nilsteampassnet /
TeamPass
@@ -45,7 +45,7 @@ discard block |
||
| 45 | 45 | { |
| 46 | 46 | $superGlobal = new SuperGlobal(); |
| 47 | 47 | $uri = parse_url($superGlobal->get('REQUEST_URI', 'SERVER'), PHP_URL_PATH); |
| 48 | - $uri = explode( '/', $uri ); |
|
| 48 | + $uri = explode('/', $uri); |
|
| 49 | 49 | return $this->sanitizeUrl(array_slice($uri, ((int) array_search('index.php', $uri) + 1))); |
| 50 | 50 | } |
| 51 | 51 | |
@@ -71,7 +71,7 @@ discard block |
||
| 71 | 71 | { |
| 72 | 72 | $filters = []; |
| 73 | 73 | $array_size = count($array); |
| 74 | - for ($i=0; $i < $array_size; $i++) { |
|
| 74 | + for ($i = 0; $i < $array_size; $i++) { |
|
| 75 | 75 | array_push($filters, 'trim|escape'); |
| 76 | 76 | } |
| 77 | 77 | |
@@ -89,7 +89,7 @@ discard block |
||
| 89 | 89 | * @param mixed $data |
| 90 | 90 | * @param string $httpHeader |
| 91 | 91 | */ |
| 92 | - protected function sendOutput($data, $httpHeaders=array()): void |
|
| 92 | + protected function sendOutput($data, $httpHeaders = array()): void |
|
| 93 | 93 | { |
| 94 | 94 | header_remove('Set-Cookie'); |
| 95 | 95 | |
@@ -52,7 +52,7 @@ discard block |
||
| 52 | 52 | // build a signature based on the header and payload using the secret |
| 53 | 53 | $base64_url_header = base64url_encode($header); |
| 54 | 54 | $base64_url_payload = base64url_encode($payload); |
| 55 | - $signature = hash_hmac('SHA256', $base64_url_header . "." . $base64_url_payload, DB_PASSWD, true); |
|
| 55 | + $signature = hash_hmac('SHA256', $base64_url_header.".".$base64_url_payload, DB_PASSWD, true); |
|
| 56 | 56 | $base64_url_signature = base64url_encode($signature); |
| 57 | 57 | |
| 58 | 58 | // verify it matches the signature provided in the jwt |
@@ -69,7 +69,7 @@ discard block |
||
| 69 | 69 | return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); |
| 70 | 70 | } |
| 71 | 71 | |
| 72 | -function get_authorization_header(){ |
|
| 72 | +function get_authorization_header() { |
|
| 73 | 73 | $superGlobal = new SuperGlobal(); |
| 74 | 74 | $headers = null; |
| 75 | 75 | |
@@ -26,43 +26,43 @@ discard block |
||
| 26 | 26 | use TeampassClasses\SuperGlobal\SuperGlobal; |
| 27 | 27 | |
| 28 | 28 | function generate_jwt($headers, $payload) { |
| 29 | - $headers_encoded = base64url_encode(json_encode($headers)); |
|
| 29 | + $headers_encoded = base64url_encode(json_encode($headers)); |
|
| 30 | 30 | |
| 31 | - $payload_encoded = base64url_encode(json_encode($payload)); |
|
| 31 | + $payload_encoded = base64url_encode(json_encode($payload)); |
|
| 32 | 32 | |
| 33 | - $signature = hash_hmac('SHA256', "$headers_encoded.$payload_encoded", DB_PASSWD, true); |
|
| 34 | - $signature_encoded = base64url_encode($signature); |
|
| 33 | + $signature = hash_hmac('SHA256', "$headers_encoded.$payload_encoded", DB_PASSWD, true); |
|
| 34 | + $signature_encoded = base64url_encode($signature); |
|
| 35 | 35 | |
| 36 | - $jwt = "$headers_encoded.$payload_encoded.$signature_encoded"; |
|
