2018-02-07 21:38:42 +09:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace App\Http\Controllers;
|
|
|
|
|
|
2018-02-09 01:17:45 +09:00
|
|
|
use Illuminate\Http\Request;
|
2018-02-13 21:29:58 +09:00
|
|
|
use App\User;
|
|
|
|
|
use JWTAuth;
|
2018-02-09 01:17:45 +09:00
|
|
|
use Tymon\JWTAuth\Exceptions\JWTException;
|
2018-02-13 21:29:58 +09:00
|
|
|
use Validator;
|
|
|
|
|
use DB, Hash, Mail, Illuminate\Support\Facades\Password;
|
|
|
|
|
|
2018-03-02 00:59:26 +09:00
|
|
|
use App\Http\Controllers\UserController;
|
|
|
|
|
use App\Http\Controllers\PermissionController;
|
|
|
|
|
|
2018-02-13 21:29:58 +09:00
|
|
|
class AuthController extends Controller {
|
|
|
|
|
/**
|
|
|
|
|
* API Register
|
|
|
|
|
*
|
|
|
|
|
* @param Request $request
|
|
|
|
|
* @return \Illuminate\Http\JsonResponse
|
|
|
|
|
*/
|
2018-03-02 00:59:26 +09:00
|
|
|
private $objUser;
|
|
|
|
|
private $objPermission;
|
|
|
|
|
|
|
|
|
|
public function __construct() {
|
|
|
|
|
$this->objUser = new UserController();
|
|
|
|
|
$this->objPermission = new PermissionController();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function checkLegit($uid) {
|
|
|
|
|
// Get user ID.
|
|
|
|
|
$perm = $this->objUser->getUser($uid);
|
|
|
|
|
|
|
|
|
|
// Does the user ID exist? Grand the appropriate rights. Otherwise, use guest.
|
|
|
|
|
if ($uid != 0) {
|
|
|
|
|
// Page permissions.
|
|
|
|
|
$grouppermblg = $this->objPermission->getPermissionGroup('blg', $perm[0]->perm_id);
|
|
|
|
|
$userpermblg = $this->objPermission->getPermissionUser('blg', $uid);
|
|
|
|
|
|
|
|
|
|
// Board permissions.
|
|
|
|
|
$grouppermfor = $this->objPermission->getPermissionGroup('for', $perm[0]->perm_id);
|
|
|
|
|
$userpermfor = $this->objPermission->getPermissionUser('for', $uid);
|
|
|
|
|
|
|
|
|
|
// Store permissions.
|
|
|
|
|
$grouppermstr = $this->objPermission->getPermissionGroup('str', $perm[0]->perm_id);
|
|
|
|
|
$userpermstr = $this->objPermission->getPermissionUser('str', $uid);
|
|
|
|
|
|
|
|
|
|
// User permissions.
|
|
|
|
|
$grouppermusr = $this->objPermission->getPermissionGroup('usr', $perm[0]->perm_id);
|
|
|
|
|
$userpermusr = $this->objPermission->getPermissionUser('usr', $uid);
|
|
|
|
|
|
|
|
|
|
// Image permissions.
|
|
|
|
|
// $grouppermimg = $this->objPermission->getPermissionGroup('img', $perm[0]->perm_id);
|
|
|
|
|
// $userpermimg = $this->objPermission->getPermissionUser('img', $uid);
|
|
|
|
|
|
|
|
|
|
// Now provide an array of user overwritten permissions if it exists. Otherwise, give its group permissions.
