From 6b94510cdfa8d5b724cc43f4ff3e699c94a122fa Mon Sep 17 00:00:00 2001
From: Marvin Borner
Date: Sat, 12 May 2018 18:20:20 +0200
Subject: Added basic follower apis to verify access to write/encrypt chat
 messages

---
 main/app/sprinkles/admin/routes/users.php          |   4 +
 .../admin/src/Controller/UserController.php        | 155 +++++++++++++++------
 .../admin/src/Controller/WormholeController.php    |   6 +-
 .../sprinkles/core/assets/SiteAssets/js/chat.js    |   7 +-
 .../php/Chatserver/src/ChatProcessor.php           |   8 +-
 5 files changed, 129 insertions(+), 51 deletions(-)

(limited to 'main/app/sprinkles')

diff --git a/main/app/sprinkles/admin/routes/users.php b/main/app/sprinkles/admin/routes/users.php
index aec99bd..8a60d39 100644
--- a/main/app/sprinkles/admin/routes/users.php
+++ b/main/app/sprinkles/admin/routes/users.php
@@ -31,6 +31,10 @@ $app->group('/api/users', function () {
 
     $this->get('/u/{user_name}/permissions', 'UserFrosting\Sprinkle\Admin\Controller\UserController:getPermissions');
 
+    $this->get('/u/{user_name}/followers', 'UserFrosting\Sprinkle\Admin\Controller\UserController:getFollowers'); // GET USERS WHICH ARE FOLLOWING THE USER
+
+    $this->get('/u/{user_name}/follows', 'UserFrosting\Sprinkle\Admin\Controller\UserController:getFollows'); // GET USERS WHICH THE USER FOLLOWS
+
     $this->get('/u/{user_name}/publickey', 'UserFrosting\Sprinkle\Admin\Controller\UserController:getPublicKey');
 
     $this->post('', 'UserFrosting\Sprinkle\Admin\Controller\UserController:create');
diff --git a/main/app/sprinkles/admin/src/Controller/UserController.php b/main/app/sprinkles/admin/src/Controller/UserController.php
index be98f02..7ff191c 100644
--- a/main/app/sprinkles/admin/src/Controller/UserController.php
+++ b/main/app/sprinkles/admin/src/Controller/UserController.php
@@ -246,58 +246,21 @@ class UserController extends SimpleController
         $PublicKey = $request->getParsedBody()["PublicKey"];
 
         if ($this->ci->currentUser->id === $requestedUser->id && (Capsule::table('public_keys')
-                ->where('UserID', "=", $requestedUser->id)
+                ->where('user_id', "=", $requestedUser->id)
                 ->exists()) === FALSE) {
             Capsule::table('public_keys')
-                ->insert(['UserID' => $requestedUser->id, 'Key' => substr(substr($PublicKey, 100), 0,-40)]);
+                ->insert(['user_id' => $requestedUser->id, 'key' => substr(substr($PublicKey, 100), 0,-40)]);
             return $response->withStatus(200);
         } else if ($this->ci->currentUser->id === $requestedUser->id) {
             Capsule::table('public_keys')
-                ->where('UserID', $requestedUser->id)
-                ->update(['Key' => substr(substr($PublicKey, 100), 0,-40)]);
+                ->where('user_id', $requestedUser->id)
+                ->update(['key' => substr(substr($PublicKey, 100), 0,-40)]);
             return $response->withStatus(200);
         } else {
             throw new ForbiddenException();
         }
     }
 
-    /**
-     * Gets the users public key
-     * Request type: GET
-     */
-    public function getPublicKey($request, $response, $args) {
-        $requestedUser = $this->getUserFromParams($args);
-
-        if (!$requestedUser) {
-            throw new NotFoundException($request, $response);
-        }
-
-        if ((Capsule::table('public_keys')
-                ->where('UserID', "=", $requestedUser->id)
-                ->exists()) === TRUE) {
-
-            $RawPublicKey = Capsule::table('public_keys')
-                ->where('UserID', "=", $requestedUser->id)
-                ->value('Key');
-            $PublicKey = "-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: OpenPGP.js v3.0.9\nComment: https://openpgpjs.org\n\n" . $RawPublicKey . "\n-----END PGP PUBLIC KEY BLOCK-----";
-
-            $ContentType = explode(',', $request->getHeaderLine('Accept'))[0];
-            switch ($ContentType) {
-                case 'application/json':
-                    $response->write(json_encode(array('user_id' => $requestedUser->id, 'PublicKey' => $PublicKey)));
-                    break;
-                case 'text/html':
-                    $response->write("<pre>" . $PublicKey);
-                    break;
-                default:
-                    $response->write($PublicKey);
-            }
-            return $response->withStatus(200);
-        } else {
-            throw new NotFoundException();
-        }
-    }
-
     /**
      * Processes the request to delete an existing user.
      *
@@ -1030,6 +993,116 @@ class UserController extends SimpleController
         return $this->ci->view->render($response, 'pages/users.html.twig');
     }
 
+    /**
+     * Gets the users public key
+     * Request type: GET
+     */
+    public function getPublicKey($request, $response, $args) {
+        $requestedUser = $this->getUserFromParams($args);
+
+        if (!$requestedUser) {
+            throw new NotFoundException($request, $response);
+        }
+
+        if ((Capsule::table('public_keys')
+                ->where('user_id', "=", $requestedUser->id)
+                ->exists()) === TRUE) {
+
+            $RawPublicKey = Capsule::table('public_keys')
+                ->where('user_id', "=", $requestedUser->id)
+                ->value('key');
+            $PublicKey = "-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: OpenPGP.js v3.0.9\nComment: https://openpgpjs.org\n\n" . $RawPublicKey . "\n-----END PGP PUBLIC KEY BLOCK-----";
+
+            $ContentType = explode(',', $request->getHeaderLine('Accept'))[0];
+            switch ($ContentType) {
+                case 'application/json':
+                    $response->write(json_encode(array('user_id' => $requestedUser->id, 'PublicKey' => $PublicKey)));
+                    break;
+                case 'text/html':
+                    $response->write("<pre>" . $PublicKey);
+                    break;
+                default:
+                    $response->write($PublicKey);
+            }
+            return $response->withStatus(200);
+        } else {
+            throw new NotFoundException();
+        }
+    }
+
+    /**
+     * Gets the users which are following the requested user
+     * Request type: GET
+     */
+    public function getFollowers($request, $response, $args) {
+        $user = $this->getUserFromParams($args);
+
+        // If the user doesn't exist, return 404
+        if (!$user) {
+            throw new NotFoundException($request, $response);
+        }
+
+        $UsersFollowers = Capsule::table('user_follow')
+            ->where('user_id', "=", $user->id)
+            ->join("users", "users.id", "=", "user_follow.followed_by_id")
+            ->select("user_follow.followed_by_id as id", "users.user_name as username")
+            ->get();
+
+        /** @var UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
+        $authorizer = $this->ci->authorizer;
+
+        /** @var UserFrosting\Sprinkle\Account\Database\Models\User $currentUser */
+        $currentUser = $this->ci->currentUser;
+
+        // Access-controlled page
+        if (!$authorizer->checkAccess($currentUser, 'uri_user', [
+            'user' => $user
+        ])) {
+            throw new ForbiddenException();
+        }
+
+        $result = $UsersFollowers->toArray();
+
+        return $response->withJson($result, 200, JSON_PRETTY_PRINT);
+    }
+
+    /**
+     * Get users which the user follows
+     * Request type: GET
+     */
+    public function getFollows($request, $response, $args) {
+        $user = $this->getUserFromParams($args);
+
+        // If the user doesn't exist, return 404
+        if (!$user) {
+            throw new NotFoundException($request, $response);
+        }
+
+        $UsersFollowers = Capsule::table('user_follow')
+            ->where('followed_by_id', "=", $user->id)
+            ->join("users", "users.id", "=", "user_follow.user_id")
+            ->select("user_follow.user_id as id", "users.user_name as username")
+            ->get();
+
+        /** @var UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
+        $authorizer = $this->ci->authorizer;
+
+        /** @var UserFrosting\Sprinkle\Account\Database\Models\User $currentUser */
+        $currentUser = $this->ci->currentUser;
+
+        // Access-controlled page
+        if (!$authorizer->checkAccess($currentUser, 'uri_user', [
+            'user' => $user
+        ])) {
+            throw new ForbiddenException();
+        }
+
+        $result = $UsersFollowers->toArray();
+
+        return $response->withJson($result, 200, JSON_PRETTY_PRINT);
+    }
+
+
     /**
      * Processes the request to update an existing user's basic details (first_name, last_name, email, locale, group_id)
      *
diff --git a/main/app/sprinkles/admin/src/Controller/WormholeController.php b/main/app/sprinkles/admin/src/Controller/WormholeController.php
index d70fbbc..ecefe33 100644
--- a/main/app/sprinkles/admin/src/Controller/WormholeController.php
+++ b/main/app/sprinkles/admin/src/Controller/WormholeController.php
@@ -70,12 +70,12 @@ class WormholeController extends SimpleController
             $classMapper = $this->ci->classMapper;
             $user = $classMapper->createInstance('user')
                 ->where('user_name', $user->user_name)
-                ->joinLastActivity()
-                ->with('lastActivity', 'group')
+                ->join("user_follow", "users.id", "=", "user_follow.user_id")
+                ->select("*")
                 ->first();
 
