Trusted > approved, add approval.php, DB_PATH > DB
This commit is contained in:
parent
9173336714
commit
7a018e5a88
12 changed files with 70 additions and 35 deletions
|
@ -66,4 +66,4 @@ ipv4_listen_address = "127.0.0.1"
|
||||||
internal_onion_http_port = 9080
|
internal_onion_http_port = 9080
|
||||||
|
|
||||||
user_quota_testing = 20971520
|
user_quota_testing = 20971520
|
||||||
user_quota_trusted = 209715200
|
user_quota_approved = 209715200
|
||||||
|
|
|
@ -17,6 +17,10 @@ CREATE TABLE IF NOT EXISTS "users" (
|
||||||
"type" TEXT NOT NULL,
|
"type" TEXT NOT NULL,
|
||||||
PRIMARY KEY("id")
|
PRIMARY KEY("id")
|
||||||
);
|
);
|
||||||
|
CREATE TABLE IF NOT EXISTS "approval-keys" (
|
||||||
|
"key" TEXT NOT NULL UNIQUE,
|
||||||
|
PRIMARY KEY("key")
|
||||||
|
);
|
||||||
CREATE TABLE IF NOT EXISTS "registry" (
|
CREATE TABLE IF NOT EXISTS "registry" (
|
||||||
"domain" TEXT NOT NULL UNIQUE,
|
"domain" TEXT NOT NULL UNIQUE,
|
||||||
"username" TEXT NOT NULL,
|
"username" TEXT NOT NULL,
|
||||||
|
|
12
fn/auth.php
12
fn/auth.php
|
@ -45,9 +45,7 @@ function outdatedPasswordHash($id) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function changePassword($id, $password) {
|
function changePassword($id, $password) {
|
||||||
$db = new PDO('sqlite:' . DB_PATH);
|
$stmt = DB->prepare('UPDATE users SET password = :password WHERE id = :id');
|
||||||
|
|
||||||
$stmt = $db->prepare('UPDATE users SET password = :password WHERE id = :id');
|
|
||||||
|
|
||||||
$stmt->bindValue(':id', $id);
|
$stmt->bindValue(':id', $id);
|
||||||
$stmt->bindValue(':password', hashPassword($password));
|
$stmt->bindValue(':password', hashPassword($password));
|
||||||
|
@ -87,8 +85,7 @@ function rateLimitAccount($requestedTokens) {
|
||||||
$tokens -= $requestedTokens;
|
$tokens -= $requestedTokens;
|
||||||
|
|
||||||
// Update
|
// Update
|
||||||
$db = new PDO('sqlite:' . DB_PATH);
|
$stmt = DB->prepare('UPDATE users SET bucket_tokens = :bucket_tokens, bucket_last_update = :bucket_last_update WHERE id = :id');
|
||||||
$stmt = $db->prepare('UPDATE users SET bucket_tokens = :bucket_tokens, bucket_last_update = :bucket_last_update WHERE id = :id');
|
|
||||||
$stmt->bindValue(':id', $_SESSION['id']);
|
$stmt->bindValue(':id', $_SESSION['id']);
|
||||||
$stmt->bindValue(':bucket_tokens', $tokens);
|
$stmt->bindValue(':bucket_tokens', $tokens);
|
||||||
$stmt->bindValue(':bucket_last_update', time());
|
$stmt->bindValue(':bucket_last_update', time());
|
||||||
|
@ -109,12 +106,11 @@ function rateLimitInstance($requestedTokens) {
|
||||||
$tokens -= $requestedTokens;
|
$tokens -= $requestedTokens;
|
||||||
|
|
||||||
// Update
|
// Update
|
||||||
$db = new PDO('sqlite:' . DB_PATH);
|
$stmt = DB->prepare("UPDATE params SET value = :bucket_tokens WHERE name = 'instance_bucket_tokens';");
|
||||||
$stmt = $db->prepare("UPDATE params SET value = :bucket_tokens WHERE name = 'instance_bucket_tokens';");
|
|
||||||
$stmt->bindValue(':bucket_tokens', $tokens);
|
$stmt->bindValue(':bucket_tokens', $tokens);
|
||||||
$stmt->execute();
