Файловый менеджер

Файловый менеджер - Редактировать - /var/www/readzy/core/src/api.php

Назад
<?php /** * Readzy - API Class * * @author Daniel Sturrock * @copyright 2019 App Studio Pty Ltd / namespace readzy; use \Exception; class api { public $api_method; public $http_method; public $access_token; public $auth = false; public $method_names = array(); public $get; public $post; public $data; public $authData; public $user = null; const USE_HTTPS = false; const GET = 'GET'; const POST = 'POST'; const METHOD = 'method'; const AUTH_TOKEN = 'authToken'; const PASS = 'pass'; const ERROR = 'error'; const ERROR_API = 'Critical api failure.'; const ERROR_HTTP = 'Unsupported http method'; const HEADER_ALLOW_ORIGIN = 'access-control-allow-origin: '; const HEADER_JSON = 'content-type: application/json; charset=utf-8'; const ERROR_METHOD = 'Unsupported method'; public function __construct($get, $post) { $this->run_time = microtime(true); $this->data = $_REQUEST; header(self::HEADER_ALLOW_ORIGIN); header(self::HEADER_JSON); if($_SERVER['REQUEST_METHOD'] == 'GET') { $this->get = $get; } if($_SERVER['REQUEST_METHOD'] == 'POST') { $this->post = $post; } $this->http_method = $_SERVER['REQUEST_METHOD']; if(isset($get[self::METHOD])) $this->api_method = $get[self::METHOD]; } public function get($method_name, $method_function) { $this->method_names['GET:'.$method_name]['function'] = $method_function; $this->method_names['GET:'.$method_name]['auth'] = $this->auth; } public function post($method_name, $method_function) { $this->method_names['POST:'.$method_name]['function'] = $method_function; $this->method_names['POST:'.$method_name]['auth'] = $this->auth; } //DELETE - Not yet completed public function delete($method_name, $method_function) { $this->method_names['DELETE:'.$method_name]['function'] = $method_function; $this->method_names['DELETE:'.$method_name]['auth'] = $this->auth; } public function listEndpoints() { print_r($this->method_names); print_r($this->auth); } public function run() { switch($this->http_method) { case self::GET: $this->executeMethod(); break; case self::POST: $this->executeMethod(); break; default: $this->jsonError(self::ERROR_HTTP . $this->http_method); } } private function executeMethod() { //Check if method exists if(!isset($this->method_names[$this->http_method.':'.$this->api_method])){ $this->jsonError(self::ERROR_METHOD.' - '.$this->api_method.' - '.$this->http_method); } // Check if using HTTPS - AWS //if((isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') && self::USE_HTTPS){ //$this->jsonError('You must use https when connecting to this API'); //} //Check if needs to authenticate if($this->method_names[$this->http_method.':'.$this->api_method]['auth']){ //Find auth token $this->getAuthToken(); if(!isset($this->access_token)){ $this->jsonError('Missing Auth Token'); } if(!$this->sigVerify($this->authToken('decrypt',$this->access_token))){ $this->jsonError('Invalid Auth Token'); } //Get users details $auth = new user($this->authData['user_id'],$this->authData['app_id']); if(!$auth->get()){ $api->jsonError("Invalid User - Please logout of Swipa then log back in."); } $this->user = $auth->data; } //Validate signiture for GET requests //Have to fix for long POST requests if($this->http_method == 'GET' && isset($this->authData['requireSigniture']) && $this->authData['requireSigniture'] == 'true'){ if(!self::verify($this->get)){ $this->jsonError('Invalid Signiture'); } } //Execute the callback try { $array = $this->method_names[$this->http_method.':'.