Simon
5ef6fc8064
- Handler funkce extrahovany z API souboru do api/admin/handlers/ - config.php rozdeleny na helpers.php (funkce) a constants.php (konstanty) - require_once odstranen z class souboru (AuditLog, JWTAuth, LeaveNotification) - vendor/autoload.php presunuto do config.php bootstrap - totp-handlers.php: pridany use deklarace pro TwoFactorAuth - phpstan.neon: bootstrapFiles, scanDirectories, dynamicConstantNames - Opraveny chybejici routing bloky v totp.php a session.php Vysledek: phpcs 0 errors 0 warnings, PHPStan 0 errors, ESLint 0 errors Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
95 lines
2.4 KiB
PHP
95 lines
2.4 KiB
PHP
<?php
|
|
|
|
/**
|
|
* BOHA Automation - Session Check API (JWT)
|
|
*
|
|
* GET /api/admin/session.php
|
|
*
|
|
* Checks if the user has a valid session by:
|
|
* 1. First checking the Authorization header for a valid access token
|
|
* 2. If no valid access token, tries to refresh using the refresh_token cookie
|
|
*
|
|
* Response:
|
|
* {
|
|
* "success": true,
|
|
* "data": {
|
|
* "authenticated": boolean,
|
|
* "user": { ... } | null,
|
|
* "access_token": "string" | null,
|
|
* "expires_in": int | null
|
|
* }
|
|
* }
|
|
*/
|
|
|
|
declare(strict_types=1);
|
|
|
|
require_once dirname(__DIR__) . '/config.php';
|
|
require_once dirname(__DIR__) . '/includes/JWTAuth.php';
|
|
require_once dirname(__DIR__) . '/includes/RateLimiter.php';
|
|
require_once __DIR__ . '/handlers/session-handlers.php';
|
|
|
|
setCorsHeaders();
|
|
setSecurityHeaders();
|
|
setNoCacheHeaders();
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
|
|
// 200 req/min - vola se pri kazde zmene route
|
|
$rateLimiter = new RateLimiter();
|
|
$rateLimiter->enforce('session', 200);
|
|
|
|
// Cleanup expired refresh tokenu (0.1% sance)
|
|
if (rand(1, 1000) === 1) {
|
|
try {
|
|
JWTAuth::cleanupExpiredTokens();
|
|
} catch (Exception $e) {
|
|
}
|
|
}
|
|
|
|
if (!in_array($_SERVER['REQUEST_METHOD'], ['GET', 'POST'])) {
|
|
errorResponse('Metoda není povolena', 405);
|
|
}
|
|
|
|
$authData = JWTAuth::optionalAuth();
|
|
|
|
if ($authData) {
|
|
$userData = $authData['user'];
|
|
$userData['permissions'] = JWTAuth::getUserPermissions($authData['user_id']);
|
|
|
|
$twoFA = get2FAInfo(db(), $authData['user_id']);
|
|
$userData['totp_enabled'] = $twoFA['totp_enabled'];
|
|
$userData['require_2fa'] = $twoFA['require_2fa'];
|
|
|
|
successResponse([
|
|
'authenticated' => true,
|
|
'user' => $userData,
|
|
'access_token' => null,
|
|
'expires_in' => null,
|
|
]);
|
|
}
|
|
|
|
$refreshToken = $_COOKIE['refresh_token'] ?? null;
|
|
|
|
if ($refreshToken) {
|
|
$result = JWTAuth::refreshTokens();
|
|
|
|
if ($result) {
|
|
$twoFA = get2FAInfo(db(), $result['user']['id']);
|
|
$result['user']['totp_enabled'] = $twoFA['totp_enabled'];
|
|
$result['user']['require_2fa'] = $twoFA['require_2fa'];
|
|
|
|
successResponse([
|
|
'authenticated' => true,
|
|
'user' => $result['user'],
|
|
'access_token' => $result['access_token'],
|
|
'expires_in' => $result['expires_in'],
|
|
]);
|
|
}
|
|
}
|
|
|
|
successResponse([
|
|
'authenticated' => false,
|
|
'user' => null,
|
|
'access_token' => null,
|
|
'expires_in' => null,
|
|
]);
|