Store Tor config and keys in $username/$dir

config.ini

@@ -23,10 +23,10 @@ enabled = true
 ht_path = "/srv/ht"
 ; Nginx configuration directory
 nginx_config_path = "/etc/nginx/ht"
-; Tor configuration file
-tor_config_path = "/etc/tor/torrc"
+; Tor configuration directory
+tor_config_path = "/srv/niver/tor-config"
 ; Tor keys directory
-tor_keys_path = "/var/lib/tor/keys"
+tor_keys_path = "/srv/niver/tor-keys"
 tor_service = "tor"
 tor_user = "tor"
 
@@ -36,6 +36,7 @@ certbot_path = "/usr/bin/certbot"
 chgrp_path = "/usr/bin/chgrp"
 cat_path = "/usr/bin/cat"
 rm_path = "/usr/bin/rm"
+mkdir_path = "/usr/bin/mkdir"
 
 sftpgo_group = sftpgo
 

fn/common.php

@@ -86,3 +86,13 @@ function redir() {
 		header('Location: ' . CONF['common']['prefix'] . '/');
 	}
 }
+
+// PHP rmdir() only works on empty directories
+function removeDirectory($dir) {
+	$dirObj = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS);
+	$files = new RecursiveIteratorIterator($dirObj, RecursiveIteratorIterator::CHILD_FIRST);
+	foreach ($files as $file)
+		$file->isDir() && !$file->isLink() ? rmdir($file->getPathname()) : unlink($file->getPathname());
+	if (rmdir($dir) !== true)
+		serverError("Unable to remove directory.");
+}

fn/ht.php

@@ -50,14 +50,8 @@ function htDeleteSite($dir, $domainType, $protocol) {
 
 	if ($domainType === 'onion') {
 		// Delete Tor config
-		$torConf = file_get_contents(CONF['ht']['tor_config_path']);
-		if ($torConf === false)
-			serverError("Failed to read current Tor configuration.");
-		$torConf = str_replace('HiddenServiceDir ' . CONF['ht']['tor_keys_path'] . '/' . $dir . '/
-HiddenServicePort 80 [::1]:' . CONF['ht']['internal_onion_http_port'] . '
-', '', $torConf);
-		if (file_put_contents(CONF['ht']['tor_config_path'], $torConf) === false)
-			serverError("Failed to write new Tor configuration.");
+		if (unlink(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username'] . '/' . $dir) !== true)
+			serverError("Failed to delete Tor configuration.");
 
 		// Reload Tor
 		exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['systemctl_path'] . " reload " . CONF['ht']['tor_service'], $output, $code);
@@ -65,7 +59,7 @@ HiddenServicePort 80 [::1]:' . CONF['ht']['internal_onion_http_port'] . '
 			serverError("Failed to reload Tor.");
 
 		// Delete Tor keys
-		exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['rm_path'] . " --recursive " . CONF['ht']['tor_keys_path'] . "/" . $dir, $output, $code);
+		exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['rm_path'] . ' --recursive ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'] . '/' . $dir, $output, $code);
 		if ($code !== 0)
 			serverError("Failed to delete Tor keys.");
 	}

public/auth/register.php

@@ -36,10 +36,19 @@ if (userExist($_POST['username']) !== false)
 umask(0002);
 if (mkdir(CONF['ht']['ht_path'] . "/" . $_POST['username'], 0775) !== true)
 	serverError("Can't create user directory.");
-exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'] . " --no-dereference", $stdout, $code);
+exec(CONF['ht']['sudo_path'] . " " . CONF['ht']['chgrp_path'] . " " . CONF['ht']['sftpgo_group'] . " " . CONF['ht']['ht_path'] . "/" . $_POST['username'] . " --no-dereference", result_code: $code);
 if ($code !== 0)
 	serverError("Can't change user directory group.");
 
+// Setup Tor config directory
+if (mkdir(CONF['ht']['tor_config_path'] . "/" . $_POST['username'], 0755) !== true)
+	serverError("Can't create Tor config directory.");
+
+// Setup Tor keys directory
+exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['mkdir_path'] . " --mode=0700 " . CONF['ht']['tor_keys_path'] . "/" . $_POST['username'], result_code: $code);
+if ($code !== 0)
+	serverError("Can't create Tor keys directory.");
+
 $db = new PDO('sqlite:' . DB_PATH);
 
 $stmt = $db->prepare("INSERT INTO users(username, password, registration_date) VALUES(:username, :password, :registration_date)");

public/auth/unregister.php

@@ -34,13 +34,13 @@ foreach (query('select', 'sites', [
 ], 'site_dir') as $dir)
 	htDeleteSite($dir, domainType: 'dns', protocol: 'http');
 
-// PHP rmdir() only works on empty directories
-$dirObj = new RecursiveDirectoryIterator(CONF['ht']['ht_path'] . "/" . $_SESSION['username'], RecursiveDirectoryIterator::SKIP_DOTS);
-$files = new RecursiveIteratorIterator($dirObj, RecursiveIteratorIterator::CHILD_FIRST);
-foreach ($files as $path)
-	$path->isDir() && !$path->isLink() ? rmdir($path->getPathname()) : unlink($path->getPathname());
-if (rmdir(CONF['ht']['ht_path'] . '/' . $_SESSION['username']) !== true)
-	serverError("Unable to delete user's hypertext directory.");
+exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['rm_path'] . " --recursive " . CONF['ht']['tor_keys_path'] . "/" . $_SESSION['username'], result_code: $code);
+if ($code !== 0)
+	serverError("Can't remove Tor keys directory.");
+
+removeDirectory(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username']);
+
+removeDirectory(CONF['ht']['ht_path'] . '/' . $_SESSION['username']);
 
 query('delete', 'users', ['username' => $_SESSION['username']]);
 

public/ht/add-http-onion.php

@@ -34,13 +34,10 @@ if ($dirsStatuses[$_POST['dir']] !== false)
 	userError("Wrong value for <code>dir</code>.");
 
 // Add Tor config
-$torConf = file_get_contents(CONF['ht']['tor_config_path']);
-if ($torConf === false)
-	serverError("Failed to read current Tor configuration.");
-$torConf = $torConf . "HiddenServiceDir " . CONF['ht']['tor_keys_path'] . "/" . $_POST['dir'] . "/
+$torConf = "HiddenServiceDir " . CONF['ht']['tor_keys_path'] . "/" . $_SESSION['username'] . "/" . $_POST['dir'] . "/
 HiddenServicePort 80 [::1]:" . CONF['ht']['internal_onion_http_port'] . "
 ";
-if (file_put_contents(CONF['ht']['tor_config_path'], $torConf) === false)
+if (file_put_contents(CONF['ht']['tor_config_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'], $torConf) === false)
 	serverError("Failed to write new Tor configuration.");
 
 // Reload Tor
@@ -49,7 +46,7 @@ if ($code !== 0)
 	serverError("Failed to reload Tor.");
 
 // Get the address generated by Tor
-exec(CONF['ht']['sudo_path'] . " -u " . CONF['ht']['tor_user'] . " " . CONF['ht']['cat_path'] . " " . CONF['ht']['tor_keys_path'] . "/" . $_POST['dir'] . "/hostname", $output);
+exec(CONF['ht']['sudo_path'] . ' -u ' . CONF['ht']['tor_user'] . ' ' . CONF['ht']['cat_path'] . ' ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['username'] . '/' . $_POST['dir'] . '/hostname', $output);
 $onion = $output[0];
 if (preg_match("/[0-9a-z]{56}\.onion/", $onion) !== 1)
 	serverError("No onion address found.");