PootisPenserHere/payroll_manager
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

[add] Setting up the middleware

Browse Source
This commit is contained in:
Jose Pabl Domingo Aramburo Sanchez 2018-08-15 23:41:01 -06:00
parent 86a0540da7
commit df33525a4b
7 changed files with 189 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
api-payroll/composer.json
View File

@ -17,7 +17,8 @@
"slim/php-view": "^2.0", "slim/php-view": "^2.0",
"monolog/monolog": "^1.17", "monolog/monolog": "^1.17",
"respect/validation": "^1.1", "respect/validation": "^1.1",
"tuupola/cors-middleware": "^0.5.2" "tuupola/cors-middleware": "^0.5.2",
"adbario/slim-secure-session-middleware": "^1.3"
}, },
"require-dev": { "require-dev": {
"phpunit/phpunit": ">=4.8 < 6.0" "phpunit/phpunit": ">=4.8 < 6.0"

140
api-payroll/composer.lock generated
View File

@ -4,9 +4,96 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically" "This file is @generated automatically"
], ],
"hash": "93a9656f4e6eb0e25be1bad59ac6f487", "hash": "19bc193d641803843178e87bf0465afe",
"content-hash": "a3fc18885cc45d2733b77fa2081bdc72", "content-hash": "9eb8d110ad374a60767f92d76018504a",
"packages": [ "packages": [
{
"name": "adbario/php-dot-notation",
"version": "1.2.0",
"source": {
"type": "git",
"url": "https://github.com/adbario/php-dot-notation.git",
"reference": "5e4b1fe29a8ae1140e370d520ed8b85dd5130a1f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/adbario/php-dot-notation/zipball/5e4b1fe29a8ae1140e370d520ed8b85dd5130a1f",
"reference": "5e4b1fe29a8ae1140e370d520ed8b85dd5130a1f",
"shasum": ""
},
"require": {
"php": ">=5.4"
},
"type": "library",
"autoload": {
"psr-4": {
"Adbar\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Riku Särkinen",
"email": "riku@adbar.io"
}
],
"description": "PHP dot notation array access",
"homepage": "https://github.com/adbario/php-dot-notation",
"keywords": [
"ArrayAccess",
"dotnotation",
"php"
],
"time": "2017-03-26 17:44:47"
},
{
"name": "adbario/slim-secure-session-middleware",
"version": "1.3.4",
"source": {
"type": "git",
"url": "https://github.com/adbario/slim-secure-session-middleware.git",
"reference": "f107191506b2c362f06f201f998891f315d6aaec"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/adbario/slim-secure-session-middleware/zipball/f107191506b2c362f06f201f998891f315d6aaec",
"reference": "f107191506b2c362f06f201f998891f315d6aaec",
"shasum": ""
},
"require": {
"adbario/php-dot-notation": "~1.2.0",
"paragonie/random_compat": "^2.0",
"php": ">=5.5",
"slim/slim": "~3.0"
},
"type": "library",
"autoload": {
"psr-4": {
"Adbar\\": "src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Riku Särkinen",
"email": "riku@adbar.io"
}
],
"description": "Secure session middleware for Slim 3 framework",
"homepage": "https://github.com/adbario/slim-secure-session-middleware",
"keywords": [
"middleware",
"session",
"slim"
],
"time": "2017-08-04 13:51:00"
},
{ {
"name": "container-interop/container-interop", "name": "container-interop/container-interop",
"version": "1.2.0", "version": "1.2.0",
@ -217,6 +304,55 @@
], ],
"time": "2018-02-13 20:26:39" "time": "2018-02-13 20:26:39"
}, },
{
"name": "paragonie/random_compat",
"version": "v2.0.17",
"source": {
"type": "git",
"url": "https://github.com/paragonie/random_compat.git",
"reference": "29af24f25bab834fcbb38ad2a69fa93b867e070d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/random_compat/zipball/29af24f25bab834fcbb38ad2a69fa93b867e070d",
"reference": "29af24f25bab834fcbb38ad2a69fa93b867e070d",
"shasum": ""
},
"require": {
"php": ">=5.2.0"
},
"require-dev": {
"phpunit/phpunit": "4.*|5.*"
},
"suggest": {
"ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
},
"type": "library",
"autoload": {
"files": [
"lib/random.php"
]
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MIT"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "security@paragonie.com",
"homepage": "https://paragonie.com"
}
],
"description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
"keywords": [
"csprng",
"polyfill",
"pseudorandom",
"random"
],
"time": "2018-07-04 16:31:37"
},
{ {
"name": "pimple/pimple", "name": "pimple/pimple",
"version": "v3.2.3", "version": "v3.2.3",

