From 76de68d2f3600a7000a054be3f595029b1931e20 Mon Sep 17 00:00:00 2001
From: Syndamia <kamen@syndamia.com>
Date: Sun, 26 Jan 2025 11:08:46 +0200
Subject: feat: Authentication logic on every page

---
 apache/sites/nowayforward_human.conf.tpl |  4 ++++
 controllers/user.php                     |  9 +++++++++
 models/cookies.php                       |  8 ++++++++
 views/authenticate.js                    | 19 +++++++++++++++++++
 views/footer.php                         | 13 +++++++++++++
 views/header.php                         | 18 +++++++++++++++---
 views/profile/authenticate.php           | 27 +++++++++++++++++++++++++++
 views/styles.css                         |  4 ++++
 8 files changed, 99 insertions(+), 3 deletions(-)
 create mode 100644 views/authenticate.js
 create mode 100644 views/profile/authenticate.php

diff --git a/apache/sites/nowayforward_human.conf.tpl b/apache/sites/nowayforward_human.conf.tpl
index 72ed808..ba010c7 100644
--- a/apache/sites/nowayforward_human.conf.tpl
+++ b/apache/sites/nowayforward_human.conf.tpl
@@ -10,4 +10,8 @@
   RedirectMatch "^/$" /home/index.php
   RedirectMatch "^/index.html$" /home/index.php
   RedirectMatch "^/index.php$" /home/index.php
+
+  RewriteEngine On
+  RewriteCond %{HTTP:Authorization} ^(.*)
+  RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
 </VirtualHost>
diff --git a/controllers/user.php b/controllers/user.php
index f26103e..78797db 100644
--- a/controllers/user.php
+++ b/controllers/user.php
@@ -7,3 +7,12 @@ function on_get() {
     }
     catch(Exception $e) {}
 }
+
+function on_post() {
+    global $user;
+    try {
+        $headers = apache_request_headers();
+        $user = Database\Cookie::fromDB($headers["Authorization"]);
+    }
+    catch(Exception $e) {}
+}
diff --git a/models/cookies.php b/models/cookies.php
index 8a7ea42..a181022 100644
--- a/models/cookies.php
+++ b/models/cookies.php
@@ -16,6 +16,14 @@ class Cookie extends Table {
         );
         return $Token;
     }
+
+    static function fromDB(string $token) : User {
+        $UID = Table::_fromDB(
+            "SELECT UID FROM Cookies WHERE Token = \"$token\"",
+            "Database\Cookie"
+        )->UID;
+        return User::fromDBuid($UID);
+    }
 }
 
 // Taken from https://stackoverflow.com/a/15875555
diff --git a/views/authenticate.js b/views/authenticate.js
new file mode 100644
index 0000000..5e1371a
--- /dev/null
+++ b/views/authenticate.js
@@ -0,0 +1,19 @@
+var authentication_response = null;
+var authentication_callbacks = [];
+
+function requestAuthentication() {
+    var request = new XMLHttpRequest();
+    request.onreadystatechange = function() {
+        if (request.readyState < 4) return;
+
+        authentication_response = (request.status == 200) ? request.responseText : "";
+    }
+    request.open("POST", "/profile/authenticate.php", true);
+    request.setRequestHeader("Authorization", sessionStorage.getItem("token"));
+    request.send(null);
+}
+requestAuthentication();
+
+function authenticated(callback) {
+    authentication_callbacks.push(callback);
+}
diff --git a/views/footer.php b/views/footer.php
index b457da8..22c4631 100644
--- a/views/footer.php
+++ b/views/footer.php
@@ -1,3 +1,16 @@
     </article>
 </body>
+<script type="text/javascript">
+    function eval_callbacks() {
+        if (authentication_response === null) {
+            setTimeout(eval_callbacks, 50);
+        }
+        else if (authentication_response !== "") {
+            for (callback of authentication_callbacks) {
+                callback(authentication_response);
+            }
+        }
+    }
+    eval_callbacks();
+</script>
 </html>
diff --git a/views/header.php b/views/header.php
index 7a874d4..3835dfb 100644
--- a/views/header.php
+++ b/views/header.php
@@ -9,16 +9,28 @@
     <title><?= htmlspecialchars($title ?? "No Way Forward Human");?></title>
 </head>
 <body>
+    <script type="text/javascript" src="/authenticate.js"></script>
     <header>
         <nav>
             <div class="fadeout-left"></div>
             <a href="/home/index.php">Home</a>
-            <a href="/test/index.php">Test</a>
             <a href="/sample_archive/index.php">Sample Archive</a>
             <div class="flex-expand"></div>
-            <a href="/login/index.php">Login</a>
-            <a href="/register/index.php">Register</a>
+            <a id="login" href="/login/index.php">Login</a>
+            <a id="register" href="/register/index.php">Register</a>
+            <a id="profile" href="/profile/index.php" hidden>Profile</a>
             <div class="fadeout-right"></div>
         </nav>
+        <script type="text/javascript">
+            function updateNavbar(response) {
+                document.getElementById('login').hidden = true;
+                document.getElementById('register').hidden = true;
+
+                const profile = document.getElementById('profile');
+                profile.hidden = false;
+                profile.href += '?user=' + response;
+            }
+            authenticated(updateNavbar);
+        </script>
     </header>
     <article>
diff --git a/views/profile/authenticate.php b/views/profile/authenticate.php
new file mode 100644
index 0000000..540d4a3
--- /dev/null
+++ b/views/profile/authenticate.php
@@ -0,0 +1,27 @@
+<?php
+
+if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
+    header('Allow: POST');
+    http_response_code(405);
+    header('Content-Type: text/plain');
+    echo $_SERVER['REQUEST_METHOD'] . " request not allowed!";
+    exit;
+}
+
+include '../meta.php';
+
+$user = null;
+runController('user');
+
+if ($user !== null) {
+    http_response_code(200);
+    header('Content-Type: text/plain');
+    echo $user->Username;
+}
+else {
+    http_response_code(401);
+    header('Content-Type: text/plain');
+    echo 'Bad token!';
+}
+
+exit;
diff --git a/views/styles.css b/views/styles.css
index f1a24fe..5058854 100644
--- a/views/styles.css
+++ b/views/styles.css
@@ -70,6 +70,10 @@ input[type=submit]:hover {
   cursor: pointer;
 }
 
+[hidden] {
+  display: none !important;
+}
+
 /* Generic */
 
 .float-right {
-- 
cgit v1.2.3