mirror of
https://github.com/myronblair/jarvis
synced 2026-06-30 17:50:23 -05:00
29 lines
1.1 KiB
PHP
29 lines
1.1 KiB
PHP
<?php
|
|
// Entry point — server-side session check, no JavaScript required.
|
|
// If not logged in: HTTP 302 to /login.php (Cloudflare cannot interfere).
|
|
// If logged in: serve the app with token already in sessionStorage.
|
|
session_name('jarvis_main');
|
|
session_start();
|
|
|
|
if (empty($_SESSION['jarvis_token'])) {
|
|
header('Location: /login.php');
|
|
exit;
|
|
}
|
|
|
|
$token = $_SESSION['jarvis_token'];
|
|
$name = $_SESSION['jarvis_name'] ?? '';
|
|
|
|
// Serve _app.html with the session token injected before any other script
|
|
$html = file_get_contents(__DIR__ . '/_app.html');
|
|
|
|
// Strip the old data-cfasync guard (no longer needed — PHP handles auth now)
|
|
$html = preg_replace('/<script data-cfasync="false">if\(!sessionStorage[^<]+<\/script>\n?/', '', $html);
|
|
|
|
// Inject token into sessionStorage right after <head> so it's available
|
|
// before any other script runs — including Rocket Loader
|
|
$inject = '<script>sessionStorage.setItem("jarvis_token",' . json_encode($token) . ');'
|
|
. 'sessionStorage.setItem("jarvis_user",' . json_encode($name) . ');</script>';
|
|
$html = str_replace('<head>', '<head>' . $inject, $html);
|
|
|
|
echo $html;
|