1: | <?php |
2: | declare(strict_types=1); |
3: | |
4: | |
5: | |
6: | |
7: | |
8: | |
9: | |
10: | |
11: | |
12: | |
13: | |
14: | |
15: | |
16: | use Daphnie\Collector; |
17: | use Daphnie\Metrics\Apache as ApacheMetrics; |
18: | use Module\Skeleton\Contracts\Hookable; |
19: | use Module\Skeleton\Contracts\Reactive; |
20: | use Module\Skeleton\Contracts\Tasking; |
21: | use Module\Support\Webapps\App\UIPanel; |
22: | use Module\Support\Webapps\MetaManager; |
23: | use Opcenter\Filesystem; |
24: | use Opcenter\Http\Apache; |
25: | use Opcenter\Http\Apache\Map; |
26: | use Opcenter\Http\Apache\Maps\HSTS\Mode as HSTSMode; |
27: | use Opcenter\Http\Apache\Maps\Tls as TlsMap; |
28: | use Opcenter\Provisioning\ConfigurationWriter; |
29: | |
30: | |
31: | |
32: | |
33: | |
34: | |
35: | class Web_Module extends Module_Skeleton implements Hookable, Reactive, Tasking |
36: | { |
37: | const DEPENDENCY_MAP = [ |
38: | 'ipinfo', |
39: | 'ipinfo6', |
40: | 'siteinfo', |
41: | 'dns', |
42: | |
43: | 'cgroup' |
44: | ]; |
45: | |
46: | |
47: | const MAIN_DOC_ROOT = '/var/www/html'; |
48: | const WEB_USERNAME = APACHE_USER; |
49: | const WEB_GROUPID = APACHE_GID; |
50: | const PROTOCOL_MAP = '/etc/httpd/conf/http10'; |
51: | const SUBDOMAIN_ROOT = '/var/subdomain'; |
52: | |
53: | protected $pathCache = []; |
54: | protected $service_cache; |
55: | protected $exportedFunctions = [ |
56: | '*' => PRIVILEGE_SITE, |
57: | 'add_subdomain_raw' => PRIVILEGE_SITE | PRIVILEGE_SERVER_EXEC, |
58: | 'host_html_dir' => PRIVILEGE_SITE | PRIVILEGE_USER, |
59: | 'reload' => PRIVILEGE_SITE | PRIVILEGE_ADMIN, |
60: | 'status' => PRIVILEGE_ADMIN, |
61: | 'get_sys_user' => PRIVILEGE_ALL, |
62: | 'capture' => PRIVILEGE_SERVER_EXEC | PRIVILEGE_SITE, |
63: | 'inventory_capture' => PRIVILEGE_ADMIN |
64: | ]; |
65: | protected $hostCache = []; |
66: | |
67: | public const ERR_UNKNOWN_DOMAIN = [':web_domain_unknown', 'Unknown domain `%s\'']; |
68: | |
69: | |
70: | |
71: | |
72: | |
73: | public function __construct() |
74: | { |
75: | parent::__construct(); |
76: | |
77: | if (!DAV_APACHE) { |
78: | $this->exportedFunctions += [ |
79: | 'bind_dav' => PRIVILEGE_NONE, |
80: | 'unbind_dav' => PRIVILEGE_NONE, |
81: | 'list_dav_locations' => PRIVILEGE_NONE, |
82: | ]; |
83: | } |
84: | |
85: | } |
86: | |
87: | public function __wakeup() |
88: | { |
89: | $this->pathCache = []; |
90: | } |
91: | |
92: | |
93: | |
94: | |
95: | |
96: | |
97: | |
98: | |
99: | |
100: | |
101: | public function user_service_enabled(string $user, string $svc): bool |
102: | { |
103: | if (!IS_CLI) { |
104: | return $this->query('web_user_service_enabled', |
105: | array($user, $svc)); |
106: | } |
107: | if ($svc != 'cgi' && $svc != 'subdomain') { |
108: | return error('Invalid service name `%s\'', $svc); |
109: | } |
110: | |
111: | return true; |
112: | } |
113: | |
114: | |
115: | |
116: | |
117: | |
118: | |
119: | public function validate_subdomains(): array |
120: | { |
121: | $prefix = $this->domain_fs_path(); |
122: | $invalid = array(); |
123: | foreach (glob($prefix . self::SUBDOMAIN_ROOT . '/*/') as $entry) { |
124: | $subdomain = basename($entry); |
125: | if ((is_link($entry . '/html') || is_dir($entry . '/html')) && file_exists($entry . '/html')) { |
126: | continue; |
127: | } |
128: | warn("inaccessible subdomain `%s' detected", $subdomain); |
129: | $file = Opcenter\Filesystem::rel2abs($entry . '/html', |
130: | readlink($entry . '/html')); |
131: | $invalid[$subdomain] = substr($file, strlen($prefix)); |
132: | } |
133: | |
134: | return $invalid; |
135: | } |
136: | |
137: | |
138: | |
139: | |
140: | |
141: | |
142: | |
143: | public function is_subdomain(string $hostname): bool |
144: | { |
145: | if (false !== strpos($hostname, '.') && !preg_match(Regex::SUBDOMAIN, $hostname)) { |
146: | return false; |
147: | } |
148: | |
149: | return is_dir($this->domain_fs_path(self::SUBDOMAIN_ROOT . "/$hostname")); |
150: | } |
151: | |
152: | public function subdomain_accessible($subdomain) |
153: | { |
154: | if ($subdomain[0] == '*') { |
155: | $subdomain = substr($subdomain, 2); |
156: | } |
157: | |
158: | return file_exists($this->domain_fs_path(self::SUBDOMAIN_ROOT . "/$subdomain/html")) && |
159: | is_executable($this->domain_fs_path(self::SUBDOMAIN_ROOT . "/$subdomain/html")); |
160: | } |
161: | |
162: | |
163: | |
164: | |
165: | |
166: | |
167: | |
168: | |
169: | |
170: | |
171: | public function get_user(string $hostname, string $path = ''): string |
172: | { |
173: | |
174: | |
175: | if ($hostname[0] === '/' && $path) { |
176: | warn('$path variable should be omitted when specifying docroot'); |
177: | } |
178: | return $this->getServiceValue('apache', 'webuser', static::WEB_USERNAME); |
179: | } |
180: | |
181: | |
182: | |
183: | |
184: | |
185: | |
186: | |
187: | |
188: | |
189: | public function get_sys_user(): string |
190: | { |
191: | return static::WEB_USERNAME; |
192: | } |
193: | |
194: | |
195: | |
196: | |
197: | |
198: | |
199: | |
200: | |
201: | |
202: | |
203: | |
204: | public function normalize_path(string $hostname, string $path = ''): ?string |
205: | { |
206: | if (!IS_CLI && isset($this->pathCache[$hostname][$path])) { |
207: | return $this->pathCache[$hostname][$path]; |
208: | } |
209: | $prefix = $this->domain_fs_path(); |
210: | if (false === ($docroot = $this->get_docroot($hostname, $path))) { |
211: | return null; |
212: | } |
213: | |
214: | $checkpath = $prefix . DIRECTORY_SEPARATOR . $docroot; |
215: | clearstatcache(true, $checkpath); |
216: | if (\Util_PHP::is_link($checkpath)) { |
217: | |
218: | |
219: | if (false === ($checkpath = realpath($checkpath))) { |
220: | return $docroot; |
221: | } |
222: | if (0 !== strpos($checkpath, $prefix)) { |
223: | error("docroot for `%s/%s' exceeds site root", $hostname, $path); |
224: | |
225: | return null; |
226: | } |
227: | $docroot = substr($checkpath, strlen($prefix)); |
228: | } |
229: | if (!file_exists($checkpath)) { |
230: | $subpath = dirname($checkpath); |
231: | if (!file_exists($subpath)) { |
232: | error("invalid domain `%s', docroot `%s' does not exist", $hostname, $docroot); |
233: | |
234: | return null; |
235: | } |
236: | } |
237: | if (!isset($this->pathCache[$hostname])) { |
238: | $this->pathCache[$hostname] = []; |
239: | } |
240: | |
241: | $this->pathCache[$hostname][$path] = $docroot; |
242: | |
243: | return $docroot ?: null; |
244: | } |
245: | |
246: | |
247: | |
248: | |
249: | |
250: | |
251: | |
252: | |
253: | public function get_docroot(string $hostname, string $path = '') |
254: | { |
255: | $domains = $this->list_domains(); |
256: | $path = ltrim($path, '/'); |
257: | if (isset($domains[$hostname])) { |
258: | return rtrim($domains[$hostname] . '/' . $path, '/'); |
259: | } |
260: | |
261: | $domains = $this->list_subdomains(); |
262: | if (array_key_exists($hostname, $domains)) { |
263: | |
264: | if (null !== $domains[$hostname]) { |
265: | return rtrim($domains[$hostname] . '/' . $path, '/'); |
266: | } |
267: | $info = $this->subdomain_info($hostname); |
268: | |
269: | return rtrim($info['path'] . '/' . $path, '/'); |
270: | } |
