+124
-4
@@ -1,4 +1,5 @@
|
||||
<?php
|
||||
session_start();
|
||||
header('Content-Type: application/json');
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
|
||||
@@ -12,18 +13,33 @@ if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
||||
require_once __DIR__ . '/../config/database.php';
|
||||
|
||||
$db = getDbConnection();
|
||||
$requestUri = $_SERVER['REQUEST_URI'];
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
|
||||
$path = parse_url($requestUri, PHP_URL_PATH);
|
||||
// Auth check (except for session check)
|
||||
$path = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
|
||||
$path = str_replace('/api/', '', $path);
|
||||
$segments = explode('/', trim($path, '/'));
|
||||
|
||||
$resource = $segments[0] ?? '';
|
||||
|
||||
if ($resource !== 'session') {
|
||||
$loggedin = isset($_SESSION['neptune_loggedin']) && $_SESSION['neptune_loggedin'] === true;
|
||||
if (!$loggedin) {
|
||||
http_response_code(401);
|
||||
echo json_encode(['error' => 'Unauthorized']);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
$id = $segments[1] ?? null;
|
||||
|
||||
try {
|
||||
switch ($resource) {
|
||||
case 'session':
|
||||
handleSession($method, $db);
|
||||
break;
|
||||
case 'settings':
|
||||
handleSettings($method, $db);
|
||||
break;
|
||||
case 'teams':
|
||||
handleTeams($method, $id, $db);
|
||||
break;
|
||||
@@ -51,6 +67,110 @@ try {
|
||||
echo json_encode(['error' => $e->getMessage()]);
|
||||
}
|
||||
|
||||
function handleSession($method, $db) {
|
||||
$loggedin = isset($_SESSION['neptune_loggedin']) && $_SESSION['neptune_loggedin'] === true;
|
||||
if ($loggedin) {
|
||||
$role = $_SESSION['neptune_role'] ?? 'user';
|
||||
$stmt = $db->prepare("SELECT COUNT(*) as c FROM neptune_users WHERE role='admin'");
|
||||
$stmt->execute();
|
||||
$adminCount = $stmt->fetch()['c'];
|
||||
echo json_encode([
|
||||
'loggedin' => true,
|
||||
'username' => $_SESSION['neptune_username'] ?? 'Unknown',
|
||||
'role' => $role,
|
||||
'admin_count' => (int)$adminCount
|
||||
]);
|
||||
} else {
|
||||
echo json_encode(['loggedin' => false]);
|
||||
}
|
||||
}
|
||||
|
||||
function handleSettings($method, $db) {
|
||||
$role = $_SESSION['neptune_role'] ?? 'user';
|
||||
if ($method === 'GET') {
|
||||
if ($role !== 'admin') {
|
||||
http_response_code(403);
|
||||
echo json_encode(['error' => 'Admins only']);
|
||||
return;
|
||||
}
|
||||
$users = $db->query("SELECT id, username, user_token, email, role, created_at FROM neptune_users ORDER BY created_at ASC")->fetchAll();
|
||||
echo json_encode($users);
|
||||
} elseif ($method === 'POST') {
|
||||
if ($role !== 'admin') {
|
||||
http_response_code(403);
|
||||
echo json_encode(['error' => 'Admins only']);
|
||||
return;
|
||||
}
|
||||
$data = json_decode(file_get_contents('php://input'), true);
|
||||
$user_token = $data['user_token'] ?? '';
|
||||
if (!$user_token) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'user_token required']);
|
||||
return;
|
||||
}
|
||||
// Validate the token with Jakach Auth
|
||||
$check_url = "https://auth.jakach.ch/api/auth/check_auth_key.php?auth_token=" . urlencode($user_token);
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_URL, $check_url);
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
|
||||
$response = curl_exec($ch);
|
||||
$http = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
||||
curl_close($ch);
|
||||
|
||||
if ($http !== 200 || !$response) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'Failed to validate token']);
|
||||
return;
|
||||
}
|
||||
$info = json_decode($response, true);
|
||||
if (!isset($info['status']) || $info['status'] !== 'success') {
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'Invalid token']);
|
||||
return;
|
||||
}
|
||||
|
||||
$stmt = $db->prepare("SELECT COUNT(*) as c FROM neptune_users WHERE user_token = ?");
|
||||
$stmt->execute([$user_token]);
|
||||
if ($stmt->fetch()['c'] > 0) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'User already exists']);
|
||||
return;
|
||||
}
|
||||
|
||||
$stmt = $db->prepare("INSERT INTO neptune_users (user_token, username, email, role) VALUES (?, ?, ?, 'user')");
|
||||
$stmt->execute([$user_token, $info['username'], $info['email'] ?? '']);
|
||||
echo json_encode(['status' => 'success', 'msg' => 'User added']);
|
||||
} elseif ($method === 'DELETE') {
|
||||
if ($role !== 'admin') {
|
||||
http_response_code(403);
|
||||
echo json_encode(['error' => 'Admins only']);
|
||||
return;
|
||||
}
|
||||
$data = json_decode(file_get_contents('php://input'), true);
|
||||
$id = $data['id'] ?? null;
|
||||
if (!$id) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'id required']);
|
||||
return;
|
||||
}
|
||||
// Prevent deleting the last admin
|
||||
$stmt = $db->prepare("SELECT role FROM neptune_users WHERE id = ?");
|
||||
$stmt->execute([$id]);
|
||||
$user = $stmt->fetch();
|
||||
if ($user && $user['role'] === 'admin') {
|
||||
$adminCount = $db->query("SELECT COUNT(*) as c FROM neptune_users WHERE role='admin'")->fetch()['c'];
|
||||
if ($adminCount <= 1) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'Cannot delete the last admin']);
|
||||
return;
|
||||
}
|
||||
}
|
||||
$db->prepare("DELETE FROM neptune_users WHERE id = ?")->execute([$id]);
|
||||
echo json_encode(['status' => 'success']);
|
||||
}
|
||||
}
|
||||
|
||||
function handleTeams($method, $id, $db) {
|
||||
switch ($method) {
|
||||
case 'GET':
|
||||
|
||||
@@ -30,4 +30,12 @@ function migrate($db) {
|
||||
z_index INT DEFAULT 0,
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
|
||||
)");
|
||||
$db->exec("CREATE TABLE IF NOT EXISTS neptune_users (
|
||||
id INT AUTO_INCREMENT PRIMARY KEY,
|
||||
user_token VARCHAR(255) NOT NULL UNIQUE,
|
||||
username VARCHAR(255) NOT NULL,
|
||||
email VARCHAR(255) DEFAULT '',
|
||||
role ENUM('admin','user') DEFAULT 'user',
|
||||
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
|
||||
)");
|
||||
}
|
||||
@@ -0,0 +1,107 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
// If already logged in, redirect
|
||||
if (isset($_SESSION['neptune_loggedin']) && $_SESSION['neptune_loggedin'] === true) {
|
||||
header('Location: /');
|
||||
exit;
|
||||
}
|
||||
|
||||
$error = '';
|
||||
$success = '';
|
||||
|
||||
// Check for auth callback from Jakach Auth
|
||||
if (isset($_GET['auth'])) {
|
||||
$auth_token = $_GET['auth'];
|
||||
$check_url = "https://auth.jakach.ch/api/auth/check_auth_key.php?auth_token=" . urlencode($auth_token);
|
||||
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_URL, $check_url);
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
|
||||
$response = curl_exec($ch);
|
||||
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
||||
curl_close($ch);
|
||||
|
||||
if ($http_code !== 200 || !$response) {
|
