Jakach/jakach-logging
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix login
Deploy / deploy (push) Successful in 8s
Details

Browse Source
This commit is contained in:
janis steiner
2026-05-06 12:07:39 +02:00
parent c940864c60
commit 40f9fda3e6
2 changed files with 41 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
public/index.html
+20 -18
View File
@@ -368,32 +368,35 @@ async function checkAuth() {
initApp(); initApp();
return true; return true;
} }
if (res.error) { if (res.login_url) {
showLogin(res.error, res.login_url);
} else if (res.error) {
showLogin(res.error); showLogin(res.error);
return false; } else {
}
} catch (e) {
try {
const err = JSON.parse(e.message);
showLogin(err.error);
} catch {
showLogin(); showLogin();
} }
return false;
} catch (e) {
if (e.login_url) {
showLogin('Session expired. Please log in again.', e.login_url);
} else {
showLogin('Cannot connect to server: ' + e.message);
}
} }
showLogin();
return false; return false;
} }
function showLogin(errorMsg) { function showLogin(errorMsg, loginUrl) {
document.getElementById('appLogin').style.display = ''; document.getElementById('appLogin').style.display = '';
document.getElementById('appMain').style.display = 'none'; document.getElementById('appMain').style.display = 'none';
const loginUrl = window.location.origin + '/oauth.php?redirect=' + encodeURIComponent(window.location.href); const cbUrl = window.location.origin + '/oauth.php?redirect=' + encodeURIComponent(window.location.href);
document.getElementById('loginBtn').href = 'https://auth.jakach.ch/?send_to=' + encodeURIComponent(loginUrl); const href = loginUrl || ('https://auth.jakach.ch/?send_to=' + encodeURIComponent(cbUrl));
document.getElementById('loginBtn').href = href;
const errorBox = document.getElementById('authErrorBox'); const errorBox = document.getElementById('authErrorBox');
if (errorMsg) { if (errorMsg) {
errorBox.textContent = errorMsg; errorBox.textContent = errorMsg;
errorBox.classList.remove('d-none'); errorBox.classList.remove('d-none');
document.getElementById('loginBtn').textContent = 'Try again'; document.getElementById('loginBtn').innerHTML = '<i class="bi bi-box-arrow-in-right me-2"></i>Try again';
} else { } else {
errorBox.classList.add('d-none'); errorBox.classList.add('d-none');
document.getElementById('loginBtn').innerHTML = '<i class="bi bi-box-arrow-in-right me-2"></i>Log in using Jakach Login'; document.getElementById('loginBtn').innerHTML = '<i class="bi bi-box-arrow-in-right me-2"></i>Log in using Jakach Login';
@@ -444,11 +447,10 @@ async function api(path, opts = {}) {
}); });
const data = await res.json(); const data = await res.json();
if (!res.ok) { if (!res.ok) {
if (res.status === 401 && data.login_url) { const err = new Error(data.error || 'Request failed');
window.location.href = data.login_url; err.login_url = data.login_url;
return; err.status = res.status;
} throw err;
throw new Error(data.error || 'Request failed');
} }
return data; return data;
} }
public/oauth.php
+21 -2
View File
@@ -5,6 +5,10 @@ require_once __DIR__ . '/../vendor/autoload.php';
use Jakach\Logging\Storage\Database; use Jakach\Logging\Storage\Database;
use Jakach\Logging\Storage\Repository; use Jakach\Logging\Storage\Repository;
$logFile = '/tmp/oauth_debug.log';
file_put_contents($logFile, date('c') . " oauth.php called\n", FILE_APPEND);
file_put_contents($logFile, "GET: " . json_encode($_GET) . "\n", FILE_APPEND);
session_set_cookie_params([ session_set_cookie_params([
'lifetime' => 86400 * 7, 'lifetime' => 86400 * 7,
'path' => '/', 'path' => '/',
@@ -16,24 +20,32 @@ session_start();
$authToken = $_GET['auth'] ?? ''; $authToken = $_GET['auth'] ?? '';
$errorRedirect = $_GET['redirect'] ?? '/'; $errorRedirect = $_GET['redirect'] ?? '/';
