+23
-2
@@ -49,6 +49,7 @@ pre.raw-line { background: var(--bs-tertiary-bg); padding: .75rem; border-radius
|
|||||||
<div class="card-body p-4 text-center">
|
<div class="card-body p-4 text-center">
|
||||||
<i class="bi bi-shield-lock" style="font-size:3rem;display:block;margin-bottom:1rem"></i>
|
<i class="bi bi-shield-lock" style="font-size:3rem;display:block;margin-bottom:1rem"></i>
|
||||||
<h5>Sign in required</h5>
|
<h5>Sign in required</h5>
|
||||||
|
<div id="authErrorBox" class="alert alert-danger d-none" role="alert"></div>
|
||||||
<p class="text-secondary mb-4">Authenticate with your Jakach account to access the system.</p>
|
<p class="text-secondary mb-4">Authenticate with your Jakach account to access the system.</p>
|
||||||
<a id="loginBtn" class="btn btn-primary btn-lg w-100" href="#">
|
<a id="loginBtn" class="btn btn-primary btn-lg w-100" href="#">
|
||||||
<i class="bi bi-box-arrow-in-right me-2"></i>Log in using Jakach Login
|
<i class="bi bi-box-arrow-in-right me-2"></i>Log in using Jakach Login
|
||||||
@@ -367,16 +368,36 @@ async function checkAuth() {
|
|||||||
initApp();
|
initApp();
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
} catch (e) {}
|
if (res.error) {
|
||||||
|
showLogin(res.error);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
try {
|
||||||
|
const err = JSON.parse(e.message);
|
||||||
|
showLogin(err.error);
|
||||||
|
} catch {
|
||||||
|
showLogin();
|
||||||
|
}
|
||||||
|
}
|
||||||
showLogin();
|
showLogin();
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
function showLogin() {
|
function showLogin(errorMsg) {
|
||||||
document.getElementById('appLogin').style.display = '';
|
document.getElementById('appLogin').style.display = '';
|
||||||
document.getElementById('appMain').style.display = 'none';
|
document.getElementById('appMain').style.display = 'none';
|
||||||
const loginUrl = window.location.origin + '/oauth.php?redirect=' + encodeURIComponent(window.location.href);
|
const loginUrl = window.location.origin + '/oauth.php?redirect=' + encodeURIComponent(window.location.href);
|
||||||
document.getElementById('loginBtn').href = 'https://auth.jakach.ch/?send_to=' + encodeURIComponent(loginUrl);
|
document.getElementById('loginBtn').href = 'https://auth.jakach.ch/?send_to=' + encodeURIComponent(loginUrl);
|
||||||
|
const errorBox = document.getElementById('authErrorBox');
|
||||||
|
if (errorMsg) {
|
||||||
|
errorBox.textContent = errorMsg;
|
||||||
|
errorBox.classList.remove('d-none');
|
||||||
|
document.getElementById('loginBtn').textContent = 'Try again';
|
||||||
|
} else {
|
||||||
|
errorBox.classList.add('d-none');
|
||||||
|
document.getElementById('loginBtn').innerHTML = '<i class="bi bi-box-arrow-in-right me-2"></i>Log in using Jakach Login';
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
async function logout() {
|
async function logout() {
|
||||||
|
|||||||
+25
-25
@@ -3,6 +3,7 @@
|
|||||||
require_once __DIR__ . '/../vendor/autoload.php';
|
require_once __DIR__ . '/../vendor/autoload.php';
|
||||||
|
|
||||||
use Jakach\Logging\Storage\Database;
|
use Jakach\Logging\Storage\Database;
|
||||||
|
use Jakach\Logging\Storage\Repository;
|
||||||
|
|
||||||
session_set_cookie_params([
|
session_set_cookie_params([
|
||||||
'lifetime' => 86400 * 7,
|
'lifetime' => 86400 * 7,
|
||||||
@@ -13,11 +14,11 @@ session_set_cookie_params([
|
|||||||
session_start();
|
session_start();
|
||||||
|
|
||||||
$authToken = $_GET['auth'] ?? '';
|
$authToken = $_GET['auth'] ?? '';
|
||||||
|
$errorRedirect = $_GET['redirect'] ?? '/';
|
||||||
|
|
||||||
if (!$authToken) {
|
if (!$authToken) {
|
||||||
header('Content-Type: application/json');
|
$_SESSION['auth_error'] = 'Missing authentication token.';
|
||||||
http_response_code(400);
|
header('Location: ' . $errorRedirect);
|
||||||
echo json_encode(['error' => 'Missing auth token']);
|
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -32,18 +33,31 @@ $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
|||||||
curl_close($ch);
|
curl_close($ch);
|
||||||
|
|
||||||
if ($httpCode !== 200 || !$response) {
|
if ($httpCode !== 200 || !$response) {
|
||||||
header('Content-Type: application/json');
|
$_SESSION['auth_error'] = 'Authentication server is unreachable. Please try again later.';
|
||||||
http_response_code(502);
|
header('Location: ' . $errorRedirect);
|
||||||
echo json_encode(['error' => 'Auth server unreachable']);
|
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$data = json_decode($response, true);
|
$data = json_decode($response, true);
|
||||||
|
|
||||||
if (!isset($data['status']) || $data['status'] !== 'success') {
|
if (!isset($data['status']) || $data['status'] !== 'success') {
|
||||||
header('Content-Type: application/json');
|
