nano-pro

Oliver/nano-pro

Fork 0

Commit graph

Author	SHA1	Message	Date
DJP	61aa1931bb	Add MSAL/Azure AD authentication with toggle support Implemented complete Microsoft Authentication Library (MSAL) / Azure AD Single Sign-On (SSO) system following Ferrero app pattern. KEY FEATURE: Toggle authentication on/off via environment variable - SSO_ENABLED=false → Mock user, no login required (local dev) - SSO_ENABLED=true → Full Azure AD authentication (production) NEW FILES: - composer.json - Firebase JWT dependency - .env.example - Environment variable template - env_loader.php - Parse .env file - JWTValidator.php - Validate JWT tokens from Azure AD - AuthMiddleware.php - Core auth orchestrator with login UI - auth.php - Authentication API (login/logout/status) - auth-test.php - Debug authentication status - AUTH_README.md - Complete setup documentation UPDATED FILES: - config.php - Load env vars, add SSO constants - index.php - Require auth, add logout button, MSAL script - api.php - Add authentication check - enhance_prompt.php - Add authentication check - .gitignore - Exclude .env and vendor/ AUTHENTICATION FLOW: 1. User visits app → Auth check 2. If SSO disabled → Mock "Local Developer" user 3. If SSO enabled → Validate JWT from cookie 4. If no token → Show MSAL login page 5. User signs in → Token validated → Cookie set → App loads SECURITY FEATURES: ✅ httpOnly cookies (XSS prevention) ✅ SameSite=Lax (CSRF prevention) ✅ JWT signature validation ✅ Claims validation (exp, nbf, aud, iss) ✅ JWKS from Azure AD ✅ 24-hour token expiration ✅ Secure flag for HTTPS DEPENDENCIES INSTALLED: - firebase/php-jwt v6.11.1 TESTING: - Local: SSO disabled by default in .env - Server: Set SSO_ENABLED=true with Azure AD credentials - Cannot test MSAL locally (redirect URI bound to server) DEPLOYMENT: 1. Install composer dependencies 2. Configure .env with Azure AD credentials 3. Set SSO_ENABLED=true when ready 4. Visit auth-test.php to verify setup 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>	2025-12-16 10:08:07 -05:00
DJP	7d1cd03a32	Add multi-user support with 24-hour image expiration Implemented complete session management system for multiple users: New Features: - Isolated user sessions with unique session IDs - File-based image storage (not in PHP session) - Automatic 24-hour image expiration - Session directories: uploads/sessions/{session_id}/ - Images stored with metadata (creation time, expiry, MIME type) New Files: - session_manager.php - Complete session management class - cleanup.php - Cron script to delete expired images - uploads/.htaccess - Security: prevent direct file access Updated Files: - api.php - Uses SessionManager for file-based storage - index.php - Loads images from disk via SessionManager - .gitignore - Exclude user uploads from repository Usage: - Each user gets isolated session automatically - Images auto-delete after 24 hours - Run cleanup.php via cron: `0 * * * * php cleanup.php` Security: - Session IDs regenerated on first access - Upload directory protected by .htaccess - User images isolated by session 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>	2025-12-16 08:56:26 -05:00
DJP	4deed84ba0	Initial commit: Nano AI Image Generator - Complete working image generation app using Imagen 3 - PHP backend with Gemini API integration - Dark themed UI with prompt enhancement - Session management and logging system 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>	2025-12-16 08:35:02 -05:00

Author

SHA1

Message

Date

DJP

61aa1931bb

Add MSAL/Azure AD authentication with toggle support

Implemented complete Microsoft Authentication Library (MSAL) / Azure AD
Single Sign-On (SSO) system following Ferrero app pattern.

KEY FEATURE: Toggle authentication on/off via environment variable
- SSO_ENABLED=false → Mock user, no login required (local dev)
- SSO_ENABLED=true → Full Azure AD authentication (production)

NEW FILES:
- composer.json - Firebase JWT dependency
- .env.example - Environment variable template
- env_loader.php - Parse .env file
- JWTValidator.php - Validate JWT tokens from Azure AD
- AuthMiddleware.php - Core auth orchestrator with login UI
- auth.php - Authentication API (login/logout/status)
- auth-test.php - Debug authentication status
- AUTH_README.md - Complete setup documentation

UPDATED FILES:
- config.php - Load env vars, add SSO constants
- index.php - Require auth, add logout button, MSAL script
- api.php - Add authentication check
- enhance_prompt.php - Add authentication check
- .gitignore - Exclude .env and vendor/

AUTHENTICATION FLOW:
1. User visits app → Auth check
2. If SSO disabled → Mock "Local Developer" user
3. If SSO enabled → Validate JWT from cookie
4. If no token → Show MSAL login page
5. User signs in → Token validated → Cookie set → App loads

SECURITY FEATURES:
✅ httpOnly cookies (XSS prevention)
✅ SameSite=Lax (CSRF prevention)
✅ JWT signature validation
✅ Claims validation (exp, nbf, aud, iss)
✅ JWKS from Azure AD
✅ 24-hour token expiration
✅ Secure flag for HTTPS

DEPENDENCIES INSTALLED:
- firebase/php-jwt v6.11.1

TESTING:
- Local: SSO disabled by default in .env
- Server: Set SSO_ENABLED=true with Azure AD credentials
- Cannot test MSAL locally (redirect URI bound to server)

DEPLOYMENT:
1. Install composer dependencies
2. Configure .env with Azure AD credentials
3. Set SSO_ENABLED=true when ready
4. Visit auth-test.php to verify setup

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>

2025-12-16 10:08:07 -05:00

DJP

7d1cd03a32

Add multi-user support with 24-hour image expiration

Implemented complete session management system for multiple users:

**New Features:**
- Isolated user sessions with unique session IDs
- File-based image storage (not in PHP session)
- Automatic 24-hour image expiration
- Session directories: uploads/sessions/{session_id}/
- Images stored with metadata (creation time, expiry, MIME type)

**New Files:**
- session_manager.php - Complete session management class
- cleanup.php - Cron script to delete expired images
- uploads/.htaccess - Security: prevent direct file access

**Updated Files:**
- api.php - Uses SessionManager for file-based storage
- index.php - Loads images from disk via SessionManager
- .gitignore - Exclude user uploads from repository

**Usage:**
- Each user gets isolated session automatically
- Images auto-delete after 24 hours
- Run cleanup.php via cron: `0 * * * * php cleanup.php`

**Security:**
- Session IDs regenerated on first access
- Upload directory protected by .htaccess
- User images isolated by session

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>

2025-12-16 08:56:26 -05:00

DJP

4deed84ba0

Initial commit: Nano AI Image Generator

- Complete working image generation app using Imagen 3
- PHP backend with Gemini API integration
- Dark themed UI with prompt enhancement
- Session management and logging system

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 (1M context) <noreply@anthropic.com>

2025-12-16 08:35:02 -05:00

3 commits