Steven/TVPNBackend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Worky

Browse Source
This commit is contained in:
Steven Tracey 2024-10-17 13:51:49 -04:00
parent ba7eef5499
commit e55dc42068
26 changed files with 635 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -103,3 +103,6 @@ $RECYCLE.BIN/
# Windows shortcuts
*.lnk
certs/
db_config.php
config.php

8
.idea/.gitignore vendored Normal file
View File

@ -0,0 +1,8 @@
# Default ignored files
/shelf/
/workspace.xml
# Editor-based HTTP Client requests
/httpRequests/
# Datasource local storage ignored files
/dataSources/
/dataSources.local.xml

8
.idea/TVPNBackend.iml Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<module type="WEB_MODULE" version="4">
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$" />
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
</module>

12
.idea/dataSources.xml Normal file
View File

@ -0,0 +1,12 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="DataSourceManagerImpl" format="xml" multifile-model="true">
<data-source source="LOCAL" name="mariadb.traceyclan.us" uuid="1b029b46-4b8e-45dd-9f48-b7c43a83a0b3">
<driver-ref>mariadb</driver-ref>
<synchronize>true</synchronize>
<jdbc-driver>org.mariadb.jdbc.Driver</jdbc-driver>
<jdbc-url>jdbc:mariadb://mariadb.traceyclan.us:3306</jdbc-url>
<working-dir>$ProjectFileDir$</working-dir>
</data-source>
</component>
</project>

8
.idea/modules.xml Normal file
View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/.idea/TVPNBackend.iml" filepath="$PROJECT_DIR$/.idea/TVPNBackend.iml" />
</modules>
</component>
</project>

20
.idea/php.xml Normal file
View File

@ -0,0 +1,20 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="MessDetectorOptionsConfiguration">
<option name="transferred" value="true" />
</component>
<component name="PHPCSFixerOptionsConfiguration">
<option name="transferred" value="true" />
</component>
<component name="PHPCodeSnifferOptionsConfiguration">
<option name="highlightLevel" value="WARNING" />
<option name="transferred" value="true" />
</component>
<component name="PhpProjectSharedConfiguration" php_language_level="8.1" />
<component name="PhpStanOptionsConfiguration">
<option name="transferred" value="true" />
</component>
<component name="PsalmOptionsConfiguration">
<option name="transferred" value="true" />
</component>
</project>

7
.idea/sqldialects.xml Normal file
View File

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="SqlDialectMappings">
<file url="file://$PROJECT_DIR$/authenticate.php" dialect="MariaDB" />
<file url="PROJECT" dialect="MariaDB" />
</component>
</project>

6
.idea/vcs.xml Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="$PROJECT_DIR$" vcs="Git" />
</component>
</project>

89
api/auth.php Normal file
View File

@ -0,0 +1,89 @@
<?php
include_once($_SERVER['DOCUMENT_ROOT'] . "/db_config.php");
include_once($_SERVER['DOCUMENT_ROOT'] . "/includes/utils.php");
$data = json_decode(file_get_contents('php://input'), true);
$token = get_bearer_token();
if (!is_null($token)) {
$token = $mysqli->real_escape_string($token);
$stmt = $mysqli->prepare("SELECT * FROM users WHERE token = ?");
$stmt->bind_param("s", $token);
$stmt->execute();
$result = $stmt->get_result();
$response = array();
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
$response['success'] = "true";
$response['message'] = 'Login successful!';
$response['token'] = $row['token'];
$response['expires'] = $row['expires'];
} else {
$response['success'] = "false";
$response['message'] = 'Invalid token.';
$response['token'] = "";
$response['expires'] = 0;
}
// Close connections
$stmt->close();
$mysqli->close();
header('Content-Type: application/json');
echo '{"success":"' . $response['success'] . '", "isAuthenticated":' . $response['success'] . ', "token":"'. $response['token'] .'", "expires":' . $response['expires'] . ', "message":"' . $response['message'] . '"' . '}';
return;
}
if (is_null($data)) {
header('Content-Type: application/json');
http_response_code(412);
echo '{"success":"false","message":"No body sent.","token":"","expires": 0,"isAuthenticated":false}';
return;
}
$user = $data['username'];
$pass = $data['password'];
// Input validation and sanitization
$user = $mysqli->real_escape_string($user);
// Prepare and bind
$stmt = $mysqli->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $user);
// Execute statement
$stmt->execute();
// Get result
$result = $stmt->get_result();
$response = array();
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
$hashed_password = $row['passwordHash'];
if (password_verify($pass, $hashed_password)) {
$response['success'] = "true";
$response['message'] = 'Login successful!';
$response['token'] = $row['token'];
$response['expires'] = $row['expires'];
} else {
$response['success'] = "false";
$response['message'] = 'Invalid username or password.';
$response['token'] = "";
$response['expires'] = 0;
}
} else {
$response['success'] = "false";
$response['message'] = 'Invalid username or password.';
$response['token'] = "";
$response['expires'] = 0;
}
// Close connections
$stmt->close();
$mysqli->close();
// Return JSON response
header('Content-Type: application/json');
echo '{"success":"' . $response['success'] . '", "isAuthenticated":' . $response['success'] . ', "token":"'. $response['token'] .'", "expires":' . $response['expires'] . ', "message":"' . $response['message'] . '"' . '}';

49
api/user-info.php Normal file
View File

@ -0,0 +1,49 @@
<?php
include_once($_SERVER['DOCUMENT_ROOT'] . "/db_config.php");
include_once($_SERVER['DOCUMENT_ROOT'] . "/includes/utils.php");
$token = get_bearer_token();
if (is_null($token)) {
header('Content-Type: application/json');
http_response_code(412);
echo '{"success":"false","message":"No token provided","username":"","email": ""}';
return;
}
// Input validation and sanitization
$token = $mysqli->real_escape_string($token);
// Prepare and bind
$stmt = $mysqli->prepare("SELECT * FROM users WHERE token = ?");
$stmt->bind_param("s", $token);
// Execute statement
$stmt->execute();
// Get result
$result = $stmt->get_result();
$response = array();
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
$response['success'] = "true";
$response['message'] = "Success";
$response['username'] = $row['username'];
$response['email'] = $row['email'];
} else {
$response['success'] = "false";
$response['message'] = 'Invalid token.';
$response['username'] = "";
$response['email'] = "";
}
// Close connections
$stmt->close();
$mysqli->close();
// Return JSON response
header('Content-Type: application/json');
echo '{"success":' . $response['success'] . ', "message":"' . $response['message'] . '", "username":"' . $response['username'] . '", "email":"' . $response['email'] . '"}';

116
assets/css/style.css Normal file
View File

@ -0,0 +1,116 @@
/* Global container to center the buttons and position tabs at the top */
body {
font-family: Arial, sans-serif;
margin: 0;
background-color: #f4f4f9;
display: flex;
flex-direction: column;
align-items: center;
justify-content: flex-start; /* Aligns content to the top */
min-height: 100vh;
}
/* Tab section at the top */
.tab {
width: 100%;
display: flex;
justify-content: center;
background-color: #f1f1f1;
padding: 10px 0;
border-bottom: 1px solid #ccc;
}
.tab a {
background-color: inherit;
border: none;
outline: none;
cursor: pointer;
padding: 14px 16px;
transition: 0.3s;
text-decoration: none;
color: black;
}
.tab a:hover {
background-color: #ddd;
}
.tab a.active {
background-color: #ccc;
}
/* Container for centering the buttons in the middle of the page */
.container {
text-align: center;
width: 300px;
padding: 20px;
border-radius: 8px;
background-color: white;
box-shadow: 0 4px 8px rgba(0, 0, 0, 0.1);
margin-top: 20vh; /* Pushes the container down */
}
h1 {
margin-bottom: 20px;
color: #333;
}
/* Input Group */
.input-group {
margin-bottom: 15px;
text-align: left;
}
.input-group label {
display: block;
margin-bottom: 5px;
color: #333;
}
.input-group input {
width: 100%;
padding: 10px;
font-size: 16px;
border: 1px solid #ccc;
border-radius: 4px;
}
/* Button Styling */
button {
background-color: #4CAF50;
color: white;
border: none;
padding: 15px 32px;
margin-top: 10px;
font-size: 16px;
cursor: pointer;
transition: background-color 0.3s;
width: 100%;
}
button:hover {
background-color: #45a049;
}
/* Error Message */
.error-message {
color: red;
font-size: 14px;
margin-top: 15px;
}
/* Style for link buttons (can be used globally) */
.buttons button {
background-color: #4CAF50;
color: white;
border: none;
padding: 15px 32px;
margin: 10px;
font-size: 16px;
cursor: pointer;
transition: background-color 0.3s;
}
.buttons button:hover {
background-color: #45a049;
}

