Jakach/armeech-neptune
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding authentication
Deploy / deploy (push) Successful in 38s
Details

Browse Source
This commit is contained in:
janis steiner
2026-05-07 19:40:39 +02:00
parent 1cf8d9f664
commit f5bdf57265
7 changed files with 381 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/api/index.php
+124 -4
View File
@@ -1,4 +1,5 @@
<?php <?php
session_start();
header('Content-Type: application/json'); header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS'); header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
@@ -12,18 +13,33 @@ if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
require_once __DIR__ . '/../config/database.php'; require_once __DIR__ . '/../config/database.php';
$db = getDbConnection(); $db = getDbConnection();
$requestUri = $_SERVER['REQUEST_URI'];
$method = $_SERVER['REQUEST_METHOD'];
$path = parse_url($requestUri, PHP_URL_PATH); // Auth check (except for session check)
$path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
$path = str_replace('/api/', '', $path); $path = str_replace('/api/', '', $path);
$segments = explode('/', trim($path, '/')); $segments = explode('/', trim($path, '/'));
$resource = $segments[0] ?? ''; $resource = $segments[0] ?? '';
if ($resource !== 'session') {
$loggedin = isset($_SESSION['neptune_loggedin']) && $_SESSION['neptune_loggedin'] === true;
if (!$loggedin) {
http_response_code(401);
echo json_encode(['error' => 'Unauthorized']);
exit;
}
}
$method = $_SERVER['REQUEST_METHOD'];
$id = $segments[1] ?? null; $id = $segments[1] ?? null;
try { try {
switch ($resource) { switch ($resource) {
case 'session':
handleSession($method, $db);
break;
case 'settings':
handleSettings($method, $db);
break;
case 'teams': case 'teams':
handleTeams($method, $id, $db); handleTeams($method, $id, $db);
break; break;
@@ -51,6 +67,110 @@ try {
echo json_encode(['error' => $e->getMessage()]); echo json_encode(['error' => $e->getMessage()]);
} }
function handleSession($method, $db) {
$loggedin = isset($_SESSION['neptune_loggedin']) && $_SESSION['neptune_loggedin'] === true;
if ($loggedin) {
$role = $_SESSION['neptune_role'] ?? 'user';
$stmt = $db->prepare("SELECT COUNT(*) as c FROM neptune_users WHERE role='admin'");
$stmt->execute();
$adminCount = $stmt->fetch()['c'];
echo json_encode([
'loggedin' => true,
'username' => $_SESSION['neptune_username'] ?? 'Unknown',
'role' => $role,
'admin_count' => (int)$adminCount
]);
} else {
echo json_encode(['loggedin' => false]);
}
}
function handleSettings($method, $db) {
$role = $_SESSION['neptune_role'] ?? 'user';
if ($method === 'GET') {
if ($role !== 'admin') {
http_response_code(403);
echo json_encode(['error' => 'Admins only']);
return;
}
$users = $db->query("SELECT id, username, user_token, email, role, created_at FROM neptune_users ORDER BY created_at ASC")->fetchAll();
echo json_encode($users);
} elseif ($method === 'POST') {
if ($role !== 'admin') {
http_response_code(403);
echo json_encode(['error' => 'Admins only']);
return;
}
$data = json_decode(file_get_contents('php://input'), true);
$user_token = $data['user_token'] ?? '';
if (!$user_token) {
http_response_code(400);
echo json_encode(['error' => 'user_token required']);
return;
}
// Validate the token with Jakach Auth
$check_url = "https://auth.jakach.ch/api/auth/check_auth_key.php?auth_token=" . urlencode($user_token);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $check_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
$response = curl_exec($ch);
$http = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($http !== 200 || !$response) {
http_response_code(400);
echo json_encode(['error' => 'Failed to validate token']);
return;
}
$info = json_decode($response, true);
if (!isset($info['status']) || $info['status'] !== 'success') {
http_response_code(400);
echo json_encode(['error' => 'Invalid token']);
return;
}
$stmt = $db->prepare("SELECT COUNT(*) as c FROM neptune_users WHERE user_token = ?");
$stmt->execute([$user_token]);
if ($stmt->fetch()['c'] > 0) {
http_response_code(400);
echo json_encode(['error' => 'User already exists']);
return;
}
$stmt = $db->prepare("INSERT INTO neptune_users (user_token, username, email, role) VALUES (?, ?, ?, 'user')");
