Add more paths as constants

ht/gemini-onion.php

@@ -51,15 +51,15 @@ if (isset($_POST['dir']) AND isset($_SESSION['username'])) {
     exit("ERROR : Wrong value for dir");
 
   // Generate a .onion address
-  $torConf = file_get_contents("/etc/tor/torrc");
-  $torConf = $torConf . "\nHiddenServiceDir /var/lib/tor/niver/" . $_POST['dir'] . "/\nHiddenServicePort 1965 [::1]:1965";
-  file_put_contents("/etc/tor/torrc", $torConf);
+  $torConf = file_get_contents(TOR_CONFIG_PATH);
+  $torConf = $torConf . "\nHiddenServiceDir " . TOR_KEYS_PATH . "/" . $_POST['dir'] . "/\nHiddenServicePort 1965 [::1]:1965";
+  file_put_contents(TOR_CONFIG_PATH, $torConf);
 
-  exec("sudo -u root " . MANIVER_PATH . " reload-tor", $output);
+  exec(SUDO_PATH . " " . MANIVER_PATH . " reload-tor", $output);
   addNiverLog("Tor reloaded by " . $_SESSION['username'], $output);
 
   // Copy generated address to a location readable by PHP
-  exec("sudo -u root " . MANIVER_PATH . " export-tor " . $_SESSION['username'] . " " . $_POST['dir'], $output);
+  exec(SUDO_PATH . " " . MANIVER_PATH . " export-tor " . $_SESSION['username'] . " " . $_POST['dir'], $output);
   addNiverLog("Tor data exported by " . $_SESSION['username'], $output);
 
   // Get the address generated by Tor

ht/http-onion.php

@@ -51,15 +51,15 @@ if (isset($_POST['dir']) AND isset($_SESSION['username'])) {
     exit("ERROR : Wrong value for dir");
 
   // Generate a .onion address
-  $torConf = file_get_contents("/etc/tor/torrc");
-  $torConf = $torConf . "\nHiddenServiceDir /var/lib/tor/niver/" . $_POST['dir'] . "/\nHiddenServicePort 80 [::1]:80";
-  file_put_contents("/etc/tor/torrc", $torConf);
+  $torConf = file_get_contents(TOR_CONFIG_PATH);
+  $torConf = $torConf . "\nHiddenServiceDir " . TOR_KEYS_PATH . "/" . $_POST['dir'] . "/\nHiddenServicePort 80 [::1]:80";
+  file_put_contents(TOR_CONFIG_PATH, $torConf);
 
-  exec("sudo -u root " . MANIVER_PATH . " reload-tor", $output);
+  exec(SUDO_PATH . " " . MANIVER_PATH . " reload-tor", $output);
   addNiverLog("Tor reloaded by " . $_SESSION['username'], $output);
 
   // Copy generated address to a location readable by PHP
-  exec("sudo -u root " . MANIVER_PATH . " export-tor " . $_SESSION['username'] . " " . $_POST['dir'], $output);
+  exec(SUDO_PATH . " " . MANIVER_PATH . " export-tor " . $_SESSION['username'] . " " . $_POST['dir'], $output);
   addNiverLog("Tor data exported by " . $_SESSION['username'], $output);
 
   // Get the address generated by Tor
@@ -70,14 +70,14 @@ if (isset($_POST['dir']) AND isset($_SESSION['username'])) {
   addSite($_SESSION['username'], $_POST['dir'], $onion, "onion", "http");
 
   // Add it to Nginx
-  $nginxConf = file_get_contents("/etc/nginx/hyper.d/onion.template");
+  $nginxConf = file_get_contents(ROOT_PATH . "/inc/nginx/dns.template");
   $nginxConf = preg_replace("#DOMAIN#", $onion, $nginxConf);
   $nginxConf = preg_replace("#DIR#", $_POST['dir'], $nginxConf);
   $nginxConf = preg_replace("#USER#", $_SESSION['username'], $nginxConf);
-  file_put_contents("/etc/nginx/hyper.d/" . $_POST['dir'] . ".conf", $nginxConf);
+  file_put_contents(NGINX_CONFIG_PATH . "/" . $_POST['dir'] . ".conf", $nginxConf);
 
