Initial commit
This commit is contained in:
111
api/admin/session.php
Normal file
111
api/admin/session.php
Normal file
@@ -0,0 +1,111 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* BOHA Automation - Session Check API (JWT)
|
||||
*
|
||||
* GET /api/admin/session.php
|
||||
*
|
||||
* Checks if the user has a valid session by:
|
||||
* 1. First checking the Authorization header for a valid access token
|
||||
* 2. If no valid access token, tries to refresh using the refresh_token cookie
|
||||
*
|
||||
* Response:
|
||||
* {
|
||||
* "success": true,
|
||||
* "data": {
|
||||
* "authenticated": boolean,
|
||||
* "user": { ... } | null,
|
||||
* "access_token": "string" | null,
|
||||
* "expires_in": int | null
|
||||
* }
|
||||
* }
|
||||
*/
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
require_once dirname(__DIR__) . '/config.php';
|
||||
require_once dirname(__DIR__) . '/includes/JWTAuth.php';
|
||||
require_once dirname(__DIR__) . '/includes/RateLimiter.php';
|
||||
|
||||
setCorsHeaders();
|
||||
setSecurityHeaders();
|
||||
setNoCacheHeaders();
|
||||
header('Content-Type: application/json; charset=utf-8');
|
||||
|
||||
// 200 req/min - vola se pri kazde zmene route
|
||||
$rateLimiter = new RateLimiter();
|
||||
$rateLimiter->enforce('session', 200);
|
||||
|
||||
// Cleanup expired refresh tokenu (0.1% sance)
|
||||
if (rand(1, 1000) === 1) {
|
||||
try {
|
||||
JWTAuth::cleanupExpiredTokens();
|
||||
} catch (Exception $e) {
|
||||
}
|
||||
}
|
||||
|
||||
if (!in_array($_SERVER['REQUEST_METHOD'], ['GET', 'POST'])) {
|
||||
errorResponse('Metoda není povolena', 405);
|
||||
}
|
||||
|
||||
/** @return array<string, mixed> */
|
||||
function get2FAInfo(PDO $pdo, int $userId): array
|
||||
{
|
||||
try {
|
||||
$stmt = $pdo->prepare("SELECT totp_enabled FROM users WHERE id = ?");
|
||||
$stmt->execute([$userId]);
|
||||
$row = $stmt->fetch();
|
||||
|
||||
$r2fa = $pdo->query("SELECT require_2fa FROM company_settings LIMIT 1");
|
||||
return [
|
||||
'totp_enabled' => (bool) ($row['totp_enabled'] ?? false),
|
||||
'require_2fa' => (bool) $r2fa->fetchColumn(),
|
||||
];
|
||||
} catch (PDOException $e) {
|
||||
return ['totp_enabled' => false, 'require_2fa' => false];
|
||||
}
|
||||
}
|
||||
|
||||
$authData = JWTAuth::optionalAuth();
|
||||
|
||||
if ($authData) {
|
||||
$userData = $authData['user'];
|
||||
$userData['permissions'] = JWTAuth::getUserPermissions($authData['user_id']);
|
||||
|
||||
$twoFA = get2FAInfo(db(), $authData['user_id']);
|
||||
$userData['totp_enabled'] = $twoFA['totp_enabled'];
|
||||
$userData['require_2fa'] = $twoFA['require_2fa'];
|
||||
|
||||
successResponse([
|
||||
'authenticated' => true,
|
||||
'user' => $userData,
|
||||
'access_token' => null,
|
||||
'expires_in' => null,
|
||||
]);
|
||||
}
|
||||
|
||||
$refreshToken = $_COOKIE['refresh_token'] ?? null;
|
||||
|
||||
if ($refreshToken) {
|
||||
$result = JWTAuth::refreshTokens();
|
||||
|
||||
if ($result) {
|
||||
$twoFA = get2FAInfo(db(), $result['user']['id']);
|
||||
$result['user']['totp_enabled'] = $twoFA['totp_enabled'];
|
||||
$result['user']['require_2fa'] = $twoFA['require_2fa'];
|
||||
|
||||
successResponse([
|
||||
'authenticated' => true,
|
||||
'user' => $result['user'],
|
||||
'access_token' => $result['access_token'],
|
||||
'expires_in' => $result['expires_in'],
|
||||
]);
|
||||
}
|
||||
}
|
||||
|
||||
successResponse([
|
||||
'authenticated' => false,
|
||||
'user' => null,
|
||||
'access_token' => null,
|
||||
'expires_in' => null,
|
||||
]);
|
||||
Reference in New Issue
Block a user