| 36 | + $jwt = "$headers_encoded.$payload_encoded.$signature_encoded"; |
|
| 37 | 37 | |
| 38 | - return $jwt; |
|
| 38 | + return $jwt; |
|
| 39 | 39 | } |
| 40 | 40 | |
| 41 | 41 | function is_jwt_valid($jwt) { |
| 42 | - // split the jwt |
|
| 43 | - $tokenParts = explode('.', $jwt); |
|
| 44 | - $header = base64_decode($tokenParts[0]); |
|
| 45 | - $payload = base64_decode($tokenParts[1]); |
|
| 46 | - $signature_provided = $tokenParts[2]; |
|
| 42 | + // split the jwt |
|
| 43 | + $tokenParts = explode('.', $jwt); |
|
| 44 | + $header = base64_decode($tokenParts[0]); |
|
| 45 | + $payload = base64_decode($tokenParts[1]); |
|
| 46 | + $signature_provided = $tokenParts[2]; |
|
| 47 | 47 | |
| 48 | - // check the expiration time - note this will cause an error if there is no 'exp' claim in the jwt |
|
| 49 | - $expiration = json_decode($payload)->exp; |
|
| 50 | - $is_token_expired = ($expiration - time()) < 0; |
|
| 48 | + // check the expiration time - note this will cause an error if there is no 'exp' claim in the jwt |
|
| 49 | + $expiration = json_decode($payload)->exp; |
|
| 50 | + $is_token_expired = ($expiration - time()) < 0; |
|
| 51 | 51 | |
| 52 | - // build a signature based on the header and payload using the secret |
|
| 53 | - $base64_url_header = base64url_encode($header); |
|
| 54 | - $base64_url_payload = base64url_encode($payload); |
|
| 55 | - $signature = hash_hmac('SHA256', $base64_url_header . "." . $base64_url_payload, DB_PASSWD, true); |
|
| 56 | - $base64_url_signature = base64url_encode($signature); |
|
| 52 | + // build a signature based on the header and payload using the secret |
|
| 53 | + $base64_url_header = base64url_encode($header); |
|
| 54 | + $base64_url_payload = base64url_encode($payload); |
|
| 55 | + $signature = hash_hmac('SHA256', $base64_url_header . "." . $base64_url_payload, DB_PASSWD, true); |
|
| 56 | + $base64_url_signature = base64url_encode($signature); |
|
| 57 | 57 | |
| 58 | - // verify it matches the signature provided in the jwt |
|
| 59 | - $is_signature_valid = ($base64_url_signature === $signature_provided); |
|
| 58 | + // verify it matches the signature provided in the jwt |
|
| 59 | + $is_signature_valid = ($base64_url_signature === $signature_provided); |
|
| 60 | 60 | |
| 61 | - if ($is_token_expired || !$is_signature_valid) { |
|
| 62 | - return FALSE; |
|
| 63 | - } else { |
|
| 64 | - return TRUE; |
|
| 65 | - } |
|
| 61 | + if ($is_token_expired || !$is_signature_valid) { |
|
| 62 | + return FALSE; |
|
| 63 | + } else { |
|
| 64 | + return TRUE; |
|
| 65 | + } |
|
| 66 | 66 | } |
| 67 | 67 | |
| 68 | 68 | function base64url_encode($data) { |
@@ -70,24 +70,24 @@ discard block |
||
| 70 | 70 | } |
| 71 | 71 | |
| 72 | 72 | function get_authorization_header(){ |
| 73 | - $superGlobal = new SuperGlobal(); |
|
| 74 | - $headers = null; |
|
| 73 | + $superGlobal = new SuperGlobal(); |
|
| 74 | + $headers = null; |
|
| 75 | 75 | |
| 76 | - if (null !== $superGlobal->get('Authorization', 'SERVER')) { |
