Compare commits
6 Commits
0.5
...
2f1beb47c7
| Author | SHA1 | Date | |
|---|---|---|---|
| 2f1beb47c7 | |||
| e520108237 | |||
| c94b736062 | |||
| e17aed8297 | |||
| 2a56efd353 | |||
| ba6b6f277a |
21
README.md
21
README.md
@ -1,19 +1,19 @@
|
||||
# lucidAuth
|
||||
[](#) [ ](#)
|
||||
[](#) [ ](#)
|
||||
|
||||
Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
|
||||
|
||||
## Usage
|
||||
- Create a new folder, navigate to it in a commandprompt and run the following command:
|
||||
`git clone https://code.spamasaurus.com/djpbessems/lucidAuth.git`
|
||||
- Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php`
|
||||
- Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder
|
||||
- Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on)
|
||||
- Edit your proxy's configuration to use the new website as forward proxy:
|
||||
- Create a new folder, navigate to it in a commandprompt and run the following command:
|
||||
`git clone https://code.spamasaurus.com/djpbessems/lucidAuth.git`
|
||||
- Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php`
|
||||
- Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder
|
||||
- Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on)
|
||||
- Edit your proxy's configuration to use the new website as forward proxy:
|
||||
- #### ~~in Caddy/nginx~~ <small>(planned for a later stage)</small>
|
||||
|
||||
- #### in Traefik
|
||||
Add the following lines (change to reflect your existing configuration):
|
||||
- #### in Traefik
|
||||
Add the following lines (change to reflect your existing configuration):
|
||||
```
|
||||
[frontends.server1]
|
||||
entrypoints = ["https"]
|
||||
@ -25,8 +25,5 @@ Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
|
||||
rule = "Host:<fqdn>"
|
||||
```
|
||||
|
||||
- #### Important!
|
||||
The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
|
||||
|
||||
## Questions or bugs
|
||||
Feel free to open issues in this repository.
|
||||
@ -15,6 +15,8 @@ $pageLayout['full'] = <<<'FULL'
|
||||
<link href="misc/style.button.css" rel="stylesheet" />
|
||||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.js"></script>
|
||||
<script src="misc/script.translation.js"></script>
|
||||
<script src="https://unpkg.com/nprogress@0.2.0/nprogress.js"></script>
|
||||
<link href="https://unpkg.com/nprogress@0.2.0/nprogress.css" rel="stylesheet" />
|
||||
</head>
|
||||
<body>
|
||||
<div id="horizon">
|
||||
|
||||
@ -18,6 +18,16 @@ return (object) array(
|
||||
// Specify the NetBios name of the domain; to allow users to log on with just their usernames.
|
||||
],
|
||||
|
||||
'2FA' => [
|
||||
'Protocol' => 'TOTP', // Possible options are HOTP (sequential codes) and TOTP (timebased codes)
|
||||
'TOTP' => [
|
||||
'Secret' => 'NULL', // By default, a 512 bits secret is generated. If you need, you can provide your own secret here.
|
||||
'Age' => '30', // The duration that each OTP code is valid for.
|
||||
'Length' => '6', // Number of digits the OTP code will consist of.
|
||||
'Algorithm' => 'SHA256' // The hashing algorithm used.
|
||||
],
|
||||
],
|
||||
|
||||
'Sqlite' => [
|
||||
'Path' => '../data/lucidAuth.sqlite.db'
|
||||
// Relative path to the location where the database should be stored
|
||||
@ -37,6 +47,9 @@ return (object) array(
|
||||
'CrossDomainLogin' => False,
|
||||
// Set this to True if SingleSignOn (albeit rudementary) is desired
|
||||
// (cookies are inheritently unaware of each other; clearing cookies for one domain does not affect other domains)
|
||||
// Important!
|
||||
// If you leave this set to False, the domainname where lucidAuth will be running on,
|
||||
// needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing the authentication proxy.
