+ catch to elephantIO functions, this allows use of the system without the feedserver running.

~ socket authentication.
~ updated readme.

Author: micwallace

README.md

@@ -12,60 +12,106 @@ Take your business into the cloud with WallacePOS!
 
 To find out more about WallacePOS, head over to [wallacepos.com](https://wallacepos.com)
 
-## Server Requirements
+## Server Prerequisites
 
 WallacePOS requires:
 
-- A Lamp server with PHP>=5.4 and Apache module proxy_wstunnel installed & enabled.
+1. A Lamp server with PHP version>=5.4 and Apache version>=2.4.7 with modules rewrite and proxy_wstunnel.
 
-- You can enable proxy_wstunnel by typing the following in your terminal
+    - You can enable proxy_wstunnel & rewrite by typing the following in your terminal
 
-```
-    sudo a2enmod proxy_wstunnel
-```
+    ```
+        sudo a2enmod proxy_wstunnel && a2enmod rewrite
+    ```
 
-- The following snippet in your apache.conf or apache config dir
+    - The following virtual host snippet in your apache config, replace %*% with your values and modify to your needs.
 
-```
-    ProxyRequests Off
-    ProxyPreserveHost On
-    <Proxy *>
-        Order deny,allow
-        Allow from all
-    </Proxy>
-    ProxyPass /socket.io/1/websocket/ ws://127.0.0.1:8080/socket.io/1/websocket/
-    ProxyPassReverse /socket.io/1/websocket/ ws://127.0.0.1:8080/socket.io/1/websocket/
-    ProxyPass /socket.io/ http://127.0.0.1:8080/socket.io/
-    ProxyPassReverse /socket.io/ http://127.0.0.1:8080/socket.io/
-    <Location /socket.io>
-        Order allow,deny
-        Allow from all
-    </Location>
-```
 
-- Node.js installed along with the socket.io library
+    ```
+        <VirtualHost *:443>
+             DocumentRoot %/your_install_dir%
+             ServerName %your.server.fqdn%
+
+             ErrorLog ${APACHE_LOG_DIR}/error.log
+             CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+             SSLEngine on
+                 SSLCipherSuite !ADH:!DSS:!RC4:HIGH:+3DES:+RC4
+                 SSLProtocol all -SSLv2 -SSLv3
+                 SSLCertificateFile %certificate_location%
+                 SSLCertificateKeyFile %key_location%
+                 SSLCertificateChainFile %cert_chain_location%
+
+             <Directory %/your_install_dir%>
+                AllowOverride all
+             </Directory>
+
+             # WSPROXY CONF
+             ProxyRequests Off
+             ProxyPreserveHost On
+             <Proxy *>
+                     Order deny,allow
+                     Allow from all
+             </Proxy>
+             ProxyPass /socket.io/1/websocket/ ws://localhost:8080/socket.io/1/websocket/
+             ProxyPassReverse /socket.io/1/websocket/ ws://localhost:8080/socket.io/1/websocket
+             ProxyPass /socket.io/ http://localhost:8080/socket.io/
+             ProxyPassReverse /socket.io/ http://localhost:8080/socket.io/
+             <Location /socket.io>
+                     Order allow,deny
+                     Allow from all
+             </Location>
+        </VirtualHost>
+    ```
+
+    Note: Using plain http is not recommended.
+
+2. Node.js installed along with the socket.io library
+
+    For a Debian distro:
+
+    ```
+        sudo apt-get update
+        sudo apt-get install nodejs && apt-get install npm
+        cd %/your_install_dir%
+        sudo npm install
+    ```
+
+## Installation & Startup
+
+1. Clone your chosen WallacePOS release to %your_install_dir% if you haven't done so already.
+
+2. Configure the database by copying %your_install_dir%/library/wpos/dbconfig_template.php to %your_install_dir%/library/wpos/dbconfig.php and fill in your own values.
+
+3. Install the database schema & templates:
+
+    1. Enable the /library/installer/index.php file by removing the die(); command at the start
+    2. Access library/installer/?install from the web browser to install the database schema
+
+    OR
+
+    1. Manually install the database schema at %your_install_dir%/library/installer/schemas/install.sql using your favoured sql management method.
+    2. Copy docs-template folder to docs, make sure it is writable by your apache user (eg. www-data)
+
+4. Login to the admin dashboard at /admin using credentials admin:admin, from the menu go to Settings -> Utilities and click the Start button under Feed Server
+
+5. Change default passwords in Settings -> Staff & Admins!
 
 ## Deploying using dokku
 
 To deploy WallacePOS on dokku:
 
 1. Install [dokku-buildpack-multi](https://github.com/pauldub/dokku-multi-buildpack) on your dokku host
 
-2. Copy /library/wpos/dbconfig_template.php to dbconfig.php and fill in your own values
+2. Fork the WallacePOS to a PRIVATE repo (IMPORTANT),  copy /library/wpos/dbconfig_template.php to dbconfig.php and fill in your own values
 
     **OR**
 
-    Use my [dokku mysql plugin](https://github.com/micwallace/dokku-mysql-server-plugin) to create and link the database automatically
-
-## Installation & Startup
-
-### To install the database:
+   Use my [dokku mysql plugin](https://github.com/micwallace/dokku-mysql-server-plugin) to create and link the database automagically
 
-1. Enable the /library/installer/index.php file by removing the die(); command at the start
-2. Access library/installer/?install from the web browser to install the database schema
+3. Deploy in the usual manner.
 
-### To run the feed server
+4. Login to the admin dashboard at /admin using credentials admin:admin & change the default passwords in Settings -> Staff & Admins!
 
-- Run /api/server.js using node.js or login to the admin dashboard, go to settings -> utilities and click the start button under feed server.
 
