din9xtr/cloud_control_panel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

icloud auth done

Browse Source
This commit is contained in:
din9xtr
2026-01-19 00:54:59 +07:00
parent c6df7f956d
commit 6c16245040
9 changed files with 254 additions and 311 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
composer.json
View File

@@ -34,7 +34,8 @@
"ext-pdo": "*",
"ext-fileinfo": "*",
"ext-zip": "*",
"php-http/curl-client": "^2.4"
"php-http/curl-client": "^2.4",
"ext-sodium": "*"
},
"require-dev": {
"phpstan/phpstan": "^2.1",

13
db/migration/005_create_icloud_accounts.php → db/migration/007_create_icloud_accounts.php
View File

@@ -9,12 +9,17 @@ return function (PDO $db): void {
id INTEGER PRIMARY KEY AUTOINCREMENT,
user_id INTEGER NOT NULL,
remote_name TEXT NOT NULL UNIQUE,
apple_id TEXT NOT NULL,
trust_token TEXT,
cookies TEXT,
status TEXT NOT NULL DEFAULT 'pending',
connected_at INTEGER,
password TEXT NOT NULL,
trust_token TEXT NOT NULL,
cookies TEXT NOT NULL,
status TEXT NOT NULL DEFAULT 'connected',
connected_at INTEGER NOT NULL,
created_at INTEGER NOT NULL,
FOREIGN KEY(user_id) REFERENCES users(id)
);
");

3
public/index.php
View File

@@ -141,8 +141,7 @@ $routes = static function (RouteCollector $r): void {
$r->post('/storage/files/delete/multiple', [StorageController::class, 'deleteMultiple']);
$r->get('/icloud/connect', [ICloudAuthController::class, 'connectForm']);
$r->post('/icloud/connect', [ICloudAuthController::class, 'submitCredentials']);
$r->post('/icloud/2fa', [ICloudAuthController::class, 'submit2fa']);
$r->post('/icloud/connect', [ICloudAuthController::class, 'submit']);
};

126
resources/views/login_icloud.php
View File

@@ -1,78 +1,56 @@
<!-- icloud_login.php -->
<div class="login-card">
<h1><?= htmlspecialchars($viewModel->title ?? 'iCloud Login') ?></h1>
<h1>Connect iCloud</h1>
<?php if (!empty($viewModel->error)) : ?>
<p class="error"><?= htmlspecialchars($viewModel->error) ?></p>
<?php endif; ?>
<?php if (isset($viewModel->show2fa) && $viewModel->show2fa): ?>
<div class="info-message" style="
background: rgba(66, 153, 225, 0.1);
border-left: 4px solid #4299e1;
padding: 1rem;
margin-bottom: 1.5rem;
border-radius: 0 8px 8px 0;
color: #2d3748;
">
<p style="margin: 0; font-weight: 500;">
Enter the 6-digit verification code sent to your trusted devices.
</p>
<div class="info-message">
<ol>
<li>Open <b>icloud.com</b> and log in</li>
<li>Complete 2FA</li>
<li>Open DevTools → Network</li>
<li>Copy <b>Request Header → Cookie</b></li>
<li>Copy <b>X-APPLE-WEBAUTH-HSA-TRUST</b> value</li>
</ol>
</div>
<form method="POST" action="/icloud/2fa" class="login-form">
<input type="hidden" name="apple_id" value="<?= htmlspecialchars($viewModel->appleId ?? '') ?>">
<input type="hidden" name="password" value="<?= htmlspecialchars($viewModel->password ?? '') ?>">
<label for="code">
6-digit verification code
</label>
<input type="text"
id="code"
name="code"
pattern="[0-9]{6}"
maxlength="6"
required
placeholder="123456"
autocomplete="one-time-code"
inputmode="numeric"
style="letter-spacing: 2px; font-size: 1.2rem; text-align: center;">
<button type="submit" style="margin-top: 1rem;">
Verify Code
</button>
<div style="margin-top: 1rem; text-align: center;">
<a href="/icloud/connect" style="color: #667eea; text-decoration: none;">
← Back to login
</a>
</div>
<input type="hidden" name="_csrf"
value="<?= htmlspecialchars($viewModel->csrf) ?>">
</form>
<?php else: ?>
<form method="POST" action="/icloud/connect" class="login-form">
<label for="apple_id">
Apple ID
</label>
<input type="email"
<label for="apple_id">Apple ID</label>
<input
type="email"
id="apple_id"
name="apple_id"
required
placeholder="name@example.com"
autocomplete="username">
placeholder="yourname@icloud.com"
>
<label for="password">
Password
</label>
<input type="password"
<label for="password">Password</label>
<input
type="password"
id="password"
name="password"
required
placeholder="Enter your password"
autocomplete="current-password">
placeholder="iCloud password"
>
<label for="cookies">Cookies (full header)</label>
<textarea
id="cookies"
name="cookies"
rows="6"
required
placeholder="X-APPLE-WEBAUTH-HSA-TRUST=...; X-APPLE-WEBAUTH-USER=...;"
></textarea>
<label for="trust_token">Trust token</label>
<input
type="text"
id="trust_token"
name="trust_token"
required
placeholder="X-APPLE-WEBAUTH-HSA-TRUST value"
>
<button type="submit">
Connect iCloud
@@ -81,34 +59,4 @@
<input type="hidden" name="_csrf"
value="<?= htmlspecialchars($viewModel->csrf) ?>">
</form>
<?php endif; ?>
</div>
<script>
document.addEventListener('DOMContentLoaded', function () {
const codeInput = document.getElementById('code');
if (codeInput) {
codeInput.addEventListener('keypress', function (e) {
const char = String.fromCharCode(e.which);
if (!/^\d$/.test(char)) {
e.preventDefault();
}
});
codeInput.addEventListener('input', function () {
if (this.value.length === 6) {
this.form.submit();
}
});
}
});
</script>
<style>
@media (prefers-color-scheme: dark) {
.info-message {
background: rgba(66, 153, 225, 0.15) !important;
border-left-color: #4299e1 !important;
color: #cbd5e1 !important;
}
}
</style>