|
|
|
|
|
$blgarr = array();
|
|
|
|
|
$forarr = array();
|
|
|
|
|
$strarr = array();
|
|
|
|
|
$usrarr = array();
|
|
|
|
|
// $imgarr = array();
|
|
|
|
|
|
|
|
|
|
if (!empty($userpermblg[0])) {
|
|
|
|
|
$blgarr = (array)$userpermblg[0];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$blgarr = (array)$grouppermblg[0];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$blgarr = array_combine(
|
|
|
|
|
array_map(function($k){ return 'blg_'.$k; }, array_keys($blgarr)),
|
|
|
|
|
$blgarr
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (!empty($userpermfor[0])) {
|
|
|
|
|
$forarr = (array)$userpermfor[0];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$forarr = (array)$grouppermfor[0];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$forarr = array_combine(
|
|
|
|
|
array_map(function($k){ return 'for_'.$k; }, array_keys($forarr)),
|
|
|
|
|
$forarr
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (!empty($userpermstr[0])) {
|
|
|
|
|
$strarr = (array)$userpermstr[0];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$strarr = (array)$grouppermstr[0];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$strarr = array_combine(
|
|
|
|
|
array_map(function($k){ return 'str_'.$k; }, array_keys($strarr)),
|
|
|
|
|
$strarr
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (!empty($userpermusr[0])) {
|
|
|
|
|
$usrarr = (array)$userpermusr[0];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$usrarr = (array)$grouppermusr[0];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$usrarr = array_combine(
|
|
|
|
|
array_map(function($k){ return 'usr_'.$k; }, array_keys($usrarr)),
|
|
|
|
|
$usrarr
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
/* if (!empty($userpermimg[0])) {
|
|
|
|
|
$imgarr = (array)$userpermimg[0];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$imgarr = (array)$grouppermimg[0];
|
|
|
|
|
} */
|
|
|
|
|
|
|
|
|
|
$merge = array();
|
|
|
|
|
$merge1 = array();
|
|
|
|
|
$merge2 = array();
|
|
|
|
|
|
|
|
|
|
$merge1 = array_merge($blgarr, $forarr);
|
|
|
|
|
$merge2 = array_merge($strarr, $usrarr);
|
|
|
|
|
|
|
|
|
|
$merge = array_merge($merge1, $merge2);
|
|
|
|
|
|
|
|
|
|
return $merge;
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
// Page permissions.
|
|
|
|
|
$grouppermblg = $this->objPermission->getPermissionGroup('blg', 6);
|
|
|
|
|
|
|
|
|
|
// Forum permissions.
|
|
|
|
|
$grouppermfor = $this->objPermission->getPermissionGroup('for', 6);
|
|
|
|
|
|
|
|
|
|
// Store permissions.
|
|
|
|
|
$grouppermstr = $this->objPermission->getPermissionGroup('str', 6);
|
|
|
|
|
|
|
|
|
|
// User permissions.
|
|
|
|
|
$grouppermusr = $this->objPermission->getPermissionGroup('usr', 6);
|
|
|
|
|
|
|
|
|
|
// Image permissions.
|
|
|
|
|
// $grouppermimg = $this->objPermission->getPermissionGroup('img', 6);
|
|
|
|
|
|
|
|
|
|
// Since guests don't have user overwritten permissions, simply return the group permissions.
|
|
|
|
|
(array)$grouppermblg[0] = array_combine(
|
|
|
|
|
array_map(function($k){ return 'blg_'.$k; }, array_keys((array)$grouppermblg[0])),
|
|
|
|
|
(array)$grouppermblg[0]
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
(array)$grouppermfor[0] = array_combine(
|
|
|
|
|
array_map(function($k){ return 'for_'.$k; }, array_keys((array)$grouppermfor[0])),
|
|
|
|
|