$stmt->execute([$user_token, $info['username'], $info['email'] ?? '']);
echo json_encode(['status' => 'success', 'msg' => 'User added']);
} elseif ($method === 'DELETE') {
if ($role !== 'admin') {
http_response_code(403);
echo json_encode(['error' => 'Admins only']);
return;
}
$data = json_decode(file_get_contents('php://input'), true);
$id = $data['id'] ?? null;
if (!$id) {
http_response_code(400);
echo json_encode(['error' => 'id required']);
return;
}
// Prevent deleting the last admin
$stmt = $db->prepare("SELECT role FROM neptune_users WHERE id = ?");
$stmt->execute([$id]);
$user = $stmt->fetch();
if ($user && $user['role'] === 'admin') {
$adminCount = $db->query("SELECT COUNT(*) as c FROM neptune_users WHERE role='admin'")->fetch()['c'];
if ($adminCount <= 1) {
http_response_code(400);
echo json_encode(['error' => 'Cannot delete the last admin']);
return;
}
}
$db->prepare("DELETE FROM neptune_users WHERE id = ?")->execute([$id]);
echo json_encode(['status' => 'success']);
}
}
function handleTeams($method, $id, $db) { function handleTeams($method, $id, $db) {
switch ($method) { switch ($method) {
case 'GET': case 'GET':
backend/config/database.php
+8
View File
@@ -30,4 +30,12 @@ function migrate($db) {
z_index INT DEFAULT 0, z_index INT DEFAULT 0,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
)"); )");
$db->exec("CREATE TABLE IF NOT EXISTS neptune_users (
id INT AUTO_INCREMENT PRIMARY KEY,
user_token VARCHAR(255) NOT NULL UNIQUE,
username VARCHAR(255) NOT NULL,
email VARCHAR(255) DEFAULT '',
role ENUM('admin','user') DEFAULT 'user',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
)");
} }
backend/login.php
+107
View File
@@ -0,0 +1,107 @@
<?php
session_start();
// If already logged in, redirect
if (isset($_SESSION['neptune_loggedin']) && $_SESSION['neptune_loggedin'] === true) {
header('Location: /');
exit;
}
$error = '';
$success = '';
// Check for auth callback from Jakach Auth
if (isset($_GET['auth'])) {
$auth_token = $_GET['auth'];
$check_url = "https://auth.jakach.ch/api/auth/check_auth_key.php?auth_token=" . urlencode($auth_token);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $check_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($http_code !== 200 || !$response) {
$error = 'Failed to contact authentication server.';
} else {
$data = json_decode($response, true);
if (isset($data['status']) && $data['status'] === 'success') {
$user_token = $data['user_token'];
$username = $data['username'];
$email = $data['email'] ?? '';
require_once __DIR__ . '/config/database.php';
$db = getDbConnection();
// Check if user exists in our db
$stmt = $db->prepare("SELECT * FROM neptune_users WHERE user_token = ?");
$stmt->execute([$user_token]);
$user = $stmt->fetch();
if ($user) {
$_SESSION['neptune_loggedin'] = true;
$_SESSION['neptune_user_token'] = $user['user_token'];
$_SESSION['neptune_username'] = $user['username'];
$_SESSION['neptune_role'] = $user['role'];
header('Location: /');
exit;
} else {
// First user becomes admin
$count = $db->query("SELECT COUNT(*) as c FROM neptune_users")->fetch()['c'];
$role = ($count == 0) ? 'admin' : 'user';
$stmt = $db->prepare("INSERT INTO neptune_users (user_token, username, email, role) VALUES (?, ?, ?, ?)");
$stmt->execute([$user_token, $username, $email, $role]);
$_SESSION['neptune_loggedin'] = true;
$_SESSION['neptune_user_token'] = $user_token;
$_SESSION['neptune_username'] = $username;
$_SESSION['neptune_role'] = $role;
header('Location: /');
exit;
}
} else {
$error = 'Authentication failed: ' . ($data['msg'] ?? 'unknown error');
}
}
}
?>
<!DOCTYPE html>
<html lang="en" data-bs-theme="dark">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Neptune - Login</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
<link href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.5.1/css/all.min.css" rel="stylesheet">
<style>
body { background: #0a0e1a; display: flex; align-items: center; justify-content: center; min-height: 100vh; }
.login-card { background: #131a2b; border: 1px solid #1e2a45; border-radius: .75rem; padding: 2.5rem; max-width: 420px; width: 100%; }
.login-card h1 { font-size: 1.5rem; }
