updated api

This commit is contained in:
2026-05-22 13:26:29 +02:00
parent c86372af2e
commit 52d4ef42dc
17 changed files with 867 additions and 41 deletions

View File

@ -1,5 +1,7 @@
<?php
require_once __DIR__ . '/../lib/activity.php';
switch ($route) {
case 'auth/login':
@ -41,9 +43,8 @@ case 'auth/login':
);
}
qdb_discard($tmpDb, $lockFp);
if ((int)$user['mustChangePassword'] === 1) {
qdb_discard($tmpDb, $lockFp);
$tempToken = bin2hex(random_bytes(32));
token_add($tempToken, 10 * 60, [
'role' => $user['role'],
@ -59,6 +60,17 @@ case 'auth/login':
]);
}
qdb_discard($tmpDb, $lockFp);
[$pdoW, $tmpDbW, $lockFpW] = qdb_open(true);
$tokenRec = [
'role' => $user['role'],
'entityID' => $user['entityID'],
'userID' => $user['userID'],
];
log_activity($pdoW, $tokenRec, 'login', 'user', $user['userID'], "Login: $username");
qdb_save($tmpDbW, $lockFpW);
$token = bin2hex(random_bytes(32));
token_add($token, 30 * 24 * 60 * 60, [
'role' => $user['role'],
@ -73,6 +85,7 @@ case 'auth/login':
]);
} catch (Throwable $e) {
if (isset($tmpDb, $lockFp)) qdb_discard($tmpDb, $lockFp);
if (isset($tmpDbW, $lockFpW)) qdb_discard($tmpDbW, $lockFpW);
error_log($e->getMessage());
json_error('SERVER_ERROR', 'Server error', 500);
}
@ -137,6 +150,15 @@ case 'auth/change-password':
"UPDATE users SET passwordHash = :h, mustChangePassword = 0 WHERE userID = :uid"
)->execute([':h' => $newHash, ':uid' => $user['userID']]);
log_activity(
$pdo,
array_merge($tokenRec, ['role' => $user['role'], 'entityID' => $user['entityID'], 'userID' => $user['userID']]),
'password_changed',
'user',
$user['userID'],
"Password changed: $username"
);
qdb_save($tmpDb, $lockFp);
// Revoke the old (possibly temp) token and issue a fresh one