From 46218fb3d348aaffd5b4d1b8769d8686fd5cec14 Mon Sep 17 00:00:00 2001
From: Miraty
Date: Fri, 20 May 2022 00:15:13 +0200
Subject: [PATCH] Use ini file for config + remove old SFTP page
---
auth.php | 3 -
common/bottom.php | 4 +-
common/init.php | 15 ++--
common/pages.php | 3 -
common/top.php | 16 ++--
config.ini | 40 +++++++++
dns.php | 6 --
ht.php | 17 +---
ns.php | 2 -
public/auth/register.php | 2 +-
public/ht/http-onion.php | 22 ++---
public/ht/https-domain.php | 16 ++--
public/ht/index.php | 33 +++++++-
public/ht/le.php | 8 +-
public/ht/sftp.php | 169 -------------------------------------
public/ns/caa.php | 6 +-
public/ns/dnssec.php | 2 +-
public/ns/ip.php | 8 +-
public/ns/loc.php | 6 +-
public/ns/mx.php | 8 +-
public/ns/ns.php | 8 +-
public/ns/srv.php | 8 +-
public/ns/sshfp.php | 6 +-
public/ns/tlsa.php | 6 +-
public/ns/txt.php | 6 +-
public/ns/zone.php | 22 ++---
public/reg/ds.php | 6 +-
public/reg/glue.php | 8 +-
public/reg/index.php | 6 +-
public/reg/ns.php | 8 +-
public/reg/register.php | 30 ++-----
reg.php | 8 --
32 files changed, 178 insertions(+), 330 deletions(-)
create mode 100644 config.ini
delete mode 100644 public/ht/sftp.php
diff --git a/auth.php b/auth.php
index bae15b4..5628609 100644
--- a/auth.php
+++ b/auth.php
@@ -3,9 +3,6 @@
define("USERNAME_REGEX", "^[a-z]{4,32}$");
define("PASSWORD_REGEX", "^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])[a-zA-Z0-9]{8,1024}|.{10,1024}$");
-define("ORIGIN", "https://niver.test:42443");
-define("CHGRP_PATH", "/usr/bin/chgrp");
-
// Password storage security
define("ALGO_PASSWORD", PASSWORD_ARGON2ID);
define("OPTIONS_PASSWORD", array(
diff --git a/common/bottom.php b/common/bottom.php
index aae66c2..92b6d09 100644
--- a/common/bottom.php
+++ b/common/bottom.php
@@ -2,10 +2,10 @@
diff --git a/common/init.php b/common/init.php
index ee0f861..359a9b5 100644
--- a/common/init.php
+++ b/common/init.php
@@ -1,19 +1,16 @@
2. TLDs for Testing, & Documentation Examples
-define("PREFIX", ""); // Prefix in URL, if any
-define("ROOT_PATH", "/srv/php/niver"); // niver-php directory
-define("SERVICE", substr(dirname($_SERVER['PHP_SELF']), strlen(PREFIX) + 1));
+define("CONF", parse_ini_file(__DIR__ . "/../config.ini", true, INI_SCANNER_TYPED));
+
+define("SERVICE", substr(dirname($_SERVER['PHP_SELF']), strlen(CONF['common']['prefix']) + 1));
define("PAGE", basename($_SERVER['PHP_SELF'], '.php'));
-define("DB_PATH", ROOT_PATH . "/db/niver.db"); // Niver's SQLite database
-define("SUDO_PATH", "/usr/bin/sudo");
-define("HT_PATH", "/srv/ht");
+define("DB_PATH", CONF['common']['root_path'] . "/db/niver.db"); // Niver's SQLite database
// Service-specific functions and constants
if (SERVICE === "reg" OR SERVICE === "ns")
- require ROOT_PATH . "/dns.php";
+ require CONF['common']['root_path'] . "/dns.php";
if (SERVICE !== "")
- require ROOT_PATH . "/" . SERVICE . ".php";
+ require CONF['common']['root_path'] . "/" . SERVICE . ".php";
// Page titles definition
require "pages.php";
diff --git a/common/pages.php b/common/pages.php
index 111b836..5b23855 100644
--- a/common/pages.php
+++ b/common/pages.php
@@ -101,9 +101,6 @@ switch (SERVICE) {
case "index":
$page['title'] = $page['service'];
break;
- case "sftp":
- $page['title'] = "Gérer l'accès SFTP";
- break;
}
break;
}
diff --git a/common/top.php b/common/top.php
index d452559..90115f9 100644
--- a/common/top.php
+++ b/common/top.php
@@ -22,7 +22,7 @@ if (
