From baf32275b50eafe83c5c793490f12ed84ef156d4 Mon Sep 17 00:00:00 2001 From: Orestis Moresis Date: Tue, 21 Nov 2023 13:36:56 +0200 Subject: [PATCH] discard geoserver user combination in auth, clean code, add workspace in geoserver proxy url --- src/Controllers/AuthController.php | 88 ++++++++++--------------- src/Controllers/GeoserverController.php | 7 +- src/Controllers/InterfaceController.php | 2 +- 3 files changed, 38 insertions(+), 59 deletions(-) diff --git a/src/Controllers/AuthController.php b/src/Controllers/AuthController.php index 012248c..6614a49 100644 --- a/src/Controllers/AuthController.php +++ b/src/Controllers/AuthController.php @@ -4,7 +4,6 @@ use MSFD\Services\PgSql; use MSFD\Services\GeoserverAPI; - class AuthController { public function index() { @@ -13,54 +12,41 @@ class AuthController { } public function userSignin() { - $user_id = ''; - // Prevent invalid email input - $email = $_POST['username']; - $password = $_POST['password']; - if (!valid_email($email)) { - header('HTTP/1.1 422 Unprocessable Entity'); - header('Location: login'); - exit(422); - } - - $api = new GeoserverAPI(); - $sql = "select geo_id from webapp.users where email = '{$email}' and password = '{$password}' and origin <> 'GUEST'"; - $user_id = PgSql::getCol($sql); + $user_id = ''; + // Prevent invalid email input + $email = $_POST['username']; + $password = $_POST['password']; + if (!valid_email($email)) { + header('HTTP/1.1 422 Unprocessable Entity'); + header('Location: login'); + exit(422); + } + + $api = new GeoserverAPI(); + $sql = "select geo_id from webapp.users where email = '{$email}' and password = '{$password}' and origin <> 'GUEST'"; + $user_id = PgSql::getCol($sql); if (!empty($user_id)) { - $res = $api->getUser($user_id); - $sql_groups = "SELECT group_id FROM webapp.users u - JOIN webapp.users__groups ug ON u.geo_id = ug.user_id - WHERE geo_id = '${user_id}'"; - $user_groups = Pgsql::getColValues($sql_groups); - $sql_name = "SELECT fname FROM webapp.users u - WHERE geo_id = '${user_id}'"; - $user_name = PgSql::getCol($sql_name); + // $res = $api->getUser($user_id); + $sql_groups = "SELECT group_id FROM webapp.users u + JOIN webapp.users__groups ug ON u.geo_id = ug.user_id + WHERE geo_id = '${user_id}'"; + $user_groups = Pgsql::getColValues($sql_groups); + $sql_name = "SELECT fname FROM webapp.users u + WHERE geo_id = '${user_id}'"; + $user_name = PgSql::getCol($sql_name); - if ($res !== FALSE) { - foreach($res->users as $entry) { - // if user id exists in geoserver - if ($entry->userName == $user_id) { - // STORE ROLE HERE IN SESSION USING API - $role = $api->getRole($user_id); - $_SESSION['user_id'] = $user_id; - $_SESSION['user_groups'] = $user_groups; - $_SESSION['user_name'] = $user_name; - - header('Location: /'); - exit(0); - } - } - } else { - header('HTTP/1.1 403 Forbidden'); - header('Refresh: 2; URL = index.php'); - exit(403); - } + $_SESSION['user_id'] = $user_id; + $_SESSION['user_groups'] = $user_groups; + $_SESSION['user_name'] = $user_name; + + header('Location: /'); + exit(0); } else { - echo 'No such user in geoserver'; - header('HTTP/1.1 403 Forbidden'); - header('Refresh: 2; URL = index.php'); - exit(403); + echo 'No such user'; + header('HTTP/1.1 403 Forbidden'); + header('Refresh: 2; URL = index.php'); + exit(403); } } @@ -76,7 +62,6 @@ class AuthController { exit(422); } - $api = new GeoserverAPI(); $sql = "select geo_id from webapp.users where email = '{$email}' and origin <> 'GUEST'"; $user_id = PgSql::getCol($sql); @@ -105,12 +90,11 @@ class AuthController { public function logout() { session_start(); - session_destroy(); - unset($_SESSION); + session_destroy(); + unset($_SESSION); $_SESSION = array(); - header("Location: login"); - exit(); - header('Refresh: 2; URL = index.php'); + header("Location: login"); + exit(); } @@ -131,7 +115,6 @@ function guidv4($data = null) { // Generate 16 bytes (128 bits) of random data or use the data passed into the function. $data = $data ?? random_bytes(16); assert(strlen($data) == 16); - // Set version to 0100 $data[6] = chr(ord($data[6]) & 0x0f | 0x40); // Set bits 6-7 to 10 @@ -142,7 +125,6 @@ function guidv4($data = null) { } - function valid_email($str) { return (!preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE; } diff --git a/src/Controllers/GeoserverController.php b/src/Controllers/GeoserverController.php index c7aeb38..00b1ee6 100644 --- a/src/Controllers/GeoserverController.php +++ b/src/Controllers/GeoserverController.php @@ -6,16 +6,13 @@ class GeoserverController { public function wms() { $username='portal'; $password='@dm!n322'; - //$url = 'http://geoserver.hcmr.gr:8080/geoserver/wms'; $params = $_GET; - $url = 'https://geoserver.hcmr.gr/geoserver/wms' . '?' . http_build_query($params); + $url = 'https://geoserver.hcmr.gr/geoserver/MSFD_NEW/wms/' . '?' . http_build_query($params); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_TIMEOUT, 30); //timeout after 30 seconds curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($ch, CURLOPT_USERPWD, "$username:$password"); - //curl_setopt($ch, CURLOPT_HEADER, TRUE); // we want headers - //curl_setopt($ch, CURLOPT_NOBODY, TRUE); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); $content = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); @@ -29,7 +26,7 @@ class GeoserverController { $srs = $data['srs']; $username='portal'; $password='@dm!n322'; - $url = "https://{$username}:{$password}@geoserver.hcmr.gr/geoserver/wfs?service=WFS&version=1.1.0&request=GetFeature&srsName={$srs}&typename=MSFD_NEW:{$layer}&outputFormat=SHAPE-ZIP"; + $url = "https://{$username}:{$password}@geoserver.hcmr.gr/geoserver/MSFD_NEW/wfs?service=WFS&version=1.1.0&request=GetFeature&srsName={$srs}&typename=MSFD_NEW:{$layer}&outputFormat=SHAPE-ZIP"; header($_SERVER["SERVER_PROTOCOL"] . " 200 OK"); header("Content-Type: application/zip"); diff --git a/src/Controllers/InterfaceController.php b/src/Controllers/InterfaceController.php index e60ed8c..9ddd52a 100644 --- a/src/Controllers/InterfaceController.php +++ b/src/Controllers/InterfaceController.php @@ -56,7 +56,7 @@ class InterfaceController { echo convertToGeoJSON($json, 'ctStationDecimalLongitude', 'ctStationDecimalLatitude'); break; default: - $url = "https://portal:@dm!n322@geoserver.hcmr.gr/geoserver/ows?service=WFS&version=1.0.0&request=GetFeature&typeName={$layer}&outputFormat=application/json"; + $url = "https://portal:@dm!n322@geoserver.hcmr.gr/geoserver/MSFD_NEW/ows?service=WFS&version=1.0.0&request=GetFeature&typeName={$layer}&outputFormat=application/json"; $readJSONFile = file_get_contents($url); echo $readJSONFile;