upgrade domain
This commit is contained in:
@@ -199,7 +199,6 @@ define('APP_DB_DEBUG', true);
|
||||
define('APP_DB_AUTO_INIT', true);
|
||||
define('APP_BASE_DB_ENABLED', true);
|
||||
|
||||
define('APP_BASIC_AUTH', true);
|
||||
define('APP_AUTH_ENABLED', false);
|
||||
define('APP_DEBUG_TOOL', true);
|
||||
define('APP_AUTH_DEBUG', true);
|
||||
@@ -236,7 +235,6 @@ define('APP_DB_DEBUG', false);
|
||||
define('APP_DB_AUTO_INIT', true);
|
||||
define('APP_BASE_DB_ENABLED', true);
|
||||
|
||||
define('APP_BASIC_AUTH', false);
|
||||
define('APP_AUTH_ENABLED', false);
|
||||
define('APP_DEBUG_TOOL', false);
|
||||
define('APP_AUTH_DEBUG', false);
|
||||
|
||||
@@ -9,8 +9,8 @@ Module kapseln fachliche Funktionen (z.B. KEA DHCP, Pi Control).
|
||||
- Pi Control: Verwaltung von SSH-Hosts, Befehle/Preset, Konsole, Host-Status, Update/Upgrade-Checks.
|
||||
|
||||
3) Umgebungen & Domains
|
||||
- Live: nexus.int.kusche.berlin
|
||||
- Staging: staging.nexus.int.kusche.berlin
|
||||
- Live: nexus.kusche.berlin
|
||||
- Staging: staging.nexus.kusche.berlin
|
||||
|
||||
Container/Deploy-Layout:
|
||||
- /app/live/ -> Live-Code
|
||||
|
||||
@@ -4,7 +4,7 @@ declare(strict_types=1);
|
||||
// Example: a single "brand" domain name.
|
||||
// In real deployments you might derive this from ENV or hostnames.
|
||||
if (!defined('APP_DOMAIN_NAME')) {
|
||||
define('APP_DOMAIN_NAME', 'nexus.int.kusche.berlin');
|
||||
define('APP_DOMAIN_NAME', 'nexus.kusche.berlin');
|
||||
}
|
||||
|
||||
if (!defined('APP_PREFIX')) {
|
||||
|
||||
@@ -8,7 +8,6 @@
|
||||
define('APP_DB_AUTO_INIT', true);
|
||||
define('APP_KEA_DB_VERSION', '2.6.3');
|
||||
define('APP_BASE_DB_ENABLED', true);
|
||||
define('APP_BASIC_AUTH', false);
|
||||
define('APP_SEARCH_DEBUG', false);
|
||||
define('APP_AUTH_ENABLED', true);
|
||||
define('APP_OIDC_ISSUER', 'https://auth.kusche.berlin/realms/KuscheBerlin');
|
||||
@@ -18,8 +17,8 @@
|
||||
define('APP_OIDC_LOGOUT_ENDPOINT', 'https://auth.kusche.berlin/realms/KuscheBerlin/protocol/openid-connect/logout');
|
||||
define('APP_OIDC_CLIENT_ID', 'nexus');
|
||||
define('APP_OIDC_CLIENT_SECRET', 'c0swC5wjBV4yimJHf2p3R9OjHOr7rhHs');
|
||||
define('APP_OIDC_REDIRECT_URI', 'https://nexus.int.kusche.berlin/auth/callback');
|
||||
define('APP_OIDC_POST_LOGOUT_REDIRECT_URI', 'https://nexus.int.kusche.berlin/');
|
||||
define('APP_OIDC_REDIRECT_URI', 'https://nexus.kusche.berlin/auth/callback');
|
||||
define('APP_OIDC_POST_LOGOUT_REDIRECT_URI', 'https://nexus.kusche.berlin/');
|
||||
define('APP_OIDC_GROUP_CLAIM', 'groups');
|
||||
define('APP_OIDC_ADMIN_GROUP', 'appadmin');
|
||||
define('APP_OIDC_USER_GROUP', 'internalfamily');
|
||||
|
||||
@@ -4,7 +4,7 @@ declare(strict_types=1);
|
||||
// Example: a single "brand" domain name.
|
||||
// In real deployments you might derive this from ENV or hostnames.