271: | |
272: | if (0 === strncmp($hostname, "www.", 4)) { |
273: | $tmp = substr($hostname, 4); |
274: | |
275: | return $this->get_docroot($tmp, $path); |
276: | } |
277: | if (false !== strpos($hostname, '.')) { |
278: | $host = $this->split_host($hostname); |
279: | if (!empty($host['subdomain']) && $this->subdomain_exists($host['subdomain'])) { |
280: | return $this->get_docroot($host['subdomain'], $path); |
281: | } |
282: | |
283: | } |
284: | |
285: | return error(self::ERR_UNKNOWN_DOMAIN, $hostname); |
286: | } |
287: | |
288: | |
289: | |
290: | |
291: | |
292: | |
293: | |
294: | |
295: | public function import_subdomains_from_domain(string $target, string $src): bool |
296: | { |
297: | $domains = $this->web_list_domains(); |
298: | foreach ([$target, $src] as $chk) { |
299: | if (!isset($domains[$chk])) { |
300: | return error(self::ERR_UNKNOWN_DOMAIN, $chk); |
301: | } |
302: | } |
303: | if ($target === $src) { |
304: | return error('Cannot import - target is same as source'); |
305: | } |
306: | foreach ($this->list_subdomains('local', $target) as $subdomain => $path) { |
307: | $this->remove_subdomain($subdomain); |
308: | } |
309: | foreach ($this->list_subdomains('local', $src) as $subdomain => $path) { |
310: | if ($src !== substr($subdomain, -\strlen($src))) { |
311: | warn("Subdomain attached to `%s' does not match target domain `%s'??? Skipping", $subdomain, $target); |
312: | continue; |
313: | } |
314: | $subdomain = substr($subdomain, 0, -\strlen($src)) . $target; |
315: | $this->add_subdomain($subdomain, $path); |
316: | } |
317: | |
318: | return true; |
319: | } |
320: | |
321: | |
322: | |
323: | |
324: | |
325: | |
326: | |
327: | |
328: | |
329: | |
330: | public function list_subdomains(string $filter = '', $domains = array()) |
331: | { |
332: | if ($filter && $filter != 'local' && $filter != 'global' && $filter != 'path') { |
333: | return error("invalid filter mode `%s'", $filter); |
334: | } |
335: | $subdomains = array(); |
336: | if ($filter == 'path') { |
337: | $re = $domains; |
338: | if ($re && $re[0] !== $re[-1]) { |
339: | $re = '!' . preg_quote($re, '!') . '!'; |
340: | } |
341: | } else { |
342: | $re = null; |
343: | } |
344: | if ($domains && !is_array($domains)) { |
345: | $domains = array($domains); |
346: | } |
347: | foreach (glob($this->domain_fs_path() . self::SUBDOMAIN_ROOT . '/*', GLOB_NOSORT) as $entry) { |
348: | $subdomain = basename($entry); |
349: | $path = ''; |
350: | if (is_link($entry . '/html') || is_dir($entry . '/html') ) { |
351: | if (!is_link($entry . '/html')) { |
352: | warn(':subdomain_is_dir', "subdomain `%s' doc root is directory", $subdomain); |
353: | $path = Opcenter\Http\Apache::makeSubdomainPath($subdomain); |
354: | } else { |
355: | $path = (string)substr(Opcenter\Filesystem::rel2abs($entry . '/html', |
356: | readlink($entry . '/html')), |
357: | strlen($this->domain_fs_path())); |
358: | } |
359: | } |
360: | if ($filter && ($filter == 'local' && !strpos($subdomain, '.') || |
361: | $filter == 'global' && strpos($subdomain, '.')) |
362: | ) { |
363: | continue; |
364: | } |
365: | if ($filter == 'path' && !preg_match($re, $path)) { |
366: | continue; |
367: | } |
368: | |
369: | if ($filter !== 'path' && strpos($subdomain, '.') && $domains) { |
370: | $skip = 0; |
371: | foreach ($domains as $domain) { |
372: | $lendomain = strlen($domain); |
373: | if (substr($subdomain, -$lendomain) != $domain) { |
374: | $skip = 1; |
375: | break; |
376: | } |
377: | } |
378: | if ($skip) { |
379: | continue; |
380: | } |
381: | } |
