use json web token for authentication

This commit is contained in:
Uwe Steinmann 2021-05-07 13:20:00 +02:00
parent 7e73388730
commit 8d660b1f98

View File

@ -28,42 +28,57 @@ include("../inc/inc.Extension.php");
include("../inc/inc.DBInit.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.ClassController.php");
include("../inc/inc.BasicAuthentication.php");
//include("../inc/inc.BasicAuthentication.php");
/**
* Include class to preview documents
*/
require_once("SeedDMS/Preview.php");
$documentid = $_GET["documentid"];
if (!isset($documentid) || !is_numeric($documentid) || intval($documentid)<1) {
if(empty($_GET['hash']))
exit;
$token = new SeedDMS_JwtToken($settings->_extensions['encryptionKey']);
if(!($tokenstr = $token->jwtDecode($_GET['hash'])))
exit;
$tokendata = json_decode($tokenstr, true);
print_r($tokendata);
exit;
if (!isset($tokendata['d']) || !is_numeric($tokendata['d'])) {
exit;
}
$document = $dms->getDocument($documentid);
$document = $dms->getDocument($tokendata['d']);
if (!is_object($document)) {
exit;
}
if (!isset($tokendata['u']) || !is_numeric($tokendata['u'])) {
exit;
}
$user = $dms->getUser($tokendata['u']);
if (!is_object($user)) {
exit;
}
if ($document->getAccessMode($user) < M_READ) {
exit;
}
if (!isset($tokendata['v']) || !is_numeric($tokendata['v'])) {
exit;
}
$controller = Controller::factory('Preview', array('dms'=>$dms, 'user'=>$user));
$controller->setParam('width', !empty($tokendata["w"]) ? $tokendata["w"] : null);
$controller->setParam('document', $document);
$controller->setParam('version', $tokendata['v']);
$controller->setParam('type', 'version');
if(!$controller->run()) {
header('Content-Type: image/svg+xml');
readfile('../views/'.$theme.'/images/empty.svg');
exit;
}
if(isset($_GET['version'])) {
$version = $_GET["version"];
if (!is_numeric($version))
exit;
$controller = Controller::factory('Preview', array('dms'=>$dms, 'user'=>$user));
$controller->setParam('width', !empty($_GET["width"]) ? $_GET["width"] : null);
$controller->setParam('document', $document);
$controller->setParam('version', $version);
$controller->setParam('type', 'version');
if(!$controller->run()) {
header('Content-Type: image/svg+xml');
readfile('../views/'.$theme.'/images/empty.svg');
exit;
}
}