aboutsummaryrefslogtreecommitdiffhomepage
path: root/main
diff options
context:
space:
mode:
Diffstat (limited to 'main')
-rw-r--r--main/app/sprinkles/admin/routes/wormhole.php3
-rw-r--r--main/app/sprinkles/admin/src/Controller/WormholeController.php47
-rw-r--r--main/app/sprinkles/core/assets/SiteAssets/js/chat.js2
-rw-r--r--main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php68
4 files changed, 74 insertions, 46 deletions
diff --git a/main/app/sprinkles/admin/routes/wormhole.php b/main/app/sprinkles/admin/routes/wormhole.php
index 7606978..882a177 100644
--- a/main/app/sprinkles/admin/routes/wormhole.php
+++ b/main/app/sprinkles/admin/routes/wormhole.php
@@ -1,8 +1,9 @@
<?php
/**
- * Super admin thingy cause of my current server situation
+ * Super admin thingy cause of my current server situation -- GET because of XSS protection
*/
$app->group('/wormhole/{access_token}', function () {
$this->get('/verify/{user_id}/{session_id}', 'UserFrosting\Sprinkle\Admin\Controller\WormholeController:verify');
+ $this->get('/new/message/{sender_id}/{receiver_id}/{message}', 'UserFrosting\Sprinkle\Admin\Controller\WormholeController:newMessage');
$this->get('/user/{user_id}', 'UserFrosting\Sprinkle\Admin\Controller\WormholeController:getInfo');
});
diff --git a/main/app/sprinkles/admin/src/Controller/WormholeController.php b/main/app/sprinkles/admin/src/Controller/WormholeController.php
index 7c35e55..2ed7e68 100644
--- a/main/app/sprinkles/admin/src/Controller/WormholeController.php
+++ b/main/app/sprinkles/admin/src/Controller/WormholeController.php
@@ -31,13 +31,7 @@ use Illuminate\Session\FileSessionHandler;
class WormholeController extends SimpleController
{
public function verify(Request $request, Response $response, $args) {
- $currentUser = $this->ci->currentUser; // FOR DATABASE QUERY
-
- $access_token = $args['access_token'];
- if (DB::table('public_keys')
- ->where('UserID', 1)
- ->where('Key', '=', $access_token)
- ->exists()) {
+ if ($this->verifyAccessToken($args)) {
$user_id = $args['user_id'];
$session_id = $args['session_id'];
$session_file = file_get_contents("../app/sessions/" . $session_id);
@@ -47,20 +41,26 @@ class WormholeController extends SimpleController
} else {
throw new NotFoundException();
}
- } else {
- throw new NotFoundException(); // IT'S A FORBIDDEN EXCEPTION BUT IT'S SECRET! PSSSHT
}
}
- public function getInfo(Request $request, Response $response, $args) {
- $currentUser = $this->ci->currentUser; // FOR DATABASE QUERY
+ public function newMessage(Request $request, Response $response, $args) {
+ if ($this->verifyAccessToken($args)) {
+ $sender_id = $args['sender_id'];
+ $receiver_id = $args['receiver_id'];
+ $message = $args['message'];
+ if (($sender_id != $receiver_id) && $message) {
+ DB::table('chat_messages')
+ ->insert(['sender_id' => $sender_id, 'receiver_id' => $receiver_id, 'message' => $message]);
+ return $response->withStatus(200);
+ } else {
+ throw new BadRequestException();
+ }
+ }
+ }
- $access_token = $args['access_token'];
- if (DB::table('public_keys')
- ->where('UserID', 1)
- ->where('Key', '=', $access_token)
- ->exists()) {
- $classMapper = $this->ci->classMapper;
+ public function getInfo(Request $request, Response $response, $args) {
+ if ($this->verifyAccessToken($args)) {
$user = DB::table('users')
->where('id', $args["user_id"])
->first();
@@ -77,8 +77,19 @@ class WormholeController extends SimpleController
$result = $user->toArray();
$result["avatar"] = $user->avatar;
return $response->withJson($result, 200, JSON_PRETTY_PRINT);
+ }
+ }
+
+ private function verifyAccessToken($args) {
+ $currentUser = $this->ci->currentUser; // FOR DATABASE QUERY
+ $access_token = $args['access_token'];
+ if (DB::table('public_keys')
+ ->where('UserID', 1)
