Add middleware functionality
Anonymous Contributor
parent
024a140609
commit
b163f4d764
|
|
@ -0,0 +1,16 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Mcp\Middleware;
|
||||
|
||||
class AdminMiddleware extends LoginRequiredMiddleware
|
||||
{
|
||||
public function canAccess(): bool
|
||||
{
|
||||
if (parent::canAccess()) {
|
||||
return $_SESSION['UserLevel'] > 100;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Mcp\Middleware;
|
||||
|
||||
use Mcp\ConnectionProvider;
|
||||
|
||||
class LoginRequiredMiddleware extends SessionMiddleware
|
||||
{
|
||||
|
||||
private ConnectionProvider $connProvider;
|
||||
|
||||
public function __construct(ConnectionProvider $connProvider, string $cookieDomain)
|
||||
{
|
||||
parent::__construct($cookieDomain, 3600);
|
||||
$this->connProvider = $connProvider;
|
||||
}
|
||||
|
||||
public function canAccess(): bool
|
||||
{
|
||||
parent::handleSession();
|
||||
if (isset($_SESSION['UUID'])) {
|
||||
// User level or existence of account may have changed since session was created
|
||||
$getLevel = $this->connProvider->db()->prepare('SELECT UserLevel FROM UserAccounts WHERE PrincipalID = ?');
|
||||
$getLevel->execute([$_SESSION['UUID']]);
|
||||
if ($row = $getLevel->fetch()) {
|
||||
$_SESSION['LEVEL'] = $row['UserLevel'];
|
||||
session_set_cookie_params(86400);
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
session_unset();
|
||||
session_destroy();
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public function handleUnauthorized(): void
|
||||
{
|
||||
header('Location: index.php?page=login');
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Mcp\Middleware;
|
||||
|
||||
interface Middleware
|
||||
{
|
||||
public function canAccess(): bool;
|
||||
public function handleUnauthorized(): void;
|
||||
}
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Mcp\Middleware;
|
||||
|
||||
class PreSessionMiddleware extends SessionMiddleware
|
||||
{
|
||||
public function __construct(string $cookieDomain)
|
||||
{
|
||||
parent::__construct($cookieDomain, 0);
|
||||
}
|
||||
|
||||
public function canAccess(): bool
|
||||
{
|
||||
parent::handleSession();
|
||||
return !isset($_SESSION['LOGIN']);
|
||||
}
|
||||
|
||||
public function handleUnauthorized(): void
|
||||
{
|
||||
header('Location: index.php');
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace Mcp\Middleware;
|
||||
|
||||
use UnexpectedValueException;
|
||||
|
||||
abstract class SessionMiddleware implements Middleware
|
||||
{
|
||||
|
||||
private string $cookieDomain;
|
||||
private int $cookieLifetime;
|
||||
|
||||
public function __construct(string $cookieDomain, int $cookieLifetime)
|
||||
{
|
||||
$this->cookieDomain = $cookieDomain;
|
||||
$this->cookieLifetime = $cookieLifetime;
|
||||
}
|
||||
|
||||
protected function handleSession(): void
|
||||
{
|
||||
switch(session_status()) {
|
||||
case PHP_SESSION_DISABLED:
|
||||
throw new UnexpectedValueException("Session functionality is disabled");
|
||||
break;
|
||||
case PHP_SESSION_NONE:
|
||||
session_set_cookie_params([
|
||||
'lifetime' => $this->cookieLifetime,
|
||||
'path' => '/',
|
||||
'domain' => $this->cookieDomain,
|
||||
'httponly' => true,
|
||||
'secure' => true,
|
||||
'samesite' => 'Strict'
|
||||
]);
|
||||
session_start();
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
if(!isset($_SESSION['csrf']) || strlen($_SESSION['csrf']) != 64) {
|
||||
$_SESSION['csrf'] = bin2hex(random_bytes(32));
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue