just testing the environment
Some checks failed
Tests / test (push) Has been cancelled

This commit is contained in:
tom.hempel
2026-05-20 07:10:08 +02:00
parent 2a11dfd0d1
commit 06fc134299
56 changed files with 1890 additions and 361 deletions

View File

@ -141,26 +141,28 @@ function get_bearer_token(): ?string {
return null;
}
function qdb_auth_abort(array $body, int $status): never {
if (defined('QDB_TESTING') && QDB_TESTING) {
require_once __DIR__ . '/lib/QdbHttpResponse.php';
throw new QdbHttpResponse($body, $status);
}
http_response_code($status);
header('Content-Type: application/json; charset=UTF-8');
echo json_encode($body);
exit;
}
function require_valid_token(): array {
$token = get_bearer_token();
if (!$token) {
http_response_code(401);
header('Content-Type: application/json; charset=UTF-8');
echo json_encode(["error" => "Missing Bearer token"]);
exit;
qdb_auth_abort(["error" => "Missing Bearer token"], 401);
}
$rec = token_get_record($token);
if (!$rec) {
http_response_code(403);
header('Content-Type: application/json; charset=UTF-8');
echo json_encode(["error" => "Invalid or expired token"]);
exit;
qdb_auth_abort(["error" => "Invalid or expired token"], 403);
}
if (!empty($rec['temp'])) {
http_response_code(403);
header('Content-Type: application/json; charset=UTF-8');
echo json_encode(["error" => "Password change required before access"]);
exit;
qdb_auth_abort(["error" => "Password change required before access"], 403);
}
$rec['_token'] = $token;
return $rec;
@ -169,10 +171,7 @@ function require_valid_token(): array {
function require_role(array $allowed, array $tokenRecord): void {
$role = $tokenRecord['role'] ?? '';
if (!in_array($role, $allowed, true)) {
http_response_code(403);
header('Content-Type: application/json; charset=UTF-8');
echo json_encode(["error" => "Insufficient permissions"]);
exit;
qdb_auth_abort(["error" => "Insufficient permissions"], 403);
}
}