adding auth
This commit is contained in:
@@ -0,0 +1,74 @@
|
||||
<?php
|
||||
|
||||
require_once __DIR__ . '/../vendor/autoload.php';
|
||||
|
||||
use Jakach\Logging\Storage\Database;
|
||||
|
||||
session_set_cookie_params([
|
||||
'lifetime' => 86400 * 7,
|
||||
'path' => '/',
|
||||
'httponly' => true,
|
||||
'samesite' => 'Lax',
|
||||
]);
|
||||
session_start();
|
||||
|
||||
$authToken = $_GET['auth'] ?? '';
|
||||
|
||||
if (!$authToken) {
|
||||
header('Content-Type: application/json');
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'Missing auth token']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$checkUrl = 'https://auth.jakach.ch/api/auth/check_auth_key.php?auth_token=' . urlencode($authToken);
|
||||
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_URL, $checkUrl);
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
|
||||
$response = curl_exec($ch);
|
||||
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
||||
curl_close($ch);
|
||||
|
||||
if ($httpCode !== 200 || !$response) {
|
||||
header('Content-Type: application/json');
|
||||
http_response_code(502);
|
||||
echo json_encode(['error' => 'Auth server unreachable']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$data = json_decode($response, true);
|
||||
|
||||
if (!isset($data['status']) || $data['status'] !== 'success') {
|
||||
header('Content-Type: application/json');
|
||||
http_response_code(401);
|
||||
echo json_encode(['error' => 'Authentication failed', 'msg' => $data['msg'] ?? 'unknown']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$_SESSION['loggedin'] = true;
|
||||
$_SESSION['username'] = $data['username'] ?? 'unknown';
|
||||
$_SESSION['id'] = $data['id'] ?? '';
|
||||
$_SESSION['email'] = $data['email'] ?? '';
|
||||
$_SESSION['telegram_id'] = $data['telegram_id'] ?? '';
|
||||
$_SESSION['user_token'] = $data['user_token'] ?? '';
|
||||
|
||||
if (!headers_sent()) {
|
||||
$db = new Database();
|
||||
$repo = new \Jakach\Logging\Storage\Repository($db);
|
||||
$allowedTokens = $repo->getAllowedUserTokens();
|
||||
|
||||
if (!empty($allowedTokens) && !in_array($_SESSION['user_token'], $allowedTokens, true)) {
|
||||
$_SESSION = [];
|
||||
session_destroy();
|
||||
header('Content-Type: application/json');
|
||||
http_response_code(403);
|
||||
echo json_encode(['error' => 'Your account is not authorized to access this system']);
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
$redirect = $_GET['redirect'] ?? '/';
|
||||
header('Location: ' . $redirect);
|
||||
exit;
|
||||
Reference in New Issue
Block a user