From 74bc83f26694003bb9010e31447e6f935401f490 Mon Sep 17 00:00:00 2001
From: "Daniel J. Summers" <daniel@bitbadger.solutions>
Date: Fri, 5 Apr 2024 22:14:24 -0400
Subject: [PATCH] Add single user security mode (#3)

- Tweaks to SQL column definitions
- Implement class autoloading
- Split user config into its own file
---
 src/lib/Data.php     | 47 ++++++++++++++++++++++++++++++++++------
 src/lib/Security.php | 51 ++++++++++++++++++++++++++++++++++++++++++++
 src/public/index.php |  4 +++-
 src/start.php        | 27 +++++++++--------------
 src/user-config.php  | 23 ++++++++++++++++++++
 5 files changed, 127 insertions(+), 25 deletions(-)
 create mode 100644 src/lib/Security.php
 create mode 100644 src/user-config.php

diff --git a/src/lib/Data.php b/src/lib/Data.php
index 39dea42..ee9062b 100644
--- a/src/lib/Data.php
+++ b/src/lib/Data.php
@@ -14,6 +14,9 @@ class Data {
         return $db;
     }
 
+    /**
+     * Make sure the expected tables exist
+     */
     public static function ensureDb(): void {
         $db = self::getConnection();
         $tables = array();
@@ -24,8 +27,7 @@ class Data {
                 CREATE TABLE frc_user (
                     id       INTEGER NOT NULL PRIMARY KEY,
                     email    TEXT    NOT NULL,
-                    password TEXT    NOT NULL,
-                    salt     TEXT    NOT NULL)
+                    password TEXT    NOT NULL)
                 SQL;
             $db->exec($query);
             $db->exec('CREATE INDEX idx_user_email ON frc_user (email)');
@@ -50,15 +52,46 @@ class Data {
                     published_on  TEXT    NOT NULL,
                     updated_on    TEXT,
                     content       TEXT    NOT NULL,
-                    is_encoded    INTEGER NOT NULL,
-                    is_read       INTEGER NOT NULL,
-                    is_bookmarked INTEGER NOT NULL,
+                    is_encoded    BOOLEAN NOT NULL,
+                    is_read       BOOLEAN NOT NULL,
+                    is_bookmarked BOOLEAN NOT NULL,
                     FOREIGN KEY (feed_id) REFERENCES feed (id))
                 SQL;
             $db->exec($query);
         }
         $db->close();
     }
-}
 
-Data::ensureDb();
+    /**
+     * Find a user by their ID
+     *
+     * @param string $email The e-mail address of the user to retrieve
+     * @return array|null The user information, or null if the user is not found
+     */
+    public static function findUserByEmail(string $email): ?array {
+        $db = self::getConnection();
+        $query = $db->prepare('SELECT * FROM frc_user WHERE email = :email');
+        $query->bindValue(':email', $email);
+        $result = $query->execute();
+        if ($result) {
+            $user = $result->fetchArray(SQLITE3_ASSOC);
+            if ($user) return $user;
+            return null;
+        }
+        return null;
+    }
+
+    /**
+     * Add a user
+     *
+     * @param string $email The e-mail address for the user
+     * @param string $password The user's password
+     */
+    public static function addUser(string $email, string $password): void {
+        $db = self::getConnection();
+        $query = $db->prepare('INSERT INTO frc_user (email, password) VALUES (:email, :password)');
+        $query->bindValue(':email', $email);
+        $query->bindValue(':password', password_hash($password, PASSWORD_DEFAULT));
+        $query->execute();
+    }
+}
diff --git a/src/lib/Security.php b/src/lib/Security.php
new file mode 100644
index 0000000..9ab5d77
--- /dev/null
+++ b/src/lib/Security.php
@@ -0,0 +1,51 @@
+<?php
+
+/**
+ * Security functions
+ */
+class Security {
+
+    /** @var int Run as a single user requiring no password */
+    public const int SINGLE_USER = 0;
+
+    /** @var int Run as a single user requiring a password */
+    public const int SINGLE_USER_WITH_PASSWORD = 1;
+
+    /** @var int Require users to provide e-mail address and password */
+    public const int MULTI_USER = 2;
+
+    /**
+     * Verify that user is logged on
+     * @param bool $redirectIfAnonymous Whether to redirect the request if there is no user logged on
+     */
+    public static function verifyUser(bool $redirectIfAnonymous = true): void {
+        switch (SECURITY_MODEL) {
+            case self::SINGLE_USER:
+                $user = self::retrieveSingleUser();
+                break;
+            case self::SINGLE_USER_WITH_PASSWORD:
+                die('Single User w/ Password has not yet been implemented');
+            case self::MULTI_USER:
+                die('Multi-User Mode has not yet been implemented');
+            default:
+                die('Unrecognized security model (' . SECURITY_MODEL . ')');
+        }
+        if (!$user && $redirectIfAnonymous) {
+            header('/logon?returnTo=' . $_SERVER["REQUEST_URI"], true, HTTP_REDIRECT_TEMP);
+            die();
+        }
+        $_REQUEST['FRC_USER_ID']    = $user['id'];
+        $_REQUEST['FRC_USER_EMAIL'] = $user['email'];
+    }
+
+    /**
+     * Retrieve the single user
+     * @return array The user information for the single user
+     */
+    private static function retrieveSingleUser(): array {
+        $user = Data::findUserByEmail('solouser@example.com');
+        if ($user) return $user;
+        Data::addUser('solouser@example.com', 'no-password-required');
+        return Data::findUserByEmail('solouser@example.com');
+    }
+}
diff --git a/src/public/index.php b/src/public/index.php
index 4c3c7ea..a9a6092 100644
--- a/src/public/index.php
+++ b/src/public/index.php
@@ -1,8 +1,10 @@
 <?php
 include '../start.php';
 
