Actualizar configuración de Docker y mejorar autenticación de Google en el inicio de sesión

2026-02-13 12:30:29 +00:00
parent 00ba9f3f01
commit 8339c1e2ea
5 changed files with 172 additions and 24 deletions
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@@ -0,0 +1,48 @@
+# Use FrankenPHP (Caddy + PHP)
+FROM dunglas/frankenphp
+
+# # Install system dependencies
+# RUN apt-get update && apt-get install -y \
+#     zip \
+#     unzip \
+#     && rm -rf /var/lib/apt/lists/*
+
+# Configure PHP extensions
+RUN install-php-extensions gd opcache
+
+# Set working directory
+WORKDIR /var/www/html
+
+# Copy application files
+COPY public_html/ /var/www/html/
+
+# Copy FrankenPHP (Caddy) configuration
+COPY docker/Caddyfile /etc/frankenphp/Caddyfile
+
+# Create DATA directory with proper permissions
+RUN mkdir -p /DATA && \
+    chown -R www-data:www-data /DATA && \
+    chmod -R 755 /DATA
+
+# Set permissions for web directory
+RUN chown -R www-data:www-data /var/www/html && \
+    chmod -R 755 /var/www/html
+
+# Configure PHP settings
+RUN echo "session.cookie_lifetime = 604800" >> /usr/local/etc/php/conf.d/custom.ini && \
+    echo "session.gc_maxlifetime = 604800" >> /usr/local/etc/php/conf.d/custom.ini && \
+    echo "upload_max_filesize = 500M" >> /usr/local/etc/php/conf.d/custom.ini && \
+    echo "post_max_size = 500M" >> /usr/local/etc/php/conf.d/custom.ini && \
+    echo "memory_limit = 512M" >> /usr/local/etc/php/conf.d/custom.ini && \
+    echo "max_execution_time = 300" >> /usr/local/etc/php/conf.d/custom.ini && \
+    echo "date.timezone = UTC" >> /usr/local/etc/php/conf.d/custom.ini && \
+    echo "display_errors = off" >> /usr/local/etc/php/conf.d/custom.ini && \
+    echo "opcache.enable = 0" >> /usr/local/etc/php/conf.d/custom.ini && \
+    echo "opcache.memory_consumption = 128" >> /usr/local/etc/php/conf.d/custom.ini && \
+    echo "opcache.interned_strings_buffer = 8" >> /usr/local/etc/php/conf.d/custom.ini && \
+    echo "opcache.max_accelerated_files = 4000" >> /usr/local/etc/php/conf.d/custom.ini && \
+    echo "opcache.revalidate_freq = 60" >> /usr/local/etc/php/conf.d/custom.ini && \
+    echo "opcache.fast_shutdown = 1" >> /usr/local/etc/php/conf.d/custom.ini
+
+# Expose port 80
+EXPOSE 80
--- a/README.md
+++ b/README.md
@@ -58,6 +58,9 @@ volumes:
  - ./public_html:/var/www/html  # Uncomment this line
 ```

+## Google OAuth Redirect URLs
+Format: `https://example.com/_login.php?google_callback=1`
+
 ## Support

 For issues and questions, please open an issue on GitHub.
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,7 +4,7 @@ services:
    # Optional: Build from local Dockerfile for development
    build:
      context: .
-      dockerfile: Dockerfile
+      dockerfile: Dockerfile.dev
    container_name: axia4-app
    ports:
      - "882:80"
--- a/public_html/_login.php
+++ b/public_html/_login.php
@@ -1,13 +1,107 @@
 <?php
 session_start();
+$AuthConfig = json_decode(file_get_contents("/DATA/AuthConfig.json"), true);
+$DOMAIN = $_SERVER["HTTP_X_FORWARDED_HOST"] ?? $_SERVER["HTTP_HOST"];
 if ($_GET["reload_user"] == "1") {
-    $user = $_SESSION['auth_user'];
+    $user = str_replace("@", "__", $_SESSION["auth_user"]);
    $userdata = json_decode(file_get_contents("/DATA/Usuarios/$user.json"), true);
    $_SESSION['auth_data'] = $userdata;
    $redir = $_GET["redir"] ?? "/";
    header("Location: $redir");
    die();
 }
+if ($_GET["google_callback"] == "1") {
+    if (!isset($AuthConfig["google_client_id"]) || !isset($AuthConfig["google_client_secret"])) {
+        die("Error: La autenticación de Google no está configurada.");
+    }
+    if (!isset($_GET["code"])) {
+        die("Error: No se recibió el código de autorización de Google.");
+    }
+    
+    $code = $_GET["code"];
+    
+    // Intercambiar el código de autorización por un token de acceso
+    $token_response = file_get_contents("https://oauth2.googleapis.com/token", false, stream_context_create([
+        "http" => [
+            "method" => "POST",
+            "header" => "Content-Type: application/x-www-form-urlencoded",
+            "content" => http_build_query([
+                "code" => $code,
+                "client_id" => $AuthConfig["google_client_id"],
+                "client_secret" => $AuthConfig["google_client_secret"],
+                "redirect_uri" => "https://$DOMAIN/_login.php?google_callback=1",
+                "grant_type" => "authorization_code"
+            ])
+        ]
+    ]));
+    
+    $token_data = json_decode($token_response, true);
+    
+    if (!isset($token_data["access_token"])) {
+        die("Error: No se pudo obtener el token de acceso de Google.");
+    }
+    
+    $access_token = $token_data["access_token"];
+    
+    // Obtener la información del usuario con el token de acceso
+    $user_info_response = file_get_contents("https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=$access_token");
+    $user_info = json_decode($user_info_response, true);
+    
+    if (!isset($user_info["email"])) {
+        die("Error: No se pudo obtener la información del usuario de Google.");
+    }
+    
+    $email = $user_info["email"];
+    $name = $user_info["name"] ?? explode("@", $email)[0];
+    $userfile = "/DATA/Usuarios/" . strtolower(str_replace("@", "__", $email)) . ".json";
