diff --git a/.env.example b/.env.example index d0cf6ca..b9dc12e 100644 --- a/.env.example +++ b/.env.example @@ -1,4 +1,4 @@ -; Authentication method: LDAP or OIC +; Authentication method: LDAP or OIDC Authentication="LDAP" ; LDAP config LDAP_HOST="ldaps://..." @@ -18,11 +18,11 @@ TESTUSER=false ; OpenID Connect configuration ; ID provider -OIC_IDP="https://xxx" +OIDC_IDP="https://xxx" ; Client ID -OIC_CLIENT_ID="xxx" +OIDC_CLIENT_ID="xxx" ; Client secret -OIC_CLIENT_SECRET="xxx" +OIDC_CLIENT_SECRET="xxx" ; Path to composer auoload file (without /vendor/autoload.php) ; normally set to "." diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..c2179ea --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,83 @@ +on: + push: + pull_request: + +name: CI build +jobs: + build: + name: CI build + runs-on: ubuntu-latest + env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + permissions: + contents: read + packages: write + steps: + + - name: Checkout repo + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + - name: Log into registry ${{ env.REGISTRY }} + if: github.event_name != 'pull_request' + uses: docker/login-action@v3 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Extract Docker metadata + id: meta-php + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-php + tags: | + type=schedule + type=ref,event=branch + type=ref,event=tag + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }} + type=raw,value=latest,enable={{is_default_branch}} + type=raw,value={{branch}}-{{sha}}-{{date 'X'}},enable=${{ github.event_name != 'pull_request' && !contains(github.ref, 'refs/tags/') }} + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile.php + push: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]'}} + tags: ${{ steps.meta-php.outputs.tags }} + labels: ${{ steps.meta-php.outputs.labels }} + + - name: Extract Docker metadata + id: meta-caddy + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-caddy + tags: | + type=schedule + type=ref,event=branch + type=ref,event=tag + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}},enable=${{ !startsWith(github.ref, 'refs/tags/v0.') }} + type=raw,value=latest,enable={{is_default_branch}} + type=raw,value={{branch}}-{{sha}}-{{date 'X'}},enable=${{ github.event_name != 'pull_request' && !contains(github.ref, 'refs/tags/') }} + - name: Build and push + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile.caddy + push: ${{ github.event_name != 'pull_request' && github.actor != 'dependabot[bot]'}} + tags: ${{ steps.meta-caddy.outputs.tags }} + labels: ${{ steps.meta-caddy.outputs.labels }} \ No newline at end of file diff --git a/Dockerfile.caddy b/Dockerfile.caddy new file mode 100644 index 0000000..8004875 --- /dev/null +++ b/Dockerfile.caddy @@ -0,0 +1,2 @@ +FROM caddy:latest +COPY . /var/www/html/public \ No newline at end of file diff --git a/Dockerfile.php b/Dockerfile.php new file mode 100644 index 0000000..15f256a --- /dev/null +++ b/Dockerfile.php @@ -0,0 +1,12 @@ +FROM php:8.2-fpm +#WORKDIR /var/www/html +COPY ./ /var/www/html/ + +RUN apt-get update \ + && apt-get install -y git libzip-dev zip \ + && docker-php-ext-install zip \ + && cd /var/www/html \ + && chmod +x composer_install.sh && ./composer_install.sh \ + && mv composer.phar /usr/local/bin/composer \ + && composer install \ + && rm composer_install.sh Dockerfile.caddy Dockerfile.php diff --git a/README.md b/README.md index a93d02a..6eb79f9 100644 --- a/README.md +++ b/README.md @@ -47,14 +47,14 @@ To get started you need to add a configuration file to the project first. Copy t | Value | Type | Example | Description | | ---------------- | ------- | -------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | -| Authentication | string | 'LDAP' or 'OIC' | Authentication method: LDAP or OpenID Connect | +| Authentication | string | 'LDAP' or 'OIDC' | Authentication method: LDAP or OpenID Connect | | LDAP_HOST | string | "ldaps://...de" | The URL of your LDAP server. | | LDAP_BIND_PW | string | secretpassword | Password of the user that is trying to bind to the LDAP Server. | | LDAP_BASE_DN | string | "cn=...,ou=...,dc=..." | Distinguised name that is used to initially bind to your LDAP server. | | LDAP_SEARCH_DN | string | "ou=...,dc=..." | Distinguished name that is used for authenticating users. | -| OIC_IDP | string | "https://...." | URL