Initial commit

Author: peter279k

.env.ci

@@ -0,0 +1,4 @@
+DATABASE_DRIVER=mysql
+DATABASE_NAME=simple_auth_test
+DATABASE_USER=root
+DATABASE_PASSWORD=

.env.example

@@ -0,0 +1,4 @@
+DATABASE_DRIVER=mysql
+DATABASE_NAME=database_name
+DATABASE_USER=user
+DATABASE_PASSWORD=password

.gitignore

@@ -0,0 +1,2 @@
+/vendor/
+composer.lock

.travis.yml

@@ -0,0 +1,28 @@
+
+language: php
+
+php:
+  - 7.2
+  - 7.3
+
+services:
+  - mysql
+
+addons:
+  apt:
+    sources:
+      - mysql-5.7-trusty
+    packages:
+      - mysql-server
+
+dist: trusty
+
+sudo: required
+
+before_script:
+  - mysql -e 'create database simple_auth_test;'
+  - cp .env.ci .env
+  - php -S localhost:5000 index.php &
+
+script:
+  - vendor/bin/phpunit

Dockerfile

@@ -0,0 +1,29 @@
+# Install required packages
+FROM ubuntu:16.04
+RUN apt-get update
+RUN apt-get install -y software-properties-common
+RUN apt-get install -y python-software-properties
+RUN LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php
+RUN apt-get update
+RUN apt-get install -y apt-transport-https apt-utils curl php7.2-cli php7.2-mysql php7.2-curl
+RUN apt-get install -y php7.2-xml php7.2-dom php7.2-xsl php7.2-json php7.2-fpm php7.2-gd nginx
+RUN apt-get install -y libcurl3-openssl-dev vim
+
+RUN mv /etc/localtime /etc/localtime.old
+RUN ln -s /usr/share/zoneinfo/Asia/Taipei /etc/localtime
+
+RUN apt-get update && apt-get install -y locales wget
+RUN locale-gen "en_US.UTF-8"
+RUN echo 'LC_ALL="en_US.UTF-8"' > /etc/default/locale
+
+# Install Simple Auth API service
+WORKDIR /var/www/html
+COPY ./config.ini ./
+COPY ./nginx-default.conf /etc/nginx/sites-available/default
+COPY ./*.php ./
+COPY ./.env.example ./
+RUN curl -sS https://getcomposer.org/installer | php
+RUN php composer.phar install -n
+
+EXPOSE 80
+CMD ["bash", "-c", "service php7.2-fpm start && nginx -g 'daemon off;'"]

composer.json

@@ -0,0 +1,22 @@
+{
+    "name": "lee/simple-auth-php",
+    "description": "This is a simple auth API",
+    "type": "project",
+    "require": {
+        "vlucas/phpdotenv": "^3.6",
+        "carbondate/carbon": "^1.33"
+    },
+    "require-dev": {
+        "phpunit/phpunit": "^8.3",
+        "guzzlehttp/guzzle": "^6.2"
+    },
+    "license": "MIT",
+    "authors": [
+        {
+            "name": "peter279k",
+            "email": "[email protected]"
+        }
+    ],
+    "minimum-stability": "dev",
+    "prefer-stable": true
+}

