This commit is contained in:
31
common.php
31
common.php
@ -141,26 +141,28 @@ function get_bearer_token(): ?string {
|
||||
return null;
|
||||
}
|
||||
|
||||
function qdb_auth_abort(array $body, int $status): never {
|
||||
if (defined('QDB_TESTING') && QDB_TESTING) {
|
||||
require_once __DIR__ . '/lib/QdbHttpResponse.php';
|
||||
throw new QdbHttpResponse($body, $status);
|
||||
}
|
||||
http_response_code($status);
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
echo json_encode($body);
|
||||
exit;
|
||||
}
|
||||
|
||||
function require_valid_token(): array {
|
||||
$token = get_bearer_token();
|
||||
if (!$token) {
|
||||
http_response_code(401);
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
echo json_encode(["error" => "Missing Bearer token"]);
|
||||
exit;
|
||||
qdb_auth_abort(["error" => "Missing Bearer token"], 401);
|
||||
}
|
||||
$rec = token_get_record($token);
|
||||
if (!$rec) {
|
||||
http_response_code(403);
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
echo json_encode(["error" => "Invalid or expired token"]);
|
||||
exit;
|
||||
qdb_auth_abort(["error" => "Invalid or expired token"], 403);
|
||||
}
|
||||
if (!empty($rec['temp'])) {
|
||||
http_response_code(403);
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
echo json_encode(["error" => "Password change required before access"]);
|
||||
exit;
|
||||
qdb_auth_abort(["error" => "Password change required before access"], 403);
|
||||
}
|
||||
$rec['_token'] = $token;
|
||||
return $rec;
|
||||
@ -169,10 +171,7 @@ function require_valid_token(): array {
|
||||
function require_role(array $allowed, array $tokenRecord): void {
|
||||
$role = $tokenRecord['role'] ?? '';
|
||||
if (!in_array($role, $allowed, true)) {
|
||||
http_response_code(403);
|
||||
header('Content-Type: application/json; charset=UTF-8');
|
||||
echo json_encode(["error" => "Insufficient permissions"]);
|
||||
exit;
|
||||
qdb_auth_abort(["error" => "Insufficient permissions"], 403);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user