'cookie_secure' => true,
'cookie_httponly' => true,
'cookie_samesite' => 'Strict',
- 'cookie_path' => PREFIX . '/',
+ 'cookie_path' => CONF['common']['prefix'] . '/',
'cookie_lifetime' => 432000, // = 60*60*24*5 = 5 days
'gc_maxlifetime' => 10800,
'use_strict_mode' => true,
@@ -51,22 +51,22 @@ define("THEME", array(
'darkColor' => '#000000',
));
-require_once ROOT_PATH . "/lessphp/lib/Less/Autoloader.php";
+require_once CONF['common']['root_path'] . "/lessphp/lib/Less/Autoloader.php";
Less_Autoloader::register();
// List files in less/
-$relativeLessFiles = array_diff(scandir(ROOT_PATH . "/less"), array('..', '.'));
+$relativeLessFiles = array_diff(scandir(CONF['common']['root_path'] . "/less"), array('..', '.'));
// Replace keys by values, and values by keys
$relativeLessFiles = array_flip($relativeLessFiles);
// Change relative paths into absolute paths
foreach ($relativeLessFiles as $relativeLessFile => $nothing) {
- $absoluteLessFiles[ROOT_PATH . "/less/" . $relativeLessFile] = "";
+ $absoluteLessFiles[CONF['common']['root_path'] . "/less/" . $relativeLessFile] = "";
}
// Generate one minified CSS file into public/css/ from sources in less/
$options = array(
- 'cache_dir' => ROOT_PATH . '/public/css/',
+ 'cache_dir' => CONF['common']['root_path'] . '/public/css/',
'compress' => true
);
$cssFileName = Less_Cache::Get($absoluteLessFiles, $options, THEME);
@@ -82,7 +82,7 @@ $cssFileName = Less_Cache::Get($absoluteLessFiles, $options, THEME);
if (isset($page['service']))
echo $page['service'] . " < ";
?>Niver
-
+
@@ -90,9 +90,9 @@ $cssFileName = Less_Cache::Get($absoluteLessFiles, $options, THEME);
- Niver Niver ' . $page['service'] . ' ';
+ echo ' > ' . $page['service'] . ' ';
if (PAGE != "index")
echo ' > ' . $page['title'] . " ";
?>
diff --git a/config.ini b/config.ini
new file mode 100644
index 0000000..8f8fdcc
--- /dev/null
+++ b/config.ini
@@ -0,0 +1,40 @@
+[common]
+root_path = "/srv/php/niver"
+; Prefix in URL, if any
+prefix =
+ht_path = "/srv/ht"
+; From RFC2606: Reserved Top Level DNS Names > 2. TLDs for Testing, & Documentation Examples
+domain_example = "example"
+; From RFC3849: IPv6 Address Prefix Reserved for Documentation
+ipv6_example = "2001:db8::3"
+; From RFC5737: IPv4 Address Blocks Reserved for Documentation
+ipv4_example = "203.0.113.42"
+
+[auth]
+chgrp_path = "/usr/bin/chgrp"
+
+[reg]
+knotc_path = "/usr/sbin/knotc"
+registry = niver.test
+subdomain_regex = "^[a-z0-9]{4,63}$"
+
+[ns]
+knotc_path = "/usr/sbin/knotc"
+knot_zones_path = "/srv/ns"
+
+[ht]
+ipv6_address = "::1"
+ipv4_address = "127.0.0.1"
+sftp_domain = "sftp.niver.test"
+public_sftp_port = 2022
+https_port = 42443
+internal_onion_http_port = 9080
+sudo_path = "/usr/bin/sudo"
+systemctl_path = "/usr/bin/systemctl"
+certbot_path = "/usr/bin/certbot"
+; Nginx configuration directory
+nginx_config_path = "/etc/nginx/ht"
+; Tor configuration file
+tor_config_path = "/etc/tor/instances/niver/torrc"
+; Tor keys directory
+tor_keys_path = "/var/lib/tor-instances/niver/keys"
diff --git a/dns.php b/dns.php
index 443a9a0..89846fb 100644
--- a/dns.php
+++ b/dns.php
@@ -1,11 +1,5 @@
$absoluteDir) {
if (preg_match("/^[a-z0-9-]{1,32}$/", basename($absoluteDir)))
diff --git a/ns.php b/ns.php
index cbe006a..72f8e07 100644
--- a/ns.php
+++ b/ns.php
@@ -1,7 +1,5 @@
Ajouter un domaine sur un dossier de site
Le domaine doit pointer vers ces adresses IP :
