Skip to content

Jwt auth #15

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
joaopabdala merged 2 commits into from
Feb 25, 2025
Merged

Jwt auth #15

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5e66387
jwt token implement
joaopabdala Feb 25, 2025
bfb5e98
lintes + test corrections
joaopabdala Feb 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 16 additions & 6 deletions app/Controllers/BlockController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
use App\Models\Block;
use Core\Http\Controllers\Controller;
use Core\Http\Request;
use Exception;

use function array_map;
use function is_null;
Expand All @@ -30,8 +31,7 @@ public function create(Request $request): void
{
$image = ($_FILES['photo'] ?? null);
$params = $request->getBody();
unset($params['PHPSESSID']);
$block = new Block($params);
$block = new Block(['name' => $params['name']]);

if ($block->isValid()) {
if ($block->save()) {
Expand Down Expand Up @@ -111,10 +111,20 @@ public function imageUpdate(Request $request): void

public function destroy(Request $request): void
{
$params = $request->getParams();
$block = Block::findById($params['id']);
$block->destroy();
try {
$params = $request->getParams();
$block = Block::findById($params['id']);

if (!$block) {
echo json_encode(['error' => 'Bloco não encontrado']);
return;
}

$block->destroy();

echo json_encode(['success' => 'deletado com sucesso']);
echo json_encode(['success' => 'Deletado com sucesso']);
} catch (Exception $e) {
echo json_encode(['error' => $e->getMessage()]);
}
}
}
20 changes: 16 additions & 4 deletions app/Controllers/ClassRoomController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,9 @@
use Core\Database\Database;
use Core\Http\Controllers\Controller;
use Core\Http\Request;
use Exception;
use PDO;
use PDOException;

use function is_null;
use function json_encode;
Expand Down Expand Up @@ -88,10 +90,20 @@ public function update(Request $request): void

public function destroy(Request $request): void
{
$params = $request->getParams();
$block = Block::findById($params['id']);
$block->destroy();
try {
$params = $request->getParams();
$classroom = ClassRoom::findById($params['id']);

if (!$classroom) {
echo json_encode(['error' => 'Bloco não encontrado']);
return;
}

echo json_encode(['success' => 'deletado com sucesso']);
$classroom->destroy();

echo json_encode(['success' => 'Deletado com sucesso']);
} catch (Exception $e) {
echo json_encode(['error' => $e->getMessage()]);
}
}
}
1 change: 0 additions & 1 deletion app/Controllers/HomeController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@ class HomeController extends Controller
{
public function index(Request $request): void
{

$params = $request->getParams();
$date = date('Y-m-d');
if (isset($params['date'])) {
Expand Down
24 changes: 18 additions & 6 deletions app/Controllers/SchedulesController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
namespace App\Controllers;

use App\Enums\RolesEnum;
use App\Models\Block;
use App\Models\ClassRoom;
use App\Models\Roles;
use App\Models\Schedules;
Expand Down Expand Up @@ -52,9 +53,8 @@ public function index(): void

public function byProfessorId(Request $request): void
{

$id = $request->getParams()['id'];
$allSchedules = Schedules::byProfessorId($id);
$userId = (Auth::user()->id);
$allSchedules = Schedules::byProfessorId($userId);
$schedulesArray = array_map(function ($schedule) {
return [
'id' => $schedule->id,
Expand Down Expand Up @@ -259,9 +259,21 @@ public function roomChange(Request $request): void

public function delete(Request $request): void
{
$params = $request->getParams();
$subject = Schedules::findById($params['id']);
$subject->destroy();
try {
$params = $request->getParams();
$schedule = Schedules::findById($params['id']);

if (!$schedule) {
echo json_encode(['error' => 'Bloco não encontrado']);
return;
}

$schedule->destroy();

echo json_encode(['success' => 'Deletado com sucesso']);
} catch (Exception $e) {
echo json_encode(['error' => $e->getMessage()]);
}
}

public function validatesDateConflict(Schedules $schedule): bool
Expand Down
20 changes: 16 additions & 4 deletions app/Controllers/SubjectController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,11 @@

namespace App\Controllers;

use App\Models\Block;
use App\Models\Subject;
use Core\Http\Controllers\Controller;
use Core\Http\Request;
use Exception;

use function array_map;
use function is_null;
Expand Down Expand Up @@ -84,10 +86,20 @@ public function update(Request $request): void

public function destroy(Request $request): void
{
$params = $request->getParams();
$subject = Subject::findById($params['id']);
$subject->destroy();
try {
$params = $request->getParams();
$subject = Subject::findById($params['id']);

if (!$subject) {
echo json_encode(['error' => 'Bloco não encontrado']);
return;
}

