🔃Sync enhancements

front/index.php

@@ -3,7 +3,9 @@
 
 <?php
 require dirname(__FILE__).'/php/server/init.php';
-require 'php/templates/security.php';
+//------------------------------------------------------------------------------
+// check if authenticated
+require_once  $_SERVER['DOCUMENT_ROOT'] . '/php/templates/security.php';
 
 $CookieSaveLoginName = 'NetAlertX_SaveLogin';
 

front/php/templates/security.php

@@ -69,25 +69,45 @@ if (!empty($config_file_lines_password)) {
     $nax_Password = ''; // or handle accordingly
 }
 
-// active Session or valid cookie (cookie not extends)
-if($nax_WebProtection == 'true')
-{
-    if(isset($_SESSION["login"]) == FALSE )
-    {
+// Web protection is enabled, so we need to authenticate the request
+if ($nax_WebProtection == 'true') {
+    // 2 methods of authentication - bearer in the request or password supplied by the user
+    if (!isset($_SESSION["login"])) {
         $_SESSION["login"] = 0;
-    }     
+    }
 
-    if ($_SESSION["login"] == 1 || $isLogonPage || (isset($_COOKIE[$CookieSaveLoginName]) && $nax_Password == $_COOKIE[$CookieSaveLoginName]))
-    {
+    // Retrieve the authorization header
+    $headers = apache_request_headers();
+    $auth_header = $headers['Authorization'] ?? '';
+
+    // Find SYNC_api_token line
+    $config_file_lines_token = array_values(preg_grep('/^SYNC_api_token.*=/', $config_file_lines));
+
+    if (!empty($config_file_lines_token)) {
+        $token_line = explode("'", $config_file_lines_token[0]);
+        $api_token = $token_line[1];
+    } else {
+        // Default behavior if SYNC_api_token is not found
+        $api_token = ''; // or handle accordingly
+    }
+
+    $expected_token = 'Bearer ' . $api_token;
+
+    // Verify the authorization token
+    if (!empty($api_token) && $auth_header === $expected_token) {
+        // Valid Bearer token, set session login to 1
+        $_SESSION["login"] = 1;
+    } else if (!empty($auth_header)) {
+       echo "[Security] Incorrect Bearer Token";
+    }
+
+    if ($_SESSION["login"] == 1 || $isLogonPage || (isset($_COOKIE[$CookieSaveLoginName]) && $nax_Password == $_COOKIE[$CookieSaveLoginName])) {
         // Logged in or stay on this page if we are on the index.php already   
-        
-    } else 
-    {
+    } else {
         // we need to redirect        
         header('Location: /index.php');
         exit(); // ensure script stops after header redirection
-    } 
-
+    }
 }
 
 ?>

front/plugins/sync/sync.py

@@ -305,7 +305,7 @@ def get_data(api_token, node_url):
     api_endpoint = f"{node_url}/plugins/sync/hub.php"
     response = requests.get(api_endpoint, headers=headers)
 
-    # mylog('verbose', [f'[{pluginName}] response: "{response}"'])
+    # mylog('verbose', [f'[{pluginName}] response: "{response.text}"'])
 
     if response.status_code == 200:
         try: