servnest/fn/ht.php

<?php declare(strict_types=1);

const SUBPATH_REGEX = '^[a-z0-9-]{4,63}$';
const ED25519_PUBKEY_REGEX = '^[a-zA-Z0-9/+]{68}$';

function htSetupUserFs(string $id): void {
	// Setup SFTP directory
	if (mkdir(CONF['ht']['ht_path'] . '/fs/' . $id, 0000) !== true)
		output(500, 'Can\'t create user directory.');
	if (chmod(CONF['ht']['ht_path'] . '/fs/' . $id, 0775) !== true)
		output(500, 'Can\'t chmod user directory.');
	exescape([
		CONF['ht']['sudo_path'],
		'--',
		CONF['ht']['chgrp_path'],
		'--no-dereference',
		'--',
		CONF['ht']['sftpgo_group'],
		CONF['ht']['ht_path'] . '/fs/' . $id,
	], result_code: $code);
	if ($code !== 0)
		output(500, 'Can\'t change user directory group.');

	// Setup Tor config directory
	if (mkdir(CONF['ht']['tor_config_path'] . '/' . $id, 0000) !== true)
		output(500, 'Can\'t create Tor config directory.');
	if (chmod(CONF['ht']['tor_config_path'] . '/' . $id, 0775) !== true)
		output(500, 'Can\'t chmod Tor config directory.');

	// Setup Tor keys directory
	exescape([
		CONF['ht']['sudo_path'],
		'-u',
		CONF['ht']['tor_user'],
		'--',
		CONF['ht']['mkdir_path'],
		'--mode=0700',
		'--',
		CONF['ht']['tor_keys_path'] . '/' . $id,
	], result_code: $code);
	if ($code !== 0)
		output(500, 'Can\'t create Tor keys directory.');
}

function checkDomainFormat(string $domain): void {
	// If the domain must end without a dot
	if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match('/^(?=^.{1,254}$)([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/D', $domain))
		output(403, _('Domain malformed.'));
}

function formatDomain(string $domain): string {
	$domain = rtrim(strtolower($domain), '.');
	checkDomainFormat($domain);
	return $domain;
}

function listFsDirs(string $username): array {
	if ($username === '')
		return [];
	$absoluteDirs = glob(CONF['ht']['ht_path'] . '/fs/' . $username . '/*/', GLOB_ONLYDIR);
	$dirs = [];
	foreach ($absoluteDirs as $absoluteDir)
		if (preg_match('/^[a-zA-Z0-9_-]{1,64}$/D', basename($absoluteDir)))
			array_push($dirs, basename($absoluteDir));
	return $dirs;
}

function addSite(string $username, string $siteDir, string $address, string $type): void {
	insert('sites', [
		'username' => $username,
		'site_dir' => $siteDir,
		'address' => $address,
		'type' => $type,
		'creation_date' => date('Y-m-d H:i:s'),
	]);
}

function dirsStatuses(string $type): array {
	if (isset($_SESSION['id']) !== true)
		return [];
	$dbDirs = query('select', 'sites', [
		'username' => $_SESSION['id'],
		'type' => $type,
	], ['site_dir']);
	$dirs = [];
	foreach (listFsDirs($_SESSION['id']) as $fsDir)
		$dirs[$fsDir] = in_array($fsDir, $dbDirs);
	return $dirs;
}

function htRelativeSymlink(string $target, string $name): void {
	chdir(pathinfo($name)['dirname']);
	$symlink = symlink($target, pathinfo($name)['basename']);
	chdir(ROOT_PATH);
	if ($symlink !== true)
		output(500, 'Unable to create symlink.');
}

function htDeleteSite(string $address, string $type, string $user_id): void {

	if ($type === 'onion') {
		$dir = query('select', 'sites', [
			'username' => $user_id,
			'address' => $address,
			'type' => $type,
		], ['site_dir'])[0];

		// Delete Tor config
		if (unlink(CONF['ht']['tor_config_path'] . '/' . $user_id . '/' . $dir) !== true)
			output(500, 'Failed to delete Tor configuration.');

		// Reload Tor
		exescape([
			CONF['ht']['sudo_path'],
			'--',
			...explode(' ', CONF['ht']['tor_reload_cmd']),
		], result_code: $code);
		if ($code !== 0)
			output(500, 'Failed to reload Tor.');