$subject->destroy();

echo json_encode(['success' => 'deletado com sucesso']);
echo json_encode(['success' => 'Deletado com sucesso']);
} catch (Exception $e) {
echo json_encode(['error' => $e->getMessage()]);
}
}
}
12 changes: 11 additions & 1 deletion app/Controllers/UsersController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,11 @@
use App\Models\User;
use Core\Http\Controllers\Controller;
use Core\Http\Request;
use Firebase\JWT\JWT;
use Lib\Authentication\Auth;

use function array_map;
use function getenv;
use function hash;
use function json_encode;
use function password_hash;
Expand Down Expand Up @@ -39,10 +41,18 @@ public function login(Request $request): void
if ($user && $user->authenticate($params['password'])) {
Auth::login($user);

$payload = [
"iss" => "http://localhost",
"aud" => "http://localhost",
"iat" => time(),
"exp" => time() + (60 * 60),
"user_id" => $user->id
];
$token = JWT::encode($payload, $_ENV['PASSWORD_KEY_HASH'], 'HS256');
echo json_encode([
'success' => 'Logado com sucesso',
'role' => $user->roleName(),
'token' => $user->id
'token' => $token
]);
} else {
http_response_code(400);
Expand Down
45 changes: 44 additions & 1 deletion app/Middleware/AdminRole.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,62 @@

namespace App\Middleware;

use App\Models\User;
use Core\Exceptions\HTTPException;
use Core\Http\Middleware\Middleware;
use Core\Http\Request;
use Exception;
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use Lib\Authentication\Auth;

use function dd;
use function getenv;
use function http_response_code;
use function json_encode;
use function str_replace;

class AdminRole implements Middleware
{
public function handle(Request $request): void
{
if (Auth::user()->role_id != 1) {
$headers = getallheaders();
if (!isset($headers['Authorization'])) {
http_response_code(401);
echo json_encode(["error" => "Token não fornecido"]);
exit();
}

$token = str_replace('Bearer ', '', $headers['Authorization']);
$data = $this->validatesToken($token);
$user = User::findById($data['user_id']);

if ($user->role_id != 1) {
header('Content-Type: application/json', true, 401);
echo json_encode(['error' => 'Acesso restrito a admnistradores']);
exit;
}
}

/**
*
* @param string $token
* @return array<string, mixed>|null
*/

public function validatesToken(string $token): ?array
{
$key = $_ENV['PASSWORD_KEY_HASH'] ?? getenv('PASSWORD_KEY_HASH');

if (!$key) {
return null;
}

try {
$decoded = JWT::decode($token, new Key($key, 'HS256'));
return (array) $decoded;
} catch (Exception $e) {
return null;
}
}
}
46 changes: 42 additions & 4 deletions app/Middleware/Authenticate.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,54 @@
use Core\Exceptions\HTTPException;
use Core\Http\Middleware\Middleware;
use Core\Http\Request;
use Exception;
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
use Lib\Authentication\Auth;

use function dd;
use function glob;

class Authenticate implements Middleware
{
public function handle(Request $request): void
{
if (!Auth::check()) {
header('Content-Type: application/json', true, 401);
echo json_encode(['error' => 'Você precisa estar autenticado para acessar esta página.']);
exit;
$headers = getallheaders();
if (!isset($headers['Authorization'])) {
http_response_code(401);
echo json_encode(["error" => "Token não fornecido"]);
exit();
}

$token = str_replace('Bearer ', '', $headers['Authorization']);
$data = $this->validatesToken($token);

if (!$data) {
http_response_code(401);
echo json_encode(["error" => "Token inválido"]);
exit();
}

// echo json_encode(["message" => "Autorizado", "user" => $data]);
}
/**
*
* @param string $token
* @return array<string, mixed>|null
*/
public function validatesToken(string $token): ?array
{
$key = $_ENV['PASSWORD_KEY_HASH'] ?? getenv('PASSWORD_KEY_HASH');

if (!$key) {
return null;
}

try {
$decoded = JWT::decode($token, new Key($key, 'HS256'));
return (array) $decoded;
} catch (Exception $e) {
return null;
}
}
}
3 changes: 3 additions & 0 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,5 +17,8 @@
"phpunit/phpunit": "^11.1",
"squizlabs/php_codesniffer": "*",
"phpstan/phpstan": "^1.10"
},
"require": {
"firebase/php-jwt": "^6.11"
}
}
Loading