cedricAbonnel/varlog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: stockage articles en fichiers Markdown, SSO intégré, URLs propres

Browse Source
This commit is contained in:
Cedric Abonnel
2026-05-08 22:36:04 +02:00
parent aa9c04d154
commit fd3fced0d8
22 changed files with 863 additions and 352 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/auth.php
+43 -17
View File
@@ -1,28 +1,54 @@
<?php
declare(strict_types=1);
use Jumbojett\OpenIDConnectClient;
require_once BASE_PATH . '/vendor/autoload.php';
session_start();
function require_auth()
function isLoggedIn(): bool
{
if (!isset($_SESSION['user'])) {
// Redirige vers la page de login
header('Location: /auth/login.php');
return !empty($_SESSION['user_email']);
}
function requireAuth(): void
{
if (!isLoggedIn()) {
$return = $_SERVER['REQUEST_URI'] ?? '/';
header('Location: /login' . ($return !== '/' ? '?return_to=' . urlencode($return) : ''), true, 302);
exit;
}
}
function get_oidc_client(): OpenIDConnectClient
function currentUserEmail(): ?string
{
$oidc = new OpenIDConnectClient(
'https://idp.a5l.fr/realms/master',
'varlog-client-id',
'varlog-client-secret'
);
$oidc->setRedirectURL('http://varlog.acegrp.lan/auth/callback.php');
$oidc->addScope(['openid', 'email', 'profile']);
return $oidc;
return $_SESSION['user_email'] ?? null;
}
function isAdmin(): bool
{
$email = currentUserEmail();
if (!$email) {
return false;
}
$rawAdmin = $_ENV['ADMIN_EMAIL'] ?? (getenv('ADMIN_EMAIL') ?: '');
$allowed = array_filter(array_map('trim', explode(',', (string)$rawAdmin)));
return in_array(strtolower($email), array_map('strtolower', $allowed), true);
}
function ssoLogoutUrl(): string
{
$issuer = rtrim((string)($_ENV['OIDC_ISSUER'] ?? (getenv('OIDC_ISSUER') ?: '')), '/');
$clientId = (string)($_ENV['OIDC_CLIENT_ID'] ?? (getenv('OIDC_CLIENT_ID') ?: ''));
$baseUrl = rtrim((string)($_ENV['APP_URL'] ?? (getenv('APP_URL') ?: '/')), '/');
$params = [
'client_id' => $clientId,
'post_logout_redirect_uri' => $baseUrl . '/',
];
if (!empty($_SESSION['oidc']['id_token'])) {
$params['id_token_hint'] = $_SESSION['oidc']['id_token'];
}
if (!$issuer) {
return $baseUrl . '/';
}
return $issuer . '/protocol/openid-connect/logout?' . http_build_query($params);
}