Initial commit

author: Minteck <contact@minteck.org> 2022-06-06 17:10:14 +0200
committer: Minteck <contact@minteck.org> 2022-06-06 17:10:14 +0200
commit: 10b1ace835d908d32f99874facf8811534087d5b (patch)
tree: ecf068e4ac40f7470ca2b5ac6bd13bd8fbe13ba9 /Authentication
download: bits-server-10b1ace835d908d32f99874facf8811534087d5b.tar.gz
bits-server-10b1ace835d908d32f99874facf8811534087d5b.tar.bz2
bits-server-10b1ace835d908d32f99874facf8811534087d5b.zip
7 files changed, 143 insertions, 0 deletions
diff --git a/Authentication/Callback/index.php b/Authentication/Callback/index.php
new file mode 100644
index 0000000..3f50e1c
--- /dev/null
+++ b/Authentication/Callback/index.php
@@ -0,0 +1,63 @@
+<?php
+
+header("Content-Type: text/plain");
+// TODO: handle errors
+
+if (!isset($_GET['code'])) {
+    die();
+}
+
+$appdata = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Application.json"), true);
+
+$crl = curl_init('https://account.minteck.org/hub/api/rest/oauth2/token');
+curl_setopt($crl, CURLOPT_RETURNTRANSFER, true);
+curl_setopt($crl, CURLINFO_HEADER_OUT, true);
+curl_setopt($crl, CURLOPT_POST, true);
+curl_setopt($crl, CURLOPT_HTTPHEADER, [
+    "Authorization: Basic " . base64_encode($appdata["id"] . ":" . $appdata["secret"]),
+    "Content-Type: application/x-www-form-urlencoded",
+    "Accept: application/json"
+]);
+curl_setopt($crl, CURLOPT_POSTFIELDS, "grant_type=authorization_code&redirect_uri=" . urlencode("http" . ($_SERVER['HTTPS'] ? "s" : "") . "://" . $_SERVER['HTTP_HOST'] . "/Authentication/Callback") . "&code=" . $_GET['code']);
+
+$result = curl_exec($crl);
+$result = json_decode($result, true);
+
+curl_close($crl);
+
+if (isset($result["access_token"])) {
+    $crl = curl_init('https://account.minteck.org/hub/api/rest/users/me');
+    curl_setopt($crl, CURLOPT_RETURNTRANSFER, true);
+    curl_setopt($crl, CURLINFO_HEADER_OUT, true);
+    curl_setopt($crl, CURLOPT_HTTPHEADER, [
+        "Authorization: Bearer " . $result["access_token"],
+        "Accept: application/json"
+    ]);
+
+    $result = curl_exec($crl);
+    $result = json_decode($result, true);
+
+    if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/Private/SessionTokens")) mkdir($_SERVER['DOCUMENT_ROOT'] . "/Private/SessionTokens");
+
+    if (in_array($result["id"], json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/AllowedUsers.json"), true))) {
+        $token = bin2hex(random_bytes(32));
+        file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/SessionTokens/" . $token, json_encode($result));
+        session_start();
+        session_set_cookie_params([
+            'lifetime' => 0,
+            'path' => '/',
+            'domain' => "",
+            'secure' => true,
+            'httponly' => true,
+            'samesite' => 'None'
+        ]);
+        setcookie("BITS_SESSION_TOKEN", $token, 0, "/", "", true, true);
+        header("Set-Cookie: BITS_SESSION_TOKEN=" . $token . "; SameSite=None; Path=/; Secure; HttpOnly");
+
+        header("Location: /Authentication/Success");
+    } else {
+        header("Location: /Authentication/Disallowed");
+    }
+
+    die();
+}
+\ No newline at end of file
diff --git a/Authentication/Disallowed/index.php b/Authentication/Disallowed/index.php
new file mode 100644
index 0000000..bae4da7
--- /dev/null
+++ b/Authentication/Disallowed/index.php
@@ -0,0 +1,30 @@
+<!doctype html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport"
+          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
+    <meta http-equiv="X-UA-Compatible" content="ie=edge">
