Merge pull request 'dev' (#9) from dev into main

Reviewed-on: https://code.antopie.org/servnest/servnest/pulls/9
This commit is contained in:
Miraty 2023-08-02 00:52:33 +02:00
commit 95f376ab00
102 changed files with 1586 additions and 814 deletions

View file

@ -0,0 +1,12 @@
BEGIN TRANSACTION;
CREATE TABLE IF NOT EXISTS "ns-syncs" (
"username" TEXT NOT NULL,
"source" TEXT NOT NULL,
"destination" TEXT NOT NULL UNIQUE,
UNIQUE("username", "source", "destination"),
FOREIGN KEY("username") REFERENCES "users"("id"),
FOREIGN KEY("destination") REFERENCES "zones"("zone")
);
COMMIT;

View file

@ -42,6 +42,13 @@ CREATE TABLE IF NOT EXISTS "zones" (
PRIMARY KEY("zone"), PRIMARY KEY("zone"),
FOREIGN KEY("username") REFERENCES "users"("id") FOREIGN KEY("username") REFERENCES "users"("id")
); );
CREATE TABLE IF NOT EXISTS "ns-syncs" (
"username" TEXT NOT NULL,
"source" TEXT NOT NULL,
"destination" TEXT NOT NULL UNIQUE,
FOREIGN KEY("username") REFERENCES "users"("id"),
FOREIGN KEY("destination") REFERENCES "zones"("zone")
);
CREATE TABLE IF NOT EXISTS "sites" ( CREATE TABLE IF NOT EXISTS "sites" (
"username" TEXT NOT NULL, "username" TEXT NOT NULL,
"site_dir" TEXT NOT NULL, "site_dir" TEXT NOT NULL,

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
const USERNAME_REGEX = '^.{1,1024}$'; const USERNAME_REGEX = '^.{1,1024}$';
const PASSWORD_REGEX = '^(?=.*[\p{Ll}])(?=.*[\p{Lu}])(?=.*[\p{N}]).{8,1024}|.{10,1024}$'; const PASSWORD_REGEX = '^(?=.*[\p{Ll}])(?=.*[\p{Lu}])(?=.*[\p{N}]).{8,1024}|.{10,1024}$';
@ -14,47 +14,47 @@ const OPTIONS_PASSWORD = [
'threads' => 64, 'threads' => 64,
]; ];
function checkUsernameFormat($username) { function checkUsernameFormat(string $username): void {
if (preg_match('/' . USERNAME_REGEX . '/Du', $username) !== 1) if (preg_match('/' . USERNAME_REGEX . '/Du', $username) !== 1)
output(403, 'Username malformed.'); output(403, 'Username malformed.');
} }
function checkPasswordFormat($password) { function checkPasswordFormat(string $password): void {
if (preg_match('/' . PASSWORD_REGEX . '/Du', $password) !== 1) if (preg_match('/' . PASSWORD_REGEX . '/Du', $password) !== 1)
output(403, 'Password malformed.'); output(403, 'Password malformed.');
} }
function hashUsername($username) { function hashUsername(string $username): string {
return base64_encode(sodium_crypto_pwhash(32, $username, hex2bin(query('select', 'params', ['name' => 'username_salt'], 'value')[0]), 2**10, 2**14, SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13)); return base64_encode(sodium_crypto_pwhash(32, $username, hex2bin(query('select', 'params', ['name' => 'username_salt'], 'value')[0]), 2**10, 2**14, SODIUM_CRYPTO_PWHASH_ALG_ARGON2ID13));
} }
function hashPassword($password) { function hashPassword(string $password): string {
return password_hash($password, ALGO_PASSWORD, OPTIONS_PASSWORD); return password_hash($password, ALGO_PASSWORD, OPTIONS_PASSWORD);
} }
function usernameExists($username) { function usernameExists(string $username): bool {
return isset(query('select', 'users', ['username' => $username], 'id')[0]); return isset(query('select', 'users', ['username' => $username], 'id')[0]);
} }
function checkPassword($id, $password) { function checkPassword(string $id, string $password): bool {
return password_verify($password, query('select', 'users', ['id' => $id], 'password')[0]); return password_verify($password, query('select', 'users', ['id' => $id], 'password')[0]);
} }
function outdatedPasswordHash($id) { function outdatedPasswordHash(string $id): bool {
return password_needs_rehash(query('select', 'users', ['id' => $id], 'password')[0], ALGO_PASSWORD, OPTIONS_PASSWORD); return password_needs_rehash(query('select', 'users', ['id' => $id], 'password')[0], ALGO_PASSWORD, OPTIONS_PASSWORD);
} }
function changePassword($id, $password) { function changePassword(string $id, string $password): void {
DB->prepare('UPDATE users SET password = :password WHERE id = :id') DB->prepare('UPDATE users SET password = :password WHERE id = :id')
->execute([':password' => hashPassword($password), ':id' => $id]); ->execute([':password' => hashPassword($password), ':id' => $id]);
} }
function stopSession() { function stopSession(): void {
if (session_status() === PHP_SESSION_ACTIVE) if (session_status() === PHP_SESSION_ACTIVE)
session_destroy(); session_destroy();
} }
function logout() { function logout(): never {
stopSession(); stopSession();
header('Clear-Site-Data: "*"'); header('Clear-Site-Data: "*"');
@ -62,7 +62,7 @@ function logout() {
redir(); redir();
} }
function setupDisplayUsername($display_username) { function setupDisplayUsername(string $display_username): void {
$nonce = random_bytes(24); $nonce = random_bytes(24);
$key = sodium_crypto_aead_xchacha20poly1305_ietf_keygen(); $key = sodium_crypto_aead_xchacha20poly1305_ietf_keygen();
$cyphertext = sodium_crypto_aead_xchacha20poly1305_ietf_encrypt( $cyphertext = sodium_crypto_aead_xchacha20poly1305_ietf_encrypt(
@ -87,7 +87,7 @@ function setupDisplayUsername($display_username) {
$_SESSION['display-username-cyphertext'] = $cyphertext; $_SESSION['display-username-cyphertext'] = $cyphertext;
} }
function authDeleteUser($user_id) { function authDeleteUser(string $user_id): void {
$user_services = explode(',', query('select', 'users', ['id' => $user_id], 'services')[0]); $user_services = explode(',', query('select', 'users', ['id' => $user_id], 'services')[0]);
foreach (SERVICES_USER as $service) foreach (SERVICES_USER as $service)
@ -133,12 +133,14 @@ function authDeleteUser($user_id) {
], result_code: $code); ], result_code: $code);
if ($code !== 0) if ($code !== 0)
output(500, 'Can\'t remove user\'s directory.'); output(500, 'Can\'t remove user\'s directory.');
query('delete', 'ssh-keys', ['username' => $user_id]);
} }
query('delete', 'users', ['id' => $user_id]); query('delete', 'users', ['id' => $user_id]);
} }
function rateLimit() { function rateLimit(): void {
if (PAGE_METADATA['tokens_account_cost'] ?? 0 > 0) if (PAGE_METADATA['tokens_account_cost'] ?? 0 > 0)
rateLimitAccount(PAGE_METADATA['tokens_account_cost']); rateLimitAccount(PAGE_METADATA['tokens_account_cost']);
@ -147,7 +149,7 @@ function rateLimit() {
} }
const MAX_ACCOUNT_TOKENS = 86400; const MAX_ACCOUNT_TOKENS = 86400;
function rateLimitAccount($requestedTokens) { function rateLimitAccount(int $requestedTokens): int {
// Get // Get
$userData = query('select', 'users', ['id' => $_SESSION['id']]); $userData = query('select', 'users', ['id' => $_SESSION['id']]);
$tokens = $userData[0]['bucket_tokens']; $tokens = $userData[0]['bucket_tokens'];
@ -174,7 +176,7 @@ function rateLimitAccount($requestedTokens) {
return $tokens; return $tokens;
} }
function rateLimitInstance($requestedTokens) { function rateLimitInstance(int $requestedTokens): void {
// Get // Get
$tokens = query('select', 'params', ['name' => 'instance_bucket_tokens'], 'value')[0]; $tokens = query('select', 'params', ['name' => 'instance_bucket_tokens'], 'value')[0];
$bucketLastUpdate = query('select', 'params', ['name' => 'instance_bucket_last_update'], 'value')[0]; $bucketLastUpdate = query('select', 'params', ['name' => 'instance_bucket_last_update'], 'value')[0];

View file

@ -1,6 +1,6 @@
<?php <?php declare(strict_types=1);
function output($code, $msg = '', $logs = [''], $data = []) { function output(int $code, string $msg = '', array $logs = [''], array $data = []): never {
http_response_code($code); http_response_code($code);
$shortCode = intval($code / 100); $shortCode = intval($code / 100);
if ($shortCode === 5) if ($shortCode === 5)
@ -21,7 +21,25 @@ function exescape(array $args, array &$output = NULL, int &$result_code = NULL):
return $result_code; return $result_code;
} }
function insert($table, $values) { class KdigException extends Exception {};
function kdig(string $name, string $type, string $server = NULL): array {
exescape([
CONF['dns']['kdig_path'],
'+json',
'+timeout=5',
'+retry=0',
'-q',
$name,
'-t',
$type,
...(isset($server) ? ['@' . $server] : []),
], $output, $code);
if ($code !== 0)
throw new KdigException();
return json_decode(implode(LF, $output), true, flags: JSON_THROW_ON_ERROR);
}
function insert(string $table, array $values): void {
$query = 'INSERT INTO "' . $table . '"('; $query = 'INSERT INTO "' . $table . '"(';
foreach ($values as $key => $val) { foreach ($values as $key => $val) {
@ -44,7 +62,7 @@ function insert($table, $values) {
->execute($values); ->execute($values);
} }
function query($action, $table, $conditions = [], $column = NULL) { function query(string $action, string $table, array $conditions = [], string $column = NULL): array {
$query = match ($action) { $query = match ($action) {
'select' => 'SELECT *', 'select' => 'SELECT *',
@ -66,7 +84,7 @@ function query($action, $table, $conditions = [], $column = NULL) {
return array_column($stmt->fetchAll(PDO::FETCH_ASSOC), $column); return array_column($stmt->fetchAll(PDO::FETCH_ASSOC), $column);
} }
function displayIndex() { ?> function displayIndex(): void { ?>
<nav> <nav>
<dl> <dl>
<?php foreach (PAGES[SERVICE] as $pageId => $page) { <?php foreach (PAGES[SERVICE] as $pageId => $page) {
@ -82,11 +100,11 @@ function displayIndex() { ?>
<?php <?php
} }
function redirUrl($pageId) { function redirUrl(string $pageId): string {
return CONF['common']['prefix'] . '/' . $pageId . '?redir=' . PAGE_URL; return CONF['common']['prefix'] . '/' . $pageId . '?redir=' . PAGE_URL;
} }
function redir($redir_to = NULL) { function redir(string $redir_to = NULL): never {
$redir_to ??= $_GET['redir'] ?? NULL; $redir_to ??= $_GET['redir'] ?? NULL;
if ($redir_to === NULL) { if ($redir_to === NULL) {
@ -100,7 +118,7 @@ function redir($redir_to = NULL) {
} }
// PHP rmdir() only works on empty directories // PHP rmdir() only works on empty directories
function removeDirectory($dir) { function removeDirectory(string $dir): void {
$dirObj = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS); $dirObj = new RecursiveDirectoryIterator($dir, RecursiveDirectoryIterator::SKIP_DOTS);
$files = new RecursiveIteratorIterator($dirObj, RecursiveIteratorIterator::CHILD_FIRST); $files = new RecursiveIteratorIterator($dirObj, RecursiveIteratorIterator::CHILD_FIRST);
foreach ($files as $file) foreach ($files as $file)
@ -109,7 +127,7 @@ function removeDirectory($dir) {
output(500, 'Unable to remove directory.'); output(500, 'Unable to remove directory.');
} }
function equalArrays($a, $b) { function equalArrays(array $a, array $b): bool {
return array_diff($a, $b) === [] AND array_diff($b, $a) === []; return array_diff($a, $b) === [] AND array_diff($b, $a) === [];
} }
@ -126,12 +144,12 @@ if (time() - query('select', 'params', ['name' => 'secret_key_last_change'], 'va
->execute([':last_change' => time()]); ->execute([':last_change' => time()]);
} }
define('SECRET_KEY', hex2bin(query('select', 'params', ['name' => 'secret_key'], 'value')[0])); define('SECRET_KEY', hex2bin(query('select', 'params', ['name' => 'secret_key'], 'value')[0]));
function getAuthToken() { function getAuthToken(): string {
$salt = bin2hex(random_bytes(4)); $salt = bin2hex(random_bytes(4));
$hash = hash_hmac('sha256', $salt . ($_SESSION['id'] ?? ''), SECRET_KEY); $hash = hash_hmac('sha256', $salt . ($_SESSION['id'] ?? ''), SECRET_KEY);
return $salt . '-' . substr($hash, 0, 32); return $salt . '-' . substr($hash, 0, 32);
} }
function checkAuthToken($salt, $hash) { function checkAuthToken(string $salt, string $hash): void {
$correctProof = substr(hash_hmac('sha256', $salt . $_SESSION['id'], SECRET_KEY), 0, 32); $correctProof = substr(hash_hmac('sha256', $salt . $_SESSION['id'], SECRET_KEY), 0, 32);
if (hash_equals($correctProof, $hash) !== true) if (hash_equals($correctProof, $hash) !== true)
output(403, _('Wrong proof.')); output(403, _('Wrong proof.'));

