Commit e5ba646d authored by Mahmoud Aglan's avatar Mahmoud Aglan

fix: auth 401 loop - pass Authorization header through Apache + use GET for /auth/v1/user

Co-Authored-By: 's avatarClaude Opus 4.6 <noreply@anthropic.com>
parent cabcceab
RewriteEngine On RewriteEngine On
# Pass Authorization header to PHP (Apache strips it by default)
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Force HTTPS (CapRover handles SSL termination via X-Forwarded-Proto) # Force HTTPS (CapRover handles SSL termination via X-Forwarded-Proto)
RewriteCond %{HTTP:X-Forwarded-Proto} =http RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
......
...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php'; ...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php';
header('Content-Type: application/json'); header('Content-Type: application/json');
$token = null; $token = get_auth_token();
$authHeader = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
if (str_starts_with($authHeader, 'Bearer ')) {
$token = substr($authHeader, 7);
}
if (!$token) { if (!$token) {
http_response_code(401); http_response_code(401);
......
...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php'; ...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php';
header('Content-Type: application/json'); header('Content-Type: application/json');
$token = null; $token = get_auth_token();
$authHeader = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
if (str_starts_with($authHeader, 'Bearer ')) {
$token = substr($authHeader, 7);
}
if (!$token) { if (!$token) {
http_response_code(401); http_response_code(401);
......
...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php'; ...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php';
header('Content-Type: application/json'); header('Content-Type: application/json');
$token = null; $token = get_auth_token();
$authHeader = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
if (str_starts_with($authHeader, 'Bearer ')) {
$token = substr($authHeader, 7);
}
if (!$token) { if (!$token) {
http_response_code(401); http_response_code(401);
......
...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php'; ...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php';
header('Content-Type: application/json'); header('Content-Type: application/json');
$token = null; $token = get_auth_token();
$authHeader = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
if (str_starts_with($authHeader, 'Bearer ')) {
$token = substr($authHeader, 7);
}
if (!$token) { if (!$token) {
http_response_code(401); http_response_code(401);
......
...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php'; ...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php';
header('Content-Type: application/json'); header('Content-Type: application/json');
$token = null; $token = get_auth_token();
$authHeader = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
if (str_starts_with($authHeader, 'Bearer ')) {
$token = substr($authHeader, 7);
}
if (!$token) { if (!$token) {
http_response_code(401); http_response_code(401);
......
...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php'; ...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php';
header('Content-Type: application/json'); header('Content-Type: application/json');
$token = null; $token = get_auth_token();
$authHeader = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
if (str_starts_with($authHeader, 'Bearer ')) {
$token = substr($authHeader, 7);
}
if (!$token) { if (!$token) {
http_response_code(401); http_response_code(401);
......
...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php'; ...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php';
header('Content-Type: application/json'); header('Content-Type: application/json');
$token = null; $token = get_auth_token();
$authHeader = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
if (str_starts_with($authHeader, 'Bearer ')) {
$token = substr($authHeader, 7);
}
if (!$token) { if (!$token) {
http_response_code(401); http_response_code(401);
......
