Browse Source

discard geoserver user combination in auth, clean code, add workspace in geoserver proxy url

master
o.moresis 1 year ago
parent
commit
baf32275b5
  1. 88
      src/Controllers/AuthController.php
  2. 7
      src/Controllers/GeoserverController.php
  3. 2
      src/Controllers/InterfaceController.php

88
src/Controllers/AuthController.php

@ -4,7 +4,6 @@ use MSFD\Services\PgSql;
use MSFD\Services\GeoserverAPI; use MSFD\Services\GeoserverAPI;
class AuthController { class AuthController {
public function index() { public function index() {
@ -13,54 +12,41 @@ class AuthController {
} }
public function userSignin() { public function userSignin() {
$user_id = ''; $user_id = '';
// Prevent invalid email input // Prevent invalid email input
$email = $_POST['username']; $email = $_POST['username'];
$password = $_POST['password']; $password = $_POST['password'];
if (!valid_email($email)) { if (!valid_email($email)) {
header('HTTP/1.1 422 Unprocessable Entity'); header('HTTP/1.1 422 Unprocessable Entity');
header('Location: login'); header('Location: login');
exit(422); exit(422);
} }
$api = new GeoserverAPI(); $api = new GeoserverAPI();
$sql = "select geo_id from webapp.users where email = '{$email}' and password = '{$password}' and origin <> 'GUEST'"; $sql = "select geo_id from webapp.users where email = '{$email}' and password = '{$password}' and origin <> 'GUEST'";
$user_id = PgSql::getCol($sql); $user_id = PgSql::getCol($sql);
if (!empty($user_id)) { if (!empty($user_id)) {
$res = $api->getUser($user_id); // $res = $api->getUser($user_id);
$sql_groups = "SELECT group_id FROM webapp.users u $sql_groups = "SELECT group_id FROM webapp.users u
JOIN webapp.users__groups ug ON u.geo_id = ug.user_id JOIN webapp.users__groups ug ON u.geo_id = ug.user_id
WHERE geo_id = '${user_id}'"; WHERE geo_id = '${user_id}'";
$user_groups = Pgsql::getColValues($sql_groups); $user_groups = Pgsql::getColValues($sql_groups);
$sql_name = "SELECT fname FROM webapp.users u $sql_name = "SELECT fname FROM webapp.users u
WHERE geo_id = '${user_id}'"; WHERE geo_id = '${user_id}'";
$user_name = PgSql::getCol($sql_name); $user_name = PgSql::getCol($sql_name);
if ($res !== FALSE) { $_SESSION['user_id'] = $user_id;
foreach($res->users as $entry) { $_SESSION['user_groups'] = $user_groups;
// if user id exists in geoserver $_SESSION['user_name'] = $user_name;
if ($entry->userName == $user_id) {
// STORE ROLE HERE IN SESSION USING API header('Location: /');
$role = $api->getRole($user_id); exit(0);
$_SESSION['user_id'] = $user_id;
$_SESSION['user_groups'] = $user_groups;
$_SESSION['user_name'] = $user_name;
header('Location: /');
exit(0);
}
}
} else {
header('HTTP/1.1 403 Forbidden');
header('Refresh: 2; URL = index.php');
exit(403);
}
} else { } else {
echo 'No such user in geoserver'; echo 'No such user';
header('HTTP/1.1 403 Forbidden'); header('HTTP/1.1 403 Forbidden');
header('Refresh: 2; URL = index.php'); header('Refresh: 2; URL = index.php');
exit(403); exit(403);
} }
} }
@ -76,7 +62,6 @@ class AuthController {
exit(422); exit(422);
} }
$api = new GeoserverAPI();
$sql = "select geo_id from webapp.users where email = '{$email}' and origin <> 'GUEST'"; $sql = "select geo_id from webapp.users where email = '{$email}' and origin <> 'GUEST'";
$user_id = PgSql::getCol($sql); $user_id = PgSql::getCol($sql);
@ -105,12 +90,11 @@ class AuthController {
public function logout() { public function logout() {
session_start(); session_start();
session_destroy(); session_destroy();
unset($_SESSION); unset($_SESSION);
$_SESSION = array(); $_SESSION = array();
header("Location: login"); header("Location: login");
exit(); exit();
header('Refresh: 2; URL = index.php');
} }
@ -131,7 +115,6 @@ function guidv4($data = null) {
// Generate 16 bytes (128 bits) of random data or use the data passed into the function. // Generate 16 bytes (128 bits) of random data or use the data passed into the function.
$data = $data ?? random_bytes(16); $data = $data ?? random_bytes(16);
assert(strlen($data) == 16); assert(strlen($data) == 16);
// Set version to 0100 // Set version to 0100
$data[6] = chr(ord($data[6]) & 0x0f | 0x40); $data[6] = chr(ord($data[6]) & 0x0f | 0x40);
// Set bits 6-7 to 10 // Set bits 6-7 to 10
@ -142,7 +125,6 @@ function guidv4($data = null) {
} }
function valid_email($str) { function valid_email($str) {
return (!preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE; return (!preg_match("/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str)) ? FALSE : TRUE;
} }