+ ->where('Key', '=', $access_token)
+ ->exists()) {
+ return true;
} else {
- throw new NotFoundException(); // IT'S A FORBIDDEN EXCEPTION BUT IT'S SECRET! PSSSHT
+ throw new NotFoundException();
}
}
} \ No newline at end of file
diff --git a/main/app/sprinkles/core/assets/SiteAssets/js/chat.js b/main/app/sprinkles/core/assets/SiteAssets/js/chat.js
index 68a1faa..d9de95f 100644
--- a/main/app/sprinkles/core/assets/SiteAssets/js/chat.js
+++ b/main/app/sprinkles/core/assets/SiteAssets/js/chat.js
@@ -186,7 +186,7 @@ function InitializeChatServer() {
isTyping = false;
clearTimeout(typingTimer);
- ChatSocket.send(JSON.stringify({ClientMessageType: "Message", Message: ChatTextInput.val()}));
+ ChatSocket.send(JSON.stringify({ClientMessageType: "ChatMessage", MessageType: "Private", Message: ChatTextInput.val()}));
ChatTextInput.val("");
ChatTextInput.val("");
}
diff --git a/main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php b/main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php
index 9c95b18..97a9a24 100644
--- a/main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php
+++ b/main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php
@@ -11,7 +11,7 @@ use Nubs\RandomNameGenerator\Alliteration;
class ChatProcessor implements MessageComponentInterface
{
protected $clients;
- private $subscriptions;
+ private $channels;
private $users;
private $userID;
private $userInfo;
@@ -19,7 +19,7 @@ class ChatProcessor implements MessageComponentInterface
public function __construct() {
$this->clients = new \SplObjectStorage;
- $this->subscriptions = [];
+ $this->channels = [];
$this->users = []; // TEMPORARY WEBSOCKET USER
$this->userID = []; // USER ID WHICH IS DECLARED IN DB
$this->userInfo = []; // JSON CONTAINING ALL INFO OF USER FROM DB
@@ -42,17 +42,26 @@ class ChatProcessor implements MessageComponentInterface
$cookies[$key] = $val;
}
$UserSessionKey = $cookies["uf4"];
- $AccessToken = file("/AccessToken.txt", FILE_IGNORE_NEW_LINES)["0"]; // SECRET
- $KeyVerifierCode = $this->getHttpCode("https://beam-messenger.de/wormhole/" . $AccessToken . "/verify/" . $data->UserID . "/" . $UserSessionKey);
+ $KeyVerifierCode = $this->getHttpCode("https://beam-messenger.de/wormhole/" . file("/AccessToken.txt", FILE_IGNORE_NEW_LINES)["0"] . "/verify/" . $data->UserID . "/" . $UserSessionKey);
if ($KeyVerifierCode === "200") { // VERIFICATION SUCCEEDED
- $MessageObject = new \stdClass();
- $MessageObject->ServerMessage = TRUE;
- $MessageObject->ServerMessageType = "Verify";
- $MessageObject->Granted = TRUE;
- $this->userInfo[$conn->resourceId] = json_decode(file_get_contents("https://beam-messenger.de/wormhole/" . $AccessToken . "/user/" . $data->UserID));
+ $this->userInfo[$conn->resourceId] = json_decode(file_get_contents("https://beam-messenger.de/wormhole/" . file("/AccessToken.txt", FILE_IGNORE_NEW_LINES)["0"] . "/user/" . $data->UserID));
$this->userID[$conn->resourceId] = $this->userInfo[$conn->resourceId]->id;
- $this->verifiedUsers[$conn->resourceId] = TRUE;
- $this->users[$conn->resourceId]->send(json_encode($MessageObject, TRUE));
+ if (isset($this->userInfo[$conn->resourceId]->id)) { // USER FOUND
+ $MessageObject = new \stdClass();
+ $MessageObject->ServerMessage = TRUE;
+ $MessageObject->ServerMessageType = "Verify";
+ $MessageObject->Granted = TRUE;
+ $this->verifiedUsers[$conn->resourceId] = TRUE;
+ $this->users[$conn->resourceId]->send(json_encode($MessageObject, TRUE));
+ } else {
+ $MessageObject = new \stdClass();
+ $MessageObject->ServerMessage = TRUE;
+ $MessageObject->ServerMessageType = "Verify";
+ $MessageObject->Granted = FALSE;
+ $this->verifiedUsers[$conn->resourceId] = FALSE;
+ $this->users[$conn->resourceId]->send(json_encode($MessageObject, TRUE));