382: | |
383: | $subdomains[$subdomain] = $path; |
384: | } |
385: | |
386: | asort($subdomains, SORT_LOCALE_STRING); |
387: | |
388: | return $subdomains; |
389: | } |
390: | |
391: | |
392: | |
393: | |
394: | |
395: | |
396: | |
397: | |
398: | |
399: | |
400: | |
401: | |
402: | |
403: | public function subdomain_info(string $subdomain): array |
404: | { |
405: | if ($subdomain[0] == '*') { |
406: | $subdomain = substr($subdomain, 2); |
407: | } |
408: | |
409: | if (!$subdomain) { |
410: | return error('no subdomain provided'); |
411: | } |
412: | if (!$this->subdomain_exists($subdomain)) { |
413: | return error($subdomain . ': subdomain does not exist'); |
414: | } |
415: | |
416: | $info = array( |
417: | 'path' => null, |
418: | 'active' => false, |
419: | 'user' => null, |
420: | 'type' => null |
421: | ); |
422: | |
423: | $fs_location = $this->domain_fs_path() . self::SUBDOMAIN_ROOT . "/$subdomain"; |
424: | |
425: | if (!strpos($subdomain, '.')) { |
426: | $type = 'global'; |
427: | } else if (!array_key_exists($subdomain, $this->list_domains())) { |
428: | $type = 'local'; |
429: | } else { |
430: | $type = 'fallthrough'; |
431: | } |
432: | |
433: | $info['type'] = $type; |
434: | $link = $fs_location . '/html'; |
435: | |
436: | |
437: | |
438: | |
439: | |
440: | |
441: | if (!file_exists($link) && !is_link($link)) { |
442: | return $info; |
443: | } |
444: | |
445: | if (!is_link($link)) { |
446: | $path = $link; |
447: | } else { |
448: | clearstatcache(true, $link); |
449: | $path = Opcenter\Filesystem::rel2abs($link, readlink($link)); |
450: | } |
451: | $info['path'] = $this->file_canonicalize_site($path); |
452: | |
453: | $info['active'] = file_exists($link) && is_readable($link); |
454: | $stat = $this->file_stat($info['path']); |
455: | if (!$stat) { |
456: | return $info; |
457: | } |
458: | $info['user'] = $stat['owner']; |
459: | |
460: | return $info; |
461: | } |
462: | |
463: | |
464: | |
465: | |
466: | |
467: | |
468: | |
469: | |
470: | |
471: | |
472: | |
473: | |
474: | public function subdomain_exists(string $subdomain): bool |
475: | { |
476: | if ($subdomain[0] === '*') { |
477: | $subdomain = substr($subdomain, 2); |
478: | } |
479: | $path = $this->domain_fs_path(self::SUBDOMAIN_ROOT . "/$subdomain"); |
480: | |
481: | return file_exists($path); |
482: | } |
483: | |
484: | public function list_domains(): array |
485: | { |
486: | $domains = array_merge( |
487: | array($this->getConfig('siteinfo', 'domain') => self::MAIN_DOC_ROOT), |
488: | $this->aliases_list_shared_domains() |
489: | ); |
490: | |
491: | return $domains + array_fill_keys( |
492: | array_keys(array_diff_key(array_flip($this->aliases_list_aliases()), $domains)), |
493: | self::MAIN_DOC_ROOT |
494: | ); |
495: | |
496: | } |
497: | |
498: | |
499: | |
500: | |
501: | |
502: | |
503: | |
504: | public function split_host(string $host) |
505: | { |
506: | if (!preg_match(Regex::HTTP_HOST, $host)) { |
507: | return error([':err_split_host_invalid', "can't split, invalid host `%s'"], $host); |
508: | } |
509: | $split = array( |
510: | 'subdomain' => '', |
511: | 'domain' => $host |
512: | ); |
513: | $domain_lookup = $this->list_domains(); |
514: | if (!$host || isset($domain_lookup[$host])) { |
515: | return $split; |
516: | } |
517: | |
518: | $offset = 0; |
519: | $level_sep = strpos($host, '.'); |
520: | do { |
521: | $subdomain = substr($host, $offset, $level_sep - $offset); |
522: | $domain = substr($host, $level_sep + 1); |
523: | if (isset($domain_lookup[$domain])) { |
524: | break; |
525: | } |
