From 8be7988d9756250d4baa4bafd86dfdfa53575f5c Mon Sep 17 00:00:00 2001
From: binaryDiv <binarydiv@gmail.com>
Date: Mon, 26 Jul 2021 23:52:59 +0200
Subject: [PATCH] Implement basic login function; add basic styling

---
 public/index.php                              |  2 +
 public/static/style.css                       | 50 +++++++++++++++
 src/Auth/AuthMiddleware.php                   | 35 +++++++++++
 src/Dependencies.php                          | 12 +++-
 .../Dashboard/DashboardController.php}        |  9 +--
 src/Frontend/Login/LoginController.php        | 63 +++++++++++++++++++
 src/Middlewares.php                           |  2 +
 src/Routes.php                                | 11 +++-
 templates/base.html.twig                      | 23 +++++++
 templates/dashboard.html.twig                 | 11 ++++
 templates/login.html                          | 19 ------
 templates/login.html.twig                     | 42 +++++++++++++
 12 files changed, 252 insertions(+), 27 deletions(-)
 create mode 100644 public/static/style.css
 create mode 100644 src/Auth/AuthMiddleware.php
 rename src/{Login/LoginController.php => Frontend/Dashboard/DashboardController.php} (57%)
 create mode 100644 src/Frontend/Login/LoginController.php
 create mode 100644 templates/base.html.twig
 create mode 100644 templates/dashboard.html.twig
 delete mode 100644 templates/login.html
 create mode 100644 templates/login.html.twig

diff --git a/public/index.php b/public/index.php
index 60dd1c2..37641db 100644
--- a/public/index.php
+++ b/public/index.php
@@ -9,6 +9,8 @@ use MailAccountAdmin\Routes;
 use MailAccountAdmin\Settings;
 use Slim\Factory\AppFactory;
 
+session_start();
+
 $settings = new Settings();
 $container = Dependencies::createContainer($settings);
 $app = AppFactory::createFromContainer($container);
diff --git a/public/static/style.css b/public/static/style.css
new file mode 100644
index 0000000..6db3384
--- /dev/null
+++ b/public/static/style.css
@@ -0,0 +1,50 @@
+html, body {
+    max-width: 100%;
+    margin: 0;
+    padding: 0;
+}
+
+* {
+    box-sizing: border-box;
+}
+
+body {
+    font-family: sans-serif;
+}
+
+/* --- Header --- */
+header {
+    margin: 1em;
+}
+
+header h1 {
+    margin: 1em;
+}
+
+/* --- Login page --- */
+main.login_page {
+    margin: 2em;
+    padding: 1em;
+    border: 1px gray solid;
+    width: auto;
+}
+
+main.login_page h2 {
+    margin: 0 0 0.5em 0;
+}
+
+main.login_page table td {
+    padding: 0.2em;
+}
+
+/* --- Text and other styling --- */
+.error {
+    background: #ff4444;
+    width: 30em;
+    margin: 1em 0;
+    padding: 1em;
+}
+
+button {
+    padding: 0.2em 1em;
+}
diff --git a/src/Auth/AuthMiddleware.php b/src/Auth/AuthMiddleware.php
new file mode 100644
index 0000000..2a8d7eb
--- /dev/null
+++ b/src/Auth/AuthMiddleware.php
@@ -0,0 +1,35 @@
+<?php
+declare(strict_types=1);
+
+namespace MailAccountAdmin\Auth;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Psr\Http\Server\MiddlewareInterface;
+use Psr\Http\Server\RequestHandlerInterface;
+use Slim\Psr7\Response;
+
+class AuthMiddleware implements MiddlewareInterface
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
+    {
+        $uri = $request->getUri();
+
+        // TODO: Lots of stuff. Session middleware, auth handler class, etc...
+        if ($uri->getPath() !== '/login') {
+            // Check authorization via session
+            if (empty($_SESSION['username'])) {
+                // Not logged in -> Redirect to /login
+                $response = new Response();
+                return $response
+                    ->withHeader('Location', '/login')
+                    ->withStatus(303);
+            }
+        }
+
+        return $handler->handle($request);
+    }
+}
diff --git a/src/Dependencies.php b/src/Dependencies.php
index f0b2c05..cd8d3e3 100644
--- a/src/Dependencies.php
+++ b/src/Dependencies.php
@@ -4,7 +4,8 @@ declare(strict_types=1);
 namespace MailAccountAdmin;
 
 use DI\Container;
-use MailAccountAdmin\Login\LoginController;
+use MailAccountAdmin\Frontend\Login\LoginController;
+use MailAccountAdmin\Frontend\Dashboard\DashboardController;
 use PDO;
 use Psr\Container\ContainerInterface;
 use Slim\Views\Twig;
@@ -47,13 +48,20 @@ class Dependencies
             );
         });
 