View file

@ -1,16 +1,19 @@
<?php <?php declare(strict_types=1);
function parseZoneFile($zone_content, $types, $filter_domain = false) { function parseZoneFile(string $zone_content, array $types, bool|string $filter_domain = false, bool $filter_include_subdomains = true): array {
$parsed_zone_content = []; $parsed_zone_content = [];
foreach (explode(LF, $zone_content) as $zone_line) { foreach (explode(LF, $zone_content) as $zone_line) {
if ($zone_line === '' OR str_starts_with($zone_line, ';')) if ($zone_line === '' OR str_starts_with($zone_line, ';'))
continue; // Ignore empty lines and comments continue; // Ignore empty lines and comments
$elements = preg_split('/[\t ]+/', $zone_line, 4); $elements = preg_split('/[\t ]+/', $zone_line, 4);
if ($filter_domain !== false AND !str_ends_with($elements[0], $filter_domain)) if ($filter_domain !== false AND match ($filter_include_subdomains) {
true => !str_ends_with($elements[0], $filter_domain),
false => $elements[0] !== $filter_domain,
})
continue; // Ignore records for other domains continue; // Ignore records for other domains
if (!in_array($elements[2], $types, true)) if (!in_array($elements[2], $types, true))
continue; // Ignore records generated by Knot continue; // Ignore records generated by Knot
array_push($parsed_zone_content, array_map('htmlspecialchars', $elements)); array_push($parsed_zone_content, $elements);
} }
return $parsed_zone_content; return $parsed_zone_content;
} }
@ -46,7 +49,7 @@ function knotcConfExec(array $cmds): void {
} }
} }
function knotcZoneExec(string $zone, array $cmd, string $action = NULL) { function knotcZoneExec(string $zone, array $cmd, string $action = NULL): void {
$action = checkAction($action ?? $_POST['action']); $action = checkAction($action ?? $_POST['action']);
knotc(['zone-begin', $zone], $output['begin'], $code['begin']); knotc(['zone-begin', $zone], $output['begin'], $code['begin']);
@ -66,32 +69,32 @@ function knotcZoneExec(string $zone, array $cmd, string $action = NULL) {
} }
} }
function checkIpFormat($ip) { function checkIpFormat(string $ip): string {
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) return match ($ip) {
return 'A'; filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) => 'AAAA',
if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) => 'A',
return 'AAAA'; default => output(403, _('IP address malformed.')),
output(403, _('IP address malformed.')); };
} }
function checkAbsoluteDomainFormat($domain) { // If the domain must end with a dot function checkAbsoluteDomainFormat(string $domain): void { // If the domain must end with a dot
if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR preg_match('/^(?=^.{1,254}$)([a-z0-9_-]{1,63}\.){2,127}$/D', $domain) !== 1) if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR preg_match('/^(?=^.{1,254}$)([a-z0-9_-]{1,63}\.){2,127}$/D', $domain) !== 1)
output(403, _('Domain malformed.')); output(403, _('Domain malformed.'));
} }
function formatEndWithDot($str) { function formatEndWithDot(string $str): string {
if (!str_ends_with($str, '.')) if (!str_ends_with($str, '.'))
$str .= '.'; $str .= '.';
return $str; return $str;
} }
function formatAbsoluteDomain($domain) { function formatAbsoluteDomain(string $domain): string {
$domain = formatEndWithDot(strtolower($domain)); $domain = formatEndWithDot(strtolower($domain));
checkAbsoluteDomainFormat($domain); checkAbsoluteDomainFormat($domain);
return $domain; return $domain;
} }
function checkAction($action) { function checkAction(string $action): string {
return match ($action) { return match ($action) {
'add' => '', 'add' => '',
'delete' => 'un', 'delete' => 'un',

View file

@ -1,9 +1,9 @@
<?php <?php declare(strict_types=1);
const SUBPATH_REGEX = '^[a-z0-9-]{4,63}$'; const SUBPATH_REGEX = '^[a-z0-9-]{4,63}$';
const ED25519_PUBKEY_REGEX = '^[a-zA-Z0-9/+]{68}$'; const ED25519_PUBKEY_REGEX = '^[a-zA-Z0-9/+]{68}$';
function htSetupUserFs($id) { function htSetupUserFs(string $id): void {
// Setup SFTP directory // Setup SFTP directory
if (mkdir(CONF['ht']['ht_path'] . '/fs/' . $id, 0000) !== true) if (mkdir(CONF['ht']['ht_path'] . '/fs/' . $id, 0000) !== true)
output(500, 'Can\'t create user directory.'); output(500, 'Can\'t create user directory.');
@ -42,19 +42,19 @@ function htSetupUserFs($id) {
output(500, 'Can\'t create Tor keys directory.'); output(500, 'Can\'t create Tor keys directory.');
} }
function checkDomainFormat($domain) { function checkDomainFormat(string $domain): void {
// If the domain must end without a dot // If the domain must end without a dot
if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match('/^(?=^.{1,254}$)([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/D', $domain)) if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match('/^(?=^.{1,254}$)([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/D', $domain))
output(403, _('Domain malformed.')); output(403, _('Domain malformed.'));
} }
function formatDomain($domain) { function formatDomain(string $domain): string {
$domain = rtrim(strtolower($domain), '.'); $domain = rtrim(strtolower($domain), '.');
checkDomainFormat($domain); checkDomainFormat($domain);
return $domain; return $domain;
} }
function listFsDirs($username) { function listFsDirs(string $username): array {
if ($username === '') if ($username === '')
return []; return [];
$absoluteDirs = glob(CONF['ht']['ht_path'] . '/fs/' . $username . '/*/', GLOB_ONLYDIR); $absoluteDirs = glob(CONF['ht']['ht_path'] . '/fs/' . $username . '/*/', GLOB_ONLYDIR);
@ -65,7 +65,7 @@ function listFsDirs($username) {
return $dirs; return $dirs;
} }
function addSite($username, $siteDir, $address, $type) { function addSite(string $username, string $siteDir, string $address, string $type): void {
insert('sites', [ insert('sites', [
'username' => $username, 'username' => $username,
'site_dir' => $siteDir, 'site_dir' => $siteDir,
@ -75,7 +75,7 @@ function addSite($username, $siteDir, $address, $type) {
]); ]);
} }
function dirsStatuses($type) { function dirsStatuses(string $type): array {
if (isset($_SESSION['id']) !== true) if (isset($_SESSION['id']) !== true)
return []; return [];
$dbDirs = query('select', 'sites', [ $dbDirs = query('select', 'sites', [
@ -88,7 +88,7 @@ function dirsStatuses($type) {
return $dirs; return $dirs;
} }
function htRelativeSymlink($target, $name) { function htRelativeSymlink(string $target, string $name): void {
chdir(pathinfo($name)['dirname']); chdir(pathinfo($name)['dirname']);
$symlink = symlink($target, pathinfo($name)['basename']); $symlink = symlink($target, pathinfo($name)['basename']);
chdir(ROOT_PATH); chdir(ROOT_PATH);
@ -96,7 +96,7 @@ function htRelativeSymlink($target, $name) {
output(500, 'Unable to create symlink.'); output(500, 'Unable to create symlink.');
} }
function htDeleteSite($address, $type, $user_id) { function htDeleteSite(string $address, string $type, string $user_id): void {
if ($type === 'onion') { if ($type === 'onion') {
$dir = query('select', 'sites', [ $dir = query('select', 'sites', [

View file

@ -1,6 +1,6 @@
<?php <?php declare(strict_types=1);
const SOA_VALUES = [ const NS_SOA_VALUES = [
'ttl' => 10800, 'ttl' => 10800,
'email' => CONF['ns']['public_soa_email'], 'email' => CONF['ns']['public_soa_email'],
'refresh' => 10800, 'refresh' => 10800,
@ -9,15 +9,17 @@ const SOA_VALUES = [
'negative' => 10800, 'negative' => 10800,
]; ];
const MIN_TTL = 300; const NS_MIN_TTL = 300;
const DEFAULT_TTL = 10800; const NS_DEFAULT_TTL = 10800;
const MAX_TTL = 1728000; const NS_MAX_TTL = 1728000;
const ALLOWED_TYPES = ['AAAA', 'A', 'TXT', 'SRV', 'MX', 'SVCB', 'HTTPS', 'NS', 'DS', 'CAA', 'CNAME', 'DNAME', 'LOC', 'SSHFP', 'TLSA']; const NS_ALLOWED_TYPES = ['AAAA', 'A', 'TXT', 'SRV', 'MX', 'SSHFP', 'TLSA', 'NS', 'DS', 'CSYNC', 'CAA', 'CNAME', 'DNAME', 'SVCB', 'HTTPS', 'LOC'];
const ZONE_MAX_CHARACTERS = 10000; const NS_TEXTAREA_MAX_CHARACTERS = 10000;
function nsParseCommonRequirements() { const NS_SYNC_TTL = 10800;
function nsParseCommonRequirements(): array {
nsCheckZonePossession($_POST['zone']); nsCheckZonePossession($_POST['zone']);
if (($_POST['subdomain'] === '') OR ($_POST['subdomain'] === '@')) if (($_POST['subdomain'] === '') OR ($_POST['subdomain'] === '@'))
@ -27,28 +29,28 @@ function nsParseCommonRequirements() {
$values['ttl'] = intval($_POST['ttl-value'] * $_POST['ttl-multiplier']); $values['ttl'] = intval($_POST['ttl-value'] * $_POST['ttl-multiplier']);
if ($values['ttl'] < MIN_TTL) if ($values['ttl'] < NS_MIN_TTL)
output(403, sprintf(_('TTLs shorter than %s seconds are forbidden.'), MIN_TTL)); output(403, sprintf(_('TTLs shorter than %s seconds are forbidden.'), NS_MIN_TTL));
if ($values['ttl'] > MAX_TTL) if ($values['ttl'] > NS_MAX_TTL)
output(403, sprintf(_('TTLs longer than %s seconds are forbidden.'), MAX_TTL)); output(403, sprintf(_('TTLs longer than %s seconds are forbidden.'), NS_MAX_TTL));
return $values; return $values;
} }
function nsListUserZones() { function nsListUserZones(): array {
if (isset($_SESSION['id'])) if (isset($_SESSION['id']))
return query('select', 'zones', ['username' => $_SESSION['id']], 'zone'); return query('select', 'zones', ['username' => $_SESSION['id']], 'zone');
return []; return [];
} }
function nsCheckZonePossession($zone) { function nsCheckZonePossession(string $zone): void {
checkAbsoluteDomainFormat($zone); checkAbsoluteDomainFormat($zone);
if (!in_array($zone, nsListUserZones(), true)) if (!in_array($zone, nsListUserZones(), true))
output(403, 'You don\'t own this zone on the name server.'); output(403, 'You don\'t own this zone on the name server.');
} }
function nsDeleteZone($zone, $user_id) { function nsDeleteZone(string $zone, string $user_id): void {
// Remove from Knot configuration // Remove from Knot configuration
knotcConfExec([['conf-unset', 'zone[' . $zone . ']']]); knotcConfExec([['conf-unset', 'zone[' . $zone . ']']]);
@ -71,6 +73,8 @@ function nsDeleteZone($zone, $user_id) {
if ($code !== 0) if ($code !== 0)
output(500, 'Failed to purge zone data.'); output(500, 'Failed to purge zone data.');
query('delete', 'ns-syncs', ['destination' => $zone]);
// Remove from database // Remove from database
query('delete', 'zones', [ query('delete', 'zones', [
'zone' => $zone, 'zone' => $zone,

View file

@ -1,26 +1,31 @@
<?php <?php declare(strict_types=1);
const SUBDOMAIN_REGEX = '^(?!\-)(?!..\-\-)[a-z0-9-]{4,63}(?<!\-)$'; const SUBDOMAIN_REGEX = '^(?!\-)(?!..\-\-)[a-z0-9-]{4,63}(?<!\-)$';
function regListUserDomains() { const REG_TEXTAREA_MAX_CHARACTERS = 5000;
const REG_ALLOWED_TYPES = ['NS', 'DS', 'AAAA', 'A'];
function regListUserDomains(): array {
if (isset($_SESSION['id'])) if (isset($_SESSION['id']))
return query('select', 'registry', ['username' => $_SESSION['id']], 'domain'); return query('select', 'registry', ['username' => $_SESSION['id']], 'domain');
return []; return [];
} }
function regCheckDomainPossession($domain) { function regCheckDomainPossession(string $domain): void {
if (in_array($domain, regListUserDomains(), true) !== true) if (in_array($domain, regListUserDomains(), true) !== true)
output(403, 'You don\'t own this domain on the registry.'); output(403, 'You don\'t own this domain on the registry.');
} }
function regDeleteDomain($domain, $user_id) { function regStripDomain(string $domain, string $content): string {
return preg_replace('/^(?:[a-z0-9._-]+\.)?' . preg_quote($domain, '/') . '[\t ]+.+$/Dm', '', $content);
}
function regDeleteDomain(string $domain, string $user_id): void {
// Delete domain from registry file // Delete domain from registry file
$path = CONF['reg']['suffixes_path'] . '/' . regParseDomain($domain)['suffix'] . 'zone'; $path = CONF['reg']['suffixes_path'] . '/' . regParseDomain($domain)['suffix'] . 'zone';
$content = file_get_contents($path); if (($content = file_get_contents($path)) === false)
if ($content === false)
output(500, 'Failed to read current registry file.'); output(500, 'Failed to read current registry file.');
$content = preg_replace('/^(?:[a-z0-9._-]+\.)?' . preg_quote($domain, '/') . '[\t ]+.+$/Dm', '', $content); if (file_put_contents($path, regStripDomain($domain, $content)) === false)
if (file_put_contents($path, $content) === false)
output(500, 'Failed to write new registry file.'); output(500, 'Failed to write new registry file.');
try { try {
@ -46,7 +51,7 @@ function regDeleteDomain($domain, $user_id) {
} }
} }
function regParseDomain($domain) { function regParseDomain(string $domain): array {
$parts = explode('.', $domain, 2); $parts = explode('.', $domain, 2);
$subdomain = $parts[0]; $subdomain = $parts[0];
$suffix = $parts[1]; $suffix = $parts[1];
@ -59,3 +64,53 @@ function regParseDomain($domain) {
'suffix' => $suffix, 'suffix' => $suffix,
]; ];
} }
function regParseRecord(string $domain, array $record): array {
checkAbsoluteDomainFormat($record['domain']);
if ($record['domain'] !== $_POST['domain']) {
if ($record['type'] !== 'ip')
output(403, _('You can only set a NS/DS record for an apex domain.'));
else if (!str_ends_with($record['domain'], '.' . $domain))
output(403, _('You can\'t set a record for another domain.'));
}
$new_rec = [
$record['domain'],
CONF['reg']['ttl'],
$record['type'],
];
if ($record['type'] === 'DS') {
if (!in_array($record['algo'], ['8', '13', '14', '15', '16'], true))
output(403, 'Wrong value for <code>algo</code>.');
if ((preg_match('/^[0-9]{1,6}$/D', $record['keytag'])) !== 1 OR !($record['keytag'] >= 1) OR !($record['keytag'] <= 65535))
output(403, 'Wrong value for <code>keytag</code>.');
if ($record['dt'] !== '2' AND $record['dt'] !== '4')
output(403, 'Wrong value for <code>dt</code>.');
if (preg_match('/^(?:[0-9a-fA-F]{64}|[0-9a-fA-F]{96})$/D', $record['key']) !== 1)
output(403, 'Wrong value for <code>key</code>.');
return [
...$new_rec,
$record['keytag'],
$record['algo'],
$record['dt'],
$record['key'],
];
}
if ($record['type'] === 'NS')
return [
...$new_rec,
formatAbsoluteDomain($record['ns']),
];
if ($record['type'] === 'ip')
return [
$record['domain'],
CONF['reg']['ttl'],
checkIpFormat($record['ip']),
$record['ip'],
];
}

View file

@ -1,13 +1,13 @@
<?php <?php declare(strict_types=1);
umask(0077); umask(0077);
set_error_handler(function ($level, $message, $file = '', $line = 0) { set_error_handler(function ($level, $message, $file = '', $line = 0) {
throw new ErrorException($message, 0, $level, $file, $line); throw new ErrorException($message, 0, $level, $file, $line);
}); });
set_exception_handler(function ($e) { set_exception_handler(function ($e) {
error_log($e); error_log((string) $e);
http_response_code(500); http_response_code(500);
echo '<h1>Error</h1>An error occured.'; echo '<h1>Error</h1><p>An error occured.<p>';
}); });
register_shutdown_function(function () { // Also catch fatal errors register_shutdown_function(function () { // Also catch fatal errors
if (($error = error_get_last()) !== NULL) if (($error = error_get_last()) !== NULL)

View file

@ -1,6 +1,7 @@
<?php // Test that the current setup is working <?php declare(strict_types=1);
// Test that the current setup is working
require 'init.php'; require __DIR__ . '/../init.php';
const SFTP = '/usr/bin/sftp'; const SFTP = '/usr/bin/sftp';
const SSHPASS = '/usr/bin/sshpass'; const SSHPASS = '/usr/bin/sshpass';
@ -18,7 +19,7 @@ if (preg_match('/^;; Flags: qr rd ra ad;/Dm', implode("\n", $output)) !== 1)
define('COOKIE_FILE', sys_get_temp_dir() . '/cookie-' . bin2hex(random_bytes(16)) . '.txt'); define('COOKIE_FILE', sys_get_temp_dir() . '/cookie-' . bin2hex(random_bytes(16)) . '.txt');
function curlTest($address, $post = [], $tor = false) { function curlTest(string $address, array $post = [], bool $tor = false): string {
$req = curl_init(); $req = curl_init();
curl_setopt($req, CURLOPT_RETURNTRANSFER, true); curl_setopt($req, CURLOPT_RETURNTRANSFER, true);
@ -47,7 +48,7 @@ function curlTest($address, $post = [], $tor = false) {
if ($status_code >= 400 OR $result === false) { if ($status_code >= 400 OR $result === false) {
var_dump($result); var_dump($result);
var_dump(curl_error($req)); var_dump(curl_error($req));
exit($address . ' test failed with status code ' . $status_code . LF); throw new Exception($address . ' test failed with status code ' . $status_code);
} }
return $result; return $result;
} }
@ -60,13 +61,6 @@ curlTest('/auth/register', [
'password' => $password, 'password' => $password,
]); ]);
curlTest('/auth/logout', []);
curlTest('/auth/login', [
'username' => $username,
'password' => $password,
]);
$new_password = bin2hex(random_bytes(16)); $new_password = bin2hex(random_bytes(16));
curlTest('/auth/password', [ curlTest('/auth/password', [
'current-password' => $password, 'current-password' => $password,
@ -74,9 +68,20 @@ curlTest('/auth/password', [
]); ]);
$password = $new_password; $password = $new_password;
curlTest('/auth/register', [
'username' => $username . '2',
'password' => $password,
]);
curlTest('/auth/logout', []);
curlTest('/auth/login', [
'username' => $username,
'password' => $password,
]);
curlTest('/auth/username', [ curlTest('/auth/username', [
'current-password' => $password, 'current-password' => $password,
'new-username' => $username . '2', 'new-username' => $username . '3',
]); ]);
curlTest('/auth/username', [ curlTest('/auth/username', [
'current-password' => $password, 'current-password' => $password,
@ -85,7 +90,9 @@ curlTest('/auth/username', [
echo 'Created account with username "' . $username . '" and password "' . $password . '".' . LF; echo 'Created account with username "' . $username . '" and password "' . $password . '".' . LF;
function testReg() { function testReg(): string {
global $username, $password;
$subdomain = bin2hex(random_bytes(16)); $subdomain = bin2hex(random_bytes(16));
curlTest('/reg/register', [ curlTest('/reg/register', [
@ -116,10 +123,43 @@ function testReg() {
'ns' => 'ns1.servnest.invalid.', 'ns' => 'ns1.servnest.invalid.',
]); ]);
{ // Domain transfer
curlTest('/auth/logout', []);
curlTest('/auth/login', [
'username' => $username . '2',
'password' => $password,
]);
preg_match('#\<code\>(?<token>[0-9a-z-]{16,128}\._transfer-verification\.' . preg_quote(CORE_DOMAIN, '#') . '\.)\</code\>#', curlTest('/reg/transfer', []), $matches);
curlTest('/auth/logout', []);
curlTest('/auth/login', [
'username' => $username,
'password' => $password,
]);
curlTest('/reg/ns', [
'action' => 'add',
'domain' => $domain,
'ns' => $matches['token'],
]);
curlTest('/auth/logout', []);
curlTest('/auth/login', [
'username' => $username . '2',
'password' => $password,
]);
curlTest('/reg/transfer', [
'subdomain' => $subdomain,
'suffix' => SUFFIX,
'ns' => $matches['token'],
]);
$username = $username . '2';
}
return $domain; return $domain;
} }
function testNs($domain) { function testNs(string $domain): void {
foreach (CONF['ns']['servers'] as $ns) foreach (CONF['ns']['servers'] as $ns)
curlTest('/reg/ns', [ curlTest('/reg/ns', [
'action' => 'add', 'action' => 'add',
@ -164,8 +204,8 @@ function testNs($domain) {
exit('Error: /ns/caa: CAA record not set' . LF); exit('Error: /ns/caa: CAA record not set' . LF);
curlTest('/ns/edit', [ curlTest('/ns/edit', [
'zone' => $domain, 'domain' => $domain,
'zone-content' => 'aaaa.' . $domain . ' 3600 AAAA ' . CONF['ht']['ipv6_address'] . "\r\n" 'records' => 'aaaa.' . $domain . ' 3600 AAAA ' . CONF['ht']['ipv6_address'] . "\r\n"
. '@ 86400 NS ' . CONF['ns']['servers'][0] . "\r\n", . '@ 86400 NS ' . CONF['ns']['servers'][0] . "\r\n",
]); ]);
exescape([ exescape([
@ -178,7 +218,7 @@ function testNs($domain) {
exit('Error: /ns/edit: AAAA record not set' . LF); exit('Error: /ns/edit: AAAA record not set' . LF);
} }
function testHt($username, $password) { function testHt(string $username, string $password): void {
define('TEST_CONTENT', 'test-' . bin2hex(random_bytes(16))); define('TEST_CONTENT', 'test-' . bin2hex(random_bytes(16)));
file_put_contents(sys_get_temp_dir() . '/index.html', TEST_CONTENT); file_put_contents(sys_get_temp_dir() . '/index.html', TEST_CONTENT);

View file

@ -1,5 +1,5 @@
<?php <?php declare(strict_types=1);
require 'init.php'; require __DIR__ . '/../init.php';
const MAX_TESTING_ACCOUNT_AGE = 86400 * 10; const MAX_TESTING_ACCOUNT_AGE = 86400 * 10;

42
jobs/ns-sync.php Normal file
View file

@ -0,0 +1,42 @@
<?php declare(strict_types=1);
require __DIR__ . '/../init.php';
foreach (query('select', 'ns-syncs') as $sync) {
$zone_raw = file_get_contents(CONF['ns']['knot_zones_path'] . '/' . $sync['destination'] . 'zone');
if ($zone_raw === false)
output(403, 'Unable to read zone file.');
foreach (['AAAA', 'A', 'CAA'] as $type) {
// Get source/distant records
try {
$results = kdig(name: $sync['source'], type: $type);
} catch (KdigException) {
fwrite(STDERR, $sync['source'] . ' resolution failed.' . LF);
break;
}
if ($results['AD'] !== 1) {
fwrite(STDERR, $sync['source'] . ' skipped: not signed using DNSSEC.' . LF);
continue;
}
$source_records = array_column($results['answerRRs'] ?? [], 'rdata' . $type);
// Get destination/local records
$dest_records = array_column(parseZoneFile($zone_raw, [$type], $sync['destination'], false), 3);
// Add source records that are not yet in destination
foreach (array_diff($source_records, $dest_records) as $value_to_add)
knotcZoneExec($sync['destination'], [
$sync['destination'],
SYNC_TTL,
$type,
$value_to_add,
], 'add');
// Delete destination records that are not part of source anymore
foreach (array_diff($dest_records, $source_records) as $value_to_delete)
knotcZoneExec($sync['destination'], [
$sync['destination'],
$type,
$value_to_delete,
], 'delete');
}
}

57
jobs/reg-cds.php Normal file
View file

@ -0,0 +1,57 @@
<?php declare(strict_types=1);
/*
RFC 7344: Automating DNSSEC Delegation Trust Maintenance
RFC 8078: Managing DS Records from the Parent via CDS/CDNSKEY
*/
require __DIR__ . '/../init.php';
foreach (query('select', 'registry') as $entry) {
$suffix = regParseDomain($entry['domain'])['suffix'];
// Get child/distant records
try {
$results = kdig(name: $entry['domain'], type: 'CDS');
} catch (KdigException) {
fwrite(STDERR, $entry['domain'] . ' resolution failed.' . LF);
continue;
}
if ($results['AD'] !== 1) // No DNSSEC
continue;
$cds_records = array_column($results['answerRRs'] ?? [], 'rdataCDS');
// Skip if no updates
if ($cds_records === [])
continue;
// Get parent/local CDS records
$zone_raw = file_get_contents(CONF['reg']['suffixes_path'] . '/' . $suffix . 'zone');
if ($zone_raw === false)
output(403, 'Unable to read zone file.');
$pds_records = array_column(parseZoneFile($zone_raw, ['DS'], $entry['domain'], false), 3);
if ($cds_records === ['0 0 0 0'])
// Delete every parent DS records
foreach ($pds_records as $value_to_delete)
knotcZoneExec($suffix, [
$entry['domain'],
'DS',
$value_to_delete,
], 'delete');
else {
// Add child DS records that are not yet in parent
foreach (array_diff($cds_records, $pds_records) as $value_to_add)
knotcZoneExec($suffix, [
$entry['domain'],
CONF['reg']['ttl'],
'DS',
$value_to_add,
], 'add');
// Delete parent DS records that are not part of child anymore
foreach (array_diff($pds_records, $cds_records) as $value_to_delete)
knotcZoneExec($suffix, [
$entry['domain'],
'DS',
$value_to_delete,
], 'delete');
}
}

61
jobs/reg-csync.php Normal file
View file

@ -0,0 +1,61 @@
<?php declare(strict_types=1);
/*
RFC 7477: Child-to-Parent Synchronization in DNS
*/
require __DIR__ . '/../init.php';
foreach (query('select', 'registry') as $entry) {
$suffix = regParseDomain($entry['domain'])['suffix'];
// Get child/distant CSYNC records
try {
$results = kdig(name: $entry['domain'], type: 'CSYNC');
} catch (KdigException) {
fwrite(STDERR, $entry['domain'] . ' CSYNC resolution failed.' . LF);
continue;
}
if ($results['AD'] !== 1)
continue;
if (count($results['answerRRs'] ?? []) !== 1) // Parental agents MUST ignore a child's CSYNC RDATA set if multiple CSYNC resource records are found; only a single CSYNC record should ever be present.
continue;
list($serial, $flags, $types) = explode(' ', $results['answerRRs'][0]['rdataCSYNC'], 3);
if ($flags !== '1')
continue; // Skip unsupported flags
if ($types !== 'NS')
continue; // Skip unsupported types
// Get child/distant NS records
try {
$results = kdig(name: $entry['domain'], type: 'NS');
} catch (KdigException) {
fwrite(STDERR, $entry['domain'] . ' NS resolution failed.' . LF);
continue;
}
if ($results['AD'] !== 1)
continue;
$child_ns_records = array_column($results['answerRRs'] ?? [], 'rdataNS');
if (count($child_ns_records) === []) // Parental agents MUST NOT perform NS updates if there are no NS records returned in a query, as verified by DNSSEC denial-of-existence protection.
continue;
// Get parent/local NS records
$zone_raw = file_get_contents(CONF['reg']['suffixes_path'] . '/' . $suffix . 'zone');
if ($zone_raw === false)
output(403, 'Unable to read zone file.');
$parent_ns_records = array_column(parseZoneFile($zone_raw, ['NS'], $entry['domain'], false), 3);
// Add child NS records that are not yet in parent
foreach (array_diff($child_ns_records, $parent_ns_records) as $value_to_add)
knotcZoneExec($suffix, [
$entry['domain'],
CONF['reg']['ttl'],
'NS',
$value_to_add,
], 'add');
// Delete parent NS records that are not part of child anymore
foreach (array_diff($parent_ns_records, $child_ns_records) as $value_to_delete)
knotcZoneExec($suffix, [
$entry['domain'],
'NS',
$value_to_delete,
], 'delete');
}

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
define('PAGES', [ define('PAGES', [
'index' => [ 'index' => [
@ -63,6 +63,11 @@ define('PAGES', [
'description' => _('Print every record related to a domain and served by the registry'), 'description' => _('Print every record related to a domain and served by the registry'),
'tokens_account_cost' => 60, 'tokens_account_cost' => 60,
], ],
'edit' => [
'title' => _('Edit records'),
'description' => _('Set registry records to delegate a domain to chosen name servers'),
'tokens_account_cost' => 900,
],
'ns' => [ 'ns' => [
'title' => sprintf(_('%s records'), '<abbr title="Name Server">NS</abbr>'), 'title' => sprintf(_('%s records'), '<abbr title="Name Server">NS</abbr>'),
'description' => sprintf(_('Indicate the name servers of a %s subdomain'), '<code>' . key(CONF['reg']['suffixes']) . '</code>'), 'description' => sprintf(_('Indicate the name servers of a %s subdomain'), '<code>' . key(CONF['reg']['suffixes']) . '</code>'),
@ -163,6 +168,11 @@ define('PAGES', [
'description' => _('Store geographic coordinates'), 'description' => _('Store geographic coordinates'),
'tokens_account_cost' => 120, 'tokens_account_cost' => 120,
], ],
'sync' => [
'title' => sprintf(_('Synchronized records')),
'description' => _('Regularly fetch distant records and update them to a local zone'),
'tokens_account_cost' => 900,
],
], ],
'ht' => [ 'ht' => [
'index' => [ 'index' => [

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
if ($_SESSION['type'] !== 'testing') if ($_SESSION['type'] !== 'testing')
output(403, _('This account is already approved.')); output(403, _('This account is already approved.'));

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
checkPasswordFormat($_POST['password']); checkPasswordFormat($_POST['password']);

View file

@ -1,3 +0,0 @@
<?php
logout();

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
checkPasswordFormat($_POST['new-password']); checkPasswordFormat($_POST['new-password']);

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
if (CONF['common']['services']['auth'] !== 'enabled') if (CONF['common']['services']['auth'] !== 'enabled')
output(403, _('Registrations are currently closed on this installation.')); output(403, _('Registrations are currently closed on this installation.'));

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
if (checkPassword($_SESSION['id'], $_POST['current-password']) !== true) if (checkPassword($_SESSION['id'], $_POST['current-password']) !== true)
output(403, _('Wrong current password.')); output(403, _('Wrong current password.'));

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
checkUsernameFormat($_POST['new-username']); checkUsernameFormat($_POST['new-username']);

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
$_POST['domain'] = formatDomain($_POST['domain']); $_POST['domain'] = formatDomain($_POST['domain']);

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
if (dirsStatuses('onion')[$_POST['dir']] !== false) if (dirsStatuses('onion')[$_POST['dir']] !== false)
output(403, 'Wrong value for <code>dir</code>.'); output(403, 'Wrong value for <code>dir</code>.');

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
if (dirsStatuses('subdomain')[$_POST['dir']] !== false) if (dirsStatuses('subdomain')[$_POST['dir']] !== false)
output(403, 'Wrong value for <code>dir</code>.'); output(403, 'Wrong value for <code>dir</code>.');

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
if (dirsStatuses('subpath')[$_POST['dir']] !== false) if (dirsStatuses('subpath')[$_POST['dir']] !== false)
output(403, 'Wrong value for <code>dir</code>.'); output(403, 'Wrong value for <code>dir</code>.');

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
if (preg_match('/^(?<type>subpath|subdomain|onion|dns):(?<address>[a-z0-9._-]{1,256})$/D', $_POST['site'], $site) !== 1) if (preg_match('/^(?<type>subpath|subdomain|onion|dns):(?<address>[a-z0-9._-]{1,256})$/D', $_POST['site'], $site) !== 1)
output(403, 'Malformed value for <code>site</code>.'); output(403, 'Malformed value for <code>site</code>.');

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
$el_nb = count($_POST['keys']); $el_nb = count($_POST['keys']);
if ($el_nb < 1 OR $el_nb > 8) if ($el_nb < 1 OR $el_nb > 8)

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();

View file

@ -1,60 +1,62 @@
<?php <?php declare(strict_types=1);
nsCheckZonePossession($_POST['zone']); nsCheckZonePossession($_POST['domain']);
if (isset($_POST['zone-content'])) { // Update zone $path = CONF['ns']['knot_zones_path'] . '/' . $_POST['domain'] . 'zone';
if (isset($_POST['records'])) {
// Get current SOA record // Get current SOA record
$current_zone_content = file_get_contents(CONF['ns']['knot_zones_path'] . '/' . $_POST['zone'] . 'zone'); $current_zone_content = file_get_contents($path);
if ($current_zone_content === false) if ($current_zone_content === false)
output(500, 'Unable to read zone file.'); output(500, 'Unable to read zone file.');
if (preg_match('/^(?<soa>' . preg_quote($_POST['zone'], '/') . '[\t ]+[0-9]{1,16}[\t ]+SOA[\t ]+.+)$/Dm', $current_zone_content, $matches) !== 1) if (preg_match('/^(?<soa>' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,16}[\t ]+SOA[\t ]+.+)$/Dm', $current_zone_content, $matches) !== 1)
output(500, 'Unable to get current SOA record from zone file.'); output(500, 'Unable to get current SOA record from zone file.');
// Generate new zone content // Generate new content
$new_zone_content = $matches['soa'] . LF; $new_zone_content = $matches['soa'] . LF;
if (strlen($_POST['zone-content']) > ZONE_MAX_CHARACTERS) if (strlen($_POST['records']) > NS_TEXTAREA_MAX_CHARACTERS)
output(403, sprintf(_('The zone is limited to %s characters.'), ZONE_MAX_CHARACTERS)); output(403, sprintf(_('The zone is limited to %s characters.'), NS_TEXTAREA_MAX_CHARACTERS));
foreach (explode("\r\n", $_POST['zone-content']) as $line) { foreach (explode("\r\n", $_POST['records']) as $record) {
if ($line === '') continue; if ($record === '') continue;
if (preg_match('/^(?<domain>[a-z0-9@._-]{1,256})(?:[\t ]+(?<ttl>[0-9]{1,16}))?(?:[\t ]+IN)?[\t ]+(?<type>[A-Z]{1,16})[\t ]+(?<value>.+)$/D', $line, $matches) !== 1) if (preg_match('/^(?<domain>[a-z0-9@._-]{1,256})(?:[\t ]+(?<ttl>[0-9]{1,16}))?(?:[\t ]+IN)?[\t ]+(?<type>[A-Z]{1,16})[\t ]+(?<value>.+)$/D', $record, $matches) !== 1)
output(403, _('The following line does not match the expected format: ') . '<code>' . htmlspecialchars($line) . '</code>'); output(403, _('The following line does not match the expected format: ') . '<code>' . htmlspecialchars($record) . '</code>');
if (in_array($matches['type'], ALLOWED_TYPES, true) !== true) if (in_array($matches['type'], NS_ALLOWED_TYPES, true) !== true)
output(403, sprintf(_('The %s type is not allowed.'), '<code>' . $matches['type'] . '</code>')); output(403, sprintf(_('The %s type is not allowed.'), '<code>' . $matches['type'] . '</code>'));
if ($matches['ttl'] !== '' AND $matches['ttl'] < MIN_TTL) if ($matches['ttl'] !== '' AND $matches['ttl'] < NS_MIN_TTL)
output(403, sprintf(_('TTLs shorter than %s seconds are forbidden.'), MIN_TTL)); output(403, sprintf(_('TTLs shorter than %s seconds are forbidden.'), NS_MIN_TTL));
if ($matches['ttl'] !== '' AND $matches['ttl'] > MAX_TTL) if ($matches['ttl'] !== '' AND $matches['ttl'] > NS_MAX_TTL)
output(403, sprintf(_('TTLs longer than %s seconds are forbidden.'), MAX_TTL)); output(403, sprintf(_('TTLs longer than %s seconds are forbidden.'), NS_MAX_TTL));
$new_zone_content .= $matches['domain'] . ' ' . (($matches['ttl'] === '') ? DEFAULT_TTL : $matches['ttl']) . ' ' . $matches['type'] . ' ' . $matches['value'] . LF; $new_zone_content .= $matches['domain'] . ' ' . (($matches['ttl'] === '') ? NS_DEFAULT_TTL : $matches['ttl']) . ' ' . $matches['type'] . ' ' . $matches['value'] . LF;
} }
// Send the zone content to kzonecheck's stdin // Send the zone content to kzonecheck's stdin
$process = proc_open(CONF['ns']['kzonecheck_path'] . ' --origin ' . $_POST['zone'] . ' --dnssec off -', [0 => ['pipe', 'r']], $pipes); $process = proc_open(CONF['ns']['kzonecheck_path'] . ' --origin ' . escapeshellarg($_POST['domain']) . ' --dnssec off -', [0 => ['pipe', 'r']], $pipes);
if (is_resource($process) !== true) if (is_resource($process) !== true)
output(500, 'Can\'t spawn kzonecheck.'); output(500, 'Can\'t spawn kzonecheck.');
fwrite($pipes[0], $new_zone_content); fwrite($pipes[0], $new_zone_content);
fclose($pipes[0]); fclose($pipes[0]);
if (proc_close($process) !== 0) if (proc_close($process) !== 0)
output(403, _('Sent zone content is not correct (according to <code>kzonecheck</code>).')); output(403, _('Sent content is not correct (according to <code>kzonecheck</code>).'));
ratelimit(); ratelimit();
knotc(['zone-freeze', $_POST['zone']], $output, $return_code); knotc(['zone-freeze', $_POST['domain']], $output, $return_code);
if ($return_code !== 0) if ($return_code !== 0)
output(500, 'Failed to freeze zone file.', $output); output(500, 'Failed to freeze zone file.', $output);
knotc(['zone-flush', $_POST['zone']], $output, $return_code); knotc(['zone-flush', $_POST['domain']], $output, $return_code);
if ($return_code !== 0) if ($return_code !== 0)
output(500, 'Failed to flush zone file.', $output); output(500, 'Failed to flush zone file.', $output);
if (file_put_contents(CONF['ns']['knot_zones_path'] . '/' . $_POST['zone'] . 'zone', $new_zone_content) === false) if (file_put_contents($path, $new_zone_content) === false)
output(500, 'Failed to write zone file.'); output(500, 'Failed to write zone file.');
knotc(['zone-reload', $_POST['zone']], $output, $return_code); knotc(['zone-reload', $_POST['domain']], $output, $return_code);
if ($return_code !== 0) if ($return_code !== 0)
output(500, 'Failed to reload zone file.', $output); output(500, 'Failed to reload zone file.', $output);
knotc(['zone-thaw', $_POST['zone']], $output, $return_code); knotc(['zone-thaw', $_POST['domain']], $output, $return_code);
if ($return_code !== 0) if ($return_code !== 0)
output(500, 'Failed to thaw zone file.', $output); output(500, 'Failed to thaw zone file.', $output);
@ -63,18 +65,17 @@ if (isset($_POST['zone-content'])) { // Update zone
// Display zone // Display zone
$zone_content = file_get_contents(CONF['ns']['knot_zones_path'] . '/' . $_POST['zone'] . 'zone'); if (($records = file_get_contents($path)) === false)
if ($zone_content === false)
output(500, 'Unable to read zone file.'); output(500, 'Unable to read zone file.');
$data['zone_content'] = ''; $data['records'] = '';
foreach (explode(LF, $zone_content) as $zone_line) { foreach (explode(LF, $records) as $zone_line) {
if (empty($zone_line) OR str_starts_with($zone_line, ';')) if (empty($zone_line) OR str_starts_with($zone_line, ';'))
continue; continue;
if (preg_match('/^(?:(?:[a-z0-9_-]{1,63}\.){1,127})?' . preg_quote($_POST['zone'], '/') . '[\t ]+[0-9]{1,8}[\t ]+(?<type>[A-Z]{1,16})[\t ]+.+$/D', $zone_line, $matches)) { if (preg_match('/^(?:(?:[a-z0-9_-]{1,63}\.){1,127})?' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,8}[\t ]+(?<type>[A-Z]{1,16})[\t ]+.+$/D', $zone_line, $matches)) {
if (in_array($matches['type'], ALLOWED_TYPES, true) !== true) if (in_array($matches['type'], NS_ALLOWED_TYPES, true) !== true)
continue; continue;
$data['zone_content'] .= $zone_line . LF; $data['records'] .= $zone_line . LF;
} }
} }
$data['zone_content'] .= LF; $data['records'] .= LF;

