update dependency + get_user_id_and_signature_from_cookie()

README-EN.md

@@ -40,7 +40,7 @@ Welcome to participate in internationalization work, click [here](https://github
 - Section H&R
 - TGBot
 ## System Requirements
-- PHP: 8.2|8.3|8.4, must have extensions: bcmath, ctype, curl, fileinfo, json, mbstring, openssl, pdo_mysql, tokenizer, xml, mysqli, gd, redis, pcntl, sockets, posix, gmp, zend opcache
+- PHP: 8.2|8.3|8.4, must have extensions: bcmath, ctype, curl, fileinfo, json, mbstring, openssl, pdo_mysql, tokenizer, xml, mysqli, gd, redis, pcntl, sockets, posix, gmp, zend opcache, zip, intl, pdo_sqlite, sqlite3
 - Mysql: 5.7 latest version or above
 - Redis：2.6.12 or above
 - Others: supervisor, rsync

README.md

@@ -40,7 +40,7 @@
 - TGBot
 
 ## 系统要求
-- PHP: 8.2|8.3|8.4，必须扩展：bcmath, ctype, curl, fileinfo, json, mbstring, openssl, pdo_mysql, tokenizer, xml, mysqli, gd, redis, pcntl, sockets, posix, gmp, zend opcache
+- PHP: 8.2|8.3|8.4，必须扩展：bcmath, ctype, curl, fileinfo, json, mbstring, openssl, pdo_mysql, tokenizer, xml, mysqli, gd, redis, pcntl, sockets, posix, gmp, zend opcache, zip, intl, pdo_sqlite, sqlite3
 - Mysql: 5.7 最新版或以上版本
 - Redis：2.6.12 或以上版本
 - 其他：supervisor, rsync

app/Auth/NexusWebUserProvider.php

@@ -61,15 +61,11 @@ class NexusWebUserProvider implements UserProvider
      */
     public function retrieveByCredentials(array $credentials)
     {
-        list($tokenJson, $signature) = explode('.', base64_decode($credentials["c_secure_pass"]));
+        $result = get_user_id_and_signature_from_cookie($credentials);
-        if (empty($tokenJson) || empty($signature)) {
+        if (empty($result)) {
             return null;
         }
-        $tokenData = json_decode($tokenJson, true);
+        return $this->retrieveById($result['user_id']);
-        if (!isset($tokenData['user_id'])) {
-            return null;
-        }
-        return $this->retrieveById($tokenData['user_id']);
     }
 
     /**

composer.json

@@ -34,6 +34,7 @@
         "ext-xml": "*",
         "ext-zend-opcache": "*",
         "ext-zip": "*",
+        "ext-sqlite3": "*",
         "calebporzio/sushi": "^2.5",
         "elasticsearch/elasticsearch": "^7.16",
         "filament/filament": "^3.3",

config/horizon.php

@@ -183,7 +183,7 @@ return [
     'defaults' => [
         'supervisor-1' => [
             'connection' => 'redis',
-            'queue' => ['nexus_queue'],
+            'queue' => ['default', 'nexus_queue'],
             'balance' => 'auto',
             'autoScalingStrategy' => 'time',
             'maxProcesses' => 1,

