From d91a1af9a1ef04c099d67adc2ee1a3bda963736b Mon Sep 17 00:00:00 2001 From: Rignchen Date: Mon, 10 Jun 2024 13:05:01 +0200 Subject: [PATCH 1/3] refactor: rename login/ -> php/\n\ncalling the folder php is more representative of what there is inside --- {login => php}/.gitignore | 0 {login => php}/composer.json | 0 {login => php}/composer.lock | 0 {login => php}/lib.php | 0 {login => php}/login.http | 0 {login => php}/public/esp.php | 0 {login => php}/public/login.php | 0 7 files changed, 0 insertions(+), 0 deletions(-) rename {login => php}/.gitignore (100%) rename {login => php}/composer.json (100%) rename {login => php}/composer.lock (100%) rename {login => php}/lib.php (100%) rename {login => php}/login.http (100%) rename {login => php}/public/esp.php (100%) rename {login => php}/public/login.php (100%) diff --git a/login/.gitignore b/php/.gitignore similarity index 100% rename from login/.gitignore rename to php/.gitignore diff --git a/login/composer.json b/php/composer.json similarity index 100% rename from login/composer.json rename to php/composer.json diff --git a/login/composer.lock b/php/composer.lock similarity index 100% rename from login/composer.lock rename to php/composer.lock diff --git a/login/lib.php b/php/lib.php similarity index 100% rename from login/lib.php rename to php/lib.php diff --git a/login/login.http b/php/login.http similarity index 100% rename from login/login.http rename to php/login.http diff --git a/login/public/esp.php b/php/public/esp.php similarity index 100% rename from login/public/esp.php rename to php/public/esp.php diff --git a/login/public/login.php b/php/public/login.php similarity index 100% rename from login/public/login.php rename to php/public/login.php From c82fe88befc5741acd0be7179c20a96df237cb4f Mon Sep 17 00:00:00 2001 From: Rignchen Date: Mon, 10 Jun 2024 13:39:24 +0200 Subject: [PATCH 2/3] refactor: move files from public folder to private --- php/private/esp.php | 40 ++++++++++++++++++++++++++++++++ php/private/login.php | 53 +++++++++++++++++++++++++++++++++++++++++++ php/public/esp.php | 40 +------------------------------- php/public/login.php | 53 +------------------------------------------ 4 files changed, 95 insertions(+), 91 deletions(-) create mode 100644 php/private/esp.php create mode 100644 php/private/login.php diff --git a/php/private/esp.php b/php/private/esp.php new file mode 100644 index 0000000..dba6caa --- /dev/null +++ b/php/private/esp.php @@ -0,0 +1,40 @@ + $_GET, + 'POST' => json_decode(file_get_contents("php://input"), true), + default => output(['error' => 'Unsupported method'], 405), +}; + +// check if the esp's ip is provided +if (!isset($data['ip'])) + output(['error' => 'IP is required'], 400); + +// Load environment variables +$dotenv = new Dotenv(); +$dotenv->load(__DIR__ . '/../.env'); + +// check if the user is authenticated +$user = getallheaders()['Authorization']; +if (!isset($user)) + output(['error' => 'Unauthorized'], 401); + +// remove the Bearer prefix +$user = substr($user, 7); + +// test if the user is web_user +$decoded = JWT::decode($user, new Key($_ENV['JWT_SECRET'], 'HS256')); +if ($decoded->role !== 'web_user') + output(['error' => 'Unauthorized'], 401); + +// Generate a token for the esp +$token = JWT::encode(['role' => 'esp32', 'ip' => $data['ip']], $_ENV['JWT_SECRET'], 'HS256'); + +output(['token' => $token], 200); \ No newline at end of file diff --git a/php/private/login.php b/php/private/login.php new file mode 100644 index 0000000..a535526 --- /dev/null +++ b/php/private/login.php @@ -0,0 +1,53 @@ + $_GET, + 'POST' => json_decode(file_get_contents("php://input"), true), + default => output(['error' => 'Unsupported method'], 405), +}; + +if (!isset($data['username']) || !isset($data['password'])) + output(['error' => 'Username and password are required'], 400); + +// Load environment variables +$dotenv = new Dotenv(); +$dotenv->load(__DIR__ . '/../.env'); + +// Generate a token and use it to get the user +$token = JWT::encode(['role' => 'web_login', 'exp' => time()], $_ENV['JWT_SECRET'], 'HS256'); +$user = callAPI('GET', $_ENV['POSTGREST_API'] . "/users?username=eq.