Commit

2 files changed, 85 insertions, 0 deletions

diff --git a/mwspub/callback/index.php b/mwspub/callback/index.php
new file mode 100644
index 0000000..1dafeb9
--- /dev/null
+++ b/mwspub/callback/index.php
@@ -0,0 +1,44 @@
+<?php

+

+// TODO: handle errors

+

+if (!isset($_GET['code'])) {

+    die();

+}

+

+$appdata = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/mwspub/private/app.json"), true);

+

+$crl = curl_init('https://account.minteck.org/hub/hub/api/rest/oauth2/token');

+curl_setopt($crl, CURLOPT_RETURNTRANSFER, true);

+curl_setopt($crl, CURLINFO_HEADER_OUT, true);

+curl_setopt($crl, CURLOPT_POST, true);

+curl_setopt($crl, CURLOPT_HTTPHEADER, [

+    "Authorization: Basic " . base64_encode($appdata["id"] . ":" . $appdata["secret"]),

+    "Content-Type: application/x-www-form-urlencoded",

+    "Accept: application/json"

+]);

+curl_setopt($crl, CURLOPT_POSTFIELDS, "grant_type=authorization_code&redirect_uri=" . urlencode("https://minteck.org/mwspub/callback") . "&code=" . $_GET['code']);

+

+$result = curl_exec($crl);

+$result = json_decode($result, true);

+

+curl_close($crl);

+

+if (isset($result["access_token"])) {

+    $crl = curl_init('https://account.minteck.org/hub/hub/api/rest/users/me');

+    curl_setopt($crl, CURLOPT_RETURNTRANSFER, true);

+    curl_setopt($crl, CURLINFO_HEADER_OUT, true);

+    curl_setopt($crl, CURLOPT_HTTPHEADER, [

+        "Authorization: Bearer " . $result["access_token"],

+        "Accept: application/json"

+    ]);

+

+    $result = curl_exec($crl);

+    $result = json_decode($result, true);

+

+    $token = bin2hex(random_bytes(32));

+    file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/mwspub/private/tokens/" . $token, json_encode($result));

+    setcookie("mws_public_token", $token, strtotime('+365 days'), "/mwspub", "", true, true);

+

+    header("Location: /mwspub");

+}
\ No newline at end of file
diff --git a/mwspub/index.php b/mwspub/index.php
new file mode 100644
index 0000000..e0b4c32
--- /dev/null
+++ b/mwspub/index.php
@@ -0,0 +1,41 @@
+<?php

+

+header("Content-Type: text/plain");

+

+if (isset($_GET['_'])) {

+    setcookie("_session", $_GET['_']);

+    header("Location: /mwspub");

+    die();

+} else {

+    if (!isset($_COOKIE['_session'])) {

+        header("Location: https://minteck.org");

+        die();

+    }

+}

+

+if (!isset($_COOKIE["mws_public_token"])) {

+    header("Location: https://account.minteck.org/hub/hub/api/rest/oauth2/auth?client_id=f0972ed6-9b0b-4a56-b710-7bbf5e261785&response_type=code&redirect_uri=https://minteck.org/mwspub/callback&scope=hub&request_credentials=default&access_type=offline");

+    die();

+} else if (ctype_xdigit($_COOKIE["mws_public_token"]) && file_exists($_SERVER['DOCUMENT_ROOT'] . "/mwspub/private/tokens/" . $_COOKIE['mws_public_token'])) {

+    $_DATA = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/mwspub/private/tokens/" . $_COOKIE['mws_public_token']), true);

+} else {

+    header("Location: https://account.minteck.org/hub/hub/api/rest/oauth2/auth?client_id=f0972ed6-9b0b-4a56-b710-7bbf5e261785&response_type=code&redirect_uri=https://minteck.org/mwspub/callback&scope=hub&request_credentials=default&access_type=offline");

+    die();

+}

+

+if (isset($_COOKIE['_session'])) {

+    if (strlen($_COOKIE['_session']) === 96 && !preg_match('/[^a-f_\-0-9]/i', $_COOKIE['_session'])) {

+        if (file_exists("/mnt/public/temp/" . $_COOKIE['_session'])) {

+            if (file_get_contents("/mnt/public/temp/" . $_COOKIE["_session"]) !== "==WAITING==") {

+                die("Unable to login: this token has already been used");

+            } else {

+                file_put_contents("/mnt/public/temp/" . $_COOKIE['_session'], file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/mwspub/private/tokens/" . $_COOKIE['mws_public_token']));

+                die("Log in successful, you may now close this browser window/tab and return to your terminal window.");

+            }

+        } else {

+            die("Unable to login: this token does not exist");

+        }

+    } else {

+        die("Unable to login: this token is invalid");

+    }

+}
\ No newline at end of file