Initial commit

public/index.php

@@ -0,0 +1,192 @@
+<?php
+
+require_once __DIR__ . '/../vendor/autoload.php';
+
+use Slim\Factory\AppFactory;
+use DI\Container;
+use Hpz937\Encryption\DataEncryptor;
+use Hpz937\Phpvault\Handler\AuthHandler;
+use Hpz937\Phpvault\Database;
+use Hpz937\Phpvault\Middleware\AuthMiddleware;
+use Hpz937\Phpvault\Vault;
+use Psr\Container\ContainerInterface;
+
+$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/..');
+$dotenv->load();
+
+$app = AppFactory::create();
+$container = new Container();
+
+$container->set(AuthMiddleware::class, function (ContainerInterface $container) {
+    $authHandler = $container->get(AuthHandler::class);
+    return new AuthMiddleware($authHandler);
+});
+
+$container->set(Database::class, function () {
+    return new Database();
+});
+
+$container->set(DataEncryptor::class, function () {
+    return new DataEncryptor($_ENV['ENCRYPTION_KEY']);
+});
+
+// Set up the AuthHandler in the container
+$container->set(AuthHandler::class, function () {
+    $secretKey = $_ENV['JWT_SECRET_KEY'];
+    $database = new Database(); // Assuming you have a Database class
+    return new AuthHandler($secretKey, $database);
+});
+
+$authMiddleware = $container->get(AuthMiddleware::class);
+
+AppFactory::setContainer($container);
+
+$app->post('/login', function ($request, $response) use ($container) {
+    $data = $request->getParsedBody();
+    $username = $data['username'];
+    $password = $data['password'];
+
+    $authHandler = $container->get(AuthHandler::class); 
+    $token = $authHandler->generateToken($username, $password);
+
+    if ($token) {
+        $response->getBody()->write(json_encode(['token' => $token]));
+        return $response->withStatus(200);
+    } else {
+        $response->getBody()->write(json_encode(['error' => 'Invalid credentials']));
+        return $response->withStatus(401);
+    }
+});
+
+$app->post('/addUser', function ($request, $response) use ($container) {
+    $data = $request->getParsedBody();
+    $username = $data['username'];
+    $password = $data['password'];
+
+    $authHandler = $container->get(AuthHandler::class); 
+    $token = $authHandler->addUser($username, $password);
+
+    return $response->withStatus(201);
+});
+
+$app->post('/manage/{vaultName}', function ($request, $response, array $args) use ($container) {
+    try {
+        // the sent body will be a json object
+        $secret = $request->getBody()->getContents();
+
+        // if secret is empty or secret is not valid json data return 400
+        if (empty($secret) || json_decode($secret) === null) {
+            $response->getBody()->write(json_encode(['error' => 'Invalid secret']));
+            return $response->withStatus(400);
+        }
+
+        if (!isset(json_decode($secret, true)['key'])) {
+            $response->getBody()->write(json_encode(['error' => 'Key is required']));
+            return $response->withStatus(400);
+        }
+
+        $key = json_decode($secret, true)['key'];
+
+        $username = $request->getAttribute('username');
+
+        if (!isset($args['vaultName'])) {
+            $response->getBody()->write(json_encode(['error' => 'Vault name is required']));
+            return $response->withStatus(400);
+        }
+        $vaultName = $args['vaultName'];
+
+        $vault = $container->get(Vault::class);
+        $vault->storeSecret($username, $vaultName, $key, $secret);
+
+        $response->getBody()->write(json_encode(['message' => 'Secret stored']));
+        return $response->withStatus(201);
+    } catch (Exception $e) {
+        $response->getBody()->write(json_encode(['error' => $e->getMessage()]));
+        return $response->withStatus(500);
+    }
+})->add($authMiddleware);
+
+$app->put('/manage/{vaultName}', function ($request, $response, array $args) use ($container) {
+    try {
+        // the sent body will be a json object
+        $secret = $request->getBody()->getContents();
+
+        // if secret is empty or secret is not valid json data return 400
+        if (empty($secret) || json_decode($secret) === null) {
+            $response->getBody()->write(json_encode(['error' => 'Invalid secret']));
+            return $response->withStatus(400);
+        }
+
+        if (!isset(json_decode($secret, true)['key'])) {
+            $response->getBody()->write(json_encode(['error' => 'Key is required']));
+            return $response->withStatus(400);
+        }
+
+        $key = json_decode($secret, true)['key'];
+
+        $username = $request->getAttribute('username');
+
+        if (!isset($args['vaultName'])) {
+            $response->getBody()->write(json_encode(['error' => 'Vault name is required']));
+            return $response->withStatus(400);
+        }
+        $vaultName = $args['vaultName'];
+
+        $vault = $container->get(Vault::class);
+        $vault->updateSecret($username, $vaultName, $key, $secret);
+
+        $response->getBody()->write(json_encode(['message' => 'Secret updated']));
+        return $response->withStatus(201);
+    } catch (Exception $e) {
+        $response->getBody()->write(json_encode(['error' => $e->getMessage()]));
+        return $response->withStatus(500);
+    }
+})->add($authMiddleware);
+
+$app->delete('/manage/{vaultName}', function ($request, $response, array $args) use ($container) {
+    try {
+        $username = $request->getAttribute('username');
+        $vaultName = $args['vaultName'];
+        $vault = $container->get(Vault::class);
+        $vault->deleteSecret($username, $vaultName);
+        $response->getBody()->write(json_encode(['message' => 'Secret deleted']));
+        return $response->withStatus(200);
+    } catch (Exception $e) {
+        $response->getBody()->write(json_encode(['error' => $e->getMessage()]));
+        return $response->withStatus(500);
+    }
+})->add($authMiddleware);
+
+$app->post('/vault/{vaultName}', function ($request, $response, array $args) use ($container) {
+    // the sent body will be a json object
+    $secret = $request->getBody()->getContents();
+
+    // if secret is empty or secret is not valid json data return 400
+    if (empty($secret) || json_decode($secret) === null || json_decode($secret)->key === null) {
+        $response->getBody()->write(json_encode(['error' => 'Invalid Key']));
+        return $response->withStatus(400);
+    }
+
+    $key = json_decode($secret)->key;
+
+    $username = $request->getAttribute('username');
+
+    if (!isset($args['vaultName'])) {
+        $response->getBody()->write(json_encode(['error' => 'Vault name is required']));
+        return $response->withStatus(400);
+    }
+    $vaultName = $args['vaultName'];
+
+    $vault = $container->get(Vault::class);
+    $secret = $vault->getSecret($username, $key, $vaultName);
+
+    if ($secret) {
+        $response->getBody()->write($secret);
+        return $response->withStatus(200);
+    } else {
+        $response->getBody()->write(json_encode(['error' => 'Secret not found']));
+        return $response->withStatus(404);
+    }
+})->add($authMiddleware);
+
+$app->run();