admin/conmed-authserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
97bb196b2964bb6e182cf83e84f1fcaea4d51526
conmed-authserver/local/modules/conmed.authserver/lib/authtokentrait.php
Bitrix user 97bb196b29 Initial commit: Auth Server Base
2026-03-06 19:26:11 +03:00

58 lines
3.3 KiB
PHP
Raw Blame History

<?php
namespace Conmed\Authserver;
use Bitrix\Main\Config\Option;
use Bitrix\Main\Context;
use Bitrix\Main\Type\DateTime;
use Bitrix\Highloadblock\HighloadBlockTable;
use Bitrix\Main\Loader;
trait AuthTokenTrait {
public static function authorizeAction() {
global $USER; $req = Context::getCurrent()->getRequest();
$cid = $req->get("client_id"); $uri = $req->get("redirect_uri");
if(!self::checkClient($cid, false, $uri)) die("Access Denied");
if(!$USER->IsAuthorized()) { LocalRedirect("/auth/?backurl=".urlencode(Context::getCurrent()->getServer()->getRequestUri())); die(); }
$code = bin2hex(random_bytes(16));
$dc = self::getHlEntity('sso_codes');
$dc::add(['UF_CODE'=>$code, 'UF_CLIENT_ID'=>$cid, 'UF_USER_ID'=>$USER->GetID(), 'UF_EXPIRES'=>DateTime::createFromTimestamp(time()+60)]);
$url = $uri . (strpos($uri, '?') === false ? '?' : '&') . 'code=' . $code . '&authservice=conmedauth';
if($req->get("state")) $url .= '&state=' . urlencode($req->get("state"));
LocalRedirect($url);
}
public static function tokenAction() {
header('Content-Type: application/json');
$req = Context::getCurrent()->getRequest(); $cid = $req->get("client_id");
if(!self::checkClient($cid, $req->get("client_secret"))) { self::registerAttempt(); die(json_encode(['error'=>'forbidden'])); }
$dc = self::getHlEntity('sso_codes');
if($c = $dc::getList(['filter'=>['=UF_CODE'=>$req->get("code"),'=UF_CLIENT_ID'=>$cid,'>UF_EXPIRES'=>DateTime::createFromTimestamp(time())]])->fetch()) {
$dc::delete($c['ID']);
$acc = bin2hex(random_bytes(32)); $ref = bin2hex(random_bytes(32));
$dt = self::getHlEntity('sso_tokens');
$dt::add(['UF_TOKEN'=>$acc,'UF_REFRESH_TOKEN'=>$ref,'UF_USER_ID'=>$c['UF_USER_ID'],'UF_CLIENT_ID'=>$cid,'UF_EXPIRES'=>DateTime::createFromTimestamp(time()+3600),'UF_REFRESH_EXPIRES'=>DateTime::createFromTimestamp(time()+2592000)]);
echo json_encode(['access_token'=>$acc, 'refresh_token'=>$ref]);
} else { self::registerAttempt(); echo json_encode(['error'=>'invalid_code']); }
}
public static function refreshAction() {
header('Content-Type: application/json');
$req = Context::getCurrent()->getRequest(); $cid = $req->get("client_id");
if(!self::checkClient($cid, $req->get("client_secret"))) die(json_encode(['error'=>'forbidden']));
$dt = self::getHlEntity('sso_tokens');
if($t = $dt::getList(['filter'=>['=UF_REFRESH_TOKEN'=>$req->get("refresh_token"),'=UF_CLIENT_ID'=>$cid,'>UF_REFRESH_EXPIRES'=>DateTime::createFromTimestamp(time())]])->fetch()) {
$acc = bin2hex(random_bytes(32)); $ref = bin2hex(random_bytes(32));
$dt::update($t['ID'], ['UF_TOKEN'=>$acc, 'UF_REFRESH_TOKEN'=>$ref, 'UF_EXPIRES'=>DateTime::createFromTimestamp(time()+3600)]);
echo json_encode(['access_token'=>$acc, 'refresh_token'=>$ref]);
} else echo json_encode(['error'=>'invalid_refresh']);
}
private static function getUidByToken($token) {
if(!$token) return false;
$dt = self::getHlEntity('sso_tokens');
$t = $dt::getList(['filter'=>['=UF_TOKEN'=>$token, '>UF_EXPIRES'=>DateTime::createFromTimestamp(time())]])->fetch();
return $t ? $t['UF_USER_ID'] : false;
}
}
Reference in New Issue View Git Blame Copy Permalink