include/globalfunctions.php

@@ -1399,40 +1399,14 @@ function get_challenge_key(string $challenge): string {
 
 function get_user_from_cookie(array $cookie, $isArray = true): array|\App\Models\User|null {
     $log = "cookie: " . json_encode($cookie);
-    if (empty($cookie["c_secure_pass"])) {
+    $result = get_user_id_and_signature_from_cookie($cookie);
-        do_log("$log, param not enough");
+    if (empty($result)) {
         return null;
     }
-    $base64Decoded = base64_decode($cookie["c_secure_pass"]);
+    $id = $result['user_id'];
-    if (empty($base64Decoded)) {
+    $tokenJson = $result['token_json'];
-        do_log("$log, invalid c_secure_pass");
+    $signature = $result['signature'];
-        return null;
-    }
-    $log .= ", base64 decoded: " . $base64Decoded;
-    $tokenJsonAndSignature = explode(".", $base64Decoded);
-    if (count($tokenJsonAndSignature) != 2) {
-        do_log("$log, invalid c_secure_pass base64_decoded");
-        return null;
-    }
-    $tokenJson = $tokenJsonAndSignature[0];
-    $signature = $tokenJsonAndSignature[1];
-//    list($tokenJson, $signature) = explode('.', base64_decode($_COOKIE["c_secure_pass"]));
-    if (empty($tokenJson) || empty($signature)) {
-        do_log("$log, no tokenJson or signature");
-        return null;
-    }
-    $tokenData = json_decode($tokenJson, true);
-    if (!isset($tokenData['user_id'])) {
-        do_log("$log, no user_id");
-        return null;
-    }
-    if (!isset($tokenData['expires']) || $tokenData['expires'] < time()) {
-        do_log("$log, signature expired");
-        return null;
-    }
-    $id = $tokenData['user_id'];
     $log .= ", uid = $id";
-
     if ($isArray) {
         $res = sql_query("SELECT * FROM users WHERE users.id = ".sqlesc($id)." AND users.enabled='yes' AND users.status = 'confirmed' LIMIT 1");
         $row = mysql_fetch_array($res);
@@ -1464,6 +1438,46 @@ function get_user_from_cookie(array $cookie, $isArray = true): array|\App\Models
     return $row;
 }
 
+function get_user_id_and_signature_from_cookie(array $cookie): array|null
+{
+    $log = "cookie: " . json_encode($cookie);
+    if (empty($cookie["c_secure_pass"])) {
+        do_log("$log, param not enough");
+        return null;
+    }
+    $base64Decoded = base64_decode($cookie["c_secure_pass"]);
+    if (empty($base64Decoded)) {
+        do_log("$log, invalid c_secure_pass");
+        return null;
+    }
+    $log .= ", base64 decoded: " . $base64Decoded;
+    $tokenJsonAndSignature = explode(".", $base64Decoded);
+    if (count($tokenJsonAndSignature) != 2) {
+        do_log("$log, invalid c_secure_pass base64_decoded");
+        return null;
+    }
+    $tokenJson = $tokenJsonAndSignature[0];
+    $signature = $tokenJsonAndSignature[1];
+    if (empty($tokenJson) || empty($signature)) {
+        do_log("$log, no tokenJson or signature");
+        return null;
+    }
+    $tokenData = json_decode($tokenJson, true);
+    if (!isset($tokenData['user_id'])) {
+        do_log("$log, no user_id");
+        return null;
+    }
+    if (!isset($tokenData['expires']) || $tokenData['expires'] < time()) {
+        do_log("$log, signature expired");
+        return null;
+    }
+    return [
+        "user_id" => $tokenData['user_id'],
+        'token_json' => $tokenJson,
+        'signature' => $signature,
+    ];
+}
+
 function render_password_hash_js(string $formId, string $passwordOriginalClass, string $passwordHashedName, bool $passwordRequired, string $passwordConfirmClass = "password_confirmation", string $usernameName = "username"): void {
     $tipTooShort = nexus_trans('signup.password_too_short');
     $tipTooLong = nexus_trans('signup.password_too_long');

nexus/Install/Install.php

@@ -34,7 +34,8 @@ class Install
 
     protected array $requiredExtensions = [
         'ctype', 'curl', 'fileinfo', 'json', 'mbstring', 'openssl', 'pdo_mysql', 'tokenizer', 'xml',
-        'mysqli', 'bcmath', 'redis', 'gd', 'gmp', 'Zend OPcache', 'pcntl', 'posix', 'sockets', 'zip', 'intl'
+        'mysqli', 'bcmath', 'redis', 'gd', 'gmp', 'Zend OPcache', 'pcntl', 'posix', 'sockets', 'zip', 'intl',
+        'sqlite3', 'pdo_sqlite'
     ];
     protected array $optionalExtensions = [
 //        ['name' => 'swoole', 'desc' => "If use swoole for Octane, make sure 'current' shows 1"],