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
nsCheckZonePossession($_POST['zone']); nsCheckZonePossession($_POST['zone']);

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();

41
pg-act/ns/sync.php Normal file
View file

@ -0,0 +1,41 @@
<?php declare(strict_types=1);
$el_nb = count($_POST['syncs']);
if ($el_nb < 1 OR $el_nb > 8)
output(403, 'Wrong elements number.');
foreach ($_POST['syncs'] as $i => $sync) {
if (($sync['source'] ?? '') === '') {
unset($_POST['syncs'][$i]);
continue;
}
$sync['source'] = formatAbsoluteDomain($sync['source']);
nsCheckZonePossession($sync['destination']);
}
$syncs = array_values($_POST['syncs']);
$destinations = array_column($syncs, 'destination');
if (count($destinations) !== count(array_unique($destinations)))
output(403, _('Multiple source domains can\'t be applied to the same target domain.'));
rateLimit();
try {
DB->beginTransaction();
query('delete', 'ns-syncs', ['username' => $_SESSION['id']]);
foreach ($syncs as $sync)
insert('ns-syncs', [
'username' => $_SESSION['id'],
'source' => $sync['source'],
'destination' => $sync['destination'],
]);
DB->commit();
} catch (Exception $e) {
DB->rollback();
output(500, 'Database error.', [$e->getMessage()]);
}
output(200, _('Synchronized records updated.'));

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
$values = nsParseCommonRequirements(); $values = nsParseCommonRequirements();

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
$_POST['domain'] = formatAbsoluteDomain($_POST['domain']); $_POST['domain'] = formatAbsoluteDomain($_POST['domain']);
@ -41,18 +41,19 @@ insert('zones', [
$knotZonePath = CONF['ns']['knot_zones_path'] . '/' . $_POST['domain'] . 'zone'; $knotZonePath = CONF['ns']['knot_zones_path'] . '/' . $_POST['domain'] . 'zone';
$knotZone = implode(' ', [ $knotZone = implode(' ', [
$_POST['domain'], $_POST['domain'],
SOA_VALUES['ttl'], NS_SOA_VALUES['ttl'],
'SOA', 'SOA',
CONF['ns']['servers'][0], CONF['ns']['servers'][0],
SOA_VALUES['email'], NS_SOA_VALUES['email'],
1, 1,
SOA_VALUES['refresh'], NS_SOA_VALUES['refresh'],
SOA_VALUES['retry'], NS_SOA_VALUES['retry'],
SOA_VALUES['expire'], NS_SOA_VALUES['expire'],
SOA_VALUES['negative'], NS_SOA_VALUES['negative'],
]) . LF; ]) . LF;
foreach (CONF['ns']['servers'] as $server) foreach (CONF['ns']['servers'] as $server)
$knotZone .= $_POST['domain'] . ' 86400 NS ' . $server . LF; $knotZone .= $_POST['domain'] . ' 86400 NS ' . $server . LF;
$knotZone .= $_POST['domain'] . ' 86400 CSYNC 0 1 NS' . LF;
if (is_int(file_put_contents($knotZonePath, $knotZone)) !== true) if (is_int(file_put_contents($knotZonePath, $knotZone)) !== true)
output(500, 'Failed to write new zone file.'); output(500, 'Failed to write new zone file.');
if (chmod($knotZonePath, 0660) !== true) if (chmod($knotZonePath, 0660) !== true)

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
nsCheckZonePossession($_POST['zone']); nsCheckZonePossession($_POST['zone']);

View file

@ -1,30 +1,12 @@
<?php <?php declare(strict_types=1);
if (!in_array($_POST['algo'], ['8', '13', '14', '15', '16'], true)) regCheckDomainPossession($_POST['domain']);
output(403, 'Wrong value for <code>algo</code>.');
$_POST['keytag'] = intval($_POST['keytag']);
if ((preg_match('/^[0-9]{1,6}$/D', $_POST['keytag'])) !== 1 OR !($_POST['keytag'] >= 1) OR !($_POST['keytag'] <= 65535))
output(403, 'Wrong value for <code>keytag</code>.');
if ($_POST['dt'] !== '2' AND $_POST['dt'] !== '4')
output(403, 'Wrong value for <code>dt</code>.');
if (preg_match('/^(?:[0-9a-fA-F]{64}|[0-9a-fA-F]{96})$/D', $_POST['key']) !== 1)
output(403, 'Wrong value for <code>key</code>.');
regCheckDomainPossession($_POST['zone']);
rateLimit(); rateLimit();
knotcZoneExec(regParseDomain($_POST['zone'])['suffix'], [ knotcZoneExec(regParseDomain($_POST['domain'])['suffix'], regParseRecord($_POST['domain'], [
$_POST['zone'], 'type' => 'DS',
CONF['reg']['ttl'], ...$_POST,
'DS', ]));
$_POST['keytag'],
$_POST['algo'],
$_POST['dt'],
$_POST['key']
]);
output(200, _('Modification done.')); output(200, _('Modification done.'));

97
pg-act/reg/edit.php Normal file
View file

@ -0,0 +1,97 @@
<?php declare(strict_types=1);
regCheckDomainPossession($_POST['domain']);
$suffix = regParseDomain($_POST['domain'])['suffix'];
$path = CONF['reg']['suffixes_path'] . '/' . $suffix . 'zone';
if (isset($_POST['records'])) {
// Generate new content
$new_records = '';
if (strlen($_POST['records']) > REG_TEXTAREA_MAX_CHARACTERS)
output(403, sprintf(_('The zone is limited to %s characters.'), REG_TEXTAREA_MAX_CHARACTERS));
foreach (explode("\r\n", $_POST['records']) as $record) {
if ($record === '') continue;
if (preg_match('/^(?<domain>[a-z0-9@._-]{1,256})(?:[\t ]+(?<ttl>[0-9]{1,16}))?(?:[\t ]+IN)?[\t ]+(?<type>[A-Z]{1,16})[\t ]+(?<value>.+)$/D', $record, $matches) !== 1)
output(403, _('The following line does not match the expected format: ') . '<code>' . htmlspecialchars($record) . '</code>');
if (in_array($matches['type'], REG_ALLOWED_TYPES, true) !== true)
output(403, sprintf(_('The %s type is not allowed.'), '<code>' . $matches['type'] . '</code>'));
if ($matches['type'] === 'DS' AND count($record_values = explode(' ', $matches['value'])) !== 4)
output(403, _('A DS record expects 4 arguments.'));
$new_records .= implode(' ', regParseRecord($_POST['domain'], [
'domain' => $matches['domain'],
'type' => match ($matches['type']) {
'NS', 'DS' => $matches['type'],
'AAAA', 'A' => 'ip',
default => output(403, sprintf(_('The %s type is not allowed.'), '<code>' . $matches['type'] . '</code>')),
},
...match ($matches['type']) {
'NS' => ['ns' => $matches['value']],
'AAAA', 'A' => ['ip' => $matches['value']],
'DS' => array_combine([
'keytag',
'algo',
'dt',
'key',
], $record_values),
},
])) . LF;
}
// Send the zone content to kzonecheck's stdin
$process = proc_open(CONF['ns']['kzonecheck_path'] . ' --origin ' . escapeshellarg($suffix) . ' --dnssec off -', [0 => ['pipe', 'r']], $pipes);
if (is_resource($process) !== true)
output(500, 'Can\'t spawn kzonecheck.');
$new = $suffix . ' 10800 SOA invalid. invalid. 0 21600 7200 3628800 3600' . LF . $suffix . ' 10800 NS invalid.' . LF . $new_records;
fwrite($pipes[0], $new);
fclose($pipes[0]);
if (proc_close($process) !== 0)
output(403, _('Sent content is not correct (according to <code>kzonecheck</code>).'));
ratelimit();
knotc(['zone-freeze', $suffix], $output, $return_code);
if ($return_code !== 0)
output(500, 'Failed to freeze zone file.', $output);
knotc(['zone-flush', $suffix], $output, $return_code);
if ($return_code !== 0)
output(500, 'Failed to flush zone file.', $output);
if (($zone_content = file_get_contents($path)) === false)
output(500, 'Unable to read zone file.');
$zone_content = regStripDomain($_POST['domain'], $zone_content);
if (file_put_contents($path, $zone_content . LF . $new_records) === false)
output(500, 'Failed to write zone file.');
knotc(['zone-reload', $suffix], $output, $return_code);
if ($return_code !== 0)
output(500, 'Failed to reload zone file.', $output);
knotc(['zone-thaw', $suffix], $output, $return_code);
if ($return_code !== 0)
output(500, 'Failed to thaw zone file.', $output);
usleep(1000000);
}
// Display zone
if (($records = file_get_contents($path)) === false)
output(500, 'Unable to read zone file.');
$data['records'] = '';
foreach (explode(LF, $records) as $zone_line) {
if (empty($zone_line) OR str_starts_with($zone_line, ';'))
continue;
if (preg_match('/^(?:(?:[a-z0-9_-]{1,63}\.){1,127})?' . preg_quote($_POST['domain'], '/') . '[\t ]+[0-9]{1,8}[\t ]+(?<type>[A-Z]{1,16})[\t ]+.+$/D', $zone_line, $matches)) {
if (in_array($matches['type'], REG_ALLOWED_TYPES, true) !== true)
continue;
$data['records'] .= $zone_line . LF;
}
}
$data['records'] .= LF;

