proxyauth/proxyauth.php

<?php
/**
 * Name: Proxy Auth
 * Description: Authenticate a user against reverse proxy headers
 * Version: 1.0
 * Author: Mark Wane <https://social.cool110.xyz/profile/mark>
 */

 /**
 * Friendica addon
 *
 * Module: Proxy Auth
 *
 * Authenticate a user against reverse proxy headers
 * For use when authentication is handled by webserver modules or a reverse proxy
 */

use Friendica\Core\Hook;
use Friendica\DI;
use Friendica\Model\User;

function proxyauth_install(){
	Hook::register( 'authenticate', 'addon/proxyauth/proxyauth.php', 'proxyauth_hook' );
	Hook::register( 'logging_out', 'addon/proxyauth/proxyauth.php', 'proxyauth_logout' );
}

function proxyauth_uninstall(){
	Hook::unregister( 'authenticate', 'addon/proxyauth/proxyauth.php', 'proxyauth_hook' );
	Hook::unregister( 'logging_out', 'addon/proxyauth/proxyauth.php', 'proxyauth_logout' );
}

function proxyauth_hook( $a, &$b ){
	$acc = proxyauth_auth();

	if ( ! empty( $acc ) ){
		$b['user_record']   = $acc[0];
		$b['authenticated'] = 1;
	}

	return;
}

function proxyauth_logout( $a ){
	DI::cookie()->clear();
	DI::session()->clear();
	info( DI::l10n()->t( 'Logging out') );
	DI::baseUrl()->redirect( '/logout_sso' );
}

function proxyauth_auth(){
	$uid  = $_SERVER['HTTP_UID'] ?? NULL;
	$mail = $_SERVER['HTTP_MAIL'] ?? NULL;
	$name = $_SERVER['HTTP_CN'] ?? NULL;

	if ( is_null( $uid ) ){
		return false;
	}

	$acc = proxyauth_get_user( $uid );

	if ( ! empty( $acc ) ){
		return $acc;
	}

	proxyauth_create_user( $uid, $mail, $name );

	return proxyauth_get_user( $uid );
}

function proxyauth_create_user( $uid, $mail, $name ){
	$pass = hash( 'sha512', random_( 256 ) );
	User::create( array(
		'username' => $name,
		'nickname' => $uid,
		'email'    => $mail,
		'password' => $pass,
		'verified' => 1
	) );
}

function proxyauth_get_user( $uid ){
	return q("SELECT * FROM `user` WHERE `nickname` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1", $uid);
}