diff --git a/README.md b/README.md index d6a1d2d34..30eb87104 100644 --- a/README.md +++ b/README.md @@ -11,3 +11,6 @@ Anuko [Time Tracker](https://www.anuko.com/time_tracker/index.htm) is a simple, * Forum: https://www.anuko.com/forum/viewforum.php?f=4 * Info for developers: https://www.anuko.com/time_tracker/info_for_developers.htm * How to contribute: https://www.anuko.com/time_tracker/contribute.htm + +## API +Created a small api to login with the username and password to get project list and to submit a timesheet. Have used a JWT authentication for login. diff --git a/WEB-INF/config.php.dist b/WEB-INF/config.php.dist old mode 100644 new mode 100755 index 6ffdff08e..951c91821 --- a/WEB-INF/config.php.dist +++ b/WEB-INF/config.php.dist @@ -181,3 +181,8 @@ define('AUTH_MODULE', 'db'); // A comma-separated list of default plugins for new group registrations. // Example below enables charts and attachments. // define('DEFAULT_PLUGINS', 'ch,at'); + +// configuratios for jwt authentication +define('SECRET_KEY', 'YOUR_SECRET_KEY'); +define('ISSUER_CLAIM', 'TestTimetrackerApi'); // this can be the servername +define('AUDIENCE_CLAIM', 'THE_AUDIENCE'); diff --git a/api/projects.php b/api/projects.php new file mode 100755 index 000000000..57fd5be9a --- /dev/null +++ b/api/projects.php @@ -0,0 +1,60 @@ +jwt; + +$isLoggedIn = false; +if ($jwt) { + try { + error_log($jwt); + $decoded = JWT::decode($jwt, $secret_key, array('HS256')); + $isLoggedIn = true; + $userId = $decoded->data->id; + $user = new ttUser(null, $userId); + if ($isLoggedIn) { + $project_list = $user->getAssignedProjects(); + $success_response = ['success' => true, 'data' => $project_list]; + $response = json_encode($success_response); + print_r($response); + } + } catch (Exception $e) { + $isLoggedIn = false; + http_response_code(401); + print_r(json_encode(array( + "message" => "Access denied.", + "error" => $e->getMessage() + ))); + } +} + +exit(); diff --git a/api/submitTime.php b/api/submitTime.php new file mode 100755 index 000000000..a0623d1c9 --- /dev/null +++ b/api/submitTime.php @@ -0,0 +1,84 @@ +jwt; +$isLoggedIn = false; +if ($jwt) { + try { + $decoded = JWT::decode($jwt, $secret_key, array('HS256')); + $isLoggedIn = true; + $userId = $decoded->data->id; + $user = new ttUser(null, $userId); + if ($isLoggedIn) { + $group_id = $user->getGroup(); + $cl_date = date("Y-m-d"); + $cl_project = $object->projectId; + $cl_duration = $object->duration; + $cl_note = $object->note; + + // Insert record. + $id = ttTimeHelper::insert(array( + 'date' => $cl_date, + 'user_id' => $userId, + 'group_id' => $group_id, + 'org_id' => $user->org_id, + 'client' => $cl_client, + 'project' => $cl_project, + 'task' => $cl_task, + 'duration' => $cl_duration, + 'note' => $cl_note, + 'billable' => true + )); + $result = true; + if ($id && $result && $err->no()) { + $success_response = ['success' => true, 'data' => $id]; + $response = json_encode($success_response); + print_r($response); + exit(); + } + } + } catch (Exception $e) { + $isLoggedIn = false; + http_response_code(401); + print_r(json_encode(array( + "message" => "Access denied.", + "error" => $e->getMessage() + ))); + } +} diff --git a/api/userlogin.php b/api/userlogin.php new file mode 100755 index 000000000..543071a47 --- /dev/null +++ b/api/userlogin.php @@ -0,0 +1,80 @@ +login; +$cl_password = $object->password; + +@include('../plugins/limit/access_check.php'); +if ($auth->doLogin($cl_login, $cl_password)) { + $user = new ttUser(null, $auth->getUserId()); + + $isLoggedIn = false; + if (!empty($user)) { + $isLoggedIn = true; + } + if ($isLoggedIn) { + $secret_key = SECRET_KEY; + $issuer_claim = ISSUER_CLAIM; + $audience_claim = AUDIENCE_CLAIM; + $issuedat_claim = time(); // issued at + $notbefore_claim = $issuedat_claim; //not before in seconds + $expire_claim = $issuedat_claim + 1800; // expire time in seconds + $token = array( + "iss" => $issuer_claim, + "aud" => $audience_claim, + "iat" => $issuedat_claim, + "nbf" => $notbefore_claim, + "exp" => $expire_claim, + "data" => array( + "firstname" => $user->name, + "id" => $user->id, + "email" => $user->email + ) + ); + + http_response_code(200); + $jwt = JWT::encode($token, $secret_key); + + $success_response = ['success' => true, 'userId' => $user->id, 'jwt' => $jwt]; + $response = json_encode($success_response); + print_r($response); + } else { + $error_response = ['success' => false, 'error' => 'Empty user']; + $response = json_encode($error_response); + print_r($response); + } +} else { + $error_response = ['success' => false, 'error' => 'Failed the login']; + $response = json_encode($error_response); + print_r($response); +} +exit(); diff --git a/composer.json b/composer.json new file mode 100644 index 000000000..c4818db14 --- /dev/null +++ b/composer.json @@ -0,0 +1,5 @@ +{ + "require": { + "firebase/php-jwt": "^5.2" + } +} diff --git a/composer.lock b/composer.lock new file mode 100644 index 000000000..c0a6eb572 --- /dev/null +++ b/composer.lock @@ -0,0 +1,68 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", + "This file is @generated automatically" + ], + "content-hash": "2e81f436193da5b40f951c6849eda663", + "packages": [ + { + "name": "firebase/php-jwt", + "version": "v5.2.0", + "source": { + "type": "git", + "url": "https://github.com/firebase/php-jwt.git", + "reference": "feb0e820b8436873675fd3aca04f3728eb2185cb" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/firebase/php-jwt/zipball/feb0e820b8436873675fd3aca04f3728eb2185cb", + "reference": "feb0e820b8436873675fd3aca04f3728eb2185cb", + "shasum": "" + }, + "require": { + "php": ">=5.3.0" + }, + "require-dev": { + "phpunit/phpunit": ">=4.8 <=9" + }, + "type": "library", + "autoload": { + "psr-4": { + "Firebase\\JWT\\": "src" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "BSD-3-Clause" + ], + "authors": [ + { + "name": "Neuman Vong", + "email": "neuman+pear@twilio.com", + "role": "Developer" + }, + { + "name": "Anant Narayanan", + "email": "anant@php.net", + "role": "Developer" + } + ], + "description": "A simple library to encode and decode JSON Web Tokens (JWT) in PHP. Should conform to the current spec.", + "homepage": "https://github.com/firebase/php-jwt", + "keywords": [ + "jwt", + "php" + ], + "time": "2020-03-25T18:49:23+00:00" + } + ], + "packages-dev": [], + "aliases": [], + "minimum-stability": "stable", + "stability-flags": [], + "prefer-stable": false, + "prefer-lowest": false, + "platform": [], + "platform-dev": [] +}