From 4c44dac115804376a02ba7f8462b781c0cf7085b Mon Sep 17 00:00:00 2001
From: Filip Rojek <filip@filiprojek.cz>
Date: Thu, 26 Dec 2024 14:44:40 +0100
Subject: [PATCH] Auth logic is completed (signin, signup, logout), Added:
 Middlewares, RequireAuth middleware

---
 TODO.md                            |  2 +-
 app/controllers/AuthController.php | 21 +++++++++++++++++++--
 app/controllers/HomeController.php | 16 ++++++----------
 app/models/User.php                | 27 +++++++++++++++++++++++----
 app/views/auth/signin.php          | 26 +++++++++++++++++++-------
 app/views/dashboard/index.php      |  1 +
 app/views/layouts/base.php         |  1 +
 app/views/shared/header.php        |  4 ----
 core/Router.php                    | 29 ++++++++++++++++++++++++++---
 core/middlewares/RequireAuth.php   | 12 ++++++++++++
 public/index.php                   |  4 ++++
 11 files changed, 112 insertions(+), 31 deletions(-)
 delete mode 100644 app/views/shared/header.php
 create mode 100644 core/middlewares/RequireAuth.php

diff --git a/TODO.md b/TODO.md
index 77f579c..8f0d2b9 100644
--- a/TODO.md
+++ b/TODO.md
@@ -2,7 +2,7 @@
 
 ## Auth and User stuff
 - [x] signup
-- [ ] signin
+- [x] signin
 - [ ] edit user data - change password, mail...
 
 ## Core of the app
diff --git a/app/controllers/AuthController.php b/app/controllers/AuthController.php
index bc361b5..658497b 100644
--- a/app/controllers/AuthController.php
+++ b/app/controllers/AuthController.php
@@ -6,6 +6,19 @@ class AuthController extends Controller  {
             $email = $_POST['email'] ?? '';
             $password = $_POST['password'] ?? '';
 
+            $validator = new Validator();
+            $validator->required('email', $email);
+            $validator->email('email', $email);
+            $validator->required('password', $password);
+
+            if (!$validator->passes()) {
+                $this->view('auth/signup', [
+                    'error' => 'Please correct the errors below.',
+                    'validationErrors' => $validator->errors() ?: [],
+                ]);
+                return;
+            }
+
             $user = new User();
             $result = $user->login($email, $password);
 
@@ -26,9 +39,7 @@ class AuthController extends Controller  {
             $password = $_POST['password'] ?? '';
             $password2 = $_POST['password-2'] ?? '';
 
-            // Perform validations
             $validator = new Validator();
-
             $validator->required('username', $username);
             $validator->email('email', $email);
             $validator->required('password', $password);
@@ -65,4 +76,10 @@ class AuthController extends Controller  {
             ]);
         }
     }
+
+    public function logout() {
+        session_unset(); 
+        session_destroy();
+        $this->redirect('/auth/signin');
+    }
 }
diff --git a/app/controllers/HomeController.php b/app/controllers/HomeController.php
index 33bdcc7..129545f 100644
--- a/app/controllers/HomeController.php
+++ b/app/controllers/HomeController.php
@@ -1,22 +1,18 @@
 <?php
 
-class HomeController {
-    //private function render($view) {
-    //    ob_start();
-    //    require_once views . $view;
-    //    $content = ob_get_clean();
-    //    require_once views . 'layouts/base.php';
-    //}
+class HomeController extends Controller {
     public function index() {
-        $view = new View();
         $data = [
             'title' => 'Home'
         ];
-        $view->render('home/index', $data);
-        //require_once views . 'home/index.php';
+        $this->view('home/index', $data);
     }
     
     public function home() {
         $this->index();
     }
+
+    public function dashboard() {
+        $this->view("dashboard/index");
+    }
 }
diff --git a/app/models/User.php b/app/models/User.php
index d860b58..e6ffffc 100644
--- a/app/models/User.php
+++ b/app/models/User.php
@@ -27,7 +27,6 @@ class User {
             return "Email is already registered";
         }
 
-        // Hash the password
         $hashedPassword = password_hash($password, PASSWORD_BCRYPT);
 
