RestServer/example/TestAuthController.php at 0a09d5b1537b205d40a42312561367889eb761a4 · jacwright/RestServer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<?php
/*
*********************************************************************
****************************** NOTICE  ******************************
*********************************************************************

Before testing this example, you must full fill following requirements

1. Generate private and public keys pair in same directory as (testkey and testkey.pub)
2. install php-jwt ie. run `composer require firebase/php-jwt`

*/

use \Firebase\JWT\JWT;
use \Jacwright\RestServer\RestException;

class TestController
{
    /**
     * Mocking up user table
     */
    private $listUser = array(
        'admin@domain.tld' => array('email' => 'admin@domain.tld', 'password' => 'adminPass', 'role' => 'admin'),
        'user@domain.tld' => array('email' => 'user@domain.tld', 'password' => 'userPass', 'role' => 'user')
    );

    /**
     * Security
     */
    public $private_key = __DIR__ . DIRECTORY_SEPARATOR . 'testkey';
    public $public_key = __DIR__ . DIRECTORY_SEPARATOR . 'testkey.pub';
    public $hash_type = 'RS256';

    /**
     * Logged in user
     */
    private $loggedUser = null;

    /**
     * Check client credentials and return true if found valid, false otherwise
     */
    public function authenticate($credentials, $auth_type)
    {
        switch ($auth_type) {
            case 'Bearer':
                $public_key = file_get_contents($this->public_key);
                $token = JWT::decode($credentials, $public_key, array($this->hash_type));
                if ($token && !empty($token->username) && $this->listUser[$token->username]) {
                  $this->loggedUser = $this->listUser[$token->username];
                  return true;
                }
                break;

            case 'Basic':
            default:
                $email = $credentials['username'];
                if (isset($this->listUser[$email]) && $this->listUser[$email]['password'] == $credentials['password']) {
                  $this->loggedUser = $this->listUser[$email];
                  return true;
                }
                break;
        }

        return false;
    }

    /**
     * Check if current user is allowed to access a certain method
     */
    public function authorize($method)
    {
        if ('admin' == $this->loggedUser['role']) {
          return true; // admin can access everthing

        } else if ('user' == $this->loggedUser['role']) {
          // user can access selected methods only
          if (in_array($method, array('download'))) {
            return true;
          }
        }

        return false;
    }

    /**
     * To get JWT token client can post his username and password to this method
     *
     * @url POST /login
     * @noAuth
     */
    public function login($data = array())
    {
        $username = isset($data['username']) ? $data['username'] : null;
        $password = isset($data['password']) ? $data['password'] : null;

        // only if we have valid user
        if (isset($this->listUser[$username]) && $this->listUser[$username] == $password) {
            $token = array(
                "iss" => 'My Website',
                "iat" => time(),
                "nbf" => time(),
                "exp" => time() + (60 * 60 * 24 * 30 * 12 * 1), // valid for one year
                "username" => $this->listUser[$username]['email'];
            );

            // return jwt token
            $private_key = file_get_contents($this->private_key);
            return JWT::encode($token, $private_key, $this->hash_type);
        }

        throw new RestException(401, "Invalid username or password");
    }

    /**
     * Upload a file
     *
     * @url PUT /files/$filename
     */
    public function upload($filename, $data, $mime)
    {
        $storage_dir  = sys_get_temp_dir();
        $allowedTypes = array('pdf' => 'application/pdf', 'html' => 'plain/html', 'wav' => 'audio/wav');
        if (in_array($mime, $allowedTypes)) {
          if (!empty($data)) {
            $file_path = $storage_dir . DIRECTORY_SEPARATOR . $filename;
            file_put_contents($file_path, $data);
            return $filename;
          } else {
            throw new RestException(411, "Empty file");
          }
        } else {
          throw new RestException(415, "Unsupported File Type");
        }
    }

    /**
     * Download a file
     *
     * @url GET /files/$filename
     */
    public function download($filename)
    {
        $storage_dir = sys_get_temp_dir();
        $file_path = $storage_dir . DIRECTORY_SEPARATOR . $filename;
        if (file_exists($file_path)) {
          return SplFileInfo($file_path);
        } else {
          throw new RestException(404, "File not found");
        }
    }

}