+Security::verifyUser();
+
 page_head('Welcome');
 ?>
-<p>Startup worked</p>
+<p>User ID <?=$_REQUEST['FRC_USER_ID']?> - e-mail <?=$_REQUEST['FRC_USER_EMAIL']?></p>
 <?php
 page_foot();
diff --git a/src/start.php b/src/start.php
index a267c17..093f79a 100644
--- a/src/start.php
+++ b/src/start.php
@@ -1,23 +1,16 @@
 <?php
-// USER CONFIGURATION ITEMS
+spl_autoload_register(function ($class) {
+    $file = implode(DIRECTORY_SEPARATOR, [ __DIR__, 'lib', "$class.php" ]);
+    if (file_exists($file)) {
+        require $file;
+        return true;
+    }
+    return false;
+});
 
-/**
- * Which security model should the application use?
- * - 0 = single-user, no password
- * - 1 = single-user with password
- * - 2 = multi-user (all users require passwords)
- *
- * (NOTE THAT 1 AND 2 HAVE NOT YET BEEN IMPLEMENTED)
- */
-const SECURITY_MODEL = 0;
+require 'user-config.php';
 
-/** The name of the database file where users and feeds should be kept */
-const DATABASE_NAME = 'frc.db';
-
-// END USER CONFIGURATION ITEMS
-//   (editing below this line is not advised)
-
-include 'lib/Data.php';
+Data::ensureDb();
 
 /**
  * Render the page title
diff --git a/src/user-config.php b/src/user-config.php
new file mode 100644
index 0000000..877d61a
--- /dev/null
+++ b/src/user-config.php
@@ -0,0 +1,23 @@
+<?php
+/**
+ * USER CONFIGURATION ITEMS
+ *
+ * Editing the values here customizes the behavior of Feed Reader Central
+ */
+
+
+/**
+ * Which security model should the application use? Options are:
+ * - Security::SINGLE_USER (no e-mail required, does not require a password)
+ * - Security::SINGLE_USER_WITH_PASSWORD (no e-mail required, does require a password)
+ * - Security::MULTI_USER (e-mail and password required for all users)
+ *
+ * (NOTE THAT ONLY SINGLE_USER IS CURRENTLY IMPLEMENTED)
+ */
+const SECURITY_MODEL = Security::SINGLE_USER;
+
+/** The name of the database file where users and feeds should be kept */
+const DATABASE_NAME = 'frc.db';
+
+// END USER CONFIGURATION ITEMS
+//   (editing below this line is not advised)