147
src/Controllers/ICloudAuthController.php
View File

@@ -5,7 +5,6 @@ namespace Din9xtrCloud\Controllers;
use Din9xtrCloud\Middlewares\CsrfMiddleware;
use Din9xtrCloud\Rclone\RcloneClient;
use Din9xtrCloud\Rclone\RcloneICloudConfigurator;
use Din9xtrCloud\Repositories\IcloudAccountRepository;
use Din9xtrCloud\View;
use Din9xtrCloud\ViewModels\Icloud\ICloudLoginViewModel;
@@ -18,7 +17,6 @@ use Throwable;
final readonly class ICloudAuthController
{
public function __construct(
private RcloneICloudConfigurator $configurator,
private ResponseFactoryInterface $responseFactory,
private LoggerInterface $logger,
private IcloudAccountRepository $repository,
@@ -33,122 +31,107 @@ final readonly class ICloudAuthController
session_start();
}
$query = $request->getQueryParams();
$show2fa = (bool)($query['show2fa'] ?? false);
$appleId = (string)($query['apple_id'] ?? '');
$error = '';
if (isset($_SESSION['icloud_error'])) {
$error = (string)$_SESSION['icloud_error'];
$error = $_SESSION['icloud_error'] ?? '';
unset($_SESSION['icloud_error']);
}
$title = $show2fa ? 'iCloud 2FA Verification' : 'iCloud Login';
return View::display(
new ICloudLoginViewModel(
title: $title,
title: 'Connect iCloud',
csrf: CsrfMiddleware::generateToken($request),
show2fa: $show2fa,
error: $error,
appleId: $appleId
error: $error
)
);
}
public function submitCredentials(ServerRequestInterface $request): ResponseInterface
public function submit(ServerRequestInterface $request): ResponseInterface
{
$data = (array)$request->getParsedBody();
$user = $request->getAttribute('user');
$appleId = (string)($data['apple_id'] ?? '');
$password = (string)($data['password'] ?? '');
$appleId = trim((string)($data['apple_id'] ?? ''));
$password = trim((string)($data['password'] ?? ''));
$cookies = trim((string)($data['cookies'] ?? ''));
$trustToken = trim((string)($data['trust_token'] ?? ''));
if ($appleId === '' || $password === '' || $cookies === '' || $trustToken === '') {
return $this->fail('All fields are required');
}
$remote = 'icloud_' . $user->id;
try {
$this->configurator->createRemote($remote, $appleId);
$this->configurator->setPassword($remote, $password);
$config = $this->configurator->getConfig($remote);
$trustToken = $config['trust_token'] ?? null;
$cookies = $config['cookies'] ?? null;
$this->repository->create(
$user->id,
$remote,
$appleId,
$trustToken,
$cookies
);
return $this->responseFactory
->createResponse(302)
->withHeader('Location', '/icloud/connect?show2fa=1&apple_id=' . urlencode($appleId));
$encryptedAppleId = encryptString($appleId);
$encryptedPassword = encryptString($password);
try {
$this->rclone->call('config/create', [
'name' => $remote,
'type' => 'iclouddrive',
'parameters' => [
'apple_id' => $appleId,
'password' => $password,
'cookies' => $cookies,
'trust_token' => $trustToken,
],
'nonInteractive' => true,
]);
} catch (Throwable $e) {
$this->logger->error($e->getMessage(), ['exception' => $e]);
$this->logger->warning('iCloud remote exists, updating', [
'remote' => $remote,
'exception' => $e,
]);
if (session_status() === PHP_SESSION_NONE) session_start();
$_SESSION['icloud_error'] = $e->getMessage();
return $this->responseFactory
->createResponse(302)
->withHeader('Location', '/icloud/connect');
}
}
public function submit2fa(ServerRequestInterface $request): ResponseInterface
{
$data = (array)$request->getParsedBody();
$user = $request->getAttribute('user');
$code = (string)($data['code'] ?? '');
$appleId = (string)($data['apple_id'] ?? '');
$remote = 'icloud_' . $user->id;
try {
$res = $this->configurator->submit2fa($remote, $code);
$account = $this->repository->findByUserId($user->id);
if ($account) {
$this->repository->update($account, [
'status' => 'connected',
'connected_at' => time(),
'trust_token' => $res['trust_token'],
'cookies' => $res['cookies'],
$this->rclone->call('config/update', [
'name' => $remote,
'parameters' => [
'apple_id' => $appleId,
'password' => $password,
'cookies' => $cookies,
'trust_token' => $trustToken,
],
]);
}
$contents = $this->rclone->call('operations/list', [
// health-check
$list = $this->rclone->call('operations/list', [
'fs' => $remote . ':',
'remote' => '',
'opt' => [],
'recurse' => true,
'dirsOnly' => false,
'filesOnly' => false,
'metadata' => true,
'maxDepth' => 1,
]);
$this->logger->info('iCloud contents', ['user' => $user->id, '$contents' => $contents]);
$this->logger->info('icloud list', $list);
$this->repository->createOrUpdate(
userId: $user->id,
remoteName: $remote,
appleId: $encryptedAppleId,
password: $encryptedPassword,
trustToken: $trustToken,
cookies: $cookies,
);
return $this->responseFactory
->createResponse(302)
->withHeader('Location', '/storage');
} catch (Throwable $e) {
$this->logger->error($e->getMessage(), ['exception' => $e]);
$this->logger->error('iCloud connect failed', [
'remote' => $remote,
'exception' => $e,
]);
return $this->fail($e->getMessage());
}
}
private function fail(string $message): ResponseInterface
{
if (session_status() === PHP_SESSION_NONE) session_start();
$_SESSION['icloud_error'] = $e->getMessage();
$_SESSION['icloud_error'] = $message;
return $this->responseFactory
->createResponse(302)
->withHeader('Location', '/icloud/connect?' . http_build_query([
'show2fa' => 1,
'apple_id' => $appleId
]));
->withHeader('Location', '/icloud/connect');
}
}
}

