- New "admin dashboard" /admin page + login, #494

- New ESI scope for admin access - New admin.log file for admin actions (kick, ban,..) - New login status for characters - improved cronJob exec time for systemData import (jump/kill data) - Added PHP 64-bit check to /setup
2017-05-27 14:09:12 +02:00
parent cc4de64673
commit 5be1d3547a
44 changed files with 1428 additions and 437 deletions
--- a/app/main/controller/controller.php
+++ b/app/main/controller/controller.php
@@ -70,8 +70,9 @@ class Controller {
     * event handler for all "views"
     * some global template variables are set in here
     * @param \Base $f3
+     * @param array $params
     */
-    function beforeroute(\Base $f3) {
+    function beforeroute(\Base $f3, $params) {
        $this->setF3($f3);

        // initiate DB connection
@@ -242,11 +243,12 @@ class Controller {
     * -> validate cookie data
     * -> validate characters
     * -> cf. Sso->requestAuthorization() ( equivalent DB based login)
+     *
     * @param array $cookieData
-     * @return array
-     * @throws \Exception
+     * @param bool $checkAuthorization
+     * @return Model\CharacterModel[]
     */
-    protected function getCookieCharacters($cookieData = []){
+    protected function getCookieCharacters($cookieData = [], $checkAuthorization = true){
        $characters = [];

        if(
@@ -268,12 +270,17 @@ class Controller {
                $data = explode(':', $value);
                if(count($data) === 2){
                    // cookie data is well formatted
-                    $characterAuth->getByForeignKey('selector', $data[0], ['limit' => 1]);
+                    $characterAuth->getByForeignKey('selector', $data[0], ['limit' => 1], 0);

-                    // validate "scope hash", "expire data" and "validate token"
+                    // validate "scope hash"
+                    // -> either "normal" scopes OR "admin" scopes
+                    // "expire data" and "validate token"
                    if( !$characterAuth->dry() ){
                        if(
-                            $characterAuth->scopeHash === $this->getRequestedScopeHash() &&
+                            (
+                                $characterAuth->scopeHash === $this->generateHashFromScopes($this->getScopesByAuthType()) ||
+                                $characterAuth->scopeHash === $this->generateHashFromScopes($this->getScopesByAuthType('admin'))
+                            ) &&
                            strtotime($characterAuth->expires) >= $currentTime->getTimestamp() &&
                            hash_equals($characterAuth->token, hash('sha256', $data[1]))
                        ){
@@ -294,10 +301,16 @@ class Controller {
                                // check if character still has user (is not the case of "ownerHash" changed
                                // check if character is still authorized to log in (e.g. corp/ally or config has changed
                                // -> do NOT remove cookie on failure. This can be a temporary problem (e.g. ESI is down,..)
-                                if(
-                                    $character->hasUserCharacter() &&
-                                    $character->isAuthorized()
-                                ){
+                                if( $character->hasUserCharacter() ){
+                                    $authStatus = $character->isAuthorized();
+
+                                    if(
+                                        $authStatus == 'OK' ||
+                                        !$checkAuthorization
+                                    ){
+                                        $character->virtual( 'authStatus', $authStatus);
+                                    }
+
                                    $characters[$name] = $character;
                                }
                            }else{
@@ -365,35 +378,6 @@ class Controller {
        return $data;
    }

-    /**
-     * checks whether a user/character is currently logged in
-     * @param \Base $f3
-     * @return bool
-     */
-    protected function checkLogTimer($f3){
-        $loginCheck = false;
-        $characterData = $this->getSessionCharacterData();
-
-        if( !empty($characterData) ){
-            // check logIn time
-            $logInTime = new \DateTime();
-            $logInTime->setTimestamp( (int)$characterData['TIME'] );
-            $now = new \DateTime();
-
-            $timeDiff = $now->diff($logInTime);
-
-            $minutes = $timeDiff->days * 60 * 24 * 60;
-            $minutes += $timeDiff->h * 60;
-            $minutes += $timeDiff->i;
-
-            if($minutes <= $f3->get('PATHFINDER.TIMER.LOGGED')){
-                $loginCheck = true;
-            }
-        }
-
-        return $loginCheck;
-    }
-
    /**
     * get current character
     * @param int $ttl
@@ -452,12 +436,32 @@ class Controller {
    }

    /**
-     * get a hash over all requested ESI scopes
-     * -> this helps to invalidate "authentication data" after scope change
+     * get scope array by a "role"
+     * @param string $authType
+     * @return array
+     */
+    protected function getScopesByAuthType($authType = ''){
+        $scopes = (array)self::getEnvironmentData('CCP_ESI_SCOPES');
+
+        switch($authType){
+            case 'admin':
+                $scopesAdmin = (array)self::getEnvironmentData('CCP_ESI_SCOPES_ADMIN');
+                $scopes = array_merge($scopes, $scopesAdmin);
+                break;
+        }
+        sort($scopes, SORT_NUMERIC);
+        return $scopes;
+    }
+
+    /**
+     * get hash from an array of ESI scopes
+     * @param array $scopes
     * @return string
     */
-    protected function getRequestedScopeHash(){
-        return md5(serialize( self::getEnvironmentData('CCP_ESI_SCOPES') ));
+    protected function generateHashFromScopes($scopes){
+        $scopes = (array)$scopes;
+        sort($scopes);
+        return md5(serialize( $scopes ));
    }

    /**