-        // Login, registration, authentication
+        // Login page
         $container->set(LoginController::class, function (ContainerInterface $c) {
             return new LoginController(
                 $c->get(self::TWIG)
             );
         });
 
+        // Dashboard
+        $container->set(DashboardController::class, function (ContainerInterface $c) {
+            return new DashboardController(
+                $c->get(self::TWIG)
+            );
+        });
+
         return $container;
     }
 }
diff --git a/src/Login/LoginController.php b/src/Frontend/Dashboard/DashboardController.php
similarity index 57%
rename from src/Login/LoginController.php
rename to src/Frontend/Dashboard/DashboardController.php
index c0bc80c..bb7218b 100644
--- a/src/Login/LoginController.php
+++ b/src/Frontend/Dashboard/DashboardController.php
@@ -1,13 +1,13 @@
 <?php
 declare(strict_types=1);
 
-namespace MailAccountAdmin\Login;
+namespace MailAccountAdmin\Frontend\Dashboard;
 
 use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Slim\Views\Twig;
 
-class LoginController
+class DashboardController
 {
     /** @var Twig */
     private $view;
@@ -17,11 +17,12 @@ class LoginController
         $this->view = $view;
     }
 
-    public function showLoginPage(Request $request, Response $response): Response
+    public function showDashboard(Request $request, Response $response): Response
     {
         $renderData = [
+            'username' => $_SESSION['username'],
         ];
 
-        return $this->view->render($response, 'login.html', $renderData);
+        return $this->view->render($response, 'dashboard.html.twig', $renderData);
     }
 }
diff --git a/src/Frontend/Login/LoginController.php b/src/Frontend/Login/LoginController.php
new file mode 100644
index 0000000..9935f63
--- /dev/null
+++ b/src/Frontend/Login/LoginController.php
@@ -0,0 +1,63 @@
+<?php
+declare(strict_types=1);
+
+namespace MailAccountAdmin\Frontend\Login;
+
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
+use Slim\Exception\HttpBadRequestException;
+use Slim\Views\Twig;
+
+class LoginController
+{
+    /** @var Twig */
+    private $view;
+
+    public function __construct(Twig $view)
+    {
+        $this->view = $view;
+    }
+
+    public function showLoginPage(Request $request, Response $response): Response
+    {
+        if (!empty($_SESSION['username'])) {
+            // Already logged in, redirect to dashboard
+            return $response
+                ->withHeader('Location', '/')
+                ->withStatus(303);
+        }
+
+        $renderData = [
+        ];
+
+        return $this->view->render($response, 'login.html.twig', $renderData);
+    }
+
+    public function authenticateUser(Request $request, Response $response): Response
+    {
+        $params = (array)$request->getParsedBody();
+
+        if (empty($params['username']) || empty($params['password'])) {
+            throw new HttpBadRequestException($request, 'Missing parameters');
+        }
+
+        // TODO: only for testing, obviously
+        if ($params['username'] === 'lexi' && $params['password'] === 'testpw') {
+            $_SESSION['username'] = $params['username'];
+            return $response
+                ->withHeader('Location', '/')
+                ->withStatus(303);
+        } else {
+            return $this->view->render($response, 'login.html.twig', ['error' => 'Wrong username or password!']);
+        }
+    }
+
+    public function logoutUser(Request $request, Response $response): Response
+    {
+        session_destroy();
+
+        return $response
+            ->withHeader('Location', '/login')
+            ->withStatus(303);
+    }
+}
diff --git a/src/Middlewares.php b/src/Middlewares.php
index 2ed0307..375e481 100644
--- a/src/Middlewares.php
+++ b/src/Middlewares.php
@@ -3,6 +3,7 @@ declare(strict_types=1);
 
 namespace MailAccountAdmin;
 
