NixLabs/lwaf
Template
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
Owen Rummage
2025-07-29 17:44:43 -05:00
commit 6653bc5e47
13 changed files with 525 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored Normal file
View File

@@ -0,0 +1,4 @@
.env
vendor
composer.lock
cache

0
README.md Normal file
View File

12
app/controllers/AdminController.php Normal file
View File

@@ -0,0 +1,12 @@
<?php
class AdminController
{
public function index()
{
Flight::view()->render("admin/dashboard.latte", [
"user" => Auth::user(),
"activities" => [],
]);
}
}

12
app/controllers/HomeController.php Normal file
View File

@@ -0,0 +1,12 @@
<?php
class HomeController
{
public function index()
{
Flight::view()->render("home.latte", [
"name" => "Owen",
"title" => "Index",
]);
}
}

9
app/lib/database.php Normal file
View File

@@ -0,0 +1,9 @@
<?php
use RedBeanPHP\R as R;
// Initialize RedBeans ORM
R::setup(
$_ENV["DATABASE_URL"],
$_ENV["DATABASE_USER"],
$_ENV["DATABASE_PASSWORD"],
);

236
app/middlewares/auth.php Normal file
View File

@@ -0,0 +1,236 @@
<?php
class Auth
{
private static $oidc_issuer;
private static $client_id;
private static $client_secret;
private static $initialized = false;
private static function init()
{
if (!self::$initialized) {
self::$oidc_issuer = $_ENV["OIDC_ISSUER"] ?? getenv("OIDC_ISSUER");
self::$client_id =
$_ENV["OIDC_CLIENT_ID"] ?? getenv("OIDC_CLIENT_ID");
self::$client_secret =
$_ENV["OIDC_CLIENT_SECRET"] ?? getenv("OIDC_CLIENT_SECRET");
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
self::$initialized = true;
}
}
private static function getRedirectUri()
{
$protocol =
isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] === "on"
? "https"
: "http";
$host = $_SERVER["HTTP_HOST"];
$path = "/auth/login";
return $protocol . "://" . $host . $path;
}
public static function middleware()
{
self::init();
return function () {
if (!isset($_SESSION["access_token"])) {
Flight::redirect("/auth/login");
return;
}
// Validate the token by making a request to userinfo endpoint
$userinfo_endpoint = self::getDiscoveryEndpoint(
"userinfo_endpoint",
);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $userinfo_endpoint);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"Authorization: Bearer " . $_SESSION["access_token"],
]);
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
// If token validation fails, clear session and redirect to login
if ($http_code !== 200) {
unset($_SESSION["access_token"]);
if (isset($_SESSION["id_token"])) {
unset($_SESSION["id_token"]);
}
if (isset($_SESSION["refresh_token"])) {
unset($_SESSION["refresh_token"]);
}
Flight::redirect("/auth/login");
}
};
}
public static function login($redirect_url)
{
self::init();
if (isset($_GET["code"])) {
// Handle callback
$code = $_GET["code"];
$token_endpoint = self::getDiscoveryEndpoint("token_endpoint");
$post_data = [
"grant_type" => "authorization_code",
"code" => $code,
"redirect_uri" => self::getRedirectUri(),
"client_id" => self::$client_id,
"client_secret" => self::$client_secret,
];
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $token_endpoint);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($post_data));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"Content-Type: application/x-www-form-urlencoded",
]);
$response = curl_exec($ch);
curl_close($ch);
$token_data = json_decode($response, true);
if (isset($token_data["access_token"])) {
$_SESSION["access_token"] = $token_data["access_token"];
$_SESSION["id_token"] = $token_data["id_token"] ?? null;
$_SESSION["refresh_token"] =
$token_data["refresh_token"] ?? null;
Flight::redirect($redirect_url);
} else {
Flight::halt(500, "Failed to obtain access token");
}
} else {
// Show login page
$auth_endpoint = self::getDiscoveryEndpoint(
"authorization_endpoint",
);
$state = bin2hex(random_bytes(16));
$_SESSION["oauth_state"] = $state;
$params = [
"response_type" => "code",
"client_id" => self::$client_id,
"redirect_uri" => self::getRedirectUri(),
"scope" => "openid profile email",
"state" => $state,
];
$login_url = $auth_endpoint . "?" . http_build_query($params);
echo '<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<style>
body { font-family: Arial, sans-serif; text-align: center; margin-top: 100px; }
.login-btn {
background-color: #007cba;
color: white;
padding: 15px 30px;
text-decoration: none;
border-radius: 5px;
font-size: 16px;
}
.login-btn:hover { background-color: #005a87; }
</style>
</head>
<body>
<h1>Login Required</h1>
<p>Please click the button below to authenticate</p>
<a href="' .
htmlspecialchars($login_url) .
'" class="login-btn">Login with OIDC</a>
</body>
</html>';
}
}
public static function user()
{
self::init();
if (!isset($_SESSION["access_token"])) {
return null;
}
$userinfo_endpoint = self::getDiscoveryEndpoint("userinfo_endpoint");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $userinfo_endpoint);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"Authorization: Bearer " . $_SESSION["access_token"],
]);
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if ($http_code === 200) {
return json_decode($response, true);
}
return null;
}
public static function logout()
{
self::init();
// Clear session
if (isset($_SESSION["access_token"])) {
unset($_SESSION["access_token"]);
}
if (isset($_SESSION["id_token"])) {
unset($_SESSION["id_token"]);
}
if (isset($_SESSION["refresh_token"])) {
unset($_SESSION["refresh_token"]);
}
Flight::redirect("/");
}
private static function getDiscoveryEndpoint($endpoint)
{
$discovery_url =
rtrim(self::$oidc_issuer, "/") .
"/.well-known/openid-configuration";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $discovery_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
$response = curl_exec($ch);
curl_close($ch);
$discovery = json_decode($response, true);
if (!isset($discovery[$endpoint])) {
throw new Exception(
"Endpoint {$endpoint} not found in OIDC discovery: " .
$discovery_url,
);
}
return $discovery[$endpoint];
}
}

