starred/koel-koel

Fork 0

mirror of https://github.com/koel/koel.git synced 2026-04-26 01:06:00 +03:00

[GH-ISSUE #400] [Proposal] Allow external login to the app #291

New issue

Closed

opened 2026-02-26 02:32:42 +03:00 by kerem · 2 comments

kerem commented

2026-02-26 02:32:42 +03:00

Owner

Originally created by @X-Ryl669 on GitHub (Aug 10, 2016).
Original GitHub issue: https://github.com/koel/koel/issues/400

I'd like to integrate Koel in my webserver as a service available from the main CMS. I've successfully done it this way (I've tried to avoid being intrusive to Koel's source code, and I think I got something working quite well).

So, step by step tutorial is:

In your CMS, you'll need to generate a token based on your current logged in user, that'll be passed to a script in koel (since koel must run as its own subdomain, you can't use a cookie for this). Example code is like this (save to "musicLogin.php" in your CMS, for example, and let the user browse to it):

<?php

checkSessionIsValidInYourCMS();
$login = // Current user's login in your CMS that should match the user name in Koel's DB
$secret = "some secret here you'll need to replicate in Koel";

function isSecure() { return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443; }
$https = isSecure() ? "https://" : "http://";

function makeToken()
{
   global $login, $secret;
   $rand = mt_rand ( 0, 0xffffffff); // Avoid replay attack at least a little bit, ideally should use time too
   $num  = sprintf ( "%08x" , $rand );
   return base64_encode($num.$login." ".hash('sha256',$rand.$login.$secret, FALSE));
}

header("Location: ".$https."<koel.yoursite.com>/loginRedir.php?token=".makeToken());
exit(0);

Then, in koel's folder, you'll need to put a file called loginRedir.php containing:

<?php
$secret = "some secret here you'll need to replicate in Koel";
$token = isset($_GET["token"]) ? $_GET["token"] : "";

function unmakeToken($token)
{
   global $secret;
   $token = base64_decode($token);
   $n = sscanf($token, "%08x%s ", $rand, $login);
   $hash = substr(strstr($token, " "), 1);
   $check = hash('sha256', $rand.$login.$secret, FALSE);
   if ($check == $hash) return $login;
   return FALSE;
}

$username = unmakeToken($token);
if ($username === FALSE) {
    // Fallback to the default login screen
    header("Location: /");
    exit(0);
}

// Ok, user is authentified in our CMS, let's authenticate here too
require __DIR__.'/bootstrap/autoload.php';
$app = require_once __DIR__.'/bootstrap/app.php';
use JWTAuth;

$app->make('Illuminate\Contracts\Http\Kernel')
    ->handle(Illuminate\Http\Request::capture());

$isAuthorized = Auth::check();
if (!$isAuthorized)
{
    // Find user with the given login
    $users = DB::table('users')->get();
    foreach ($users as $user)
    {
        if (strcasecmp($user->name, $username) == 0)
        {
            $auth = Auth::loginUsingId($user->id, true);
            Auth::setUser($auth); // Not sure if this is required or not
            $jwToken = JWTAuth::fromUser($auth);
            break;
        }
    }
}
$isAuthorized = Auth::check();
if ($isAuthorized)
{   // Need to store the authentication token in thy browser's localStorage, so yes, Javascript is required here.
    echo "<html><body></body><script>";
    echo "localStorage.setItem('jwt-token', JSON.stringify('".$jwToken."'));"; 
    echo "window.location.replace('/');";  // 2nd and last redirection hopefully.
    echo "</script></html>";
} else header("Location: /");

If you're using Nginx, then you'll need to also allow access to the loginRedir.php file too, so change line that read:

 if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) {

into

 if ($request_uri !~ ^/$|index\.php|loginRedir\.php|robots\.txt|api/|public/) {

Then anytime you trigger the initial script, it'll login on Koel too and boot up from there.

