Projekte/web-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update

Browse Source
This commit is contained in:
Roman
2024-03-24 17:36:16 +01:00
parent aece0cb92a
commit 2ef4de0dba
17 changed files with 139 additions and 255 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
Core/Objects/Context.class.php
View File

@@ -9,7 +9,6 @@ use Core\Driver\SQL\Condition\CondLike;
use Core\Driver\SQL\Condition\CondOr;
use Core\Driver\SQL\Join\InnerJoin;
use Core\Driver\SQL\SQL;
use Firebase\JWT\JWT;
use Core\Objects\DatabaseEntity\Language;
use Core\Objects\DatabaseEntity\Session;
use Core\Objects\DatabaseEntity\User;
@@ -99,28 +98,14 @@ class Context {
session_write_close();
}
private function loadSession(int $userId, int $sessionId): void {
$this->session = Session::init($this, $userId, $sessionId);
private function loadSession(string $sessionUUID): void {
$this->session = Session::init($this, $sessionUUID);
$this->user = $this->session?->getUser();
}
public function parseCookies(): void {
if (isset($_COOKIE['session']) && is_string($_COOKIE['session']) && !empty($_COOKIE['session'])) {
try {
$token = $_COOKIE['session'];
$settings = $this->configuration->getSettings();
$jwtKey = $settings->getJwtSecretKey();
if ($jwtKey) {
$decoded = (array)JWT::decode($token, $jwtKey);
$userId = ($decoded['userId'] ?? NULL);
$sessionId = ($decoded['sessionId'] ?? NULL);
if (!is_null($userId) && !is_null($sessionId)) {
$this->loadSession($userId, $sessionId);
}
}
} catch (\Exception $e) {
// ignored
}
$this->loadSession($_COOKIE['session']);
}
// set language by priority: 1. GET parameter, 2. cookie, 3. user's settings

25
Core/Objects/DatabaseEntity/Session.class.php
View File

@@ -4,7 +4,6 @@ namespace Core\Objects\DatabaseEntity;
use DateTime;
use Exception;
use Firebase\JWT\JWT;
use Core\Objects\Context;
use Core\Objects\DatabaseEntity\Attribute\DefaultValue;
use Core\Objects\DatabaseEntity\Attribute\Json;
@@ -21,6 +20,7 @@ class Session extends DatabaseEntity {
private User $user;
private DateTime $expires;
#[MaxLength(45)] private string $ipAddress;
#[MaxLength(36)] private string $uuid;
#[DefaultValue(true)] private bool $active;
#[MaxLength(64)] private ?string $os;
#[MaxLength(64)] private ?string $browser;
@@ -32,15 +32,21 @@ class Session extends DatabaseEntity {
parent::__construct();
$this->context = $context;
$this->user = $user;
$this->uuid = uuidv4();
$this->stayLoggedIn = false;
$this->csrfToken = $csrfToken ?? generateRandomString(16);
$this->expires = (new DateTime())->modify(sprintf("+%d second", Session::DURATION));
$this->active = true;
}
public static function init(Context $context, int $userId, int $sessionId): ?Session {
$session = Session::find($context->getSQL(), $sessionId, true, true);
if (!$session || !$session->active || $session->user->getId() !== $userId) {
public static function init(Context $context, string $sessionUUID): ?Session {
$sql = $context->getSQL();
$session = Session::findBy(Session::createBuilder($sql, true)
->fetchEntities(true)
->whereEq("Session.uuid", $sessionUUID)
->whereTrue("Session.active")
->whereGt("Session.expires", $sql->now()));
if (!$session) {
return null;
}
@@ -82,18 +88,13 @@ class Session extends DatabaseEntity {
}
}
public function getCookie(): string {
$this->updateMetaData();
$settings = $this->context->getSettings();
$token = ['userId' => $this->user->getId(), 'sessionId' => $this->getId()];
$jwtPublicKey = $settings->getJwtPublicKey();
return JWT::encode($token, $jwtPublicKey->getKeyMaterial(), $jwtPublicKey->getAlgorithm());
public function getUUID(): string {
return $this->uuid;
}
public function sendCookie(string $domain) {
$sessionCookie = $this->getCookie();
$secure = strcmp(getProtocol(), "https") === 0;
setcookie('session', $sessionCookie, $this->getExpiresTime(), "/", $domain, $secure, true);
setcookie('session', $this->uuid, $this->getExpiresTime(), "/", $domain, $secure, true);
}
public function getExpiresTime(): int {