flashii/mince
1
0
Fork 0
Code Pull requests Releases Activity
mince/src/ClientsRoutes.php

146 lines
4.5 KiB
PHP
Raw Normal View History

Big overhauls for mcexts.
2023-08-22 23:47:37 +00:00
<?php
namespace Mince;
use InvalidArgumentException;
use RuntimeException;
use Index\Routing\IRouter;
use Index\Security\CSRFP;
use Ramsey\Uuid\Uuid;
class ClientsRoutes {
public function __construct(
private Templating $templating,
private AccountLinks $accountLinks,
private Authorisations $authorisations,
private Verifications $verifications,
private CSRFP $csrfp,
private object $authInfo
) {}
public function register(IRouter $router): void {
$router->use('/clients', [$this, 'verifyRequest']);
$router->get('/clients', [$this, 'getClients']);
$router->post('/clients/link', [$this, 'postLink']);
$router->post('/clients/unlink', [$this, 'postUnlink']);
$router->post('/clients/authorise', [$this, 'postAuthorise']);
$router->post('/clients/deauthorise', [$this, 'postDeauthorise']);
}
public function verifyRequest($response, $request) {
if(!$this->authInfo->success)
return 403;
if($request->getMethod() === 'POST') {
if(!$request->isFormContent())
return 400;
$body = $request->getContent();
if(!$body->hasParam('csrfp') || !$this->csrfp->verifyToken((string)$body->getParam('csrfp')))
return 403;
}
}
public function getClients() {
try {
$linkInfo = $this->accountLinks->getLink(userInfo: $this->authInfo->user_id);
$clients = $this->authorisations->getAuthorisations($linkInfo);
$this->templating->addVars([
'link' => $linkInfo,
'clients' => $clients,
]);
} catch(RuntimeException $ex) {}
return $this->templating->render('clients/index');
}
public function postLink($response, $request) {
if($this->accountLinks->checkHasLink($this->authInfo->user_id))
return 403;
$body = $request->getContent();
$code = (string)$body->getParam('code');
if(strlen($code) !== 10)
return 400;
$code = strtr(strtoupper($code), '0189', 'OIBG');
try {
$verifyInfo = $this->verifications->getVerification(code: $code);
} catch(RuntimeException $ex) {
return 404;
}
$this->verifications->deleteVerification($verifyInfo);
$this->accountLinks->createLink($this->authInfo->user_id, $verifyInfo);
$this->authorisations->createAuthorisation($verifyInfo, grant: true);
$response->redirect('/clients');
}
public function postUnlink($response) {
$this->accountLinks->deleteLink(userInfo: $this->authInfo->user_id);
$response->redirect('/clients');
}
public function postAuthorise($response, $request) {
$body = $request->getContent();
$authId = (string)$body->getParam('auth');
if(empty($authId))
return 404;
try {
$linkInfo = $this->accountLinks->getLink(userInfo: $this->authInfo->user_id);
} catch(RuntimeException $ex) {
return 403;
}
try {
$authInfo = $this->authorisations->getAuthorisation(authId: $authId);
} catch(RuntimeException $ex) {
return 403;
}
if($authInfo->getUUIDRaw() !== $linkInfo->getUUIDRaw())
return 403;
if($authInfo->isGranted())
return 404;
$this->authorisations->setAuthorisationGranted($authInfo);
$response->redirect('/clients');
}
public function postDeauthorise($response, $request) {
$body = $request->getContent();
$authId = (string)$body->getParam('auth');
if(empty($authId))
return 404;
try {
$linkInfo = $this->accountLinks->getLink(userInfo: $this->authInfo->user_id);
} catch(RuntimeException $ex) {
return 403;
}
if($authId === 'all') {
$this->authorisations->deleteAuthorisations(uuid: $linkInfo);
} elseif($authId === 'pending') {
$this->authorisations->deleteAuthorisations(uuid: $linkInfo, pending: true);
} else {
try {
$authInfo = $this->authorisations->getAuthorisation(authId: $authId);
} catch(RuntimeException $ex) {
return 403;
}
if($authInfo->getUUIDRaw() !== $linkInfo->getUUIDRaw())
return 403;
$this->authorisations->deleteAuthorisations(authInfo: $authInfo);
}
$response->redirect('/clients');
}
}
Copy permalink