View file

@ -1,14 +1,13 @@
<?php <?php declare(strict_types=1);
regCheckDomainPossession($_POST['suffix']); regCheckDomainPossession($_POST['domain']);
rateLimit(); rateLimit();
knotcZoneExec(regParseDomain($_POST['suffix'])['suffix'], [ knotcZoneExec(regParseDomain($_POST['domain'])['suffix'], regParseRecord($_POST['domain'], [
formatAbsoluteDomain(formatEndWithDot($_POST['subdomain']) . $_POST['suffix']), 'type' => 'ip',
CONF['reg']['ttl'], 'domain' => formatAbsoluteDomain(formatEndWithDot($_POST['subdomain']) . $_POST['domain']),
checkIpFormat($_POST['ip']), ...$_POST,
$_POST['ip'] ]));
]);
output(200, _('Modification done.')); output(200, _('Modification done.'));

View file

@ -1,14 +1,12 @@
<?php <?php declare(strict_types=1);
regCheckDomainPossession($_POST['domain']); regCheckDomainPossession($_POST['domain']);
rateLimit(); rateLimit();
knotcZoneExec(regParseDomain($_POST['domain'])['suffix'], [ knotcZoneExec(regParseDomain($_POST['domain'])['suffix'], regParseRecord($_POST['domain'], [
$_POST['domain'], 'type' => 'NS',
CONF['reg']['ttl'], ...$_POST,
'NS', ]));
formatAbsoluteDomain($_POST['ns'])
]);
output(200, _('Modification done.')); output(200, _('Modification done.'));

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
regCheckDomainPossession($_POST['domain']); regCheckDomainPossession($_POST['domain']);

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
if (preg_match('/' . SUBDOMAIN_REGEX . '/D', $_POST['subdomain']) !== 1) if (preg_match('/' . SUBDOMAIN_REGEX . '/D', $_POST['subdomain']) !== 1)
output(403, _('This format of subdomain is not allowed.')); output(403, _('This format of subdomain is not allowed.'));
@ -53,7 +53,7 @@ if ($blocked OR $registration_data !== [])
if ($_POST['action'] !== 'register') if ($_POST['action'] !== 'register')
message($message . ' ✔️ ' . _('This domain is open to registration!')); message($message . ' ✔️ ' . _('This domain is open to registration!'));
function message($message) { function message(string $message): never {
output(200, data: [ output(200, data: [
'message' => '<p>' . $message . '</p>', 'message' => '<p>' . $message . '</p>',
'domain' => htmlspecialchars($_POST['subdomain']), 'domain' => htmlspecialchars($_POST['subdomain']),

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
if (preg_match('/' . SUBDOMAIN_REGEX . '/D', $_POST['subdomain']) !== 1) if (preg_match('/' . SUBDOMAIN_REGEX . '/D', $_POST['subdomain']) !== 1)
output(403, _('This format of subdomain is not allowed.')); output(403, _('This format of subdomain is not allowed.'));

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
regCheckDomainPossession($_POST['domain']); regCheckDomainPossession($_POST['domain']);

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<p> <p>
<?= _('This form allows to use an approval key to validate your account. Approval keys are distributed by an administrator upon request.') ?> <?= _('This form allows to use an approval key to validate your account. Approval keys are distributed by an administrator upon request.') ?>
</p> </p>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<?php displayIndex(); ?> <?php displayIndex(); ?>
<h2 id="type"><?= _('Account type') ?></h2> <h2 id="type"><?= _('Account type') ?></h2>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<p><?= _('New?') ?> <a href="register"><?= _('Create an account') ?></a></p> <p><?= _('New?') ?> <a href="register"><?= _('Create an account') ?></a></p>
<form method="post"> <form method="post">

View file

@ -1,3 +1,3 @@
<?php <?php declare(strict_types=1);
logout(); logout();

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<label for="current-password"><?= _('Current password') ?></label><br> <label for="current-password"><?= _('Current password') ?></label><br>
<input required="" autocomplete="current-password" minlength="8" maxlength="1024" pattern="<?= PASSWORD_REGEX ?>" id="current-password" name="current-password" type="password" placeholder="<?= PLACEHOLDER_PASSWORD ?>"><br> <input required="" autocomplete="current-password" minlength="8" maxlength="1024" pattern="<?= PASSWORD_REGEX ?>" id="current-password" name="current-password" type="password" placeholder="<?= PLACEHOLDER_PASSWORD ?>"><br>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<p><?= _('Already have an account?') ?> <a href="login"><?= _('Log in') ?></a></p> <p><?= _('Already have an account?') ?> <a href="login"><?= _('Log in') ?></a></p>
<?= (CONF['common']['services']['auth'] !== 'enabled') ? '<p><strong>' . _('Registrations are currently closed on this installation.') . '</strong></p>' : '' ?> <?= (CONF['common']['services']['auth'] !== 'enabled') ? '<p><strong>' . _('Registrations are currently closed on this installation.') . '</strong></p>' : '' ?>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<p> <p>
<?= _('This will delete every resource managed by the current account, including registered domains, hosted DNS records, websites files and cryptographic keys for Onion services and DNSSEC.') ?> <?= _('This will delete every resource managed by the current account, including registered domains, hosted DNS records, websites files and cryptographic keys for Onion services and DNSSEC.') ?>
</p> </p>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<label for="current-password"><?= _('Current password') ?></label><br> <label for="current-password"><?= _('Current password') ?></label><br>
<input required="" autocomplete="current-password" minlength="8" maxlength="1024" pattern="<?= PASSWORD_REGEX ?>" id="current-password" name="current-password" type="password" placeholder="<?= PLACEHOLDER_PASSWORD ?>"><br> <input required="" autocomplete="current-password" minlength="8" maxlength="1024" pattern="<?= PASSWORD_REGEX ?>" id="current-password" name="current-password" type="password" placeholder="<?= PLACEHOLDER_PASSWORD ?>"><br>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<p> <p>
<?= _('A Let\'s Encrypt certificate will be obtained.') ?> <?= _('A Let\'s Encrypt certificate will be obtained.') ?>
</p> </p>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<label for="dir"><?= _('Target directory') ?></label><br> <label for="dir"><?= _('Target directory') ?></label><br>
<select required="" name="dir" id="dir"> <select required="" name="dir" id="dir">

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<p> <p>
<?= sprintf(_('The subdomain can only contain %1$s, %2$s and %3$s, and must be between 4 and 63 characters. It can\'t have an hyphen (%3$s) in first, last or both third and fourth position.'), '<abbr title="abcdefghijklmnopqrstuvwxyz"><code>a</code>-<code>z</code></abbr>', '<abbr title="0123456789"><code>0</code>-<code>9</code></abbr>', '<code>-</code>') ?> <?= sprintf(_('The subdomain can only contain %1$s, %2$s and %3$s, and must be between 4 and 63 characters. It can\'t have an hyphen (%3$s) in first, last or both third and fourth position.'), '<abbr title="abcdefghijklmnopqrstuvwxyz"><code>a</code>-<code>z</code></abbr>', '<abbr title="0123456789"><code>0</code>-<code>9</code></abbr>', '<code>-</code>') ?>
</p> </p>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<p> <p>
<?= sprintf(_('The path can only contain %1$s, %2$s and %3$s, and must be between 4 and 63 characters.'), '<abbr title="abcdefghijklmnopqrstuvwxyz"><code>a</code>-<code>z</code></abbr>', '<abbr title="0123456789"><code>0</code>-<code>9</code></abbr>', '<code>-</code>') ?> <?= sprintf(_('The path can only contain %1$s, %2$s and %3$s, and must be between 4 and 63 characters.'), '<abbr title="abcdefghijklmnopqrstuvwxyz"><code>a</code>-<code>z</code></abbr>', '<abbr title="0123456789"><code>0</code>-<code>9</code></abbr>', '<code>-</code>') ?>
</p> </p>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<label for="site"><?= _('Access to delete') ?></label><br> <label for="site"><?= _('Access to delete') ?></label><br>
<select required="" name="site" id="site"> <select required="" name="site" id="site">
@ -10,7 +11,7 @@ foreach (query('select', 'sites', ['username' => $_SESSION['id'] ?? '']) as $sit
'onion' => 'http://' . $site['address'] . '/', 'onion' => 'http://' . $site['address'] . '/',
'dns' => 'https://' . $site['address'] . '/', 'dns' => 'https://' . $site['address'] . '/',
}; };
echo ' <option value="' . $site['type'] . ':' . $site['address'] . '">' . $url . ' vers /' . $site['site_dir'] . '</option>' . LF; echo ' <option value="' . $site['type'] . ':' . $site['address'] . '">' . ' ' . sprintf(_('%1$s to %2$s'), $url, '/' . $site['site_dir']) . '</option>' . LF;
} }
?> ?>
</select> </select>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<p> <p>
<?= _('This service allows you to send files on the server using SFTP, and to make them publicly available with HTTP.') ?> <?= _('This service allows you to send files on the server using SFTP, and to make them publicly available with HTTP.') ?>
</p> </p>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<p> <p>
<?= _('In addition to your password, you can also access your SFTP space using Ed25519 SSH keys. A key can be granted modification rights to the full space (<code>/</code>) or to any arbitrary subdirectory. A key is always allowed to list any directory content.') ?> <?= _('In addition to your password, you can also access your SFTP space using Ed25519 SSH keys. A key can be granted modification rights to the full space (<code>/</code>) or to any arbitrary subdirectory. A key is always allowed to list any directory content.') ?>
</p> </p>
@ -16,12 +17,12 @@ foreach (array_slice(array_merge(query('select', 'ssh-keys', ['username' => $_SE
<fieldset> <fieldset>
<legend><?= ($ssh_key['key'] === '') ? _('Add new SSH key access') : _('SSH key access') ?></legend> <legend><?= ($ssh_key['key'] === '') ? _('Add new SSH key access') : _('SSH key access') ?></legend>
<div> <div>
<label for="public-key"><?= _('Public key') ?></label><br> <label for="public-key<?= $i ?>"><?= _('Public key') ?></label><br>
<code>ssh-ed15519 <input pattern="<?= ED25519_PUBKEY_REGEX ?>" placeholder="AAAAC3NzaC1lZDI1NTE5AAAAI<?= substr(base64_encode(random_bytes(32)), 0, 43) ?>" id="public-key" name="keys[<?= $i ?>][public-key]" value="<?= $ssh_key['key'] ?>" type="text"></code> <code>ssh-ed15519 <input pattern="<?= ED25519_PUBKEY_REGEX ?>" placeholder="AAAAC3NzaC1lZDI1NTE5AAAAI<?= substr(base64_encode(random_bytes(32)), 0, 43) ?>" id="public-key<?= $i ?>" name="keys[<?= $i ?>][public-key]" value="<?= $ssh_key['key'] ?>" type="text"></code>
</div> </div>
<div> <div>
<label for="dir"><?= _('Allowed directory') ?></label><br> <label for="dir<?= $i ?>"><?= _('Allowed directory') ?></label><br>
<input list="dirs" placeholder="/" value="<?= htmlspecialchars($ssh_key['directory']) ?>" id="dir" name="keys[<?= $i ?>][dir]" type="text"> <input list="dirs" placeholder="/" value="<?= htmlspecialchars($ssh_key['directory']) ?>" id="dir<?= $i ?>" name="keys[<?= $i ?>][dir]" type="text">
</div> </div>
</fieldset> </fieldset>
<?php <?php

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<nav> <nav>
<p> <p>
<span aria-hidden="true">➡️ </span><em><a href="<?= CONF['common']['about_url'] ?>"><?= _('About this installation') ?></a></em> <span aria-hidden="true">➡️ </span><em><a href="<?= CONF['common']['about_url'] ?>"><?= _('About this installation') ?></a></em>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?> <?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?>
<label for="flag"><?= _('Flag') ?></label> <label for="flag"><?= _('Flag') ?></label>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?> <?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?>
<label for="cname"><?= _('Canonical name') ?></label> <label for="cname"><?= _('Canonical name') ?></label>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?> <?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?>
<label for="dname"><?= _('Delegation name') ?></label> <label for="dname"><?= _('Delegation name') ?></label>