|
$stmt->execute();
|
||||||
|
|
||||||
$stmt = $db->prepare("UPDATE params SET value = :bucket_last_update WHERE name = 'instance_bucket_last_update';");
|
$stmt = DB->prepare("UPDATE params SET value = :bucket_last_update WHERE name = 'instance_bucket_last_update';");
|
||||||
$stmt->bindValue(':bucket_last_update', time());
|
$stmt->bindValue(':bucket_last_update', time());
|
||||||
$stmt->execute();
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
|
|
|
@ -35,7 +35,7 @@ function processForm($requireLogin = true) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function insert($table, $values) {
|
function insert($table, $values) {
|
||||||
$query = 'INSERT INTO ' . $table . '(';
|
$query = 'INSERT INTO "' . $table . '"(';
|
||||||
|
|
||||||
foreach ($values as $key => $val) {
|
foreach ($values as $key => $val) {
|
||||||
if ($key === array_key_last($values))
|
if ($key === array_key_last($values))
|
||||||
|
@ -53,14 +53,12 @@ function insert($table, $values) {
|
||||||
}
|
}
|
||||||
$query .= ')';
|
$query .= ')';
|
||||||
|
|
||||||
$db = new PDO('sqlite:' . DB_PATH);
|
$stmt = DB->prepare($query);
|
||||||
|
|
||||||
$op = $db->prepare($query);
|
|
||||||
|
|
||||||
foreach ($values as $key => $val)
|
foreach ($values as $key => $val)
|
||||||
$op->bindValue(":$key", $val);
|
$stmt->bindValue(":$key", $val);
|
||||||
|
|
||||||
$op->execute();
|
$stmt->execute();
|
||||||
}
|
}
|
||||||
|
|
||||||
function query($action, $table, $conditions = [], $column = NULL) {
|
function query($action, $table, $conditions = [], $column = NULL) {
|
||||||
|
@ -70,7 +68,7 @@ function query($action, $table, $conditions = [], $column = NULL) {
|
||||||
'delete' => 'DELETE',
|
'delete' => 'DELETE',
|
||||||
};
|
};
|
||||||
|
|
||||||
$query .= ' FROM ' . $table;
|
$query .= ' FROM "' . $table . '"';
|
||||||
|
|
||||||
foreach ($conditions as $key => $val) {
|
foreach ($conditions as $key => $val) {
|
||||||
if ($key === array_key_first($conditions))
|
if ($key === array_key_first($conditions))
|
||||||
|
@ -79,18 +77,16 @@ function query($action, $table, $conditions = [], $column = NULL) {
|
||||||
$query .= " AND $key = :$key";
|
$query .= " AND $key = :$key";
|
||||||
}
|
}
|
||||||
|
|
||||||
$db = new PDO('sqlite:' . DB_PATH);
|
$stmt = DB->prepare($query);
|
||||||
|
|
||||||
$op = $db->prepare($query);
|
|
||||||
|
|
||||||
foreach ($conditions as $key => $val)
|
foreach ($conditions as $key => $val)
|
||||||
$op->bindValue(":$key", $val);
|
$stmt->bindValue(":$key", $val);
|
||||||
|
|
||||||
$op->execute();
|
$stmt->execute();
|
||||||
|
|
||||||
if (isset($column))
|
if (isset($column))
|
||||||
return array_column($op->fetchAll(PDO::FETCH_ASSOC), $column);
|
return array_column($stmt->fetchAll(PDO::FETCH_ASSOC), $column);
|
||||||
return $op->fetchAll(PDO::FETCH_ASSOC);
|
return $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||||
}
|
}
|
||||||
|
|
||||||
function displayIndex() { ?>
|
function displayIndex() { ?>
|
||||||
|
|
|
@ -22,6 +22,10 @@ define('PAGES', [
|
||||||
'title' => 'Supprimer son compte',
|
'title' => 'Supprimer son compte',
|
||||||
'description' => 'Effacer toutes les données de son compte',
|
'description' => 'Effacer toutes les données de son compte',
|
||||||
],
|
],
|
||||||
|
'approval' => [
|
||||||
|
'title' => 'Approuver son compte',
|
||||||
|
'description' => 'Utiliser une clé d\'approbation pour passer à un compte approuvé.',
|
||||||
|
],
|
||||||
'password' => [
|
'password' => [
|
||||||
'title' => 'Changer la clé de passe',
|
'title' => 'Changer la clé de passe',
|
||||||
'description' => 'Changer la chaîne de caractères permettant de vous authentifier.',
|
'description' => 'Changer la chaîne de caractères permettant de vous authentifier.',
|
||||||
|
|
37
pages/auth/approval.php
Normal file
37
pages/auth/approval.php
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
insert('approval-keys', ['key' => bin2hex(random_bytes(16))]);
|
||||||
|
|
||||||
|
if (processForm()) {
|
||||||
|
|
||||||
|
if ($_SESSION['type'] !== 'testing')
|
||||||
|
output(403, 'Approbation impossible : votre compte est déjà approuvé.');
|
||||||
|
|
||||||
|
if (isset(query('select', 'approval-keys', ['key' => $_POST['key']], 'key')[0]) !== true)
|
||||||
|
output(403, 'Approbation impossible : cette clé d\'approbation n\'est pas disponible. Elle a été mal saisie, a expiré ou a déjà été utilisée pour un autre compte.');
|
||||||
|
|
||||||
|
query('delete', 'approval-keys', ['key' => $_POST['key']]);
|
||||||
|
|
||||||
|
$stmt = DB->prepare('UPDATE users SET type = "approved" WHERE id = :id');
|
||||||
|
$stmt->bindValue(':id', $_SESSION['id']);
|
||||||
|
$stmt->execute();
|
||||||
|
|
||||||
|
$_SESSION['type'] = 'approved';
|
||||||
|
|
||||||
|
insert('approval-keys', ['key' => bin2hex(random_bytes(16))]);
|
||||||
|
|
||||||
|
output(200, 'Compte approuvé.');
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
Ce formulaire permet d'utiliser une clé d'approbation pour valider son compte. Une clé d'approbation est distribuée par l'administrataire sur demande.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<form method="post">
|
||||||
|
<label for="key">Clé d'approbation</label><br>
|
||||||
|
<input required="" id="key" size="33" name="key" type="text" placeholder="27b81fbd8277b11ed1cf03d476cec503">
|
||||||
|
<br>
|
||||||
|
<input type="submit" value="Utiliser">
|
||||||
|
</form>
|
|
@ -1,7 +1,7 @@
|
||||||
<?php displayIndex(); ?>
|
<?php displayIndex(); ?>
|
||||||
<p>
|
<p>
|
||||||
<?php if (isset($_SESSION['id'])) { ?>
|
<?php if (isset($_SESSION['id'])) { ?>
|
||||||
Vous utilisez actuellement un compte <?= (($_SESSION['type'] === 'trusted') ? 'confiancé' : 'de test') ?>. Son identifiant interne est <code><?= $_SESSION['id'] ?></code>.
|
Vous utilisez actuellement un compte <?= (($_SESSION['type'] === 'approved') ? 'approuvé' : 'de test') ?>. Son identifiant interne est <code><?= $_SESSION['id'] ?></code>.
|
||||||
<?php } else { ?>
|
<?php } else { ?>
|
||||||
Vous n'utilisez actuellement aucun compte.
|
Vous n'utilisez actuellement aucun compte.
