diff --git a/config.ini b/config.ini index 6b577e6..be01278 100644 --- a/config.ini +++ b/config.ini @@ -66,4 +66,4 @@ ipv4_listen_address = "127.0.0.1" internal_onion_http_port = 9080 user_quota_testing = 20971520 -user_quota_trusted = 209715200 +user_quota_approved = 209715200 diff --git a/db/schema.sql b/db/schema.sql index da63384..903f836 100644 --- a/db/schema.sql +++ b/db/schema.sql @@ -17,6 +17,10 @@ CREATE TABLE IF NOT EXISTS "users" ( "type" TEXT NOT NULL, PRIMARY KEY("id") ); +CREATE TABLE IF NOT EXISTS "approval-keys" ( + "key" TEXT NOT NULL UNIQUE, + PRIMARY KEY("key") +); CREATE TABLE IF NOT EXISTS "registry" ( "domain" TEXT NOT NULL UNIQUE, "username" TEXT NOT NULL, diff --git a/fn/auth.php b/fn/auth.php index 7568099..6d229b0 100644 --- a/fn/auth.php +++ b/fn/auth.php @@ -45,9 +45,7 @@ function outdatedPasswordHash($id) { } function changePassword($id, $password) { - $db = new PDO('sqlite:' . DB_PATH); - - $stmt = $db->prepare('UPDATE users SET password = :password WHERE id = :id'); + $stmt = DB->prepare('UPDATE users SET password = :password WHERE id = :id'); $stmt->bindValue(':id', $id); $stmt->bindValue(':password', hashPassword($password)); @@ -87,8 +85,7 @@ function rateLimitAccount($requestedTokens) { $tokens -= $requestedTokens; // Update - $db = new PDO('sqlite:' . DB_PATH); - $stmt = $db->prepare('UPDATE users SET bucket_tokens = :bucket_tokens, bucket_last_update = :bucket_last_update WHERE id = :id'); + $stmt = DB->prepare('UPDATE users SET bucket_tokens = :bucket_tokens, bucket_last_update = :bucket_last_update WHERE id = :id'); $stmt->bindValue(':id', $_SESSION['id']); $stmt->bindValue(':bucket_tokens', $tokens); $stmt->bindValue(':bucket_last_update', time()); @@ -109,12 +106,11 @@ function rateLimitInstance($requestedTokens) { $tokens -= $requestedTokens; // Update - $db = new PDO('sqlite:' . DB_PATH); - $stmt = $db->prepare("UPDATE params SET value = :bucket_tokens WHERE name = 'instance_bucket_tokens';"); + $stmt = DB->prepare("UPDATE params SET value = :bucket_tokens WHERE name = 'instance_bucket_tokens';"); $stmt->bindValue(':bucket_tokens', $tokens); $stmt->execute(); - $stmt = $db->prepare("UPDATE params SET value = :bucket_last_update WHERE name = 'instance_bucket_last_update';"); + $stmt = DB->prepare("UPDATE params SET value = :bucket_last_update WHERE name = 'instance_bucket_last_update';"); $stmt->bindValue(':bucket_last_update', time()); $stmt->execute(); } diff --git a/fn/common.php b/fn/common.php index 259ddfa..9abece0 100644 --- a/fn/common.php +++ b/fn/common.php @@ -35,7 +35,7 @@ function processForm($requireLogin = true) { } function insert($table, $values) { - $query = 'INSERT INTO ' . $table . '('; + $query = 'INSERT INTO "' . $table . '"('; foreach ($values as $key => $val) { if ($key === array_key_last($values)) @@ -53,14 +53,12 @@ function insert($table, $values) { } $query .= ')'; - $db = new PDO('sqlite:' . DB_PATH); - - $op = $db->prepare($query); + $stmt = DB->prepare($query); foreach ($values as $key => $val) - $op->bindValue(":$key", $val); + $stmt->bindValue(":$key", $val); - $op->execute(); + $stmt->execute(); } function query($action, $table, $conditions = [], $column = NULL) { @@ -70,7 +68,7 @@ function query($action, $table, $conditions = [], $column = NULL) { 'delete' => 'DELETE', }; - $query .= ' FROM ' . $table; + $query .= ' FROM "' . $table . '"'; foreach ($conditions as $key => $val) { if ($key === array_key_first($conditions)) @@ -79,18 +77,16 @@ function query($action, $table, $conditions = [], $column = NULL) { $query .= " AND $key = :$key"; } - $db = new PDO('sqlite:' . DB_PATH); - - $op = $db->prepare($query); + $stmt = DB->prepare($query); foreach ($conditions as $key => $val) - $op->bindValue(":$key", $val); + $stmt->bindValue(":$key", $val); - $op->execute(); + $stmt->execute(); if (isset($column)) - return array_column($op->fetchAll(PDO::FETCH_ASSOC), $column); - return $op->fetchAll(PDO::FETCH_ASSOC); + return array_column($stmt->fetchAll(PDO::FETCH_ASSOC), $column); + return $stmt->fetchAll(PDO::FETCH_ASSOC); } function displayIndex() { ?> diff --git a/pages.php b/pages.php index 1601aca..25369bc 100644 --- a/pages.php +++ b/pages.php @@ -22,6 +22,10 @@ define('PAGES', [ 'title' => 'Supprimer son compte', 'description' => 'Effacer toutes les données de son compte', ], + 'approval' => [ + 'title' => 'Approuver son compte', + 'description' => 'Utiliser une clé d\'approbation pour passer à un compte approuvé.', + ], 'password' => [ 'title' => 'Changer la clé de passe', 'description' => 'Changer la chaîne de caractères permettant de vous authentifier.', diff --git a/pages/auth/approval.php b/pages/auth/approval.php new file mode 100644 index 0000000..6cd62b2 --- /dev/null +++ b/pages/auth/approval.php @@ -0,0 +1,37 @@ + bin2hex(random_bytes(16))]); + +if (processForm()) { + + if ($_SESSION['type'] !== 'testing') + output(403, 'Approbation impossible : votre compte est déjà approuvé.'); + + if (isset(query('select', 'approval-keys', ['key' => $_POST['key']], 'key')[0]) !== true) + output(403, 'Approbation impossible : cette clé d\'approbation n\'est pas disponible. Elle a été mal saisie, a expiré ou a déjà été utilisée pour un autre compte.'); + + query('delete', 'approval-keys', ['key' => $_POST['key']]); + + $stmt = DB->prepare('UPDATE users SET type = "approved" WHERE id = :id'); + $stmt->bindValue(':id', $_SESSION['id']); + $stmt->execute(); + + $_SESSION['type'] = 'approved'; + + insert('approval-keys', ['key' => bin2hex(random_bytes(16))]); + + output(200, 'Compte approuvé.'); +} + +?> + +

+ Ce formulaire permet d'utiliser une clé d'approbation pour valider son compte. Une clé d'approbation est distribuée par l'administrataire sur demande. +

+ +
+
+ +
+ +
diff --git a/pages/auth/index.php b/pages/auth/index.php index 3bcd5ae..f7d9e0e 100644 --- a/pages/auth/index.php +++ b/pages/auth/index.php @@ -1,7 +1,7 @@

- Vous utilisez actuellement un compte . Son identifiant interne est . + Vous utilisez actuellement un compte . Son identifiant interne est . Vous n'utilisez actuellement aucun compte. @@ -19,11 +19,11 @@

  • Certificat Let's Encrypt de test
    • -
    Confiancé
    +
    Approuvé
    - C'est originellement un compte de test mais qui a été confiancé par ane administrataire, et qui a pour but d'être utilisé de façon stable : + C'est originellement un compte de test mais qui a été approuvé par ane administrataire, et qui a pour but d'être utilisé de façon stable :
    diff --git a/pages/auth/username.php b/pages/auth/username.php index 14272a8..5feb9e2 100644 --- a/pages/auth/username.php +++ b/pages/auth/username.php @@ -8,9 +8,7 @@ if (processForm()) { if (usernameExists($username) !== false) output(403, 'Ce nom de compte est déjà utilisé.'); - $db = new PDO('sqlite:' . DB_PATH); - - $stmt = $db->prepare('UPDATE users SET username = :username WHERE id = :id'); + $stmt = DB->prepare('UPDATE users SET username = :username WHERE id = :id'); $stmt->bindValue(':id', $_SESSION['id']); $stmt->bindValue(':username', $username); diff --git a/pages/ht/add-http-dns.php b/pages/ht/add-http-dns.php index 1c7a32b..9cdab2c 100644 --- a/pages/ht/add-http-dns.php +++ b/pages/ht/add-http-dns.php @@ -33,7 +33,7 @@ if (processForm()) { addSite($_SESSION['id'], $_POST['dir'], $_POST['domain'], 'dns', 'http'); - exec('2>&1 ' . CONF['ht']['sudo_path'] . ' ' . CONF['ht']['certbot_path'] . ' certonly' . (($_SESSION['type'] === 'trusted') ? '' : ' --test-cert') . ' --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain ' . $_POST['domain'], $output, $returnCode); + exec('2>&1 ' . CONF['ht']['sudo_path'] . ' ' . CONF['ht']['certbot_path'] . ' certonly' . (($_SESSION['type'] === 'approved') ? '' : ' --test-cert') . ' --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain ' . $_POST['domain'], $output, $returnCode); if ($returnCode !== 0) output(500, 'Certbot failed to get a Let\'s Encrypt certificate.', $output); diff --git a/pages/ht/index.php b/pages/ht/index.php index 17a73ea..d2a0391 100644 --- a/pages/ht/index.php +++ b/pages/ht/index.php @@ -41,7 +41,7 @@ else {

    Vous avez accès à un espace SFTP, limité à > 30) >= 1) ? $quotaSize >> 30 . ' ' . linkToDocs('units', 'Gio') : $quotaSize >> 20 . ' ' . linkToDocs('units', 'Mio') ?>. Vous pouvez téléverser vos sites dans /<nom du site>/*. Indiquez les données ci-dessous à votre client SFTP pour y accéder.

    diff --git a/router.php b/router.php index 9b5eb0b..f3dcb63 100644 --- a/router.php +++ b/router.php @@ -5,7 +5,7 @@ foreach (array_diff(scandir(CONF['common']['root_path'] . '/fn'), array('..', '. require CONF['common']['root_path'] . '/fn/' . $file; require 'pages.php'; -define('DB_PATH', CONF['common']['root_path'] . '/db/niver.db'); +define('DB', new PDO('sqlite:' . CONF['common']['root_path'] . '/db/niver.db')); const LF = "\n"; @@ -92,7 +92,7 @@ foreach (glob('css/*.css') as $cssPath)

    - 👤 ' : '' ?> Se déconnecter + 👤 ' : '' ?> Se déconnecter Anonyme Se connecter diff --git a/sftpgo-auth.php b/sftpgo-auth.php index 7d3d4ff..4c1d6a9 100644 --- a/sftpgo-auth.php +++ b/sftpgo-auth.php @@ -14,7 +14,7 @@ if (usernameExists($username) === true AND checkPassword($id, $auth_data['passwo "status": 1, "username": ' . json_encode($auth_data['username']) . ', "home_dir": "' . CONF['ht']['ht_path'] . '/' . $id . '", - "quota_size": ' . ((query('select', 'users', ['id' => $id], 'type')[0] === 'trusted') ? CONF['ht']['user_quota_trusted'] : CONF['ht']['user_quota_testing']) . ', + "quota_size": ' . ((query('select', 'users', ['id' => $id], 'type')[0] === 'approved') ? CONF['ht']['user_quota_approved'] : CONF['ht']['user_quota_testing']) . ', "permissions": { "/": [ "*"