nano-pro/auth.php

<?php
/**
 * Authentication API Endpoint
 * Handles login, logout, and status requests
 */

header('Content-Type: application/json');

require_once __DIR__ . '/AuthMiddleware.php';

$auth = new AuthMiddleware();

// Get POST data
$input = json_decode(file_get_contents('php://input'), true);

if (!$input || !isset($input['action'])) {
    http_response_code(400);
    echo json_encode(['error' => 'Invalid request - action required']);
    exit;
}

$action = $input['action'];

// Handle different actions
switch ($action) {
    case 'login':
        handleLogin($auth, $input);
        break;

    case 'logout':
        handleLogout($auth);
        break;

    case 'status':
        handleStatus($auth);
        break;

    default:
        http_response_code(400);
        echo json_encode(['error' => 'Unknown action: ' . $action]);
        break;
}

/**
 * Handle login action
 */
function handleLogin($auth, $input) {
    if (!$auth->isSSOEnabled()) {
        http_response_code(400);
        echo json_encode(['error' => 'SSO is disabled']);
        return;
    }

    // Prefer ID token for validation, fallback to access token
    $token = $input['idToken'] ?? $input['accessToken'] ?? null;

    if (!$token) {
        http_response_code(400);
        echo json_encode(['error' => 'Authentication token is required']);
        return;
    }

    // Validate and set token
    $result = $auth->setAuthToken($token);

    if ($result['success']) {
        echo json_encode([
            'success' => true,
            'message' => 'Authentication successful',
            'user' => [
                'name' => $result['user']['name'] ?? 'Unknown',
                'email' => $result['user']['preferred_username'] ?? $result['user']['upn'] ?? 'Unknown'
            ]
        ]);
    } else {
        http_response_code(401);
        echo json_encode([
            'success' => false,
            'error' => $result['error']
        ]);
    }
}

/**
 * Handle logout action
 */
function handleLogout($auth) {
    $auth->clearAuthToken();
    echo json_encode([
        'success' => true,
        'message' => 'Logged out successfully'
    ]);
}

/**
 * Handle status check action
 */
function handleStatus($auth) {
    $authStatus = $auth->isAuthenticated();

    if ($authStatus['authenticated']) {
        echo json_encode([
            'authenticated' => true,
            'sso_enabled' => $auth->isSSOEnabled(),
            'user' => [
                'name' => $authStatus['user']['name'] ?? 'Unknown',
                'email' => $authStatus['user']['preferred_username'] ?? $authStatus['user']['upn'] ?? 'Unknown'
            ]
        ]);
    } else {
        http_response_code(401);
        echo json_encode([
            'authenticated' => false,
            'sso_enabled' => $auth->isSSOEnabled(),
            'error' => $authStatus['error'] ?? 'Not authenticated'
        ]);
    }
}