servnest/fn/ht.php
2023-07-17 21:15:18 +02:00

164 lines
4.4 KiB
PHP

<?php declare(strict_types=1);
const SUBPATH_REGEX = '^[a-z0-9-]{4,63}$';
const ED25519_PUBKEY_REGEX = '^[a-zA-Z0-9/+]{68}$';
function htSetupUserFs(string $id): void {
// Setup SFTP directory
if (mkdir(CONF['ht']['ht_path'] . '/fs/' . $id, 0000) !== true)
output(500, 'Can\'t create user directory.');
if (chmod(CONF['ht']['ht_path'] . '/fs/' . $id, 0775) !== true)
output(500, 'Can\'t chmod user directory.');
exescape([
CONF['ht']['sudo_path'],
'--',
CONF['ht']['chgrp_path'],
'--no-dereference',
'--',
CONF['ht']['sftpgo_group'],
CONF['ht']['ht_path'] . '/fs/' . $id,
], result_code: $code);
if ($code !== 0)
output(500, 'Can\'t change user directory group.');
// Setup Tor config directory
if (mkdir(CONF['ht']['tor_config_path'] . '/' . $id, 0000) !== true)
output(500, 'Can\'t create Tor config directory.');
if (chmod(CONF['ht']['tor_config_path'] . '/' . $id, 0775) !== true)
output(500, 'Can\'t chmod Tor config directory.');
// Setup Tor keys directory
exescape([
CONF['ht']['sudo_path'],
'-u',
CONF['ht']['tor_user'],
'--',
CONF['ht']['mkdir_path'],
'--mode=0700',
'--',
CONF['ht']['tor_keys_path'] . '/' . $id,
], result_code: $code);
if ($code !== 0)
output(500, 'Can\'t create Tor keys directory.');
}
function checkDomainFormat(string $domain): void {
// If the domain must end without a dot
if (!filter_var($domain, FILTER_VALIDATE_DOMAIN) OR !preg_match('/^(?=^.{1,254}$)([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$/D', $domain))
output(403, _('Domain malformed.'));
}
function formatDomain(string $domain): string {
$domain = rtrim(strtolower($domain), '.');
checkDomainFormat($domain);
return $domain;
}
function listFsDirs(string $username): array {
if ($username === '')
return [];
$absoluteDirs = glob(CONF['ht']['ht_path'] . '/fs/' . $username . '/*/', GLOB_ONLYDIR);
$dirs = [];
foreach ($absoluteDirs as $absoluteDir)
if (preg_match('/^[a-zA-Z0-9_-]{1,64}$/D', basename($absoluteDir)))
array_push($dirs, basename($absoluteDir));
return $dirs;
}
function addSite(string $username, string $siteDir, string $address, string $type): void {
insert('sites', [
'username' => $username,
'site_dir' => $siteDir,
'address' => $address,
'type' => $type,
'creation_date' => date('Y-m-d H:i:s'),
]);
}
function dirsStatuses(string $type): array {
if (isset($_SESSION['id']) !== true)
return [];
$dbDirs = query('select', 'sites', [
'username' => $_SESSION['id'],
'type' => $type,
], 'site_dir');
$dirs = [];
foreach (listFsDirs($_SESSION['id']) as $fsDir)
$dirs[$fsDir] = in_array($fsDir, $dbDirs);
return $dirs;
}
function htRelativeSymlink(string $target, string $name): void {
chdir(pathinfo($name)['dirname']);
$symlink = symlink($target, pathinfo($name)['basename']);
chdir(ROOT_PATH);
if ($symlink !== true)
output(500, 'Unable to create symlink.');
}
function htDeleteSite(string $address, string $type, string $user_id): void {
if ($type === 'onion') {
$dir = query('select', 'sites', [
'username' => $user_id,
'address' => $address,
'type' => $type,
], 'site_dir')[0];
// Delete Tor config
if (unlink(CONF['ht']['tor_config_path'] . '/' . $user_id . '/' . $dir) !== true)
output(500, 'Failed to delete Tor configuration.');
// Reload Tor
exescape([
CONF['ht']['sudo_path'],
'--',
...explode(' ', CONF['ht']['tor_reload_cmd']),
], result_code: $code);
if ($code !== 0)
output(500, 'Failed to reload Tor.');
// Delete Tor keys
exescape([
CONF['ht']['sudo_path'],
'-u',
CONF['ht']['tor_user'],
'--',
CONF['ht']['rm_path'],
'-r',
'--',
CONF['ht']['tor_keys_path'] . '/' . $user_id . '/' . $dir,
], result_code: $code);
if ($code !== 0)
output(500, 'Failed to delete Tor keys.');
}
if ($type === 'dns') {
// Delete Let's Encrypt certificate
exescape([
CONF['ht']['sudo_path'],
CONF['ht']['certbot_path'],
'delete',
'--quiet',
'--cert-name',
$address,
], result_code: $code);
if ($code !== 0)
output(500, 'Certbot failed to delete the Let\'s Encrypt certificate.');
}
$link = CONF['ht']['ht_path'] . '/uri/' . match ($type) {
'onion', 'dns' => $address,
'subdomain' => $address . '.' . CONF['ht']['subdomain_domain'],
'subpath' => CONF['ht']['subpath_domain'] . '/' . $address,
};
if (unlink($link) !== true)
output(500, 'Unable to delete symlink.');
query('delete', 'sites', [
'username' => $user_id,
'type' => $type,
'address' => $address,
]);
}