|
| 77 | - $headers = trim($superGlobal->get('Authorization', 'SERVER')); |
|
| 78 | - } else if (null !== $superGlobal->get('HTTP_AUTHORIZATION', 'SERVER')) { //Nginx or fast CGI |
|
| 79 | - $headers = trim($superGlobal->get('HTTP_AUTHORIZATION', 'SERVER')); |
|
| 80 | - } else if (function_exists('apache_request_headers') === true) { |
|
| 81 | - $requestHeaders = (array) apache_request_headers(); |
|
| 82 | - // Server-side fix for bug in old Android versions (a nice side-effect of this fix means we don't care about capitalization for Authorization) |
|
| 83 | - $requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders)); |
|
| 84 | - //print_r($requestHeaders); |
|
| 85 | - if (isset($requestHeaders['Authorization']) === true) { |
|
| 86 | - $headers = trim($requestHeaders['Authorization']); |
|
| 87 | - } |
|
| 88 | - } |
|
| 76 | + if (null !== $superGlobal->get('Authorization', 'SERVER')) { |
|
| 77 | + $headers = trim($superGlobal->get('Authorization', 'SERVER')); |
|
| 78 | + } else if (null !== $superGlobal->get('HTTP_AUTHORIZATION', 'SERVER')) { //Nginx or fast CGI |
|
| 79 | + $headers = trim($superGlobal->get('HTTP_AUTHORIZATION', 'SERVER')); |
|
| 80 | + } else if (function_exists('apache_request_headers') === true) { |
|
| 81 | + $requestHeaders = (array) apache_request_headers(); |
|
| 82 | + // Server-side fix for bug in old Android versions (a nice side-effect of this fix means we don't care about capitalization for Authorization) |
|
| 83 | + $requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders)); |
|
| 84 | + //print_r($requestHeaders); |
|
| 85 | + if (isset($requestHeaders['Authorization']) === true) { |
|
| 86 | + $headers = trim($requestHeaders['Authorization']); |
|
| 87 | + } |
|
| 88 | + } |
|
| 89 | 89 | |
| 90 | - return $headers; |
|
| 90 | + return $headers; |
|
| 91 | 91 | } |
| 92 | 92 | |
| 93 | 93 | function get_bearer_token() { |
@@ -104,8 +104,8 @@ discard block |
||
| 104 | 104 | |
| 105 | 105 | function get_bearer_data($jwt) { |
| 106 | 106 | // split the jwt |
| 107 | - $tokenParts = explode('.', $jwt); |
|
| 108 | - $payload = base64_decode($tokenParts[1]); |
|
| 107 | + $tokenParts = explode('.', $jwt); |
|
| 108 | + $payload = base64_decode($tokenParts[1]); |
|
| 109 | 109 | |
| 110 | 110 | // HEADER: Get the access token from the header |
| 111 | 111 | if (empty($payload) === false) { |
@@ -26,22 +26,22 @@ discard block |
||
| 26 | 26 | |
| 27 | 27 | use TeampassClasses\SuperGlobal\SuperGlobal; |
| 28 | 28 | |
| 29 | -define("API_ROOT_PATH", __DIR__ . "/.."); |
|
| 29 | +define("API_ROOT_PATH", __DIR__."/.."); |
|
| 30 | 30 | |
| 31 | 31 | // include main configuration file |
| 32 | -require API_ROOT_PATH . '/../sources/main.functions.php'; |
|
| 32 | +require API_ROOT_PATH.'/../sources/main.functions.php'; |
|
| 33 | 33 | |
| 34 | 34 | // init |
| 35 | 35 | loadClasses('DB'); |
| 36 | 36 | $superGlobal = new SuperGlobal(); |
| 37 | 37 | |
| 38 | 38 | // include the base controller file |
