meteo/Sentri
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.0 Initial commit of project

Browse Source
This commit is contained in:
Meteo
2026-01-01 10:54:18 +01:00
commit 768cf78b57
990 changed files with 241213 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
pub/api/v1/users/apitoken/index.php Normal file
View File

@@ -0,0 +1,116 @@
<?php
use api\classes\API_apitoken;
use api\classes\API_users;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_apitoken.php';
$API_apitoken = new API_apitoken();
if ($API_apitoken->request_method === 'GET') {
# Retrieve all the API tokens from a user and return them.
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
];
$API_apitoken->validateData($requiredFields);
if ($API_apitoken->getUserUuid() === $API_apitoken->data['user_uuid']) {
$API_apitoken->checkPermissions('user-apitoken-self', 'RW');
} else {
$API_apitoken->checkPermissions('user-apitoken-others', 'RO');
}
$apitokens = $API_apitoken->getTokens();
$API_apitoken->apiOutput($code = 200, ['success' => $apitokens], 'api_token_created');
} elseif ($API_apitoken->request_method === 'POST') {
# Creates a new API Token. First check if the uuid is correct and then check the permission
# After that create a new token, retrieve the newly created api_token and give a response.
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
];
$API_apitoken->validateData($requiredFields);
# First retrieve the user_uuid from the post and lookup the user
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_users.php';
$API_users = new API_users();
$_GET['builder'] = [1 => ['where' => [0 => 'user_uuid', 1 => $API_apitoken->data['user_uuid']]]];
$user_data = $API_users->getUser()[0];
$API_apitoken->validateData($requiredFields);
if ($API_apitoken->getUserUuid() === $API_apitoken->data['user_uuid']) {
$API_apitoken->checkPermissions('user-apitoken-self', 'RW');
} else {
if ($user_data['user_email'] === 'superuser') {
$API_apitoken->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
$API_apitoken->checkPermissions('user-apitoken-others', 'RW');
}
$API_apitoken->createNewToken();
} elseif ($API_apitoken->request_method === 'PUT') {
# Change the revoked status of an API token
# This api call, when called from the frontend will not be forwarding to a url.
$API_apitoken->return_url = false;
$requiredFields = [
'api_token_uuid' => ['type' => 'uuid'],
'api_token_revoked' => ['type' => 'boolean'],
];
$API_apitoken->validateData($requiredFields);
$api_token_data = $API_apitoken->getToken();
if ($API_apitoken->getUserUuid() === $api_token_data['user_uuid']) {
$API_apitoken->checkPermissions('user-apitoken-self', 'RW');
} else {
if ($api_token_data['user_email'] === 'superuser') {
$API_apitoken->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
$API_apitoken->checkPermissions('user-apitoken-others', 'RW');
}
$API_apitoken->revokeToken();
} elseif ($API_apitoken->request_method === 'DELETE') {
# Deletes an API token, requies DELETE with 'api_token_uuid' first retrieve the uuid of the user with getToken then check
# if the user is another user or itself
# This api call, when called from the frontend will not be forwarding to a url.
$API_apitoken->return_url = false;
$requiredFields = [
'api_token_uuid' => ['type' => 'uuid'],
];
$API_apitoken->validateData($requiredFields);
$api_token_data = $API_apitoken->getToken();
if ($API_apitoken->getUserUuid() === $api_token_data['user_uuid']) {
$API_apitoken->checkPermissions('user-apitoken-self', 'RW');
} else {
if ($api_token_data['user_email'] === 'superuser') {
$API_apitoken->apiOutput(401, ['error' => 'You are not authorized to access this resource.']);
}
$API_apitoken->checkPermissions('user-apitoken-others', 'RW');
}
$API_apitoken->deleteToken();
}

41
pub/api/v1/users/avatar/index.php Normal file
View File

@@ -0,0 +1,41 @@
<?php
use api\classes\API_usersavatar;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_usersavatar.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/imageProcessor.php';
$API_usersavatar = new API_usersavatar();
if ($API_usersavatar->request_method === 'GET') {
} elseif ($API_usersavatar->request_method === 'POST') {
# Reset a users password and send a email to the user to set a new password
$API_usersavatar->postedData['user_profile_picture'] = $API_usersavatar->createUserImage(['min_width' => 500, 'max_width' => 1000, 'min_height' => 500, 'max_height' => 1000, 'square' => true, 'allowed_types' => ['image/png'], 'max_size_kb' => 1024, 'transparent' => true]);
$API_usersavatar->postedData['user_profile_picture_thumbnail'] = $API_usersavatar->createUserImage(['min_width' => 64, 'max_width' => 64, 'min_height' => 64, 'max_height' => 64, 'square' => true, 'allowed_types' => ['image/png'], 'max_size_kb' => 1024, 'transparent' => true]);
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
'user_profile_picture' => ['type' => 'base64'],
'user_profile_picture_thumbnail' => ['type' => 'base64'],
];
$API_usersavatar->validateData($requiredFields);
# if the user is different from the user logged in, check the required permissions
if ($API_usersavatar->data['user_uuid'] != $API_usersavatar->getUserUuid()) {
$API_usersavatar->checkPermissions('admin-access-admins', 'RW');
}
$API_usersavatar->updateUserImage();
$API_usersavatar->apiOutput(200, ['success' => 'Avatar was successfully changed.']);
} elseif ($API_usersavatar->request_method === 'PUT') {
} elseif ($API_usersavatar->request_method === 'DELETE') {
}

