From c997ac424d7a6480a51182eb2c266cf51faf7d5c Mon Sep 17 00:00:00 2001
From: Miraty <miraty@antopie.org>
Date: Tue, 7 Jun 2022 17:58:46 +0200
Subject: [PATCH] http-onion.php now works

---
 common/pages.php         |  4 ++--
 config.ini               |  4 +++-
 public/ht/http-onion.php | 38 ++++++++++++++++----------------------
 public/ht/index.php      |  6 +++---
 public/ns/index.php      | 26 +++++++++++++-------------
 public/reg/index.php     |  8 ++++----
 sftpgo-auth.php          |  2 +-
 7 files changed, 42 insertions(+), 46 deletions(-)

diff --git a/common/pages.php b/common/pages.php
index 5b23855..fdb3f0a 100644
--- a/common/pages.php
+++ b/common/pages.php
@@ -90,10 +90,10 @@ switch (SERVICE) {
 				$page['title'] = "Créer un dossier de site";
 			break;
 			case "http-onion":
-				$page['title'] = "Accès HTTP en Onion";
+				$page['title'] = "Accès HTTP par service Onion";
 			break;
 			case "https-domain":
-				$page['title'] = "Accès HTTPS par domaine";
+				$page['title'] = "Accès HTTP par DNS et TLS";
 			break;
 			case "le":
 				$page['title'] = "Installer un certificat Let's Encrypt";
diff --git a/config.ini b/config.ini
index 4e90629..451d13b 100644
--- a/config.ini
+++ b/config.ini
@@ -29,11 +29,13 @@ nginx_config_path = "/etc/nginx/ht"
 tor_config_path = "/etc/tor/instances/niver/torrc"
 ; Tor keys directory
 tor_keys_path = "/var/lib/tor-instances/niver/keys"
+tor_service = "tor@niver"
 
 sudo_path = "/usr/bin/sudo"
 systemctl_path = "/usr/bin/systemctl"
 certbot_path = "/usr/bin/certbot"
 chgrp_path = "/usr/bin/chgrp"
+cat_path = "/usr/bin/cat"
 
 sftpgo_group = sftpgo
 
@@ -43,7 +45,7 @@ ipv4_address = "127.0.0.1"
 sftp_pub = "/etc/sftpgo/ed25519.pub"
 sftp_fp = "/etc/sftpgo/ed25519.fp"
 sftp_asciiart = "/etc/sftpgo/ed25519.asciiart"
-sftp_domain = "sftp.niver.test"
+sftp_domain = "ht.niver.test"
 public_sftp_port = 2022
 
 ; Will be used in configuration files
diff --git a/public/ht/http-onion.php b/public/ht/http-onion.php
index 0135cd6..bf8bc8f 100644
--- a/public/ht/http-onion.php
+++ b/public/ht/http-onion.php
@@ -33,44 +33,38 @@ switchToFormProcess();
 if ($dirsStatuses[$_POST['dir']] !== false)
 	userError("Wrong value for <code>dir</code>.");
 
-// Generate a .onion address
+// Add Tor config
 $torConf = file_get_contents(CONF['ht']['tor_config_path']);
 $torConf = $torConf . "HiddenServiceDir " . CONF['ht']['tor_keys_path'] . "/" . $_POST['dir'] . "/
 HiddenServicePort 80 [::1]:" . CONF['ht']['internal_onion_http_port'] . "
 ";
 file_put_contents(CONF['ht']['tor_config_path'], $torConf);
 
-exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload tor", $output);
-addNiverLog("Tor reloaded by " . $_SESSION['username'], $output);
-
-// Copy generated address to a location readable by PHP
-exec(CONF['ht']['sudo_path'] . " " . MANIVER_PATH . " export-tor " . $_SESSION['username'] . " " . $_POST['dir'], $output);
-addNiverLog("Tor data exported by " . $_SESSION['username'], $output);
-
-// Wait
-sleep(1);
+// Reload Tor
+exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload " . CONF['ht']['tor_service'], $output);
 
 // Get the address generated by Tor
-$onion = file_get_contents(CONF['ht']['ht_path'] . "/" . $_SESSION['username'] . "/" . $_POST['dir'] . "/hostname");
-$onion = str_replace(array("\r", "\n"), "", $onion);
+exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['cat_path'] . " " . CONF['ht']['tor_keys_path'] . "/" . $_POST['dir'] . "/hostname", $output);
+$onion = $output[0];
 if (preg_match("/[0-9a-z]{56}\.onion/", $onion) !== 1)
 	serverError("No onion address found.");
 
 // Store it in the database
 addSite($_SESSION['username'], $_POST['dir'], $onion, "onion", "http");
 
-// Add it to Nginx
-$nginxConf = file_get_contents(NIVER_TEMPLATE_PATH . "/nginx/onion.template");
-$nginxConf = str_replace("{{CONF['ht']['internal_onion_http_port']}}", CONF['ht']['internal_onion_http_port'], $nginxConf);
-$nginxConf = str_replace("{{DOMAIN}}", $onion, $nginxConf);
-$nginxConf = str_replace("{{CONF['ht']['ht_path']}}", CONF['ht']['ht_path'], $nginxConf);
-$nginxConf = str_replace("{{USERNAME}}", $_SESSION['username'], $nginxConf);
-$nginxConf = str_replace("{{DIR}}", $_POST['dir'], $nginxConf);
-file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $_POST['dir'] . ".conf", $nginxConf);
+// Add Nginx config
+$nginxConf = 'server {
+	listen [::1]:' . CONF['ht']['internal_onion_http_port'] . ';
+	server_name ' . $onion . ';
+	root ' . CONF['ht']['ht_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . ';
+
+	include inc/ht-onion.conf;
+}
+';
+file_put_contents(CONF['ht']['nginx_config_path'] . "/" . $onion . ".conf", $nginxConf);
 
 // Reload Nginx
-exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx", $output);
-addNiverLog("Nginx reloaded by " . $_SESSION['username'], $output);
+exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload nginx");
 
 // Tell the user their site address
 success("L'adresse de votre service Onion HTTP est : <a href='http://" . $onion . "/'<code>http://" . $onion . "/</code></a>");
diff --git a/public/ht/index.php b/public/ht/index.php
index 869df90..a0bdd88 100644
--- a/public/ht/index.php
+++ b/public/ht/index.php
@@ -53,15 +53,15 @@
 </dl>
 
 <dl>
-	<dt><a class="ht" href="http-onion">Accès HTTP en Onion</a></dt>
+	<dt><a href="http-onion">Accès HTTP par service Onion</a></dt>
 	<dd>
 		Un site HTML, accessible par Tor, avec une adresse en .onion
 	</dd>
-	<dt><a class="ht" href="https-domain">Accès HTTPS par DNS</a></dt>
+	<dt><a href="https-domain">Accès HTTP par DNS et TLS</a></dt>
 	<dd>
 		Un site HTML, accessible directement, par un nom de domaine
 	</dd>
-	<dt><a class="ht" href="le">Let's Encrypt</a></dt>
+	<dt><a href="le">Let's Encrypt</a></dt>
 	<dd>
 		Installer un certificat Let's Encrypt sur un domaine
 	</dd>
diff --git a/public/ns/index.php b/public/ns/index.php
index e0816e7..2a07480 100644
--- a/public/ns/index.php
+++ b/public/ns/index.php
@@ -1,58 +1,58 @@
 <?php require "../../common/html.php"; ?>
 
 <dl>
-	<dt><a class="ns" href="zone">Gérer ses zones</a></dt>
+	<dt><a href="zone">Gérer ses zones</a></dt>
 	<dd>
 		Pour qu'elle soit gérée par le serveur de noms de Niver
 	</dd>
-	<dt><a class="ns" href="dnssec">Obtenir les enregistrements <abbr title="Delegation Signer">DS</abbr></a></dt>
+	<dt><a href="dnssec">Obtenir les enregistrements <abbr title="Delegation Signer">DS</abbr></a></dt>
 	<dd>
 		À indiquer à la zone parente pour activer <abbr title="Domain Name System Security Extensions">DNSSEC</abbr>
 	</dd>
-	<dt><a class="ns" href="ns">Enregistrement <abbr title="Name Server">NS</abbr></a></dt>
+	<dt><a href="ns">Enregistrement <abbr title="Name Server">NS</abbr></a></dt>
 	<dd>
 		Indiquer le serveur de noms d'une zone
 	</dd>
-	<dt><a class="ns" href="ip">Enregistrements A et AAAA</a></dt>
+	<dt><a href="ip">Enregistrements A et AAAA</a></dt>
 	<dd>
 		Indiquer l'adresse IP d'un domaine
 	</dd>
-	<dt><a class="ns" href="txt">Enregistrement TXT</a></dt>
+	<dt><a href="txt">Enregistrement TXT</a></dt>
 	<dd>
 		Associer du texte à un domaine
 	</dd>
 
