From 16a856a944c9edfa589ce581da88794a6430f14c Mon Sep 17 00:00:00 2001
From: dsyoon <dosangyoon@gmail.com>
Date: Sun, 8 Feb 2026 12:47:53 +0900
Subject: [PATCH] Auto-login via NCue session

If already logged in on ncue.net (Google), reuse NCue session and skip DreamGirl admin prompt.

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 auth/auth.php | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++
 login.php     | 10 ++++++
 2 files changed, 97 insertions(+)

diff --git a/auth/auth.php b/auth/auth.php
index be15fb1..4297716 100644
--- a/auth/auth.php
+++ b/auth/auth.php
@@ -29,6 +29,11 @@ function dreamgirl_session_start(): void {
 
 function dreamgirl_is_logged_in(): bool {
   dreamgirl_session_start();
+  // Try NCue SSO once per session (if available)
+  if (!isset($_SESSION['dreamgirl_sso_checked'])) {
+    $_SESSION['dreamgirl_sso_checked'] = true;
+    dreamgirl_try_ncue_sso_login();
+  }
   return isset($_SESSION['dreamgirl_user']) && $_SESSION['dreamgirl_user'] === 'admin';
 }
 
@@ -56,6 +61,88 @@ function dreamgirl_url(string $path): string {
   return $base . '/' . $p;
 }
 
+function dreamgirl_try_ncue_sso_login(): bool {
+  // If already logged in, nothing to do.
+  if (isset($_SESSION['dreamgirl_user']) && $_SESSION['dreamgirl_user'] === 'admin') return true;
+
+  // Only accept SSO for the known NCue account (Google login).
+  $allowedEmails = ['dosangyoon2@gmail.com'];
+
+  // Endpoint commonly provided by NextAuth/Auth.js style setups.
+  $endpointPath = '/api/auth/session';
+
+  $host = isset($_SERVER['HTTP_HOST']) ? (string)$_SERVER['HTTP_HOST'] : '';
+  if ($host === '') return false;
+
+  $scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http';
+  $url = $scheme . '://' . $host . $endpointPath;
+
+  $cookieHeader = isset($_SERVER['HTTP_COOKIE']) ? (string)$_SERVER['HTTP_COOKIE'] : '';
+  if ($cookieHeader === '') return false;
+
+  $json = null;
+
+  // Prefer cURL if available
+  if (function_exists('curl_init')) {
+    $ch = curl_init();
+    if ($ch === false) return false;
+    curl_setopt($ch, CURLOPT_URL, $url);
+    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 1);
+    curl_setopt($ch, CURLOPT_TIMEOUT, 2);
+    curl_setopt($ch, CURLOPT_HTTPHEADER, [
+      'Accept: application/json',
+      'Cookie: ' . $cookieHeader,
+    ]);
+    // Do not follow redirects to avoid loops
+    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
+
+    $resp = curl_exec($ch);
+    $code = (int)curl_getinfo($ch, CURLINFO_HTTP_CODE);
+    curl_close($ch);
+
+    if ($resp !== false && $code >= 200 && $code < 300) {
+      $json = $resp;
+    } else {
+      return false;
+    }
+  } else {
+    // Fallback using stream context
+    $ctx = stream_context_create([
+      'http' => [
+        'method' => 'GET',
+        'header' => "Accept: application/json\r\nCookie: {$cookieHeader}\r\n",
+        'timeout' => 2,
+        'ignore_errors' => true,
+      ]
+    ]);
+    $resp = @file_get_contents($url, false, $ctx);
+    if ($resp !== false) $json = $resp;
+  }
+
+  if ($json === null) return false;
+
+  $data = json_decode($json, true);
+  if (!is_array($data)) return false;
+
+  // NextAuth shape: { user: { email: ... }, expires: ... }
+  $email = '';
+  if (isset($data['user']) && is_array($data['user']) && isset($data['user']['email'])) {
+    $email = (string)$data['user']['email'];
+  } elseif (isset($data['email'])) {
+    // Alternate shape
+    $email = (string)$data['email'];
+  }
+
+  if ($email === '' || !in_array($email, $allowedEmails, true)) return false;
+
+  // SSO accepted: mark session as logged-in for DreamGirl.
+  $_SESSION['dreamgirl_user'] = 'admin';
+  $_SESSION['dreamgirl_sso_email'] = $email;
+  $_SESSION['dreamgirl_sso_at'] = time();
+  return true;
+}
+
 function dreamgirl_require_login_page(): void {
   if (dreamgirl_is_logged_in()) return;
   header('Location: ' . dreamgirl_url('login.php'));
diff --git a/login.php b/login.php
index c94c453..6b00dda 100644
--- a/login.php
+++ b/login.php
@@ -4,6 +4,16 @@ require_once __DIR__ . '/auth/auth.php';
 
 dreamgirl_session_start();
 
+$didSso = false;
+// If the user is already logged-in to NCue (Google), auto-login to DreamGirl.
+if ($_SERVER['REQUEST_METHOD'] === 'GET') {
+  $didSso = dreamgirl_try_ncue_sso_login();
+  if ($didSso) {
+    header('Location: ' . dreamgirl_url('index.php'));
+    exit;
+  }
+}
+
 $error = '';
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
   $username = isset($_POST['username']) ? (string)$_POST['username'] : '';