Oliver/cinema-studio-pro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cinema-studio-pro/backend/AuthMiddleware.php
Manish Tanwar 165a10694a Restructuring of files and Local Tested
2026-01-13 14:52:37 +05:30

409 lines
12 KiB
PHP
Raw Permalink Blame History

<?php
/**
* Authentication Middleware for MSAL / Azure AD
* Central authentication orchestrator with login UI
*/
require_once __DIR__ . '/config.php';
class AuthMiddleware {
private $validator;
private $tenantId;
private $clientId;
private $ssoEnabled;
public function __construct() {
$this->ssoEnabled = SSO_ENABLED;
$this->tenantId = SSO_TENANT_ID;
$this->clientId = SSO_CLIENT_ID;
// Only initialize validator if SSO is enabled
if ($this->ssoEnabled) {
require_once __DIR__ . '/JWTValidator.php';
$this->validator = new JWTValidator($this->tenantId, $this->clientId);
}
}
/**
* Check if SSO is enabled
*
* @return bool
*/
public function isSSOEnabled() {
return $this->ssoEnabled;
}
/**
* Check if user is authenticated
*
* @return array ['authenticated' => bool, 'user' => array|null, 'error' => string|null]
*/
public function isAuthenticated() {
// If SSO is disabled, return authenticated with mock user
if (!$this->ssoEnabled) {
return [
'authenticated' => true,
'user' => [
'name' => 'Local Developer',
'preferred_username' => 'dev@localhost'
]
];
}
// Get token from cookie
$token = $this->getTokenFromCookie();
if (!$token) {
return ['authenticated' => false, 'error' => 'No authentication token found'];
}
// Validate token
$validation = $this->validator->validateToken($token);
if (!$validation['valid']) {
return ['authenticated' => false, 'error' => $validation['error']];
}
return ['authenticated' => true, 'user' => $validation['payload']];
}
/**
* Require authentication - blocks if not authenticated
*
* @return array User data
*/
public function requireAuth() {
// If SSO is disabled, return mock user
if (!$this->ssoEnabled) {
return [
'name' => 'Local Developer',
'preferred_username' => 'dev@localhost'
];
}
// Check authentication
$auth = $this->isAuthenticated();
if (!$auth['authenticated']) {
$this->handleUnauthorized($auth['error'] ?? 'Authentication required');
exit;
}
return $auth['user'];
}
/**
* Set authentication token (after login)
*
* @param string $token JWT token from MSAL
* @return array ['success' => bool, 'user' => array|null, 'error' => string|null]
*/
public function setAuthToken($token) {
if (!$this->ssoEnabled) {
return ['success' => false, 'error' => 'SSO is disabled'];
}
// Validate token
$validation = $this->validator->validateToken($token);
if (!$validation['valid']) {
return ['success' => false, 'error' => $validation['error']];
}
// Set httpOnly cookie with security options
$cookieOptions = [
'expires' => time() + (24 * 60 * 60), // 24 hours
'path' => '/',
'domain' => '',
'secure' => isset($_SERVER['HTTPS']), // Only over HTTPS in production
'httponly' => true,
'samesite' => 'Lax'
];
setcookie('auth_token', $token, $cookieOptions);
return ['success' => true, 'user' => $validation['payload']];
}
/**
* Clear authentication token (logout)
*/
public function clearAuthToken() {
setcookie('auth_token', '', [
'expires' => time() - 3600,
'path' => '/',
'httponly' => true
]);
}
/**
* Get token from cookie
*
* @return string|null
*/
private function getTokenFromCookie() {
return isset($_COOKIE['auth_token']) ? $_COOKIE['auth_token'] : null;
}
/**
* Handle unauthorized access
*
* @param string $error Error message
*/
private function handleUnauthorized($error) {
if ($this->isAjaxRequest()) {
// For AJAX requests, return JSON
header('Content-Type: application/json');
http_response_code(401);
echo json_encode([
'error' => 'Authentication required',
'message' => $error,
'requiresAuth' => true
]);
} else {
// For page requests, show login interface
$this->showLoginPage($error);
}
}
/**
* Check if request is AJAX
*
* @return bool
*/
private function isAjaxRequest() {
return isset($_SERVER['HTTP_X_REQUESTED_WITH']) &&
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest';
}
/**
* Show login page with MSAL integration
*
* @param string $error Optional error message
*/
public function showLoginPage($error = '') {
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Sign In - Nano Banana Pro</title>
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Montserrat:wght@400;500;600;700&display=swap" rel="stylesheet">