$_SESSION['auth_error'] = 'Authentication failed: ' . ($data['msg'] ?? 'Unknown error');
|
||||||
http_response_code(401);
|
header('Location: ' . $errorRedirect);
|
||||||
echo json_encode(['error' => 'Authentication failed', 'msg' => $data['msg'] ?? 'unknown']);
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
$userToken = $data['user_token'] ?? '';
|
||||||
|
|
||||||
|
$db = new Database();
|
||||||
|
$repo = new Repository($db);
|
||||||
|
|
||||||
|
$allowedTokens = $repo->getAllowedUserTokens();
|
||||||
|
|
||||||
|
if (empty($allowedTokens)) {
|
||||||
|
$repo->setAllowedUserTokens([$userToken]);
|
||||||
|
} elseif (!in_array($userToken, $allowedTokens, true)) {
|
||||||
|
$_SESSION['auth_error'] = 'Your Jakach account is not authorized to access this system. Contact an administrator.';
|
||||||
|
header('Location: ' . $errorRedirect);
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -52,22 +66,8 @@ $_SESSION['username'] = $data['username'] ?? 'unknown';
|
|||||||
$_SESSION['id'] = $data['id'] ?? '';
|
$_SESSION['id'] = $data['id'] ?? '';
|
||||||
$_SESSION['email'] = $data['email'] ?? '';
|
$_SESSION['email'] = $data['email'] ?? '';
|
||||||
$_SESSION['telegram_id'] = $data['telegram_id'] ?? '';
|
$_SESSION['telegram_id'] = $data['telegram_id'] ?? '';
|
||||||
$_SESSION['user_token'] = $data['user_token'] ?? '';
|
$_SESSION['user_token'] = $userToken;
|
||||||
|
unset($_SESSION['auth_error']);
|
||||||
if (!headers_sent()) {
|
|
||||||
$db = new Database();
|
|
||||||
$repo = new \Jakach\Logging\Storage\Repository($db);
|
|
||||||
$allowedTokens = $repo->getAllowedUserTokens();
|
|
||||||
|
|
||||||
if (!empty($allowedTokens) && !in_array($_SESSION['user_token'], $allowedTokens, true)) {
|
|
||||||
$_SESSION = [];
|
|
||||||
session_destroy();
|
|
||||||
header('Content-Type: application/json');
|
|
||||||
http_response_code(403);
|
|
||||||
echo json_encode(['error' => 'Your account is not authorized to access this system']);
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$redirect = $_GET['redirect'] ?? '/';
|
$redirect = $_GET['redirect'] ?? '/';
|
||||||
header('Location: ' . $redirect);
|
header('Location: ' . $redirect);
|
||||||
|
|||||||
@@ -30,16 +30,16 @@ class AuthMiddleware
|
|||||||
}
|
}
|
||||||
|
|
||||||
$allowedTokens = $this->repo->getAllowedUserTokens();
|
$allowedTokens = $this->repo->getAllowedUserTokens();
|
||||||
if (!empty($allowedTokens)) {
|
$userToken = $_SESSION['user_token'] ?? '';
|
||||||
$userToken = $_SESSION['user_token'] ?? '';
|
|
||||||
if (!in_array($userToken, $allowedTokens, true)) {
|
if (!empty($allowedTokens) && !in_array($userToken, $allowedTokens, true)) {
|
||||||
return null;
|
$_SESSION['auth_error'] = 'Your Jakach account is not authorized to access this system.';
|
||||||
}
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'username' => $_SESSION['username'] ?? 'unknown',
|
'username' => $_SESSION['username'] ?? 'unknown',
|
||||||
'user_token' => $_SESSION['user_token'] ?? '',
|
'user_token' => $userToken,
|
||||||
'email' => $_SESSION['email'] ?? '',
|
'email' => $_SESSION['email'] ?? '',
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|||||||
+7
-6
@@ -85,24 +85,25 @@ class Router
|
|||||||
private function respond(int $code, mixed $result): void
|
private function respond(int $code, mixed $result): void
|
||||||
{
|
{
|
||||||
http_response_code($code);
|
http_response_code($code);
|
||||||
|
|
||||||
if (is_array($result)) {
|
if (is_array($result)) {
|
||||||
$hasObjects = false;
|
$hasObjects = false;
|
||||||
|
$isList = array_is_list($result);
|
||||||
foreach ($result as $key => $val) {
|
foreach ($result as $key => $val) {
|
||||||
if (is_object($val) && method_exists($val, 'toArray')) {
|
if (is_object($val) && method_exists($val, 'toArray')) {
|
||||||
$result[$key] = $val->toArray();
|
$result[$key] = $val->toArray();
|
||||||
$hasObjects = true;
|
$hasObjects = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ($hasObjects) {
|
if ($hasObjects || ($isList && (empty($result) || !isset($result['data'])))) {
|
||||||
echo json_encode($result, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
|
if ($isList) {
|
||||||
return;
|
$result = ['data' => $result];
|
||||||
}
|
}
|
||||||
if (array_is_list($result) && (empty($result) || !isset($result['data']))) {
|
|
||||||
$result = ['data' => $result];
|
|
||||||
}
|
}
|
||||||
} elseif (is_object($result) && method_exists($result, 'toArray')) {
|
} elseif (is_object($result) && method_exists($result, 'toArray')) {
|
||||||
$result = ['data' => $result->toArray()];
|
$result = ['data' => $result->toArray()];
|
||||||
}
|
}
|
||||||
|
|
||||||
echo json_encode($result, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
|
echo json_encode($result, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user