diff options
Diffstat (limited to 'auth/callback')
| -rw-r--r-- | auth/callback/index.php | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/auth/callback/index.php b/auth/callback/index.php new file mode 100644 index 0000000..8419364 --- /dev/null +++ b/auth/callback/index.php @@ -0,0 +1,61 @@ +<?php + +$server = "auth.equestria.horse"; + +header("Content-Type: text/plain"); + +if (!isset($_GET['code'])) { + die(); +} + +$appdata = json_decode(file_get_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/app.json"), true); + +$crl = curl_init('https://' . $server . '/hub/api/rest/oauth2/token'); +curl_setopt($crl, CURLOPT_RETURNTRANSFER, true); +curl_setopt($crl, CURLINFO_HEADER_OUT, true); +curl_setopt($crl, CURLOPT_POST, true); +curl_setopt($crl, CURLOPT_HTTPHEADER, [ + "Authorization: Basic " . base64_encode($appdata["oauth"]["id"] . ":" . $appdata["oauth"]["secret"]), + "Content-Type: application/x-www-form-urlencoded", + "Accept: application/json" +]); +curl_setopt($crl, CURLOPT_POSTFIELDS, "grant_type=authorization_code&redirect_uri=" . urlencode("https://ponies.equestria.horse/auth/callback") . "&code=" . $_GET['code']); + +$result = curl_exec($crl); +$result = json_decode($result, true); + +curl_close($crl); + +if (isset($result["access_token"])) { + $crl = curl_init('https://' . $server . '/hub/api/rest/users/me'); + curl_setopt($crl, CURLOPT_RETURNTRANSFER, true); + curl_setopt($crl, CURLINFO_HEADER_OUT, true); + curl_setopt($crl, CURLOPT_HTTPHEADER, [ + "Authorization: Bearer " . $result["access_token"], + "Accept: application/json" + ]); + + $result = curl_exec($crl); + $result = json_decode($result, true); + + if (!in_array($result["id"], $appdata["oauth"]["allowed"]["admin"]) && !in_array($result["id"], $appdata["oauth"]["allowed"]["lower"])) { + peh_error("Access denied, you are not allowed to login to this website", 403); + die(); + } + + if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens")) mkdir($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens"); + if (!file_exists($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens")) mkdir($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens"); + + $token = bin2hex(random_bytes(32)); + + if (in_array($result["id"], $appdata["oauth"]["allowed"]["admin"])) { + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/tokens/" . $token, json_encode($result)); + } else { + file_put_contents($_SERVER['DOCUMENT_ROOT'] . "/includes/lowertokens/" . $token, json_encode($result)); + } + + header("Set-Cookie: PEH2_SESSION_TOKEN=" . $token . "; SameSite=None; Path=/; Secure; HttpOnly; Expires=" . date("r", time() + (86400 * 730))); + + header("Location: /"); + die(); +}
\ No newline at end of file |