initial commit to enable token validation and key download
This commit is contained in:
Regular → Executable
+63
-15
@@ -8,7 +8,8 @@ class TokenManager {
|
||||
/*
|
||||
* VARIABLES
|
||||
*/
|
||||
private string $storagePath; // Subdirectory under Tresor's /private directory to use to store all the token information
|
||||
private string $tokenStoragePath; // Subdirectory under Tresor's /public directory to use to store all the token information
|
||||
private string $keyStoragePath; // Subdirectory under Tresor's /private directory to store all keyfiles
|
||||
private int $expireDays; // number of dates for a token to expire
|
||||
private int $maxDownloads; // maximum number of downloads before a token becomes invalid
|
||||
private int $tokenLength; // number of random bytes to use to create the token name
|
||||
@@ -19,34 +20,44 @@ class TokenManager {
|
||||
*/
|
||||
|
||||
// initialize the token instance in PHP
|
||||
public __contruct(
|
||||
public function __construct(
|
||||
string $storagePath = '/tokens',
|
||||
int $exireDays = 1,
|
||||
string $keyStoragePath = '/keys',
|
||||
int $expireDays = 1,
|
||||
int $maxDownloads = 1,
|
||||
int $tokenLength = 32
|
||||
) {
|
||||
$this->storagePath = $storagePath;
|
||||
$this->$expireDays = $expireDays;
|
||||
$this->$maxDownloads = $maxDownloads;
|
||||
$this->$tokenLength = $tokenLength;
|
||||
$this->tokenStoragePath = __DIR__ . $storagePath;
|
||||
$this->keyStoragePath = substr(__DIR__, 0, strrpos(__DIR__, '/') + 1) . 'private' . $keyStoragePath;
|
||||
$this->expireDays = $expireDays;
|
||||
$this->maxDownloads = $maxDownloads;
|
||||
$this->tokenLength = $tokenLength;
|
||||
|
||||
if(!is_dir($this->tokenStoragePath))
|
||||
mkdir($this->tokenStoragePath, 0755, true);
|
||||
}
|
||||
|
||||
// generate a new token and save it to the file system
|
||||
public generateToken(
|
||||
public function generateToken(
|
||||
string $filename,
|
||||
string $ownerName,
|
||||
string $allowedUser
|
||||
) {
|
||||
return (['error'=>'no token generated', 'status'=>'500']);
|
||||
return (['error'=>'no token generated', 'status'=>500]);
|
||||
}
|
||||
|
||||
// retrieve/download the key file connected with the token
|
||||
public retrieveToken(string $tokenName) {
|
||||
public function retrieveToken(string $tokenName) {
|
||||
$result = $this->validateToken($tokenName);
|
||||
if(!isset($result['success']))
|
||||
return ['error'=>'token invalid', 'status'=>422];
|
||||
|
||||
// send the file name of the designated key for download
|
||||
return ['success'=>$result['success'], 'status'=>200];
|
||||
}
|
||||
|
||||
// check a token and remove it when it's expired
|
||||
public cleanupToken(string $tokenName) {
|
||||
public function cleanupToken(string $tokenName) {
|
||||
|
||||
}
|
||||
|
||||
@@ -55,12 +66,49 @@ class TokenManager {
|
||||
*/
|
||||
|
||||
// check whether a token is still valid and accessible by the user requesting it
|
||||
private validateToken($tokenName) {
|
||||
return null;
|
||||
private function validateToken($tokenName) {
|
||||
// check if tokenName is a valid hexadecimal string
|
||||
if(!ctype_xdigit($tokenName))
|
||||
return false;
|
||||
|
||||
// check if token file exists and read data if so
|
||||
$tokenPath = $this->getTokenFilePath($tokenName);
|
||||
if(!file_exists($tokenPath))
|
||||
return false;
|
||||
$tokenData = json_decode(file_get_contents($tokenPath));
|
||||
|
||||
// check expiry of the token
|
||||
if( new DateTime() > new DateTime($tokenData->expires))
|
||||
return false;
|
||||
|
||||
// safety-check if requesting user name is matching the allowed characters (a-zA-Z0-9)
|
||||
if(preg_match('/[^a-zA-Z0-9]/', $_SERVER['PHP_AUTH_USER']))
|
||||
return false;
|
||||
// check if the requesting user is allowed to query the token
|
||||
if(levenshtein($_SERVER['PHP_AUTH_USER'], $tokenData->allowedUser))
|
||||
return false;
|
||||
// check if requesting user is allowed to retrieve the key
|
||||
$allowedUsersFilePath = __DIR__ . '/../private/keys/allowedUsers.json';
|
||||
if(!file_exists($allowedUsersFilePath))
|
||||
return false;
|
||||
$allowedUsers = json_decode(file_get_contents($allowedUsersFilePath))->{$tokenData->owner}->{$tokenData->file};
|
||||
if(array_search($_SERVER['PHP_AUTH_USER'], $allowedUsers, true) === false)
|
||||
return false;
|
||||
|
||||
//all checks completed successfully
|
||||
$path = substr( __DIR__, 0, strrpos(__DIR__, '/') + 1 );
|
||||
return ['success'=>$this->keyStoragePath . '/' . $tokenData->owner . '/' . $tokenData->file, 'status'=>200];
|
||||
}
|
||||
|
||||
private getDownloadFileInfo ($tokenName) {
|
||||
private function getDownloadFileInfo ($tokenName) {
|
||||
$fileInfo = [];
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
private function getTokenFilePath($tokenName) {
|
||||
$filePath = $this->tokenStoragePath . '/' . $tokenName . '.json';
|
||||
if(!file_exists($filePath))
|
||||
return false;
|
||||
return $filePath;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user