		// Delete Tor keys
		exescape([
			CONF['ht']['sudo_path'],
			'-u',
			CONF['ht']['tor_user'],
			'--',
			CONF['ht']['rm_path'],
			'-r',
			'--',
			CONF['ht']['tor_keys_path'] . '/' . $user_id . '/' . $dir,
		], result_code: $code);
		if ($code !== 0)
			output(500, 'Failed to delete Tor keys.');
	}

	if ($type === 'dns') {
		// Delete Let's Encrypt certificate
		exescape([
			CONF['ht']['sudo_path'],
			CONF['ht']['certbot_path'],
			'--config',
			CONF['ht']['certbot_config_path'],
			'delete',
			'--quiet',
			'--cert-name',
			$address,
		], result_code: $code);
		if ($code !== 0)
			output(500, 'Certbot failed to delete the Let\'s Encrypt certificate.');
	}

	$link = CONF['ht']['ht_path'] . '/uri/' . match ($type) {
		'onion', 'dns' => $address,
		'subdomain' => $address . '.' . CONF['ht']['subdomain_domain'],
		'subpath' => CONF['ht']['subpath_domain'] . '/' . $address,
	};

	if (unlink($link) !== true)
		output(500, 'Unable to delete symlink.');

	query('delete', 'sites', [
		'username' => $user_id,
		'type' => $type,
		'address' => $address,
	]);
}
declare(strict_types=1); 2023-07-17 21:15:18 +02:00			`<?php declare(strict_types=1);`
?, more checks on ht/ 2021-02-16 19:20:19 +01:00
Display string rules, reg: allow "-" for subdomains 2023-06-05 00:18:10 +02:00			`const SUBPATH_REGEX = '^[a-z0-9-]{4,63}$';`
Allow SSH keys authentication for SFTP(Go) 2023-06-15 03:35:42 +02:00			`const ED25519_PUBKEY_REGEX = '^[a-zA-Z0-9/+]{68}$';`
Display string rules, reg: allow "-" for subdomains 2023-06-05 00:18:10 +02:00
Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function htSetupUserFs(string $id): void {`
Advanced services status management 2023-03-09 01:35:30 +01:00			`// Setup SFTP directory`
Set umask to 0077 everywhere 2023-04-19 14:59:07 +02:00			`if (mkdir(CONF['ht']['ht_path'] . '/fs/' . $id, 0000) !== true)`
Advanced services status management 2023-03-09 01:35:30 +01:00			`output(500, 'Can\'t create user directory.');`
Set umask to 0077 everywhere 2023-04-19 14:59:07 +02:00			`if (chmod(CONF['ht']['ht_path'] . '/fs/' . $id, 0775) !== true)`
			`output(500, 'Can\'t chmod user directory.');`
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`exescape([`
			`CONF['ht']['sudo_path'],`
			`'--',`
			`CONF['ht']['chgrp_path'],`
			`'--no-dereference',`
			`'--',`
			`CONF['ht']['sftpgo_group'],`
			`CONF['ht']['ht_path'] . '/fs/' . $id,`
			`], result_code: $code);`
Advanced services status management 2023-03-09 01:35:30 +01:00			`if ($code !== 0)`
			`output(500, 'Can\'t change user directory group.');`

			`// Setup Tor config directory`
Set umask to 0077 everywhere 2023-04-19 14:59:07 +02:00			`if (mkdir(CONF['ht']['tor_config_path'] . '/' . $id, 0000) !== true)`
Advanced services status management 2023-03-09 01:35:30 +01:00			`output(500, 'Can\'t create Tor config directory.');`
Set umask to 0077 everywhere 2023-04-19 14:59:07 +02:00			`if (chmod(CONF['ht']['tor_config_path'] . '/' . $id, 0775) !== true)`
			`output(500, 'Can\'t chmod Tor config directory.');`
Advanced services status management 2023-03-09 01:35:30 +01:00
			`// Setup Tor keys directory`
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`exescape([`
			`CONF['ht']['sudo_path'],`
			`'-u',`
			`CONF['ht']['tor_user'],`
			`'--',`
			`CONF['ht']['mkdir_path'],`
			`'--mode=0700',`
			`'--',`
			`CONF['ht']['tor_keys_path'] . '/' . $id,`
			`], result_code: $code);`
Advanced services status management 2023-03-09 01:35:30 +01:00			`if ($code !== 0)`
			`output(500, 'Can\'t create Tor keys directory.');`
			`}`

Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function checkDomainFormat(string $domain): void {`
Better segmentation between services 2022-04-23 01:57:43 +02:00			`// If the domain must end without a dot`
Ensure domains are not too long 2023-04-21 19:01:46 +02:00			`if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match('/^(?=^.{1,254}$)([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/D', $domain))`
Gettext internationalization and english translation 2023-01-21 01:27:52 +01:00			`output(403, _('Domain malformed.'));`
ht: Allow domains ending with a dot 2022-09-14 13:49:15 +02:00			`}`

Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function formatDomain(string $domain): string {`
ht: Allow domains ending with a dot 2022-09-14 13:49:15 +02:00			`$domain = rtrim(strtolower($domain), '.');`
			`checkDomainFormat($domain);`
			`return $domain;`
Better segmentation between services 2022-04-23 01:57:43 +02:00			`}`

Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function listFsDirs(string $username): array {`
Allow SSH keys authentication for SFTP(Go) 2023-06-15 03:35:42 +02:00			`if ($username === '')`
			`return [];`
Use Apache - Allows customization through .htaccess - No need to configure or reload a server when adding a site - Content negotiation 2023-04-10 00:50:42 +02:00			`$absoluteDirs = glob(CONF['ht']['ht_path'] . '/fs/' . $username . '/*/', GLOB_ONLYDIR);`
del-http-onion.php + query() 2022-06-11 23:42:48 +02:00			`$dirs = [];`
Cleaner ht.php 2022-06-10 16:42:55 +02:00			`foreach ($absoluteDirs as $absoluteDir)`
ht: More restrictive directory names 2022-11-28 17:16:30 +01:00			`if (preg_match('/^[a-zA-Z0-9_-]{1,64}$/D', basename($absoluteDir)))`
Cleaner ht.php 2022-06-10 16:42:55 +02:00			`array_push($dirs, basename($absoluteDir));`
			`return $dirs;`
?, more checks on ht/ 2021-02-16 19:20:19 +01:00			`}`

Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function addSite(string $username, string $siteDir, string $address, string $type): void {`
Factorize "INSERT INTO" SQL queries with insert() 2022-09-14 17:19:17 +02:00			`insert('sites', [`
			`'username' => $username,`
			`'site_dir' => $siteDir,`
ht: subdomain and subpath on shared domain 2022-12-22 01:44:57 +01:00			`'address' => $address,`
			`'type' => $type,`
Use single quotes instead of double quotes 2022-11-20 15:11:54 +01:00			`'creation_date' => date('Y-m-d H:i:s'),`
Factorize "INSERT INTO" SQL queries with insert() 2022-09-14 17:19:17 +02:00			`]);`
?, more checks on ht/ 2021-02-16 19:20:19 +01:00			`}`

Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function dirsStatuses(string $type): array {`
Internal ID, Argon2 for usernames, username changes 2022-11-30 23:12:42 +01:00			`if (isset($_SESSION['id']) !== true)`
ht: More restrictive directory names 2022-11-28 17:16:30 +01:00			`return [];`
del-http-onion.php + query() 2022-06-11 23:42:48 +02:00			`$dbDirs = query('select', 'sites', [`
Internal ID, Argon2 for usernames, username changes 2022-11-30 23:12:42 +01:00			`'username' => $_SESSION['id'],`
ht: subdomain and subpath on shared domain 2022-12-22 01:44:57 +01:00			`'type' => $type,`
ns/sync.php: instant sync when adding new sync 2023-10-08 00:50:48 +02:00			`], ['site_dir']);`
del-http-onion.php + query() 2022-06-11 23:42:48 +02:00			`$dirs = [];`
Internal ID, Argon2 for usernames, username changes 2022-11-30 23:12:42 +01:00			`foreach (listFsDirs($_SESSION['id']) as $fsDir)`
del-http-onion.php + query() 2022-06-11 23:42:48 +02:00			`$dirs[$fsDir] = in_array($fsDir, $dbDirs);`
New directories listing format 2022-05-21 02:15:36 +02:00			`return $dirs;`
			`}`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00
Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function htRelativeSymlink(string $target, string $name): void {`
Use Apache - Allows customization through .htaccess - No need to configure or reload a server when adding a site - Content negotiation 2023-04-10 00:50:42 +02:00			`chdir(pathinfo($name)['dirname']);`
			`$symlink = symlink($target, pathinfo($name)['basename']);`
			`chdir(ROOT_PATH);`
			`if ($symlink !== true)`
			`output(500, 'Unable to create symlink.');`
ht: subdomain and subpath on shared domain 2022-12-22 01:44:57 +01:00			`}`

