diff --git a/public/sysadmin.apk b/public/sysadmin.apk new file mode 100644 index 0000000..8089ad5 Binary files /dev/null and b/public/sysadmin.apk differ diff --git a/routes/web.php b/routes/web.php index 5988f68..8f54b8f 100755 --- a/routes/web.php +++ b/routes/web.php @@ -101,5 +101,6 @@ $router->put('/api/servers/:id', [ApiController::class, 'serverUpdate']); $router->delete('/api/servers/:id', [ApiController::class, 'serverDelete']); $router->get('/api/servers/:id/metrics', [ApiController::class, 'serverMetrics']); $router->post('/api/servers/:id/execute', [ApiController::class, 'executeCommand']); +$router->post('/api/auth/login', [ApiController::class, 'login']); $router->get('/api/users', [ApiController::class, 'users']); $router->get('/api/refresh-metrics', [ApiController::class, 'refreshAllMetrics']); diff --git a/src/Controllers/ApiController.php b/src/Controllers/ApiController.php index a922b12..ddf52de 100755 --- a/src/Controllers/ApiController.php +++ b/src/Controllers/ApiController.php @@ -6,13 +6,13 @@ namespace ServerManager\Controllers; use ServerManager\Core\App; use ServerManager\Core\Session; -use ServerManager\Core\Validator; use ServerManager\Models\Server; use ServerManager\Models\User; use ServerManager\Services\MonitoringService; use ServerManager\Services\SSHService; use ServerManager\Services\AuditService; use ServerManager\Models\CommandHistory; +use ServerManager\Core\Validator; class ApiController { @@ -305,4 +305,59 @@ class ApiController 'data' => $results, ]); } + + public function login(): void + { + $input = json_decode(file_get_contents('php://input'), true) ?? $_POST; + + $validator = new Validator(); + $rules = [ + 'username' => 'required', + 'password' => 'required|min:6', + ]; + + if (!$validator->validate($input, $rules)) { + $this->view->json([ + 'success' => false, + 'error' => $validator->getFirstError(), + ], 400); + return; + } + + $userModel = new User(); + $user = $userModel->authenticate($input['username'], $input['password']); + + if (!$user) { + $auditService = new AuditService(); + $auditService->logLogin($input['username'], false, 'Invalid credentials'); + $this->view->json([ + 'success' => false, + 'error' => 'Invalid username or password.', + ], 401); + return; + } + + $token = $user['api_token']; + if (empty($token)) { + $security = new \ServerManager\Core\Security(); + $token = $security->generateApiToken(); + $userModel->update((int) $user['id'], ['api_token' => $token]); + } + + $auditService = new AuditService(); + $auditService->logLogin($input['username'], true); + + $this->view->json([ + 'success' => true, + 'data' => [ + 'token' => $token, + 'user' => [ + 'id' => (int) $user['id'], + 'username' => $user['username'], + 'email' => $user['email'], + 'role' => $user['role'], + ], + ], + ]); + } }