alpinux-portail/web/inc/config.php

<?php
// Charge .env depuis private/ (dans open_basedir, hors web root public)
$_env_file = dirname(__DIR__) . '/../private/.env';
if (is_file($_env_file)) {
    foreach (file($_env_file, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) as $line) {
        if ($line[0] === '#' || !str_contains($line, '=')) continue;
        [$k, $v] = explode('=', $line, 2);
        $_ENV[trim($k)] = trim($v);
        putenv(trim($k) . '=' . trim($v));
    }
}

function env(string $key, string $default = ''): string {
    return $_ENV[$key] ?? getenv($key) ?: $default;
}

// ── Secrets ───────────────────────────────────────────────────────────
define('SECRET_KEY',         env('SECRET_KEY'));
define('ALPID_CLIENT_ID',    env('ALPID_CLIENT_ID'));
define('ALPID_CLIENT_SECRET',env('ALPID_CLIENT_SECRET'));

// ── AlpID / Keycloak OIDC (realm alpinux) ─────────────────────────────
define('ALPID_BASE',         rtrim(env('ALPID_BASE', 'https://alpid.alpinux.org'), '/'));
define('ALPID_REALM',        env('ALPID_REALM', 'alpinux'));
define('ALPID_AUTH_URL',     ALPID_BASE . '/realms/' . ALPID_REALM . '/protocol/openid-connect/auth');
define('ALPID_TOKEN_URL',    ALPID_BASE . '/realms/' . ALPID_REALM . '/protocol/openid-connect/token');
define('ALPID_USERINFO_URL', ALPID_BASE . '/realms/' . ALPID_REALM . '/protocol/openid-connect/userinfo');
define('ALPID_LOGOUT_URL',   ALPID_BASE . '/realms/' . ALPID_REALM . '/protocol/openid-connect/logout');

// ── Keycloak Admin REST API — compte de service (realm master) ────────
define('KC_SERVICE_CLIENT_ID',     env('KC_SERVICE_CLIENT_ID', 'portail-service'));
define('KC_SERVICE_CLIENT_SECRET', env('KC_SERVICE_CLIENT_SECRET'));
define('KC_ADMIN_BASE',            ALPID_BASE . '/admin/realms/' . ALPID_REALM);

// ── Dolibarr ──────────────────────────────────────────────────────────
define('DOLIBARR_URL',       rtrim(env('DOLIBARR_URL', 'https://dolibarr.alpinux.org'), '/'));
define('DOLIBARR_API_KEY',   env('DOLIBARR_API_KEY'));

// ── Application ───────────────────────────────────────────────────────
define('APP_URL',            rtrim(env('APP_URL', 'https://portail.alpinux.org'), '/'));
define('CALLBACK_URL',       APP_URL . '/auth/callback.php');
define('HELLOASSO_URL',      env('HELLOASSO_URL',
    'https://www.helloasso.com/associations/alpinux-le-lug-de-savoie/adhesions'));
define('ADMIN_GROUPS',       array_filter(explode(',', env('ADMIN_GROUPS', 'admins'))));
define('ADHERENT_GROUP',     env('ADHERENT_GROUP', 'adherents'));
define('SERVICES_FILE',      env('SERVICES_FILE', dirname(__DIR__, 2) . '/services.json'));

// ── HelloAsso API ──────────────────────────────────────────────────────
define('HA_CLIENT_ID',     env('HA_CLIENT_ID'));
define('HA_CLIENT_SECRET', env('HA_CLIENT_SECRET'));
define('HA_ORG_SLUG',      env('HA_ORG_SLUG', 'alpinux-le-lug-de-savoie'));
define('HA_FORM_SLUG',     env('HA_FORM_SLUG', 'adhesions-a-l-annee'));
define('HA_AMOUNT',        (int)env('HA_AMOUNT', '1500'));
define('HA_ITEM_NAME',     env('HA_ITEM_NAME', 'Adhésion Alpinux'));