<script src="https://alcdn.msauth.net/browser/2.15.0/js/msal-browser.min.js" crossorigin="anonymous"></script>
<style>
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
font-family: 'Montserrat', sans-serif;
background: #000;
color: #fff;
min-height: 100vh;
display: flex;
align-items: center;
justify-content: center;
padding: 20px;
}
.login-container {
background: #1a1a1a;
border: 2px solid #FFC407;
border-radius: 12px;
padding: 50px 40px;
max-width: 450px;
width: 100%;
text-align: center;
box-shadow: 0 10px 50px rgba(255, 196, 7, 0.2);
}
.login-logo {
font-size: 4rem;
margin-bottom: 20px;
}
.login-title {
font-size: 2rem;
font-weight: 700;
color: #FFC407;
margin-bottom: 10px;
}
.login-subtitle {
font-size: 1rem;
color: #999;
margin-bottom: 40px;
}
.error-message {
background: #ff4444;
color: #fff;
padding: 15px;
border-radius: 8px;
margin-bottom: 20px;
font-size: 0.9rem;
}
.btn-login {
background: linear-gradient(135deg, #FFC407 0%, #ff9500 100%);
color: #000;
border: none;
padding: 18px 40px;
border-radius: 8px;
font-family: 'Montserrat', sans-serif;
font-weight: 700;
font-size: 1.1rem;
cursor: pointer;
transition: all 0.3s;
width: 100%;
display: flex;
align-items: center;
justify-content: center;
gap: 10px;
}
.btn-login:hover {
transform: translateY(-3px);
box-shadow: 0 5px 20px rgba(255, 196, 7, 0.4);
}
.btn-login:active {
transform: translateY(-1px);
}
.loading {
display: none;
}
.loading.show {
display: inline-block;
width: 20px;
height: 20px;
border: 3px solid #000;
border-top: 3px solid transparent;
border-radius: 50%;
animation: spin 1s linear infinite;
}
@keyframes spin {
0% { transform: rotate(0deg); }
100% { transform: rotate(360deg); }
}
.info-text {
margin-top: 30px;
font-size: 0.85rem;
color: #666;
}
</style>
</head>
<body>
<div class="login-container">
<div class="login-logo">🎨</div>
<h1 class="login-title">Nano Banana Pro</h1>
<p class="login-subtitle">AI Image Generation & Editing Tool</p>
<?php if ($error): ?>
<div class="error-message">
<?php echo htmlspecialchars($error); ?>
</div>
<?php endif; ?>
<button class="btn-login" onclick="signIn()" id="loginBtn">
<span id="lockIcon">🔒</span>
<span id="loadingIcon" class="loading"></span>
<span id="btnText">Sign In with Microsoft</span>
</button>
<div class="info-text">
Sign in with your Microsoft account to access the image generator
</div>
</div>
<script>
const msalConfig = {
auth: {
clientId: "<?php echo $this->clientId; ?>",
authority: "https://login.microsoftonline.com/<?php echo $this->tenantId; ?>",
redirectUri: window.location.origin + window.location.pathname
},
cache: {
cacheLocation: "sessionStorage",
storeAuthStateInCookie: true,
}
};
const loginRequest = {
scopes: ["openid", "profile", "email"],
prompt: "select_account"
};
const myMSALObj = new msal.PublicClientApplication(msalConfig);
function signIn() {
const loginBtn = document.getElementById('loginBtn');
const lockIcon = document.getElementById('lockIcon');
const loadingIcon = document.getElementById('loadingIcon');
const btnText = document.getElementById('btnText');
// Show loading state
loginBtn.disabled = true;
lockIcon.style.display = 'none';
loadingIcon.classList.add('show');
btnText.textContent = 'Signing in...';
myMSALObj.loginPopup(loginRequest)
.then(loginResponse => {
// Send token to server for validation and cookie setting
fetch('auth.php', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
action: 'login',
idToken: loginResponse.idToken,
accessToken: loginResponse.accessToken
})
})
.then(response => response.json())
.then(data => {
if (data.success) {
window.location.reload();
} else {
alert('Authentication failed: ' + (data.error || 'Unknown error'));
resetButton();
}
})
.catch(error => {
console.error('Authentication error:', error);
alert('Authentication failed. Please try again.');
resetButton();
});
})
.catch(error => {
console.error("Login failed:", error);
alert('Login failed: ' + error.message);
resetButton();
});
}
function resetButton() {
const loginBtn = document.getElementById('loginBtn');
const lockIcon = document.getElementById('lockIcon');
const loadingIcon = document.getElementById('loadingIcon');
const btnText = document.getElementById('btnText');
loginBtn.disabled = false;
lockIcon.style.display = 'inline';
loadingIcon.classList.remove('show');
btnText.textContent = 'Sign In with Microsoft';
}
</script>
</body>
</html>
<?php
}
}
Reference in a new issue View git blame Copy permalink