 

api/server.js

@@ -23,7 +23,7 @@ function wshandler(req, res) {
 var devices = {};
 var sessions = {};
 
-var hashkey = "0798f20c2c513da7cad1af28ffa3012cdafd0e799e41912f006e6d46c8e99327"; // private key for php interaction
+var hashkey = "0798f20c2c513da7cad1af28ffa3012cdafd0e799e41912f006e6d46c8e99327"; // key for php interaction, provides extra security
 
 io.sockets.on('connection', function (socket) {
     // START AUTHENTICATION
@@ -50,7 +50,7 @@ io.sockets.on('connection', function (socket) {
     // check for hashkey (for php authentication)
     if (cookies == null) {
         if (socket.handshake.query.hasOwnProperty('hashkey')) {
-            if (hashkey == socket.handshake.query.hashkey) {
+            if ((hashkey == socket.handshake.query.hashkey) && (socket.handshake.address.address=="127.0.0.1")) {
                 authed = true;
                 console.log("Authorised by hashkey: " + socket.handshake.query.hashkey);
             }

api/wpos.php

@@ -37,34 +37,31 @@
 
 $auth = new Auth();
 // Check for auth request
-if ($_REQUEST['a'] == "auth") {
+if ($_REQUEST['a'] == "auth" || $_REQUEST['a'] == "authrenew") {
     $data = json_decode($_REQUEST['data']);
-    if ($data !== false) {
-        if (($authres = $auth->login($data->username, $data->password, isset($data->getsessiontokens))) === true) {
-            $result['data'] = $auth->getUser();
-        } else if ($authres == -1) {
-            $result['errorCode'] = "authdenied";
-            $result['error'] = "Your account has been disabled, please contact your system administrator!";
-        } else {
-            $result['errorCode'] = "authdenied";
-            $result['error'] = "Access Denied!";
-        }
+    if ($_REQUEST['a'] == "auth"){
+        $authres = $auth->login($data->username, $data->password, isset($data->getsessiontokens));
     } else {
-        $result['errorCode'] = "jsondec";
-        $result['error'] = "Error decoding the json request!";
+        $authres = $auth->renewTokenSession($data->username, $data->auth_hash);
     }
-    returnResult($result);
-} else if ($_REQUEST['a'] == "authrenew") {
-    $data = json_decode($_REQUEST['data']);
     if ($data !== false) {
-        if (($authres = $auth->renewTokenSession($data->username, $data->auth_hash)) === true) {
-            $result['data'] = $auth->getUser();
-        } else if ($authres == -1) {
-            $result['errorCode'] = "authdenied";
-            $result['error'] = "Your account has been disabled, please contact your system administrator!";
-        } else {
-            $result['errorCode'] = "authdenied";
-            $result['error'] = "Failed to renew your session, please login again.";
+        switch ($authres){
+            // will be included when elephantIO is upgraded, no reliable exceptions in current version
+            /*case -2: // user authenticated successfully, but could not be authenticated with the feed server, fall through to normal login
+                $result['warning'] = "Warning: Feedserver authentication attempt failed.";*/
+            case true:
+                $result['data'] = $auth->getUser();
+                break;
+
+            case -1:
+                $result['errorCode'] = "authdenied";
+                $result['error'] = "Your account has been disabled, please contact your system administrator!";
+                break;
+
+            case false:
+            default:
+                $result['errorCode'] = "authdenied";
+                $result['error'] = "Access Denied!";
         }
     } else {
         $result['errorCode'] = "jsondec";

library/wpos/Auth.php

@@ -193,12 +193,15 @@ public function login($username, $password, $getToken=false){
             if ($getToken!==false)
                 $this->setNewSessionToken($user['id'], $user['hash']);
 
-            // Send to node JS
-            $socket = new WposSocketIO();
-            $socket->sendSessionData(session_id());
             // log data
             Logger::write("Authentication successful for user:".$username, "AUTH");
 
+            // Send to node JS
+            $socket = new WposSocketIO();
+            $socket->sendSessionData(session_id());
+            /*if (!$socket->sendSessionData(session_id())){
+                return -2;
+            }*/
             return true;
         } else{
             // log data
@@ -234,12 +237,15 @@ public function renewTokenSession($username, $auth_hash){
                 $_SESSION['permissions']  = json_decode($user['permissions'], true);
                 //$this->hash = $user['hash'];
                 $this->setNewSessionToken($user['id'], $user['hash']);
+                // log data
+                Logger::write("Authentication successful for user:".$username, "AUTH");
 
                 // Send to node JS
                 $socket = new WposSocketIO();
                 $socket->sendSessionData(session_id());
-                // log data
-                Logger::write("Authentication successful for user:".$username, "AUTH");
+                /*if (!$socket->sendSessionData(session_id())){
+                    return -2;
+                }*/
                 return true;
             } else {
                 // log data

library/wpos/models/TestData.php

@@ -42,8 +42,8 @@ public function generateTestData(){
     }
 
     public function resetDocuments(){
-        exec("rm -R ".$_SERVER['DOCUMENT_ROOT'].$_SERVER['APP_ROOT']."docs/");
-        exec("cp -R ".$_SERVER['DOCUMENT_ROOT'].$_SERVER['APP_ROOT']."docs-template ".$_SERVER['DOCUMENT_ROOT'].$_SERVER['APP_ROOT']."docs");
+        exec("rm -r ".$_SERVER['DOCUMENT_ROOT'].$_SERVER['APP_ROOT']."docs/");
+        exec("cp -rp ".$_SERVER['DOCUMENT_ROOT'].$_SERVER['APP_ROOT']."docs-template ".$_SERVER['DOCUMENT_ROOT'].$_SERVER['APP_ROOT']."docs");
     }
 
     public function generate($numtransactions, $type='sale'){