Merge pull request #15

Jwt auth

Author: joaopabdala

app/Controllers/BlockController.php

@@ -5,6 +5,7 @@
 use App\Models\Block;
 use Core\Http\Controllers\Controller;
 use Core\Http\Request;
+use Exception;
 
 use function array_map;
 use function is_null;
@@ -30,8 +31,7 @@ public function create(Request $request): void
     {
         $image = ($_FILES['photo'] ?? null);
         $params = $request->getBody();
-        unset($params['PHPSESSID']);
-        $block = new Block($params);
+        $block = new Block(['name' => $params['name']]);
 
         if ($block->isValid()) {
             if ($block->save()) {
@@ -111,10 +111,20 @@ public function imageUpdate(Request $request): void
 
     public function destroy(Request $request): void
     {
-        $params = $request->getParams();
-        $block = Block::findById($params['id']);
-        $block->destroy();
+        try {
+            $params = $request->getParams();
+            $block = Block::findById($params['id']);
+
+            if (!$block) {
+                echo json_encode(['error' => 'Bloco não encontrado']);
+                return;
+            }
+
+            $block->destroy();
 
-        echo json_encode(['success' => 'deletado com sucesso']);
+            echo json_encode(['success' => 'Deletado com sucesso']);
+        } catch (Exception $e) {
+            echo json_encode(['error' => $e->getMessage()]);
+        }
     }
 }

app/Controllers/ClassRoomController.php

@@ -8,7 +8,9 @@
 use Core\Database\Database;
 use Core\Http\Controllers\Controller;
 use Core\Http\Request;
+use Exception;
 use PDO;
+use PDOException;
 
 use function is_null;
 use function json_encode;
@@ -88,10 +90,20 @@ public function update(Request $request): void
 
     public function destroy(Request $request): void
     {
-        $params = $request->getParams();
-        $block = Block::findById($params['id']);
-        $block->destroy();
+        try {
+            $params = $request->getParams();
+            $classroom = ClassRoom::findById($params['id']);
+
+            if (!$classroom) {
+                echo json_encode(['error' => 'Bloco não encontrado']);
+                return;
+            }
 
-        echo json_encode(['success' => 'deletado com sucesso']);
+            $classroom->destroy();
+
+            echo json_encode(['success' => 'Deletado com sucesso']);
+        } catch (Exception $e) {
+            echo json_encode(['error' => $e->getMessage()]);
+        }
     }
 }

app/Controllers/HomeController.php

@@ -21,7 +21,6 @@ class HomeController extends Controller
 {
     public function index(Request $request): void
     {
-
         $params = $request->getParams();
         $date = date('Y-m-d');
         if (isset($params['date'])) {

app/Controllers/SchedulesController.php

@@ -3,6 +3,7 @@
 namespace App\Controllers;
 
 use App\Enums\RolesEnum;
+use App\Models\Block;
 use App\Models\ClassRoom;
 use App\Models\Roles;
 use App\Models\Schedules;
@@ -52,9 +53,8 @@ public function index(): void
 
     public function byProfessorId(Request $request): void
     {
-
-        $id = $request->getParams()['id'];
-        $allSchedules = Schedules::byProfessorId($id);
+        $userId = (Auth::user()->id);
+        $allSchedules = Schedules::byProfessorId($userId);
         $schedulesArray = array_map(function ($schedule) {
             return [
             'id' => $schedule->id,
@@ -259,9 +259,21 @@ public function roomChange(Request $request): void
 
     public function delete(Request $request): void
     {
-        $params = $request->getParams();
-        $subject = Schedules::findById($params['id']);
-        $subject->destroy();
+        try {
+            $params = $request->getParams();
+            $schedule = Schedules::findById($params['id']);
+
+            if (!$schedule) {
+                echo json_encode(['error' => 'Bloco não encontrado']);
+                return;
+            }
+
+            $schedule->destroy();
+
+            echo json_encode(['success' => 'Deletado com sucesso']);
+        } catch (Exception $e) {
+            echo json_encode(['error' => $e->getMessage()]);
+        }
     }
 
     public function validatesDateConflict(Schedules $schedule): bool

app/Controllers/SubjectController.php

@@ -2,9 +2,11 @@
 
 namespace App\Controllers;
 
+use App\Models\Block;
 use App\Models\Subject;
 use Core\Http\Controllers\Controller;
 use Core\Http\Request;
+use Exception;
 
 use function array_map;
 use function is_null;
@@ -84,10 +86,20 @@ public function update(Request $request): void
 
     public function destroy(Request $request): void
     {
-        $params = $request->getParams();
-        $subject = Subject::findById($params['id']);
-        $subject->destroy();
+        try {
+            $params = $request->getParams();
+            $subject = Subject::findById($params['id']);
+
+            if (!$subject) {
+                echo json_encode(['error' => 'Bloco não encontrado']);
+                return;
+            }
+
+            $subject->destroy();
 
