beenull/servnest
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Trusted > approved, add approval.php, DB_PATH > DB

Browse source
This commit is contained in:
Miraty 2022-12-10 18:19:37 +01:00
parent 9173336714
commit 7a018e5a88
12 changed files with 70 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
config.ini
View file

@ -66,4 +66,4 @@ ipv4_listen_address = "127.0.0.1"
internal_onion_http_port = 9080
user_quota_testing = 20971520
user_quota_trusted = 209715200
user_quota_approved = 209715200

4
db/schema.sql
View file

@ -17,6 +17,10 @@ CREATE TABLE IF NOT EXISTS "users" (
"type" TEXT NOT NULL,
PRIMARY KEY("id")
);
CREATE TABLE IF NOT EXISTS "approval-keys" (
"key" TEXT NOT NULL UNIQUE,
PRIMARY KEY("key")
);
CREATE TABLE IF NOT EXISTS "registry" (
"domain" TEXT NOT NULL UNIQUE,
"username" TEXT NOT NULL,

12
fn/auth.php
View file

@ -45,9 +45,7 @@ function outdatedPasswordHash($id) {
}
function changePassword($id, $password) {
$db = new PDO('sqlite:' . DB_PATH);
$stmt = $db->prepare('UPDATE users SET password = :password WHERE id = :id');
$stmt = DB->prepare('UPDATE users SET password = :password WHERE id = :id');
$stmt->bindValue(':id', $id);
$stmt->bindValue(':password', hashPassword($password));
@ -87,8 +85,7 @@ function rateLimitAccount($requestedTokens) {
$tokens -= $requestedTokens;
// Update
$db = new PDO('sqlite:' . DB_PATH);
$stmt = $db->prepare('UPDATE users SET bucket_tokens = :bucket_tokens, bucket_last_update = :bucket_last_update WHERE id = :id');
$stmt = DB->prepare('UPDATE users SET bucket_tokens = :bucket_tokens, bucket_last_update = :bucket_last_update WHERE id = :id');
$stmt->bindValue(':id', $_SESSION['id']);
$stmt->bindValue(':bucket_tokens', $tokens);
$stmt->bindValue(':bucket_last_update', time());
@ -109,12 +106,11 @@ function rateLimitInstance($requestedTokens) {
$tokens -= $requestedTokens;
// Update
$db = new PDO('sqlite:' . DB_PATH);
$stmt = $db->prepare("UPDATE params SET value = :bucket_tokens WHERE name = 'instance_bucket_tokens';");
$stmt = DB->prepare("UPDATE params SET value = :bucket_tokens WHERE name = 'instance_bucket_tokens';");
$stmt->bindValue(':bucket_tokens', $tokens);
$stmt->execute();
$stmt = $db->prepare("UPDATE params SET value = :bucket_last_update WHERE name = 'instance_bucket_last_update';");
$stmt = DB->prepare("UPDATE params SET value = :bucket_last_update WHERE name = 'instance_bucket_last_update';");
$stmt->bindValue(':bucket_last_update', time());
$stmt->execute();
}

24
fn/common.php
View file

@ -35,7 +35,7 @@ function processForm($requireLogin = true) {
}
function insert($table, $values) {
$query = 'INSERT INTO ' . $table . '(';
$query = 'INSERT INTO "' . $table . '"(';
foreach ($values as $key => $val) {
if ($key === array_key_last($values))
@ -53,14 +53,12 @@ function insert($table, $values) {
}
$query .= ')';
$db = new PDO('sqlite:' . DB_PATH);
$op = $db->prepare($query);
$stmt = DB->prepare($query);
foreach ($values as $key => $val)
$op->bindValue(":$key", $val);
$stmt->bindValue(":$key", $val);
$op->execute();
$stmt->execute();
}
function query($action, $table, $conditions = [], $column = NULL) {
@ -70,7 +68,7 @@ function query($action, $table, $conditions = [], $column = NULL) {
'delete' => 'DELETE',
};
$query .= ' FROM ' . $table;
$query .= ' FROM "' . $table . '"';
foreach ($conditions as $key => $val) {
if ($key === array_key_first($conditions))
@ -79,18 +77,16 @@ function query($action, $table, $conditions = [], $column = NULL) {
$query .= " AND $key = :$key";
}
$db = new PDO('sqlite:' . DB_PATH);
$op = $db->prepare($query);
$stmt = DB->prepare($query);
foreach ($conditions as $key => $val)
$op->bindValue(":$key", $val);
$stmt->bindValue(":$key", $val);
$op->execute();
$stmt->execute();
if (isset($column))
return array_column($op->fetchAll(PDO::FETCH_ASSOC), $column);
return $op->fetchAll(PDO::FETCH_ASSOC);
return array_column($stmt->fetchAll(PDO::FETCH_ASSOC), $column);
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
function displayIndex() { ?>