7
src/Controllers/GeoserverController.php

@ -6,16 +6,13 @@ class GeoserverController {
public function wms() { public function wms() {
$username='portal'; $username='portal';
$password='@dm!n322'; $password='@dm!n322';
//$url = 'http://geoserver.hcmr.gr:8080/geoserver/wms';
$params = $_GET; $params = $_GET;
$url = 'https://geoserver.hcmr.gr/geoserver/wms' . '?' . http_build_query($params); $url = 'https://geoserver.hcmr.gr/geoserver/MSFD_NEW/wms/' . '?' . http_build_query($params);
$ch = curl_init(); $ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_TIMEOUT, 30); //timeout after 30 seconds curl_setopt($ch, CURLOPT_TIMEOUT, 30); //timeout after 30 seconds
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$username:$password"); curl_setopt($ch, CURLOPT_USERPWD, "$username:$password");
//curl_setopt($ch, CURLOPT_HEADER, TRUE); // we want headers
//curl_setopt($ch, CURLOPT_NOBODY, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
$content = curl_exec($ch); $content = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
@ -29,7 +26,7 @@ class GeoserverController {
$srs = $data['srs']; $srs = $data['srs'];
$username='portal'; $username='portal';
$password='@dm!n322'; $password='@dm!n322';
$url = "https://{$username}:{$password}@geoserver.hcmr.gr/geoserver/wfs?service=WFS&version=1.1.0&request=GetFeature&srsName={$srs}&typename=MSFD_NEW:{$layer}&outputFormat=SHAPE-ZIP"; $url = "https://{$username}:{$password}@geoserver.hcmr.gr/geoserver/MSFD_NEW/wfs?service=WFS&version=1.1.0&request=GetFeature&srsName={$srs}&typename=MSFD_NEW:{$layer}&outputFormat=SHAPE-ZIP";
header($_SERVER["SERVER_PROTOCOL"] . " 200 OK"); header($_SERVER["SERVER_PROTOCOL"] . " 200 OK");
header("Content-Type: application/zip"); header("Content-Type: application/zip");

2
src/Controllers/InterfaceController.php

@ -56,7 +56,7 @@ class InterfaceController {
echo convertToGeoJSON($json, 'ctStationDecimalLongitude', 'ctStationDecimalLatitude'); echo convertToGeoJSON($json, 'ctStationDecimalLongitude', 'ctStationDecimalLatitude');
break; break;
default: default:
$url = "https://portal:@dm!n322@geoserver.hcmr.gr/geoserver/ows?service=WFS&version=1.0.0&request=GetFeature&typeName={$layer}&outputFormat=application/json"; $url = "https://portal:@dm!n322@geoserver.hcmr.gr/geoserver/MSFD_NEW/ows?service=WFS&version=1.0.0&request=GetFeature&typeName={$layer}&outputFormat=application/json";
$readJSONFile = file_get_contents($url); $readJSONFile = file_get_contents($url);
echo $readJSONFile; echo $readJSONFile;

Loading…
Cancel
Save