-        echo json_encode(['success' => 'deletado com sucesso']);
+            echo json_encode(['success' => 'Deletado com sucesso']);
+        } catch (Exception $e) {
+            echo json_encode(['error' => $e->getMessage()]);
+        }
     }
 }

app/Controllers/UsersController.php

@@ -6,9 +6,11 @@
 use App\Models\User;
 use Core\Http\Controllers\Controller;
 use Core\Http\Request;
+use Firebase\JWT\JWT;
 use Lib\Authentication\Auth;
 
 use function array_map;
+use function getenv;
 use function hash;
 use function json_encode;
 use function password_hash;
@@ -39,10 +41,18 @@ public function login(Request $request): void
         if ($user && $user->authenticate($params['password'])) {
             Auth::login($user);
 
+            $payload = [
+            "iss" => "http://localhost",
+            "aud" => "http://localhost",
+            "iat" => time(),
+            "exp" => time() + (60 * 60),
+            "user_id" => $user->id
+            ];
+            $token = JWT::encode($payload, $_ENV['PASSWORD_KEY_HASH'], 'HS256');
             echo json_encode([
               'success' => 'Logado com sucesso',
               'role' => $user->roleName(),
-              'token' => $user->id
+              'token' => $token
             ]);
         } else {
             http_response_code(400);

app/Middleware/AdminRole.php

@@ -2,19 +2,62 @@
 
 namespace App\Middleware;
 
+use App\Models\User;
 use Core\Exceptions\HTTPException;
 use Core\Http\Middleware\Middleware;
 use Core\Http\Request;
+use Exception;
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
 use Lib\Authentication\Auth;
 
+use function dd;
+use function getenv;
+use function http_response_code;
+use function json_encode;
+use function str_replace;
+
 class AdminRole implements Middleware
 {
     public function handle(Request $request): void
     {
-        if (Auth::user()->role_id != 1) {
+        $headers = getallheaders();
+        if (!isset($headers['Authorization'])) {
+            http_response_code(401);
+            echo json_encode(["error" => "Token não fornecido"]);
+            exit();
+        }
+
+        $token = str_replace('Bearer ', '', $headers['Authorization']);
+        $data = $this->validatesToken($token);
+        $user = User::findById($data['user_id']);
+
+        if ($user->role_id != 1) {
             header('Content-Type: application/json', true, 401);
             echo json_encode(['error' => 'Acesso restrito a admnistradores']);
             exit;
         }
     }
+
+  /**
+   *
+   * @param string $token
+   * @return array<string, mixed>|null
+   */
+
+    public function validatesToken(string $token): ?array
+    {
+        $key = $_ENV['PASSWORD_KEY_HASH'] ?? getenv('PASSWORD_KEY_HASH');
+
+        if (!$key) {
+            return null;
+        }
+
+        try {
+            $decoded = JWT::decode($token, new Key($key, 'HS256'));
+            return (array) $decoded;
+        } catch (Exception $e) {
+            return null;
+        }
+    }
 }

app/Middleware/Authenticate.php

@@ -5,16 +5,54 @@
 use Core\Exceptions\HTTPException;
 use Core\Http\Middleware\Middleware;
 use Core\Http\Request;
+use Exception;
+use Firebase\JWT\JWT;
+use Firebase\JWT\Key;
 use Lib\Authentication\Auth;
 
+use function dd;
+use function glob;
+
 class Authenticate implements Middleware
 {
     public function handle(Request $request): void
     {
-        if (!Auth::check()) {
-            header('Content-Type: application/json', true, 401);
-            echo json_encode(['error' => 'Você precisa estar autenticado para acessar esta página.']);
-            exit;
+        $headers = getallheaders();
+        if (!isset($headers['Authorization'])) {
+            http_response_code(401);
+            echo json_encode(["error" => "Token não fornecido"]);
+            exit();
+        }
+
+        $token = str_replace('Bearer ', '', $headers['Authorization']);
+        $data = $this->validatesToken($token);
+
+        if (!$data) {
+            http_response_code(401);
+            echo json_encode(["error" => "Token inválido"]);
+            exit();
+        }
+
+  //    echo json_encode(["message" => "Autorizado", "user" => $data]);
+    }
+  /**
+   *
+   * @param string $token
+   * @return array<string, mixed>|null
+   */
+    public function validatesToken(string $token): ?array
+    {
+        $key = $_ENV['PASSWORD_KEY_HASH'] ?? getenv('PASSWORD_KEY_HASH');
+
+        if (!$key) {
+            return null;
+        }
+
+        try {
+            $decoded = JWT::decode($token, new Key($key, 'HS256'));
+            return (array) $decoded;
+        } catch (Exception $e) {
+            return null;
         }
     }
 }

composer.json

@@ -17,5 +17,8 @@
         "phpunit/phpunit": "^11.1",
         "squizlabs/php_codesniffer": "*",
         "phpstan/phpstan": "^1.10"
+    },
+    "require": {
+        "firebase/php-jwt": "^6.11"
     }
 }