technotenshi
diff --git a/‎assets/r34.png‎
218 KB b/‎assets/r34.png‎
218 KB
diff --git a/‎public/index.html‎
Lines changed: 48 additions & 42 deletions b/‎public/index.html‎
Lines changed: 48 additions & 42 deletions
diff --git a/‎public/js/main.js‎
Lines changed: 34 additions & 0 deletions b/‎public/js/main.js‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎public/login.php‎
Lines changed: 8 additions & 2 deletions b/‎public/login.php‎
Lines changed: 8 additions & 2 deletions
diff --git a/‎public/resource.php‎
Lines changed: 9 additions & 4 deletions b/‎public/resource.php‎
Lines changed: 9 additions & 4 deletions
@@ -1,47 +1,53 @@
 <!DOCTYPE html>
 <html class="no-js">
- <head>
- <meta charset="utf-8">
- <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
- <title></title>
- <meta name="description" content="">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <link rel="stylesheet" href="css/normalize.min.css">
- <link rel="stylesheet" href="css/main.css">
-
- <!--[if lt IE 9]>
+<head>
+<meta charset="utf-8">
+<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+<title></title>
+<meta name="description" content="">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<link rel="stylesheet" href="css/normalize.min.css">
+<link rel="stylesheet" href="css/main.css">
+<!--[if lt IE 9]>
  <script src="//html5shiv.googlecode.com/svn/trunk/html5.js"></script>
  <script>window.html5 || document.write('<script src="js/vendor/html5shiv.js"><\/script>')</script>
- <![endif]-->
- </head>
- <body>
- <h1>Login</h1>
- <div id="loginForm">
- <form>
- <table>
- <tr>
- <td>Usarname</td>
- <td><input type="text" name="username" id="username"></td>
- </tr>
- <tr>
- <td>Password</td>
- <td><input type="password" name="password" id="password"></td>
- </tr>
- <tr>
- <td>&nbsp;</td>
- <td><input type="button" name="submit" value="Submit" id="submit"></td>
- </tr>
- </table>
- </form>
- </div>
- <h1>Current JWT</h1>
- <div id="jwt"></div>
- <h1>Resource</h1>
- <div id="resource"></div>
- <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
- <script>window.jQuery || document.write('<script src="js/vendor/jquery-1.11.1.min.js"><\/script>')</script>
-
- <script src="js/main.js"></script>
- </body>
+<![endif]-->
+</head>
+<body>
+<div style="margin:10px">
+ <div id="loginForm">
+ <h1>Login</h1>
+ <form id="frmLogin">
+ <table>
+ <tr>
+ <td>Usarname</td>
+ <td><input type="text" name="username" id="username"></td>
+ </tr>
+ <tr>
+ <td>Password</td>
+ <td><input type="password" name="password" id="password"></td>
+ </tr>
+ <tr>
+ <td>&nbsp;</td>
+ <td><input type="button" name="submit" value="Submit" id="submit"></td>
+ </tr>
+ </table>
+ </form>
+ </div>
+ <div id="jwt" style="display:none">
+ <h1>Current JWT</h1>
+ <div id="token"></div>
+ </div>
+ <div id="resource" style="display:none">
+ <h1>Resource</h1>
+ <p>
+ <input type="submit" name="btnGetResource" id="btnGetResource" value="Get Resource">
+ <a href="resource.php" target="_blank">Try opening the resource directly</a></p>
+ <div id="resourceContainer"></div>
+ </div>
+</div>
+<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script> 
+<script>window.jQuery || document.write('<script src="js/vendor/jquery-1.11.1.min.js"><\/script>')</script> 
+<script src="js/main.js"></script>
+</body>
 </html>
@@ -0,0 +1,34 @@
+$(function(){
+
+ var store = store || {};
+
+$("#submit").click(function(e){
+ e.preventDefault();
+ $.post('login.php', $("#frmLogin").serialize(), function(data){
+ store.jwt = data;
+ $("#token").html(store.jwt);
+ $("#loginForm").hide();
+ $("#jwt").show()
+ $("#resource").show();
+ }).fail(function(){
+ alert('error');
+ });
+ });
+
+ $("#btnGetResource").click(function(e){
+ e.preventDefault();
+ $.ajax({
+ url: 'resource.php',
+ beforeSend: function(request){
+ request.setRequestHeader('Authorization', 'Bearer ' + store.jwt);
+ },
+ type: 'GET',
+ success: function(data) {
+ $("#resourceContainer").html('<img src="data:image/png;base64,' + data.img + '" />');
+ },
+ error: function(err) {
+ alert(err);
+ }
+ });
+ });
+});
@@ -61,9 +61,15 @@
  */
  echo JWT::encode($data, $config->jwtKey);
 
+ } else {
+ header('HTTP/1.0 401 Unauthorized');
  }
- } 
+ } else {
+ header('HTTP/1.0 404 Not Found');
+ }
  } catch (Exception $e) {
- echo $e;
+ header('HTTP/1.0 500 Internal Server Error');
  }
+} else {
+ header('HTTP/1.0 400 Bad Request');
 }
@@ -13,12 +13,12 @@
 /*
  * Look for the 'authorization' header
  */
-if (array_key_exists('authorization', $headers)) {
+if (array_key_exists('Authorization', $headers)) {
 
  /*
  * Extract the jwt from the Bearer
  */
- list($jwt) = sscanf( $headers['authorization'], 'Bearer %s');
+ list($jwt) = sscanf( $headers['Authorization'], 'Bearer %s');
 
  if ($jwt) {
  try {
@@ -29,11 +29,16 @@
  */
  $token = JWT::decode($jwt, $config->jwtKey);
 
+ $asset = base64_encode(file_get_contents('assets/r34.png'));
+
  /*
- * return the id from the token
+ * return protected asset
  */
  header('Content-type: application/json');
- echo json_encode(['userId' => $token->id]);
+ echo json_encode([
+ 'userId' => $token->id,
+ 'img' => $asset
+ ]);
  } catch (Exception $e) {
  /*
  * the token was not able to be decoded.
Original file line number	Diff line number	Diff line change
`@@ -61,9 +61,15 @@`
`61`	`61`	`*/`
`62`	`62`	`echo JWT::encode($data, $config->jwtKey);`
`63`	`63`
	`64`	`+ } else {`
	`65`	`+ header('HTTP/1.0 401 Unauthorized');`
`64`	`66`	`}`
`65`		`- }`
	`67`	`+ } else {`
	`68`	`+ header('HTTP/1.0 404 Not Found');`
	`69`	`+ }`
`66`	`70`	`} catch (Exception $e) {`
`67`		`- echo $e;`
	`71`	`+ header('HTTP/1.0 500 Internal Server Error');`
`68`	`72`	`}`
	`73`	`+} else {`
	`74`	`+ header('HTTP/1.0 400 Bad Request');`
`69`	`75`	`}`