+    <title>Authentication</title>
+    <style>
+        body {
+            background: #222;
+            color: white;
+            font-family: sans-serif;
+            text-align: center;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            position: fixed;
+            inset: 0;
+        }
+    </style>
+</head>
+<body>
+<div>
+    <h2>Not allowed</h2>
+    <p>You are not allowed to use this application. Please close it now.</p>
+</div>
+</body>
+</html>
+
diff --git a/Authentication/Start/index.php b/Authentication/Start/index.php
new file mode 100644
index 0000000..006752e
--- /dev/null
+++ b/Authentication/Start/index.php
@@ -0,0 +1,4 @@
+<?php
+
+header("Location: https://account.minteck.org/hub/api/rest/oauth2/auth?client_id=" . json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/Private/Application.json"), true)["id"] . "&response_type=code&redirect_uri=http" . ($_SERVER['HTTPS'] ? "s" : "") . "://" . $_SERVER['HTTP_HOST'] . "/Authentication/Callback&scope=Hub&request_credentials=default&access_type=offline");
+die();
diff --git a/Authentication/Success/index.php b/Authentication/Success/index.php
new file mode 100644
index 0000000..882eecc
--- /dev/null
+++ b/Authentication/Success/index.php
@@ -0,0 +1,30 @@
+<?php require_once $_SERVER['DOCUMENT_ROOT'] . "/Private/SessionManager.php"; ?>
+<!doctype html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport"
+          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
+    <meta http-equiv="X-UA-Compatible" content="ie=edge">
+    <title>Authentication</title>
+    <style>
+        body {
+            background: #222;
+            color: white;
+            font-family: sans-serif;
+            text-align: center;
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            position: fixed;
+            inset: 0;
+        }
+    </style>
+</head>
+<body>
+    <div>
+        <h2>Success</h2>
+        <p>Authentication succeeded, you will be redirected to the requested application in a few seconds.</p>
+    </div>
+</body>
+</html>
diff --git a/Authentication/Test/index.php b/Authentication/Test/index.php
new file mode 100644
index 0000000..7c0d1fb
--- /dev/null
+++ b/Authentication/Test/index.php
@@ -0,0 +1,4 @@
+<?php
+
+require_once $_SERVER['DOCUMENT_ROOT'] . "/Private/SessionChecker.php";
+header("Content-Type: application/json"); die("{\n    \"status\": 0\n}");
+\ No newline at end of file
diff --git a/Authentication/Username/index.php b/Authentication/Username/index.php
new file mode 100644
index 0000000..63b4aed
--- /dev/null
+++ b/Authentication/Username/index.php
@@ -0,0 +1,11 @@
+<?php
+
+require_once $_SERVER['DOCUMENT_ROOT'] . "/Private/SessionManager.php"; global $_PROFILE;
+header("Content-Type: application/json");
+
+$a = [
+    "name" => $_PROFILE["name"],
+    "id" => $_PROFILE['id']
+];
+
+die(json_encode($a));
+\ No newline at end of file
diff --git a/Authentication/index.php b/Authentication/index.php
new file mode 100644
index 0000000..9fd9e4a
--- /dev/null
+++ b/Authentication/index.php
@@ -0,0 +1 @@
+<?php header("Location: /Authentication/Start") and die();
+\ No newline at end of file
author	Minteck <contact@minteck.org>	2022-06-06 17:10:14 +0200
committer	Minteck <contact@minteck.org>	2022-06-06 17:10:14 +0200
commit	10b1ace835d908d32f99874facf8811534087d5b (patch)
tree	ecf068e4ac40f7470ca2b5ac6bd13bd8fbe13ba9 /Authentication
download	bits-server-10b1ace835d908d32f99874facf8811534087d5b.tar.gz bits-server-10b1ace835d908d32f99874facf8811534087d5b.tar.bz2 bits-server-10b1ace835d908d32f99874facf8811534087d5b.zip