From 576b1634a67527a0fc9dfa899678852938184fe7 Mon Sep 17 00:00:00 2001
From: Steven Tracey <steven@nevets.tech>
Date: Mon, 28 Oct 2024 18:30:03 -0400
Subject: [PATCH] Upload

---
 api/auth.php              |  5 +++--
 api/tunnel.php            | 34 ++++++++++++++++++++++++++++++++++
 includes/utils.php        |  3 ++-
 testing/api/auth.php      |  3 +++
 testing/api/user-info.php |  3 +++
 5 files changed, 45 insertions(+), 3 deletions(-)
 create mode 100644 api/tunnel.php
 create mode 100644 testing/api/auth.php
 create mode 100644 testing/api/user-info.php

diff --git a/api/auth.php b/api/auth.php
index 64bfa5c..dcb2f42 100644
--- a/api/auth.php
+++ b/api/auth.php
@@ -29,7 +29,7 @@ if (!is_null($token)) {
     $stmt->close();
     $mysqli->close();
     header('Content-Type: application/json');
-    echo '{"success":"' . $response['success'] . '", "isAuthenticated":' . $response['success'] . ', "token":"'. $response['token'] .'", "expires":' . $response['expires'] . ', "message":"' . $response['message'] . '"' . '}';
+    echo '{"success":"' . $response['success'] . '", "isAuthenticated":' . $response['success'] . ', "token":"'. $response['token'] .'", "expires":' . $response['expires'] . ', "message":"' . $response['message'] . '"}';
     return;
 }
 
@@ -83,7 +83,8 @@ if ($result->num_rows > 0) {
 $stmt->close();
 $mysqli->close();
 
+
 // Return JSON response
 header('Content-Type: application/json');
-echo '{"success":"' . $response['success'] . '", "isAuthenticated":' . $response['success'] . ', "token":"'. $response['token'] .'", "expires":' . $response['expires'] . ', "message":"' . $response['message'] . '"' . '}';
+echo '{"success":"' . $response['success'] . '", "isAuthenticated":' . $response['success'] . ', "token":"'. $response['token'] .'", "expires":' . $response['expires'] . ', "message":"' . $response['message'] . '"}';
 
diff --git a/api/tunnel.php b/api/tunnel.php
new file mode 100644
index 0000000..3a858f2
--- /dev/null
+++ b/api/tunnel.php
@@ -0,0 +1,34 @@
+<?php
+include_once($_SERVER['DOCUMENT_ROOT'] . '/db_config.php');
+
+$token = get_bearer_token();
+if (is_null($token)) {
+    header('Content-Type: application/json');
+    http_response_code(412);
+    echo '{"error":true,"message":"No token provided"}';
+    return;
+}
+
+$token = $mysqli->real_escape_string($token);
+
+$stmt = $mysqli->prepare("SELECT id FROM users WHERE token = ?");
+$stmt->bind_param('s', $token);
+$stmt->execute();
+$result = $stmt->get_result();
+
+$row = $result->fetch_assoc();
+if (!is_null($row)) {
+    $user_id = $row['id'];
+    $stmt->close();
+    $stmt = $mysqli->prepare("SELECT * FROM tunnels WHERE user = ?");
+    $stmt->bind_param('i', $user_id);
+} else {
+    // return No user found
+    header('Content-Type: application/json');
+    http_response_code(403);
+    echo '{"error":true,"message":"Unauthorized"}';
+    $stmt->close();
+    $mysqli->close();
+    return;
+}
+
diff --git a/includes/utils.php b/includes/utils.php
index f421725..b594b41 100644
--- a/includes/utils.php
+++ b/includes/utils.php
@@ -33,4 +33,5 @@ function get_bearer_token(): ?string {
         }
     }
     return null;
-}
\ No newline at end of file
+}
+
diff --git a/testing/api/auth.php b/testing/api/auth.php
new file mode 100644
index 0000000..2a5e84c
--- /dev/null
+++ b/testing/api/auth.php
@@ -0,0 +1,3 @@
+<?php
+header('Content-Type: application/json');
+echo '{"success":true,"isAuthenticated":true,"token":"1a2b3c4d5e6f7g8h9i0j","expires":2524608000000,"message":"success"}';
\ No newline at end of file
diff --git a/testing/api/user-info.php b/testing/api/user-info.php
new file mode 100644
index 0000000..41d88c5
--- /dev/null
+++ b/testing/api/user-info.php
@@ -0,0 +1,3 @@
+<?php
+header('Content-Type: application/json');
+echo '{"success":true, "message":"success", "username":"test account", "email":"test@test.com"}';