c576726a26
Some checks are pending
Deploy netdiag / deploy (push) Waiting to run
Netzwerk-Diagnose-Modul mit JSON-API für die NetDiag-App: - 3 Tabellen (protocol/device/measurement), generisches JSON-result - JSON-API: auth, customers, orders, protocols (idempotenter Sync), pdf - JWT-Auth (HS256), CORS für die Capacitor-App - Tabs an Thirdparty + Auftrag, Protokoll-Card, PDF-Generator - QR-Code zum App-Download in der Modul-Konfiguration - de_DE + en_US, Rechtesystem netdiag->protocol read/write/delete Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
91 lines
2.8 KiB
PHP
91 lines
2.8 KiB
PHP
<?php
|
|
/* Copyright (C) 2026 Eduard Wisch <data@data-it-solution.de>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
/**
|
|
* \file netdiag/api/auth.php
|
|
* \ingroup netdiag
|
|
* \brief API-Endpunkt: Anmeldung der mobilen App, liefert JWT.
|
|
*
|
|
* POST {login, password} -> {token, expiresIn, user}
|
|
*/
|
|
|
|
require_once __DIR__.'/netdiag_api.lib.php';
|
|
|
|
netdiag_api_bootstrap();
|
|
|
|
/** @var DoliDB $db */
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
netdiag_api_error('Nur POST erlaubt', 405);
|
|
}
|
|
|
|
$body = netdiag_api_read_body();
|
|
$login = isset($body['login']) ? trim((string) $body['login']) : '';
|
|
$password = isset($body['password']) ? (string) $body['password'] : '';
|
|
|
|
if ($login === '' || $password === '') {
|
|
netdiag_api_error('Login und Passwort erforderlich', 400);
|
|
}
|
|
|
|
require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
|
|
require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
|
|
|
|
// Zugangsdaten gegen Dolibarr prüfen (Standard-Login-Backend)
|
|
$entitytocheck = (int) $conf->entity;
|
|
$authmode = (getDolGlobalString('MAIN_AUTHENTICATION_MODE') ? getDolGlobalString('MAIN_AUTHENTICATION_MODE') : 'dolibarr');
|
|
$resultlogin = checkLoginPassEntity($login, $password, $entitytocheck, explode(',', $authmode));
|
|
|
|
if (empty($resultlogin)) {
|
|
// Kurze Verzögerung gegen Brute-Force
|
|
sleep(1);
|
|
netdiag_api_error('Login fehlgeschlagen', 401);
|
|
}
|
|
|
|
$user = new User($db);
|
|
if ($user->fetch('', $resultlogin, '', 0, $entitytocheck) <= 0 || empty($user->id)) {
|
|
netdiag_api_error('Benutzer nicht gefunden', 401);
|
|
}
|
|
if (!empty($user->statut) && $user->statut == 0) {
|
|
netdiag_api_error('Benutzer deaktiviert', 403);
|
|
}
|
|
$user->loadRights();
|
|
|
|
if (!$user->hasRight('netdiag', 'protocol', 'read')) {
|
|
netdiag_api_error('Keine Berechtigung für NetDiag', 403);
|
|
}
|
|
|
|
$ttl = (int) getDolGlobalString('NETDIAG_API_TOKEN_TTL', '604800');
|
|
if ($ttl < 60) {
|
|
$ttl = 604800;
|
|
}
|
|
|
|
$token = netdiag_jwt_encode(array(
|
|
'sub' => (int) $user->id,
|
|
'name' => $user->getFullName($langs),
|
|
), $ttl);
|
|
|
|
netdiag_api_respond(array(
|
|
'token' => $token,
|
|
'expiresIn' => $ttl,
|
|
'user' => array(
|
|
'id' => (int) $user->id,
|
|
'login' => $user->login,
|
|
'name' => $user->getFullName($langs),
|
|
'email' => $user->email,
|
|
'canWrite' => (bool) $user->hasRight('netdiag', 'protocol', 'write'),
|
|
),
|
|
));
|