ssoEnabled = SSO_ENABLED; $this->tenantId = SSO_TENANT_ID; $this->clientId = SSO_CLIENT_ID; // Only initialize validator if SSO is enabled if ($this->ssoEnabled) { require_once __DIR__ . '/JWTValidator.php'; $this->validator = new JWTValidator($this->tenantId, $this->clientId); } } /** * Check if SSO is enabled * * @return bool */ public function isSSOEnabled() { return $this->ssoEnabled; } /** * Check if user is authenticated * * @return array ['authenticated' => bool, 'user' => array|null, 'error' => string|null] */ public function isAuthenticated() { // If SSO is disabled, return authenticated with mock user if (!$this->ssoEnabled) { return [ 'authenticated' => true, 'user' => [ 'name' => 'Local Developer', 'preferred_username' => 'dev@localhost' ] ]; } // Get token from cookie $token = $this->getTokenFromCookie(); if (!$token) { return ['authenticated' => false, 'error' => 'No authentication token found']; } // Validate token $validation = $this->validator->validateToken($token); if (!$validation['valid']) { return ['authenticated' => false, 'error' => $validation['error']]; } return ['authenticated' => true, 'user' => $validation['payload']]; } /** * Require authentication - blocks if not authenticated * * @return array User data */ public function requireAuth() { // If SSO is disabled, return mock user if (!$this->ssoEnabled) { return [ 'name' => 'Local Developer', 'preferred_username' => 'dev@localhost' ]; } // Check authentication $auth = $this->isAuthenticated(); if (!$auth['authenticated']) { $this->handleUnauthorized($auth['error'] ?? 'Authentication required'); exit; } return $auth['user']; } /** * Set authentication token (after login) * * @param string $token JWT token from MSAL * @return array ['success' => bool, 'user' => array|null, 'error' => string|null] */ public function setAuthToken($token) { if (!$this->ssoEnabled) { return ['success' => false, 'error' => 'SSO is disabled']; } // Validate token $validation = $this->validator->validateToken($token); if (!$validation['valid']) { return ['success' => false, 'error' => $validation['error']]; } // Set httpOnly cookie with security options $cookieOptions = [ 'expires' => time() + (24 * 60 * 60), // 24 hours 'path' => '/', 'domain' => '', 'secure' => isset($_SERVER['HTTPS']), // Only over HTTPS in production 'httponly' => true, 'samesite' => 'Lax' ]; setcookie('auth_token', $token, $cookieOptions); return ['success' => true, 'user' => $validation['payload']]; } /** * Clear authentication token (logout) */ public function clearAuthToken() { setcookie('auth_token', '', [ 'expires' => time() - 3600, 'path' => '/', 'httponly' => true ]); } /** * Get token from cookie * * @return string|null */ private function getTokenFromCookie() { return isset($_COOKIE['auth_token']) ? $_COOKIE['auth_token'] : null; } /** * Handle unauthorized access * * @param string $error Error message */ private function handleUnauthorized($error) { if ($this->isAjaxRequest()) { // For AJAX requests, return JSON header('Content-Type: application/json'); http_response_code(401); echo json_encode([ 'error' => 'Authentication required', 'message' => $error, 'requiresAuth' => true ]); } else { // For page requests, show login interface $this->showLoginPage($error); } } /** * Check if request is AJAX * * @return bool */ private function isAjaxRequest() { return isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest'; } /** * Show login page with MSAL integration * * @param string $error Optional error message */ public function showLoginPage($error = '') { ?> Sign In - Nano Banana Pro

Nano Banana Pro

AI Image Generation & Editing Tool

Sign in with your Microsoft account to access the image generator