(array)$grouppermfor[0]
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
(array)$grouppermstr[0] = array_combine(
|
|
|
|
|
array_map(function($k){ return 'str_'.$k; }, array_keys((array)$grouppermstr[0])),
|
|
|
|
|
(array)$grouppermstr[0]
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
(array)$grouppermusr[0] = array_combine(
|
|
|
|
|
array_map(function($k){ return 'usr_'.$k; }, array_keys((array)$grouppermusr[0])),
|
|
|
|
|
(array)$grouppermusr[0]
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
/* (array)$grouppermimg[0] = array_combine(
|
|
|
|
|
array_map(function($k){ return 'img_'.$k; }, array_keys((array)$grouppermimg[0])),
|
|
|
|
|
(array)$grouppermimg[0]
|
|
|
|
|
); */
|
|
|
|
|
|
|
|
|
|
$merge = array();
|
|
|
|
|
$merge1 = array();
|
|
|
|
|
$merge2 = array();
|
|
|
|
|
|
|
|
|
|
$merge1 = array_merge((array)$grouppermblg[0], (array)$grouppermfor[0]);
|
|
|
|
|
$merge2 = array_merge((array)$grouppermstr[0], (array)$grouppermusr[0]);
|
|
|
|
|
|
|
|
|
|
$merge = array_merge($merge1, $merge2);
|
|
|
|
|
|
|
|
|
|
return $merge;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-13 21:29:58 +09:00
|
|
|
public function register(Request $request) {
|
|
|
|
|
$credentials = $request->only('username', 'password');
|
|
|
|
|
|
|
|
|
|
$rules = [
|
|
|
|
|
'username' => 'required|max:255|unique:users',
|
|
|
|
|
'email' => 'required|email|max:255|unique:users',
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
$validator = Validator::make($credentials, $rules);
|
|
|
|
|
|
|
|
|
|
if($validator->fails()) {
|
|
|
|
|
return response()->json(['success'=> false, 'error'=> $validator->messages()]);
|
|
|
|
|
}
|
2018-02-07 23:19:05 +09:00
|
|
|
|
2018-02-13 21:29:58 +09:00
|
|
|
$username = $request->username;
|
|
|
|
|
$email = $request->email;
|
|
|
|
|
$password = $request->password;
|
2018-02-15 22:43:45 +09:00
|
|
|
$country = $request->country;
|
|
|
|
|
$gender = $request->gender;
|
|
|
|
|
|
|
|
|
|
User::create([
|
|
|
|
|
'username' => $username,
|
|
|
|
|
'email' => $email,
|
|
|
|
|
'password' => Hash::make($password),
|
|
|
|
|
'country' => $country,
|
|
|
|
|
'gender' => $gender
|
|
|
|
|
]);
|
2018-02-13 21:29:58 +09:00
|
|
|
|
|
|
|
|
return $this->login($request);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* API Login, on success return JWT Auth token
|
|
|
|
|
*
|
|
|
|
|
* @param Request $request
|
|
|
|
|
* @return \Illuminate\Http\JsonResponse
|
|
|
|
|
*/
|
2018-02-09 01:17:45 +09:00
|
|
|
public function login(Request $request) {
|
|
|
|
|
$credentials = $request->only('username', 'password');
|
2018-02-07 21:38:42 +09:00
|
|
|
|
2018-02-13 21:29:58 +09:00
|
|
|
$rules = [
|
|
|
|
|
'username' => 'required',
|
|
|
|
|
'password' => 'required',
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
$validator = Validator::make($credentials, $rules);
|
|
|
|
|
|
|
|
|
|
if($validator->fails()) {
|
|
|
|
|
return response()->json(['success'=> false, 'error'=> $validator->messages()]);
|
2018-02-07 21:38:42 +09:00
|
|
|
}
|
|
|
|
|
|
2018-02-09 01:17:45 +09:00
|
|
|
try {
|
2018-02-13 21:29:58 +09:00
|
|
|
// attempt to verify the credentials and create a token for the user
|
|
|
|
|
if (!$token = JWTAuth::attempt($credentials)) {
|
|
|
|
|
return response()->json(['success' => false, 'error' => 'We cant find an account with this credentials.'], 401);