.login-card p { color: #64748b; font-size: .9rem; }
.btn-jakach { background: #3b82f6; color: #fff; }
.btn-jakach:hover { background: #2563eb; color: #fff; }
</style>
</head>
<body>
<div class="login-card text-center">
<i class="fas fa-globe text-primary mb-3" style="font-size: 2.5rem;"></i>
<h1 class="fw-bold mb-1">Neptune</h1>
<p class="mb-4">Cybersecurity Incident Journal</p>
<?php if ($error): ?>
<div class="alert alert-danger py-2 small"><?= htmlspecialchars($error) ?></div>
<?php endif; ?>
<?php if ($success): ?>
<div class="alert alert-success py-2 small"><?= htmlspecialchars($success) ?></div>
<?php endif; ?>
<a href="https://auth.jakach.ch/?send_to=<?= urlencode('http://' . ($_SERVER['HTTP_HOST'] ?? 'localhost:8080') . '/login.php') ?>" class="btn btn-jakach w-100 py-2 mb-2">
<i class="fas fa-right-to-bracket me-2"></i>Log in with Jakach Auth
</a>
<small class="text-secondary">First user automatically becomes admin</small>
</div>
</body>
</html>
backend/logout.php
+6
View File
@@ -0,0 +1,6 @@
<?php
session_start();
$_SESSION = array();
session_destroy();
header('Location: /');
exit;
docker/nginx.conf
+19 -1
View File
@@ -14,7 +14,25 @@ server {
include fastcgi_params; include fastcgi_params;
} }
location /login.php {
fastcgi_pass php:9000;
fastcgi_param SCRIPT_FILENAME /var/www/backend/login.php;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
include fastcgi_params;
}
location /logout.php {
fastcgi_pass php:9000;
fastcgi_param SCRIPT_FILENAME /var/www/backend/logout.php;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
include fastcgi_params;
}
location / { location / {
try_files $uri $uri/ =404; try_files $uri $uri/ /index.html;
} }
} }
frontend/assets/js/app.js
+87 -14
View File
@@ -30,22 +30,25 @@ let editingNodeId = null;
let editingShapeId = null; let editingShapeId = null;
document.addEventListener('DOMContentLoaded', () => { document.addEventListener('DOMContentLoaded', () => {
canvas = document.getElementById('networkCanvas'); // Check auth first
ctx = canvas.getContext('2d'); checkSession().then(() => {
resizeCanvas(); canvas = document.getElementById('networkCanvas');
ctx = canvas.getContext('2d');
resizeCanvas();
loadTeams().then(() => loadEvents()); loadTeams().then(() => loadEvents());
loadNetworkData(); loadNetworkData();
document.getElementById('saveEvent').addEventListener('click', saveEvent); document.getElementById('saveEvent').addEventListener('click', saveEvent);
document.getElementById('saveNode').addEventListener('click', saveNode); document.getElementById('saveNode').addEventListener('click', saveNode);
document.getElementById('saveLink').addEventListener('click', saveLink); document.getElementById('saveLink').addEventListener('click', saveLink);
document.getElementById('saveShape').addEventListener('click', saveShape); document.getElementById('saveShape').addEventListener('click', saveShape);
document.getElementById('teamFilter').addEventListener('change', renderTimeline); document.getElementById('addUserBtn').addEventListener('click', addUser);
document.getElementById('searchEvents').addEventListener('input', renderTimeline); document.getElementById('teamFilter').addEventListener('change', renderTimeline);
document.getElementById('shapeOpacity').addEventListener('input', (e) => { document.getElementById('searchEvents').addEventListener('input', renderTimeline);
document.getElementById('opacityVal').textContent = parseFloat(e.target.value).toFixed(2); document.getElementById('shapeOpacity').addEventListener('input', (e) => {
}); document.getElementById('opacityVal').textContent = parseFloat(e.target.value).toFixed(2);
});
canvas.addEventListener('mousedown', onMouseDown); canvas.addEventListener('mousedown', onMouseDown);
canvas.addEventListener('mousemove', onMouseMove); canvas.addEventListener('mousemove', onMouseMove);
@@ -882,6 +885,76 @@ function esc(s) {
return div.innerHTML; return div.innerHTML;
} }
// ==================== AUTH / SESSION ====================
let currentUser = null;
let currentRole = null;
async function checkSession() {
try {
const res = await fetch('/api/session');
const data = await res.json();
if (data.loggedin) {
currentUser = data.username;
currentRole = data.role;
