ApiController::getSecurityKey() - Code Metrics - Inspection of "A successful test of sending and using the token u..." - rsanjoseo/alxarafe - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — main ( 0f30b5...54eb22 )

by Rafael

created 2024-11-17 18:17 UTC

ApiController::getSecurityKey() A

↳ Parent: ApiController

Complexity

Conditions	4
Paths	4

Size

Total Lines	16
Code Lines	9

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
eloc	9
dl	0
loc	16
rs	9.9666
c	1
b	0
f	0
cc	4
nc	4
nop	0

<?php

/* Copyright (C) 2024      Rafael San José      <[email protected]>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <https://www.gnu.org/licenses/>.
 */

namespace Alxarafe\Base\Controller;

use Alxarafe\Base\Config;
use Alxarafe\Base\Controller\Trait\DbTrait;
use Alxarafe\Base\Database;
use Alxarafe\Lib\Auth;
use Alxarafe\Lib\Trans;
use CoreModules\Admin\Model\User;
use Exception;
use Firebase\JWT\JWT;
use Firebase\JWT\Key;

/**
 * Class ApiController. The generic API controller contains what is necessary for any API controller
 *
 * @package Alxarafe\Base
 */
abstract class ApiController
{
    use DbTrait;

    /**
     * Contains the identified user
     *
     * @var User|null
     */
    public static ?User $user = null;

    public function __construct()
    {
        $config = Config::getConfig();
        if (!isset($config->db) || !static::connectDb($config->db)) {
            header('Location: ' . constant('BASE_URL') . '/index.php?module=Admin&controller=Config');
        }

        $this->db = new Database($config->db);

        if (isset($_REQUEST['token'])) {
            $this->checkToken();
        }
    }

    public function checkToken()
    {
        $jwt = $_REQUEST['token'];
        $secret_key = Auth::getSecurityKey();
        try {
            $decoded = JWT::decode($jwt, new Key($secret_key, 'HS256'));
            print_r($decoded);
        } catch (Exception $e) {
            self::badApiCall(Trans::_('bad_secret_key'), 401);
        }
    }

    /**
     * Returns an erroneous API response and ends the execution of the call
     *
     * @param $response
     * @param $httpCode
     * @return void
     */
    final public static function badApiCall($response = 'Bad API call', $httpCode = 400)
    {
        $result = [
            'ok' => false,
            'status' => $httpCode,
            'message' => $response,
        ];

        http_response_code($httpCode);
        header('Content-Type: application/json');
        die(json_encode(static::debugEnabled($result)));
    }

    /**
     * Return true if debug is enabled in config
     *
     * @return array
     */
    private static function debugEnabled($info): array
    {
        $config = Config::getConfig();
        $debug = $config->security->debug ?? false;

        if (!$debug) {
            return $info;
        }

        return array_merge($info, [
            'debug' => debug_backtrace(),
        ]);
    }

    /**
     * Returns a successful API response and ends the execution of the application.
     *
     * @param $response
     * @param $httpCode
     * @return void
     */
    final public static function jsonResponse($response, $httpCode = 200, $result_message = 'result')
    {
        $result = [
            'ok' => true,
            'status' => $httpCode,
            $result_message => $response,
        ];

        http_response_code($httpCode);
        header('Content-Type: application/json');
        die(json_encode(static::debugEnabled($result)));
    }
}


1			<?php
2
3			/* Copyright (C) 2024 Rafael San José <[email protected]>
4			*
5			* This program is free software; you can redistribute it and/or modify
6			* it under the terms of the GNU General Public License as published by
7			* the Free Software Foundation; either version 3 of the License, or
8			* any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU General Public License for more details.
14			*
15			* You should have received a copy of the GNU General Public License
16			* along with this program. If not, see <https://www.gnu.org/licenses/>.
17			*/
18
19			namespace Alxarafe\Base\Controller;
20
21			use Alxarafe\Base\Config;
22			use Alxarafe\Base\Controller\Trait\DbTrait;
23			use Alxarafe\Base\Database;
24			use Alxarafe\Lib\Auth;
25			use Alxarafe\Lib\Trans;
26			use CoreModules\Admin\Model\User;
27			use Exception;
28			use Firebase\JWT\JWT;
29			use Firebase\JWT\Key;
30
31			/**
32			* Class ApiController. The generic API controller contains what is necessary for any API controller
33			*
34			* @package Alxarafe\Base
35			*/
36			abstract class ApiController
37			{
38			use DbTrait;
39
40			/**
41			* Contains the identified user
42			*
43			* @var User\|null
44			*/
45			public static ?User $user = null;
46
47			public function __construct()
48			{
49			$config = Config::getConfig();
50			if (!isset($config->db) \|\| !static::connectDb($config->db)) {
51			header('Location: ' . constant('BASE_URL') . '/index.php?module=Admin&controller=Config');
52			}
53
54			$this->db = new Database($config->db);
55
56			if (isset($_REQUEST['token'])) {
57			$this->checkToken();
58			}
59			}
60
61			public function checkToken()
62			{
63			$jwt = $_REQUEST['token'];
64			$secret_key = Auth::getSecurityKey();
65			try {
66			$decoded = JWT::decode($jwt, new Key($secret_key, 'HS256'));
67			print_r($decoded);
68			} catch (Exception $e) {
69			self::badApiCall(Trans::_('bad_secret_key'), 401);
70			}
71			}
72
73			/**
74			* Returns an erroneous API response and ends the execution of the call
75			*
76			* @param $response
77			* @param $httpCode
78			* @return void
79			*/
80			final public static function badApiCall($response = 'Bad API call', $httpCode = 400)
81			{
82			$result = [
83			'ok' => false,
84			'status' => $httpCode,
85			'message' => $response,
86			];
87
88			http_response_code($httpCode);
89			header('Content-Type: application/json');
90			die(json_encode(static::debugEnabled($result)));
91			}
92
93			/**
94			* Return true if debug is enabled in config
95			*
96			* @return array
97			*/
98			private static function debugEnabled($info): array
99			{
100			$config = Config::getConfig();
101			$debug = $config->security->debug ?? false;
102
103			if (!$debug) {
104			return $info;
105			}
106
107			return array_merge($info, [
108			'debug' => debug_backtrace(),
109			]);
110			}
111
112			/**
113			* Returns a successful API response and ends the execution of the application.
114			*
115			* @param $response
116			* @param $httpCode
117			* @return void
118			*/
119			final public static function jsonResponse($response, $httpCode = 200, $result_message = 'result')
120			{
121			$result = [
122			'ok' => true,
123			'status' => $httpCode,
124			$result_message => $response,
125			];
126
127			http_response_code($httpCode);
128			header('Content-Type: application/json');
129			die(json_encode(static::debugEnabled($result)));
130			}
131			}
132

rsanjoseo / alxarafe

Push — main ( 0f30b5...54eb22 )

ApiController::getSecurityKey() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like