feat(API): implement token re-use mechanism

OpenVK · Mar 30, 2024 · 0b80c0a · 0b80c0a
1 parent 939ea30
commit 0b80c0a
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 6 deletions.
diff --git a/ServiceAPI/Apps.php b/ServiceAPI/Apps.php
@@ -1,8 +1,11 @@
 <?php declare(strict_types=1);
 namespace openvk\ServiceAPI;
 
+use openvk\Web\Models\Entities\APIToken;
 use openvk\Web\Models\Entities\User;
+use openvk\Web\Models\Repositories\APITokens;
 use openvk\Web\Models\Repositories\Applications;
+use WhichBrowser;
 
 class Apps implements Handler
 {
@@ -89,4 +92,25 @@ function withdrawFunds(int $appId, callable $resolve, callable $reject): void
         $app->withdrawCoins();
         $resolve($coins);
     }
+
+    function getRegularToken(string $clientName, bool $acceptsStale, callable $resolve, callable $reject): void
+    {
+        $token = NULL;
+        $stale = true;
+        if($acceptsStale)
+            $token = (new APITokens)->getStaleByUser($this->user->getId(), $clientName);
+
+        if(is_null($token)) {
+            $stale = false;
+            $token = new APIToken;
+            $token->setUser($this->user);
+            $token->setPlatform($clientName ?? (new WhichBrowser\Parser(getallheaders()))->toString());
+            $token->save();
+        }
+
+        $resolve([
+            'is_stale' => $stale,
+            'token'    => $token->getFormattedToken(),
+        ]);
+    }
 }
diff --git a/Web/Models/Repositories/APITokens.php b/Web/Models/Repositories/APITokens.php
@@ -23,4 +23,13 @@ function getByCode(string $code, bool $withRevoked = false): ?APIToken
 
         return $token;
     }
+
+    function getStaleByUser(int $userId, string $platform, bool $withRevoked = false): ?APIToken
+    {
+        return $this->toEntity($this->table->where([
+            'user'     => $userId,
+            'platform' => $platform,
+            'deleted'  => $withRevoked,
+        ])->fetch());
+    }
 }
diff --git a/Web/Presenters/VKAPIPresenter.php b/Web/Presenters/VKAPIPresenter.php
@@ -286,17 +286,31 @@ function renderTokenLogin(): void
                 $this->fail(28, "Invalid 2FA code", "internal", "acquireToken");
         }
 
-        $platform = $this->requestParam("client_name");
-
-        $token = new APIToken;
-        $token->setUser($user);
-        $token->setPlatform($platform ?? (new WhichBrowser\Parser(getallheaders()))->toString());
-        $token->save();
+        $token        = NULL;
+        $tokenIsStale = true;
+        $platform     = $this->requestParam("client_name");
+        $acceptsStale = $this->requestParam("accepts_stale");
+        if($acceptsStale == "1") {
+            if(is_null($platform))
+                $this->fail(101, "accepts_stale can only be used with explicitly set client_name", "internal", "acquireToken");
+
+            $token = (new APITokens)->getStaleByUser($uId, $platform);
+        }
+
+        if(is_null($token)) {
+            $tokenIsStale = false;
+
+            $token = new APIToken;
+            $token->setUser($user);
+            $token->setPlatform($platform ?? (new WhichBrowser\Parser(getallheaders()))->toString());
+            $token->save();
+        }
 
         $payload = json_encode([
             "access_token" => $token->getFormattedToken(),
             "expires_in"   => 0,
             "user_id"      => $uId,
+            "is_stale"     => $tokenIsStale,
         ]);
 
         $size = strlen($payload);