From 146774a4ed1fca946fcc24d66dcca7ffe21dcd72 Mon Sep 17 00:00:00 2001
From: Minteck <contact@minteck.org>
Date: Sun, 12 Jun 2022 22:38:03 +0200
Subject: Working around a bug

---
 Application/AddTransaction/index.php    |  1 +
 Application/RemoveTransaction/index.php |  1 +
 Authentication/Mobile/index.php         |  4 +++
 Authentication/MobileCallback/index.php | 63 +++++++++++++++++++++++++++++++++
 4 files changed, 69 insertions(+)
 create mode 100644 Authentication/Mobile/index.php
 create mode 100644 Authentication/MobileCallback/index.php

diff --git a/Application/AddTransaction/index.php b/Application/AddTransaction/index.php
index 1c3d35f..e6b7d34 100644
--- a/Application/AddTransaction/index.php
+++ b/Application/AddTransaction/index.php
@@ -79,4 +79,5 @@ if ($_GET['Currency'] === "€") {
 
 $list = array_reverse($list);
 
+file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Transactions." . str_replace(":", "-", date('c')) . ".json", file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Transactions.json"));
 file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Transactions.json", json_encode($list));
\ No newline at end of file
diff --git a/Application/RemoveTransaction/index.php b/Application/RemoveTransaction/index.php
index ad0ed5d..138f6a8 100644
--- a/Application/RemoveTransaction/index.php
+++ b/Application/RemoveTransaction/index.php
@@ -49,4 +49,5 @@ $list = array_filter($list, function ($item) {
     return ($item["date"] !== base64url_decode($_GET['Transaction']));
 });
 
+file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Transactions." . str_replace(":", "-", date('c')) . ".json", file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Transactions.json"));
 file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Data/Transactions.json", json_encode($list));
\ No newline at end of file
diff --git a/Authentication/Mobile/index.php b/Authentication/Mobile/index.php
new file mode 100644
index 0000000..5811228
--- /dev/null
+++ b/Authentication/Mobile/index.php
@@ -0,0 +1,4 @@
+<?php
+
+header("Location: https://account.minteck.org/hub/api/rest/oauth2/auth?client_id=" . json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Application.json"), true)["id"] . "&response_type=code&redirect_uri=http" . ($_SERVER['HTTPS'] ? "s" : "") . "://" . $_SERVER['HTTP_HOST'] . "/Authentication/MobileCallback&scope=Hub&request_credentials=default&access_type=offline");
+die();
diff --git a/Authentication/MobileCallback/index.php b/Authentication/MobileCallback/index.php
new file mode 100644
index 0000000..8c16d67
--- /dev/null
+++ b/Authentication/MobileCallback/index.php
@@ -0,0 +1,63 @@
+<?php
+
+header("Content-Type: text/plain");
+// TODO: handle errors
+
+if (!isset($_GET['code'])) {
+    die();
+}
+
+$appdata = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Application.json"), true);
+
+$crl = curl_init('https://account.minteck.org/hub/api/rest/oauth2/token');
+curl_setopt($crl, CURLOPT_RETURNTRANSFER, true);
+curl_setopt($crl, CURLINFO_HEADER_OUT, true);
+curl_setopt($crl, CURLOPT_POST, true);
+curl_setopt($crl, CURLOPT_HTTPHEADER, [
+    "Authorization: Basic " . base64_encode($appdata["id"] . ":" . $appdata["secret"]),
+    "Content-Type: application/x-www-form-urlencoded",
+    "Accept: application/json"
+]);
+curl_setopt($crl, CURLOPT_POSTFIELDS, "grant_type=authorization_code&redirect_uri=" . urlencode("http" . ($_SERVER['HTTPS'] ? "s" : "") . "://" . $_SERVER['HTTP_HOST'] . "/Authentication/MobileCallback") . "&code=" . $_GET['code']);
+
+$result = curl_exec($crl);
+$result = json_decode($result, true);
+
+curl_close($crl);
+
+if (isset($result["access_token"])) {
+    $crl = curl_init('https://account.minteck.org/hub/api/rest/users/me');
+    curl_setopt($crl, CURLOPT_RETURNTRANSFER, true);
+    curl_setopt($crl, CURLINFO_HEADER_OUT, true);
+    curl_setopt($crl, CURLOPT_HTTPHEADER, [
+        "Authorization: Bearer " . $result["access_token"],
+        "Accept: application/json"
+    ]);
+
+    $result = curl_exec($crl);
+    $result = json_decode($result, true);
+
+    if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/Private/SessionTokens")) mkdir($_SERVER['DOCUMENT_ROOT'] . "/Private/SessionTokens");
+
+    if (in_array($result["id"], json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/AllowedUsers.json"), true))) {
+        $token = bin2hex(random_bytes(32));
+        file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/SessionTokens/" . $token, json_encode($result));
+        session_start();
+        session_set_cookie_params([
+            'lifetime' => 0,
+            'path' => '/',
+            'domain' => "",
+            'secure' => true,
+            'httponly' => true,
+            'samesite' => 'None'
+        ]);
+        setcookie("BITS_SESSION_TOKEN", $token, 0, "/", "", true, true);
+        header("Set-Cookie: BITS_SESSION_TOKEN=" . $token . "; SameSite=None; Path=/; Secure; HttpOnly");
+
+        header("Location: /Mobile");
+    } else {
+        header("Location: /Authentication/Disallowed");
+    }
+
+    die();
+}
\ No newline at end of file
-- 
cgit