89
pub/api/v1/users/index.php Normal file
View File

@@ -0,0 +1,89 @@
<?php
use api\classes\API_users;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_users.php';
$API_users = new API_users();
if ($API_users->request_method === 'GET') {
#echo json_encode($api->getAllUsers());
} elseif ($API_users->request_method === 'POST') {
# create a new user
$API_users->checkPermissions('admin-access-admins', 'RW');
$requiredFields = [
'user_group_uuid' => ['type' => 'uuid'],
'user_email' => ['type' => 'email'],
'user_first_name' => ['type' => 'string'],
'user_last_name' => ['type' => 'string'],
'user_full_name' => ['type' => 'string'],
'user_phone_number' => ['type' => 'string'],
'user_status' => ['type' => 'enum', 'values' => ['active', 'inactive', 'banned', 'pending']],
'user_password' => ['type' => 'string'],
'user_pref_language' => ['type' => 'string'],
'user_password_reset_token' => ['type' => 'string'],
'user_password_reset_expires' => ['type' => 'int'],
];
# The user will need to verify their email, the password field cannot be NULL so set an random password for now till the user resets it on when verifing there email
$random_string = substr(str_shuffle(str_repeat('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01', 64)), 0, rand(50, 64));
$user_password = password_hash($random_string, PASSWORD_BCRYPT, ["cost" => 12]);
$API_users->postedData['user_password'] = $user_password;
$API_users->postedData['user_full_name'] = trim($_POST['user_first_name'] . ' ' . $_POST['user_last_name']);
$API_users->postedData['user_pref_language'] = $_POST['user_pref_language'] ?? 'en';
# Password reset token that will be send to the newly created user
$API_users->postedData['user_password_reset_token'] = bin2hex(random_bytes(32));
$API_users->postedData['user_password_reset_expires'] = time() + 86400;
$API_users->validateData($requiredFields);
$API_users->createUser();
} elseif ($API_users->request_method === 'PUT') {
# Edit a user
$API_users->checkPermissions('admin-access-admins', 'RW');
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
'user_group_uuid' => ['type' => 'uuid'],
'user_email' => ['type' => 'email'],
'user_first_name' => ['type' => 'string'],
'user_last_name' => ['type' => 'string'],
'user_full_name' => ['type' => 'string'],
'user_phone_number' => ['type' => 'string'],
'user_status' => ['type' => 'enum', 'values' => ['active', 'inactive', 'banned', 'pending']],
'user_pref_language' => ['type' => 'string'],
'user_stompable' => ['type' => 'boolean']
];
$API_users->postedData['user_full_name'] = trim($_POST['user_first_name'] . ' ' . $_POST['user_last_name']);
$API_users->postedData['user_pref_language'] = $_POST['user_pref_language'] ?? 'en';
$API_users->postedData['user_stompable'] = (bool)$_POST['user_stompable'];
$API_users->validateData($requiredFields);
$API_users->updateUser();
} elseif ($API_users->request_method === 'DELETE') {
$API_users->return_url = false;
$API_users->checkPermissions('admin-access-admins', 'RW');
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
];
$API_users->validateData($requiredFields);
$API_users->deleteUser();
}