- IPv4 : = IPV4_ADDRESS ?>
- IPv6 : = IPV6_ADDRESS ?>
+ IPv4 : = CONF['ht']['ipv4_address'] ?>
+ IPv6 : = CONF['ht']['ipv6_address'] ?>
@@ -19,9 +19,9 @@ if (nsCommonRequirements()
checkAbsoluteDomainFormat($_POST['ns']);
- exec(KNOTC_PATH . " zone-begin " . $_POST['zone']);
- exec(KNOTC_PATH . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . " IN NS " . $_POST['ns']);
- exec(KNOTC_PATH . " zone-commit " . $_POST['zone']);
+ exec(CONF['ns']['knotc_path'] . " zone-begin " . $_POST['zone']);
+ exec(CONF['ns']['knotc_path'] . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . " IN NS " . $_POST['ns']);
+ exec(CONF['ns']['knotc_path'] . " zone-commit " . $_POST['zone']);
echo "Enregistrement ajouté";
}
diff --git a/public/ns/srv.php b/public/ns/srv.php
index b147e32..a2b09af 100644
--- a/public/ns/srv.php
+++ b/public/ns/srv.php
@@ -26,7 +26,7 @@
Cible
-
+
@@ -54,9 +54,9 @@ if (nsCommonRequirements()
checkAbsoluteDomainFormat($_POST['target']);
- exec(KNOTC_PATH . " zone-begin " . $_POST['zone']);
- exec(KNOTC_PATH . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . " IN SRV " . $_POST['priority'] . " " . $_POST['weight'] . " " . $_POST['port'] . " " . $_POST['target']);
- exec(KNOTC_PATH . " zone-commit " . $_POST['zone']);
+ exec(CONF['ns']['knotc_path'] . " zone-begin " . $_POST['zone']);
+ exec(CONF['ns']['knotc_path'] . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . " IN SRV " . $_POST['priority'] . " " . $_POST['weight'] . " " . $_POST['port'] . " " . $_POST['target']);
+ exec(CONF['ns']['knotc_path'] . " zone-commit " . $_POST['zone']);
echo "Enregistrement ajouté";
}
diff --git a/public/ns/sshfp.php b/public/ns/sshfp.php
index 1f0e644..361768e 100644
--- a/public/ns/sshfp.php
+++ b/public/ns/sshfp.php
@@ -51,9 +51,9 @@ if (nsCommonRequirements()
if (!(preg_match("/^[a-z0-9]{64}$/", $_POST['fp'])))
exit("ERROR: Wrong value for fp");
- exec(KNOTC_PATH . " zone-begin " . $_POST['zone']);
- exec(KNOTC_PATH . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . " IN SSHFP " . $_POST['algo'] . " " . $_POST['type'] . " " . $_POST['fp']);
- exec(KNOTC_PATH . " zone-commit " . $_POST['zone']);
+ exec(CONF['ns']['knotc_path'] . " zone-begin " . $_POST['zone']);
+ exec(CONF['ns']['knotc_path'] . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . " IN SSHFP " . $_POST['algo'] . " " . $_POST['type'] . " " . $_POST['fp']);
+ exec(CONF['ns']['knotc_path'] . " zone-commit " . $_POST['zone']);
echo "Enregistrement ajouté";
}
diff --git a/public/ns/tlsa.php b/public/ns/tlsa.php
index bfcb348..c93f7b3 100644
--- a/public/ns/tlsa.php
+++ b/public/ns/tlsa.php
@@ -65,9 +65,9 @@ if (nsCommonRequirements()
if (!(preg_match("/^[a-zA-Z0-9.-]{1,1024}$/", $_POST['content'])))
exit("ERROR: Wrong value for content");
- exec(KNOTC_PATH . " zone-begin " . $_POST['zone']);
- exec(KNOTC_PATH . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . " IN TLSA " . $_POST['use'] . " " . $_POST['selector'] . " " . $_POST['type'] . " " . $_POST['content']);
- exec(KNOTC_PATH . " zone-commit " . $_POST['zone']);
+ exec(CONF['ns']['knotc_path'] . " zone-begin " . $_POST['zone']);
+ exec(CONF['ns']['knotc_path'] . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . " IN TLSA " . $_POST['use'] . " " . $_POST['selector'] . " " . $_POST['type'] . " " . $_POST['content']);
+ exec(CONF['ns']['knotc_path'] . " zone-commit " . $_POST['zone']);
echo "Enregistrement ajouté";