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
@ -19,11 +19,11 @@
|
||||||
<li>Certificat Let's Encrypt de test</li>
|
<li>Certificat Let's Encrypt de test</li>
|
||||||
</ul>
|
</ul>
|
||||||
</dd>
|
</dd>
|
||||||
<dt><span aria-hidden="true">👤 </span>Confiancé</dt>
|
<dt><span aria-hidden="true">👤 </span>Approuvé</dt>
|
||||||
<dd>
|
<dd>
|
||||||
C'est originellement un compte de test mais qui a été confiancé par ane administrataire, et qui a pour but d'être utilisé de façon stable :
|
C'est originellement un compte de test mais qui a été approuvé par ane administrataire, et qui a pour but d'être utilisé de façon stable :
|
||||||
<ul>
|
<ul>
|
||||||
<li><?= ((CONF['ht']['user_quota_trusted'] >> 30) >= 1) ? CONF['ht']['user_quota_trusted'] >> 30 . ' ' . linkToDocs('units', '<abbr title="gibioctet">Gio</abbr>') : CONF['ht']['user_quota_trusted'] >> 20 . ' ' . linkToDocs('units', '<abbr title="mébioctet">Mio</abbr>') ?> de SFTP</li>
|
<li><?= ((CONF['ht']['user_quota_approved'] >> 30) >= 1) ? CONF['ht']['user_quota_approved'] >> 30 . ' ' . linkToDocs('units', '<abbr title="gibioctet">Gio</abbr>') : CONF['ht']['user_quota_approved'] >> 20 . ' ' . linkToDocs('units', '<abbr title="mébioctet">Mio</abbr>') ?> de SFTP</li>
|
||||||
<li>Vrai certificat Let's Encrypt</li>
|
<li>Vrai certificat Let's Encrypt</li>
|
||||||
</ul>
|
</ul>
|
||||||
</dd>
|
</dd>
|
||||||
|
|
|
@ -8,9 +8,7 @@ if (processForm()) {
|
||||||
if (usernameExists($username) !== false)
|
if (usernameExists($username) !== false)
|
||||||
output(403, 'Ce nom de compte est déjà utilisé.');
|
output(403, 'Ce nom de compte est déjà utilisé.');
|
||||||
|
|
||||||
$db = new PDO('sqlite:' . DB_PATH);
|
$stmt = DB->prepare('UPDATE users SET username = :username WHERE id = :id');
|
||||||
|
|
||||||
$stmt = $db->prepare('UPDATE users SET username = :username WHERE id = :id');
|
|
||||||
|
|
||||||
$stmt->bindValue(':id', $_SESSION['id']);
|
$stmt->bindValue(':id', $_SESSION['id']);
|
||||||
$stmt->bindValue(':username', $username);
|
$stmt->bindValue(':username', $username);
|
||||||
|
|
|
@ -33,7 +33,7 @@ if (processForm()) {
|
||||||
|
|
||||||
addSite($_SESSION['id'], $_POST['dir'], $_POST['domain'], 'dns', 'http');
|
addSite($_SESSION['id'], $_POST['dir'], $_POST['domain'], 'dns', 'http');
|
||||||
|
|
||||||
exec('2>&1 ' . CONF['ht']['sudo_path'] . ' ' . CONF['ht']['certbot_path'] . ' certonly' . (($_SESSION['type'] === 'trusted') ? '' : ' --test-cert') . ' --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain ' . $_POST['domain'], $output, $returnCode);
|
exec('2>&1 ' . CONF['ht']['sudo_path'] . ' ' . CONF['ht']['certbot_path'] . ' certonly' . (($_SESSION['type'] === 'approved') ? '' : ' --test-cert') . ' --key-type rsa --rsa-key-size 3072 --webroot --webroot-path /srv/niver/acme --domain ' . $_POST['domain'], $output, $returnCode);
|
||||||
if ($returnCode !== 0)
|
if ($returnCode !== 0)
|
||||||
output(500, 'Certbot failed to get a Let\'s Encrypt certificate.', $output);
|
output(500, 'Certbot failed to get a Let\'s Encrypt certificate.', $output);
|
||||||
|
|
||||||
|
|
|
@ -41,7 +41,7 @@ else {
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Vous avez accès à un espace <abbr title="SSH File Transfert Protocol">SFTP</abbr>, limité à <?php
|
Vous avez accès à un espace <abbr title="SSH File Transfert Protocol">SFTP</abbr>, limité à <?php
|
||||||
$quotaSize = ($_SESSION['type'] === 'trusted') ? CONF['ht']['user_quota_trusted'] : CONF['ht']['user_quota_testing'];
|
$quotaSize = ($_SESSION['type'] === 'approved') ? CONF['ht']['user_quota_approved'] : CONF['ht']['user_quota_testing'];
|
||||||
echo (($quotaSize >> 30) >= 1) ? $quotaSize >> 30 . ' ' . linkToDocs('units', '<abbr title="gibioctet">Gio</abbr>') : $quotaSize >> 20 . ' ' . linkToDocs('units', '<abbr title="mébioctet">Mio</abbr>')
|
echo (($quotaSize >> 30) >= 1) ? $quotaSize >> 30 . ' ' . linkToDocs('units', '<abbr title="gibioctet">Gio</abbr>') : $quotaSize >> 20 . ' ' . linkToDocs('units', '<abbr title="mébioctet">Mio</abbr>')
|
||||||
?>. Vous pouvez téléverser vos sites dans <code>/<nom du site>/*</code>. Indiquez les données ci-dessous à votre client <abbr title="SSH File Transfert Protocol">SFTP</abbr> pour y accéder.
