mirror of
https://github.com/myronblair/jarvis
synced 2026-06-30 17:50:23 -05:00
fix: index.php entry point — server-side 302 to login.php, no JS required; _app.html is the actual app
This commit is contained in:
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,28 @@
|
||||
<?php
|
||||
// Entry point — server-side session check, no JavaScript required.
|
||||
// If not logged in: HTTP 302 to /login.php (Cloudflare cannot interfere).
|
||||
// If logged in: serve the app with token already in sessionStorage.
|
||||
session_name('jarvis_main');
|
||||
session_start();
|
||||
|
||||
if (empty($_SESSION['jarvis_token'])) {
|
||||
header('Location: /login.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
$token = $_SESSION['jarvis_token'];
|
||||
$name = $_SESSION['jarvis_name'] ?? '';
|
||||
|
||||
// Serve _app.html with the session token injected before any other script
|
||||
$html = file_get_contents(__DIR__ . '/_app.html');
|
||||
|
||||
// Strip the old data-cfasync guard (no longer needed — PHP handles auth now)
|
||||
$html = preg_replace('/<script data-cfasync="false">if\(!sessionStorage[^<]+<\/script>\n?/', '', $html);
|
||||
|
||||
// Inject token into sessionStorage right after <head> so it's available
|
||||
// before any other script runs — including Rocket Loader
|
||||
$inject = '<script>sessionStorage.setItem("jarvis_token",' . json_encode($token) . ');'
|
||||
. 'sessionStorage.setItem("jarvis_user",' . json_encode($name) . ');</script>';
|
||||
$html = str_replace('<head>', '<head>' . $inject, $html);
|
||||
|
||||
echo $html;
|
||||
Reference in New Issue
Block a user