10
app/routes.php Normal file
View File

@@ -0,0 +1,10 @@
<?php
Flight::route("/", [HomeController::class, "index"]);
Flight::group(
"/admin",
function () {
Flight::route("/", [AdminController::class, "index"]);
},
[Auth::middleware()],
);

79
app/views/admin/dashboard.latte Normal file
View File

@@ -0,0 +1,79 @@
{extends 'layout.latte'}
{block content}
<div class="container-fluid">
<div class="row">
<div class="col-12">
<div class="mb-4">
<h1>Dashboard</h1>
<p class="text-muted">Welcome back, {$user["name"]|capitalize}!</p>
</div>
</div>
</div>
<div class="row">
<div class="col-lg-8">
<div class="card">
<div class="card-header">
<h3 class="card-title mb-0">Recent Activity</h3>
</div>
<div class="card-body">
{if $activities && count($activities) > 0}
<div class="table-responsive">
<table class="table table-striped">
<thead>
<tr>
<th>Date</th>
<th>Activity</th>
<th>Status</th>
</tr>
</thead>
<tbody>
{foreach $activities as $activity}
<tr>
<td>{$activity['date']}</td>
<td>{$activity['name']}</td>
<td>
{if $activity['status'] === 'completed'}
<span class="badge bg-success">Completed</span>
{elseif $activity['status'] === 'pending'}
<span class="badge bg-warning">Pending</span>
{elseif $activity['status'] === 'in_progress'}
<span class="badge bg-info">In Progress</span>
{/if}
</td>
</tr>
{/foreach}
</tbody>
</table>
</div>
{else}
<div class="text-center py-4">
<p class="text-muted mb-0">No recent activities to display.</p>
</div>
{/if}
</div>
</div>
</div>
<div class="col-lg-4">
<div class="card">
<div class="card-header">
<h3 class="card-title mb-0">Quick Actions</h3>
</div>
<div class="card-body">
<button type="button" class="btn btn-primary w-100 mb-2">Add New User</button>
<button type="button" class="btn btn-success w-100 mb-2">Generate Report</button>
<button type="button" class="btn btn-warning w-100 mb-2">View Analytics</button>
<button type="button" class="btn btn-info w-100">Settings</button>
</div>
</div>
</div>
</div>
<footer class="fixed-bottom bg-light border-top py-2 mt-4">
<div class="container-fluid text-center">
<small class="text-muted">Page rendered at: {time()|date:'Y-m-d H:i:s'}</small>
</div>
</footer>
</div>
{/block}

28
app/views/admin/layout.latte Normal file
View File

@@ -0,0 +1,28 @@
<!DOCTYPE html>
<html>
<head>
<title>My App</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js"></script>
</head>
<body>
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<div class="container-fluid">
<a class="navbar-brand" href="#">Admin Dashboard</a>
<button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarNav">
<ul class="navbar-nav ms-auto">
<li class="nav-item">
<a class="nav-link" href="/auth/logout">Logout</a>
</li>
</ul>
</div>
</div>
</nav>
<div class="container" style="padding-top: 2rem;">
{block content}{/block}
</div>
</body>
</html>

