pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement token refresh logic and add refreshkey to user management

Browse Source
This commit is contained in:
“VeLiTi”
2026-02-05 14:00:36 +01:00
parent b34733f9b7
commit c4cb99b945
5 changed files with 138 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/v2/authorization.php
View File

@@ -70,6 +70,11 @@ if ($stmt->rowCount() == 1) {
$stmt_service->execute([$user_data['service'], $user_data['id']]); $stmt_service->execute([$user_data['service'], $user_data['id']]);
} }
$user_data['refreshkey'] = bin2hex(random_bytes(25));
$sql_refreshkey = 'UPDATE users SET refreshkey = ? WHERE id = ?';
$stmt_service = $pdo->prepare($sql_refreshkey);
$stmt_service->execute([$user_data['refreshkey'], $user_data['id']]);
$token = createCommunicationToken($user_data['userkey']); $token = createCommunicationToken($user_data['userkey']);
//RETURN JWT AND CLIENTSECRET //RETURN JWT AND CLIENTSECRET
@@ -78,6 +83,7 @@ if ($stmt->rowCount() == 1) {
'token' => $token, 'token' => $token,
'token_valid' => date('Y-m-d H:i:s',time() + 1800), 'token_valid' => date('Y-m-d H:i:s',time() + 1800),
'userkey' => $user_data['userkey'], 'userkey' => $user_data['userkey'],
'refreshkey' => $user_data['refreshkey'],
'language' => $user_data['language'] 'language' => $user_data['language']
); );

93
api/v2/get/token_refresh.php Normal file
View File

@@ -0,0 +1,93 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// User Role Assignments
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//------------------------------------------
//NEW ARRAY
//------------------------------------------
$criterias = [];
$user_permissions = [];
//------------------------------------------
//Check for $_GET variables and build up clause
//------------------------------------------
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
}
}
$token_refresh = $criterias['refreshkey'] ?? null;
if (!$token_refresh) {
http_response_code(400);
exit(json_encode(['error_code' => 'API_INPUT_1','error' => 'refreshkey is required']));
}
//GET USER_DATA
$stmt = $pdo->prepare('SELECT * FROM users WHERE refreshkey = ?');
$stmt->execute([$token_refresh]);
if ($stmt->rowCount() == 1) {
//Get results
$user_data = $stmt->fetch();
//Check valid userkey
$valid_key = strtotime('+30 minutes',strtotime($user_data['lastlogin']));
$valid = ($valid_key <= time())?0:1;
//REFRESH USERKEY
if ($user_data['userkey'] != '' && $valid == 0){
$user_data['userkey'] = bin2hex(random_bytes(25));
$sql_userkey = 'UPDATE users SET userkey = ? WHERE id = ?';
$stmt_userkey = $pdo->prepare($sql_userkey);
$stmt_userkey->execute([$user_data['userkey'], $user_data['id']]);
}
//REFRESH USERKEY
if ($user_data['service'] != '' && $valid == 0){
$user_data['service'] = bin2hex(random_bytes(25));
$sql_service = 'UPDATE users SET service = ? WHERE id = ?';
$stmt_service = $pdo->prepare($sql_service);
$stmt_service->execute([$user_data['service'], $user_data['id']]);
}
//Refresh REFRESHKEY
$user_data['refreshkey'] = bin2hex(random_bytes(25));
$sql_refreshkey = 'UPDATE users SET refreshkey = ? WHERE id = ?';
$stmt_service = $pdo->prepare($sql_refreshkey);
$stmt_service->execute([$user_data['refreshkey'], $user_data['id']]);
$token = createCommunicationToken($user_data['userkey']);
//RETURN JWT AND CLIENTSECRET
$user = array(
'clientID' => $user_data['username'],
'token' => $token,
'token_valid' => date('Y-m-d H:i:s',time() + 1800),
'userkey' => $user_data['userkey'],
'refreshkey' => $user_data['refreshkey'],
'language' => $user_data['language']
);
//+++++++++++++++++++++++++++++++++++++++++++
//Return as JSON
//+++++++++++++++++++++++++++++++++++++++++++
echo json_encode($user, JSON_UNESCAPED_UNICODE);
}
else {
http_response_code(404);
exit(json_encode(['error_code' => 'API_NOT_FOUND','error' => 'Refresh not succesfull']));
}
?>

2
assets/database/STEP 2.sql
View File

@@ -919,5 +919,7 @@ UPDATE equipment
SET warranty_date = DATE_ADD(warranty_date, INTERVAL 1 YEAR) SET warranty_date = DATE_ADD(warranty_date, INTERVAL 1 YEAR)
WHERE warranty_date IS NOT NULL; WHERE warranty_date IS NOT NULL;
alter table users add refreshkey varchar(255);
SET FOREIGN_KEY_CHECKS=1; SET FOREIGN_KEY_CHECKS=1;

1
assets/functions.php
View File

@@ -1725,6 +1725,7 @@ function getProfile($profile, $permission){
// Always allowed collections: [collection => allowed_actions_string] // Always allowed collections: [collection => allowed_actions_string]
$always_allowed = [ $always_allowed = [
'com_log' => 'CRU', 'com_log' => 'CRU',
'token_refresh' => 'R',
'application' => 'CRU', 'application' => 'CRU',
'user_roles' => 'R', 'user_roles' => 'R',
'user_role_assignments' => 'R', 'user_role_assignments' => 'R',

36
index.php
View File

@@ -41,6 +41,42 @@ include dirname(__FILE__).'/assets/functions.php';
include dirname(__FILE__).'/settings/settings_redirector.php'; include dirname(__FILE__).'/settings/settings_redirector.php';
include_once dirname(__FILE__).'/settings/countries.php'; include_once dirname(__FILE__).'/settings/countries.php';
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//TOKEN REFRESH LOGIC
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
// Token refresh buffer: refresh token 5 minutes (300 seconds) before expiry
$token_refresh_buffer = 300;
// Check if API token exists and is still valid
if (!isset($_SESSION['authorization']['userkey']) ||
!isset($_SESSION['authorization']['token_valid']) ||
time() >= (strtotime($_SESSION['authorization']['token_valid']) - $token_refresh_buffer)) {
// Token missing, expired, or about to expire - get new token
if (isset($_SESSION['authorization']['refreshkey'])) {
$api_url = '/v2/token_refresh?refreshkey='.$_SESSION['authorization']['refreshkey'];
$responses = ioServer($api_url, '');
//Decode Payload
if (!empty($responses)){$responses = json_decode($responses,true);}else{$responses = null;}
if (isset($responses['userkey']) && isset($responses['token_valid'])) {
// Update session with complete response (same as login.php)
$_SESSION['authorization'] = $responses;
} else {
// Token refresh failed - redirect to login
session_destroy();
header('location: login.php?error=session_expired');
die();
}
} else {
// No refreshkey available - redirect to login
session_destroy();
header('location: login.php?error=session_expired');
die();
}
}
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
//GET USER PERMISSION ASSIGNED //GET USER PERMISSION ASSIGNED
//+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++