             $result = $user->toArray();
-            $result["avatar"] = $user->avatar;
+            //$result["avatar"] = $user->avatar;
             return $response->withJson($result, 200, JSON_PRETTY_PRINT);
         }
     }
diff --git a/main/app/sprinkles/core/assets/SiteAssets/js/chat.js b/main/app/sprinkles/core/assets/SiteAssets/js/chat.js
index 76e34db..fc3be10 100644
--- a/main/app/sprinkles/core/assets/SiteAssets/js/chat.js
+++ b/main/app/sprinkles/core/assets/SiteAssets/js/chat.js
@@ -67,7 +67,7 @@ function InitializeChatServer() {
                     dataType: "json",
                     success: function (response) {
                         PublicKey[ReceiversUsername] = response.PublicKey;
-                        console.log("%c[ENCRYPTION LOGGER] Publickey of " + ReceiversUsername + ": " + PublicKey[ReceiversUsername].substr(96).slice(0, -35), "color: #20c20e; background-color: black;")
+                        console.log("%c[ENCRYPTION LOGGER]\nPublickey of " + ReceiversUsername + ": \n\n" + PublicKey[ReceiversUsername].substr(96).slice(0, -35), "font-family: monospace; white-space: pre; display: inline-block; border-radius: 10px; padding: 5px; color: #20c20e; background-color: black;")
                     }
                 });
             }
@@ -81,6 +81,7 @@ function InitializeChatServer() {
                     privateKeys: [privKeyObj]
                 };
                 openpgp.decrypt(options).then(function(plaintext) {
+                    plaintext ? console.log("%c[ENCRYPTION LOGGER] Decrypting succeeded!", "font-family: monospace; white-space: pre; display: inline-block; border-radius: 10px; padding: 2px; color: #20c20e; background-color: black;") : console.log("%c[ENCRYPTION LOGGER] Decrypting failed!", "font-family: monospace; white-space: pre; display: inline-block; border-radius: 10px; padding: 2px; color: red; background-color: black;");
                     DecryptedMessage = plaintext.data;
                     if (WasHimself === true) { // -> MESSAGE WAS FROM HIMSELF -> Don't write to chat, as its done directly (on enter function at the bottom, for performance)
                         console.log("%c[CHATSOCKET LOGGER] Message sending succeeded!", "color: darkorange");
@@ -245,7 +246,7 @@ function InitializeChatServer() {
                 };
                 openpgp.encrypt(options).then(function (Encrypted) {
                     EncryptedMessage = Encrypted.data.substr(91).slice(0,-29); // SLICING FOR DATABASE SAVING (LESS DATA)
-                    console.log("%c[ENCRYPTION LOGGER] Encrypted message for sender: " + EncryptedMessage, "color: #20c20e; background-color: black;");
+                    console.log("%c[ENCRYPTION LOGGER]\nEncrypted message for sender: \n\n" + EncryptedMessage, "font-family: monospace; white-space: pre; display: inline-block; border-radius: 10px; padding: 5px; color: #20c20e; background-color: black;");
 