+use MailAccountAdmin\Auth\AuthMiddleware;
 use Slim\App;
 use Slim\Views\TwigMiddleware;
 
@@ -13,6 +14,7 @@ class Middlewares
         $displayErrorDetails = $settings->isDebugMode();
 
         $app->addErrorMiddleware($displayErrorDetails, true, true);
+        $app->add(new AuthMiddleware());
         $app->add(TwigMiddleware::createFromContainer($app));
     }
 }
diff --git a/src/Routes.php b/src/Routes.php
index 9c7520a..a90372f 100644
--- a/src/Routes.php
+++ b/src/Routes.php
@@ -3,13 +3,20 @@ declare(strict_types=1);
 
 namespace MailAccountAdmin;
 
-use MailAccountAdmin\Login\LoginController;
+use MailAccountAdmin\Frontend\Dashboard\DashboardController;
+use MailAccountAdmin\Frontend\Login\LoginController;
 use Slim\App;
 
 class Routes
 {
     public static function setRoutes(App $app): void
     {
-        $app->get('/', LoginController::class . ':showLoginPage');
+        // Login
+        $app->get('/login', LoginController::class . ':showLoginPage');
+        $app->post('/login', LoginController::class . ':authenticateUser');
+        $app->get('/logout', LoginController::class . ':logoutUser');
+
+        // Dashboard
+        $app->get('/', DashboardController::class . ':showDashboard');
     }
 }
diff --git a/templates/base.html.twig b/templates/base.html.twig
new file mode 100644
index 0000000..916fab1
--- /dev/null
+++ b/templates/base.html.twig
@@ -0,0 +1,23 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <title>{% block title %}Untitled page{% endblock %} - MailAccountAdmin</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link rel="stylesheet" href="/static/style.css">
+</head>
+
+<body>
+
+<header>
+    <h1>MailAccountAdmin</h1>
+</header>
+
+<main>
+    {% block content %}
+        Nothing to see here...
+    {% endblock %}
+</main>
+
+</body>
+</html>
diff --git a/templates/dashboard.html.twig b/templates/dashboard.html.twig
new file mode 100644
index 0000000..92cad0f
--- /dev/null
+++ b/templates/dashboard.html.twig
@@ -0,0 +1,11 @@
+{% extends "base.html.twig" %}
+
+{% block title %}Dashboard{% endblock %}
+
+{% block content %}
+    <h2>Dashboard</h2>
+
+    <p>Hello, {{ username }}!</p>
+
+    <a href="/logout">Logout.</a>
+{% endblock %}
diff --git a/templates/login.html b/templates/login.html
deleted file mode 100644
index e46301d..0000000
--- a/templates/login.html
+++ /dev/null
@@ -1,19 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="utf-8">
-    <title>MailAccountAdmin</title>
-    <meta name="viewport" content="width=device-width, initial-scale=1">
-    <!-- <link rel="stylesheet" href=""> -->
-</head>
-
-<body>
-
-<h1>MailAccountAdmin - Login</h1>
-
-<b>Hello.</b>
-
-<!-- <script src="" async defer></script> -->
-
-</body>
-</html>
diff --git a/templates/login.html.twig b/templates/login.html.twig
new file mode 100644
index 0000000..b22a5b8
--- /dev/null
+++ b/templates/login.html.twig
@@ -0,0 +1,42 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="utf-8">
+    <title>Login - MailAccountAdmin</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <link rel="stylesheet" href="/static/style.css">
+</head>
+
+<body>
+
+<header>
+    <h1>MailAccountAdmin</h1>
+</header>
+
+<main class="login_page">
+    <h2>Login</h2>
+
+    <form action="/login" method="POST">
+        {% if error is defined %}
+        <div class="error">{{ error }}</div>
+        {% endif %}
+
+        <table>
+            <tr>
+                <td><label for="username">Username</label></td>
+                <td><input type="text" id="username" name="username"></td>
+            </tr>
+            <tr>
+                <td><label for="password">Password</label></td>
+                <td><input type="password" id="password" name="password"></td>
+            </tr>
+            <tr>
+                <td></td>
+                <td><button type="submit">Login</button></td>
+            </tr>
+        </table>
+    </form>
+</main>
+
+</body>
+</html>