Oliver/format
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
format/CLAUDE.md
michael e76cd6236c initial commit
2025-09-08 16:25:26 -05:00

63 lines
No EOL
2.8 KiB
Markdown
Raw Permalink Blame History

# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Project Overview
This is a web-based Markdown to HTML converter application with secure Microsoft Azure AD authentication. The application requires authentication to access any functionality and validates tokens server-side for security.
## Architecture
The application follows a secure client-server architecture with proper authentication:
- **Frontend**: Vanilla JavaScript with HTML/CSS, MSAL.js for authentication
- **Backend**: PHP with server-side JWT token validation
- **Authentication**: Microsoft Azure AD/Entra ID with PKCE flow and httpOnly cookies
- **Security**: Server-side authentication gate, JWT validation on all requests
- **Markdown Processing**: Client-side using marked.js library
## Key Files
### Authentication & Security
- `AuthMiddleware.php` - Authentication middleware for protecting endpoints
- `JWTValidator.php` - Custom JWT validation class for Azure AD tokens
- `auth.php` - Authentication endpoint for login/logout/status operations
### Application Core
- `index.php` - Main application page with server-side authentication required
- `process.php` - Server-side endpoint with authentication protection
- `config.php` - PHP configuration and error reporting
- `js/script.js` - Enhanced client-side JavaScript with better error handling
- `css/style.css` - Application styling with Montserrat font
## Authentication Flow
1. **Page Access**: All pages require authentication via `AuthMiddleware->requireAuth()`
2. **Login Process**: MSAL popup → token exchange → httpOnly cookie → page reload
3. **Token Validation**: JWT validated against Azure AD public keys on every request
4. **Logout Process**: Clear httpOnly cookie + MSAL logout → redirect
## Authentication Configuration
- **Client ID**: `9079054c-9620-4757-a256-23413042f1ef`
- **Tenant ID**: `e519c2e6-bc6d-4fdf-8d9c-923c2f002385`
- **Flow**: Authorization Code with PKCE (popup-based)
- **Token Storage**: httpOnly cookies for security
- **Validation**: Stateless JWT validation on each request
## Security Features
- Server-side authentication gate on all pages and endpoints
- JWT signature validation using Azure AD public keys
- httpOnly cookies prevent XSS token theft
- Proper error handling with user-friendly messages
- No client-side security dependencies (removed CSS-based hiding)
- Token expiration and claim validation
## Development Notes
- **Dependencies**: No build process required - uses CDN resources
- **PHP Required**: Full functionality requires PHP server with OpenSSL support
- **Testing**: Authentication can be tested locally with proper redirect URI configuration
- **Error Handling**: Authentication errors show clear messages to users
- **Modern Features**: Uses modern clipboard API with fallback for copying HTML
Reference in a new issue View git blame Copy permalink