| 39 | -require API_ROOT_PATH . "/Controller/Api/BaseController.php"; |
|
| 39 | +require API_ROOT_PATH."/Controller/Api/BaseController.php"; |
|
| 40 | 40 | |
| 41 | 41 | // include the use model file |
| 42 | -require API_ROOT_PATH . "/Model/UserModel.php"; |
|
| 43 | -require API_ROOT_PATH . "/Model/ItemModel.php"; |
|
| 44 | -require API_ROOT_PATH . "/Model/FolderModel.php"; |
|
| 42 | +require API_ROOT_PATH."/Model/UserModel.php"; |
|
| 43 | +require API_ROOT_PATH."/Model/ItemModel.php"; |
|
| 44 | +require API_ROOT_PATH."/Model/FolderModel.php"; |
|
| 45 | 45 | |
| 46 | 46 | /** |
| 47 | 47 | * Launch expected action for ITEM |
@@ -52,10 +52,10 @@ discard block |
||
| 52 | 52 | */ |
| 53 | 53 | function itemAction(array $actions, array $userData) |
| 54 | 54 | { |
| 55 | - require API_ROOT_PATH . "/Controller/Api/ItemController.php"; |
|
| 55 | + require API_ROOT_PATH."/Controller/Api/ItemController.php"; |
|
| 56 | 56 | |
| 57 | 57 | $objFeedController = new ItemController(); |
| 58 | - $strMethodName = $actions[0] . 'Action'; |
|
| 58 | + $strMethodName = $actions[0].'Action'; |
|
| 59 | 59 | $objFeedController->{$strMethodName}($userData); |
| 60 | 60 | } |
| 61 | 61 | |
@@ -68,10 +68,10 @@ discard block |
||
| 68 | 68 | */ |
| 69 | 69 | function folderAction(array $actions, array $userData) |
| 70 | 70 | { |
| 71 | - require API_ROOT_PATH . "/Controller/Api/FolderController.php"; |
|
| 71 | + require API_ROOT_PATH."/Controller/Api/FolderController.php"; |
|
| 72 | 72 | |
| 73 | 73 | $objFeedController = new FolderController(); |
| 74 | - $strMethodName = $actions[0] . 'Action'; |
|
| 74 | + $strMethodName = $actions[0].'Action'; |
|
| 75 | 75 | $objFeedController->{$strMethodName}($userData); |
| 76 | 76 | } |
| 77 | 77 | |
@@ -82,7 +82,7 @@ discard block |
||
| 82 | 82 | */ |
| 83 | 83 | function apiIsEnabled(): string |
| 84 | 84 | { |
| 85 | - require_once API_ROOT_PATH . '/../includes/config/tp.config.php'; |
|
| 85 | + require_once API_ROOT_PATH.'/../includes/config/tp.config.php'; |
|
| 86 | 86 | |
| 87 | 87 | if (isset($SETTINGS) === true && isset($SETTINGS['api']) === true && (int) $SETTINGS['api'] === 1) { |
| 88 | 88 | return json_encode( |
@@ -111,7 +111,7 @@ discard block |
||
| 111 | 111 | */ |
| 112 | 112 | function verifyAuth(): string |
| 113 | 113 | { |
| 114 | - include_once API_ROOT_PATH . '/inc/jwt_utils.php'; |
|
| 114 | + include_once API_ROOT_PATH.'/inc/jwt_utils.php'; |
|
| 115 | 115 | $bearer_token = get_bearer_token(); |
| 116 | 116 | |
| 117 | 117 | if (empty($bearer_token) === false && is_jwt_valid($bearer_token) === true) { |
@@ -141,7 +141,7 @@ discard block |
||
| 141 | 141 | */ |
| 142 | 142 | function getDataFromToken(): string |
| 143 | 143 | { |
| 144 | - include_once API_ROOT_PATH . '/inc/jwt_utils.php'; |
|
| 144 | + include_once API_ROOT_PATH.'/inc/jwt_utils.php'; |
|
| 145 | 145 | $bearer_token = get_bearer_token(); |
| 146 | 146 | |
| 147 | 147 | if (empty($bearer_token) === false) { |