Add type in functions signatures 2023-06-20 00:36:58 +02:00			`function htDeleteSite(string $address, string $type, string $user_id): void {`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00
ht: subdomain and subpath on shared domain 2022-12-22 01:44:57 +01:00			`if ($type === 'onion') {`
Use Apache - Allows customization through .htaccess - No need to configure or reload a server when adding a site - Content negotiation 2023-04-10 00:50:42 +02:00			`$dir = query('select', 'sites', [`
init.php + jobs + job to delete old testing accounts 2023-06-08 17:36:44 +02:00			`'username' => $user_id,`
Use Apache - Allows customization through .htaccess - No need to configure or reload a server when adding a site - Content negotiation 2023-04-10 00:50:42 +02:00			`'address' => $address,`
			`'type' => $type,`
ns/sync.php: instant sync when adding new sync 2023-10-08 00:50:48 +02:00			`], ['site_dir'])[0];`
Use Apache - Allows customization through .htaccess - No need to configure or reload a server when adding a site - Content negotiation 2023-04-10 00:50:42 +02:00
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`// Delete Tor config`
init.php + jobs + job to delete old testing accounts 2023-06-08 17:36:44 +02:00			`if (unlink(CONF['ht']['tor_config_path'] . '/' . $user_id . '/' . $dir) !== true)`
fn success/userError/serverError > output($code) 2022-09-15 19:17:48 +02:00			`output(500, 'Failed to delete Tor configuration.');`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00
			`// Reload Tor`
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`exescape([`
			`CONF['ht']['sudo_path'],`
			`'--',`
			`...explode(' ', CONF['ht']['tor_reload_cmd']),`
			`], result_code: $code);`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`if ($code !== 0)`
fn success/userError/serverError > output($code) 2022-09-15 19:17:48 +02:00			`output(500, 'Failed to reload Tor.');`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00
			`// Delete Tor keys`
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`exescape([`
			`CONF['ht']['sudo_path'],`
			`'-u',`
			`CONF['ht']['tor_user'],`
			`'--',`
			`CONF['ht']['rm_path'],`
			`'-r',`
			`'--',`
			`CONF['ht']['tor_keys_path'] . '/' . $user_id . '/' . $dir,`
			`], result_code: $code);`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`if ($code !== 0)`
fn success/userError/serverError > output($code) 2022-09-15 19:17:48 +02:00			`output(500, 'Failed to delete Tor keys.');`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`}`

ht: subdomain and subpath on shared domain 2022-12-22 01:44:57 +01:00			`if ($type === 'dns') {`
Integrate Let's Encrypt into (add\|del)-http-dns.php 2022-09-06 02:40:18 +02:00			`// Delete Let's Encrypt certificate`
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`exescape([`
			`CONF['ht']['sudo_path'],`
			`CONF['ht']['certbot_path'],`
Use custom certbot config path 2024-01-28 19:21:01 +01:00			`'--config',`
			`CONF['ht']['certbot_config_path'],`
Fix important vulnerability in reg/ds.php + exescape In page reg/ds.php, POST parameter 'key' was directly sent to shell, allowing for remote arbitrary commands execution. This commit fixes this vulnerability, and uses a new function to automatically escape every shell command arguments as an additional generic protection. 2023-06-19 02:15:43 +02:00			`'delete',`
			`'--quiet',`
			`'--cert-name',`
			`$address,`
			`], result_code: $code);`
Integrate Let's Encrypt into (add\|del)-http-dns.php 2022-09-06 02:40:18 +02:00			`if ($code !== 0)`
fn success/userError/serverError > output($code) 2022-09-15 19:17:48 +02:00			`output(500, 'Certbot failed to delete the Let\'s Encrypt certificate.');`
Integrate Let's Encrypt into (add\|del)-http-dns.php 2022-09-06 02:40:18 +02:00			`}`

Use Apache - Allows customization through .htaccess - No need to configure or reload a server when adding a site - Content negotiation 2023-04-10 00:50:42 +02:00			`$link = CONF['ht']['ht_path'] . '/uri/' . match ($type) {`
			`'onion', 'dns' => $address,`
			`'subdomain' => $address . '.' . CONF['ht']['subdomain_domain'],`
			`'subpath' => CONF['ht']['subpath_domain'] . '/' . $address,`
			`};`

			`if (unlink($link) !== true)`
			`output(500, 'Unable to delete symlink.');`

Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`query('delete', 'sites', [`
init.php + jobs + job to delete old testing accounts 2023-06-08 17:36:44 +02:00			`'username' => $user_id,`
ht: subdomain and subpath on shared domain 2022-12-22 01:44:57 +01:00			`'type' => $type,`
Use Apache - Allows customization through .htaccess - No need to configure or reload a server when adding a site - Content negotiation 2023-04-10 00:50:42 +02:00			`'address' => $address,`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`]);`
			`}`