root/smart-home-server

Fork: 0

root / smart-home-server

History for smart-home-server / server / SHServ / Controllers / AuthController.php

2026-06-07	41187ed Browse files » Phase 3 infrastructure hardening: IP/UA binding, nginx getallheaders fallback, auth rate limiting, permission cache Eugene Sukhodolskiy committed 6 hours ago
	e7afa05 Browse files » Phase 2 session stability: refresh queue, Bearer fallback, proactive refresh Eugene Sukhodolskiy committed 6 hours ago
	e90acee Browse files » Phase 1 auth security hotfixes: cookie-based session, bearer checks, router guard sync ... - Remove access_token from OAuth callback URL (token leak fix) - Add sanitizeReturnTo() to prevent open redirect on login/callback - Add Bearer token expiration check in resolve_user_by_bearer() - Add user status check in load_user_by_id() (block inactive/banned) - Cache authStore.init() promise to prevent race condition - Await auth init in router beforeEach guard - Remove URL token parsing from main.js and LoginPage - Remove hasTokenInUrl workaround from client.js 401 handler Eugene Sukhodolskiy committed 6 hours ago
	dc6249e Browse files » Fix OAuth callback URL: insert access_token query string BEFORE hash fragment so Vue can read it via window.location.search Eugene Sukhodolskiy committed 7 hours ago
2026-06-06	7cf585f Browse files » Add Bearer token persistence for cross-domain SPA auth ... - api/auth.js: persist access token in localStorage so it survives page reloads and works across domains (panel vs server IP). - LoginPage.vue: on mount, check for access_token in URL query params (from OAuth callback) and initialize auth store. - AuthController::callback(): append access_token + expires_in to the redirect URL so the SPA can capture it. Eugene Sukhodolskiy committed 21 hours ago
	bcd9ed7 Browse files » Fix logout: session_start + destroy cookie + redirect to local /login instead of /auth/login Eugene Sukhodolskiy committed 1 day ago
	fe00bd5 Browse files » Make user card avatar/name clickable link to gnexus-auth profile Eugene Sukhodolskiy committed 1 day ago
	35a3122 Browse files » Add GnUserCard drawer footer; fix proxy.php cookie forwarding and /auth/ whitelist Eugene Sukhodolskiy committed 1 day ago
	402e195 Browse files » Fix auth session persistence: add credentials:include to fetch and session_start to auth flow ... - http.js: add credentials: 'include' to fetch() so cookies are sent with every API request (fixes /auth/me returning 401 after callback) - AuthControllerTrait::resolve_user(): ensure session_start() before reading - AuthController::callback(): ensure session_start() before writing - AuthService::handleCallback(): defer DB token persistence until local user ID is resolved; store temp token data in session - UserResolver: fix lastInsertId() method name, remove avatarUrl() call (use profile array instead) This fixes the loop where user was redirected back to /login after successful OAuth callback because PHP session cookie was not sent with the /auth/me request. Eugene Sukhodolskiy committed 1 day ago
	3f75d33 Browse files » Phase 0: gnexus-auth integration infrastructure ... - Add gnexus/auth-client via Composer vcs - Thin PSR-18/17 cURL adapter (zero extra deps) - SessionStateStore, SessionPkceStore, DbTokenStore - AuthService wrapper: login URL, callback, logout, refresh, me - UserResolver + PermissionResolver - AuthController (login, callback, logout, me, refresh) - WebhookController + WebhookRouter + event handlers - AuthControllerTrait for endpoint protection - Migration: 9 tables (users, roles, permissions, overrides, groups, members, group_perms, sessions, audit) + seed data - Remove old Example_AuthController - Add GAUTH_* env variables to config and .env.example Eugene Sukhodolskiy committed 1 day ago