{$data['username']}&limit=1&select=password,id", [], ["Authorization: Bearer $token"]); + +// Check if the answer is valid +if ($user === false) + output(['error' => + $_ENV['DETAILED_ERRORS'] === 'true' ? + 'Unable to connect to the API' : + 'Unknown error' + ], 500); +$user = json_decode($user, true); +if (isset($user["message"])) + output(['error' => + $_ENV['DETAILED_ERRORS'] === 'true' ? + $user : + 'Unknown error' + ], 500); + +if (empty($user)) + output(['error' => 'Unknown user'], 401); +if (!password_verify($data['password'], $user[0]['password'])) + output(['error' => 'Invalid password'], 401); + +// Generate a token for the user that expires at midnight +$payload = [ + 'role' => 'web_user', + 'id' => $user[0]['id'], + 'exp' => strtotime('tomorrow midnight') +]; +$token = JWT::encode($payload, $_ENV['JWT_SECRET'], 'HS256'); + +output(['token' => $token]); diff --git a/php/public/esp.php b/php/public/esp.php index dba6caa..8761663 100644 --- a/php/public/esp.php +++ b/php/public/esp.php @@ -1,40 +1,2 @@ $_GET, - 'POST' => json_decode(file_get_contents("php://input"), true), - default => output(['error' => 'Unsupported method'], 405), -}; - -// check if the esp's ip is provided -if (!isset($data['ip'])) - output(['error' => 'IP is required'], 400); - -// Load environment variables -$dotenv = new Dotenv(); -$dotenv->load(__DIR__ . '/../.env'); - -// check if the user is authenticated -$user = getallheaders()['Authorization']; -if (!isset($user)) - output(['error' => 'Unauthorized'], 401); - -// remove the Bearer prefix -$user = substr($user, 7); - -// test if the user is web_user -$decoded = JWT::decode($user, new Key($_ENV['JWT_SECRET'], 'HS256')); -if ($decoded->role !== 'web_user') - output(['error' => 'Unauthorized'], 401); - -// Generate a token for the esp -$token = JWT::encode(['role' => 'esp32', 'ip' => $data['ip']], $_ENV['JWT_SECRET'], 'HS256'); - -output(['token' => $token], 200); \ No newline at end of file +require_once __DIR__ . '/../private/esp.php'; diff --git a/php/public/login.php b/php/public/login.php index a535526..09c8313 100644 --- a/php/public/login.php +++ b/php/public/login.php @@ -1,53 +1,2 @@ $_GET, - 'POST' => json_decode(file_get_contents("php://input"), true), - default => output(['error' => 'Unsupported method'], 405), -}; - -if (!isset($data['username']) || !isset($data['password'])) - output(['error' => 'Username and password are required'], 400); - -// Load environment variables -$dotenv = new Dotenv(); -$dotenv->load(__DIR__ . '/../.env'); - -// Generate a token and use it to get the user -$token = JWT::encode(['role' => 'web_login', 'exp' => time()], $_ENV['JWT_SECRET'], 'HS256'); -$user = callAPI('GET', $_ENV['POSTGREST_API'] . "/users?username=eq.{$data['username']}&limit=1&select=password,id", [], ["Authorization: Bearer $token"]); - -// Check if the answer is valid -if ($user === false) - output(['error' => - $_ENV['DETAILED_ERRORS'] === 'true' ? - 'Unable to connect to the API' : - 'Unknown error' - ], 500); -$user = json_decode($user, true); -if (isset($user["message"])) - output(['error' => - $_ENV['DETAILED_ERRORS'] === 'true' ? - $user : - 'Unknown error' - ], 500); - -if (empty($user)) - output(['error' => 'Unknown user'], 401); -if (!password_verify($data['password'], $user[0]['password'])) - output(['error' => 'Invalid password'], 401); - -// Generate a token for the user that expires at midnight -$payload = [ - 'role' => 'web_user', - 'id' => $user[0]['id'], - 'exp' => strtotime('tomorrow midnight') -]; -$token = JWT::encode($payload, $_ENV['JWT_SECRET'], 'HS256'); - -output(['token' => $token]); +require_once __DIR__ . '/../private/login.php'; From 86c31b787d2cab572d3bda01a7756fe5fbf64dea Mon Sep 17 00:00:00 2001 From: Rignchen Date: Mon, 10 Jun 2024 14:56:06 +0200 Subject: [PATCH 3/3] refactor: move Dockerfile in their own folder --- Dockerfile.Php | 12 ------------ Dockerfile.Nginx => Dockerfile/Dockerfile.Nginx | 10 +++++----- Dockerfile/Dockerfile.Php | 13 +++++++++++++ Dockerfile.Sqitch => Dockerfile/Dockerfile.Sqitch | 0 docker-compose.prod.yml | 6 +++--- 5 files changed, 21 insertions(+), 20 deletions(-) delete mode 100644 Dockerfile.Php rename Dockerfile.Nginx => Dockerfile/Dockerfile.Nginx (60%) create mode 100644 Dockerfile/Dockerfile.Php rename Dockerfile.Sqitch => Dockerfile/Dockerfile.Sqitch (100%) diff --git a/Dockerfile.Php b/Dockerfile.Php deleted file mode 100644 index c16362b..0000000 --- a/Dockerfile.Php +++ /dev/null @@ -1,12 +0,0 @@ -# php 8.3 with the files, install dependencies -FROM composer:2.7 -COPY login . -RUN composer install - -# copy required files to new image -FROM php:8.3-fpm-alpine -COPY login/public /var/www/memoires-info/php/public -COPY login/lib.php /var/www/memoires-info/php -COPY .env /var/www/memoires-info/php/ -COPY --from=0 ./app/vendor /var/www/memoires-info/php/vendor - diff --git a/Dockerfile.Nginx b/Dockerfile/Dockerfile.Nginx similarity index 60% rename from Dockerfile.Nginx rename to Dockerfile/Dockerfile.Nginx index 554e242..05787ed 100644 --- a/Dockerfile.Nginx +++ b/Dockerfile/Dockerfile.Nginx @@ -1,6 +1,6 @@ # node 20, build the application FROM node:20.12.2-alpine3.19 -COPY Interface . +COPY ../Interface . RUN npm install RUN npm run build @@ -8,12 +8,12 @@ RUN npm run build # nginx 1.26 on port 80, keep the build output, nginx config FROM nginx:1.26-alpine-otel EXPOSE 80 -COPY --from=0 ./dist /var/www/memoires-info/html -COPY .env /var/www/memoires-info/html/.env +COPY --from=0 ../dist /var/www/memoires-info/html +COPY ../.env /var/www/memoires-info/html/.env # copy the nginx config -COPY ./nginx.conf /etc/nginx/conf.d/default.conf +COPY ../nginx.conf /etc/nginx/conf.d/default.conf RUN sed -i '/location \/adminer\//,/}/d' /etc/nginx/conf.d/default.conf # copy php files for ngnix to know they exist -COPY login/public /var/www/memoires-info/php/public +COPY ../php/public /var/www/memoires-info/php/public diff --git a/Dockerfile/Dockerfile.Php b/Dockerfile/Dockerfile.Php new file mode 100644 index 0000000..f8b05c0 --- /dev/null +++ b/Dockerfile/Dockerfile.Php @@ -0,0 +1,13 @@ +# php 8.3 with the files, install dependencies +FROM composer:2.7 +COPY ../php . +RUN composer install + +# copy required files to new image +FROM php:8.3-fpm-alpine +COPY ../php/public /var/www/memoires-info/php/public +COPY ../php/private /var/www/memoires-info/php/private +COPY ../php/lib.php /var/www/memoires-info/php +COPY ../.env /var/www/memoires-info/php/ +COPY --from=0 ../app/vendor /var/www/memoires-info/php/vendor + diff --git a/Dockerfile.Sqitch b/Dockerfile/Dockerfile.Sqitch similarity index 100% rename from Dockerfile.Sqitch rename to Dockerfile/Dockerfile.Sqitch diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index 387f6ea..4933c5d 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -28,7 +28,7 @@ services: migration: build: context: . - dockerfile: Dockerfile.Sqitch + dockerfile: Dockerfile/Dockerfile.Sqitch image: sqitch-memoires-info environment: SQITCH_TARGET: "db:pg://postgres:${POSTGRES_PASSWORD}@db:5432/memoires-info" @@ -53,7 +53,7 @@ services: php: build: context: . - dockerfile: Dockerfile.Php + dockerfile: Dockerfile/Dockerfile.Php image: php-memoires-info depends_on: - postg-rest @@ -61,7 +61,7 @@ services: web: build: context: . - dockerfile: Dockerfile.Nginx + dockerfile: Dockerfile/Dockerfile.Nginx image: nginx-memoires-info ports: - '80:80'