||||
$error = 'Failed to contact authentication server.';
|
||||
} else {
|
||||
$data = json_decode($response, true);
|
||||
if (isset($data['status']) && $data['status'] === 'success') {
|
||||
$user_token = $data['user_token'];
|
||||
$username = $data['username'];
|
||||
$email = $data['email'] ?? '';
|
||||
|
||||
require_once __DIR__ . '/config/database.php';
|
||||
$db = getDbConnection();
|
||||
|
||||
// Check if user exists in our db
|
||||
$stmt = $db->prepare("SELECT * FROM neptune_users WHERE user_token = ?");
|
||||
$stmt->execute([$user_token]);
|
||||
$user = $stmt->fetch();
|
||||
|
||||
if ($user) {
|
||||
$_SESSION['neptune_loggedin'] = true;
|
||||
$_SESSION['neptune_user_token'] = $user['user_token'];
|
||||
$_SESSION['neptune_username'] = $user['username'];
|
||||
$_SESSION['neptune_role'] = $user['role'];
|
||||
header('Location: /');
|
||||
exit;
|
||||
} else {
|
||||
// First user becomes admin
|
||||
$count = $db->query("SELECT COUNT(*) as c FROM neptune_users")->fetch()['c'];
|
||||
$role = ($count == 0) ? 'admin' : 'user';
|
||||
|
||||
$stmt = $db->prepare("INSERT INTO neptune_users (user_token, username, email, role) VALUES (?, ?, ?, ?)");
|
||||
$stmt->execute([$user_token, $username, $email, $role]);
|
||||
|
||||
$_SESSION['neptune_loggedin'] = true;
|
||||
$_SESSION['neptune_user_token'] = $user_token;
|
||||
$_SESSION['neptune_username'] = $username;
|
||||
$_SESSION['neptune_role'] = $role;
|
||||
header('Location: /');
|
||||
exit;
|
||||
}
|
||||
} else {
|
||||
$error = 'Authentication failed: ' . ($data['msg'] ?? 'unknown error');
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="en" data-bs-theme="dark">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Neptune - Login</title>
|
||||
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css" rel="stylesheet">
|
||||
<link href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.5.1/css/all.min.css" rel="stylesheet">
|
||||
<style>
|
||||
body { background: #0a0e1a; display: flex; align-items: center; justify-content: center; min-height: 100vh; }
|
||||
.login-card { background: #131a2b; border: 1px solid #1e2a45; border-radius: .75rem; padding: 2.5rem; max-width: 420px; width: 100%; }
|
||||
.login-card h1 { font-size: 1.5rem; }
|
||||
.login-card p { color: #64748b; font-size: .9rem; }
|
||||
.btn-jakach { background: #3b82f6; color: #fff; }
|
||||
.btn-jakach:hover { background: #2563eb; color: #fff; }
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="login-card text-center">
|
||||
<i class="fas fa-globe text-primary mb-3" style="font-size: 2.5rem;"></i>
|
||||
<h1 class="fw-bold mb-1">Neptune</h1>
|
||||
<p class="mb-4">Cybersecurity Incident Journal</p>
|
||||
|
||||
<?php if ($error): ?>
|
||||
<div class="alert alert-danger py-2 small"><?= htmlspecialchars($error) ?></div>
|
||||
<?php endif; ?>
|
||||
<?php if ($success): ?>
|
||||
<div class="alert alert-success py-2 small"><?= htmlspecialchars($success) ?></div>
|
||||
<?php endif; ?>
|
||||
|
||||
<a href="https://auth.jakach.ch/?send_to=<?= urlencode('http://' . ($_SERVER['HTTP_HOST'] ?? 'localhost:8080') . '/login.php') ?>" class="btn btn-jakach w-100 py-2 mb-2">
|
||||
<i class="fas fa-right-to-bracket me-2"></i>Log in with Jakach Auth
|
||||
</a>
|
||||
<small class="text-secondary">First user automatically becomes admin</small>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,6 @@
