this->getCookie();
2020-06-25 16:54:58 +02:00
$secure = strcmp(getProtocol(), "https") === 0;
2022-02-20 16:53:26 +01:00
setcookie('session', $sessionCookie, $this->getExpiresTime(), "/", $domain, $secure, true);
2020-02-09 23:02:19 +01:00
}
public function getExpiresTime(): int {
2022-02-20 16:53:26 +01:00
return ($this->stayLoggedIn ? $this->expires : 0);
2020-02-09 23:02:19 +01:00
}
public function getExpiresSeconds(): int {
2022-02-20 16:53:26 +01:00
return ($this->stayLoggedIn ? $this->expires - time() : -1);
2020-02-09 23:02:19 +01:00
}
public function jsonSerialize(): array {
2020-02-09 23:02:19 +01:00
return array(
'uid' => $this->sessionId,
2020-02-17 00:18:37 +01:00
'user_id' => $this->user->getId(),
2020-02-09 23:02:19 +01:00
'expires' => $this->expires,
'ipAddress' => $this->ipAddress,
'os' => $this->os,
'browser' => $this->browser,
2020-06-14 19:39:52 +02:00
'csrf_token' => $this->csrfToken
2020-02-09 23:02:19 +01:00
);
}
2022-02-20 16:53:26 +01:00
public function insert(bool $stayLoggedIn = false): bool {
2020-02-09 23:02:19 +01:00
$this->updateMetaData();
2020-04-02 00:02:51 +02:00
$sql = $this->user->getSQL();
2020-04-04 01:15:59 +02:00
$minutes = Session::DURATION;
2020-06-14 19:39:52 +02:00
$columns = array("expires", "user_id", "ipAddress", "os", "browser", "data", "stay_logged_in", "csrf_token");
2020-04-02 00:02:51 +02:00
$success = $sql
->insert("Session", $columns)
->addRow(
2020-04-04 01:15:59 +02:00
(new DateTime())->modify("+$minutes minute"),
2020-04-02 00:02:51 +02:00
$this->user->getId(),
$this->ipAddress,
$this->os,
$this->browser,
2022-02-20 16:53:26 +01:00
json_encode($_SESSION ?? []),
2020-06-14 19:39:52 +02:00
$stayLoggedIn,
$this->csrfToken)
2020-04-02 01:48:46 +02:00
->returning("uid")
2020-04-02 00:02:51 +02:00
->execute();
2020-02-09 23:02:19 +01:00
2022-02-20 16:53:26 +01:00
if ($success) {
2020-02-09 23:02:19 +01:00
$this->sessionId = $this->user->getSQL()->getLastInsertId();
return true;
}
return false;
}
2021-12-08 16:53:43 +01:00
public function destroy(): bool {
2022-02-20 16:53:26 +01:00
session_destroy();
2020-04-03 15:56:04 +02:00
return $this->user->getSQL()->update("Session")
2020-04-02 00:02:51 +02:00
->set("active", false)
->where(new Compare("Session.uid", $this->sessionId))
->where(new Compare("Session.user_id", $this->user->getId()))
->execute();
2020-02-09 23:02:19 +01:00
}
2021-12-08 16:53:43 +01:00
public function update(): bool {
2020-02-09 23:02:19 +01:00
$this->updateMetaData();
2020-04-04 01:15:59 +02:00
$minutes = Session::DURATION;
2020-04-02 00:02:51 +02:00
$sql = $this->user->getSQL();
2021-12-08 16:53:43 +01:00
return
$sql->update("User")
->set("last_online", new CurrentTimeStamp())
->where(new Compare("uid", $this->user->getId()))
->execute() &&
$sql->update("Session")
2022-02-20 16:53:26 +01:00
->set("Session.expires", (new DateTime())->modify("+$minutes second"))
2021-12-08 16:53:43 +01:00
->set("Session.ipAddress", $this->ipAddress)
->set("Session.os", $this->os)
->set("Session.browser", $this->browser)
->set("Session.data", json_encode($_SESSION))
->set("Session.csrf_token", $this->csrfToken)
->where(new Compare("Session.uid", $this->sessionId))
->where(new Compare("Session.user_id", $this->user->getId()))
->execute();
2020-02-09 23:02:19 +01:00
}
2020-06-14 19:39:52 +02:00
public function getCsrfToken(): string {
return $this->csrfToken;
}
2020-02-09 23:02:19 +01:00
}