         $stmt = $this->db->prepare("INSERT INTO users (username, email, password, points, created_at) VALUES (?, ?, ?, 0, NOW())");
@@ -39,7 +38,27 @@ class User {
             return "Error: " . $stmt->error;
         }
     }
+
+    public function login($email, $password) {
+        $hashedPassword = password_hash($password, PASSWORD_BCRYPT);
+
+        $stmt = $this->db->prepare("SELECT username, password FROM users WHERE email = ?");
+        $stmt->bind_param("s", $email);
+        $stmt->execute();
+        $result = $stmt->get_result();
+        $stmt->close();
+
+        if ($result->num_rows === 1) {
+            $user = $result->fetch_assoc();
+            if (password_verify($password, $user['password'])) {
+                $_SESSION['user'] = [
+                    'username' => $user['username'],
+                    'email' => $email,
+                ];
+                return true;
+            } 
+        } 
+
+        return "Invalid email or password.";
+    }
 }
-
-?>
-
diff --git a/app/views/auth/signin.php b/app/views/auth/signin.php
index c1ea56a..5cedda4 100644
--- a/app/views/auth/signin.php
+++ b/app/views/auth/signin.php
@@ -1,9 +1,21 @@
 <section class="signin">
-  <form>
-    <label for="username">Username</label>
-    <input type="text" name="username" id="username">
-    <label for="password">Password</label>
-    <input type="password" name="password" id="password">
-    <input type="submit" value="Sign In" id="submit-signin">
-  </form>
+    <?php if ($this->get('error')): ?>
+        <div class="error"><?= $this->get('error') ?></div>
+    <?php endif; ?>
+
+    <form action="/auth/signin" method="POST">
+        <label for="email">Email</label>
+        <input type="email" name="email" id="email" value="<?= htmlspecialchars($_POST['email'] ?? '') ?>" required>
+        <?php if (isset($this->get('validationErrors')['email'])): ?>
+            <small class="error"><?= $this->get('validationErrors')['email'] ?></small>
+        <?php endif; ?>
+
+        <label for="password">Password</label>
+        <input type="password" name="password" id="password" required>
+        <?php if (isset($this->get('validationErrors')['password'])): ?>
+            <small class="error"><?= $this->get('validationErrors')['password'] ?></small>
+        <?php endif; ?>
+
+        <input type="submit" value="Sign In">
+    </form>
 </section>
diff --git a/app/views/dashboard/index.php b/app/views/dashboard/index.php
index e69de29..40f76c1 100644
--- a/app/views/dashboard/index.php
+++ b/app/views/dashboard/index.php
@@ -0,0 +1 @@
+<h1>Welcome <?= $_SESSION['user']['username']?>!</h1>
diff --git a/app/views/layouts/base.php b/app/views/layouts/base.php
index 8b59e50..c1de6d1 100644
--- a/app/views/layouts/base.php
+++ b/app/views/layouts/base.php
@@ -8,6 +8,7 @@
     <header>
       <a href="/auth/signin">Log In</a>
       <a href="/auth/signup">Sign Up</a>
+      <a href="/auth/logout">Log Out</a>
     </header>
     <section class="content">
       <?= $content ?>
diff --git a/app/views/shared/header.php b/app/views/shared/header.php
deleted file mode 100644
index 1a9c6c2..0000000
--- a/app/views/shared/header.php
+++ /dev/null
@@ -1,4 +0,0 @@
-<header>
-  <a href="/signin">Log In</a>
-  <a href="/signup">Sign Up</a>
-</header>
diff --git a/core/Router.php b/core/Router.php
index d373bb8..82f44f6 100644
--- a/core/Router.php
+++ b/core/Router.php
@@ -2,17 +2,40 @@
 
 class Router {
     private $routes = [];
+    private $middlewares = [];
 
-    public function add($route, $action) {
-        $this->routes[$route] = $action;
+    /**
+     * Add a route with a specific action and optional middleware
+     * 
+     * @param string $route
+     * @param string $action
+     * @param array $middlewares Optional middlewares for this route
+     */
+    public function add($route, $action, $middlewares = []) {
+        $this->routes[$route] = ['action' => $action, 'middlewares' => $middlewares];
     }
 
+    /**
+     * Dispatch the current request to the correct route and execute middlewares
+     */
     public function dispatch() {
         $uri = $_SERVER['REQUEST_URI'];
         $uri = parse_url($uri, PHP_URL_PATH);
 
         if (array_key_exists($uri, $this->routes)) {
-            $action = $this->routes[$uri];
+            $route = $this->routes[$uri];
+            $middlewares = $route['middlewares'];
+
+            // Execute middlewares
+            foreach ($middlewares as $middleware) {
+                $middlewareInstance = new $middleware();
+                if (!$middlewareInstance->handle()) {
+                    return; // Stop execution if middleware fails
+                }
+            }
+
+            // Execute the route's controller and method
+            $action = $route['action'];
             list($controllerName, $methodName) = explode('@', $action);
 
             require_once controllers . "{$controllerName}.php";
diff --git a/core/middlewares/RequireAuth.php b/core/middlewares/RequireAuth.php
new file mode 100644
index 0000000..6fbaf60
--- /dev/null
+++ b/core/middlewares/RequireAuth.php
@@ -0,0 +1,12 @@
+<?php
+
+class RequireAuth {
+    public function handle() {
+        if (!isset($_SESSION['user'])) {
+            header('Location: /auth/signin');
+            exit();
+        }
+
+        return true;
+    }
+}
diff --git a/public/index.php b/public/index.php
index eb90184..ff507ae 100644
--- a/public/index.php
+++ b/public/index.php
@@ -1,5 +1,6 @@
 <?php
 // Show errors and warnings
+session_start();
 ini_set('display_errors', '1');
 ini_set('log_errors', '1');
 ini_set('error_log', '../storage/logs/error_log.log');
@@ -16,6 +17,7 @@ require_once '../core/Router.php';
 require_once '../core/View.php';
 require_once '../core/Controller.php';
 require_once '../core/Database.php';
+require_once '../core/middlewares/RequireAuth.php';
 
 require_once models . 'User.php';
 
@@ -23,8 +25,10 @@ require_once models . 'User.php';
 $router = new Router();
 $router->add('/', 'HomeController@index');
 $router->add('/home', 'HomeController@home');
+$router->add('/dashboard', 'HomeController@dashboard', ['RequireAuth']);
 
 // auth routes
 $router->add('/auth/signin', 'AuthController@signin');
 $router->add('/auth/signup', 'AuthController@signup');
+$router->add('/auth/logout', 'AuthController@logout');
 $router->dispatch();