}
diff --git a/public/ns/txt.php b/public/ns/txt.php
index be303a3..37e1f29 100644
--- a/public/ns/txt.php
+++ b/public/ns/txt.php
@@ -20,9 +20,9 @@ if (nsCommonRequirements()
if (!(preg_match("/^[a-zA-Z0-9 =:!%$+\/\()[\]_-]{5,8192}$/", $_POST['txt'])))
exit("ERROR : Wrong caracter or wrong caracter quantity");
- exec(KNOTC_PATH . " zone-begin " . $_POST['zone']);
- exec(KNOTC_PATH . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . ' IN TXT \"' . $_POST['txt'] . '\"');
- exec(KNOTC_PATH . " zone-commit " . $_POST['zone']);
+ exec(CONF['ns']['knotc_path'] . " zone-begin " . $_POST['zone']);
+ exec(CONF['ns']['knotc_path'] . " zone-" . $values['action'] . "set " . $_POST['zone'] . " " . $values['domain'] . " " . $values['ttl'] . ' IN TXT \"' . $_POST['txt'] . '\"');
+ exec(CONF['ns']['knotc_path'] . " zone-commit " . $_POST['zone']);
echo "Enregistrement ajouté";
}
diff --git a/public/ns/zone.php b/public/ns/zone.php
index 11037af..898510e 100644
--- a/public/ns/zone.php
+++ b/public/ns/zone.php
@@ -3,7 +3,7 @@
Ajouter une zone
Domaine
-
+
@@ -23,17 +23,17 @@ if (isset($_POST['domain']) AND isset($_SESSION['username'])) {
$stmt->execute();
- $knotZonePath = KNOT_ZONES_PATH . "/" . $_POST['domain'] . "zone";
+ $knotZonePath = CONF['ns']['knot_zones_path'] . "/" . $_POST['domain'] . "zone";
$knotZone = $_POST['domain'] . ' 3600 SOA ns1.niver.test. admin.niver.test. 1 21600 7200 3628800 3600
' . $_POST['domain'] . ' 86400 NS ns1.niver.test.
';
file_put_contents($knotZonePath, $knotZone);
chmod($knotZonePath, 0660);
- exec(KNOTC_PATH . " conf-begin");
- exec(KNOTC_PATH . " conf-set 'zone[" . $_POST['domain'] . "]'");
- exec(KNOTC_PATH . " conf-set 'zone[" . $_POST['domain'] . "].template' 'niver'");
- exec(KNOTC_PATH . " conf-commit");
+ exec(CONF['ns']['knotc_path'] . " conf-begin");
+ exec(CONF['ns']['knotc_path'] . " conf-set 'zone[" . $_POST['domain'] . "]'");
+ exec(CONF['ns']['knotc_path'] . " conf-set 'zone[" . $_POST['domain'] . "].template' 'niver'");
+ exec(CONF['ns']['knotc_path'] . " conf-commit");
echo "La requête a été traitée.";
@@ -67,15 +67,15 @@ if (isset($_POST['zone']) AND isset($_SESSION['username'])) {
nsCheckZonePossession($_POST['zone']);
// Remove from Knot configuration
- exec(KNOTC_PATH . " conf-begin");
- exec(KNOTC_PATH . " conf-unset 'zone[" . $_POST['zone'] . "]'");
- exec(KNOTC_PATH . " conf-commit");
+ exec(CONF['ns']['knotc_path'] . " conf-begin");
+ exec(CONF['ns']['knotc_path'] . " conf-unset 'zone[" . $_POST['zone'] . "]'");
+ exec(CONF['ns']['knotc_path'] . " conf-commit");
// Remove Knot zone file
- unlink(KNOT_ZONES_PATH . "/" . $_POST['zone'] . "zone");
+ unlink(CONF['ns']['knot_zones_path'] . "/" . $_POST['zone'] . "zone");
// Remove Knot related data
- exec(KNOTC_PATH . " zone-purge " . $_POST['zone']);
+ exec(CONF['ns']['knotc_path'] . " zone-purge " . $_POST['zone']);
// Remove from Niver's database
$db = new PDO('sqlite:' . DB_PATH);
diff --git a/public/reg/ds.php b/public/reg/ds.php
index fd8973b..011e995 100644
--- a/public/reg/ds.php
+++ b/public/reg/ds.php
@@ -95,9 +95,9 @@ if (isset($_POST['zone']) AND isset($_POST['keytag']) AND isset($_POST['algo'])
$suffix = regGetUpperDomain($_POST['zone']);
- exec(KNOTC_PATH . " zone-begin " . $suffix);
- exec(KNOTC_PATH . " zone-" . $action . "set " . $suffix . " " . $_POST['zone'] . " 86400 IN DS " . $_POST['keytag'] . " " . $_POST['algo'] . " " . $_POST['dt'] . " " . $_POST['key']);