75
app/views/home.latte Normal file
View File

@@ -0,0 +1,75 @@
{extends 'layout.latte'}
{block content}
<div class="min-h-screen bg-gray-50">
<!-- Hero Section -->
<div class="relative overflow-hidden">
<div class="max-w-7xl mx-auto">
<div class="relative z-10 pb-8 bg-gray-50 sm:pb-16 md:pb-20 lg:max-w-2xl lg:w-full lg:pb-28 xl:pb-32">
<main class="mt-10 mx-auto max-w-7xl px-4 sm:mt-12 sm:px-6 md:mt-16 lg:mt-20 lg:px-8 xl:mt-28">
<div class="sm:text-center lg:text-left">
<h1 class="text-4xl tracking-tight font-extrabold text-gray-900 sm:text-5xl md:text-6xl">
<span class="block xl:inline">Welcome to our</span>
<span class="block text-indigo-600 xl:inline">amazing platform</span>
</h1>
<p class="mt-3 text-base text-gray-500 sm:mt-5 sm:text-lg sm:max-w-xl sm:mx-auto md:mt-5 md:text-xl lg:mx-0">
Experience the power of our platform with intuitive design and powerful features that help you achieve your goals.
</p>
<div class="mt-5 sm:mt-8 sm:flex sm:justify-center lg:justify-start">
<div class="rounded-md shadow">
<a href="/admin" class="w-full flex items-center justify-center px-8 py-3 border border-transparent text-base font-medium rounded-md text-white bg-indigo-600 hover:bg-indigo-700 md:py-4 md:text-lg md:px-10">
Admin Area
</a>
</div>
</div>
</div>
</main>
</div>
</div>
</div>
<!-- Features Section -->
<div class="py-12 bg-white">
<div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8">
<div class="lg:text-center">
<h2 class="text-base text-indigo-600 font-semibold tracking-wide uppercase">Features</h2>
<p class="mt-2 text-3xl leading-8 font-extrabold tracking-tight text-gray-900 sm:text-4xl">
Everything you need to succeed
</p>
</div>
<div class="mt-10">
<dl class="space-y-10 md:space-y-0 md:grid md:grid-cols-2 md:gap-x-8 md:gap-y-10">
<div class="relative">
<dt>
<div class="absolute flex items-center justify-center h-12 w-12 rounded-md bg-indigo-500 text-white">
<svg class="h-6 w-6" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13 10V3L4 14h7v7l9-11h-7z" />
</svg>
</div>
<p class="ml-16 text-lg leading-6 font-medium text-gray-900">Fast Performance</p>
</dt>
<dd class="mt-2 ml-16 text-base text-gray-500">
Lightning-fast performance with optimized code and efficient architecture.
</dd>
</div>
<div class="relative">
<dt>
<div class="absolute flex items-center justify-center h-12 w-12 rounded-md bg-indigo-500 text-white">
<svg class="h-6 w-6" fill="none" viewBox="0 0 24 24" stroke="currentColor">
<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z" />
</svg>
</div>
<p class="ml-16 text-lg leading-6 font-medium text-gray-900">Reliable</p>
</dt>
<dd class="mt-2 ml-16 text-base text-gray-500">
Built with reliability in mind, ensuring your data is always safe and accessible.
</dd>
</div>
</dl>
</div>
</div>
</div>
</div>
{/block}

10
app/views/layout.latte Normal file
View File

@@ -0,0 +1,10 @@
<!DOCTYPE html>
<html>
<head>
<title>My App</title>
<script src="https://cdn.tailwindcss.com"></script>
</head>
<body>
{block content}{/block}
</body>
</html>

8
composer.json Normal file
View File

@@ -0,0 +1,8 @@
{
"require": {
"latte/latte": "^3.0",
"flightphp/core": "^3.17",
"vlucas/phpdotenv": "^5.6",
"gabordemooij/redbean": "^5.7"
}
}

42
public/index.php Normal file
View File

@@ -0,0 +1,42 @@
<?php
use Latte\Engine;
require "../vendor/autoload.php";
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . "/../");
try {
$dotenv->load();
} catch (Exception $e) {
}
// Set paths for controllers
Flight::path("../app/controllers");
Flight::path("../app/middlewares");
// Register latte view engine
Flight::register("view", Engine::class, [], function ($latte) {
$latte->setTempDirectory(__DIR__ . "/../cache/");
$latte->setLoader(
new \Latte\Loaders\FileLoader(__DIR__ . "/../app/views/"),
);
});
require "../app/routes.php";
// Login route
Flight::route("GET /auth/login", function () {
Auth::login("/admin");
});
// Logout route
Flight::route("GET /auth/logout", function () {
Auth::logout();
});
// API route to get current user data
Flight::route("GET /debug/user", function () {
$user = Auth::user();
Flight::json($user);
});
Flight::start();