-	<dt><a class="ns" href="srv">Enregistrement SRV</a></dt>
+	<dt><a href="srv">Enregistrement SRV</a></dt>
 	<dd>
 		Indiquer un serveur pour un domaine
 	</dd>
-	<dt><a class="ns" href="mx">Enregistrement <abbr title="Mail eXchanger">MX</abbr></a></dt>
+	<dt><a href="mx">Enregistrement <abbr title="Mail eXchanger">MX</abbr></a></dt>
 	<dd>
 		Indiquer le serveur mail pour un domaine
 	</dd>
-	<dt><a class="ns" href="caa">Enregistrement <abbr title="Certification Authority Authorization">CAA</abbr></a></dt>
+	<dt><a href="caa">Enregistrement <abbr title="Certification Authority Authorization">CAA</abbr></a></dt>
 	<dd>
 		Indiquer les seules autorités de certifications autorisée à signer les domaines
 	</dd>
-	<dt><a class="ns" href="tlsa">Enregistrement <abbr title="Transport Layer Security Association">TLSA</abbr></a></dt>
+	<dt><a href="tlsa">Enregistrement <abbr title="Transport Layer Security Association">TLSA</abbr></a></dt>
 	<dd>
 		Mettre en place <abbr title="DNS-based Authentication of Named Entities">DANE</abbr> en indiquant l'empreinte d'un certificat <abbr title="Transport Layer Security">TLS</abbr>
 	</dd>
-	<dt><a class="ns" href="sshfp">Enregistrement <abbr title="Secure SHell FingerPrint">SSHFP</abbr></a></dt>
+	<dt><a href="sshfp">Enregistrement <abbr title="Secure SHell FingerPrint">SSHFP</abbr></a></dt>
 	<dd>
 		Indiquer les empreintes de clés <abbr title="Secure SHell">SSH</abbr> d'un domaine
 	</dd>
 
 	<!--
-	<dt><a class="ns" href="loc">Enregistrement LOC</a></dt>
+	<dt><a href="loc">Enregistrement LOC</a></dt>
 	<dd>
 		Indiquer des coordonnées géographiques
 	</dd>
-	<dt><a class="ns" href="cname">Enregistrement <abbr title="Canonical NAME">CNAME</abbr></a></dt>
+	<dt><a href="cname">Enregistrement <abbr title="Canonical NAME">CNAME</abbr></a></dt>
 	<dd>
 		Définir un domaine comme étant l'alias d'un autre
 	</dd>
-	<dt><a class="ns" href="dname">Enregistrement <abbr title="Delegation NAME">DNAME</abbr></a></dt>
+	<dt><a href="dname">Enregistrement <abbr title="Delegation NAME">DNAME</abbr></a></dt>
 	<dd>
 		Définir les sous-domaines d'un domaine comme étant les alias des sous-domaines d'un autre domaine
 	</dd>-->
diff --git a/public/reg/index.php b/public/reg/index.php
index 44fb617..95a8ee4 100644
--- a/public/reg/index.php
+++ b/public/reg/index.php
@@ -1,19 +1,19 @@
 <?php require "../../common/html.php"; ?>
 
 <dl>
-	<dt><a class="reg" href="register">Enregistrer un nouveau domaine</a></dt>
+	<dt><a href="register">Enregistrer un nouveau domaine</a></dt>
 	<dd>
 		Prendre possession d'un sous-domaine de <code><?= CONF['reg']['registry'] ?></code>
 	</dd>
-	<dt><a class="reg" href="ns">Enregistrement <abbr title="Name Server">NS</abbr></a></dt>
+	<dt><a href="ns">Enregistrement <abbr title="Name Server">NS</abbr></a></dt>
 	<dd>
 		Indiquer les serveurs de noms de son sous-domaine de <code><?= CONF['reg']['registry'] ?></code>
 	</dd>
-	<dt><a class="reg" href="ds">Enregistrement <abbr title="Delegation Signer">DS</abbr></a></dt>
+	<dt><a href="ds">Enregistrement <abbr title="Delegation Signer">DS</abbr></a></dt>
 	<dd>
 		Déléguer la confiance <abbr title="Domain Name System Security Extensions">DNSSEC</abbr>
 	</dd>
-	<dt><a class="reg" href="glue">Glue Record</a></dt>
+	<dt><a href="glue">Glue Record</a></dt>
 	<dd>
 		Indiquer les IP de ses serveurs de noms de son sous-domaine de <code><?= CONF['reg']['registry'] ?></code> dont les adresses se trouvent sur ce même sous-domaine
 	</dd>
diff --git a/sftpgo-auth.php b/sftpgo-auth.php
index 47951aa..126c3c5 100644
--- a/sftpgo-auth.php
+++ b/sftpgo-auth.php
@@ -1,7 +1,7 @@
 <?php
 
 require "common/init.php";
-require "auth.php";
+require "fn/auth.php";
 
 $authData = json_decode(file_get_contents("php://input"), true);
 $user = json_decode($authData['user'], true);