$this->api_method]['function']($this); if (!isset($array)) throw new Exception('Api call returned null'); //Calculate script run time $this->run_time = number_format(microtime(true) - $this->run_time,5); if(isset($_GET['jsoncallback'])){ echo $_GET['jsoncallback'].'('.json_encode(array_merge([self::PASS => true], $array, ['run_time' => $this->run_time])).')'; }else{ echo json_encode(array_merge([self::PASS => true], $array, ['run_time' => $this->run_time])); } } catch (Exception $error) { $this->jsonError($error->getMessage()); } } private function getAuthToken() { if(isset($_GET[self::AUTH_TOKEN])){ $this->access_token = $_GET[self::AUTH_TOKEN]; return true; } if(isset($_POST[self::AUTH_TOKEN])){ $this->access_token = $_POST[self::AUTH_TOKEN]; return true; } } public function jsonError($error_message) { if(isset($_GET['jsoncallback'])){ die($_GET['jsoncallback'].'('.json_encode(array(self::PASS => false, self::ERROR => $error_message)).')'); }else{ die(json_encode(array(self::PASS => false, self::ERROR => $error_message))); } } public function genAuthToken($data) { $sig = array( 'date' => time() ); $sig = array_merge($data,$sig); $sig['sig'] = $this->sig($sig); return $this->authToken('encrypt',$sig); } public function authToken($action, $string) { $output = false; $encrypt_method = "AES-256-CBC"; $secret_key = 'This is my secret key'; $secret_iv = 'This is my secret iv'; $salt = 'ACC'; // hash $key = hash('sha256', $secret_key); // iv - encrypt method AES-256-CBC expects 16 bytes - else you will get a warning $iv = substr(hash('sha256', $secret_iv), 0, 16); if( $action == 'encrypt' ) { $string = json_encode($string); $output = openssl_encrypt($string, $encrypt_method, $key, 0, $iv); $output = base64_encode($output); $output = $salt.$output; } else if( $action == 'decrypt' ){ $string = substr($string, strlen($salt)); $output = openssl_decrypt(base64_decode($string), $encrypt_method, $key, 0, $iv); } return $output; } public function sig($sig){ return md5(implode("",$sig).'2hyn38h7g0435gh9we'); } public function sigVerify($data){ $json = json_decode($data,true); if(!is_array($json)){ return false; } $data = str_replace($json['sig'], '', implode("",$json)); if($json['sig'] != md5($data.'2hyn38h7g0435gh9we')){ return false; } $this->authData = $json; return true; } public function auth() { $this->auth = true; } public function fields($method, $fields) { foreach($fields as $field){ if(!isset($method[$field])){ $this->jsonError('missing '.$field); } } } public static function verify($get) { //if(isset($get['sig']) && strlen($get['sig']) > 10){ $data = self::cryptoJsAesDecrypt($get['auth_token'],$get['sig']); $pass = true; //$count = 0; foreach($get as $x => $v){ if($x != 'jsoncallback' && $x != '_' && $x != 'sig' && $x != 'method' && $x != 'auth_token'){ if(!isset($data[$x]) \|\| $data[$x] != $get[$x]){ $pass = false; }//else{ // $count++; //} } } if($pass){ return true; }else{ return false; } //}else{ // return false; //} } public static function cryptoJsAesDecrypt($passphrase, $jsonString){ $jsonString = str_replace(' ', '+', $jsonString); $jsondata = json_decode($jsonString, true); try { $salt = hex2bin($jsondata["s"]); $iv = hex2bin($jsondata["iv"]); } catch(Exception $e) { return null; } $ct = base64_decode($jsondata["ct"]); $concatedPassphrase = $passphrase.$salt; $md5 = array(); $md5[0] = md5($concatedPassphrase, true); $result = $md5[0]; for ($i = 1; $i < 3; $i++) { $md5[$i] = md5($md5[$i - 1].$concatedPassphrase, true); $result .= $md5[$i]; } $key = substr($result, 0, 32); $data = openssl_decrypt($ct, 'aes-256-cbc', $key, true, $iv); return json_decode($data, true); } } ?>

| ver. 1.4 | Github | . | PHP 7.0.33-0ubuntu0.16.04.16 | Генерация страницы: 0 | proxy | phpinfo | Настройка