|
||||
<?php
|
||||
session_start();
|
||||
$_SESSION = array();
|
||||
session_destroy();
|
||||
header('Location: /');
|
||||
exit;
|
||||
+19
-1
@@ -14,7 +14,25 @@ server {
|
||||
include fastcgi_params;
|
||||
}
|
||||
|
||||
location /login.php {
|
||||
fastcgi_pass php:9000;
|
||||
fastcgi_param SCRIPT_FILENAME /var/www/backend/login.php;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
include fastcgi_params;
|
||||
}
|
||||
|
||||
location /logout.php {
|
||||
fastcgi_pass php:9000;
|
||||
fastcgi_param SCRIPT_FILENAME /var/www/backend/logout.php;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
include fastcgi_params;
|
||||
}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
try_files $uri $uri/ /index.html;
|
||||
}
|
||||
}
|
||||
@@ -30,6 +30,8 @@ let editingNodeId = null;
|
||||
let editingShapeId = null;
|
||||
|
||||
document.addEventListener('DOMContentLoaded', () => {
|
||||
// Check auth first
|
||||
checkSession().then(() => {
|
||||
canvas = document.getElementById('networkCanvas');
|
||||
ctx = canvas.getContext('2d');
|
||||
resizeCanvas();
|
||||
@@ -41,6 +43,7 @@ document.addEventListener('DOMContentLoaded', () => {
|
||||
document.getElementById('saveNode').addEventListener('click', saveNode);
|
||||
document.getElementById('saveLink').addEventListener('click', saveLink);
|
||||
document.getElementById('saveShape').addEventListener('click', saveShape);
|
||||
document.getElementById('addUserBtn').addEventListener('click', addUser);
|
||||
document.getElementById('teamFilter').addEventListener('change', renderTimeline);
|
||||
document.getElementById('searchEvents').addEventListener('input', renderTimeline);
|
||||
document.getElementById('shapeOpacity').addEventListener('input', (e) => {
|
||||
@@ -882,6 +885,76 @@ function esc(s) {
|
||||
return div.innerHTML;
|
||||
}
|
||||
|
||||
// ==================== AUTH / SESSION ====================
|
||||
let currentUser = null;
|
||||
let currentRole = null;
|
||||
|
||||
async function checkSession() {
|
||||
try {
|
||||
const res = await fetch('/api/session');
|
||||
const data = await res.json();
|
||||
if (data.loggedin) {
|
||||
currentUser = data.username;
|
||||
currentRole = data.role;
|
||||
document.getElementById('userDisplay').textContent = data.username;
|
||||
if (data.role === 'admin' || data.admin_count === 0) {
|
||||
document.getElementById('settingsBtn').classList.remove('d-none');
|
||||
}
|
||||
} else {
|
||||
window.location.href = '/login.php';
|
||||
}
|
||||
} catch (e) {
|
||||
window.location.href = '/login.php';
|
||||
}
|
||||
}
|
||||
|
||||
async function loadUsers() {
|
||||
const list = document.getElementById('userList');
|
||||
try {
|
||||
const users = await apiFetch('settings');
|
||||
list.innerHTML = users.map(u => `
|
||||
<div class="d-flex justify-content-between align-items-center py-1 border-bottom border-secondary">
|
||||
<div>
|
||||
<strong class="small">${esc(u.username)}</strong>
|
||||
<span class="badge bg-${u.role === 'admin' ? 'warning' : 'secondary'} ms-1" style="font-size:.6rem;">${u.role}</span>
|
||||
<div class="text-secondary" style="font-size:.7rem;">${u.user_token.substring(0, 16)}...</div>
|
||||
</div>
|
||||
${u.role !== 'admin' ? `<button class="btn btn-outline-danger btn-sm py-0 px-1" onclick="removeUser(${u.id})"><i class="fas fa-times" style="font-size:.7rem;"></i></button>` : ''}
|
||||