|
?>. Vous pouvez téléverser vos sites dans <code>/<nom du site>/*</code>. Indiquez les données ci-dessous à votre client <abbr title="SSH File Transfert Protocol">SFTP</abbr> pour y accéder.
|
||||||
</p>
|
</p>
|
||||||
|
|
|
@ -5,7 +5,7 @@ foreach (array_diff(scandir(CONF['common']['root_path'] . '/fn'), array('..', '.
|
||||||
require CONF['common']['root_path'] . '/fn/' . $file;
|
require CONF['common']['root_path'] . '/fn/' . $file;
|
||||||
require 'pages.php';
|
require 'pages.php';
|
||||||
|
|
||||||
define('DB_PATH', CONF['common']['root_path'] . '/db/niver.db');
|
define('DB', new PDO('sqlite:' . CONF['common']['root_path'] . '/db/niver.db'));
|
||||||
|
|
||||||
const LF = "\n";
|
const LF = "\n";
|
||||||
|
|
||||||
|
@ -92,7 +92,7 @@ foreach (glob('css/*.css') as $cssPath)
|
||||||
<header>
|
<header>
|
||||||
<p>
|
<p>
|
||||||
<?php if (isset($_SESSION['id'])) { ?>
|
<?php if (isset($_SESSION['id'])) { ?>
|
||||||
<?= ($_SESSION['type'] === 'trusted') ? '<span title="Compte confiancé">👤 </span>' : '<span title="Compte de test">⏳ </span>' ?><strong><?= $_SESSION['display-username'] ?></strong> <a class="auth" href="<?= CONF['common']['prefix'] ?>/auth/logout">Se déconnecter</a>
|
<?= ($_SESSION['type'] === 'approved') ? '<span title="Compte approuvé">👤 </span>' : '<span title="Compte de test">⏳ </span>' ?><strong><?= $_SESSION['display-username'] ?></strong> <a class="auth" href="<?= CONF['common']['prefix'] ?>/auth/logout">Se déconnecter</a>
|
||||||
<?php } else { ?>
|
<?php } else { ?>
|
||||||
<span aria-hidden="true">👻 </span><em>Anonyme</em> <a class="auth" href="<?= redirUrl('auth/login') ?>">Se connecter</a>
|
<span aria-hidden="true">👻 </span><em>Anonyme</em> <a class="auth" href="<?= redirUrl('auth/login') ?>">Se connecter</a>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
|
@ -14,7 +14,7 @@ if (usernameExists($username) === true AND checkPassword($id, $auth_data['passwo
|
||||||
"status": 1,
|
"status": 1,
|
||||||
"username": ' . json_encode($auth_data['username']) . ',
|
"username": ' . json_encode($auth_data['username']) . ',
|
||||||
"home_dir": "' . CONF['ht']['ht_path'] . '/' . $id . '",
|
"home_dir": "' . CONF['ht']['ht_path'] . '/' . $id . '",
|
||||||
"quota_size": ' . ((query('select', 'users', ['id' => $id], 'type')[0] === 'trusted') ? CONF['ht']['user_quota_trusted'] : CONF['ht']['user_quota_testing']) . ',
|
"quota_size": ' . ((query('select', 'users', ['id' => $id], 'type')[0] === 'approved') ? CONF['ht']['user_quota_approved'] : CONF['ht']['user_quota_testing']) . ',
|
||||||
"permissions": {
|
"permissions": {
|
||||||
"/": [
|
"/": [
|
||||||
"*"
|
"*"
|
||||||
|
|
Loading…
Reference in a new issue