4
pages.php
View file

@ -22,6 +22,10 @@ define('PAGES', [
'title' => 'Supprimer son compte',
'description' => 'Effacer toutes les données de son compte',
],
'approval' => [
'title' => 'Approuver son compte',
'description' => 'Utiliser une clé d\'approbation pour passer à un compte approuvé.',
],
'password' => [
'title' => 'Changer la clé de passe',
'description' => 'Changer la chaîne de caractères permettant de vous authentifier.',

37
pages/auth/approval.php Normal file
View file

@ -0,0 +1,37 @@
<?php
insert('approval-keys', ['key' => bin2hex(random_bytes(16))]);
if (processForm()) {
if ($_SESSION['type'] !== 'testing')
output(403, 'Approbation impossible : votre compte est déjà approuvé.');
if (isset(query('select', 'approval-keys', ['key' => $_POST['key']], 'key')[0]) !== true)
output(403, 'Approbation impossible : cette clé d\'approbation n\'est pas disponible. Elle a été mal saisie, a expiré ou a déjà été utilisée pour un autre compte.');
query('delete', 'approval-keys', ['key' => $_POST['key']]);
$stmt = DB->prepare('UPDATE users SET type = "approved" WHERE id = :id');
$stmt->bindValue(':id', $_SESSION['id']);
$stmt->execute();
$_SESSION['type'] = 'approved';
insert('approval-keys', ['key' => bin2hex(random_bytes(16))]);
output(200, 'Compte approuvé.');
}
?>
<p>
Ce formulaire permet d'utiliser une clé d'approbation pour valider son compte. Une clé d'approbation est distribuée par l'administrataire sur demande.
</p>
<form method="post">
<label for="key">Clé d'approbation</label><br>
<input required="" id="key" size="33" name="key" type="text" placeholder="27b81fbd8277b11ed1cf03d476cec503">
<br>
<input type="submit" value="Utiliser">
</form>

8
pages/auth/index.php
View file

@ -1,7 +1,7 @@
<?php displayIndex(); ?>
<p>
<?php if (isset($_SESSION['id'])) { ?>
Vous utilisez actuellement un compte <?= (($_SESSION['type'] === 'trusted') ? 'confiancé' : 'de test') ?>. Son identifiant interne est <code><?= $_SESSION['id'] ?></code>.
Vous utilisez actuellement un compte <?= (($_SESSION['type'] === 'approved') ? 'approuvé' : 'de test') ?>. Son identifiant interne est <code><?= $_SESSION['id'] ?></code>.
<?php } else { ?>
Vous n'utilisez actuellement aucun compte.
<?php } ?>
@ -19,11 +19,11 @@
<li>Certificat Let's Encrypt de test</li>
</ul>
</dd>
<dt><span aria-hidden="true">👤 </span>Confiancé</dt>
<dt><span aria-hidden="true">👤 </span>Approuvé</dt>
<dd>
C'est originellement un compte de test mais qui a été confiancé par ane administrataire, et qui a pour but d'être utilisé de façon stable&nbsp;:
C'est originellement un compte de test mais qui a été approuvé par ane administrataire, et qui a pour but d'être utilisé de façon stable&nbsp;:
<ul>
<li><?= ((CONF['ht']['user_quota_trusted'] >> 30) >= 1) ? CONF['ht']['user_quota_trusted'] >> 30 . ' ' . linkToDocs('units', '<abbr title="gibioctet">Gio</abbr>') : CONF['ht']['user_quota_trusted'] >> 20 . ' ' . linkToDocs('units', '<abbr title="mébioctet">Mio</abbr>') ?> de SFTP</li>
<li><?= ((CONF['ht']['user_quota_approved'] >> 30) >= 1) ? CONF['ht']['user_quota_approved'] >> 30 . ' ' . linkToDocs('units', '<abbr title="gibioctet">Gio</abbr>') : CONF['ht']['user_quota_approved'] >> 20 . ' ' . linkToDocs('units', '<abbr title="mébioctet">Mio</abbr>') ?> de SFTP</li>
<li>Vrai certificat Let's Encrypt</li>
</ul>
</dd>