                     ChatSocket.send(JSON.stringify({
                         ClientMessageType: "ChatMessage",
@@ -265,7 +266,7 @@ function InitializeChatServer() {
                 };
                 openpgp.encrypt(options).then(function (Encrypted) {
                     EncryptedMessage = Encrypted.data.substr(91).slice(0,-29); // SLICING FOR DATABASE SAVING (LESS DATA)
-                    console.log("%c[ENCRYPTION LOGGER] Encrypted message for receiver: " + EncryptedMessage, "color: #20c20e; background-color: black;");
+                    console.log("%c[ENCRYPTION LOGGER]\nEncrypted message for receiver: \n\n" + EncryptedMessage, "font-family: monospace; white-space: pre; display: inline-block; border-radius: 10px; padding: 5px; color: #20c20e; background-color: black;");
 
                     ChatSocket.send(JSON.stringify({
                         ClientMessageType: "ChatMessage",
diff --git a/main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php b/main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php
index 1553468..41ce564 100644
--- a/main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php
+++ b/main/app/sprinkles/core/assets/SiteAssets/php/Chatserver/src/ChatProcessor.php
@@ -89,7 +89,7 @@ class ChatProcessor implements MessageComponentInterface
                                 $MessageObject->GroupName = $channel;
                                 $MessageObject->Receiver = $this->userInfo[array_flip($this->channels)[$this->channels[$conn->resourceId]]]->user_name;
                                 $MessageObject->Username = $this->userInfo[$conn->resourceId]->user_name;
-                                $MessageObject->Fullname = $this->userInfo[$conn->resourceId]->first_name . " " . $this->userInfo[$conn->resourceId]->last_name;
+                                $MessageObject->Fullname = $this->userInfo[$conn->resourceId]->full_name;
                                 $MessageObject->Avatar = $this->userInfo[$conn->resourceId]->avatar;
                                 if ($id === $conn->resourceId) {
                                     $MessageObject->WasHimself = TRUE;
@@ -111,7 +111,7 @@ class ChatProcessor implements MessageComponentInterface
                                 $MessageObject->GroupName = $channel;
                                 $MessageObject->Receiver = $this->userInfo[array_flip($this->channels)[$target]]->user_name;
                                 $MessageObject->Username = $this->userInfo[$conn->resourceId]->user_name;
-                                $MessageObject->Fullname = $this->userInfo[$conn->resourceId]->first_name . " " . $this->userInfo[$conn->resourceId]->last_name;
+                                $MessageObject->Fullname = $this->userInfo[$conn->resourceId]->full_name;
                                 $MessageObject->Avatar = $this->userInfo[$conn->resourceId]->avatar;
                                 $MessageObject->Message = htmlspecialchars($data->Message);
                                 if ($id === $conn->resourceId) {
@@ -143,7 +143,7 @@ class ChatProcessor implements MessageComponentInterface
                                 $MessageObject->GroupName = $channel;
                                 $MessageObject->Receiver = $this->userInfo[array_flip($this->channels)[$this->channels[$conn->resourceId]]]->user_name;
                                 $MessageObject->Username = $this->userInfo[$conn->resourceId]->user_name;
-                                $MessageObject->Fullname = $this->userInfo[$conn->resourceId]->first_name . " " . $this->userInfo[$conn->resourceId]->last_name;
+                                $MessageObject->Fullname = $this->userInfo[$conn->resourceId]->full_name;
                                 $MessageObject->Avatar = $this->userInfo[$conn->resourceId]->avatar;
                                 $MessageObject->State = $data->State;
                                 if ($id === $conn->resourceId) {
@@ -172,7 +172,7 @@ class ChatProcessor implements MessageComponentInterface
                         $MessageObject->ServerMessage = TRUE;
                         $MessageObject->ServerMessageType = "UserDisconnect";
                         $MessageObject->Username = $this->userInfo[$conn->resourceId]->user_name;
-                        $MessageObject->Fullname = $this->userInfo[$conn->resourceId]->first_name . " " . $this->userInfo[$conn->resourceId]->last_name;
+                        $MessageObject->Fullname = $this->userInfo[$conn->resourceId]->full_name;
                         $MessageObject->Avatar = $this->userInfo[$conn->resourceId]->avatar;
                         $MessageJson = json_encode($MessageObject, TRUE);
                         $this->users[$id]->send($MessageJson);
-- 
cgit v1.2.3