main/build/api/core/AuthSystemDefault.php

<?php

	namespace api\core;

	use \error\core\Error;
	use \error\core\Err;
	use \api\core\AuthSystem;
	use \database\core\Repo;


	class AuthSystemDefault implements AuthSystem{

		public function __construct(){
			self::check();
		}


		/* INITIALISATION DU SYSTEME ET MISE A JOUR CONSTANTES D'AUTHENTIFICATION
		*
		*
		*/
		public static function check(){
			/* (1) Initialisation
			---------------------------------------------------------*/
			if( !isset($_SESSION['TOKEN'])     ) $_SESSION['TOKEN'] = [];
			if( !isset($_SESSION['AUTH'])      ) $_SESSION['AUTH']  = [];
			if( !isset($_SESSION['PERM'])      ) $_SESSION['PERM']  = [];
			if( !isset($_SESSION['USER'])      ) $_SESSION['USER']  = [];
			if( !isset($_SESSION['ADMIN'])     ) $_SESSION['ADMIN'] = [];
			if( !isset($_SESSION['NAME'])      ) $_SESSION['NAME']  = '';
			if( !isset($_SESSION['WS'])        ) $_SESSION['WS']    = true;


			/* (2) Gestion de AUTH (authentification)
			---------------------------------------------------------*/
			$AUTH = '';

			/* (1) Si Auth dans HEADER, on le récupère */
			if( isset($_SERVER['PHP_AUTH_DIGEST']) && is_string($_SERVER['PHP_AUTH_DIGEST']) ){
				$AUTH = $_SERVER['PHP_AUTH_DIGEST'];
				$_SESSION['WS'] = true;
			}

			/* (2) Si SESSION déja connectée -> no récupère le token */
			elseif( isset($_SESSION['TOKEN']) && is_string($_SESSION['TOKEN']) )
				$AUTH = $_SESSION['TOKEN'];


			/* (3) Gestion de AUTH en fonction des tokens
			---------------------------------------------------------*/
			/* (1) Token Authentication: ADMIN  */
			if( preg_match('/^a([a-f0-9]{128})$/', $AUTH, $match) )
				$_SESSION['AUTH'] = [ 'token' => $match[1], 'type' => 'admin' ];

			/* (2) Token Authentication: USER   */
			elseif( preg_match('/^u([a-f0-9]{128})$/', $AUTH, $match) )
				$_SESSION['AUTH'] = [ 'token' => $match[1], 'type' => 'user' ];

			/* (2) Aucune authentification */
			else{
				$_SESSION['TOKEN'] = [];
				$_SESSION['AUTH']  = [];
				$_SESSION['USER']  = [];
				$_SESSION['ADMIN'] = [];
			}

			/* (4) On vérifie l'authentification par BDD
			---------------------------------------------------------*/
			if( !self::deepCheck() ){
				$_SESSION['TOKEN'] = [];
				$_SESSION['AUTH']  = [];
				$_SESSION['USER']  = [];
				$_SESSION['ADMIN'] = [];
			}
		}


		/* VERIFICATION DE L'AUTHENTIFICATION
		*
		*
		*/
		private static function deepCheck(){

			/* [1] Si aucune authentification
			=========================================================*/
			if( self::auth_level() == 0 )
				return false;


			/* [2] Si authentification token -> ADMIN
			=========================================================*/
			if( self::auth_level() == 2 ){

				/* (1) Fetch admin by token */
				$fetched_admin = Repo::request('admin', 'getByToken', $_SESSION['AUTH']['token']);

				/* (2) If does not exist -> no auth */
				if( !is_array($fetched_admin) )
					return false;

				/* (3) Update global admin informations */
				$_SESSION['ADMIN'] = [
					'id'       => $fetched_admin['id_admin'],
					'username' => $fetched_admin['username'],
					'mail'     => $fetched_admin['mail']
				];

			}


			/* [3] Si authentification token -> USER
			=========================================================*/
			if( self::auth_level() == 1 ){

				/* (1) Fetch user by token */
				$fetched_user = Repo::request('user', 'getByToken', $_SESSION['AUTH']['token']);

				/* (2) If does not exist -> no auth */
				if( !is_array($fetched_user) )
					return false;

				/* (3) Update global user informations */
				$_SESSION['USER'] = [
					'id'       => $fetched_user['id_user'],
					'username' => $fetched_user['username'],
					'mail'     => $fetched_user['mail']
				];

			}


			/* [5] Si pas d'erreur d'authentification, on retourne TRUE
			=========================================================*/
			return true;
		}


		/* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES
		*
		* @expected<array> 										Liste de listes de combinaisons de permissions attendues
		*
		* @return error<Error> 										Si FALSE, pas la permission, sinon si
		*
		*/
		public static function permission($expected){

			$error_propag = [];

			/* [1] Check format -> if not array of array(s) -> ERROR
			=========================================================*/
			/* (1) If not array -> ERROR */
			if( !is_array($expected) )
				return new Error(Err::FormatError);

			/* (2) If not array of array(s) -> ERROR */
			foreach($expected as $permissions)
				if( !is_array($permissions) )
					return new Error(Err::FormatError);


			/* [2] Foreach each set of permission
			=========================================================*/
			foreach($expected as $permission_group){

				/* If granted -> don't go further */
				$error_propag[] = self::check_permission_group($permission_group);

				if( $error_propag[count($error_propag)-1]->get() == Err::Success )
					return new Error(Err::Success);

			}


			/* [3] By default return `PermissionError`
			=========================================================*/
			if( count($error_propag) > 0 )
				return $error_propag[count($error_propag)-1];

			return new Error(Err::PermissionError);
		}


		/* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES
		*
		* @expected<array> 										Liste des permissions attendues
		*
		* @return error<int> 										Err:: error constants
		*
		*/
		private static function check_permission_group($expected){


			/* [1] Gestion de l'AUTH (authentification)
			=========================================================*/

				/* (1) Si entrepot requis, mais manquant
				---------------------------------------------------------*/
				if( in_array('admin', $expected) && ( self::auth_level() < 2 || !isset($_SESSION['ADMIN']['id']) ) )
					return new Error(Err::PermissionError);

				/* (2) Si admin requis, mais manquant
				---------------------------------------------------------*/
				if( in_array('user', $expected) && ( self::auth_level() < 1 || !isset($_SESSION['USER']['id']) ) )
					return new Error(Err::PermissionError);

				/* (3) On retire 'admin', et 'user' de @expected
				---------------------------------------------------------*/
				$adminIndex     = array_search('admin',     $expected);
				$userIndex      = array_search('user',      $expected);
				if( is_int($adminIndex) ) unset($expected[$adminIndex]);
				if( is_int($userIndex)  ) unset($expected[$userIndex]);


			/* [2] Gestion des permissions CUSTOM
			=========================================================*/

				/* (1) Vérification de toutes les permissions requises */
				foreach($expected as $permission)

					// Si il manque au minimum une permission, on retourne FALSE
					if( !in_array($permission, $_SESSION['PERM']) )
						return new Error(Err::PermissionError, $permission);


			/* [4] Si on a toutes les permissions requises
			=========================================================*/
			return new Error(Err::Success);
		}


		/* RENVOIE LE NIVEAU D'AUTHENTIFICATION
		*
		* @return auth<int> 						Niveau d'authentification (0 à 2)
		*
		*/
		public static function auth_level(){

			/* (1) Not set */
			if( !is_array($_SESSION['AUTH']) || !isset($_SESSION['AUTH']['token']) || !isset($_SESSION['AUTH']['type']) )
				return 0;

			/* (2) Admin / User */
			return ($_SESSION['AUTH']['type'] == 'admin') ? 2 : 1;

		}

	}

?>
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00			`<?php`

			`namespace api\core;`

			`use \error\core\Error;`
			`use \error\core\Err;`
			`use \api\core\AuthSystem;`
upd: api.core.AuthSystemDefault (implemented authentication by token) 2017-11-26 11:10:10 +00:00			`use \database\core\Repo;`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00



			`class AuthSystemDefault implements AuthSystem{`

			`public function __construct(){`
			`self::check();`
			`}`



			`/* INITIALISATION DU SYSTEME ET MISE A JOUR CONSTANTES D'AUTHENTIFICATION`
			`*`
			`*`
			`*/`
			`public static function check(){`
			`/* (1) Initialisation`
			`---------------------------------------------------------*/`
BIG FIX: session_name with logout .... 2017-12-07 23:32:18 +00:00			`if( !isset($_SESSION['TOKEN']) ) $_SESSION['TOKEN'] = [];`
			`if( !isset($_SESSION['AUTH']) ) $_SESSION['AUTH'] = [];`
			`if( !isset($_SESSION['PERM']) ) $_SESSION['PERM'] = [];`
			`if( !isset($_SESSION['USER']) ) $_SESSION['USER'] = [];`
			`if( !isset($_SESSION['ADMIN']) ) $_SESSION['ADMIN'] = [];`
			`if( !isset($_SESSION['NAME']) ) $_SESSION['NAME'] = '';`
			`if( !isset($_SESSION['WS']) ) $_SESSION['WS'] = true;`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00

			`/* (2) Gestion de AUTH (authentification)`
			`---------------------------------------------------------*/`
fix: api.core.AuthSystemDefault (re-use stored token in session if session_connected (check again for each api call)) 2017-11-26 12:48:03 +00:00			`$AUTH = '';`

Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00			`/* (1) Si Auth dans HEADER, on le récupère */`
fix: $_SESSION['name'] is now ok with API calls (tokens, etc) 2017-12-08 01:50:18 +00:00			`if( isset($_SERVER['PHP_AUTH_DIGEST']) && is_string($_SERVER['PHP_AUTH_DIGEST']) ){`
fix: api.core.AuthSystemDefault (re-use stored token in session if session_connected (check again for each api call)) 2017-11-26 12:48:03 +00:00			`$AUTH = $_SERVER['PHP_AUTH_DIGEST'];`
fix: $_SESSION['name'] is now ok with API calls (tokens, etc) 2017-12-08 01:50:18 +00:00			`$_SESSION['WS'] = true;`
			`}`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00
fix: api.core.AuthSystemDefault (re-use stored token in session if session_connected (check again for each api call)) 2017-11-26 12:48:03 +00:00			`/* (2) Si SESSION déja connectée -> no récupère le token */`
			`elseif( isset($_SESSION['TOKEN']) && is_string($_SESSION['TOKEN']) )`
			`$AUTH = $_SESSION['TOKEN'];`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00

			`/* (3) Gestion de AUTH en fonction des tokens`
			`---------------------------------------------------------*/`
			`/* (1) Token Authentication: ADMIN */`
upd: api.core.AuthSystemDefault (implemented authentication by token) 2017-11-26 11:10:10 +00:00			`if( preg_match('/^a([a-f0-9]{128})$/', $AUTH, $match) )`
			`$_SESSION['AUTH'] = [ 'token' => $match[1], 'type' => 'admin' ];`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00
			`/* (2) Token Authentication: USER */`
upd: api.core.AuthSystemDefault (implemented authentication by token) 2017-11-26 11:10:10 +00:00			`elseif( preg_match('/^u([a-f0-9]{128})$/', $AUTH, $match) )`
			`$_SESSION['AUTH'] = [ 'token' => $match[1], 'type' => 'user' ];`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00
			`/* (2) Aucune authentification */`
			`else{`
fix: api.core.AuthSystemDefault (re-use stored token in session if session_connected (check again for each api call)) 2017-11-26 12:48:03 +00:00			`$_SESSION['TOKEN'] = [];`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00			`$_SESSION['AUTH'] = [];`
			`$_SESSION['USER'] = [];`
			`$_SESSION['ADMIN'] = [];`
			`}`

			`/* (4) On vérifie l'authentification par BDD`
			`---------------------------------------------------------*/`
			`if( !self::deepCheck() ){`
fix: api.core.AuthSystemDefault (re-use stored token in session if session_connected (check again for each api call)) 2017-11-26 12:48:03 +00:00			`$_SESSION['TOKEN'] = [];`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00			`$_SESSION['AUTH'] = [];`
			`$_SESSION['USER'] = [];`
			`$_SESSION['ADMIN'] = [];`
			`}`
			`}`




			`/* VERIFICATION DE L'AUTHENTIFICATION`
			`*`
			`*`
			`*/`
			`private static function deepCheck(){`

			`/* [1] Si aucune authentification`
			`=========================================================*/`
			`if( self::auth_level() == 0 )`
			`return false;`


			`/* [2] Si authentification token -> ADMIN`
			`=========================================================*/`
			`if( self::auth_level() == 2 ){`

upd: api.core.AuthSystemDefault (implemented authentication by token) 2017-11-26 11:10:10 +00:00			`/* (1) Fetch admin by token */`
			`$fetched_admin = Repo::request('admin', 'getByToken', $_SESSION['AUTH']['token']);`

			`/* (2) If does not exist -> no auth */`
			`if( !is_array($fetched_admin) )`
			`return false;`

			`/* (3) Update global admin informations */`
			`$_SESSION['ADMIN'] = [`
			`'id' => $fetched_admin['id_admin'],`
			`'username' => $fetched_admin['username'],`
			`'mail' => $fetched_admin['mail']`
			`];`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00
			`}`


Barebone setup@1 > fixed: api.core.AuthSystemDefault (manages default main permissions + custom permissions in the array $_SESSION['PERM']) 2017-11-23 10:32:31 +00:00			`/* [3] Si authentification token -> USER`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00			`=========================================================*/`
Barebone setup@1 > fixed: api.core.AuthSystemDefault (manages default main permissions + custom permissions in the array $_SESSION['PERM']) 2017-11-23 10:32:31 +00:00			`if( self::auth_level() == 1 ){`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00
upd: api.core.AuthSystemDefault (implemented authentication by token) 2017-11-26 11:10:10 +00:00			`/* (1) Fetch user by token */`
			`$fetched_user = Repo::request('user', 'getByToken', $_SESSION['AUTH']['token']);`

			`/* (2) If does not exist -> no auth */`
			`if( !is_array($fetched_user) )`
			`return false;`

			`/* (3) Update global user informations */`
			`$_SESSION['USER'] = [`
			`'id' => $fetched_user['id_user'],`
			`'username' => $fetched_user['username'],`
			`'mail' => $fetched_user['mail']`
			`];`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00
			`}`


			`/* [5] Si pas d'erreur d'authentification, on retourne TRUE`
			`=========================================================*/`
			`return true;`
			`}`







			`/* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES`
			`*`
			`* @expected<array> Liste de listes de combinaisons de permissions attendues`
			`*`
			`* @return error<Error> Si FALSE, pas la permission, sinon si`
			`*`
			`*/`
Barebone setup@2 > fixed: api.core.AuthSystemDefault (removed useless @module management + use Error argument to tell which permission misses) \| api.core.Request (removed @module when calling api.core.AuthSystemDefault.permission(@expected)) 2017-11-23 10:34:20 +00:00			`public static function permission($expected){`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00
			`$error_propag = [];`

			`/* [1] Check format -> if not array of array(s) -> ERROR`
			`=========================================================*/`
			`/* (1) If not array -> ERROR */`
			`if( !is_array($expected) )`
			`return new Error(Err::FormatError);`

			`/* (2) If not array of array(s) -> ERROR */`
			`foreach($expected as $permissions)`
			`if( !is_array($permissions) )`
			`return new Error(Err::FormatError);`


			`/* [2] Foreach each set of permission`
			`=========================================================*/`
			`foreach($expected as $permission_group){`

			`/* If granted -> don't go further */`
Barebone setup@2 > fixed: api.core.AuthSystemDefault (removed useless @module management + use Error argument to tell which permission misses) \| api.core.Request (removed @module when calling api.core.AuthSystemDefault.permission(@expected)) 2017-11-23 10:34:20 +00:00			`$error_propag[] = self::check_permission_group($permission_group);`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00
Barebone setup@2 > fixed: api.core.AuthSystemDefault (removed useless @module management + use Error argument to tell which permission misses) \| api.core.Request (removed @module when calling api.core.AuthSystemDefault.permission(@expected)) 2017-11-23 10:34:20 +00:00			`if( $error_propag[count($error_propag)-1]->get() == Err::Success )`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00			`return new Error(Err::Success);`

			`}`


			/* [3] By default return `PermissionError`
			`=========================================================*/`
			`if( count($error_propag) > 0 )`
Barebone setup@2 > fixed: api.core.AuthSystemDefault (removed useless @module management + use Error argument to tell which permission misses) \| api.core.Request (removed @module when calling api.core.AuthSystemDefault.permission(@expected)) 2017-11-23 10:34:20 +00:00			`return $error_propag[count($error_propag)-1];`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00
			`return new Error(Err::PermissionError);`
			`}`