|
2018-02-09 01:17:45 +09:00
|
|
|
}
|
|
|
|
|
}
|
2018-02-13 21:29:58 +09:00
|
|
|
catch (JWTException $e) {
|
|
|
|
|
// something went wrong whilst attempting to encode the token
|
|
|
|
|
return response()->json(['success' => false, 'error' => 'Failed to login, please try again.'], 500);
|
|
|
|
|
}
|
|
|
|
|
// all good so return the token
|
|
|
|
|
return response()->json(['success' => true, 'data'=> [ 'token' => $token ]]);
|
2018-02-09 01:17:45 +09:00
|
|
|
}
|
|
|
|
|
|
2018-02-13 21:29:58 +09:00
|
|
|
/**
|
|
|
|
|
* Log out
|
|
|
|
|
* Invalidate the token, so user cannot use it anymore
|
|
|
|
|
* They have to relogin to get a new token
|
|
|
|
|
*
|
|
|
|
|
* @param Request $request
|
|
|
|
|
*/
|
|
|
|
|
public function logout(Request $request) {
|
|
|
|
|
$this->validate($request, ['token' => 'required']);
|
2018-02-09 01:17:45 +09:00
|
|
|
|
|
|
|
|
try {
|
2018-02-13 21:29:58 +09:00
|
|
|
JWTAuth::invalidate($request->input('token'));
|
2018-02-13 22:20:18 +09:00
|
|
|
return response()->json(['success' => true, 'message'=> 'You have successfully logged out.']);
|
2018-02-13 21:29:58 +09:00
|
|
|
} catch (JWTException $e) {
|
|
|
|
|
// something went wrong whilst attempting to encode the token
|
|
|
|
|
return response()->json(['success' => false, 'error' => 'Failed to logout, please try again.'], 500);
|
2018-02-09 01:17:45 +09:00
|
|
|
}
|
2018-02-07 23:19:05 +09:00
|
|
|
}
|
|
|
|
|
|
2018-02-13 21:29:58 +09:00
|
|
|
/**
|
|
|
|
|
* API Recover Password
|
|
|
|
|
*
|
|
|
|
|
* @param Request $request
|
|
|
|
|
* @return \Illuminate\Http\JsonResponse
|
|
|
|
|
*/
|
|
|
|
|
public function recover(Request $request) {
|
|
|
|
|
$user = User::where('email', $request->email)->first();
|
|
|
|
|
|
|
|
|
|
if (!$user) {
|
|
|
|
|
$error_message = "Your email address was not found.";
|
|
|
|
|
return response()->json(['success' => false, 'error' => ['email'=> $error_message]], 401);
|
|
|
|
|
}
|
2018-02-09 01:17:45 +09:00
|
|
|
try {
|
2018-02-13 21:29:58 +09:00
|
|
|
Password::sendResetLink($request->only('email'), function (Message $message) {
|
|
|
|
|
$message->subject('Your Password Reset Link');
|
|
|
|
|
});
|
|
|
|
|
} catch (\Exception $e) {
|
|
|
|
|
$error_message = $e->getMessage();
|
|
|
|
|
return response()->json(['success' => false, 'error' => $error_message], 401);
|
2018-02-09 01:17:45 +09:00
|
|
|
}
|
2018-02-07 23:19:05 +09:00
|
|
|
|
2018-02-13 21:29:58 +09:00
|
|
|
return response()->json([
|
|
|
|
|
'success' => true, 'data'=> ['message'=> 'A reset email has been sent! Please check your email.']
|
|
|
|
|
]);
|
|
|
|
|
}
|
2018-02-07 23:19:05 +09:00
|
|
|
|
2018-02-13 21:29:58 +09:00
|
|
|
public function checkAuth(Request $request) {
|
|
|
|
|
$this->validate($request, ['token' => 'required']);
|
2018-02-09 01:17:45 +09:00
|
|
|
|
2018-02-13 21:29:58 +09:00
|
|
|
try {
|
|
|
|
|
$res = JWTAuth::parseToken()->authenticate();
|
|
|
|
|
return response()->json(['success' => true, 'user_id' => $res->id]);
|
|
|
|
|
} catch (JWTException $e) {
|
2018-02-13 22:23:34 +09:00
|
|
|
return response()->json(['success' => false, 'error' => 'Failed to check, please try again.'], 500);
|
2018-02-09 01:17:45 +09:00
|
|
|
}
|
2018-02-07 23:19:05 +09:00
|
|
|
}
|
2018-02-07 21:38:42 +09:00
|
|
|
}
|
|
|
|
|
?>
|
