move things around

slimdash · Mar 3, 2017 · d4320e5 · d4320e5
1 parent 6fa2091
commit d4320e5
Show file tree

Hide file tree

Showing 10 changed files with 162 additions and 71 deletions.
diff --git a/config/routes.ini b/config/routes.ini
@@ -3,7 +3,7 @@ GET @healthcheck: /healthcheck						= \Controllers\Index->getHealthCheck
 GET @root: /										= \Controllers\Index->index
 
 
-GET @home: /main			                        = \Controllers\Index->getDashboard
+GET @home: /main			                        = \Controllers\MainDashboard->getDashboard
 GET @login: /login									= \Controllers\Index->getLogin
 GET @logout: /logout                                = \Controllers\Index->getLogout
 

diff --git a/public/app/main.html.twig b/public/app/main.html.twig
@@ -0,0 +1,66 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="utf-8">
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
+  <title>mtdashmore | Log out</title>
+  <!-- Tell the browser to be responsive to screen width -->
+  <meta content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no" name="viewport">
+  <!-- Bootstrap 3.3.7 -->
+  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
+  <!-- Font Awesome -->
+  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/font-awesome.min.css">
+  <!-- Ionicons -->
+  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css">
+  <!-- Theme style -->
+
+  <link rel="stylesheet" href="/static/css/AdminLTE.min.css">
+  <link rel="stylesheet" href="/static/css/skin-blue.min.css">
+
+  <!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
+  <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
+  <!--[if lt IE 9]>
+  <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
+  <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
+  <![endif]-->
+</head>
+<body class="hold-transition login-page">
+<div class="login-box">
+  <div class="login-logo">
+    <b>example</b> console
+  </div>
+  <!-- /.login-logo -->
+  <div class="login-box-body">
+    <p class="login-box-msg">Thank you for using example console!</p>
+
+    <p><a href="/login">Click here to login</a></p>
+  </div>
+  <!-- /.login-box-body -->
+</div>
+<!-- /.login-box -->
+
+<!-- jQuery -->
+<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
+<!-- Bootstrap -->
+<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
+
+<script src="https://www.gstatic.com/firebasejs/3.4.1/firebase.js"></script>
+<script>
+  // Initialize Firebase
+  var config = {
+    apiKey: "AIzaSyBlB-rAiulzhN59_VqCUYthK37-cSPcrgc",
+    authDomain: "brick-admin.firebaseapp.com",
+    databaseURL: "https://brick-admin.firebaseio.com",
+    storageBucket: "brick-admin.appspot.com",
+    messagingSenderId: "1067107688359"
+  };
+  firebase.initializeApp(config);
+</script>
+<script>
+    function initApp() {
+      firebase.auth().signOut();
+    }
+    $(document).ready(initApp);
+</script>
+</body>
+</html>
diff --git a/src/Controllers/Api/MainDashboard.php b/src/Controllers/Api/MainDashboard.php
diff --git a/src/Controllers/Api/Project.php b/src/Controllers/Api/Project.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace Controllers\Api;
+
+class Project extends \Controllers\BaseSecureController
+{
+    public function postAddProject() {
+    	// add a project
+    }
+
+    public function postUpdateProject() {
+    	// attempt to update a project
+    }
+}
diff --git a/src/Controllers/Api/ProjectDashboard.php b/src/Controllers/Api/ProjectDashboard.php
diff --git a/src/Controllers/BaseController.php b/src/Controllers/BaseController.php
@@ -36,6 +36,48 @@ public function __construct(\Base $f3, array $params = [])
         $this->twig = $twig;
     }
 
+    /**
+     * Decode and validate the token
+     *
+     * @param  string         $$token
+     * @return object|boolean The JWT's payload as a PHP object or false in case of error
+     */
+    public function decodeToken($token)
+    {
+        $rst = [
+            "token" => false,
+            "message" => ""
+        ];
+        try {
+            JWT::$leeway = 8;
+            $content     = file_get_contents("https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com");
+            $kids        = json_decode($content, true);
+            $jwt         = JWT::decode($token, $kids, array('RS256'));
+            $fbpid       = $this->getOrDefault('firebase.projectid', 'dummy');
+            $issuer      = 'https://securetoken.google.com/' . $fbpid;
+            $rst["token"] = $token;
+
+            if ($jwt->aud != $fbpid) {
+                $rst["message"] = 'invalid audience';
+                $rst["token"] = null;
+            } elseif ($jwt->iss != $issuer) {
+                $rst["message"] = 'invalid issuer';
+                $rst["token"] = null;
+            } elseif (empty($jwt->sub)) {
+                $rst["message"] = 'invalid user';
+                $rst["token"] = null;
+            };
+
+        } catch (\Firebase\JWT\ExpiredException $ee) {
+            $rst["message"] = 'token has expired';
+            $rst["token"] = null;
+        } catch (\Exception $e) {
+            $rst["message"] = $e->getMessage();
+            $rst["token"] = null;
+        }
+
+        return $rst;
+    }
 
     /**
      * Shortcut method for rendering a view.

diff --git a/src/Controllers/BaseSecuredController.php b/src/Controllers/BaseSecuredController.php
@@ -6,49 +6,6 @@
 
 class BaseSecuredController extends BaseController
 {
-    /**
-     * Decode and validate the token
-     *
-     * @param  string         $$token
-     * @return object|boolean The JWT's payload as a PHP object or false in case of error
-     */
-    public function decodeToken($token)
-    {
-        $rst = [
-            "token" => false,
-            "message" => ""
-        ];
-        try {
-            JWT::$leeway = 8;
-            $content     = file_get_contents("https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com");
-            $kids        = json_decode($content, true);
-            $jwt         = JWT::decode($token, $kids, array('RS256'));
-            $fbpid       = $this->getOrDefault('firebase.projectid', 'dummy');
-            $issuer      = 'https://securetoken.google.com/' . $fbpid;
-            $rst["token"] = $token;
-
-            if ($jwt->aud != $fbpid) {
-                $rst["message"] = 'invalid audience';
-                $rst["token"] = null;
-            } elseif ($jwt->iss != $issuer) {
-                $rst["message"] = 'invalid issuer';
-                $rst["token"] = null;
-            } elseif (empty($jwt->sub)) {
-                $rst["message"] = 'invalid user';
-                $rst["token"] = null;
-            };
-
-        } catch (\Firebase\JWT\ExpiredException $ee) {
-            $rst["message"] = 'token has expired';
-            $rst["token"] = null;
-        } catch (\Exception $e) {
-            $rst["message"] = $e->getMessage();
-            $rst["token"] = null;
-        }
-
-        return $rst;
-    }
-
     /**
      * Authenticate
      */

diff --git a/src/Controllers/Index.php b/src/Controllers/Index.php
@@ -43,7 +43,18 @@ public function getAuthFirebase()
     {
         $token = $this->queryParam('token');
 
-        // redirect to the main dashboard
-        return $this->response->withRedirect('/main/dash');
+        // validate token
+        $decodedTokenData = $this->decodeToken($token);
+
+        if (is_null($decodedTokenData["token"])) {
+            $this->f3->error('403', 'Token error: ' + $decodedTokenData["message"]);
+            return;
+        }
+
+        // store token into session
+        $this->f3->set('SESSION.decodedToken', $decodedTokenData);
+
+        // success login redirect to home
+        return $f3->reroute('@home');
     }
 }
diff --git a/src/Controllers/MainDashboard.php b/src/Controllers/MainDashboard.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace Controllers;
+
+class MainDashboard extends BaseSecureController
+{
+    public function getDashboard() 
+    {
+    	// get list of projects
+    	// filter out projects user does not have permission to
+    	// return and render to main dashboard
+    	// render main dashboard
+    }
+}
diff --git a/src/Controllers/ProjectDashboard.php b/src/Controllers/ProjectDashboard.php
@@ -0,0 +1,12 @@
+<?php
+
+namespace Controllers;
+
+class ProjectDashboard extends BaseSecureController
+{
+    public function getDashboard() 
+    {
+    	// if user does not have permission to project, redirect to login
+    	// render project
+    }
+}