servnest/fn/ht.php

<?php

function htSetupUserFs($id) {
	// Setup SFTP directory
	umask(0002);
	if (mkdir(CONF['ht']['ht_path'] . '/fs/' . $id, 0775) !== true)
		output(500, 'Can\'t create user directory.');
	exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['chgrp_path'] . ' ' . CONF['ht']['sftpgo_group'] . ' ' . CONF['ht']['ht_path'] . '/fs/' . $id . ' --no-dereference', result_code: $code);
	if ($code !== 0)
		output(500, 'Can\'t change user directory group.');

	// Setup Tor config directory
	if (mkdir(CONF['ht']['tor_config_path'] . '/' . $id, 0755) !== true)
		output(500, 'Can\'t create Tor config directory.');

	// Setup Tor keys directory
	exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['mkdir_path'] . ' --mode=0700 ' . CONF['ht']['tor_keys_path'] . '/' . $id, result_code: $code);
	if ($code !== 0)
		output(500, 'Can\'t create Tor keys directory.');
}

function checkDomainFormat($domain) {
	// If the domain must end without a dot
	if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match('/^([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/D', $domain))
		output(403, _('Domain malformed.'));
}

function formatDomain($domain) {
	$domain = rtrim(strtolower($domain), '.');
	checkDomainFormat($domain);
	return $domain;
}

function listFsDirs($username) {
	$absoluteDirs = glob(CONF['ht']['ht_path'] . '/fs/' . $username . '/*/', GLOB_ONLYDIR);
	$dirs = [];
	foreach ($absoluteDirs as $absoluteDir)
		if (preg_match('/^[a-zA-Z0-9_-]{1,64}$/D', basename($absoluteDir)))
			array_push($dirs, basename($absoluteDir));
	return $dirs;
}

function addSite($username, $siteDir, $address, $type) {
	insert('sites', [
		'username' => $username,
		'site_dir' => $siteDir,
		'address' => $address,
		'type' => $type,
		'creation_date' => date('Y-m-d H:i:s'),
	]);
}

function dirsStatuses($type) {
	if (isset($_SESSION['id']) !== true)
		return [];
	$dbDirs = query('select', 'sites', [
		'username' => $_SESSION['id'],
		'type' => $type,
	], 'site_dir');
	$dirs = [];
	foreach (listFsDirs($_SESSION['id']) as $fsDir)
		$dirs[$fsDir] = in_array($fsDir, $dbDirs);
	return $dirs;
}

function htRelativeSymlink($target, $name) {
	chdir(pathinfo($name)['dirname']);
	$symlink = symlink($target, pathinfo($name)['basename']);
	chdir(ROOT_PATH);
	if ($symlink !== true)
		output(500, 'Unable to create symlink.');
}

function htDeleteSite($address, $type) {

	if ($type === 'onion') {
		$dir = query('select', 'sites', [
			'username' => $_SESSION['id'],
			'address' => $address,
			'type' => $type,
		], 'site_dir')[0];

		// Delete Tor config
		if (unlink(CONF['ht']['tor_config_path'] . '/' . $_SESSION['id'] . '/' . $dir) !== true)
			output(500, 'Failed to delete Tor configuration.');

		// Reload Tor
		exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['tor_reload_cmd'], $output, $code);
		if ($code !== 0)
			output(500, 'Failed to reload Tor.');

		// Delete Tor keys
		exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['id'] . '/' . $dir, $output, $code);
		if ($code !== 0)
			output(500, 'Failed to delete Tor keys.');
	}

	if ($type === 'dns') {
		// Delete Let's Encrypt certificate
		exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['certbot_path'] . ' delete --quiet --cert-name ' . $address, $output, $code);
		if ($code !== 0)
			output(500, 'Certbot failed to delete the Let\'s Encrypt certificate.');
	}

	$link = CONF['ht']['ht_path'] . '/uri/' . match ($type) {
		'onion', 'dns' => $address,
		'subdomain' => $address . '.' . CONF['ht']['subdomain_domain'],
		'subpath' => CONF['ht']['subpath_domain'] . '/' . $address,
	};

	if (unlink($link) !== true)
		output(500, 'Unable to delete symlink.');

	query('delete', 'sites', [
		'username' => $_SESSION['id'],
		'type' => $type,
		'address' => $address,
	]);
}
?, more checks on ht/ 2021-02-16 19:20:19 +01:00			`<?php`