15
authenticate.php Normal file
View File

@ -0,0 +1,15 @@
<?php
include_once($_SERVER['DOCUMENT_ROOT'] . "/db_config.php");
$stmt = $mysqli->prepare("CREATE TABLE IF NOT EXISTS users(
id INTEGER PRIMARY KEY,
username TEXT NOT NULL,
passwordHash TEXT NOT NULL,
email TEXT NOT NULL
);");
echo $stmt->execute();
$mysqli->close();

2
config.php.example Normal file
View File

@ -0,0 +1,2 @@
<?php
$base_url = "http://localhost:8080/";

10
db_config.php.example Normal file
View File

@ -0,0 +1,10 @@
<?php
$dbHost = 'localhost';
$dbUser = 'user';
$dbPass = 'pass';
$dbName = 'database';
$mysqli = mysqli_init();
$mysqli->options(MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
$mysqli->ssl_set($_SERVER['DOCUMENT_ROOT'] . "/path/to/client-key.pem", $_SERVER['DOCUMENT_ROOT'] . "/path/to/client-cert.pem", $_SERVER['DOCUMENT_ROOT'] . "/path/to/ca-cert.pem", NULL, NULL);
$mysqli->real_connect($dbHost, $dbUser, $dbPass, $dbName);

22
includes/authcheck.php Normal file
View File

@ -0,0 +1,22 @@
<?php
// Secure session settings
ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_secure', 1);
ini_set('session.use_strict_mode', 1);
session_start();
function isAuthenticated(): bool {
if (isset($_SESSION['authenticated']) && $_SESSION['authenticated'] === true) {
return true;
} else {
return false;
}
}
// Usage
if (!isAuthenticated()) {
header('Location: /login');
exit();
}

1
includes/footer.php Normal file
View File

@ -0,0 +1 @@
<?php

15
includes/header.php Normal file
View File

@ -0,0 +1,15 @@
<?php
include_once($_SERVER['DOCUMENT_ROOT'] . "/config.php")
?>
<div class="tab">
<a class="tablinks" href="<?php echo $base_url ?>/">Home</a>
<a class="tablinks" href="<?php echo $base_url ?>/panel/">Panel</a>
<!--<a class="tablinks" href="/task/new/">New Task</a>-->
<?php
if (isset($_SESSION['authenticated']) && $_SESSION['authenticated'] === true) {
echo '<a class="tablinks" href="' . $base_url . '/logout/">Logout</a>';
} else {
echo '<a class="tablinks" href="' . $base_url . '/login/">Login</a>';
}
?>
</div>

36
includes/utils.php Normal file
View File

@ -0,0 +1,36 @@
<?php
/**
* Get header Authorization
* */
function get_authorization_header(): ?string {
$headers = null;
if (isset($_SERVER['Authorization'])) {
$headers = trim($_SERVER["Authorization"]);
}
else if (isset($_SERVER['HTTP_AUTHORIZATION'])) { //Nginx or fast CGI
$headers = trim($_SERVER["HTTP_AUTHORIZATION"]);
} elseif (function_exists('apache_request_headers')) {
$requestHeaders = apache_request_headers();
// Server-side fix for bug in old Android versions (a nice side-effect of this fix means we don't care about capitalization for Authorization)
$requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders));
//print_r($requestHeaders);
if (isset($requestHeaders['Authorization'])) {
$headers = trim($requestHeaders['Authorization']);
}
}
return $headers;
}
/**
* get access token from header
* */
function get_bearer_token(): ?string {
$headers = get_authorization_header();
// HEADER: Get the access token from the header
if (!empty($headers)) {
if (preg_match('/Bearer\s(\S+)/', $headers, $matches)) {
return $matches[1];
}
}
return null;
}

28
index.php Normal file
View File

@ -0,0 +1,28 @@
<?php
session_start();
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Link Buttons Page</title>
<link rel="stylesheet" href="assets/css/style.css">
</head>
<body>
<?php include($_SERVER['DOCUMENT_ROOT'] . "/includes/header.php"); ?>
<div class="container">
<h1>TVPN</h1>
<div class="buttons">
<button onclick="openLink('/authenticate')">Authenticate</button>
<button onclick="openLink('/login')">Login</button>
<button onclick="openLink('#')">Placeholder</button>
<button onclick="openLink('#')">Placeholder</button>
<button onclick="openLink('#')">Placeholder</button>
</div>
</div>
<script src="script.js"></script>
</body>
</html>