of the Identity provider supporting OpenID Connect. | -| OIC_CLIENT_ID | string | "..." | Client Id for this application in Identity provider. | -| OIC_CLIENT_SECRET | string | "..." | Secret key for OpenID Connect. | +| OIDC_IDP | string | "https://...." | URL of the Identity provider supporting OpenID Connect. | +| OIDC_CLIENT_ID | string | "..." | Client Id for this application in Identity provider. | +| OIDC_CLIENT_SECRET | string | "..." | Secret key for OpenID Connect. | | COMPOSER_PATH | string | "..." | Path to PHP Composer libariries (only needed for OpenID Connect). | | OPENAI_API_KEY | string | sk-... | Open AI Api key | | IMPRINT_LOCATION | string | https://your-university/imprint | A link to your imprint. Alternatively you can replace the file index.php under /impressum with your own html/ php of your imprint. | diff --git a/api.php b/api.php index d291ab4..64017cb 100644 --- a/api.php +++ b/api.php @@ -1,8 +1,10 @@ &2 echo 'ERROR: Invalid installer checksum' + rm composer-setup.php + exit 1 +fi + +php composer-setup.php --quiet +RESULT=$? +rm composer-setup.php +exit $RESULT \ No newline at end of file diff --git a/datenschutz/index.php b/datenschutz/index.php index fc88aee..f650b67 100644 --- a/datenschutz/index.php +++ b/datenschutz/index.php @@ -1,6 +1,8 @@ \ No newline at end of file + + + + + + + + + + + diff --git a/impressum/index.php b/impressum/index.php index 640e224..5598909 100644 --- a/impressum/index.php +++ b/impressum/index.php @@ -1,6 +1,8 @@ - + + HAWKI + + + '; + } + ?> + - + +
@@ -97,7 +112,13 @@
Über HAWKI Feedback - Abmelden + >Abmelden ()
Datenschutz Impressum @@ -415,7 +436,7 @@ function addMessage(message){ if(message.role == "assistant"){ messageElement.querySelector(".message-icon").textContent = "AI"; }else{ - messageElement.querySelector(".message-icon").textContent = ''; + messageElement.querySelector(".message-icon").textContent = ''; messageElement.querySelector(".message").classList.add("me"); } @@ -462,7 +483,7 @@ function modalClick(element){ const inputField = document.querySelector(".userpost-field"); let message = {}; - message.role = ''; + message.role = ''; message.content = inputField.value.trim(); fetch('userpost.php', { diff --git a/login.php b/login.php index b8d4a00..b7ad063 100644 --- a/login.php +++ b/login.php @@ -1,6 +1,6 @@ - HAWKI + HAWKI + + + '; + } + ?> @@ -133,21 +149,23 @@ function auth(

Willkommen zurück!

- + "
+
"; } - if (trim($env["Authentication"]) == "LDAP") { + if ((isset($env) ? $env["Authentication"] : getenv("Authentication")) == "LDAP") { $login_available = true; $server = $_SERVER['PHP_SELF']; - $ldap_login = $env["LDAP_LOGIN_BUTTON"]??'Login'; + $ldap_login = isset($env) ? $env["LDAP_LOGIN_BUTTON"] ??'Login' : getenv("LDAP_LOGIN_BUTTON"); echo '
@@ -196,7 +214,7 @@ function auth( - +
@@ -211,7 +229,7 @@ function auth( diff --git a/oic_login.php b/oidc_login.php similarity index 52% rename from oic_login.php rename to oidc_login.php index e71bf7c..9976b27 100644 --- a/oic_login.php +++ b/oidc_login.php @@ -1,42 +1,41 @@ setHttpUpgradeInsecureRequests(false); } +$oidc->addScope('profile','email'); $oidc->authenticate(); -$_SESSION['oidcClient'] = $oidc; - // Set session variable username $firstname = $oidc->requestUserInfo('given_name'); $surname = $oidc->requestUserInfo('family_name'); $initials = substr($firstname, 0, 1) . substr($surname, 0, 1); +# +$_SESSION['initials'] = $initials; -$_SESSION['username'] = $initials; - +$_SESSION['username'] = $oidc->requestUserInfo('email'); header("Location: interface.php"); exit(); -?> - +?> \ No newline at end of file diff --git a/oidc_logout.php b/oidc_logout.php new file mode 100644 index 0000000..a912ec2 --- /dev/null +++ b/oidc_logout.php @@ -0,0 +1,10 @@ + \ No newline at end of file diff --git a/stream-api.php b/stream-api.php index 0269bae..746b63a 100644 --- a/stream-api.php +++ b/stream-api.php @@ -19,12 +19,13 @@ exit; } - -$env = parse_ini_file('.env'); +if (file_exists(".env")){ + $env = parse_ini_file('.env'); +} // Replace with your API URL and API key $apiUrl = 'https://api.openai.com/v1/chat/completions'; -$apiKey = $env['OPENAI_API_KEY']; +$apiKey = isset($env) ? $env['OPENAI_API_KEY'] : getenv('OPENAI_API_KEY'); // Read the request payload from the client $requestPayload = file_get_contents('php://input');