134 lines
3.8 KiB
PHP
Executable File
134 lines
3.8 KiB
PHP
Executable File
<?php
|
|
|
|
class ApiAuth {
|
|
public static function authenticate() {
|
|
$authHeader = $_SERVER['HTTP_AUTHORIZATION'] ?? $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] ?? '';
|
|
$customHeader = $_SERVER['HTTP_X_AUTH_TOKEN'] ?? '';
|
|
|
|
// 1. Intentar JWT primero (para móvil) - header estándar
|
|
if (preg_match('/Bearer\s+(.*)$/i', $authHeader, $matches)) {
|
|
require_once __DIR__ . '/JWT.php';
|
|
$token = $matches[1];
|
|
$decoded = JWT::decode($token);
|
|
|
|
if ($decoded) {
|
|
return $decoded;
|
|
}
|
|
|
|
http_response_code(401);
|
|
echo json_encode([
|
|
'success' => false,
|
|
'message' => 'Token inválido o expirado'
|
|
]);
|
|
exit;
|
|
}
|
|
|
|
// 2. Intentar JWT con header personalizado X-Auth-Token (fallback)
|
|
if (!empty($customHeader)) {
|
|
require_once __DIR__ . '/JWT.php';
|
|
$decoded = JWT::decode($customHeader);
|
|
|
|
if ($decoded) {
|
|
return $decoded;
|
|
}
|
|
|
|
http_response_code(401);
|
|
echo json_encode([
|
|
'success' => false,
|
|
'message' => 'Token inválido o expirado'
|
|
]);
|
|
exit;
|
|
}
|
|
|
|
// 3. Fallback a sesión PHP (para web)
|
|
if (session_status() === PHP_SESSION_NONE) {
|
|
session_start();
|
|
}
|
|
|
|
if (isset($_SESSION['user_id'])) {
|
|
return [
|
|
'user_id' => $_SESSION['user_id'],
|
|
'username' => $_SESSION['username'],
|
|
'role' => $_SESSION['role'],
|
|
'first_name' => $_SESSION['first_name'] ?? '',
|
|
'last_name' => $_SESSION['last_name'] ?? ''
|
|
];
|
|
}
|
|
|
|
// 4. Sin autenticación
|
|
http_response_code(401);
|
|
echo json_encode([
|
|
'success' => false,
|
|
'message' => 'No autenticado'
|
|
]);
|
|
exit;
|
|
}
|
|
|
|
public static function requireAdmin() {
|
|
$user = self::authenticate();
|
|
|
|
if ($user['role'] !== 'ADMIN') {
|
|
http_response_code(403);
|
|
echo json_encode([
|
|
'success' => false,
|
|
'message' => 'Se requiere rol de Administrador'
|
|
]);
|
|
exit;
|
|
}
|
|
|
|
return $user;
|
|
}
|
|
|
|
public static function requireCapturist() {
|
|
$user = self::authenticate();
|
|
|
|
if ($user['role'] !== 'ADMIN' && $user['role'] !== 'CAPTURIST') {
|
|
http_response_code(403);
|
|
echo json_encode([
|
|
'success' => false,
|
|
'message' => 'Se requiere rol de Capturista o Administrador'
|
|
]);
|
|
exit;
|
|
}
|
|
|
|
return $user;
|
|
}
|
|
|
|
public static function getAccessibleHouseIds() {
|
|
$user = self::authenticate();
|
|
|
|
if ($user['role'] === 'ADMIN') {
|
|
require_once __DIR__ . '/../models/House.php';
|
|
$db = Database::getInstance();
|
|
$result = $db->fetchAll("SELECT id FROM houses");
|
|
return array_column($result, 'id');
|
|
}
|
|
|
|
if ($user['role'] === 'LECTOR') {
|
|
require_once __DIR__ . '/../models/UserPermission.php';
|
|
return UserPermission::getUserHouseIds($user['user_id']);
|
|
}
|
|
|
|
// VIEWER, CAPTURIST
|
|
require_once __DIR__ . '/../models/House.php';
|
|
$db = Database::getInstance();
|
|
$result = $db->fetchAll("SELECT id FROM houses");
|
|
return array_column($result, 'id');
|
|
}
|
|
|
|
public static function isLector() {
|
|
$user = self::authenticate();
|
|
return $user['role'] === 'LECTOR';
|
|
}
|
|
|
|
public static function getUserId() {
|
|
$user = self::authenticate();
|
|
return $user['user_id'];
|
|
}
|
|
|
|
public static function getRole() {
|
|
$user = self::authenticate();
|
|
return $user['role'];
|
|
}
|
|
}
|