Fix LE setup

ht/le.php

@@ -4,29 +4,50 @@
 </p>
 
 <form method="post">
-  <label for="domain">Domaine sur lequel installer le certificat</label><br>
-  <input required="" placeholder="site.<?= DOMAIN_EXAMPLE ?>" id="domain" name="domain" type="text"><br>
-
+  <label for="domain">Domaine ciblé</label><br>
+  <select required="" name="domain">
+    <option value="" disabled="" selected="">---</option>
+  <?php
+  $sites = selectSites($_SESSION['username'], "dns", "http", false);
+  $leAvailable = selectSites($_SESSION['username'], "dns", "http", true);
+  foreach ($sites as $site) { ?>
+    <option value="<?= $site['domain'] ?>"><?= $site['domain'] . " (/ht/" . $site['siteDir'] . ")" ?></option>
+  <?php } ?>
+  </select>
+  <br>
   <input value="Valider" type="submit">
 </form>
 
 <?php
 
-if (isset($_POST['domaine']) AND isset($_SESSION['username'])) {
+if (isset($_POST['domain']) AND isset($_SESSION['username'])) {
 
   antiCSRF();
 
-  exec(SUDO_PATH . " " . MANIVER_PATH . " le-install " . $_POST['domain'], $output);
-  addNiverLog($_SESSION['username'] . " installed a Let's Encrypt certificate on their site", $output);
+  // Use maniver to use Certbot
+  exec(SUDO_PATH . " " . MANIVER_PATH . " le-install " . $_POST['domain'], $output, $returnCode);
+
+  // Log Certbot response
+  addNiverLog($_SESSION['username'] . " installed a Let's Encrypt certificate on their site", $output,  $returnCode);
+
+  // Abort if Certbot failed
+  if ($returnCode !== 0)
+    exit("Let's Encrypt certificate obtention failed. Try again later, or contact an administrator.");
+
+  // Replace self-signed certificate by Let's Encrypt certificate in Nginx configuration
   $conf = file_get_contents(NGINX_CONFIG_PATH . "/" . $_POST['domain'] . ".conf");
-  $conf = preg_replace("#host\.atope\.art#", $_POST['domain'], $conf);
+  $conf = preg_replace("#/etc/ssl/certs/niver\.crt#", "/etc/letsencrypt/live/" . $_POST['domain'] . "/fullchain.pem", $conf);
+  $conf = preg_replace("#/etc/ssl/private/niver\.key#", "/etc/letsencrypt/live/" . $_POST['domain'] . "/privkey.pem", $conf);
   file_put_contents(NGINX_CONFIG_PATH . "/" . $_POST['domain'] . ".conf", $conf);
 
-  exec(SUDO_PATH . " " . MANIVER_PATH . " reload-nginx");
+  // Reload Nginx
+  exec(SUDO_PATH . " " . MANIVER_PATH . " reload-nginx", $output, $returnCode);
+
+  // Abort if Maniver failed to reload Nginx
+  if ($returnCode !== 0)
+    exit("Nginx configuration reload failed. Try again later, or contact an administrator.");
 
-  echo "Formulaire traité !!";
-} else {
-  echo "Rien n'a été reçu lors du dernier chargement";
+  echo "Succès : La connexion avec votre site utilise désomais un certificat TLS émis par Let's Encrypt.";
 }
 
 ?>

inc/all.inc.php

@@ -2,14 +2,22 @@
 if (strpos($_SERVER['PHP_SELF'], "inc.php") !== false)
   exit("This file is meant to be included.");
 
-function addNiverLog($message, $outputLines) {
+function addNiverLog($message, $outputLines, $returnCode) {
   $logs = "\n" . date("Y-m-d H:i:s") . " " . $message . "\n";
+  if (isset($returnCode))
+    $logs = $logs . "Return code: " . $returnCode . "\n";
+  else
+    $logs = $logs . "No return code logged\n";
   foreach ($outputLines as $outputLine) {
     $logs = $logs . " " .  $outputLine . "\n";
   }
   file_put_contents(ROOT_PATH . "/niver.log", $logs, FILE_APPEND);
 }
 
+function appendLog($log) {
+  file_put_contents(ROOT_PATH . "/niver.log", date("Y-m-d H:i:s") . var_dump($log) . "\n", FILE_APPEND);
+}
+
 function checkAction($action) {
   if ($action === "delete")
     return "un";

inc/auth.inc.php

@@ -48,7 +48,7 @@ function changePassword($username, $password) {
 function antiCSRF() {
 
   if (!isset($_SERVER['HTTP_SEC_FETCH_SITE']) AND !isset($_SERVER['HTTP_ORIGIN']))
-    exit("ERROR: Browser sent neither Sec-Fetch-Site nor Origin HTTP headers, so anti-CSRS verification can't be done.");
+    exit("ERROR: Browser sent neither Sec-Fetch-Site nor Origin HTTP headers, so anti-CSRF verification can't be done.");
 
   if (isset($_SERVER['HTTP_ORIGIN']) AND $_SERVER['HTTP_ORIGIN'] !== "https://niver.4.niv.re")
     exit("ERROR: Anti-CSRF verification failed");

inc/ht.inc.php

@@ -16,9 +16,13 @@ function listFsDirs($username) {
 function addSite($username, $siteDir, $domain, $domainType, $protocol) {
   $db = new PDO('sqlite:' . DB_PATH);
 
-  $op = $db->prepare("INSERT INTO sites(username, site_dir, domain, domain_type, protocol, creation_date) VALUES(:username, :site_dir, :domain, :domain_type, :protocol, :creation_date)");
+  $op = $db->prepare("INSERT INTO sites(username, site_dir, domain, domain_type, protocol, creation_date, le_enabled) VALUES(:username, :site_dir, :domain, :domain_type, :protocol, :creation_date, :le_enabled)");
 
   $time = date("Y-m-d H:i:s");
+  if ($domainType === "dns" AND $protocol === "http")
+    $le_enabled = 0;
+  else
+    $le_enabled = NULL;
 
   $op->bindParam(':username', $username);
   $op->bindParam(':site_dir', $siteDir);
@@ -26,6 +30,7 @@ function addSite($username, $siteDir, $domain, $domainType, $protocol) {
   $op->bindParam(':domain_type', $domainType);
   $op->bindParam(':protocol', $protocol);
   $op->bindParam(':creation_date', $time);
+  $op->bindParam(':le_enabled', $le_enabled);
 
   $op->execute();
 }
@@ -88,5 +93,34 @@ function enableSftp($username) {
   $op->bindParam(':username', $username);
 
   $op->execute();
+}
+
+function selectSites($username, $domainType, $protocol, $onlyLeAvailable) {
+  $db = new PDO('sqlite:' . DB_PATH);
+  $usernameArray[0] = $username;
+
+  $query = "SELECT site_dir,domain FROM sites WHERE username = :username AND domain_type = :domain_type AND protocol = :protocol";
+
+  if ($onlyLeAvailable === true)
+    $query = $query . " AND le_enabled = 0";
+
+  $op = $db->prepare($query);
+  $op->bindParam(':username', $username);
+  $op->bindParam(':domain_type', $domainType);
+  $op->bindParam(':protocol', $protocol);
+  $op->execute();
 
+  $i = 0;
+  $entry = $op->fetch();
+  while (isset($entry['site_dir'])) {
+    $result[$i]["siteDir"] = $entry['site_dir'];
+    $result[$i]["domain"] = $entry['domain'];
+    $i++;
+    $entry = $op->fetch();
+  }
+
+  if (isset($result))
+    return $result;
+  else
+    return false;
 }