|
||||
if (!defined('APP_DOMAIN_NAME')) {
|
||||
define('APP_DOMAIN_NAME', 'staging.nexus.int.kusche.berlin');
|
||||
define('APP_DOMAIN_NAME', 'staging.nexus.kusche.berlin');
|
||||
}
|
||||
|
||||
if (!defined('APP_PREFIX')) {
|
||||
|
||||
@@ -8,7 +8,6 @@
|
||||
define('APP_DB_AUTO_INIT', true);
|
||||
define('APP_KEA_DB_VERSION', '2.6.3');
|
||||
define('APP_BASE_DB_ENABLED', true);
|
||||
define('APP_BASIC_AUTH', true);
|
||||
define('APP_SEARCH_DEBUG', true);
|
||||
define('APP_AUTH_ENABLED', true);
|
||||
define('APP_OIDC_ISSUER', 'https://auth.kusche.berlin/realms/KuscheBerlin');
|
||||
@@ -18,8 +17,8 @@
|
||||
define('APP_OIDC_LOGOUT_ENDPOINT', 'https://auth.kusche.berlin/realms/KuscheBerlin/protocol/openid-connect/logout');
|
||||
define('APP_OIDC_CLIENT_ID', 'nexus');
|
||||
define('APP_OIDC_CLIENT_SECRET', 'c0swC5wjBV4yimJHf2p3R9OjHOr7rhHs');
|
||||
define('APP_OIDC_REDIRECT_URI', 'https://staging.nexus.int.kusche.berlin/auth/callback');
|
||||
define('APP_OIDC_POST_LOGOUT_REDIRECT_URI', 'https://staging.nexus.int.kusche.berlin/');
|
||||
define('APP_OIDC_REDIRECT_URI', 'https://staging.nexus.kusche.berlin/auth/callback');
|
||||
define('APP_OIDC_POST_LOGOUT_REDIRECT_URI', 'https://staging.nexus.kusche.berlin/');
|
||||
define('APP_OIDC_GROUP_CLAIM', 'groups');
|
||||
define('APP_OIDC_ADMIN_GROUP', 'appadmin');
|
||||
define('APP_OIDC_USER_GROUP', 'internalfamily');
|
||||
|
||||
@@ -34,7 +34,7 @@
|
||||
{ "name": "db.schema", "label": "DB Schema", "type": "text", "required": false },
|
||||
{ "name": "db.user", "label": "DB User", "type": "text", "required": false },
|
||||
{ "name": "db.password", "label": "DB Passwort", "type": "password", "required": false },
|
||||
{ "name": "ttyd_url", "label": "ttyd URL", "type": "text", "required": false, "help": "z.B. https://staging.nexus.int.kusche.berlin/ttyd" },
|
||||
{ "name": "ttyd_url", "label": "ttyd URL", "type": "text", "required": false, "help": "z.B. https://staging.nexus.kusche.berlin/ttyd" },
|
||||
{ "name": "terminal_token_ttl", "label": "Token TTL (Minuten)", "type": "number", "required": false, "help": "Gültigkeit der Konsole-Token, z.B. 10" },
|
||||
{ "name": "terminal_shared_secret", "label": "Terminal Shared Secret", "type": "password", "required": false, "help": "Zusätzliche Absicherung für terminal_info (Header X-Terminal-Secret)" },
|
||||
{ "name": "terminal_tmux_session", "label": "tmux Session-Name", "type": "text", "required": false, "help": "Session-Name für bestehende Konsole (Standard: nexus)" },
|
||||
|
||||
@@ -7,25 +7,11 @@ use Modules\MiningChecker\Support\DebugState as MiningDebugState;
|
||||
// boot application (config, autoload, services)
|
||||
require_once __DIR__ . '/../config/fileload.php';
|
||||
|
||||
// Access-Protection (Basic Auth)
|
||||
$uriPath = parse_url($_SERVER['REQUEST_URI'] ?? '/', PHP_URL_PATH) ?: '/';
|
||||
$uriPath = preg_replace('~/{2,}~', '/', $uriPath);
|
||||
$uriPath = trim($uriPath, '/');
|
||||
$projectRoot = dirname(__DIR__);
|
||||
$auth = app()->auth();
|
||||
$isRetoolPath = ($uriPath === 'retool' || str_starts_with($uriPath, 'retool/'));
|
||||
if (defined('APP_BASIC_AUTH') && APP_BASIC_AUTH && !$isRetoolPath) {
|
||||
$authUser = getenv('STAGING_AUTH_USER') ?: 'staging';
|
||||
$authPass = getenv('STAGING_AUTH_PASS') ?: 'staging123';
|
||||
$user = $_SERVER['PHP_AUTH_USER'] ?? null;
|
||||
$pass = $_SERVER['PHP_AUTH_PW'] ?? null;
|
||||
if ($user !== $authUser || $pass !== $authPass) {
|
||||
header('WWW-Authenticate: Basic realm="Staging"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo 'Unauthorized';
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
// OIDC Auth
|
||||
$publicPaths = [
|
||||
|
||||
@@ -12,13 +12,10 @@ API_BASE="${PI_CONTROL_API_URL:-http://gui_nexus}"
|
||||
API_BASE="${API_BASE%/}"
|
||||
INFO_URL="${API_BASE}/module/pi_control/terminal_info?token=${TOKEN}"
|
||||
|
||||
AUTH_HEADER=()
|
||||
if [[ -n "${STAGING_AUTH_USER:-}" && -n "${STAGING_AUTH_PASS:-}" ]]; then
|
||||
BASIC="$(printf "%s:%s" "${STAGING_AUTH_USER}" "${STAGING_AUTH_PASS}" | base64)"
|
||||
AUTH_HEADER=(-H "Authorization: Basic ${BASIC}")
|
||||
fi
|
||||
if [[ -n "${PI_CONTROL_SHARED_SECRET:-}" ]]; then
|
||||
AUTH_HEADER+=(-H "X-Terminal-Secret: ${PI_CONTROL_SHARED_SECRET}")
|
||||
AUTH_HEADER=(-H "X-Terminal-Secret: ${PI_CONTROL_SHARED_SECRET}")
|
||||
else
|
||||
AUTH_HEADER=()
|
||||
fi
|
||||
|
||||
JSON="$(curl -sS "${AUTH_HEADER[@]}" "${INFO_URL}")"
|
||||
|
||||
Reference in New Issue
Block a user