2
api-payroll/public/index.php
View File

@ -11,8 +11,6 @@ if (PHP_SAPI == 'cli-server') {
require __DIR__ . '/../vendor/autoload.php'; require __DIR__ . '/../vendor/autoload.php';
session_start();
// Instantiate the app // Instantiate the app
$settings = require __DIR__ . '/../src/settings.php'; $settings = require __DIR__ . '/../src/settings.php';
$app = new \Slim\App($settings); $app = new \Slim\App($settings);

13
api-payroll/src/application/SessionApplication.php
View File

@ -4,11 +4,13 @@ namespace App\Application;
use Exception; use Exception;
class SessionApplication{ class SessionApplication{
private $session;
private $pdo; private $pdo;
private $cryptographyService; private $cryptographyService;
private $asserts; private $asserts;
function __construct($mysql, $cryptographyService, $asserts){ function __construct($session, $mysql, $cryptographyService, $asserts){
$this->session = $session;
$this->cryptographyService = $cryptographyService; $this->cryptographyService = $cryptographyService;
$this->pdo = $mysql; $this->pdo = $mysql;
$this->asserts = $asserts; $this->asserts = $asserts;
@ -18,7 +20,8 @@ class SessionApplication{
* @return bool * @return bool
*/ */
function verifySession(){ function verifySession(){
return isset($_SESSION['userName']); $userName = $this->session->get('userName');
return isset($userName);
} }
/** /**
@ -30,7 +33,7 @@ class SessionApplication{
$session['loggedIn'] = $this->verifySession(); $session['loggedIn'] = $this->verifySession();
if($this->verifySession()){ if($this->verifySession()){
$session['userName'] = $_SESSION['userName']; $session['userName'] = $this->session->get('userName');
} }
return $session; return $session;
@ -83,7 +86,7 @@ class SessionApplication{
} }
if($this->cryptographyService->decryptPassword($password, $storedPassword)){ if($this->cryptographyService->decryptPassword($password, $storedPassword)){
$_SESSION['userName'] = $userName; $this->session->set('userName', $userName);
return true; return true;
} }
else{ else{
@ -118,7 +121,7 @@ class SessionApplication{
* @return array * @return array
*/ */
function destroySession(){ function destroySession(){
session_destroy(); $this->session->clear();
return array('status' => 'success', 'message' => 'Successfully logged out.'); return array('status' => 'success', 'message' => 'Successfully logged out.');
} }

10
api-payroll/src/dependencies.php
View File

@ -18,6 +18,13 @@ $container['logger'] = function ($c) {
return $logger; return $logger;
}; };
// Session handler
$container['session'] = function ($container) {
return new \Adbar\Session(
$container->get('settings')['session']['namespace']
);
};
// Mysql connection // Mysql connection
$container['mysql'] = function ($c) { $container['mysql'] = function ($c) {
$mysqlSettings = $c->get('settings')['mysql']; $mysqlSettings = $c->get('settings')['mysql'];
@ -60,7 +67,8 @@ $container['asserts'] = function ($c) {
// The session application // The session application
$container['sessionApplication'] = function ($c) { $container['sessionApplication'] = function ($c) {
$sessionApplication = new App\Application\SessionApplication($c['mysql'], $c['cryptographyService'], $c['asserts']); $sessionApplication = new App\Application\SessionApplication($c['session'], $c['mysql'],
$c['cryptographyService'], $c['asserts']);
return $sessionApplication; return $sessionApplication;
}; };

4
api-payroll/src/middleware.php
View File

@ -19,4 +19,6 @@ $app->add(new \Tuupola\Middleware\Cors([
->withHeader("Content-Type", "application/json") ->withHeader("Content-Type", "application/json")
->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT)); ->write(json_encode($data, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT));
} }
])); ]));
$app->add(new \Adbar\SessionMiddleware($app->getContainer()->get('settings')['session']));

29
api-payroll/src/settings.php
View File

@ -16,6 +16,35 @@ return [
'level' => \Monolog\Logger::DEBUG, 'level' => \Monolog\Logger::DEBUG,
], ],
// Session handle settings
'session' => [
// Session cookie settings
'name' => 'payroll-laziness-rocks',
'lifetime' => 1,
'path' => '/',
'domain' => "laziness.rocks",
'secure' => false,
'httponly' => true,
// Set session cookie path, domain and secure automatically
'cookie_autoset' => true,
// Path where session files are stored, PHP's default path will be used if set null
'save_path' => null,
// Session cache limiter
'cache_limiter' => 'nocache',
// Extend session lifetime after each user activity
'autorefresh' => false,
// Encrypt session data if string is set
'encryption_key' => '7de431684c34cf2c898268cff71392f38c4175dde050c9ee69502b81571484e0',
// Session namespace
'namespace' => 'slim'
],
// Cryptography settings // Cryptography settings
'cryptography' => [ 'cryptography' => [
'encryptionAlgorithm' => 'AES-256-CBC', 'encryptionAlgorithm' => 'AES-256-CBC',