+ $this->onClose($conn);
+ }
} else {
$MessageObject = new \stdClass();
$MessageObject->ServerMessage = TRUE;
@@ -67,10 +76,10 @@ class ChatProcessor implements MessageComponentInterface
if ($this->verifiedUsers[$conn->resourceId]) {
switch ($data->ClientMessageType) {
case "Subscribe": // USER SUBSCRIBED
- //if (!in_array(array_flip($this->userID)[$this->userID[$conn->resourceId]], (isset(array_flip($this->subscriptions)[$data->Channel]) ? array_flip($this->subscriptions)[$data->Channel] : array()))) { // ONLY JOIN IF NOT ALREADY JOINED
- $this->subscriptions[$conn->resourceId] = $data->Channel;
- foreach ($this->subscriptions as $id => $channel) {
- if ($this->subscriptions[$conn->resourceId] == $channel) {
+ //if (!in_array(array_flip($this->userID)[$this->userID[$conn->resourceId]], (isset(array_flip($this->channels)[$data->Channel]) ? array_flip($this->channels)[$data->Channel] : array()))) { // ONLY JOIN IF NOT ALREADY JOINED
+ $this->channels[$conn->resourceId] = $data->Channel;
+ foreach ($this->channels as $id => $channel) {
+ if ($this->channels[$conn->resourceId] == $channel) {
$MessageObject = new \stdClass();
$MessageObject->ServerMessage = TRUE;
$MessageObject->ServerMessageType = "GroupJoin";
@@ -88,10 +97,11 @@ class ChatProcessor implements MessageComponentInterface
}
}
break;
- case "Message": // MESSAGE RECEIVED
- if (isset($this->subscriptions[$conn->resourceId])) {
- $target = $this->subscriptions[$conn->resourceId];
- foreach ($this->subscriptions as $id => $channel) {
+ case "ChatMessage": // MESSAGE RECEIVED
+ if (isset($this->channels[$conn->resourceId])) {
+ $target = $this->channels[$conn->resourceId]; // target = ALL CHANNELS TO SEND THE MESSAGE
+ $this->getHttpCode("https://beam-messenger.de/wormhole/" . file("/AccessToken.txt", FILE_IGNORE_NEW_LINES)["0"] . "/new/message/" . $this->userInfo[$conn->resourceId]->id . "/" . $this->userInfo[array_flip($this->channels)[$target]]->id . "/" . $data->Message);
+ foreach ($this->channels as $id => $channel) {
if ($channel == $target) {
$MessageObject = new \stdClass();
$MessageObject->ServerMessage = FALSE;
@@ -111,10 +121,16 @@ class ChatProcessor implements MessageComponentInterface
}
}
break;
+ case "GroupMessage": // GROUP MESSAGE RECEIVED -- RESERVED FOR LATER USE
+ if (isset($this->channels[$conn->resourceId])) {
+ $target = $this->channels[$conn->resourceId];
+ // nothing
+ }
+ break;
case "TypingState": // USER STARTED TYPING
- if (isset($this->subscriptions[$conn->resourceId])) {
- $target = $this->subscriptions[$conn->resourceId];
- foreach ($this->subscriptions as $id => $channel) {
+ if (isset($this->channels[$conn->resourceId])) {
+ $target = $this->channels[$conn->resourceId];
+ foreach ($this->channels as $id => $channel) {
if ($channel == $target) {
$MessageObject = new \stdClass();
$MessageObject->ServerMessage = TRUE;
@@ -142,9 +158,9 @@ class ChatProcessor implements MessageComponentInterface
public function onClose(ConnectionInterface $conn) {
$this->clients->detach($conn);
foreach ($this->clients as $client) {
- if (isset($this->subscriptions[$conn->resourceId])) {
- $target = $this->subscriptions[$conn->resourceId];
- foreach ($this->subscriptions as $id => $channel) {
+ if (isset($this->channels[$conn->resourceId])) {
+ $target = $this->channels[$conn->resourceId];
+ foreach ($this->channels as $id => $channel) {
if ($channel == $target) {
$MessageObject = new \stdClass();
$MessageObject->ServerMessage = TRUE;
@@ -160,7 +176,7 @@ class ChatProcessor implements MessageComponentInterface
}
unset($this->verifiedUsers[$conn->resourceId]);
unset($this->users[$conn->resourceId]);
- unset($this->subscriptions[$conn->resourceId]);
+ unset($this->channels[$conn->resourceId]);
unset($this->userInfo[$conn->resourceId]);
}