From aea4e9fa5f69155e24f11904ea4271d087133f14 Mon Sep 17 00:00:00 2001 From: Lars Gebhardt-Kusche Date: Mon, 13 Apr 2026 01:36:20 +0200 Subject: [PATCH] upgrade domain --- BASE_FILES.md | 2 -- PROJECT_CONTEXT.md | 4 ++-- config/prod/domaindata.php | 2 +- config/prod/settings.php | 5 ++--- config/staging/domaindata.php | 2 +- config/staging/settings.php | 5 ++--- modules/pi_control/module.json | 2 +- public/index.php | 14 -------------- tools/pi_control/terminal_entry.sh | 9 +++------ 9 files changed, 12 insertions(+), 33 deletions(-) diff --git a/BASE_FILES.md b/BASE_FILES.md index c7fce5e..5c0950e 100644 --- a/BASE_FILES.md +++ b/BASE_FILES.md @@ -199,7 +199,6 @@ define('APP_DB_DEBUG', true); define('APP_DB_AUTO_INIT', true); define('APP_BASE_DB_ENABLED', true); -define('APP_BASIC_AUTH', true); define('APP_AUTH_ENABLED', false); define('APP_DEBUG_TOOL', true); define('APP_AUTH_DEBUG', true); @@ -236,7 +235,6 @@ define('APP_DB_DEBUG', false); define('APP_DB_AUTO_INIT', true); define('APP_BASE_DB_ENABLED', true); -define('APP_BASIC_AUTH', false); define('APP_AUTH_ENABLED', false); define('APP_DEBUG_TOOL', false); define('APP_AUTH_DEBUG', false); diff --git a/PROJECT_CONTEXT.md b/PROJECT_CONTEXT.md index 897d95a..03fbe7a 100644 --- a/PROJECT_CONTEXT.md +++ b/PROJECT_CONTEXT.md @@ -9,8 +9,8 @@ Module kapseln fachliche Funktionen (z.B. KEA DHCP, Pi Control). - Pi Control: Verwaltung von SSH-Hosts, Befehle/Preset, Konsole, Host-Status, Update/Upgrade-Checks. 3) Umgebungen & Domains -- Live: nexus.int.kusche.berlin -- Staging: staging.nexus.int.kusche.berlin +- Live: nexus.kusche.berlin +- Staging: staging.nexus.kusche.berlin Container/Deploy-Layout: - /app/live/ -> Live-Code diff --git a/config/prod/domaindata.php b/config/prod/domaindata.php index 6b6642c..3f8d46f 100755 --- a/config/prod/domaindata.php +++ b/config/prod/domaindata.php @@ -4,7 +4,7 @@ declare(strict_types=1); // Example: a single "brand" domain name. // In real deployments you might derive this from ENV or hostnames. if (!defined('APP_DOMAIN_NAME')) { - define('APP_DOMAIN_NAME', 'nexus.int.kusche.berlin'); + define('APP_DOMAIN_NAME', 'nexus.kusche.berlin'); } if (!defined('APP_PREFIX')) { diff --git a/config/prod/settings.php b/config/prod/settings.php index 8c66814..3f1c779 100755 --- a/config/prod/settings.php +++ b/config/prod/settings.php @@ -8,7 +8,6 @@ define('APP_DB_AUTO_INIT', true); define('APP_KEA_DB_VERSION', '2.6.3'); define('APP_BASE_DB_ENABLED', true); - define('APP_BASIC_AUTH', false); define('APP_SEARCH_DEBUG', false); define('APP_AUTH_ENABLED', true); define('APP_OIDC_ISSUER', 'https://auth.kusche.berlin/realms/KuscheBerlin'); @@ -18,8 +17,8 @@ define('APP_OIDC_LOGOUT_ENDPOINT', 'https://auth.kusche.berlin/realms/KuscheBerlin/protocol/openid-connect/logout'); define('APP_OIDC_CLIENT_ID', 'nexus'); define('APP_OIDC_CLIENT_SECRET', 'c0swC5wjBV4yimJHf2p3R9OjHOr7rhHs'); - define('APP_OIDC_REDIRECT_URI', 'https://nexus.int.kusche.berlin/auth/callback'); - define('APP_OIDC_POST_LOGOUT_REDIRECT_URI', 'https://nexus.int.kusche.berlin/'); + define('APP_OIDC_REDIRECT_URI', 'https://nexus.kusche.berlin/auth/callback'); + define('APP_OIDC_POST_LOGOUT_REDIRECT_URI', 'https://nexus.kusche.berlin/'); define('APP_OIDC_GROUP_CLAIM', 'groups'); define('APP_OIDC_ADMIN_GROUP', 'appadmin'); define('APP_OIDC_USER_GROUP', 'internalfamily'); diff --git a/config/staging/domaindata.php b/config/staging/domaindata.php index 38111ee..a2748ff 100755 --- a/config/staging/domaindata.php +++ b/config/staging/domaindata.php @@ -4,7 +4,7 @@ declare(strict_types=1); // Example: a single "brand" domain name. // In real deployments you might derive this from ENV or hostnames. if (!defined('APP_DOMAIN_NAME')) { - define('APP_DOMAIN_NAME', 'staging.nexus.int.kusche.berlin'); + define('APP_DOMAIN_NAME', 'staging.nexus.kusche.berlin'); } if (!defined('APP_PREFIX')) { diff --git a/config/staging/settings.php b/config/staging/settings.php index 2eb0720..75b96f9 100755 --- a/config/staging/settings.php +++ b/config/staging/settings.php @@ -8,7 +8,6 @@ define('APP_DB_AUTO_INIT', true); define('APP_KEA_DB_VERSION', '2.6.3'); define('APP_BASE_DB_ENABLED', true); - define('APP_BASIC_AUTH', true); define('APP_SEARCH_DEBUG', true); define('APP_AUTH_ENABLED', true); define('APP_OIDC_ISSUER', 'https://auth.kusche.berlin/realms/KuscheBerlin'); @@ -18,8 +17,8 @@ define('APP_OIDC_LOGOUT_ENDPOINT', 'https://auth.kusche.berlin/realms/KuscheBerlin/protocol/openid-connect/logout'); define('APP_OIDC_CLIENT_ID', 'nexus'); define('APP_OIDC_CLIENT_SECRET', 'c0swC5wjBV4yimJHf2p3R9OjHOr7rhHs'); - define('APP_OIDC_REDIRECT_URI', 'https://staging.nexus.int.kusche.berlin/auth/callback'); - define('APP_OIDC_POST_LOGOUT_REDIRECT_URI', 'https://staging.nexus.int.kusche.berlin/'); + define('APP_OIDC_REDIRECT_URI', 'https://staging.nexus.kusche.berlin/auth/callback'); + define('APP_OIDC_POST_LOGOUT_REDIRECT_URI', 'https://staging.nexus.kusche.berlin/'); define('APP_OIDC_GROUP_CLAIM', 'groups'); define('APP_OIDC_ADMIN_GROUP', 'appadmin'); define('APP_OIDC_USER_GROUP', 'internalfamily'); diff --git a/modules/pi_control/module.json b/modules/pi_control/module.json index 631dab8..4b79ba3 100644 --- a/modules/pi_control/module.json +++ b/modules/pi_control/module.json @@ -34,7 +34,7 @@ { "name": "db.schema", "label": "DB Schema", "type": "text", "required": false }, { "name": "db.user", "label": "DB User", "type": "text", "required": false }, { "name": "db.password", "label": "DB Passwort", "type": "password", "required": false }, - { "name": "ttyd_url", "label": "ttyd URL", "type": "text", "required": false, "help": "z.B. https://staging.nexus.int.kusche.berlin/ttyd" }, + { "name": "ttyd_url", "label": "ttyd URL", "type": "text", "required": false, "help": "z.B. https://staging.nexus.kusche.berlin/ttyd" }, { "name": "terminal_token_ttl", "label": "Token TTL (Minuten)", "type": "number", "required": false, "help": "Gültigkeit der Konsole-Token, z.B. 10" }, { "name": "terminal_shared_secret", "label": "Terminal Shared Secret", "type": "password", "required": false, "help": "Zusätzliche Absicherung für terminal_info (Header X-Terminal-Secret)" }, { "name": "terminal_tmux_session", "label": "tmux Session-Name", "type": "text", "required": false, "help": "Session-Name für bestehende Konsole (Standard: nexus)" }, diff --git a/public/index.php b/public/index.php index 4178e52..482c403 100755 --- a/public/index.php +++ b/public/index.php @@ -7,25 +7,11 @@ use Modules\MiningChecker\Support\DebugState as MiningDebugState; // boot application (config, autoload, services) require_once __DIR__ . '/../config/fileload.php'; -// Access-Protection (Basic Auth) $uriPath = parse_url($_SERVER['REQUEST_URI'] ?? '/', PHP_URL_PATH) ?: '/'; $uriPath = preg_replace('~/{2,}~', '/', $uriPath); $uriPath = trim($uriPath, '/'); $projectRoot = dirname(__DIR__); $auth = app()->auth(); -$isRetoolPath = ($uriPath === 'retool' || str_starts_with($uriPath, 'retool/')); -if (defined('APP_BASIC_AUTH') && APP_BASIC_AUTH && !$isRetoolPath) { - $authUser = getenv('STAGING_AUTH_USER') ?: 'staging'; - $authPass = getenv('STAGING_AUTH_PASS') ?: 'staging123'; - $user = $_SERVER['PHP_AUTH_USER'] ?? null; - $pass = $_SERVER['PHP_AUTH_PW'] ?? null; - if ($user !== $authUser || $pass !== $authPass) { - header('WWW-Authenticate: Basic realm="Staging"'); - header('HTTP/1.0 401 Unauthorized'); - echo 'Unauthorized'; - exit; - } -} // OIDC Auth $publicPaths = [ diff --git a/tools/pi_control/terminal_entry.sh b/tools/pi_control/terminal_entry.sh index d322c25..033c7b0 100644 --- a/tools/pi_control/terminal_entry.sh +++ b/tools/pi_control/terminal_entry.sh @@ -12,13 +12,10 @@ API_BASE="${PI_CONTROL_API_URL:-http://gui_nexus}" API_BASE="${API_BASE%/}" INFO_URL="${API_BASE}/module/pi_control/terminal_info?token=${TOKEN}" -AUTH_HEADER=() -if [[ -n "${STAGING_AUTH_USER:-}" && -n "${STAGING_AUTH_PASS:-}" ]]; then - BASIC="$(printf "%s:%s" "${STAGING_AUTH_USER}" "${STAGING_AUTH_PASS}" | base64)" - AUTH_HEADER=(-H "Authorization: Basic ${BASIC}") -fi if [[ -n "${PI_CONTROL_SHARED_SECRET:-}" ]]; then - AUTH_HEADER+=(-H "X-Terminal-Secret: ${PI_CONTROL_SHARED_SECRET}") + AUTH_HEADER=(-H "X-Terminal-Secret: ${PI_CONTROL_SHARED_SECRET}") +else + AUTH_HEADER=() fi JSON="$(curl -sS "${AUTH_HEADER[@]}" "${INFO_URL}")"