   // Reload Nginx
-  exec("sudo /root/maniver/target/debug/maniver reload-nginx");
+  exec("sudo " . MANIVER_PATH . " reload-nginx");
 
   // Tell the user their site address
   echo "<p>L'adresse de votre site Onion HTTP est :<br><a href='http://" . $onion . "'<code>http://" . $onion . "</code></a></p>";

ht/https-domain.php

@@ -60,13 +60,15 @@ if (isset($_POST['domain']) AND isset($_POST['dir']) AND isset($_SESSION['userna
 
   addSite($_SESSION['username'], $_POST['dir'], $_POST['domain'], "dns", "http");
 
-  $conf = file_get_contents("/etc/nginx/hyper.d/dns.template");
+  $conf = file_get_contents(ROOT_PATH . "/inc/nginx/dns.template");
   $conf = preg_replace("#DOMAIN#", $_POST['domain'], $conf);
   $conf = preg_replace("#DIR#", $_POST['dir'], $conf);
   $conf = preg_replace("#USER#", $_SESSION['username'], $conf);
-  file_put_contents("/etc/nginx/hyper.d/" . $_POST['domain'] . ".conf", $conf);
-  exec("sudo " . MANIVER_PATH . " reload-nginx");
-  //certbot certonly --nginx -d testcrabe.atope.art
+  file_put_contents(NGINX_CONFIG_PATH . "/" . $_POST['domain'] . ".conf", $conf);
+
+  // Reload Nginx
+  exec(SUDO_PATH . " " . MANIVER_PATH . " reload-nginx");
+
   echo "Accès HTTP par domaine ajouté sur ce dossier !";
 }
 

ht/le.php

@@ -15,14 +15,12 @@
 if (isset($_POST['domain'])) {
 
   exec("sudo " . MANIVER_PATH . " le-install " . $_POST['domain'], $output);
-  echo "<pre>";
-  print_r($output);
-  echo "</pre>";
-  $conf = file_get_contents("/etc/nginx/hyper.d/" . $_POST['domain'] . ".conf");
+  addNiverLog($_SESSION['username'] . " installed a Let's Encrypt certificate on their site", $output);
+  $conf = file_get_contents(NGINX_CONFIG_PATH . "/" . $_POST['domain'] . ".conf");
   $conf = preg_replace("#host\.atope\.art#", $_POST['domain'], $conf);
-  file_put_contents("/etc/nginx/hyper.d/" . $_POST['domain'] . ".conf", $conf);
+  file_put_contents(NGINX_CONFIG_PATH . "/" . $_POST['domain'] . ".conf", $conf);
 
-  exec("sudo /root/maniver/target/debug/maniver reload-nginx");
+  exec("sudo " . MANIVER_PATH . " reload-nginx");
 
   echo "Formulaire traité !!";
 } else {

ht/sftp.php

@@ -43,6 +43,8 @@ if ($_SESSION['sftp_enabled'] == false) { ?>
   <br><br>
   <a href="sftp://<?= $_SESSION['username'] ?>@sftp.niver.atope.art/">sftp://<?= $_SESSION['username'] ?>@sftp.niver.atope.art/</a>
   <br><br>
+  L'accès n'est pour l'instant disponible qu'en IPv4.
+  <br><br>
   SHA-256 des clés du serveur :
   <br>Ed25519 : <code>MHwU49oafgq4jY6whUy2INWHMrs+uz4A0j+gsQEgho8</code>
   <br>RSA : <code>6wWSPLxqns4ZKtnqzv7ch3k/R2ztPgDiCr4c0B/I/mw</code>