Originally created by @X-Ryl669 on GitHub (Aug 10, 2016). Original GitHub issue: https://github.com/koel/koel/issues/400 I'd like to integrate Koel in my webserver as a service available from the main CMS. I've successfully done it this way (I've tried to avoid being intrusive to Koel's source code, and I think I got something working quite well). So, step by step tutorial is: 1. In your CMS, you'll need to generate a token based on your current logged in user, that'll be passed to a script in koel (since koel must run as its own subdomain, you can't use a cookie for this). Example code is like this (save to "musicLogin.php" in your CMS, for example, and let the user browse to it): ``` <?php checkSessionIsValidInYourCMS(); $login = // Current user's login in your CMS that should match the user name in Koel's DB $secret = "some secret here you'll need to replicate in Koel"; function isSecure() { return (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_PORT'] == 443; } $https = isSecure() ? "https://" : "http://"; function makeToken() { global $login, $secret; $rand = mt_rand ( 0, 0xffffffff); // Avoid replay attack at least a little bit, ideally should use time too $num = sprintf ( "%08x" , $rand ); return base64_encode($num.$login." ".hash('sha256',$rand.$login.$secret, FALSE)); } header("Location: ".$https."<koel.yoursite.com>/loginRedir.php?token=".makeToken()); exit(0); ``` 1. Then, in koel's folder, you'll need to put a file called `loginRedir.php` containing: ``` <?php $secret = "some secret here you'll need to replicate in Koel"; $token = isset($_GET["token"]) ? $_GET["token"] : ""; function unmakeToken($token) { global $secret; $token = base64_decode($token); $n = sscanf($token, "%08x%s ", $rand, $login); $hash = substr(strstr($token, " "), 1); $check = hash('sha256', $rand.$login.$secret, FALSE); if ($check == $hash) return $login; return FALSE; } $username = unmakeToken($token); if ($username === FALSE) { // Fallback to the default login screen header("Location: /"); exit(0); } // Ok, user is authentified in our CMS, let's authenticate here too require __DIR__.'/bootstrap/autoload.php'; $app = require_once __DIR__.'/bootstrap/app.php'; use JWTAuth; $app->make('Illuminate\Contracts\Http\Kernel') ->handle(Illuminate\Http\Request::capture()); $isAuthorized = Auth::check(); if (!$isAuthorized) { // Find user with the given login $users = DB::table('users')->get(); foreach ($users as $user) { if (strcasecmp($user->name, $username) == 0) { $auth = Auth::loginUsingId($user->id, true); Auth::setUser($auth); // Not sure if this is required or not $jwToken = JWTAuth::fromUser($auth); break; } } } $isAuthorized = Auth::check(); if ($isAuthorized) { // Need to store the authentication token in thy browser's localStorage, so yes, Javascript is required here. echo "<html><body></body><script>"; echo "localStorage.setItem('jwt-token', JSON.stringify('".$jwToken."'));"; echo "window.location.replace('/');"; // 2nd and last redirection hopefully. echo "</script></html>"; } else header("Location: /"); ``` 1. If you're using Nginx, then you'll need to also allow access to the loginRedir.php file too, so change line that read: ``` if ($request_uri !~ ^/$|index\.php|robots\.txt|api/|public/) { ``` into ``` if ($request_uri !~ ^/$|index\.php|loginRedir\.php|robots\.txt|api/|public/) { ``` Then anytime you trigger the initial script, it'll login on Koel too and boot up from there.

kerem closed this issue

2026-02-26 02:32:42 +03:00

kerem commented

2026-02-26 02:32:42 +03:00

Author

Owner

@X-Ryl669 commented on GitHub (Aug 10, 2016):

@phanan, if you think this has some value, would you accept a change to the configuration to allow setting the redirection destination upon user logout ?

Right now when clicking the "logout" button, it returns to the login form. I'd like to redirect to somewhere else instead, so I can log out the user from the CMS too and redirect to the CMS's login screen instead.
This can't be done without changing Koel's source code a bit.
Would you accept a PR for this ?

@X-Ryl669 commented on GitHub (Aug 10, 2016): @phanan, if you think this has some value, would you accept a change to the configuration to allow setting the redirection destination upon user logout ? Right now when clicking the "logout" button, it returns to the login form. I'd like to redirect to somewhere else instead, so I can log out the user from the CMS too and redirect to the CMS's login screen instead. This can't be done without changing Koel's source code a bit. Would you accept a PR for this ?

kerem commented

2026-02-26 02:32:42 +03:00

Author

Owner

@phanan commented on GitHub (Aug 11, 2016):

I think this is an edge case. Instead, you can fork into your own Koel repo
and sync with upstream once in a while.

On Wed, Aug 10, 2016 at 11:08 PM, X-Ryl669 notifications@github.com wrote:

@phanan https://github.com/phanan, if you think this has some value,
would you accept a change to the configuration to allow setting the
redirection destination upon user logout ?

Right now when clicking the "logout" button, it returns to the login form.
I'd like to redirect to somewhere else instead, so I can log out the user
from the CMS too and redirect to the CMS's login screen instead.
This can't be done without changing Koel's source code a bit.
Would you accept a PR for this ?

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/phanan/koel/issues/400#issuecomment-238897203, or mute
the thread
https://github.com/notifications/unsubscribe-auth/AHrt0kVT-sVeOGwi7_vlq40Y0JUQMS_Kks5qeelhgaJpZM4JhPhv
.

@phanan commented on GitHub (Aug 11, 2016): I think this is an edge case. Instead, you can fork into your own Koel repo and sync with upstream once in a while. On Wed, Aug 10, 2016 at 11:08 PM, X-Ryl669 notifications@github.com wrote: > @phanan https://github.com/phanan, if you think this has some value, > would you accept a change to the configuration to allow setting the > redirection destination upon user logout ? > > Right now when clicking the "logout" button, it returns to the login form. > I'd like to redirect to somewhere else instead, so I can log out the user > from the CMS too and redirect to the CMS's login screen instead. > This can't be done without changing Koel's source code a bit. > Would you accept a PR for this ? > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > https://github.com/phanan/koel/issues/400#issuecomment-238897203, or mute > the thread > https://github.com/notifications/unsubscribe-auth/AHrt0kVT-sVeOGwi7_vlq40Y0JUQMS_Kks5qeelhgaJpZM4JhPhv > .

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/koel-koel#291

No description provided.

Rows
Columns