			`/* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES`
			`*`
			`* @expected<array> Liste des permissions attendues`
			`*`
			`* @return error<int> Err:: error constants`
			`*`
			`*/`
Barebone setup@2 > fixed: api.core.AuthSystemDefault (removed useless @module management + use Error argument to tell which permission misses) \| api.core.Request (removed @module when calling api.core.AuthSystemDefault.permission(@expected)) 2017-11-23 10:34:20 +00:00			`private static function check_permission_group($expected){`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00

			`/* [1] Gestion de l'AUTH (authentification)`
			`=========================================================*/`

			`/* (1) Si entrepot requis, mais manquant`
			`---------------------------------------------------------*/`
			`if( in_array('admin', $expected) && ( self::auth_level() < 2 \|\| !isset($_SESSION['ADMIN']['id']) ) )`
Barebone setup@2 > fixed: api.core.AuthSystemDefault (removed useless @module management + use Error argument to tell which permission misses) \| api.core.Request (removed @module when calling api.core.AuthSystemDefault.permission(@expected)) 2017-11-23 10:34:20 +00:00			`return new Error(Err::PermissionError);`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00
			`/* (2) Si admin requis, mais manquant`
			`---------------------------------------------------------*/`
			`if( in_array('user', $expected) && ( self::auth_level() < 1 \|\| !isset($_SESSION['USER']['id']) ) )`
Barebone setup@2 > fixed: api.core.AuthSystemDefault (removed useless @module management + use Error argument to tell which permission misses) \| api.core.Request (removed @module when calling api.core.AuthSystemDefault.permission(@expected)) 2017-11-23 10:34:20 +00:00			`return new Error(Err::PermissionError);`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00
Barebone setup@1 > fixed: api.core.AuthSystemDefault (manages default main permissions + custom permissions in the array $_SESSION['PERM']) 2017-11-23 10:32:31 +00:00			`/* (3) On retire 'admin', et 'user' de @expected`
			`---------------------------------------------------------*/`
			`$adminIndex = array_search('admin', $expected);`
			`$userIndex = array_search('user', $expected);`
			`if( is_int($adminIndex) ) unset($expected[$adminIndex]);`
			`if( is_int($userIndex) ) unset($expected[$userIndex]);`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00
Barebone setup@1 > fixed: api.core.AuthSystemDefault (manages default main permissions + custom permissions in the array $_SESSION['PERM']) 2017-11-23 10:32:31 +00:00
			`/* [2] Gestion des permissions CUSTOM`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00			`=========================================================*/`

			`/* (1) Vérification de toutes les permissions requises */`
			`foreach($expected as $permission)`
Barebone setup@1 > fixed: api.core.AuthSystemDefault (manages default main permissions + custom permissions in the array $_SESSION['PERM']) 2017-11-23 10:32:31 +00:00
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00			`// Si il manque au minimum une permission, on retourne FALSE`
			`if( !in_array($permission, $_SESSION['PERM']) )`
Barebone setup@2 > fixed: api.core.AuthSystemDefault (removed useless @module management + use Error argument to tell which permission misses) \| api.core.Request (removed @module when calling api.core.AuthSystemDefault.permission(@expected)) 2017-11-23 10:34:20 +00:00			`return new Error(Err::PermissionError, $permission);`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00

			`/* [4] Si on a toutes les permissions requises`
			`=========================================================*/`
Barebone setup@2 > fixed: api.core.AuthSystemDefault (removed useless @module management + use Error argument to tell which permission misses) \| api.core.Request (removed @module when calling api.core.AuthSystemDefault.permission(@expected)) 2017-11-23 10:34:20 +00:00			`return new Error(Err::Success);`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00			`}`





			`/* RENVOIE LE NIVEAU D'AUTHENTIFICATION`
			`*`
			`* @return auth<int> Niveau d'authentification (0 à 2)`
			`*`
			`*/`
			`public static function auth_level(){`

			`/* (1) Not set */`
upd: api.core.AuthSystemDefault (implemented authentication by token) 2017-11-26 11:10:10 +00:00			`if( !is_array($_SESSION['AUTH']) \|\| !isset($_SESSION['AUTH']['token']) \|\| !isset($_SESSION['AUTH']['type']) )`
Barebone setup@0 > build: api, router, http, error \| 2017-11-23 10:23:09 +00:00			`return 0;`

			`/* (2) Admin / User */`
			`return ($_SESSION['AUTH']['type'] == 'admin') ? 2 : 1;`

			`}`

			`}`

			`?>`