DigiErbe/Tresor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Tresor/public/TokenManager.php
T

115 lines
4.2 KiB
PHP
Executable File
Raw Permalink Blame History

<?php
//////////////////////
// TokenManager.php //
// DigiErbe Tresor //
//////////////////////
class TokenManager {
/*
* VARIABLES
*/
private string $tokenStoragePath; // Subdirectory under Tresor's /public directory to use to store all the token information
private string $keyStoragePath; // Subdirectory under Tresor's /private directory to store all keyfiles
private int $expireDays; // number of dates for a token to expire
private int $maxDownloads; // maximum number of downloads before a token becomes invalid
private int $tokenLength; // number of random bytes to use to create the token name
private string $allowedUser; // the user allowed to access the token
/*
* PUBLIC FUNCTIONS
*/
// initialize the token instance in PHP
public function __construct(
string $storagePath = '/tokens',
string $keyStoragePath = '/keys',
int $expireDays = 1,
int $maxDownloads = 1,
int $tokenLength = 32
) {
$this->tokenStoragePath = __DIR__ . $storagePath;
$this->keyStoragePath = substr(__DIR__, 0, strrpos(__DIR__, '/') + 1) . 'private' . $keyStoragePath;
$this->expireDays = $expireDays;
$this->maxDownloads = $maxDownloads;
$this->tokenLength = $tokenLength;
if(!is_dir($this->tokenStoragePath))
mkdir($this->tokenStoragePath, 0755, true);
}
// generate a new token and save it to the file system
public function generateToken(
string $filename,
string $ownerName,
string $allowedUser
) {
return (['error'=>'no token generated', 'status'=>500]);
}
// retrieve/download the key file connected with the token
public function retrieveToken(string $tokenName) {
$result = $this->validateToken($tokenName);
if(!isset($result['success']))
return ['error'=>'token invalid', 'status'=>422];
// send the file name of the designated key for download
return ['success'=>$result['success'], 'status'=>200];
}
// check a token and remove it when it's expired
public function cleanupToken(string $tokenName) {
}
/*
* PRIVATE FUNCTIONS
*/
// check whether a token is still valid and accessible by the user requesting it
private function validateToken($tokenName) {
// check if tokenName is a valid hexadecimal string
if(!ctype_xdigit($tokenName))
return false;
// check if token file exists and read data if so
$tokenPath = $this->getTokenFilePath($tokenName);
if(!file_exists($tokenPath))
return false;
$tokenData = json_decode(file_get_contents($tokenPath));
// check expiry of the token
if( new DateTime() > new DateTime($tokenData->expires))
return false;
// safety-check if requesting user name is matching the allowed characters (a-zA-Z0-9)
if(preg_match('/[^a-zA-Z0-9]/', $_SERVER['PHP_AUTH_USER']))
return false;
// check if the requesting user is allowed to query the token
if(levenshtein($_SERVER['PHP_AUTH_USER'], $tokenData->allowedUser))
return false;
// check if requesting user is allowed to retrieve the key
$allowedUsersFilePath = __DIR__ . '/../private/keys/allowedUsers.json';
if(!file_exists($allowedUsersFilePath))
return false;
$allowedUsers = json_decode(file_get_contents($allowedUsersFilePath))->{$tokenData->owner}->{$tokenData->file};
if(array_search($_SERVER['PHP_AUTH_USER'], $allowedUsers, true) === false)
return false;
//all checks completed successfully
$path = substr( __DIR__, 0, strrpos(__DIR__, '/') + 1 );
return ['success'=>$this->keyStoragePath . '/' . $tokenData->owner . '/' . $tokenData->file, 'status'=>200];
}
private function getDownloadFileInfo ($tokenName) {
$fileInfo = [];
return null;
}
private function getTokenFilePath($tokenName) {
$filePath = $this->tokenStoragePath . '/' . $tokenName . '.json';
if(!file_exists($filePath))
return false;
return $filePath;
}
}
Reference in New Issue View Git Blame Copy Permalink