View file

@ -1,11 +1,12 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<label for="zone"><?= _('Zone to be changed') ?></label> <label for="domain"><?= _('Zone to be changed') ?></label>
<br> <br>
<select required="" name="zone" id="zone"> <select required="" name="domain" id="domain">
<option value="" disabled="" selected="">-</option> <option value="" disabled="" selected="">-</option>
<?php <?php
foreach (nsListUserZones() as $zone) foreach (nsListUserZones() as $domain)
echo ' <option value="' . $zone . '">' . $zone . '</option>' . LF; echo ' <option value="' . $domain . '">' . $domain . '</option>' . LF;
?> ?>
</select> </select>
<br> <br>
@ -14,15 +15,15 @@ foreach (nsListUserZones() as $zone)
<?php <?php
if (isset($data['zone_content'])) { // Display zone if (isset($data['records'])) { // Display zone
?> ?>
<form method="post"> <form method="post">
<input type="hidden" name="zone" value="<?= $_POST['zone'] ?>"> <input type="hidden" name="domain" value="<?= $_POST['domain'] ?>">
<label for="zone-content"><?= sprintf(_('New content of the %s zone'), '<code><strong>' . $_POST['zone'] . '</strong></code>') ?></label> <label for="zone-content"><?= sprintf(_('Authoritative records for %s'), '<code><strong>' . $_POST['domain'] . '</strong></code>') ?></label>
<br> <br>
<textarea id="zone-content" name="zone-content" wrap="off" rows="<?= substr_count($data['zone_content'], LF) + 1 ?>"><?= htmlspecialchars($data['zone_content']) ?></textarea> <textarea id="records" name="records" wrap="off" rows="<?= substr_count($data['records'], LF) + 1 ?>"><?= htmlspecialchars($data['records']) ?></textarea>
<br> <br>
<input type="submit" value="<?= _('Replace') ?>"> <input type="submit" value="<?= _('Replace') ?>">
</form> </form>
@ -37,21 +38,21 @@ displayFinalMessage($data);
<h2><?= _('Default values') ?></h2> <h2><?= _('Default values') ?></h2>
<p><?= sprintf(_('If the TTL is omitted, it will default to %s seconds.'), '<code><time datetime="PT' . DEFAULT_TTL . 'S">' . DEFAULT_TTL . '</time></code>') ?></p> <p><?= sprintf(_('If the TTL is omitted, it will default to %s seconds.'), '<code><time datetime="PT' . NS_DEFAULT_TTL . 'S">' . NS_DEFAULT_TTL . '</time></code>') ?></p>
<p><?= _('Precising the class (<code>IN</code>) is optional.') ?></p> <p><?= _('Precising the class (<code>IN</code>) is optional.') ?></p>
<h2><?= _('Allowed values') ?></h2> <h2><?= _('Allowed values') ?></h2>
<p><?= sprintf(_('Submitted zone content is limited to %s characters.'), ZONE_MAX_CHARACTERS) ?></p> <p><?= sprintf(_('Submitted field content is limited to %s characters.'), NS_TEXTAREA_MAX_CHARACTERS) ?></p>
<p><?= sprintf(_('TTLs must last between %1$s and %2$s seconds.'), '<code><time datetime="PT' . MIN_TTL . 'S">' . MIN_TTL . '</time></code>', '<code><time datetime="PT' . MAX_TTL . 'S">' . MAX_TTL . '</time></code>') ?></p> <p><?= sprintf(_('TTLs must last between %1$s and %2$s seconds.'), '<code><time datetime="PT' . NS_MIN_TTL . 'S">' . NS_MIN_TTL . '</time></code>', '<code><time datetime="PT' . NS_MAX_TTL . 'S">' . NS_MAX_TTL . '</time></code>') ?></p>
<p><?= _('The only types that can be defined are:') ?></p> <p><?= _('The only types that can be defined here are:') ?></p>
<ul> <ul>
<?php <?php
foreach (ALLOWED_TYPES as $allowed_type) foreach (NS_ALLOWED_TYPES as $allowed_type)
echo ' <li><code>' . $allowed_type . '</code></li>'; echo ' <li><code>' . $allowed_type . '</code></li>';
?> ?>
</ul> </ul>

View file

@ -1,7 +1,8 @@
<?php declare(strict_types=1); ?>
<label for="action"><?= _('Action') ?></label> <label for="action"><?= _('Action') ?></label>
<select name="action" id="action"> <select name="action" id="action">
<option value="add"><?= _('Add') ?></option> <option value="add"<?= ($_POST['action'] ?? NULL) === 'add' ? ' selected=""' : '' ?>><?= _('Add') ?></option>
<option value="delete"><?= _('Delete') ?></option> <option value="delete"<?= ($_POST['action'] ?? NULL) === 'delete' ? ' selected=""' : '' ?>><?= _('Delete') ?></option>
</select> </select>
<fieldset> <fieldset>
@ -9,18 +10,19 @@
<div> <div>
<label for="subdomain"><?= _('Subdomain') ?></label> <label for="subdomain"><?= _('Subdomain') ?></label>
<br> <br>
<input id="subdomain" size="16" placeholder="www" pattern="^(([a-z0-9_-]{1,63}\.?){1,127})|(@){1}$" name="subdomain" type="text"> <input id="subdomain" size="16" placeholder="www" pattern="^(([a-z0-9_-]{1,63}\.?){1,127})|(@){1}$" name="subdomain" type="text" value="<?= htmlspecialchars($_POST['subdomain'] ?? '') ?>">
</div> </div>
<div> <div>
<label for="zone"><?= _('Zone') ?></label> <label for="zone"><?= _('Zone') ?></label>
<br> <br>
<select required="" name="zone" id="zone"> <select required="" name="zone" id="zone">
<option value="" disabled="" selected="">-</option>
<?php <?php
foreach (nsListUserZones() as $zone) $user_zones = nsListUserZones();
echo "<option value='" . $zone . "'>" . $zone . "</option>"; if (!in_array($_POST['zone'] ?? NULL, $user_zones, true))
echo ' <option value="" disabled="" selected="">—</option>' . LF;
foreach ($user_zones as $zone)
echo ' <option value="' . $zone . '"' . (($_POST['zone'] ?? NULL) === $zone ? ' selected=""' : '') . '>.' . $zone . '</option>' . LF;
?> ?>
</select> </select>
</div> </div>
</fieldset> </fieldset>
@ -30,7 +32,7 @@ foreach (nsListUserZones() as $zone)
<div> <div>
<label for="ttl-value"><?= _('Value') ?></label> <label for="ttl-value"><?= _('Value') ?></label>
<br> <br>
<input required="" id="ttl-value" list="ttls" name="ttl-value" size="6" type="number" min="1" max="432000" value="<?= DEFAULT_TTL ?>" placeholder="<?= DEFAULT_TTL ?>"> <input required="" id="ttl-value" list="ttls" name="ttl-value" size="6" type="number" min="1" max="432000" value="<?= $_POST['ttl-value'] ?? NS_DEFAULT_TTL ?>" placeholder="<?= NS_DEFAULT_TTL ?>">
<datalist id="ttls"> <datalist id="ttls">
<option value="900"> <option value="900">
<option value="1800"> <option value="1800">
@ -45,10 +47,10 @@ foreach (nsListUserZones() as $zone)
<label for="ttl-multiplier"><?= _('Unit') ?></label> <label for="ttl-multiplier"><?= _('Unit') ?></label>
<br> <br>
<select required="" name="ttl-multiplier" id="ttl-multiplier"> <select required="" name="ttl-multiplier" id="ttl-multiplier">
<option value="1"><?= _('second') ?></option> <option value="1"<?= ($_POST['ttl-multiplier'] ?? NULL) === '1' ? ' selected=""' : '' ?>><?= _('second') ?></option>
<option value="60"><?= _('minute') ?></option> <option value="60"<?= ($_POST['ttl-multiplier'] ?? NULL) === '60' ? ' selected=""' : '' ?>><?= _('minute') ?></option>
<option value="3600"><?= _('hour') ?></option> <option value="3600"<?= ($_POST['ttl-multiplier'] ?? NULL) === '3600' ? ' selected=""' : '' ?>><?= _('hour') ?></option>
<option value="86400"><?= _('day') ?></option> <option value="86400"<?= ($_POST['ttl-multiplier'] ?? NULL) === '86400' ? ' selected=""' : '' ?>><?= _('day') ?></option>
</select> </select>
</div> </div>
</fieldset> </fieldset>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<p> <p>
<?= _('This service allows to host and manage DNS records inside a DNS zone.') ?> <?= _('This service allows to host and manage DNS records inside a DNS zone.') ?>
</p> </p>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?> <?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?>
<label for="ip"><?= _('IP address') ?></label><br> <label for="ip"><?= _('IP address') ?></label><br>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?> <?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?>
<fieldset> <fieldset>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?> <?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?>
<label for="priority"><?= _('Priority') ?></label> <label for="priority"><?= _('Priority') ?></label>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?> <?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?>
<label for="ns"><?= _('Name server') ?></label> <label for="ns"><?= _('Name server') ?></label>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<input type="radio" name="print" id="table" value="table" checked=""> <input type="radio" name="print" id="table" value="table" checked="">
<label for="table"><?= _('Records table') ?></label> <label for="table"><?= _('Records table') ?></label>
@ -38,7 +39,7 @@ if (isset($data['zone-table'])) { ?>
foreach ($data['zone-table'] as $zone_line) { foreach ($data['zone-table'] as $zone_line) {
echo ' <tr>' . LF; echo ' <tr>' . LF;
foreach ($zone_line as $element) foreach ($zone_line as $element)
echo ' <td><code>' . $element . '</code></td>' . LF; echo ' <td><code>' . htmlspecialchars($element) . '</code></td>' . LF;
echo ' </tr>' . LF; echo ' </tr>' . LF;
} }
} }

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?> <?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?> <?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?>

39
pg-view/ns/sync.php Normal file
View file

@ -0,0 +1,39 @@
<?php declare(strict_types=1); ?>
<p>
<?= sprintf(_('AAAA, A and CAA records are regularly copied from the source domain to the target domain. Their TTLs are set to %s seconds.'), SYNC_TTL) ?>
</p>
<p>
<?= _('Source domains that are not signed with DNSSEC are not synchronized. Synchronizations that remain broken may be deleted.') ?>
</p>
<p>
<?= _('This is meant to be used for apex domains, where CNAME records are not allowed. For non-apex domains, CNAME records should be used instead.') ?>
</p>
<form method="post">
<?php
foreach (array_slice(array_merge(query('select', 'ns-syncs', ['username' => $_SESSION['id'] ?? '']), [['source' => '', 'destination' => '—']]), 0, 8) as $i => $sync) {
?>
<fieldset>
<legend><?= ($sync['source'] === '') ? _('Add new domain records to be synchronized') : _('Synchronized domain') ?></legend>
<div>
<label for="source<?= $i ?>"><?= _('Source domain') ?></label><br>
<input placeholder="provider.<?= PLACEHOLDER_DOMAIN ?>." id="source<?= $i ?>" name="syncs[<?= $i ?>][source]" value="<?= $sync['source'] ?>" type="text">
</div>
<div>
<label for="destination<?= $i ?>"><?= _('Target domain') ?></label>
<br>
<select required="" name="syncs[<?= $i ?>][destination]" id="destination<?= $i ?>">
<option <?= (($sync['destination'] === '') ? 'value="" disabled=""' : 'value="' . $sync['destination'] . '"') ?> selected=""><?= $sync['destination'] ?></option>
<?php
foreach (array_diff(nsListUserZones(), query('select', 'ns-syncs', ['username' => $_SESSION['id'] ?? ''], 'destination')) as $zone)
echo "<option value='" . $zone . "'>" . $zone . "</option>";
?>
</select>
</div>
</fieldset>
<?php
}
?>
<input type="submit" value="<?= _('Update') ?>">
</form>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?> <?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?> <?php require ROOT_PATH . '/pg-view/ns/form.ns.php'; ?>
<label for="txt"><?= _('Text') ?></label> <label for="txt"><?= _('Text') ?></label>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<p> <p>
<?= sprintf(_('To prove that you own this domain, it must have a NS record equal to %s when the form is being processed.'), '<code>' . getAuthToken() . '._domain-verification.' . SERVER_NAME . '.</code>') ?> <?= sprintf(_('To prove that you own this domain, it must have a NS record equal to %s when the form is being processed.'), '<code>' . getAuthToken() . '._domain-verification.' . SERVER_NAME . '.</code>') ?>
</p> </p>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<label for="zone"><?= _('Zone') ?></label> <label for="zone"><?= _('Zone') ?></label>
<select required="" name="zone" id="zone"> <select required="" name="zone" id="zone">

View file

@ -1,19 +1,8 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<label for="action"><?= _('Action') ?></label> <?php require ROOT_PATH . '/pg-view/reg/select-action.inc.php'; ?>
<select name="action" id="action">
<option value="add"><?= _('Add') ?></option>
<option value="delete"><?= _('Delete') ?></option>
</select>
<br> <br>
<label for="zone"><?= _('Domain') ?></label> <?php require ROOT_PATH . '/pg-view/reg/select-domain.inc.php'; ?>
<br>
<select required="" name="zone" id="zone">
<option value="" disabled="" selected=""></option>
<?php
foreach (regListUserDomains() as $domain)
echo ' <option value="' . $domain . '">' . $domain . '</option>' . LF;
?>
</select>
<br> <br>
<label for="keytag"><?= _('Key tag') ?></label> <label for="keytag"><?= _('Key tag') ?></label>
<br> <br>

