We use cookies to ensure you get the best experience on our website
Home Esplora Aiuto
Registrati Accedi
0ct0pu5
/
servnest
1
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Ramo (Branch): main
Rami (Branch) Tag
servnest
/
sftpgo-auth.php

sftpgo-auth.php 2.1 KB
Permalink Cronologia Originale

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 
  1. <?php declare(strict_types=1);
    2. 

  2. // ServNest authenticator for SFTPGo https://github.com/drakkan/sftpgo/blob/main/docs/external-auth.md
    3. 

  3. 

  4. const DEBUG = false;
    5. 

  5. !DEBUG or ob_start();
    6. 

  6. 

  7. require 'init.php';
    8. 

  8. 

  9. function deny(string $reason): never {
    10. 

  10. 	!DEBUG or file_put_contents(ROOT_PATH . '/db/debug.txt', ob_get_contents() . $reason . LF);
    11. 

  11. 	http_response_code(403);
    12. 

  12. 	exit();
    13. 

  13. }
    14. 

  14. 

  15. if (CONF['common']['services']['ht'] !== 'enabled')
    16. 

  16. 	deny('Service not enabled.');
    17. 

  17. 

  18. $auth_data = json_decode(file_get_contents('php://input'), true, flags: JSON_THROW_ON_ERROR);
    19. 

  19. 

  20. $username = hashUsername($auth_data['username']);
    21. 

  21. 

  22. if (usernameExists($username) !== true)
    23. 

  23. 	deny('This username doesn\'t exist.');
    24. 

  24. 

  25. $account = query('select', 'users', ['username' => $username])[0];
    26. 

  26. 

  27. if (!in_array('ht', explode(',', $account['services']), true))
    28. 

  28. 	deny('Service not enabled for this user.');
    29. 

  29. 

  30. const SFTPGO_DENY_PERMS = ['/' => ['list']];
    31. 

  31. const SFTPGO_ALLOW_PERMS = ['list', 'download', 'upload', 'overwrite', 'delete_files', 'delete_dirs', 'rename_files', 'rename_dirs', 'create_dirs', 'chmod', 'chtimes'];
    32. 

  32. if ($auth_data['password'] !== '') {
    33. 

  33. 	if (checkPassword($account['id'], $auth_data['password']) !== true)
    34. 

  34. 		deny('Wrong password.');
    35. 

  35. 	$permissions['/'] = SFTPGO_ALLOW_PERMS;
    36. 

  36. } else if ($auth_data['public_key'] !== '') {
    37. 

  37. 	$permissions = SFTPGO_DENY_PERMS;
    38. 

  38. 	foreach (query('select', 'ssh-keys', ['username' => $account['id']]) as $key)
    39. 

  39. 		if (hash_equals('ssh-ed25519 ' . $key['key'] . LF, $auth_data['public_key']))
    40. 

  40. 			$permissions[$key['directory']] = SFTPGO_ALLOW_PERMS;
    41. 

  41. 	if ($permissions === SFTPGO_DENY_PERMS)
    42. 

  42. 		deny('No matching SSH key allowed.');
    43. 

  43. } else
    44. 

  44. 	deny('Unknown authentication method.');
    45. 

  45. 

  46. echo json_encode([
    47. 

  47. 	'status' => 1,
    48. 

  48. 	'username' => $auth_data['username'],
    49. 

  49. 	'home_dir' => CONF['ht']['ht_path'] . '/fs/' . $account['id'],
    50. 

  50. 	'quota_size' => ($account['type'] === 'approved') ? CONF['ht']['user_quota_approved'] : CONF['ht']['user_quota_testing'],
    51. 

  51. 	'permissions' => $permissions,
    52. 

  52. ], JSON_THROW_ON_ERROR | JSON_UNESCAPED_SLASHES);
    53. 

  53. 

  54. !DEBUG or file_put_contents(ROOT_PATH . '/db/debug.txt', ob_get_contents() . 'accepted');
    55. 

  55. http_response_code(200);
    56.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5