4
pages/auth/username.php
View file

@ -8,9 +8,7 @@ if (processForm()) {
if (usernameExists($username) !== false)
output(403, 'Ce nom de compte est déjà utilisé.');
$db = new PDO('sqlite:' . DB_PATH);
$stmt = $db->prepare('UPDATE users SET username = :username WHERE id = :id');
$stmt = DB->prepare('UPDATE users SET username = :username WHERE id = :id');
$stmt->bindValue(':id', $_SESSION['id']);
$stmt->bindValue(':username', $username);

2
pages/ht/add-http-dns.php
View file

@ -33,7 +33,7 @@ if (processForm()) {
addSite($_SESSION['id'], $_POST['dir'], $_POST['domain'], 'dns', 'http');
exec('2>&1 ' . CONF['ht']['sudo_path'] . ' ' . CONF['ht']['certbot_path'] . ' certonly' . (($_SESSION['type'] === 'trusted') ? '' : ' --test-cert') . ' --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain ' . $_POST['domain'], $output, $returnCode);
exec('2>&1 ' . CONF['ht']['sudo_path'] . ' ' . CONF['ht']['certbot_path'] . ' certonly' . (($_SESSION['type'] === 'approved') ? '' : ' --test-cert') . ' --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain ' . $_POST['domain'], $output, $returnCode);
if ($returnCode !== 0)
output(500, 'Certbot failed to get a Let\'s Encrypt certificate.', $output);

2
pages/ht/index.php
View file

@ -41,7 +41,7 @@ else {
<p>
Vous avez accès à un espace <abbr title="SSH File Transfert Protocol">SFTP</abbr>, limité à <?php
$quotaSize = ($_SESSION['type'] === 'trusted') ? CONF['ht']['user_quota_trusted'] : CONF['ht']['user_quota_testing'];
$quotaSize = ($_SESSION['type'] === 'approved') ? CONF['ht']['user_quota_approved'] : CONF['ht']['user_quota_testing'];
echo (($quotaSize >> 30) >= 1) ? $quotaSize >> 30 . ' ' . linkToDocs('units', '<abbr title="gibioctet">Gio</abbr>') : $quotaSize >> 20 . ' ' . linkToDocs('units', '<abbr title="mébioctet">Mio</abbr>')
?>. Vous pouvez téléverser vos sites dans <code>/&lt;nom du site&gt;/*</code>. Indiquez les données ci-dessous à votre client <abbr title="SSH File Transfert Protocol">SFTP</abbr> pour y accéder.
</p>

4
router.php
View file

@ -5,7 +5,7 @@ foreach (array_diff(scandir(CONF['common']['root_path'] . '/fn'), array('..', '.
require CONF['common']['root_path'] . '/fn/' . $file;
require 'pages.php';
define('DB_PATH', CONF['common']['root_path'] . '/db/niver.db');
define('DB', new PDO('sqlite:' . CONF['common']['root_path'] . '/db/niver.db'));
const LF = "\n";
@ -92,7 +92,7 @@ foreach (glob('css/*.css') as $cssPath)
<header>
<p>
<?php if (isset($_SESSION['id'])) { ?>
<?= ($_SESSION['type'] === 'trusted') ? '<span title="Compte confiancé">👤 </span>' : '<span title="Compte de test">⏳ </span>' ?><strong><?= $_SESSION['display-username'] ?></strong> <a class="auth" href="<?= CONF['common']['prefix'] ?>/auth/logout">Se déconnecter</a>
<?= ($_SESSION['type'] === 'approved') ? '<span title="Compte approuvé">👤 </span>' : '<span title="Compte de test">⏳ </span>' ?><strong><?= $_SESSION['display-username'] ?></strong> <a class="auth" href="<?= CONF['common']['prefix'] ?>/auth/logout">Se déconnecter</a>
<?php } else { ?>
<span aria-hidden="true">👻 </span><em>Anonyme</em> <a class="auth" href="<?= redirUrl('auth/login') ?>">Se connecter</a>
<?php } ?>

2
sftpgo-auth.php
View file

@ -14,7 +14,7 @@ if (usernameExists($username) === true AND checkPassword($id, $auth_data['passwo
"status": 1,
"username": ' . json_encode($auth_data['username']) . ',
"home_dir": "' . CONF['ht']['ht_path'] . '/' . $id . '",
"quota_size": ' . ((query('select', 'users', ['id' => $id], 'type')[0] === 'trusted') ? CONF['ht']['user_quota_trusted'] : CONF['ht']['user_quota_testing']) . ',
"quota_size": ' . ((query('select', 'users', ['id' => $id], 'type')[0] === 'approved') ? CONF['ht']['user_quota_approved'] : CONF['ht']['user_quota_testing']) . ',
"permissions": {
"/": [
"*"