526: | |
527: | $offset = $level_sep + 1; |
528: | $level_sep = strpos($host, '.', $offset + 1); |
529: | } while ($level_sep !== false); |
530: | |
531: | if (!isset($domain_lookup[$domain])) { |
532: | return $split; |
533: | } |
534: | $split['subdomain'] = (string)substr($host, 0, $offset) . $subdomain; |
535: | $split['domain'] = $domain; |
536: | |
537: | return $split; |
538: | } |
539: | |
540: | |
541: | |
542: | |
543: | |
544: | |
545: | |
546: | public function normalize_hostname(string $host): string |
547: | { |
548: | if (false !== strpos($host, '.')) { |
549: | return $host; |
550: | } |
551: | |
552: | |
553: | return $host . '.' . |
554: | ($this->inContext() ? $this->domain : \Session::get('entry_domain', $this->domain)); |
555: | } |
556: | |
557: | |
558: | |
559: | |
560: | |
561: | |
562: | |
563: | |
564: | |
565: | |
566: | |
567: | |
568: | |
569: | |
570: | public function domain_info(string $domain) |
571: | { |
572: | if (!$this->domain_exists($domain)) { |
573: | return error($domain . ': domain does not exist'); |
574: | } |
575: | |
576: | $path = self::MAIN_DOC_ROOT; |
577: | $info = array( |
578: | 'path' => $path, |
579: | 'active' => false, |
580: | 'user' => null |
581: | ); |
582: | |
583: | if ($domain !== $this->getConfig('siteinfo', 'domain')) { |
584: | $domains = $this->aliases_list_shared_domains(); |
585: | |
586: | $path = $domains[$domain] ?? self::MAIN_DOC_ROOT; |
587: | } |
588: | $info['path'] = $path; |
589: | $info['active'] = is_readable($this->domain_fs_path() . $path); |
590: | |
591: | $stat = $this->file_stat($path); |
592: | if (!$stat) { |
593: | return $stat; |
594: | } |
595: | $info['user'] = $stat['owner']; |
596: | |
597: | return $info; |
598: | } |
599: | |
600: | |
601: | |
602: | |
603: | |
604: | |
605: | |
606: | |
607: | |
608: | |
609: | |
610: | |
611: | public function domain_exists(string $domain): bool |
612: | { |
613: | return $domain == $this->getConfig('siteinfo', 'domain') || |
614: | in_array($domain, $this->aliases_list_aliases(), true); |
615: | |
616: | } |
617: | |
618: | |
619: | |
620: | |
621: | |
622: | |
623: | |
624: | |
625: | |
626: | public function get_hostname_from_docroot(string $docroot): ?string |
627: | { |
628: | $docroot = rtrim($docroot, '/'); |
629: | if ($docroot === static::MAIN_DOC_ROOT) { |
630: | return $this->getServiceValue('siteinfo', 'domain'); |
631: | } |
632: | $aliases = $this->aliases_list_shared_domains(); |
633: | if (false !== ($domain = array_search($docroot, $aliases, true))) { |
634: | return $domain; |
635: | } |
636: | |
637: | if ($subdomain = $this->list_subdomains('path', $docroot)) { |
638: | return (string)key($subdomain); |
639: | } |
640: | |
641: | return null; |
642: | } |
643: | |
644: | |
645: | |
646: | |
647: | |
648: | |
649: | |
650: | |
651: | |
652: | public function get_all_hostnames_from_path(string $docroot): array |
653: | { |
654: | $hosts = []; |
655: | if ($docroot === static::MAIN_DOC_ROOT) { |
656: | $hosts[] = $this->getServiceValue('siteinfo', 'domain'); |
657: | } |
658: | foreach ($this->aliases_list_shared_domains() as $domain => $path) { |
659: | if ($docroot === $path) { |
660: | $hosts[] = $domain; |
661: | } |
662: | } |
663: | |
664: | return array_merge($hosts, array_keys($this->list_subdomains('path', '!' . preg_quote($docroot, '!') . '$!'))); |
665: | } |
666: | |
667: | |
668: | |
669: | |
670: | |
671: | |
672: | |
673: | public function extract_components_from_path(string $docroot): ?array |
674: | { |
675: | $path = []; |
676: | do { |