54
pg-view/reg/edit.php Normal file
View file

@ -0,0 +1,54 @@
<?php declare(strict_types=1); ?>
<form method="post">
<label for="domain"><?= _('Domain to be changed') ?></label>
<br>
<select required="" name="domain" id="domain">
<option value="" disabled="" selected="">-</option>
<?php
foreach (regListUserDomains() as $domain)
echo ' <option value="' . $domain . '">' . $domain . '</option>' . LF;
?>
</select>
<br>
<input type="submit" value="<?= _('Display') ?>">
</form>
<?php
if (isset($data['records'])) { // Display zone
?>
<form method="post">
<input type="hidden" name="domain" value="<?= $_POST['domain'] ?>">
<label for="records"><?= sprintf(_('Delegation records for %s'), '<code><strong>' . $_POST['domain'] . '</strong></code>') ?></label>
<br>
<textarea id="records" name="records" wrap="off" rows="<?= substr_count($data['records'], LF) + 1 ?>"><?= htmlspecialchars($data['records']) ?></textarea>
<br>
<input type="submit" value="<?= _('Replace') ?>">
</form>
<?php
}
displayFinalMessage($data);
?>
<h2><?= _('Input values') ?></h2>
<p><?= _('Precising the class (<code>IN</code>) is optional.') ?></p>
<p><?= sprintf(_('Submitted field content is limited to %s characters.'), REG_TEXTAREA_MAX_CHARACTERS) ?></p>
<p><?= sprintf(_('TTL values are ignored and always set to %s seconds.'), '<code><time datetime="PT' . CONF['reg']['ttl'] . 'S">' . CONF['reg']['ttl'] . '</time></code>') ?></p>
<p><?= _('The only types that can be defined here are:') ?></p>
<ul>
<?php
foreach (REG_ALLOWED_TYPES as $allowed_type)
echo ' <li><code>' . $allowed_type . '</code></li>';
?>
</ul>

View file

@ -1,9 +1,6 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<label for="action"><?= _('Action') ?></label> <?php require ROOT_PATH . '/pg-view/reg/select-action.inc.php'; ?>
<select name="action" id="action">
<option value="add"><?= _('Add') ?></option>
<option value="delete"><?= _('Delete') ?></option>
</select>
<fieldset> <fieldset>
<legend><?= _('Domain') ?></legend> <legend><?= _('Domain') ?></legend>
<div> <div>
@ -12,15 +9,7 @@
<input required="" id="subdomain" placeholder="ns1" name="subdomain" type="text"> <input required="" id="subdomain" placeholder="ns1" name="subdomain" type="text">
</div> </div>
<div> <div>
<label for="suffix"><?= _('Domain') ?></label> <?php require ROOT_PATH . '/pg-view/reg/select-domain.inc.php'; ?>
<br>
<select required="" name="suffix" id="suffix">
<option value="" disabled="" selected=""></option>
<?php
foreach (regListUserDomains() as $suffix)
echo ' <option value="' . $suffix . '">' . $suffix . '</option>' . LF;
?>
</select>
</div> </div>
</fieldset> </fieldset>
<label for="ip"><?= _('IP address') ?></label><br> <label for="ip"><?= _('IP address') ?></label><br>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<p> <p>
<?= sprintf(_('This domain name registry allows to register domains ending with <code>%1$s</code>, for instance <code><em>domain</em>%1$s</code>.'), '.' . key(CONF['reg']['suffixes'])) ?> <?= sprintf(_('This domain name registry allows to register domains ending with <code>%1$s</code>, for instance <code><em>domain</em>%1$s</code>.'), '.' . key(CONF['reg']['suffixes'])) ?>
</p> </p>
@ -30,7 +31,9 @@ else {
<?php <?php
foreach (CONF['reg']['suffixes'] as $suffix => $condition) foreach (CONF['reg']['suffixes'] as $suffix => $condition)
if ($condition === 'all') if ($condition === 'all')
echo '<li><code>' . $suffix . ' </code></li>'; echo '<li><code>' . $suffix . ' </code></li>' . LF;
if (!in_array('all', CONF['reg']['suffixes'], true))
echo '<li>∅</li>' . LF;
?> ?>
</ul> </ul>
</dd> </dd>
@ -41,7 +44,9 @@ foreach (CONF['reg']['suffixes'] as $suffix => $condition)
<?php <?php
foreach (CONF['reg']['suffixes'] as $suffix => $condition) foreach (CONF['reg']['suffixes'] as $suffix => $condition)
if ($condition === 'approved') if ($condition === 'approved')
echo '<li><code>' . $suffix . ' </code></li>'; echo '<li><code>' . $suffix . ' </code></li>' . LF;
if (!in_array('approved', CONF['reg']['suffixes'], true))
echo '<li>∅</li>' . LF;
?> ?>
</ul> </ul>
</dd> </dd>
@ -52,9 +57,23 @@ foreach (CONF['reg']['suffixes'] as $suffix => $condition)
<?php <?php
foreach (CONF['reg']['suffixes'] as $suffix => $condition) foreach (CONF['reg']['suffixes'] as $suffix => $condition)
if ($condition === 'none') if ($condition === 'none')
echo '<li><code>' . $suffix . ' </code></li>'; echo '<li><code>' . $suffix . ' </code></li>' . LF;
if (!in_array('none', CONF['reg']['suffixes'], true))
echo '<li>∅</li>' . LF;
?> ?>
</ul> </ul>
</dd> </dd>
</dl> </dl>
</section> </section>
<section>
<h2><?= _('Automatic updates from child zone') ?></h2>
<h3><?= _('CSYNC records') ?></h3>
<p>
<?= _('The registry can synchronize NS records from the child zone if a CSYNC record is present at the apex of the child zone, has flags <code>1</code> and type bit map <code>NS</code>, and can be DNSSEC-validated. Others values are not supported.') ?>
</p>
<h3><?= _('DNSSEC and DS records') ?></h3>
<p>
<?= _('Once DNSSEC has been manually enabled through the current interface, the delegated zone can publish a CDS record in order to update the DS record in the registry. A single CDS record with value <code>0 0 0 0</code> tells the registry to disable DNSSEC. Using a CDS record to enable DNSSEC is not supported.') ?>
</p>
</section>

View file

@ -1,19 +1,8 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<label for="action"><?= _('Action') ?></label> <?php require ROOT_PATH . '/pg-view/reg/select-action.inc.php'; ?>
<select name="action" id="action">
<option value="add"><?= _('Add') ?></option>
<option value="delete"><?= _('Delete') ?></option>
</select>
<br> <br>
<label for="domain"><?= _('Domain') ?></label> <?php require ROOT_PATH . '/pg-view/reg/select-domain.inc.php'; ?>
<br>
<select required="" name="domain" id="domain">
<option value="" disabled="" selected=""></option>
<?php
foreach (regListUserDomains() as $domain)
echo ' <option value="' . $domain . '">' . $domain . '</option>' . LF;
?>
</select>
<br> <br>
<label for="ns"><?= _('Name server') ?></label> <label for="ns"><?= _('Name server') ?></label>
<br> <br>

View file

@ -1,12 +1,6 @@
<?php declare(strict_types=1); ?>
<form method="post"> <form method="post">
<label for="domain"><?= _('Domain') ?></label> <?php require ROOT_PATH . '/pg-view/reg/select-domain.inc.php'; ?>
<select required="" name="domain" id="domain">
<option value="" disabled="" selected="">-</option>
<?php
foreach (regListUserDomains() as $domain)
echo ' <option value="' . $domain . '">' . $domain . '</option>' . LF;
?>
</select>
<br> <br>
<input type="submit" value="<?= _('Display') ?>"> <input type="submit" value="<?= _('Display') ?>">
</form> </form>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<p> <p>
<?= _('Register a new domain on your account.') ?> <?= _('Register a new domain on your account.') ?>
</p> </p>

View file

@ -0,0 +1,6 @@
<?php declare(strict_types=1); ?>
<label for="action"><?= _('Action') ?></label>
<select name="action" id="action">
<option value="add"<?= ($_POST['action'] ?? NULL) === 'add' ? ' selected=""' : '' ?>><?= _('Add') ?></option>
<option value="delete"<?= ($_POST['action'] ?? NULL) === 'delete' ? ' selected=""' : '' ?>><?= _('Delete') ?></option>
</select>

View file

@ -0,0 +1,12 @@
<?php declare(strict_types=1); ?>
<label for="domain"><?= _('Domain') ?></label>
<br>
<select required="" name="domain" id="domain">
<?php
$user_domains = regListUserDomains();
if (!in_array($_POST['domain'] ?? NULL, $user_domains, true))
echo ' <option value="" disabled="" selected="">—</option>' . LF;
foreach ($user_domains as $domain)
echo ' <option value="' . $domain . '"' . (($_POST['domain'] ?? NULL === $domain) ? ' selected=""' : '') . '>' . $domain . '</option>' . LF;
?>
</select>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<p> <p>
<?= sprintf(_('To prove that you are allowed to receive the domain by its current owner, the domain must have an NS record equal to %s when the form is being processed. The NS record will be automatically deleted once validated.'), '<code>' . getAuthToken() . '._transfer-verification.' . SERVER_NAME . '.</code>') ?> <?= sprintf(_('To prove that you are allowed to receive the domain by its current owner, the domain must have an NS record equal to %s when the form is being processed. The NS record will be automatically deleted once validated.'), '<code>' . getAuthToken() . '._transfer-verification.' . SERVER_NAME . '.</code>') ?>
</p> </p>

View file

@ -1,3 +1,4 @@
<?php declare(strict_types=1); ?>
<p> <p>
<?= _('This will unregister the domain, making it registerable by anyone again (after a delay of 1 year plus half the registration period, with a maximum of 8 years).') ?> <?= _('This will unregister the domain, making it registerable by anyone again (after a delay of 1 year plus half the registration period, with a maximum of 8 years).') ?>
</p> </p>

View file

@ -1,4 +1,4 @@
<?php <?php declare(strict_types=1);
require 'init.php'; require 'init.php';
$pageAddress = substr($_SERVER['REQUEST_URI'], strlen(CONF['common']['prefix']) + 1); $pageAddress = substr($_SERVER['REQUEST_URI'], strlen(CONF['common']['prefix']) + 1);
@ -11,7 +11,7 @@ define('PAGE_ADDRESS', $pageAddress . ((substr($pageAddress, -1) === '/' OR $pag
define('PAGE_LINEAGE', explode('/', PAGE_ADDRESS)); define('PAGE_LINEAGE', explode('/', PAGE_ADDRESS));
define('SERVICE', dirname(PAGE_ADDRESS)); define('SERVICE', dirname(PAGE_ADDRESS));
function getPageInformations($pages, $pageElements) { function getPageInformations(array $pages, array $pageElements): array {
if (!isset($pages['index']) OR $pageElements[0] === 'index') if (!isset($pages['index']) OR $pageElements[0] === 'index')
return [ return [
'titles_lineage' => [$pages[$pageElements[0]]['title'] ?? false], 'titles_lineage' => [$pages[$pageElements[0]]['title'] ?? false],
@ -44,7 +44,7 @@ if (in_array($_SERVER['SERVER_NAME'], CONF['common']['public_domains'], true) !=
define('SERVER_NAME', $_SERVER['SERVER_NAME']); define('SERVER_NAME', $_SERVER['SERVER_NAME']);
const SESSION_COOKIE_NAME = 'servnest-session-key'; const SESSION_COOKIE_NAME = 'servnest-session-key';
function startSession() { function startSession(): void {
session_start([ session_start([
'name' => SESSION_COOKIE_NAME, 'name' => SESSION_COOKIE_NAME,
'sid_length' => 64, 'sid_length' => 64,
@ -94,7 +94,7 @@ if (isset($_SESSION['id'])) {
} }
} }
function displayFinalMessage($data) { function displayFinalMessage(?array $data): void {
if (isset($data['final_message'])) { if (isset($data['final_message'])) {
echo $data['final_message']; echo $data['final_message'];
unset($data['final_message']); unset($data['final_message']);
@ -118,7 +118,7 @@ if ($_POST !== []) {
require ROOT_PATH . '/pg-act/' . PAGE_ADDRESS . '.php'; require ROOT_PATH . '/pg-act/' . PAGE_ADDRESS . '.php';
} }
function displayPage($data) { function displayPage(?array $data): never {
require ROOT_PATH . '/view.php'; require ROOT_PATH . '/view.php';
exit(); exit();
} }

Some files were not shown because too many files have changed in this diff Show more