Sync current dev state
This commit is contained in:
SamiAhmed7777
71
api/auth.php
71
api/auth.php
@@ -15,17 +15,11 @@
|
||||
|
||||
define('_ISVALID', true);
|
||||
|
||||
// Include CORS configuration
|
||||
require_once __DIR__ . '/cors.config.php';
|
||||
|
||||
// Set JSON content type
|
||||
header('Content-Type: application/json');
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
|
||||
header('Access-Control-Allow-Headers: Content-Type, Authorization');
|
||||
|
||||
// Handle preflight requests
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
||||
http_response_code(200);
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once '../f_core/config.core.php';
|
||||
|
||||
@@ -227,17 +221,70 @@ try {
|
||||
if ($method !== 'GET') {
|
||||
sendResponse(['success' => false, 'message' => 'Method not allowed'], 405);
|
||||
}
|
||||
|
||||
|
||||
$isAuthenticated = $auth->isAuthenticated();
|
||||
$user = $isAuthenticated ? $auth->getCurrentUser() : null;
|
||||
|
||||
|
||||
sendResponse([
|
||||
'success' => true,
|
||||
'authenticated' => $isAuthenticated,
|
||||
'user' => $user
|
||||
]);
|
||||
break;
|
||||
|
||||
|
||||
case 'login_token':
|
||||
// JWT Token-based login for API clients (no session)
|
||||
if ($method !== 'POST') {
|
||||
sendResponse(['success' => false, 'message' => 'Method not allowed'], 405);
|
||||
}
|
||||
|
||||
$data = array_merge($_POST, getJsonInput());
|
||||
$missing = validateRequired($data, ['identifier', 'password']);
|
||||
|
||||
if (!empty($missing)) {
|
||||
sendResponse([
|
||||
'success' => false,
|
||||
'message' => 'Username/email and password are required'
|
||||
], 400);
|
||||
}
|
||||
|
||||
// Optional: specify token expiry time (in seconds)
|
||||
$expiryTime = isset($data['expires_in']) ? (int)$data['expires_in'] : null;
|
||||
|
||||
$result = $auth->loginWithToken($data['identifier'], $data['password'], $expiryTime);
|
||||
sendResponse($result, $result['success'] ? 200 : 401);
|
||||
break;
|
||||
|
||||
case 'verify_token':
|
||||
// Verify a JWT token and return user info
|
||||
if ($method !== 'POST' && $method !== 'GET') {
|
||||
sendResponse(['success' => false, 'message' => 'Method not allowed'], 405);
|
||||
}
|
||||
|
||||
// Get token from Authorization header or request body
|
||||
$user = $auth->authenticateBearer();
|
||||
|
||||
if (!$user) {
|
||||
// Try getting token from request body
|
||||
$data = array_merge($_POST, getJsonInput());
|
||||
$token = $data['token'] ?? '';
|
||||
|
||||
if ($token) {
|
||||
$user = $auth->validateJWTToken($token);
|
||||
}
|
||||
}
|
||||
|
||||
if (!$user) {
|
||||
sendResponse(['success' => false, 'message' => 'Invalid or expired token'], 401);
|
||||
}
|
||||
|
||||
sendResponse([
|
||||
'success' => true,
|
||||
'valid' => true,
|
||||
'user' => $user
|
||||
]);
|
||||
break;
|
||||
|
||||
default:
|
||||
sendResponse(['success' => false, 'message' => 'Invalid action'], 400);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user