</div>
|
||||
`).join('');
|
||||
} catch (e) {
|
||||
list.innerHTML = '<div class="text-danger small">Failed to load users</div>';
|
||||
}
|
||||
}
|
||||
|
||||
async function addUser() {
|
||||
const token = document.getElementById('addUserToken').value.trim();
|
||||
if (!token) return;
|
||||
try {
|
||||
const res = await apiFetch('settings', { method: 'POST', body: JSON.stringify({ user_token: token }) });
|
||||
if (res.status === 'success') {
|
||||
document.getElementById('addUserToken').value = '';
|
||||
loadUsers();
|
||||
} else {
|
||||
alert(res.error || 'Failed to add user');
|
||||
}
|
||||
} catch (e) {
|
||||
alert('Failed to add user');
|
||||
}
|
||||
}
|
||||
|
||||
async function removeUser(id) {
|
||||
if (!confirm('Remove this user?')) return;
|
||||
try {
|
||||
await apiFetch('settings', { method: 'DELETE', body: JSON.stringify({ id }) });
|
||||
loadUsers();
|
||||
} catch (e) {
|
||||
alert('Failed to remove user');
|
||||
}
|
||||
}
|
||||
|
||||
document.getElementById('settingsModal').addEventListener('show.bs.modal', loadUsers);
|
||||
|
||||
if (!CanvasRenderingContext2D.prototype.roundRect) {
|
||||
CanvasRenderingContext2D.prototype.roundRect = function(x, y, w, h, r) {
|
||||
if (r > w / 2) r = w / 2;
|
||||
|
||||
@@ -33,6 +33,11 @@
|
||||
</button>
|
||||
</li>
|
||||
</ul>
|
||||
<div class="ms-auto d-flex align-items-center">
|
||||
<span class="text-secondary small me-2" id="userDisplay"></span>
|
||||
<button class="btn btn-outline-secondary btn-sm me-2 d-none" id="settingsBtn" data-bs-toggle="modal" data-bs-target="#settingsModal" title="Settings"><i class="fas fa-cog"></i></button>
|
||||
<a href="/logout.php" class="btn btn-outline-secondary btn-sm"><i class="fas fa-sign-out-alt"></i></a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</nav>
|
||||
@@ -329,6 +334,31 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- ==================== SETTINGS MODAL ==================== -->
|
||||
<div class="modal fade" id="settingsModal" tabindex="-1">
|
||||
<div class="modal-dialog">
|
||||
<div class="modal-content bg-dark">
|
||||
<div class="modal-header border-secondary">
|
||||
<h5 class="modal-title"><i class="fas fa-cog text-primary me-1"></i> Settings</h5>
|
||||
<button type="button" class="btn-close" data-bs-dismiss="modal"></button>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
<h6 class="text-secondary mb-2"><i class="fas fa-users me-1"></i> Authorized Users</h6>
|
||||
<div id="userList" class="mb-3">
|
||||
<div class="text-secondary small">Loading...</div>
|
||||
</div>
|
||||
<hr class="border-secondary">
|
||||
<h6 class="text-secondary mb-2"><i class="fas fa-user-plus me-1"></i> Add User by Token</h6>
|
||||
<div class="input-group input-group-sm mb-2">
|
||||
<input type="text" class="form-control" id="addUserToken" placeholder="Paste user token here">
|
||||
<button class="btn btn-primary" id="addUserBtn"><i class="fas fa-plus"></i> Add</button>
|
||||
</div>
|
||||
<small class="text-secondary">Get the user token from the user's Jakach Auth profile or ask them to log in once.</small>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- ==================== CONFIRM MODAL ==================== -->
|
||||
<div class="modal fade" id="confirmModal" tabindex="-1">
|
||||
<div class="modal-dialog modal-sm modal-dialog-centered">
|
||||
|
||||
Reference in New Issue
Block a user