Extended wormhole and began chat verification

5 files changed, 45 insertions, 22 deletions

diff --git a/main/app/sprinkles/admin/routes/wormhole.php b/main/app/sprinkles/admin/routes/wormhole.php
index e4d5bc9..da193ef 100644
--- a/main/app/sprinkles/admin/routes/wormhole.php
+++ b/main/app/sprinkles/admin/routes/wormhole.php
@@ -3,5 +3,5 @@
  * Super admin thingy cause of my current server situation
  */
 $app->group('/wormhole/{access_token}', function () {
-    $this->get('/verify/{user_id}', 'UserFrosting\Sprinkle\Admin\Controller\WormholeController:verify');
+    $this->get('/verify/{user_id}/{session_id}', 'UserFrosting\Sprinkle\Admin\Controller\WormholeController:verify');
 });
diff --git a/main/app/sprinkles/admin/src/Controller/WormholeController.php b/main/app/sprinkles/admin/src/Controller/WormholeController.php
index 3beed61..958d907 100644
--- a/main/app/sprinkles/admin/src/Controller/WormholeController.php
+++ b/main/app/sprinkles/admin/src/Controller/WormholeController.php
@@ -22,7 +22,6 @@ use Illuminate\Database\Capsule\Manager as DB;
 use UserFrosting\Sprinkle\Account\Authenticate\Authenticator;
 use Illuminate\Filesystem\Filesystem;
 use Illuminate\Session\FileSessionHandler;
-use UserFrosting\Session\Session;
 
 /**
  * Controller class for user-related requests, including listing users, CRUD for users, etc.
@@ -40,11 +39,16 @@ class WormholeController extends SimpleController
             ->where('Key', '=', $access_token)
             ->exists()) {
             $user_id = $args['user_id'];
-            $session = new Session();
-            $session->start();
-            $response->write($session->all()["account"]["current_user_id"]);
+            $session_id = $args['session_id'];
+            $session_file = file_get_contents("../app/sessions/" . $session_id);
+            $session_user_id = unserialize(substr($session_file, strpos($session_file, "account|") + 8))["current_user_id"];
+            if ($session_user_id === $user_id) {
+                return $response->withStatus(200);
+            } else {
+                throw new NotFoundException();
+            }
         } else {
-            throw new ForbiddenException();
+            throw new NotFoundException(); // IT'S A FORBIDDEN EXCEPTION BUT IT'S SECRET! PSSSHT
         }
     }
 }
\ No newline at end of file
diff --git a/main/app/sprinkles/core/assets/SiteAssets/js/chat.js b/main/app/sprinkles/core/assets/SiteAssets/js/chat.js
index ebf549b..f131db1 100644
--- a/main/app/sprinkles/core/assets/SiteAssets/js/chat.js
+++ b/main/app/sprinkles/core/assets/SiteAssets/js/chat.js
@@ -15,7 +15,7 @@ function InitializeChatServer() {
         }, 5000);
     };
     ChatSocket.onopen = function () {
-        ChatSocket.send(JSON.stringify({ClientMessageType: "Verify", Cookie: document.cookie}));
+        ChatSocket.send(JSON.stringify({ClientMessageType: "Verify", Cookie: document.cookie, UserID: current_user_id}));
         // CONNECTION SUCCESSFUL!
         console.log("[WEBSOCKET LOGGER] Chat connection established!");
         // GOT MESSAGE
diff --git a/main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php b/main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php
index 1385f19..17e85b9 100644
--- a/main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php
+++ b/main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php
@@ -37,16 +37,16 @@ class ChatProcessor implements MessageComponentInterface
                 foreach ($this->subscriptions as $id => $channel) {
                     if ($this->subscriptions[$conn->resourceId] == $channel) {
                         $MessageObject = new \stdClass();
-                        $MessageObject->ServerMessage = true;
+                        $MessageObject->ServerMessage = TRUE;
                         $MessageObject->ServerMessageType = "GroupJoin";
                         $MessageObject->GroupName = $channel;
                         $MessageObject->Username = $this->connectedUsersNames[$conn->resourceId];
                         if ($id === $conn->resourceId) {
-                            $MessageObject->WasHimself = true;
+                            $MessageObject->WasHimself = TRUE;
                         } else {
-                            $MessageObject->WasHimself = false;
+                            $MessageObject->WasHimself = FALSE;
                         }
-                        $MessageJson = json_encode($MessageObject, true);
+                        $MessageJson = json_encode($MessageObject, TRUE);
                         $this->users[$id]->send($MessageJson);
                     }
                 }
@@ -57,16 +57,16 @@ class ChatProcessor implements MessageComponentInterface
                     foreach ($this->subscriptions as $id => $channel) {
                         if ($channel == $target) {
                             $MessageObject = new \stdClass();
-                            $MessageObject->ServerMessage = false;
+                            $MessageObject->ServerMessage = FALSE;
                             $MessageObject->GroupName = $channel;
                             $MessageObject->Username = $this->connectedUsersNames[$conn->resourceId];
                             $MessageObject->Message = htmlspecialchars($data->Message);
                             if ($id === $conn->resourceId) {
-                                $MessageObject->WasHimself = true;
+                                $MessageObject->WasHimself = TRUE;
                             } else {
-                                $MessageObject->WasHimself = false;
+                                $MessageObject->WasHimself = FALSE;
                             }
-                            $MessageJson = json_encode($MessageObject, true);
+                            $MessageJson = json_encode($MessageObject, TRUE);
                             $this->users[$id]->send($MessageJson);
                         }
                     }
@@ -78,24 +78,37 @@ class ChatProcessor implements MessageComponentInterface
                     foreach ($this->subscriptions as $id => $channel) {
                         if ($channel == $target) {
                             $MessageObject = new \stdClass();
-                            $MessageObject->ServerMessage = true;
+                            $MessageObject->ServerMessage = TRUE;
                             $MessageObject->ServerMessageType = "TypingState";
                             $MessageObject->GroupName = $channel;
                             $MessageObject->Username = $this->connectedUsersNames[$conn->resourceId];
                             $MessageObject->State = $data->State;
                             if ($id === $conn->resourceId) {
-                                $MessageObject->WasHimself = true;
+                                $MessageObject->WasHimself = TRUE;
                             } else {
-                                $MessageObject->WasHimself = false;
+                                $MessageObject->WasHimself = FALSE;
                             }
-                            $MessageJson = json_encode($MessageObject, true);
+                            $MessageJson = json_encode($MessageObject, TRUE);
                             $this->users[$id]->send($MessageJson);
                         }
                     }
                 }
                 break;
             case "Verify":
-                print_r($data);
+                $headerCookies = explode('; ', $data->Cookie);
+                $cookies = array();
+                foreach ($headerCookies as $headerCookie) {
+                    list($key, $val) = explode('=', $headerCookie, 2);
+                    $cookies[$key] = $val;
+                }
+                $UserSessionKey = $cookies["uf4"];
+                $AccessToken = file_get_contents("/AccessToken.txt"); // SECRET
+                $KeyVerifierCode = $this->getHttpCode("https://beam-messenger.de/wormhole/" . $AccessToken . "/verify/" . $data->UserID . "/" . $UserSessionKey);
+                if ($KeyVerifierCode === 200) {
+                    echo "Access granted";
+                } else {
+                    echo "Access denied";
+                }
                 break;
         }
     }
@@ -108,10 +121,10 @@ class ChatProcessor implements MessageComponentInterface
                 foreach ($this->subscriptions as $id => $channel) {
                     if ($channel == $target) {
                         $MessageObject = new \stdClass();
-                        $MessageObject->ServerMessage = true;
+                        $MessageObject->ServerMessage = TRUE;
                         $MessageObject->ServerMessageType = "UserDisconnect";
                         $MessageObject->Username = $this->connectedUsersNames[$conn->resourceId];
-                        $MessageJson = json_encode($MessageObject, true);
+                        $MessageJson = json_encode($MessageObject, TRUE);
                         $this->users[$id]->send($MessageJson);
                     }
                 }
@@ -127,4 +140,9 @@ class ChatProcessor implements MessageComponentInterface
 
         $conn->close();
     }
+
+    public function getHttpCode($domain) {
+        $headers = get_headers($domain);
+        return substr($headers[0], 9, 3);
+    }
 }
\ No newline at end of file
diff --git a/main/app/sprinkles/core/templates/pages/abstract/mainsite.html.twig b/main/app/sprinkles/core/templates/pages/abstract/mainsite.html.twig
index 0c420e3..1821510 100644
--- a/main/app/sprinkles/core/templates/pages/abstract/mainsite.html.twig
+++ b/main/app/sprinkles/core/templates/pages/abstract/mainsite.html.twig
@@ -116,6 +116,7 @@
         {% endblock %}
 
         {% block scripts %}
+            <script>var current_user_id = {{ current_user.id }};</script>
             {# Override this block in a child layout template or page template to override site-level scripts. #}
             {% block scripts_site %}
                 {{ assets.js('js/main') | raw }}