From 4950f66fd92889e68de7c31faace0afc6635bf2b Mon Sep 17 00:00:00 2001
From: xdrm-brackets <doowap31@gmail.com>
Date: Sun, 10 Apr 2016 17:40:09 +0200
Subject: [PATCH] =?UTF-8?q?Gestion=20de=20l'acc=C3=A8s=20=C3=A0=20l'API=20?=
 =?UTF-8?q?avec=20tokens?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 automate.php              |  2 --
 config/repositories.json  |  3 ++-
 manager/Database.php      |  2 +-
 manager/ManagerError.php  |  6 ++++++
 manager/ModuleAnswer.php  |  2 +-
 manager/ModuleRequest.php | 19 +++++++++++++++++++
 manager/repo/token.php    | 31 +++++++++++++++++++++++++++++++
 7 files changed, 60 insertions(+), 5 deletions(-)

diff --git a/automate.php b/automate.php
index 6e7cf89..141e480 100755
--- a/automate.php
+++ b/automate.php
@@ -68,6 +68,4 @@
 		var_dump( $contact );
 	}
 
-	parseCallLog();
-
 ?>
\ No newline at end of file
diff --git a/config/repositories.json b/config/repositories.json
index 808b331..bd2feb1 100755
--- a/config/repositories.json
+++ b/config/repositories.json
@@ -5,7 +5,8 @@
 
 
 	"token": [
-		"getAll"
+		"getAll",
+		"check"
 	]
 
 }
\ No newline at end of file
diff --git a/manager/Database.php b/manager/Database.php
index 76017b2..dfe3052 100755
--- a/manager/Database.php
+++ b/manager/Database.php
@@ -216,7 +216,7 @@
 					return $checker && is_string($value) && strlen($value) <= 50 && preg_match('/^[\w\.-]+@[\w\.-]+\.[a-z]{2,4}$/i', $value);
 					break;
 				
-				case 'user.password':
+				case 'sha1':
 					return $checker && is_string($value) && preg_match('/^[\da-f]{40}$/i', $value);
 					break;
 
diff --git a/manager/ManagerError.php b/manager/ManagerError.php
index f26f8f6..83c6547 100755
--- a/manager/ManagerError.php
+++ b/manager/ManagerError.php
@@ -60,6 +60,10 @@
 			// Erreur lors de la creation d'un objet PDO (connection)
 			const PDOConnection       = 14;
 
+		/* API token */
+			// Token inexistant ou faux
+			const TokenError          = 15;
+
 
 		/* EXPLICITE UN CODE D'ERREUR
 		*
@@ -90,6 +94,8 @@
 
 				case self::PDOConnection:       return "La connexion avec la base de donnees a echoue";                       break;
 
+				case self::TokenError:          return "Le token de connection est absent ou errone";                         break;
+
 				// default:                        return "Erreur inconnue...";                                                  break;
 			}
 
diff --git a/manager/ModuleAnswer.php b/manager/ModuleAnswer.php
index 808a4b3..e3d5fc1 100755
--- a/manager/ModuleAnswer.php
+++ b/manager/ModuleAnswer.php
@@ -137,7 +137,7 @@
 		public function serialize(){
 
 			// On rajoute l'erreur au message
-			$returnData = array_merge( array('ModuleError' => $this->error), $this->data );
+			$returnData = array_merge( array('ModuleError' => ManagerError::explicit($this->error)), $this->data );
 
 			return json_encode($returnData);
 
diff --git a/manager/ModuleRequest.php b/manager/ModuleRequest.php
index cc7dab3..5171a5e 100755
--- a/manager/ModuleRequest.php
+++ b/manager/ModuleRequest.php
@@ -167,6 +167,25 @@
 		*
 		*/
 		public static function fromPost($post){
+			/* [0] Verification de l'authentification
+			=========================================================*/
+			/* (1) Si le token n'est pas dans le header */
+			if( !isset($_SERVER['PHP_AUTH_DIGEST']) ){
+				$tmp = new ModuleRequest();
+				$tmp->error = ManagerError::TokenError;
+				return $tmp;
+			}
+
+			/* (2) Si le token n'est pas dans la BDD */
+			$checkToken = new Repo('token/check', array($_SERVER['PHP_AUTH_DIGEST']) );
+			$valid_token = $checkToken->answer();
+
+			if( !$valid_token ){
+				$tmp = new ModuleRequest();
+				$tmp->error = ManagerError::TokenError;
+				return $tmp;	
+			}
+
 			/* [1] On verifie que le @path est renseigne
 			=========================================================*/
 			if( !isset($post['path']) )
diff --git a/manager/repo/token.php b/manager/repo/token.php
index a1ea427..3da7517 100644
--- a/manager/repo/token.php
+++ b/manager/repo/token.php
@@ -45,6 +45,37 @@
 
 
 
+		/* VERIFIE SI UN TOKEN EST VALIDE
+		*
+		* @token<String> 									Token en question
+		*
+		* @return valid<bool>		 						Retourne si VRAI ou FAUX le token est valid
+		*
+		*/
+		public static function check($token){
+			/* [0] Verification des INPUT
+			=========================================================*/
+			// si le format est incorrect, on retourne FAUX
+			if( !Database::check('sha1', $token) ) return false;
+
+
+			/* [1] Verification dans la base de donnees
+			=========================================================*/
+			$check = Database::getPDO()->prepare("SELECT id_token
+				FROM api_token
+				WHERE CURDATE() BETWEEN creation AND expires
+				AND token = :token");
+			$check->execute(array( ':token' => $token ));
+
+
+			/* [2] On retourne le resultat
+			=========================================================*/
+			return $check->fetch() !== false;
+		}
+
+
+
+
 
 	}