document.getElementById('userDisplay').textContent = data.username;
if (data.role === 'admin' || data.admin_count === 0) {
document.getElementById('settingsBtn').classList.remove('d-none');
}
} else {
window.location.href = '/login.php';
}
} catch (e) {
window.location.href = '/login.php';
}
}
async function loadUsers() {
const list = document.getElementById('userList');
try {
const users = await apiFetch('settings');
list.innerHTML = users.map(u => `
<div class="d-flex justify-content-between align-items-center py-1 border-bottom border-secondary">
<div>
<strong class="small">${esc(u.username)}</strong>
<span class="badge bg-${u.role === 'admin' ? 'warning' : 'secondary'} ms-1" style="font-size:.6rem;">${u.role}</span>
<div class="text-secondary" style="font-size:.7rem;">${u.user_token.substring(0, 16)}...</div>
</div>
${u.role !== 'admin' ? `<button class="btn btn-outline-danger btn-sm py-0 px-1" onclick="removeUser(${u.id})"><i class="fas fa-times" style="font-size:.7rem;"></i></button>` : ''}
</div>
`).join('');
} catch (e) {
list.innerHTML = '<div class="text-danger small">Failed to load users</div>';
}
}
async function addUser() {
const token = document.getElementById('addUserToken').value.trim();
if (!token) return;
try {
const res = await apiFetch('settings', { method: 'POST', body: JSON.stringify({ user_token: token }) });
if (res.status === 'success') {
document.getElementById('addUserToken').value = '';
loadUsers();
} else {
alert(res.error || 'Failed to add user');
}
} catch (e) {
alert('Failed to add user');
}
}
async function removeUser(id) {
if (!confirm('Remove this user?')) return;
try {
await apiFetch('settings', { method: 'DELETE', body: JSON.stringify({ id }) });
loadUsers();
} catch (e) {
alert('Failed to remove user');
}
}
document.getElementById('settingsModal').addEventListener('show.bs.modal', loadUsers);
if (!CanvasRenderingContext2D.prototype.roundRect) { if (!CanvasRenderingContext2D.prototype.roundRect) {
CanvasRenderingContext2D.prototype.roundRect = function(x, y, w, h, r) { CanvasRenderingContext2D.prototype.roundRect = function(x, y, w, h, r) {
if (r > w / 2) r = w / 2; if (r > w / 2) r = w / 2;
frontend/index.html
+30
View File
@@ -33,6 +33,11 @@
</button> </button>
</li> </li>
</ul> </ul>
<div class="ms-auto d-flex align-items-center">
<span class="text-secondary small me-2" id="userDisplay"></span>
<button class="btn btn-outline-secondary btn-sm me-2 d-none" id="settingsBtn" data-bs-toggle="modal" data-bs-target="#settingsModal" title="Settings"><i class="fas fa-cog"></i></button>
<a href="/logout.php" class="btn btn-outline-secondary btn-sm"><i class="fas fa-sign-out-alt"></i></a>
</div>
</div> </div>
</div> </div>
</nav> </nav>
@@ -329,6 +334,31 @@
</div> </div>
</div> </div>
<!-- ==================== SETTINGS MODAL ==================== -->
<div class="modal fade" id="settingsModal" tabindex="-1">
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header border-secondary">
<h5 class="modal-title"><i class="fas fa-cog text-primary me-1"></i> Settings</h5>
<button type="button" class="btn-close" data-bs-dismiss="modal"></button>
</div>
<div class="modal-body">
<h6 class="text-secondary mb-2"><i class="fas fa-users me-1"></i> Authorized Users</h6>
<div id="userList" class="mb-3">
<div class="text-secondary small">Loading...</div>
</div>
<hr class="border-secondary">
<h6 class="text-secondary mb-2"><i class="fas fa-user-plus me-1"></i> Add User by Token</h6>
<div class="input-group input-group-sm mb-2">
<input type="text" class="form-control" id="addUserToken" placeholder="Paste user token here">
<button class="btn btn-primary" id="addUserBtn"><i class="fas fa-plus"></i> Add</button>
</div>
<small class="text-secondary">Get the user token from the user's Jakach Auth profile or ask them to log in once.</small>
</div>
</div>
</div>
</div>
<!-- ==================== CONFIRM MODAL ==================== --> <!-- ==================== CONFIRM MODAL ==================== -->
<div class="modal fade" id="confirmModal" tabindex="-1"> <div class="modal fade" id="confirmModal" tabindex="-1">
<div class="modal-dialog modal-sm modal-dialog-centered"> <div class="modal-dialog modal-sm modal-dialog-centered">