mytinytodo/includes/api/AuthController.php

64 lines
1.7 KiB
PHP
Raw Normal View History

2022-07-10 12:23:53 +00:00
<?php declare(strict_types=1);
/*
This file is a part of myTinyTodo.
(C) Copyright 2022 Max Pozdeev <maxpozdeev@gmail.com>
Licensed under the GNU GPL version 2 or any later. See file COPYRIGHT for details.
*/
class AuthController extends ApiController {
function postAction($action)
{
switch ($action) {
case 'login': $this->response->data = $this->login(); break;
case 'logout': $this->response->data = $this->logout(); break;
case 'session': $this->response->data = $this->createSession(); break;
default: $this->response->data = ['total' => 0]; // error 400 ?
2022-07-10 12:23:53 +00:00
}
}
private function login(): ?array
2022-07-10 12:23:53 +00:00
{
check_token();
$t = array('logged' => 0);
if (!need_auth()) {
$t['disabled'] = 1;
return $t;
}
$password = $this->req->jsonBody['password'] ?? '';
if ( isPasswordEqualsToHash($password, Config::get('password')) ) {
updateSessionLogged(true);
$t['token'] = update_token();
$t['logged'] = 1;
}
return $t;
}
private function logout(): ?array
2022-07-10 12:23:53 +00:00
{
check_token();
updateSessionLogged(false);
update_token();
session_regenerate_id(true);
$t = array('logged' => 0);
return $t;
}
private function createSession(): ?array
2022-07-10 12:23:53 +00:00
{
$t = array();
if (!need_auth()) {
$t['disabled'] = 1;
return $t;
}
if (access_token() == '') {
update_token();
}
$t['token'] = access_token();
$t['session'] = session_id();
return $t;
}
}