index.php

@@ -0,0 +1,148 @@
+<?php
+
+require_once __DIR__ . '/vendor/autoload.php';
+
+use Carbon\Carbon;
+use Dotenv\Dotenv;
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    echo 'Sorry. This method is not accepted.';
+}
+
+$dotEnv = Dotenv::create(__DIR__);
+$dotEnv->load();
+
+$databaseDriver = getenv('DATABASE_DRIVER');
+$databaseName = getenv('DATABASE_NAME');
+$databaseUser = getenv('DATABASE_USER');
+$databasePassword = getenv('DATABASE_PASSWORD');
+
+$action = $_POST['action'] ?? 'none';
+
+if ($action === 'none') {
+    echo json_encode(['result' => 'Sorry. The action is missing.']);
+    exit(0);
+}
+
+if ($action === 'login') {
+    $user = $_POST['user'] ?? 'none';
+    $password = $_POST['password'] ?? 'none';
+    $sql = 'select count(account) from energy_solid_isc where account = :account AND password = :password';
+    $dsn = sprintf("mysql:host=localhost;dbname=%s;charset=utf8mb4", $databaseName);
+    $options = [
+        PDO::ATTR_EMULATE_PREPARES   => false,
+        PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+        PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+    ];
+
+    try {
+        $pdo = new PDO($dsn, $databaseUser, $databasePassword, $options);
+        $stmt = $pdo->prepare($sql);
+        $stmt->execute([':account' => $user, ':password' => $password]);
+        $result = (array) $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+        if (count($result) === 0) {
+            echo json_encode(['result' => 'Auth is failed']);
+        } else {
+            $expired = new Carbon('Asia/Taipei');
+            $expiredDate = $expired->addDays(1)->format('Y-m-d H:m:s');
+            $sql = 'insert into tokens(token, expired) values(:token, :expired)';
+            $stmt = $pdo->prepare($sql);
+            $stmt->execute([':token' => $token, ':expired' => $expiredDate]);
+            $result = (array) $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+            $token = hash('sha512', $expiredDate);
+            echo json_encode(['result' => 'Auth is successful.', 'token' => $token]);
+        }
+
+        $stmt = null;
+        $pdo = null;
+    } catch (\Exception $e) {
+        error_log($e->getMessage());
+        echo 'Connection is failed.';
+    }
+
+    if ($user === 'none' || $password === 'none') {
+        echo 'The user or password is missing';
+    }
+} else if ($action === 'logout') {
+    $dsn = sprintf("mysql:host=localhost;dbname=%s;charset=utf8mb4", $databaseName);
+    $options = [
+        PDO::ATTR_EMULATE_PREPARES   => false,
+        PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+        PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+    ];
+    $token = $_POST['token'] ?? 'none';
+
+    if ($token === 'none') {
+        echo json_encode(['result' => 'Logout is done.']);
+    }
+
+    try {
+        $sql = 'select count(*) from tokens where token = :token';
+        $pdo = new PDO($dsn, $databaseUser, $databasePassword, $options);
+        $stmt = $pdo->prepare($sql);
+        $stmt->execute([':token' => $token]);
+        $result = (array) $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+        if (count($result) === 0) {
+            echo json_encode(['result' => 'Logout is done.']);
+        } else {
+            $sql = 'delete from tokens where token = :token';
+            $stmt = $pdo->prepare($sql);
+            $stmt->execute([':token' => $token]);
+            echo json_encode(['result' => 'Logout is done.']);
+        }
+
+        $stmt = null;
+        $pdo = null;
+    } catch (\Exception $e) {
+        error_log($e->getMessage());
+        echo json_encode(['result' => 'Connection is failed.']);
+    }
+} else if ($action === 'status') {
+    $dsn = sprintf("mysql:host=localhost;dbname=%s;charset=utf8mb4", $databaseName);
+    $options = [
+        PDO::ATTR_EMULATE_PREPARES   => false,
+        PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+        PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+    ];
+    $token = $_POST['token'] ?? 'none';
+
+    if ($token === 'none') {
+        echo json_encode(['result' => 'Logout is done.']);
+    }
+
+    try {
+        $sql = 'select count(*) from tokens where token = :token';
+        $pdo = new PDO($dsn, $databaseUser, $databasePassword, $options);
+        $stmt = $pdo->prepare($sql);
+        $stmt->execute([':token' => $token]);
+        $result = (array) $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+        if (count($result) !== 1) {
+            echo json_encode(['result' => 'It is not verified.']);
+        } else {
+            $expiredDate = $result[0]['expired'];
+            $expiredTimestamp = Carbon::parse($expiredDate)->timestamp;
+            $dateTimestamp = Carbon::now()->timestamp;
+
+            if ($expiredTimestamp - $dateTimestamp <= 0) {
+                $sql = 'delete from tokens where token = :token';
+                $stmt = $pdo->prepare($sql);
+                $stmt->execute([':token' => $token]);
+                echo json_encode(['result' => 'Token is expired. It should be logout.']);
+            } else {
+                echo json_encode(['result' => 'Token is live.']);
+            }
+        }
+
+        $stmt = null;
+        $pdo = null;
+    } catch (\Exception $e) {
+        error_log($e->getMessage());
+        echo json_encode(['result' => 'Connection is failed.']);
+    }
+} else {
+    echo json_encode(['result' => 'Invalid actions']);
+}

nginx-default.conf

@@ -0,0 +1,20 @@
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+	root /var/www/html;
+
+	# Add index.php to the list if you are using PHP
+	index index.php index.html index.htm index.nginx-debian.html;
+
+	server_name _;
+
+	location / {
+        try_files $uri $uri/ /index.php?$query_string;
+	}
+
+	location ~ \.php$ {
+	    include snippets/fastcgi-php.conf;
+		fastcgi_pass unix:/run/php/php7.2-fpm.sock;
+	}
+}

phpunit.xml.dist

@@ -0,0 +1,19 @@
+<phpunit
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/6.3/phpunit.xsd"
+        backupGlobals="true"
+        backupStaticAttributes="false"
+        bootstrap="vendor/autoload.php"
+        cacheTokens="false"
+        colors="true"
+        convertErrorsToExceptions="true"
+        convertNoticesToExceptions="true"
+        convertWarningsToExceptions="true"
+        forceCoversAnnotation="false"
+        >
+    <testsuites>
+        <testsuite name="Simple Auth Test Suite">
+            <directory suffix="Test.php">tests/</directory>
+        </testsuite>
+    </testsuites>
+</phpunit>

tests/IndexTest.php

@@ -0,0 +1,32 @@
+<?php
+
+use GuzzleHttp\Client;
+use PHPUnit\Framework\TestCase;
+
+class IndexTest extends TestCase
+{
+    public function testMethodIsNotAccepted()
+    {
+        $client = new Client();
+        $response = $client->request('GET', 'http://localhost:5000');
+        $response = (string) $response->getBody();
+        $response = json_decode($response, true)['result'];
+
+        $this->assertSame('Sorry. This method is not accepted.', $response);
+    }
+
+    public function testActionFieldIsMissing()
+    {
+        $client = new Client();
+        $formParams = [
+            'form_params' => [
+                'field_name' => 'invalid',
+            ],
+        ];
+        $response = $client->request('POST', 'http://localhost:5000', $formParams);
+        $response = (string) $response->getBody();
+        $response = json_decode($response, true)['result'];
+
+        $this->assertSame('', $response);
+    }
+}