|
||||
'CookieDomains' => [
|
||||
'domain1.tld' #, 'domain2.tld', 'subdomain.domain3.tld'
|
||||
]
|
||||
|
||||
@ -1,27 +0,0 @@
|
||||
<?php
|
||||
|
||||
// Basic example of PHP script to handle with jQuery-Tabledit plug-in.
|
||||
// Note that is just an example. Should take precautions such as filtering the input data.
|
||||
|
||||
header('Content-Type: application/json');
|
||||
|
||||
$input = filter_input_array(INPUT_POST);
|
||||
|
||||
$mysqli = new mysqli('localhost', 'user', 'password', 'database');
|
||||
|
||||
if (mysqli_connect_errno()) {
|
||||
echo json_encode(array('mysqli' => 'Failed to connect to MySQL: ' . mysqli_connect_error()));
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($input['action'] === 'edit') {
|
||||
$mysqli->query("UPDATE users SET username='" . $input['username'] . "', email='" . $input['email'] . "', avatar='" . $input['avatar'] . "' WHERE id='" . $input['id'] . "'");
|
||||
} else if ($input['action'] === 'delete') {
|
||||
$mysqli->query("UPDATE users SET deleted=1 WHERE id='" . $input['id'] . "'");
|
||||
} else if ($input['action'] === 'restore') {
|
||||
$mysqli->query("UPDATE users SET deleted=0 WHERE id='" . $input['id'] . "'");
|
||||
}
|
||||
|
||||
mysqli_close($mysqli);
|
||||
|
||||
echo json_encode($input);
|
||||
@ -40,25 +40,40 @@ $(document).ready(function(){
|
||||
xhrFields: {
|
||||
withCredentials: true,
|
||||
},
|
||||
timeout: 750,
|
||||
// origin domain should be exempted from timeout
|
||||
// (because origin domain can/will be different from current domain --due to traefik design).
|
||||
data: {
|
||||
ref: btoa(JSON.stringify({
|
||||
action: 'login',
|
||||
token: data.SecureToken
|
||||
}))
|
||||
}
|
||||
<<<<<<< HEAD
|
||||
}).done(function(_data, _textStatus, jqXHR) {
|
||||
NProgress.inc(1 / XHR.length);
|
||||
console.log('CrossDomain login succeeded for domain `' + domain + '` [' + JSON.stringify(jqXHR) + ']');
|
||||
}).fail(function(jqXHR) {
|
||||
console.log('CrossDomain login failed for domain `' + domain + '` [' + JSON.stringify(jqXHR) + ')]');
|
||||
=======
|
||||
}).done(function(data, textStatus) {
|
||||
NProgress.inc(1 / XHR.length);
|
||||
console.log('CrossDomain login step [' + data + ':' + textStatus + ']');
|
||||
}).fail(function(_jqXHR, textStatus, errorThrown) {
|
||||
console.log('CrossDomain login failed for at least one domain [' + textStatus + ':' + errorThrown + ']');
|
||||
>>>>>>> c94b73606231da5206372f69103173d56135a960
|
||||
// Should check why this failed (timeout or bad request?), and if this is the origin domain, take action
|
||||
}));
|
||||
});
|
||||
$.when.apply($, XHR).then(function(){
|
||||
$.each(arguments, function(_index, _arg) {
|
||||
// Show progress somehow (maybe something like https://minicss.org/v2/progress)
|
||||
// Finished cross-domain logins (either successfully or through timeout)
|
||||
NProgress.done();
|
||||
console.log('CrossDomain login completed; forwarding to `' + data.Location + '`');
|
||||
window.location.replace(data.Location);
|
||||
});
|
||||
});
|
||||
}
|
||||
// Finished (either succesfully or through timeout) cross-domain logins
|
||||
// redirect once all finished loading or timeout after $X ms
|
||||
// origin domain should be exempted from timeout
|
||||
// (because origin domain can/will be different from current domain --due to traefik design).
|
||||
//window.location.replace(data.Location);
|
||||
}, 2250);
|
||||
} else {
|
||||
$('#btnlogin').css({
|
||||
|
||||
Reference in New Issue
Block a user