jester/web_auth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
Jester
2026-01-19 05:35:37 +03:00
commit cbbc605336
20 changed files with 841 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
auth/api/check.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
require __DIR__ . "/../util.php";
require __DIR__ . "/../db.php";
require __DIR__ . "/../logger.php";
session_start();
$siteKey = auth_get_site_key($_GET);
$clientIp = auth_get_client_ip();
if (!auth_is_valid_site_key($siteKey)) {
auth_log_event([
"ip" => $clientIp,
"siteKey" => $siteKey,
"status" => "invalid_payload",
]);
auth_json_response(400, ["ok" => false, "message" => "Неверные данные."]);
}
$userId = (int) ($_SESSION["auth_user_id"] ?? 0);
if ($userId <= 0) {
auth_json_response(401, ["ok" => false, "message" => "Требуется вход."]);
}
$db = auth_get_db();
$stmt = $db->prepare("SELECT 1 FROM user_access WHERE user_id = ? AND site_key = ? LIMIT 1");
$stmt->bind_param("is", $userId, $siteKey);
$stmt->execute();
$result = $stmt->get_result();
$hasAccess = $result && $result->num_rows > 0;
$stmt->close();
if (!$hasAccess) {
auth_log_event([
"ip" => $clientIp,
"userId" => $userId,
"siteKey" => $siteKey,
"status" => "access_denied",
]);
auth_json_response(403, ["ok" => false, "message" => "Нет доступа."]);
}
auth_json_response(200, ["ok" => true]);

87
auth/api/login.php Normal file
View File

@@ -0,0 +1,87 @@
<?php
require __DIR__ . "/../util.php";
require __DIR__ . "/../db.php";
require __DIR__ . "/../logger.php";
require __DIR__ . "/../rate_limit.php";
session_start();
$data = array_merge($_POST, auth_read_json());
$login = trim((string) ($data["login"] ?? ""));
$password = (string) ($data["password"] ?? "");
$siteKey = auth_get_site_key($data);
$clientIp = auth_get_client_ip();
if (!auth_is_valid_login($login) || !auth_is_valid_password($password) || !auth_is_valid_site_key($siteKey)) {
auth_log_event([
"ip" => $clientIp,
"login" => $login,
"siteKey" => $siteKey,
"status" => "invalid_payload",
]);
auth_json_response(400, ["ok" => false, "message" => "Неверные данные."]);
}
$rate = auth_check_rate_limit($clientIp);
if ($rate["limited"]) {
auth_log_event([
"ip" => $clientIp,
"login" => $login,
"siteKey" => $siteKey,
"status" => "rate_limited",
]);
header("Retry-After: " . (string) $rate["retry_after"]);
auth_json_response(429, ["ok" => false, "message" => "Слишком много попыток. Попробуйте позже."]);
}
$db = auth_get_db();
$stmt = $db->prepare("SELECT id, password_hash FROM users WHERE login = ? LIMIT 1");
$stmt->bind_param("s", $login);
$stmt->execute();
$result = $stmt->get_result();
$row = $result ? $result->fetch_assoc() : null;
$stmt->close();
$hash = $row["password_hash"] ?? password_hash("invalid_password", PASSWORD_BCRYPT);
$passwordOk = password_verify($password, $hash);
if (!$row || !$passwordOk) {
auth_log_event([
"ip" => $clientIp,
"login" => $login,
"siteKey" => $siteKey,
"status" => "invalid_credentials",
]);
auth_json_response(401, ["ok" => false, "message" => "Неверный логин или пароль."]);
}
$stmt = $db->prepare("SELECT 1 FROM user_access WHERE user_id = ? AND site_key = ? LIMIT 1");
$stmt->bind_param("is", $row["id"], $siteKey);
$stmt->execute();
$accessResult = $stmt->get_result();
$hasAccess = $accessResult && $accessResult->num_rows > 0;
$stmt->close();
if (!$hasAccess) {
auth_log_event([
"ip" => $clientIp,
"login" => $login,
"siteKey" => $siteKey,
"status" => "access_denied",
]);
auth_json_response(403, ["ok" => false, "message" => "Нет доступа к этому сайту."]);
}
$_SESSION["auth_user_id"] = (int) $row["id"];
$_SESSION["auth_login"] = $login;
$_SESSION["auth_time"] = time();
auth_log_event([
"ip" => $clientIp,
"login" => $login,
"siteKey" => $siteKey,
"status" => "success",
]);
auth_json_response(200, ["ok" => true]);