+23
-2
@@ -49,6 +49,7 @@ pre.raw-line { background: var(--bs-tertiary-bg); padding: .75rem; border-radius
|
||||
<div class="card-body p-4 text-center">
|
||||
<i class="bi bi-shield-lock" style="font-size:3rem;display:block;margin-bottom:1rem"></i>
|
||||
<h5>Sign in required</h5>
|
||||
<div id="authErrorBox" class="alert alert-danger d-none" role="alert"></div>
|
||||
<p class="text-secondary mb-4">Authenticate with your Jakach account to access the system.</p>
|
||||
<a id="loginBtn" class="btn btn-primary btn-lg w-100" href="#">
|
||||
<i class="bi bi-box-arrow-in-right me-2"></i>Log in using Jakach Login
|
||||
@@ -367,16 +368,36 @@ async function checkAuth() {
|
||||
initApp();
|
||||
return true;
|
||||
}
|
||||
} catch (e) {}
|
||||
if (res.error) {
|
||||
showLogin(res.error);
|
||||
return false;
|
||||
}
|
||||
} catch (e) {
|
||||
try {
|
||||
const err = JSON.parse(e.message);
|
||||
showLogin(err.error);
|
||||
} catch {
|
||||
showLogin();
|
||||
}
|
||||
}
|
||||
showLogin();
|
||||
return false;
|
||||
}
|
||||
|
||||
function showLogin() {
|
||||
function showLogin(errorMsg) {
|
||||
document.getElementById('appLogin').style.display = '';
|
||||
document.getElementById('appMain').style.display = 'none';
|
||||
const loginUrl = window.location.origin + '/oauth.php?redirect=' + encodeURIComponent(window.location.href);
|
||||
document.getElementById('loginBtn').href = 'https://auth.jakach.ch/?send_to=' + encodeURIComponent(loginUrl);
|
||||
const errorBox = document.getElementById('authErrorBox');
|
||||
if (errorMsg) {
|
||||
errorBox.textContent = errorMsg;
|
||||
errorBox.classList.remove('d-none');
|
||||
document.getElementById('loginBtn').textContent = 'Try again';
|
||||
} else {
|
||||
errorBox.classList.add('d-none');
|
||||
document.getElementById('loginBtn').innerHTML = '<i class="bi bi-box-arrow-in-right me-2"></i>Log in using Jakach Login';
|
||||
}
|
||||
}
|
||||
|
||||
async function logout() {
|
||||
|
||||
+25
-25
@@ -3,6 +3,7 @@
|
||||
require_once __DIR__ . '/../vendor/autoload.php';
|
||||
|
||||
use Jakach\Logging\Storage\Database;
|
||||
use Jakach\Logging\Storage\Repository;
|
||||
|
||||
session_set_cookie_params([
|
||||
'lifetime' => 86400 * 7,
|
||||
@@ -13,11 +14,11 @@ session_set_cookie_params([
|
||||
session_start();
|
||||
|
||||
$authToken = $_GET['auth'] ?? '';
|
||||
$errorRedirect = $_GET['redirect'] ?? '/';
|
||||
|
||||
if (!$authToken) {
|
||||
header('Content-Type: application/json');
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'Missing auth token']);
|
||||
$_SESSION['auth_error'] = 'Missing authentication token.';
|
||||
header('Location: ' . $errorRedirect);
|
||||
exit;
|
||||
}
|
||||
|
||||
@@ -32,18 +33,31 @@ $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
||||
curl_close($ch);
|
||||
|
||||
if ($httpCode !== 200 || !$response) {
|
||||
header('Content-Type: application/json');
|
||||
http_response_code(502);
|
||||
echo json_encode(['error' => 'Auth server unreachable']);
|
||||
$_SESSION['auth_error'] = 'Authentication server is unreachable. Please try again later.';
|
||||
header('Location: ' . $errorRedirect);
|
||||
exit;
|
||||
}
|
||||
|
||||
$data = json_decode($response, true);
|
||||
|
||||
if (!isset($data['status']) || $data['status'] !== 'success') {
|
||||
header('Content-Type: application/json');
|
||||
http_response_code(401);
|
||||
echo json_encode(['error' => 'Authentication failed', 'msg' => $data['msg'] ?? 'unknown']);
|
||||
$_SESSION['auth_error'] = 'Authentication failed: ' . ($data['msg'] ?? 'Unknown error');
|
||||
header('Location: ' . $errorRedirect);
|
||||
exit;
|
||||
}
|
||||
|
||||
$userToken = $data['user_token'] ?? '';
|
||||
|
||||
$db = new Database();
|
||||
$repo = new Repository($db);
|
||||
|
||||
$allowedTokens = $repo->getAllowedUserTokens();
|
||||
|
||||
if (empty($allowedTokens)) {
|
||||
$repo->setAllowedUserTokens([$userToken]);
|
||||
} elseif (!in_array($userToken, $allowedTokens, true)) {
|
||||
$_SESSION['auth_error'] = 'Your Jakach account is not authorized to access this system. Contact an administrator.';
|
||||
header('Location: ' . $errorRedirect);
|
||||
exit;
|
||||
}
|
||||
|
||||
@@ -52,22 +66,8 @@ $_SESSION['username'] = $data['username'] ?? 'unknown';
|
||||
$_SESSION['id'] = $data['id'] ?? '';
|
||||
$_SESSION['email'] = $data['email'] ?? '';
|
||||
$_SESSION['telegram_id'] = $data['telegram_id'] ?? '';
|
||||
$_SESSION['user_token'] = $data['user_token'] ?? '';
|
||||
|
||||
if (!headers_sent()) {
|
||||
$db = new Database();
|
||||
$repo = new \Jakach\Logging\Storage\Repository($db);
|
||||
$allowedTokens = $repo->getAllowedUserTokens();
|
||||
|
||||
if (!empty($allowedTokens) && !in_array($_SESSION['user_token'], $allowedTokens, true)) {
|
||||
$_SESSION = [];
|
||||
session_destroy();
|
||||
header('Content-Type: application/json');
|
||||
http_response_code(403);
|
||||
echo json_encode(['error' => 'Your account is not authorized to access this system']);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
$_SESSION['user_token'] = $userToken;
|
||||
unset($_SESSION['auth_error']);
|
||||
|
||||
$redirect = $_GET['redirect'] ?? '/';
|
||||
header('Location: ' . $redirect);
|
||||
|
||||
Reference in New Issue
Block a user