diff options
| author | Minteck <contact@minteck.org> | 2022-06-12 22:38:03 +0200 |
|---|---|---|
| committer | Minteck <contact@minteck.org> | 2022-06-12 22:38:03 +0200 |
| commit | 146774a4ed1fca946fcc24d66dcca7ffe21dcd72 (patch) | |
| tree | 7e6cd0c39554fd68e4241296e3ee97a2bf1ce141 | |
| parent | 6a0e17d3726241cb5f899c28db7815444b9b8e42 (diff) | |
| download | bits-server-146774a4ed1fca946fcc24d66dcca7ffe21dcd72.tar.gz bits-server-146774a4ed1fca946fcc24d66dcca7ffe21dcd72.tar.bz2 bits-server-146774a4ed1fca946fcc24d66dcca7ffe21dcd72.zip | |
Working around a bug
| -rw-r--r-- | Application/AddTransaction/index.php | 1 | ||||
| -rw-r--r-- | Application/RemoveTransaction/index.php | 1 | ||||
| -rw-r--r-- | Authentication/Mobile/index.php | 4 | ||||
| -rw-r--r-- | Authentication/MobileCallback/index.php | 63 |
4 files changed, 69 insertions, 0 deletions
diff --git a/Application/AddTransaction/index.php b/Application/AddTransaction/index.php index 1c3d35f..e6b7d34 100644 --- a/Application/AddTransaction/index.php +++ b/Application/AddTransaction/index.php @@ -79,4 +79,5 @@ if ($_GET['Currency'] === "€") { $list = array_reverse($list); +file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Transactions." . str_replace(":", "-", date('c')) . ".json", file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Transactions.json")); file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Transactions.json", json_encode($list));
\ No newline at end of file diff --git a/Application/RemoveTransaction/index.php b/Application/RemoveTransaction/index.php index ad0ed5d..138f6a8 100644 --- a/Application/RemoveTransaction/index.php +++ b/Application/RemoveTransaction/index.php @@ -49,4 +49,5 @@ $list = array_filter($list, function ($item) { return ($item["date"] !== base64url_decode($_GET['Transaction'])); }); +file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Transactions." . str_replace(":", "-", date('c')) . ".json", file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Transactions.json")); file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Transactions.json", json_encode($list));
\ No newline at end of file diff --git a/Authentication/Mobile/index.php b/Authentication/Mobile/index.php new file mode 100644 index 0000000..5811228 --- /dev/null +++ b/Authentication/Mobile/index.php @@ -0,0 +1,4 @@ +<?php + +header("Location: https://account.minteck.org/hub/api/rest/oauth2/auth?client_id=" . json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Application.json"), true)["id"] . "&response_type=code&redirect_uri=http" . ($_SERVER['HTTPS'] ? "s" : "") . "://" . $_SERVER['HTTP_HOST'] . "/Authentication/MobileCallback&scope=Hub&request_credentials=default&access_type=offline"); +die(); diff --git a/Authentication/MobileCallback/index.php b/Authentication/MobileCallback/index.php new file mode 100644 index 0000000..8c16d67 --- /dev/null +++ b/Authentication/MobileCallback/index.php @@ -0,0 +1,63 @@ +<?php + +header("Content-Type: text/plain"); +// TODO: handle errors + +if (!isset($_GET['code'])) { + die(); +} + +$appdata = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Application.json"), true); + +$crl = curl_init('https://account.minteck.org/hub/api/rest/oauth2/token'); +curl_setopt($crl, CURLOPT_RETURNTRANSFER, true); +curl_setopt($crl, CURLINFO_HEADER_OUT, true); +curl_setopt($crl, CURLOPT_POST, true); +curl_setopt($crl, CURLOPT_HTTPHEADER, [ + "Authorization: Basic " . base64_encode($appdata["id"] . ":" . $appdata["secret"]), + "Content-Type: application/x-www-form-urlencoded", + "Accept: application/json" +]); +curl_setopt($crl, CURLOPT_POSTFIELDS, "grant_type=authorization_code&redirect_uri=" . urlencode("http" . ($_SERVER['HTTPS'] ? "s" : "") . "://" . $_SERVER['HTTP_HOST'] . "/Authentication/MobileCallback") . "&code=" . $_GET['code']); + +$result = curl_exec($crl); +$result = json_decode($result, true); + +curl_close($crl); + +if (isset($result["access_token"])) { + $crl = curl_init('https://account.minteck.org/hub/api/rest/users/me'); + curl_setopt($crl, CURLOPT_RETURNTRANSFER, true); + curl_setopt($crl, CURLINFO_HEADER_OUT, true); + curl_setopt($crl, CURLOPT_HTTPHEADER, [ + "Authorization: Bearer " . $result["access_token"], + "Accept: application/json" + ]); + + $result = curl_exec($crl); + $result = json_decode($result, true); + + if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/Private/SessionTokens")) mkdir($_SERVER['DOCUMENT_ROOT'] . "/Private/SessionTokens"); + + if (in_array($result["id"], json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/AllowedUsers.json"), true))) { + $token = bin2hex(random_bytes(32)); + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/SessionTokens/" . $token, json_encode($result)); + session_start(); + session_set_cookie_params([ + 'lifetime' => 0, + 'path' => '/', + 'domain' => "", + 'secure' => true, + 'httponly' => true, + 'samesite' => 'None' + ]); + setcookie("BITS_SESSION_TOKEN", $token, 0, "/", "", true, true); + header("Set-Cookie: BITS_SESSION_TOKEN=" . $token . "; SameSite=None; Path=/; Secure; HttpOnly"); + + header("Location: /Mobile"); + } else { + header("Location: /Authentication/Disallowed"); + } + + die(); +}
\ No newline at end of file |