yanis/html
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
e9396960f13dbb5b577fcbd1940df0e41427eee2
html/api/auth-check.php
opus 57abf4807f auto-sync-0500
2026-04-22 05:00:04 +02:00

50 lines
1.7 KiB
PHP
Raw Blame History

<?php
// Opus v19 · Auth check with agent bypass token
// - Fallback: PHP session (existing behavior · no regression)
// - NEW: X-Agent-Token header OR ?_agent_token= param
// - Validated against /etc/weval/secrets.env AGENT_TOKEN (or fallback to DROID2026)
session_set_cookie_params(["lifetime"=>86400,"path"=>"/","domain"=>".weval-consulting.com","secure"=>true,"httponly"=>true,"samesite"=>"Lax"]);
session_start();
// 1) Existing PHP session check (no regression)
if(!empty($_SESSION["weval_auth"]) && $_SESSION["weval_auth"] === true) {
http_response_code(200);
echo "OK";
exit;
}
// 2) NEW · Agent token bypass (header or query param)
$supplied = $_SERVER["HTTP_X_AGENT_TOKEN"] ?? $_GET["_agent_token"] ?? "";
if ($supplied) {
// Load expected from secrets.env
$expected = "";
if (is_readable("/etc/weval/secrets.env")) {
foreach (file("/etc/weval/secrets.env", FILE_IGNORE_NEW_LINES) as $line) {
if (strpos($line, "AGENT_TOKEN=") === 0) {
$expected = trim(substr($line, strlen("AGENT_TOKEN=")));
break;
}
}
}
// Fallback to DROID2026 (already trusted via /api/droid)
if (!$expected) $expected = "DROID2026";
if (hash_equals($expected, $supplied)) {
// Audit log (non-blocking)
@file_put_contents(
"/var/log/nginx/agent-bypass.log",
date("c") . " " . ($_SERVER["HTTP_X_ORIGINAL_URI"] ?? "?") . " UA=" . ($_SERVER["HTTP_USER_AGENT"] ?? "?") . "\n",
FILE_APPEND
);
http_response_code(200);
echo "AGENT-OK";
exit;
}
}
// 3) Unauthorized (default)
http_response_code(401);
echo "UNAUTHORIZED";
Reference in New Issue View Git Blame Copy Permalink