inc/nginx/dns.template

@@ -0,0 +1,25 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name DOMAIN;
+    return 301 https://DOMAIN$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name DOMAIN;
+    root /srv/hyper/USER/hyper/DIR;
+
+    ssl_certificate           /etc/letsencrypt/live/host.atope.art/fullchain.pem;
+    ssl_certificate_key       /etc/letsencrypt/live/host.atope.art/privkey.pem;
+
+    include /etc/nginx/inc/intermediate.conf.inc;
+
+    default_type text/plain;
+
+    location / {
+        try_files $uri $uri.html $uri/ =404;
+    }
+} 
+ 

inc/nginx/onion.template

@@ -0,0 +1,9 @@
+server {
+    listen [::1]:80;
+    server_name DOMAIN;
+    root /srv/hyper/USER/hyper/DIR;
+
+    location / {
+        try_files $uri $uri.html $uri/ =404;
+    }
+}

niver.log

@@ -47,3 +47,27 @@
  status: exit code: 0
  stdout:
  stderr:
+
+2021-03-02 23:26:28 cake enabled SFTP on their account
+
+2021-03-02 23:34:32 crible enabled SFTP on their account
+
+2021-03-02 23:39:29 yonyon enabled SFTP on their account
+
+2021-03-03 00:32:48 guidon enabled SFTP on their account
+
+2021-03-03 00:34:40 carle enabled SFTP on their account
+ status: exit code: 0
+ stdout:
+ stderr:
+ sent username:password to chpasswd
+ chpasswd responded with:
+ status: exit code: 0
+ stdout:
+ stderr:
+ status: exit code: 0
+ stdout:
+ stderr:
+ status: exit code: 0
+ stdout:
+ stderr:

top.inc.php

@@ -19,14 +19,21 @@ define("USERNAME_REGEX", "^[a-z]{4,32}$");
 define("PASSWORD_REGEX", "^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])[a-zA-Z0-9]{8,1024}|.{10,1024}$");
 define("SUBDOMAIN_REGEX", "^[a-z]{4,63}$");
 
-define("PREFIX", "/malaxe");
+define("PREFIX", "/malaxe"); // Prefix in the URL, if any
+define("ROOT_PATH", "/var/www/niver" . PREFIX); // Niver directory
+define("DB_PATH", ROOT_PATH . "/db/niver.db"); // Niver SQLite database
+define("KNOTC_PATH", "/usr/sbin/knotc"); // Binary file
+define("KEYMGR_PATH", "/usr/sbin/keymgr"); // Binary file
+define("NGINX_CONFIG_PATH", "/etc/nginx/hyper"); // Config directory
+define("TOR_CONFIG_PATH", "/etc/tor/torrc"); // Config file
+define("TOR_KEYS_PATH", "/var/lib/tor/niver"); // Keys directory
+define("SUDO_PATH", "/usr/bin/sudo"); // Binary file
+define("MANIVER_PATH", "/root/maniver/target/release/maniver"); // Binary file
+// The mountpoint of the hypertext storage partition (that will be accessed over SFTP)
+define("HT_PATH", "/srv/hyper");
+
 define("SERVICE", substr(dirname($_SERVER['PHP_SELF']), strlen(PREFIX) + 1));
-define("ROOT_PATH", "/var/www/niver" . PREFIX);
 define("PAGE", basename($_SERVER['PHP_SELF'], '.php'));
-define("DB_PATH", ROOT_PATH . "/db/niver.db");
-define("KNOTC_PATH", "/usr/sbin/knotc");
-define("KEYMGR_PATH", "/usr/sbin/keymgr");
-define("MANIVER_PATH", "/root/maniver/target/release/maniver");
 
 if (SERVICE != "auth" AND !isset($_SESSION['username'])) {
   header('Location: ' . PREFIX . '/auth/login?redir=' . SERVICE . "/" . PAGE, true, 302);