68
pub/api/v1/users/mfa/index.php Normal file
View File

@@ -0,0 +1,68 @@
<?php
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_mfa.php';
require $_SERVER['DOCUMENT_ROOT'] . '/../vendor/autoload.php';
include_once $_SERVER['DOCUMENT_ROOT'] . '/login/php/authFunctions.php';
use api\classes\API_mfa;
use RobThree\Auth\TwoFactorAuth;
use RobThree\Auth\Providers\Qr\EndroidQrCodeWithLogoProvider;
$API_mfa = new API_mfa();
if ($API_mfa->request_method === 'GET') {
} elseif ($API_mfa->request_method === 'POST') {
# Setup a new MFA secret its posted from mfaSetup.php where it generated a secret
if (checkLoginAttempts() > 10) {
echo 'too many attempts, please try again later.';
exit;
}
# check if the secret is in the session created at the mfaSetup.php file
if (!isset($_SESSION['mfasetup']['secret'])) {
$this->apiOutput(400, ['error' => 'secret not found.']);
}
$tfa = new TwoFactorAuth(new EndroidQrCodeWithLogoProvider());
$API_mfa->postedData['user_uuid'] = $_SESSION['user']['user_uuid'];
$API_mfa->postedData['user_two_factor_secret'] = $_SESSION['mfasetup']['secret'];
$API_mfa->postedData['verificationCode'] = linkVerificationPosts(); # The code is entered in six loose posts this wil link it togheter
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
'user_two_factor_secret' => ['type' => 'string'],
'verificationCode' => ['type' => 'string', 'min' => 6, 'max' => 6],
];
$API_mfa->validateData($requiredFields);
$result = $tfa->verifyCode($API_mfa->postedData['user_two_factor_secret'], $API_mfa->postedData['verificationCode']);
if (!$result) {
addLoginAttempts();
$API_mfa->apiOutput(401, ['error' => 'Invalid verification code.']);
}
$API_mfa->enableMFA();
} elseif ($API_mfa->request_method === 'PUT') {
} elseif ($API_mfa->request_method === 'DELETE') {
# Delete a mfa code for a user
$API_mfa->return_url = false;
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
];
$API_mfa->validateData($requiredFields);
$API_mfa->disableMFA();
}

78
pub/api/v1/users/resetpassword/index.php Normal file
View File

@@ -0,0 +1,78 @@
<?php
use api\classes\API_resetpassword;
use api\classes\API_users;
use bin\php\Classes\mailBuilder;
session_start();
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_resetpassword.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/bin/php/Classes/mailBuilder.php';
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_users.php';
$API_resetpassword = new API_resetpassword();
if ($API_resetpassword->request_method === 'GET') {
} elseif ($API_resetpassword->request_method === 'POST') {
# Reset a users password and send a email to the user to set a new password
$API_resetpassword->checkPermissions('admin-access-admins-resetpassword', 'RW');
# The user will need to verify their email, the password field cannot be NULL so set an random password for now till the user resets it on when verifing there email
$random_string = substr(str_shuffle(str_repeat('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01', 64)), 0, rand(50, 64));
$user_password = password_hash($random_string, PASSWORD_BCRYPT, ["cost" => 12]);
$API_resetpassword->postedData['user_password'] = $user_password;
# Password reset token that will be send to the user
$API_resetpassword->postedData['user_password_reset_token'] = bin2hex(random_bytes(32));
$API_resetpassword->postedData['user_password_reset_expires'] = time() + 86400;
$requiredFields = [
'user_uuid' => ['type' => 'uuid'],
'user_password' => ['type' => 'string'],
'user_password_reset_token' => ['type' => 'string'],
'user_password_reset_expires' => ['type' => 'int'],
];
$API_resetpassword->validateData($requiredFields);
$API_resetpassword->resetPassword();
$API_users = new API_users();
$_GET['builder'] = [1 => ['where' => [0 => 'user_uuid', 1 => $API_resetpassword->data['user_uuid']]]];
$user_data = $API_users->getUser()[0];
# Sending an email to the user
$host = $_SERVER['HTTP_HOST'];
$verifyLink = "https://{$host}/login/verifyEmail.php?token={$API_resetpassword->data['user_password_reset_token']}";
$mail = new mailBuilder();
$mail->subject = "Hello " . $user_data['user_full_name'] . ", Heres Your Password Reset Link";
$mail->addAddress($user_data['user_email'], $user_data['user_first_name']);
$mail->mailText = '
Hello ' . $user_data['user_first_name'] . ',<br><br>
We received a request to reset the password for your account. As a security measure, your password has been reset.<br><br>
To set a new password of your choice, click the text below:<br>
<a href="' . $verifyLink . '">Reset Password</a><br><br>
Or copy and paste the following link into your browser: <br>' . $verifyLink . '<br><br>
This link is valid for 24 hours from the time of this request.<br><br>
If you did not request this, you can safely ignore this email. No further action is required, and your account remains secure.<br><br>
Best regards,<br><br>
The Sentri gnomes
';
$mail->sendMail();
$API_resetpassword->apiOutput(200, ['success' => 'Password reset link sent successfully.']);
} elseif ($API_resetpassword->request_method === 'PUT') {
} elseif ($API_resetpassword->request_method === 'DELETE') {
}