+    if (file_exists($userfile)) {
+        $userdata = json_decode(file_get_contents($userfile), true);
+    } else {
+        $userdata = [
+            "display_name" => $name,
+            "email" => $email,
+            "permissions" => ["public"],
+            "password_hash" => password_hash(bin2hex(random_bytes(16)), PASSWORD_DEFAULT), // Contraseña aleatoria, ya que no se usará
+            "google_auth" => true,
+            "#" => "Este usuario fue creado automáticamente al iniciar sesión con Google por primera vez.",
+        ];
+        file_put_contents($userfile, json_encode($userdata));
+    }
+    
+    $_SESSION['auth_user'] = $email;
+    $_SESSION['auth_data'] = $userdata;
+    $_SESSION['auth_ok'] = true;
+    setcookie("auth_user", $email, time() + (86400 * 30), "/");
+    setcookie("auth_pass_b64", base64_encode($password), time() + (86400 * 30), "/");
+
+    $redir = json_decode(base64_decode($_GET["state"]), true)["redir"] ?? "/";
+
+    header("Location: $redir");
+    die();
+}
+if ($_GET["google"] == "1") {
+    if (!isset($AuthConfig["google_client_id"]) || !isset($AuthConfig["google_client_secret"])) {
+        die("Error: La autenticación de Google no está configurada.");
+    }
+    $url = "https://accounts.google.com/o/oauth2/auth";
+    
+    // build the HTTP GET query
+    $params = array(
+        "response_type" => "code",
+        "client_id" => $AuthConfig["google_client_id"],
+        "redirect_uri" => "https://$DOMAIN/_login.php?google_callback=1",
+        "scope" => "email openid profile",
+        "state" => base64_encode(json_encode([
+            "redir" => $_GET["redir"] ?? "/"
+        ]))
+    );
+    
+    $request_to = $url . '?' . http_build_query($params);
+    
+    // forward the user to the login access page on the OAuth 2 server
+    header("Location: " . $request_to);
+    die();
+}
 if ($_GET["logout"] == "1") {
    $redir = $_GET["redir"] ?? "/";
    setcookie("auth_user", "", time() - 3600, "/");
@@ -50,26 +144,26 @@ if (!file_exists("/DATA/SISTEMA_INSTALADO.txt")) {
    header("Location: /_install.php");
    die();
 }
-require_once "_incl/pre-body.php"; ?>
-<div class="card pad">
-    <div>
-        <h1 class="card-title">Iniciar sesión en Axia4</h1>
-        
-        <form method="post" action="?redir=<?= urlencode($_GET["redir"] ?? "/") ?>">
-            <div class="card pad" style="max-width: 500px;">
-                <div>
-                    <div class="mb-3">
-                        <label for="user" class="form-label"><b>Usuario:</b></label>
-                        <input required type="text" id="user" name="user" class="form-control" placeholder="Ej: PepitoFlores3">
-                    </div>
-                    <div class="mb-3">
-                        <label for="password" class="form-label"><b>Contraseña:</b></label>
-                        <input required type="password" id="password" name="password" class="form-control" placeholder="Ej: PerroArbolPianoPizza">
-                    </div>
-                    <button type="submit" class="btn btn-primary">Iniciar sesión</button>
-                </div>
+require_once "_incl/pre-body.php"; 
+?>
+
+<form method="post" action="?redir=<?= urlencode($_GET["redir"] ?? "/") ?>">
+    <div class="card pad" style="max-width: 500px;">
+        <h1 style="text-align: center;">Iniciar sesión en Axia4</h1>
+        <div>
+            <div class="mb-3">
+                <label for="user" class="form-label"><b>Usuario o correo electrónico:</b></label>
+                <input required type="text" id="user" name="user" class="form-control" placeholder="Ej: pepeflores o pepeflo@gmail.arpa">
            </div>
-        </form>
+            <div class="mb-3">
+                <label for="password" class="form-label"><b>Contraseña:</b></label>
+                <input required type="password" id="password" name="password" class="form-control" placeholder="Ej: PerroPiano482">
+            </div>
+            <button type="submit" class="btn btn-primary">Iniciar sesión</button>
+            <?php if ($AuthConfig["google_client_id"] ?? false && $AuthConfig["google_client_secret"] ?? false): ?>
+                <a href="/_login.php?google=1&redir=<?= urlencode($_GET["redir"] ?? "/") ?>" class="btn btn-outline-danger">Google</a>
+            <?php endif; ?>
+        </div>
    </div>
-</div>
+</form>
 <?php require_once "_incl/post-body.php"; ?>
--- a/public_html/index.php
+++ b/public_html/index.php
@@ -14,7 +14,7 @@
    <span>En los siguientes días vamos a cambiar la interfaz.</span>
 </div>

-<div id="grid" class="app-grid">
+<div id="grid" class="app-grid" style="display: none;">
    <div class="app-card">
        <img src="/static/logo-club.png" alt="Logo Club">
        <div class="app-title">La web del club</div>
@@ -122,7 +122,7 @@
        background: url(/static/portugalete.jpg) #ffffffc2;
        padding: 25px 7px;
        padding-top: 50px;
-        height: 500px;
+        height: 350px;
        border-radius: 50px;
        background-size: cover;
        background-position: center;
@@ -195,6 +195,9 @@
    .is-disabled {
        opacity: 0.6;
    }
+    .app-card .btn.btn-outline-secondary.disabled {
+        color: black;
+    }
 </style>

 <?php require_once "_incl/post-body.php"; ?>