Advanced services status management 2023-03-09 01:35:30 +01:00			`function htSetupUserFs($id) {`
			`// Setup SFTP directory`
			`umask(0002);`
Use Apache - Allows customization through .htaccess - No need to configure or reload a server when adding a site - Content negotiation 2023-04-10 00:50:42 +02:00			`if (mkdir(CONF['ht']['ht_path'] . '/fs/' . $id, 0775) !== true)`
Advanced services status management 2023-03-09 01:35:30 +01:00			`output(500, 'Can\'t create user directory.');`
Use Apache - Allows customization through .htaccess - No need to configure or reload a server when adding a site - Content negotiation 2023-04-10 00:50:42 +02:00			`exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['chgrp_path'] . ' ' . CONF['ht']['sftpgo_group'] . ' ' . CONF['ht']['ht_path'] . '/fs/' . $id . ' --no-dereference', result_code: $code);`
Advanced services status management 2023-03-09 01:35:30 +01:00			`if ($code !== 0)`
			`output(500, 'Can\'t change user directory group.');`

			`// Setup Tor config directory`
			`if (mkdir(CONF['ht']['tor_config_path'] . '/' . $id, 0755) !== true)`
			`output(500, 'Can\'t create Tor config directory.');`

			`// Setup Tor keys directory`
			`exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['mkdir_path'] . ' --mode=0700 ' . CONF['ht']['tor_keys_path'] . '/' . $id, result_code: $code);`
			`if ($code !== 0)`
			`output(500, 'Can\'t create Tor keys directory.');`
			`}`

Better segmentation between services 2022-04-23 01:57:43 +02:00			`function checkDomainFormat($domain) {`
			`// If the domain must end without a dot`
Fix regDeleteDomain security flaw + D regex modifier regDeleteDomain() in fn/reg.php used too loose pattern matching for data deletion, that also deleted other domains that included the deleted domain 2022-11-20 18:17:03 +01:00			`if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match('/^([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/D', $domain))`
Gettext internationalization and english translation 2023-01-21 01:27:52 +01:00			`output(403, _('Domain malformed.'));`
ht: Allow domains ending with a dot 2022-09-14 13:49:15 +02:00			`}`

			`function formatDomain($domain) {`
			`$domain = rtrim(strtolower($domain), '.');`
			`checkDomainFormat($domain);`
			`return $domain;`
Better segmentation between services 2022-04-23 01:57:43 +02:00			`}`

?, more checks on ht/ 2021-02-16 19:20:19 +01:00			`function listFsDirs($username) {`
Use Apache - Allows customization through .htaccess - No need to configure or reload a server when adding a site - Content negotiation 2023-04-10 00:50:42 +02:00			`$absoluteDirs = glob(CONF['ht']['ht_path'] . '/fs/' . $username . '/*/', GLOB_ONLYDIR);`
del-http-onion.php + query() 2022-06-11 23:42:48 +02:00			`$dirs = [];`
Cleaner ht.php 2022-06-10 16:42:55 +02:00			`foreach ($absoluteDirs as $absoluteDir)`
ht: More restrictive directory names 2022-11-28 17:16:30 +01:00			`if (preg_match('/^[a-zA-Z0-9_-]{1,64}$/D', basename($absoluteDir)))`
Cleaner ht.php 2022-06-10 16:42:55 +02:00			`array_push($dirs, basename($absoluteDir));`
			`return $dirs;`
?, more checks on ht/ 2021-02-16 19:20:19 +01:00			`}`

ht: subdomain and subpath on shared domain 2022-12-22 01:44:57 +01:00			`function addSite($username, $siteDir, $address, $type) {`
Factorize "INSERT INTO" SQL queries with insert() 2022-09-14 17:19:17 +02:00			`insert('sites', [`
			`'username' => $username,`
			`'site_dir' => $siteDir,`
ht: subdomain and subpath on shared domain 2022-12-22 01:44:57 +01:00			`'address' => $address,`
			`'type' => $type,`
Use single quotes instead of double quotes 2022-11-20 15:11:54 +01:00			`'creation_date' => date('Y-m-d H:i:s'),`
Factorize "INSERT INTO" SQL queries with insert() 2022-09-14 17:19:17 +02:00			`]);`
?, more checks on ht/ 2021-02-16 19:20:19 +01:00			`}`