...@@ -4,8 +4,7 @@ require_once __DIR__ . '/../config/database.php'; ...@@ -4,8 +4,7 @@ require_once __DIR__ . '/../config/database.php';
header('Content-Type: application/json'); header('Content-Type: application/json');
$authHeader = $_SERVER['HTTP_AUTHORIZATION'] ?? ''; $token = get_auth_token();
$token = str_replace('Bearer ', '', $authHeader);
if (!$token) { if (!$token) {
http_response_code(401); http_response_code(401);
...@@ -16,7 +15,7 @@ if (!$token) { ...@@ -16,7 +15,7 @@ if (!$token) {
$method = $_SERVER['REQUEST_METHOD']; $method = $_SERVER['REQUEST_METHOD'];
if ($method === 'GET') { if ($method === 'GET') {
$userRes = supabase_auth('user', [], $token); $userRes = supabase_auth('user', [], $token, 'GET');
if ($userRes['status'] !== 200 || !isset($userRes['data']['id'])) { if ($userRes['status'] !== 200 || !isset($userRes['data']['id'])) {
http_response_code(401); http_response_code(401);
...@@ -38,7 +37,7 @@ if ($method === 'GET') { ...@@ -38,7 +37,7 @@ if ($method === 'GET') {
} elseif ($method === 'PATCH') { } elseif ($method === 'PATCH') {
$input = json_decode(file_get_contents('php://input'), true); $input = json_decode(file_get_contents('php://input'), true);
$userRes = supabase_auth('user', [], $token); $userRes = supabase_auth('user', [], $token, 'GET');
if ($userRes['status'] !== 200) { if ($userRes['status'] !== 200) {
http_response_code(401); http_response_code(401);
echo json_encode(['error' => 'غير مصرح']); echo json_encode(['error' => 'غير مصرح']);
......
...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php'; ...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php';
header('Content-Type: application/json'); header('Content-Type: application/json');
$token = null; $token = get_auth_token();
$authHeader = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
if (str_starts_with($authHeader, 'Bearer ')) {
$token = substr($authHeader, 7);
}
if (!$token) { if (!$token) {
http_response_code(401); http_response_code(401);
......
...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php'; ...@@ -3,11 +3,7 @@ require_once __DIR__ . '/../config/database.php';
header('Content-Type: application/json'); header('Content-Type: application/json');
$token = null; $token = get_auth_token();
$authHeader = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
if (str_starts_with($authHeader, 'Bearer ')) {
$token = substr($authHeader, 7);
}
if (!$token) { if (!$token) {
http_response_code(401); http_response_code(401);
......
...@@ -2,6 +2,18 @@ ...@@ -2,6 +2,18 @@
require_once __DIR__ . '/constants.php'; require_once __DIR__ . '/constants.php';
function get_auth_token(): string {
$authHeader = $_SERVER['HTTP_AUTHORIZATION'] ?? $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] ?? '';
if (!$authHeader && function_exists('getallheaders')) {
$allHeaders = getallheaders();
$authHeader = $allHeaders['Authorization'] ?? $allHeaders['authorization'] ?? '';
}
if (str_starts_with($authHeader, 'Bearer ')) {
return substr($authHeader, 7);
}
return '';
}
function supabase_rest(string $method, string $endpoint, array $data = [], ?string $token = null): array { function supabase_rest(string $method, string $endpoint, array $data = [], ?string $token = null): array {
$url = SUPABASE_URL . '/rest/v1/' . ltrim($endpoint, '/'); $url = SUPABASE_URL . '/rest/v1/' . ltrim($endpoint, '/');
$headers = [ $headers = [
...@@ -40,7 +52,7 @@ function supabase_rest(string $method, string $endpoint, array $data = [], ?stri ...@@ -40,7 +52,7 @@ function supabase_rest(string $method, string $endpoint, array $data = [], ?stri
]; ];
} }
function supabase_auth(string $endpoint, array $data = [], ?string $token = null): array { function supabase_auth(string $endpoint, array $data = [], ?string $token = null, string $method = 'POST'): array {
$url = SUPABASE_URL . '/auth/v1/' . ltrim($endpoint, '/'); $url = SUPABASE_URL . '/auth/v1/' . ltrim($endpoint, '/');
$headers = [ $headers = [
'Content-Type: application/json', 'Content-Type: application/json',
...@@ -54,9 +66,12 @@ function supabase_auth(string $endpoint, array $data = [], ?string $token = null ...@@ -54,9 +66,12 @@ function supabase_auth(string $endpoint, array $data = [], ?string $token = null
$ch = curl_init($url); $ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
if ($method === 'POST') {
curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($ch, CURLOPT_TIMEOUT, 15); }
$response = curl_exec($ch); $response = curl_exec($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment