Login Keycloak solo per utenti autorizzati

2025-11-14 11:44:52 +01:00
parent cf4cb2679b
commit 9c2ea5b8ff
3 changed files with 41 additions and 4 deletions
--- a/docker/php/config.php
+++ b/docker/php/config.php
@@ -43,5 +43,8 @@ if (AUTH_TYPE === 'keycloak') {
    if (!defined('KEYCLOAK_CLIENT_SECRET')) {
        define('KEYCLOAK_CLIENT_SECRET',''); // Client Secret per Keycloak (ad esempio abcdefghijklm)
    }
+    if (!defined('KEYCLOAK_ALLOWED_USERS')) {
+        define('KEYCLOAK_ALLOWED_USERS',[]); // Contiene i nomi utente degli utenti autorizzati ad accedere all'amministrazione
+    }
 }
 ?>
--- a/htdocs/admin/login.php
+++ b/htdocs/admin/login.php
@@ -72,10 +72,41 @@ else if (AUTH_TYPE === 'keycloak') {
  $oidc->setRedirectURL('https://' . APP_DOMAIN . '/admin/login.php');
  $oidc->authenticate();
  $userinfo = $oidc->getVerifiedClaims();
-  $_SESSION['admin'] = $userinfo->preferred_username;
-  $_SESSION['auth_type'] = 'keycloak';
-  header("Location: index.php");
-  exit;
+  if (in_array($userinfo->preferred_username, KEYCLOAK_ALLOWED_USERS, true) || empty(KEYCLOAK_ALLOWED_USERS)) {
+    $_SESSION['admin'] = $userinfo->preferred_username;
+    $_SESSION['auth_type'] = 'keycloak';
+    header("Location: index.php");
+    exit;
+  } else {
+    http_response_code(403);
+    echo <<<HTML
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Login Admin</title>
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <link rel="stylesheet" href="style.css">
+</head>
+<body>
+
+  <div class="navbar">
+    <div class="logo">Admin Dashboard</div>
+    <div class="links">
+      <a href="/">Torna al sito</a>
+    </div>
+  </div>
+
+  <!-- Container login -->
+  <div class="login-container">
+    <h1>Login Admin</h1>
+<br><div class='error'>Non sei autorizzato ad accedere a questa parte del sito.</div>
+</div>
+<p style="text-align: center;">Copyright (C) 2025 EmmeV. - Released under <a href="https://git.vichingo455.freeddns.org/emmev-code/orario/src/branch/stable/LICENSE.txt" target="_blank">GNU AGPL 3.0 License</a>.</p>
+</body>
+</html>
+HTML;
+    exit;
+  }
  } catch (Exception $e) {
    http_response_code(500);
      echo <<<HTML
--- a/htdocs/config/config.php
+++ b/htdocs/config/config.php
@@ -43,5 +43,8 @@ if (AUTH_TYPE === 'keycloak') {
    if (!defined('KEYCLOAK_CLIENT_SECRET')) {
        define('KEYCLOAK_CLIENT_SECRET',''); // Client Secret per Keycloak (ad esempio abcdefghijklm)
    }
+    if (!defined('KEYCLOAK_ALLOWED_USERS')) {
+        define('KEYCLOAK_ALLOWED_USERS',[]); // Contiene i nomi utente degli utenti autorizzati ad accedere all'amministrazione
+    }
 }
 ?>