677: | if (null !== ($hostname = $this->get_hostname_from_docroot($docroot))) { |
678: | return [ |
679: | 'hostname' => $hostname, |
680: | 'path' => implode('/', $path) |
681: | ]; |
682: | } |
683: | array_unshift($path, \basename($docroot)); |
684: | $docroot = \dirname($docroot); |
685: | } while ($docroot !== '/'); |
686: | |
687: | return null; |
688: | } |
689: | |
690: | |
691: | |
692: | |
693: | |
694: | |
695: | |
696: | |
697: | public function bind_dav(string $location, string $provider): bool |
698: | { |
699: | if (!IS_CLI) { |
700: | return $this->query('web_bind_dav', $location, $provider); |
701: | } |
702: | |
703: | if (!$this->verco_svn_enabled() && (strtolower($provider) == 'svn')) { |
704: | return error('Cannot use Subversion provider when not enabled'); |
705: | } else if (!\in_array($provider, ['on', 'dav', 'svn'])) { |
706: | return error("Unknown dav provider `%s'", $provider); |
707: | } |
708: | if ($provider === 'dav') { |
709: | $provider = 'on'; |
710: | } |
711: | if ($location[0] != '/') { |
712: | return error("DAV location `%s' is not absolute", $location); |
713: | } |
714: | if (!file_exists($this->domain_fs_path() . $location)) { |
715: | return error('DAV location `%s\' does not exist', $location); |
716: | } |
717: | |
718: | $stat = $this->file_stat($location); |
719: | if (!$stat) { |
720: | return false; |
721: | } |
722: | |
723: | if ($stat['file_type'] != 'dir') { |
724: | return error("bind_dav: `$location' is not directory"); |
725: | } else if (!$stat['can_write']) { |
726: | return error("`%s': cannot write to directory", $location); |
727: | } |
728: | |
729: | $this->query('file_fix_apache_perms_backend', $location); |
730: | $file = $this->site_config_dir() . '/dav'; |
731: | |
732: | $locations = $this->parse_dav($file); |
733: | if (null !== ($chk = $locations[$location] ?? null) && $chk === $provider) { |
734: | return warn("DAV already enabled for `%s'", $location); |
735: | } |
736: | $locations[$location] = $provider; |
737: | |
738: | return $this->write_dav($file, $locations); |
739: | } |
740: | |
741: | |
742: | |
743: | |
744: | |
745: | |
746: | |
747: | private function parse_dav(string $path): array |
748: | { |
749: | $locations = []; |
750: | if (!file_exists($path)) { |
751: | return []; |
752: | } |
753: | $dav_config = trim(file_get_contents($path)); |
754: | |
755: | if (preg_match_all(\Regex::DAV_CONFIG, $dav_config, $matches, PREG_SET_ORDER)) { |
756: | foreach ($matches as $match) { |
757: | $cfgpath = $this->file_unmake_path($match['path']); |
758: | $locations[$cfgpath] = $match['provider']; |
759: | } |
760: | } |
761: | return $locations; |
762: | } |
763: | |
764: | |
765: | |
766: | |
767: | |
768: | |
769: | |
770: | |
771: | private function write_dav(string $path, array $cfg): bool |
772: | { |
773: | if (!$cfg) { |
774: | if (file_exists($path)) { |
775: | unlink($path); |
776: | } |
777: | return true; |
778: | } |
779: | $template = (new \Opcenter\Provisioning\ConfigurationWriter('apache.dav-provider', |
780: | \Opcenter\SiteConfiguration::shallow($this->getAuthContext()))) |
781: | ->compile([ |
782: | 'prefix' => $this->domain_fs_path(), |
783: | 'locations' => $cfg |
784: | ]); |
785: | return file_put_contents($path, $template) !== false; |
786: | } |
787: | |
788: | public function site_config_dir(): string |
789: | { |
790: | return Apache::siteStoragePath($this->site); |
791: | } |
792: | |
793: | |
794: | |
795: | |
796: | |
797: | |
798: | |
799: | |
800: | public function allow_protocol(string $hostname, string $proto = 'http10'): bool |