- exec(KNOTC_PATH . " zone-commit " . $suffix);
+ exec(CONF['reg']['knotc_path'] . " zone-begin " . $suffix);
+ exec(CONF['reg']['knotc_path'] . " zone-" . $action . "set " . $suffix . " " . $_POST['zone'] . " 86400 IN DS " . $_POST['keytag'] . " " . $_POST['algo'] . " " . $_POST['dt'] . " " . $_POST['key']);
+ exec(CONF['reg']['knotc_path'] . " zone-commit " . $suffix);
echo "La requête a été envoyée à Knot";
}
diff --git a/public/reg/glue.php b/public/reg/glue.php
index ada8b70..33e0261 100644
--- a/public/reg/glue.php
+++ b/public/reg/glue.php
@@ -34,7 +34,7 @@
IP
-
+
@@ -68,9 +68,9 @@ if (isset($_POST['action']) AND isset($_POST['subdomain']) AND isset($_POST['suf
$publicSuffix = regGetUpperDomain($_POST['suffix']);
- exec(KNOTC_PATH . " zone-begin " . $publicSuffix);
- exec(KNOTC_PATH . " zone-" . $action . "set " . $publicSuffix . " " . $domain . " 86400 IN " . $record . " " . $_POST['ip']);
- exec(KNOTC_PATH . " zone-commit " . $publicSuffix);
+ exec(CONF['reg']['knotc_path'] . " zone-begin " . $publicSuffix);
+ exec(CONF['reg']['knotc_path'] . " zone-" . $action . "set " . $publicSuffix . " " . $domain . " 86400 IN " . $record . " " . $_POST['ip']);
+ exec(CONF['reg']['knotc_path'] . " zone-commit " . $publicSuffix);
echo "Glue record ajouté";
}
diff --git a/public/reg/index.php b/public/reg/index.php
index e173c47..8d2b3d0 100644
--- a/public/reg/index.php
+++ b/public/reg/index.php
@@ -3,11 +3,11 @@
Enregistrer un nouveau domaine
- Prendre possession d'un sous-domaine de = REGISTRY ?>
+ Prendre possession d'un sous-domaine de = CONF['reg']['registry'] ?>
Enregistrement NS
- Indiquer les serveurs de noms de son sous-domaine de = REGISTRY ?>
+ Indiquer les serveurs de noms de son sous-domaine de = CONF['reg']['registry'] ?>
Enregistrement DS
@@ -15,7 +15,7 @@
Glue Record
- Indiquer les IP de ses serveurs de noms de son sous-domaine de = REGISTRY ?>
dont les adresses se trouvent sur ce même sous-domaine
+ Indiquer les IP de ses serveurs de noms de son sous-domaine de = CONF['reg']['registry'] ?>
dont les adresses se trouvent sur ce même sous-domaine
diff --git a/public/reg/ns.php b/public/reg/ns.php
index 2e61159..a33acf8 100644
--- a/public/reg/ns.php
+++ b/public/reg/ns.php
@@ -27,7 +27,7 @@
Serveur de nom
-
+
@@ -45,9 +45,9 @@ if (isset($_POST['domain']) AND isset($_POST['action']) AND isset($_POST['ns'])
$suffix = regGetUpperDomain($_POST['domain']);
- exec(KNOTC_PATH . " zone-begin " . $suffix, $output);
- exec(KNOTC_PATH . " zone-" . $action . "set " . $suffix . " " . $_POST['domain'] . " 86400 IN NS " . $_POST['ns'], $output);
- exec(KNOTC_PATH . " zone-commit " . $suffix, $output);
+ exec(CONF['reg']['knotc_path'] . " zone-begin " . $suffix, $output);
+ exec(CONF['reg']['knotc_path'] . " zone-" . $action . "set " . $suffix . " " . $_POST['domain'] . " 86400 IN NS " . $_POST['ns'], $output);
+ exec(CONF['reg']['knotc_path'] . " zone-commit " . $suffix, $output);
$error = false;
foreach ($output as $line) {
if ($line !== "OK") {
diff --git a/public/reg/register.php b/public/reg/register.php
index d12cd3a..a2072ae 100644
--- a/public/reg/register.php
+++ b/public/reg/register.php
@@ -5,37 +5,23 @@ Ce domaine doit être composé uniquement d'au moins 4 lettres latines non accen
-
- Domaine
-
- Sous-domaine
-
-
-
-
- Suffixe
-
-
- .= REGISTRY ?>
-
-
-
-
+
+ Sous-domaine
+
+ .= CONF['reg']['registry'] ?>
+