47
src/Helpers/helpers.php
View File

@@ -1,5 +1,7 @@
<?php
use Random\RandomException;
if (!function_exists('formatBytes')) {
function formatBytes(int $bytes): string
@@ -94,3 +96,48 @@ if (!function_exists('validateIp')) {
: null;
}
}
if (!function_exists('encryptString')) {
/**
* XSalsa20 + Poly1305
* @throws Throwable
*/
function encryptString(string $plaintext): string
{
$key = hex2bin($_ENV['APP_KEY']); // 32 байта
if (strlen($key) !== SODIUM_CRYPTO_SECRETBOX_KEYBYTES) {
throw new RuntimeException('APP_KEY must be 32 bytes');
}
$nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
$ciphertext = sodium_crypto_secretbox($plaintext, $nonce, $key);
return base64_encode($nonce . $ciphertext);
}
}
if (!function_exists('decryptString')) {
/**
* @throws Throwable
*/
function decryptString(string $encrypted): string
{
$key = hex2bin($_ENV['APP_KEY']);
if (strlen($key) !== SODIUM_CRYPTO_SECRETBOX_KEYBYTES) {
throw new RuntimeException('APP_KEY must be 32 bytes');
}
$data = base64_decode($encrypted, true);
$nonce = substr($data, 0, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
$ciphertext = substr($data, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
$plaintext = sodium_crypto_secretbox_open($ciphertext, $nonce, $key);
if ($plaintext === false) {
throw new RuntimeException('Failed to decrypt data');
}
return $plaintext;
}
}

10
src/Models/IcloudAccount.php
View File

@@ -9,11 +9,15 @@ final readonly class IcloudAccount
public int $id,
public int $userId,
public string $remoteName,
public string $appleId,
public ?string $trustToken,
public ?string $cookies,
public string $password,
public string $trustToken,
public string $cookies,
public string $status,
public ?int $connectedAt,
public int $connectedAt,
public int $createdAt,
)
{