ht: subdomain and subpath on shared domain 2022-12-22 01:44:57 +01:00			`function dirsStatuses($type) {`
Internal ID, Argon2 for usernames, username changes 2022-11-30 23:12:42 +01:00			`if (isset($_SESSION['id']) !== true)`
ht: More restrictive directory names 2022-11-28 17:16:30 +01:00			`return [];`
del-http-onion.php + query() 2022-06-11 23:42:48 +02:00			`$dbDirs = query('select', 'sites', [`
Internal ID, Argon2 for usernames, username changes 2022-11-30 23:12:42 +01:00			`'username' => $_SESSION['id'],`
ht: subdomain and subpath on shared domain 2022-12-22 01:44:57 +01:00			`'type' => $type,`
del-http-onion.php + query() 2022-06-11 23:42:48 +02:00			`], 'site_dir');`
			`$dirs = [];`
Internal ID, Argon2 for usernames, username changes 2022-11-30 23:12:42 +01:00			`foreach (listFsDirs($_SESSION['id']) as $fsDir)`
del-http-onion.php + query() 2022-06-11 23:42:48 +02:00			`$dirs[$fsDir] = in_array($fsDir, $dbDirs);`
New directories listing format 2022-05-21 02:15:36 +02:00			`return $dirs;`
			`}`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00
Use Apache - Allows customization through .htaccess - No need to configure or reload a server when adding a site - Content negotiation 2023-04-10 00:50:42 +02:00			`function htRelativeSymlink($target, $name) {`
			`chdir(pathinfo($name)['dirname']);`
			`$symlink = symlink($target, pathinfo($name)['basename']);`
			`chdir(ROOT_PATH);`
			`if ($symlink !== true)`
			`output(500, 'Unable to create symlink.');`
ht: subdomain and subpath on shared domain 2022-12-22 01:44:57 +01:00			`}`

Use Apache - Allows customization through .htaccess - No need to configure or reload a server when adding a site - Content negotiation 2023-04-10 00:50:42 +02:00			`function htDeleteSite($address, $type) {`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00
ht: subdomain and subpath on shared domain 2022-12-22 01:44:57 +01:00			`if ($type === 'onion') {`
Use Apache - Allows customization through .htaccess - No need to configure or reload a server when adding a site - Content negotiation 2023-04-10 00:50:42 +02:00			`$dir = query('select', 'sites', [`
			`'username' => $_SESSION['id'],`
			`'address' => $address,`
			`'type' => $type,`
			`], 'site_dir')[0];`

Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`// Delete Tor config`
Internal ID, Argon2 for usernames, username changes 2022-11-30 23:12:42 +01:00			`if (unlink(CONF['ht']['tor_config_path'] . '/' . $_SESSION['id'] . '/' . $dir) !== true)`
fn success/userError/serverError > output($code) 2022-09-15 19:17:48 +02:00			`output(500, 'Failed to delete Tor configuration.');`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00
			`// Reload Tor`
Make services reloading systemd-agnostic 2022-11-23 22:21:34 +01:00			`exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['tor_reload_cmd'], $output, $code);`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`if ($code !== 0)`
fn success/userError/serverError > output($code) 2022-09-15 19:17:48 +02:00			`output(500, 'Failed to reload Tor.');`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00
			`// Delete Tor keys`
Internal ID, Argon2 for usernames, username changes 2022-11-30 23:12:42 +01:00			`exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['id'] . '/' . $dir, $output, $code);`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`if ($code !== 0)`
fn success/userError/serverError > output($code) 2022-09-15 19:17:48 +02:00			`output(500, 'Failed to delete Tor keys.');`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`}`

ht: subdomain and subpath on shared domain 2022-12-22 01:44:57 +01:00			`if ($type === 'dns') {`
Integrate Let's Encrypt into (add\|del)-http-dns.php 2022-09-06 02:40:18 +02:00			`// Delete Let's Encrypt certificate`
ht: subdomain and subpath on shared domain 2022-12-22 01:44:57 +01:00			`exec(CONF['ht']['sudo_path'] . ' ' . CONF['ht']['certbot_path'] . ' delete --quiet --cert-name ' . $address, $output, $code);`
Integrate Let's Encrypt into (add\|del)-http-dns.php 2022-09-06 02:40:18 +02:00			`if ($code !== 0)`
fn success/userError/serverError > output($code) 2022-09-15 19:17:48 +02:00			`output(500, 'Certbot failed to delete the Let\'s Encrypt certificate.');`
Integrate Let's Encrypt into (add\|del)-http-dns.php 2022-09-06 02:40:18 +02:00			`}`

Use Apache - Allows customization through .htaccess - No need to configure or reload a server when adding a site - Content negotiation 2023-04-10 00:50:42 +02:00			`$link = CONF['ht']['ht_path'] . '/uri/' . match ($type) {`
			`'onion', 'dns' => $address,`
			`'subdomain' => $address . '.' . CONF['ht']['subdomain_domain'],`
			`'subpath' => CONF['ht']['subpath_domain'] . '/' . $address,`
			`};`

			`if (unlink($link) !== true)`
			`output(500, 'Unable to delete symlink.');`

Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`query('delete', 'sites', [`
Internal ID, Argon2 for usernames, username changes 2022-11-30 23:12:42 +01:00			`'username' => $_SESSION['id'],`
ht: subdomain and subpath on shared domain 2022-12-22 01:44:57 +01:00			`'type' => $type,`
Use Apache - Allows customization through .htaccess - No need to configure or reload a server when adding a site - Content negotiation 2023-04-10 00:50:42 +02:00			`'address' => $address,`
Add form to delete account Move service-specific deletion code to functions 2022-06-18 04:22:05 +02:00			`]);`
			`}`