66
login/authenticate.php Normal file
View File

@ -0,0 +1,66 @@
<?php
include_once($_SERVER['DOCUMENT_ROOT'] . "/db_config.php");
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
// Get the JSON input
$data = json_decode(file_get_contents('php://input'), true);
if (is_null($data)) {
header('Content-Type: application/json');
http_response_code(412);
echo '{"success":"false","message":"No body sent."}';
return;
}
$user = $data['username'];
$pass = $data['password'];
// Input validation and sanitization
$user = $mysqli->real_escape_string($user);
// Prepare and bind
$stmt = $mysqli->prepare("SELECT passwordHash FROM users WHERE username = ?");
$stmt->bind_param("s", $user);
// Execute statement
$stmt->execute();
// Get result
$result = $stmt->get_result();
$response = array();
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
$hashed_password = $row['passwordHash'];
if (password_verify($pass, $hashed_password)) {
// Regenerate session ID to prevent session fixation
session_regenerate_id(true);
// Create session
$_SESSION['authenticated'] = true;
$_SESSION['username'] = $user;
$response['success'] = true;
$response['message'] = 'Login successful!';
} else {
$response['success'] = false;
$response['message'] = 'Invalid username or password.';
}
} else {
$response['success'] = false;
$response['message'] = 'Invalid username or password.';
}
// Close connections
$stmt->close();
$mysqli->close();
// Return JSON response
header('Content-Type: application/json');
echo '{"success":"' . $response['success'] . '","message":"' . $response['message'] . '"' . '}';

2
login/genpass.php Normal file
View File

@ -0,0 +1,2 @@
<?php
echo password_hash($_GET['password'], PASSWORD_BCRYPT);

33
login/index.php Normal file
View File

@ -0,0 +1,33 @@
<?php
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login</title>
<link rel="stylesheet" href="/assets/css/style.css">
</head>
<body>
<?php include($_SERVER['DOCUMENT_ROOT'].'/includes/header.php'); ?>
<div class="container">
<h1>Login</h1>
<form id="loginForm">
<div class="form-group">
<label for="username">Username:</label>
<input type="text" id="username" name="username" required>
</div>
<div class="form-group">
<label for="password">Password:</label>
<input type="password" id="password" name="password" required>
</div>
<button type="submit">Login</button>
</form>
<div id="response"></div>
<div id="spinner" class="spinner" style="display: none;"></div>
</div>
<script src="script.js"></script>
</body>
</html>

36
login/script.js Normal file
View File

@ -0,0 +1,36 @@
document.getElementById('loginForm').addEventListener('submit', function(e) {
e.preventDefault();
const username = document.getElementById('username').value;
const password = document.getElementById('password').value;
const data = {
username: username,
password: password
};
// Show spinner
document.getElementById('spinner').style.display = 'block';
fetch('authenticate.php', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(data)
})
.then(response => response.json())
.then(data => {
document.getElementById('response').innerText = data.message;
// Hide spinner
document.getElementById('spinner').style.display = 'none';
if (data.success) {
window.location.href = '../'; // Redirect on successful login
}
})
.catch((error) => {
document.getElementById('response').innerText = 'Error: ' + error;
// Hide spinner
document.getElementById('spinner').style.display = 'none';
});
});

24
logout/index.php Normal file
View File

@ -0,0 +1,24 @@
<?php
// Start the session
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
// Unset all session variables
$_SESSION = array();
// If there's a session cookie, delete it
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}
// Destroy the session
session_destroy();
// Redirect to login page
header('Location: /login');
exit();

16
panel/index.php Normal file
View File

@ -0,0 +1,16 @@
<?php
include_once($_SERVER['DOCUMENT_ROOT'] . '/includes/authcheck.php');
include_once($_SERVER['DOCUMENT_ROOT'] . '/db_config.php');
?>
<!DOCTYPE html>
<html lang="en">
<head>
<link rel="stylesheet" href="../assets/css/style.css">
<title>TVPN Panel</title>
</head>
<body>
<?php include($_SERVER['DOCUMENT_ROOT'] . '/includes/header.php'); ?>
<h1>Hello World!</h1>
</body>
</html>

3
script.js Normal file
View File

@ -0,0 +1,3 @@
function openLink(url) {
window.open(url, '_blank');
}