pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement token refresh logic and add refreshkey to user management

Browse Source
This commit is contained in:
“VeLiTi”
2026-02-05 14:00:36 +01:00
parent b34733f9b7
commit c4cb99b945
5 changed files with 138 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/v2/authorization.php
View File

@@ -70,6 +70,11 @@ if ($stmt->rowCount() == 1) {
$stmt_service->execute([$user_data['service'], $user_data['id']]);
}
$user_data['refreshkey'] = bin2hex(random_bytes(25));
$sql_refreshkey = 'UPDATE users SET refreshkey = ? WHERE id = ?';
$stmt_service = $pdo->prepare($sql_refreshkey);
$stmt_service->execute([$user_data['refreshkey'], $user_data['id']]);
$token = createCommunicationToken($user_data['userkey']);
//RETURN JWT AND CLIENTSECRET
@@ -78,6 +83,7 @@ if ($stmt->rowCount() == 1) {
'token' => $token,
'token_valid' => date('Y-m-d H:i:s',time() + 1800),
'userkey' => $user_data['userkey'],
'refreshkey' => $user_data['refreshkey'],
'language' => $user_data['language']
);

93
api/v2/get/token_refresh.php Normal file
View File

@@ -0,0 +1,93 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// User Role Assignments
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//------------------------------------------
//NEW ARRAY
//------------------------------------------
$criterias = [];
$user_permissions = [];
//------------------------------------------
//Check for $_GET variables and build up clause
//------------------------------------------
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
}
}
$token_refresh = $criterias['refreshkey'] ?? null;
if (!$token_refresh) {
http_response_code(400);
exit(json_encode(['error_code' => 'API_INPUT_1','error' => 'refreshkey is required']));
}
//GET USER_DATA
$stmt = $pdo->prepare('SELECT * FROM users WHERE refreshkey = ?');
$stmt->execute([$token_refresh]);
if ($stmt->rowCount() == 1) {
//Get results
$user_data = $stmt->fetch();
//Check valid userkey
$valid_key = strtotime('+30 minutes',strtotime($user_data['lastlogin']));
$valid = ($valid_key <= time())?0:1;
//REFRESH USERKEY
if ($user_data['userkey'] != '' && $valid == 0){
$user_data['userkey'] = bin2hex(random_bytes(25));
$sql_userkey = 'UPDATE users SET userkey = ? WHERE id = ?';
$stmt_userkey = $pdo->prepare($sql_userkey);
$stmt_userkey->execute([$user_data['userkey'], $user_data['id']]);
}
//REFRESH USERKEY
if ($user_data['service'] != '' && $valid == 0){
$user_data['service'] = bin2hex(random_bytes(25));
$sql_service = 'UPDATE users SET service = ? WHERE id = ?';
$stmt_service = $pdo->prepare($sql_service);
$stmt_service->execute([$user_data['service'], $user_data['id']]);
}
//Refresh REFRESHKEY
$user_data['refreshkey'] = bin2hex(random_bytes(25));
$sql_refreshkey = 'UPDATE users SET refreshkey = ? WHERE id = ?';
$stmt_service = $pdo->prepare($sql_refreshkey);
$stmt_service->execute([$user_data['refreshkey'], $user_data['id']]);
$token = createCommunicationToken($user_data['userkey']);
//RETURN JWT AND CLIENTSECRET
$user = array(
'clientID' => $user_data['username'],
'token' => $token,
'token_valid' => date('Y-m-d H:i:s',time() + 1800),
'userkey' => $user_data['userkey'],
'refreshkey' => $user_data['refreshkey'],
'language' => $user_data['language']
);
//+++++++++++++++++++++++++++++++++++++++++++
//Return as JSON
//+++++++++++++++++++++++++++++++++++++++++++
echo json_encode($user, JSON_UNESCAPED_UNICODE);
}
else {
http_response_code(404);
exit(json_encode(['error_code' => 'API_NOT_FOUND','error' => 'Refresh not succesfull']));
}
?>