file_put_contents($logFile, "authToken: $authToken\n", FILE_APPEND);
if (!$authToken) { if (!$authToken) {
$_SESSION['auth_error'] = 'Missing authentication token.'; $_SESSION['auth_error'] = 'Missing authentication token.';
file_put_contents($logFile, "ERROR: missing auth token\n", FILE_APPEND);
header('Location: ' . $errorRedirect); header('Location: ' . $errorRedirect);
exit; exit;
} }
$checkUrl = 'https://auth.jakach.ch/api/auth/check_auth_key.php?auth_token=' . urlencode($authToken); $checkUrl = 'https://auth.jakach.ch/api/auth/check_auth_key.php?auth_token=' . urlencode($authToken);
file_put_contents($logFile, "checkUrl: $checkUrl\n", FILE_APPEND);
$ch = curl_init(); $ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $checkUrl); curl_setopt($ch, CURLOPT_URL, $checkUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10); curl_setopt($ch, CURLOPT_TIMEOUT, 15);
$response = curl_exec($ch); $response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$curlError = curl_error($ch);
curl_close($ch); curl_close($ch);
file_put_contents($logFile, "httpCode: $httpCode response: " . substr($response, 0, 500) . " curlError: $curlError\n", FILE_APPEND);
if ($httpCode !== 200 || !$response) { if ($httpCode !== 200 || !$response) {
$_SESSION['auth_error'] = 'Authentication server is unreachable. Please try again later.'; $_SESSION['auth_error'] = "Auth server unreachable ($httpCode)";
file_put_contents($logFile, "ERROR: bad response $httpCode\n", FILE_APPEND);
header('Location: ' . $errorRedirect); header('Location: ' . $errorRedirect);
exit; exit;
} }
@@ -42,21 +54,26 @@ $data = json_decode($response, true);
if (!isset($data['status']) || $data['status'] !== 'success') { if (!isset($data['status']) || $data['status'] !== 'success') {
$_SESSION['auth_error'] = 'Authentication failed: ' . ($data['msg'] ?? 'Unknown error'); $_SESSION['auth_error'] = 'Authentication failed: ' . ($data['msg'] ?? 'Unknown error');
file_put_contents($logFile, "ERROR: auth failed: " . json_encode($data) . "\n", FILE_APPEND);
header('Location: ' . $errorRedirect); header('Location: ' . $errorRedirect);
exit; exit;
} }
$userToken = $data['user_token'] ?? ''; $userToken = $data['user_token'] ?? '';
file_put_contents($logFile, "Auth success, user_token: $userToken\n", FILE_APPEND);
$db = new Database(); $db = new Database();
$repo = new Repository($db); $repo = new Repository($db);
$allowedTokens = $repo->getAllowedUserTokens(); $allowedTokens = $repo->getAllowedUserTokens();
file_put_contents($logFile, "allowedTokens: " . json_encode($allowedTokens) . "\n", FILE_APPEND);
if (empty($allowedTokens)) { if (empty($allowedTokens)) {
file_put_contents($logFile, "First user, adding to allowed tokens\n", FILE_APPEND);
$repo->setAllowedUserTokens([$userToken]); $repo->setAllowedUserTokens([$userToken]);
} elseif (!in_array($userToken, $allowedTokens, true)) { } elseif (!in_array($userToken, $allowedTokens, true)) {
$_SESSION['auth_error'] = 'Your Jakach account is not authorized to access this system. Contact an administrator.'; $_SESSION['auth_error'] = 'Your Jakach account is not authorized to access this system. Contact an administrator.';
file_put_contents($logFile, "ERROR: user not allowed\n", FILE_APPEND);
header('Location: ' . $errorRedirect); header('Location: ' . $errorRedirect);
exit; exit;
} }
@@ -69,6 +86,8 @@ $_SESSION['telegram_id'] = $data['telegram_id'] ?? '';
$_SESSION['user_token'] = $userToken; $_SESSION['user_token'] = $userToken;
unset($_SESSION['auth_error']); unset($_SESSION['auth_error']);
file_put_contents($logFile, "Session set, redirecting to: $errorRedirect\n", FILE_APPEND);
$redirect = $_GET['redirect'] ?? '/'; $redirect = $_GET['redirect'] ?? '/';
header('Location: ' . $redirect); header('Location: ' . $redirect);
exit; exit;