i finally committed i guess

Signed-off-by: boris <boris@borishub.co.uk>
2025-03-15 01:59:16 +00:00
parent 8de2b7f29e
commit 709596eea2
113 changed files with 25075 additions and 54344 deletions
--- a/auth.php
+++ b/auth.php
@@ -0,0 +1,113 @@
+<?php
+require_once('Models/AuthService.php');
+require_once('Models/UserDataSet.php');
+require_once('Models/User.php');
+
+// Enable CORS
+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
+header('Access-Control-Allow-Headers: Content-Type, Authorization');
+header('Content-Type: application/json');
+
+// Handle OPTIONS request
+if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
+    http_response_code(200);
+    exit;
+}
+
+try {
+    $auth = new AuthService();
+    $userDataSet = new UserDataSet();
+
+    // Handle POST request for login
+    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+        $data = json_decode(file_get_contents('php://input'), true);
+        
+        // Handle token refresh
+        if (isset($data['action']) && $data['action'] === 'refresh') {
+            if (!isset($data['refreshToken'])) {
+                http_response_code(400);
+                echo json_encode(['error' => 'Refresh token is required']);
+                exit;
+            }
+            
+            $refreshToken = $data['refreshToken'];
+            $newToken = $auth->refreshToken($refreshToken);
+            
+            if (!$newToken) {
+                http_response_code(401);
+                echo json_encode(['error' => 'Invalid or expired refresh token']);
+                exit;
+            }
+            
+            echo json_encode([
+                'success' => true,
+                'token' => $newToken
+            ]);
+            exit;
+        }
+        
+        // Handle login
+        if (!isset($data['username']) || !isset($data['password'])) {
+            http_response_code(400);
+            echo json_encode(['error' => 'Username and password are required']);
+            exit;
+        }
+
+        // Authenticate user
+        $user = new User();
+        $token = $user->Authenticate($data['username'], $data['password']);
+
+        if ($token) {
+            // Generate refresh token
+            $refreshToken = $auth->generateRefreshToken([
+                'id' => $user->getUserId(),
+                'username' => $user->getUsername(),
+                'accessLevel' => $user->getAccessLevel()
+            ]);
+
+            echo json_encode([
+                'success' => true,
+                'token' => $token,
+                'refreshToken' => $refreshToken,
+                'user' => [
+                    'id' => $user->getUserId(),
+                    'username' => $user->getUsername(),
+                    'accessLevel' => $user->getAccessLevel()
+                ]
+            ]);
+        } else {
+            http_response_code(401);
+            echo json_encode(['error' => 'Invalid credentials']);
+        }
+        exit;
+    }
+
+    // Handle GET request for token validation
+    if ($_SERVER['REQUEST_METHOD'] === 'GET') {
+        $auth = User::checkAuth(false);
+        
+        if ($auth) {
+            echo json_encode([
+                'valid' => true, 
+                'user' => [
+                    'id' => $auth['uid'],
+                    'username' => $auth['username'],
+                    'accessLevel' => $auth['accessLevel']
+                ]
+            ]);
+        } else {
+            http_response_code(401);
+            echo json_encode(['valid' => false, 'error' => 'Invalid or expired token']);
+        }
+        exit;
+    }
+
+    http_response_code(405);
+    echo json_encode(['error' => 'Method not allowed']);
+
+} catch (Exception $e) {
+    error_log('Auth error: ' . $e->getMessage());
+    http_response_code(500);
+    echo json_encode(['error' => 'Server error', 'message' => $e->getMessage()]);
+}