77
src/Rclone/RcloneICloudConfigurator.php
View File

@@ -1,77 +0,0 @@
<?php
declare(strict_types=1);
namespace Din9xtrCloud\Rclone;
use JsonException;
use Psr\Http\Client\ClientExceptionInterface;
final readonly class RcloneICloudConfigurator
{
public function __construct(
private RcloneClient $rclone,
)
{
}
/**
* @throws ClientExceptionInterface
* @throws JsonException
*/
public function createRemote(string $remote, string $appleId): void
{
$this->rclone->call('config/create', [
'name' => $remote,
'type' => 'iclouddrive',
'parameters' => [
'apple_id' => $appleId,
],
]);
}
/**
* @throws ClientExceptionInterface
* @throws JsonException
*/
public function setPassword(string $remote, string $password): void
{
$this->rclone->call('config/password', [
'name' => $remote,
'parameters' => [
'password' => $password,
],
]);
}
/**
* @throws ClientExceptionInterface
* @throws JsonException
*/
public function submit2fa(string $remote, string $code): array
{
$this->rclone->call('config/update', [
'name' => $remote,
'parameters' => [
'config_2fa' => $code,
],
]);
$config = $this->getConfig($remote);
return [
'trust_token' => $config['trust_token'] ?? null,
'cookies' => $config['cookies'] ?? null,
];
}
/**
* @throws ClientExceptionInterface
* @throws JsonException
*/
public function getConfig(string $remote): array
{
return $this->rclone->call('config/show', [
'name' => $remote
]);
}
}

89
src/Repositories/IcloudAccountRepository.php
View File

@@ -12,60 +12,92 @@ final readonly class IcloudAccountRepository
{
}
public function create(
public function createOrUpdate(
int $userId,
string $remoteName,
string $appleId,
?string $trustToken = null,
?string $cookies = null
string $password,
string $trustToken,
string $cookies
): IcloudAccount
{
$existing = $this->findByUserId($userId);
$now = time();
if ($existing) {
$stmt = $this->db->prepare("
INSERT INTO icloud_accounts (user_id, remote_name, apple_id, trust_token, cookies)
VALUES (:user_id, :remote_name, :apple_id, :trust_token, :cookies)
UPDATE icloud_accounts
SET apple_id = :apple_id,
password = :password,
trust_token = :trust_token,
cookies = :cookies,
status = 'connected',
connected_at = :connected_at
WHERE id = :id
");
$stmt->execute([
':apple_id' => $appleId,
':password' => $password,
':trust_token' => $trustToken,
':cookies' => $cookies,
':connected_at' => $now,
':id' => $existing->id,
]);
return new IcloudAccount(
id: $existing->id,
userId: $userId,
remoteName: $remoteName,
appleId: $appleId,
password: $password,
trustToken: $trustToken,
cookies: $cookies,
status: 'connected',
connectedAt: $now,
createdAt: $existing->createdAt,
);
}
$stmt = $this->db->prepare("
INSERT INTO icloud_accounts
(user_id, remote_name, apple_id, password, trust_token, cookies, status, connected_at, created_at)
VALUES
(:user_id, :remote_name, :apple_id, :password, :trust_token, :cookies, 'connected', :connected_at, :created_at)
");
$stmt->execute([
':user_id' => $userId,
':remote_name' => $remoteName,
':apple_id' => $appleId,
':password' => $password,
':trust_token' => $trustToken,
':cookies' => $cookies,
':connected_at' => $now,
':created_at' => $now,
]);
$id = (int)$this->db->lastInsertId();
return new IcloudAccount(
id: $id,
id: (int)$this->db->lastInsertId(),
userId: $userId,
remoteName: $remoteName,
appleId: $appleId,
password: $password,
trustToken: $trustToken,
cookies: $cookies,
status: 'pending',
connectedAt: null,
createdAt: time(),
status: 'connected',
connectedAt: $now,
createdAt: $now,
);
}
public function update(
IcloudAccount $account,
array $fields
): void
{
$set = [];
$params = [':id' => $account->id];
foreach ($fields as $key => $value) {
$set[] = "$key = :$key";
$params[":$key"] = $value;
}
$stmt = $this->db->prepare("UPDATE icloud_accounts SET " . implode(', ', $set) . " WHERE id = :id");
$stmt->execute($params);
}
public function findByUserId(int $userId): ?IcloudAccount
{
$stmt = $this->db->prepare("SELECT * FROM icloud_accounts WHERE user_id = :user_id");
$stmt = $this->db->prepare("
SELECT * FROM icloud_accounts WHERE user_id = :user_id
");
$stmt->execute([':user_id' => $userId]);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
return $row ? new IcloudAccount(
@@ -73,10 +105,11 @@ final readonly class IcloudAccountRepository
userId: (int)$row['user_id'],
remoteName: $row['remote_name'],
appleId: $row['apple_id'],
password: $row['password'],
trustToken: $row['trust_token'],
cookies: $row['cookies'],
status: $row['status'],
connectedAt: $row['connected_at'] ? (int)$row['connected_at'] : null,
connectedAt: (int)$row['connected_at'],
createdAt: (int)$row['created_at'],
) : null;
}