Simon
5ef6fc8064
- Handler funkce extrahovany z API souboru do api/admin/handlers/ - config.php rozdeleny na helpers.php (funkce) a constants.php (konstanty) - require_once odstranen z class souboru (AuditLog, JWTAuth, LeaveNotification) - vendor/autoload.php presunuto do config.php bootstrap - totp-handlers.php: pridany use deklarace pro TwoFactorAuth - phpstan.neon: bootstrapFiles, scanDirectories, dynamicConstantNames - Opraveny chybejici routing bloky v totp.php a session.php Vysledek: phpcs 0 errors 0 warnings, PHPStan 0 errors, ESLint 0 errors Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
68 lines
2.0 KiB
PHP
68 lines
2.0 KiB
PHP
<?php
|
|
|
|
/**
|
|
* BOHA Automation - Sessions API
|
|
*
|
|
* Allows users to view and manage their active sessions (logged-in devices)
|
|
*
|
|
* GET /api/admin/sessions.php - List all active sessions for current user
|
|
* DELETE /api/admin/sessions.php?id=X - Delete a specific session
|
|
* DELETE /api/admin/sessions.php?action=all - Delete all sessions except current
|
|
*/
|
|
|
|
declare(strict_types=1);
|
|
|
|
require_once dirname(__DIR__) . '/config.php';
|
|
require_once dirname(__DIR__) . '/includes/JWTAuth.php';
|
|
require_once __DIR__ . '/handlers/sessions-handlers.php';
|
|
|
|
// Set headers
|
|
setCorsHeaders();
|
|
setSecurityHeaders();
|
|
setNoCacheHeaders();
|
|
header('Content-Type: application/json; charset=utf-8');
|
|
|
|
// Require authentication
|
|
$authData = JWTAuth::requireAuth();
|
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
$sessionId = isset($_GET['id']) ? (int) $_GET['id'] : null;
|
|
$action = $_GET['action'] ?? null;
|
|
$currentUserId = $authData['user_id'];
|
|
|
|
// Get current refresh token hash for identifying current session
|
|
$currentTokenHash = null;
|
|
if (isset($_COOKIE['refresh_token'])) {
|
|
$currentTokenHash = hash('sha256', $_COOKIE['refresh_token']);
|
|
}
|
|
|
|
try {
|
|
$pdo = db();
|
|
|
|
switch ($method) {
|
|
case 'GET':
|
|
handleGetSession($pdo, $currentUserId, $currentTokenHash);
|
|
break;
|
|
|
|
case 'DELETE':
|
|
if ($action === 'all') {
|
|
handleDeleteAllSessions($pdo, $currentUserId, $currentTokenHash);
|
|
} elseif ($sessionId) {
|
|
handleDeleteSession($pdo, $sessionId, $currentUserId, $currentTokenHash);
|
|
} else {
|
|
errorResponse('ID relace nebo akce je povinná');
|
|
}
|
|
break;
|
|
|
|
default:
|
|
errorResponse('Metoda není povolena', 405);
|
|
}
|
|
} catch (PDOException $e) {
|
|
error_log('Sessions API error: ' . $e->getMessage());
|
|
if (DEBUG_MODE) {
|
|
errorResponse('Chyba databáze: ' . $e->getMessage(), 500);
|
|
} else {
|
|
errorResponse('Chyba databáze', 500);
|
|
}
|
|
}
|