801: | { |
802: | if (!IS_CLI) { |
803: | return $this->query('web_allow_protocol', $hostname, $proto); |
804: | } |
805: | if ($proto !== 'http10') { |
806: | return error("protocol `%s' not known, only http10 accepted", $proto); |
807: | } |
808: | if (!$this->protocol_disallowed($hostname, $proto)) { |
809: | return true; |
810: | } |
811: | if (!$this->split_host($hostname)) { |
812: | |
813: | return error("Invalid hostname `%s'", $hostname); |
814: | } |
815: | $map = Map::open(self::PROTOCOL_MAP, Map::MODE_WRITE); |
816: | $map[$hostname] = $this->site_id; |
817: | |
818: | return $map->sync(); |
819: | } |
820: | |
821: | |
822: | |
823: | |
824: | |
825: | |
826: | |
827: | |
828: | public function protocol_disallowed(string $hostname, string $proto = 'http10'): bool |
829: | { |
830: | if ($proto !== 'http10') { |
831: | return error("protocol `%s' not known, only http10 accepted", $proto); |
832: | } |
833: | $map = Map::open(self::PROTOCOL_MAP); |
834: | |
835: | return !isset($map[$hostname]); |
836: | } |
837: | |
838: | |
839: | |
840: | |
841: | |
842: | |
843: | |
844: | |
845: | public function disallow_protocol(string $hostname, string $proto = 'http10'): bool |
846: | { |
847: | if (!IS_CLI) { |
848: | return $this->query('web_disallow_protocol', $hostname, $proto); |
849: | } |
850: | if ($proto !== 'http10') { |
851: | return error("protocol `%s' not known, only http10 accepted", $proto); |
852: | } |
853: | |
854: | if (!$this->get_docroot($hostname)) { |
855: | return false; |
856: | } |
857: | |
858: | if ($this->protocol_disallowed($hostname, $proto)) { |
859: | return true; |
860: | } |
861: | $map = Map::open(self::PROTOCOL_MAP, Map::MODE_WRITE); |
862: | if ((int)($map[$hostname] ?? -1) !== $this->site_id) { |
863: | return warn("Site `%s' not found in map", $hostname); |
864: | } |
865: | |
866: | unset($map[$hostname]); |
867: | |
868: | return $map->sync(); |
869: | |
870: | } |
871: | |
872: | public function unbind_dav(string $location): bool |
873: | { |
874: | if (!IS_CLI) { |
875: | return $this->query('web_unbind_dav', $location); |
876: | } |
877: | $file = $this->site_config_dir() . '/dav'; |
878: | $locations = $this->parse_dav($file); |
879: | if (!isset($locations[$location])) { |
880: | return warn("DAV not enabled for `%s'", $location); |
881: | } |
882: | unset($locations[$location]); |
883: | |
884: | return $this->write_dav($file, $locations); |
885: | |
886: | } |
887: | |
888: | public function list_dav_locations(): array |
889: | { |
890: | $file = $this->site_config_dir() . '/dav'; |
891: | $locations = []; |
892: | foreach ($this->parse_dav($file) as $path => $type) { |
893: | $locations[] = [ |
894: | 'path' => $path, |
895: | 'provider' => $type === 'on' ? 'dav' : $type |
896: | ]; |
897: | } |
898: | return $locations; |
899: | } |
900: | |
901: | public function _edit() |
902: | { |
903: | $conf_new = $this->getAuthContext()->getAccount()->new; |
904: | $conf_old = $this->getAuthContext()->getAccount()->old; |
905: | |
906: | $ssl = \Opcenter\SiteConfiguration::getModuleRemap('openssl'); |
907: | if ($conf_new['apache'] != $conf_old['apache'] || |
908: | $conf_new['ipinfo'] != $conf_old['ipinfo'] || |
909: | $conf_new[$ssl] != $conf_old[$ssl] || |
910: | $conf_new['aliases'] != $conf_old['aliases'] |
911: | ) { |
912: | Apache::activate(); |
913: | } |
914: | |
915: | } |
916: | |
917: | public function _edit_user(string $userold, string $usernew, array $oldpwd) |
918: | { |
919: | if ($userold === $usernew) { |
920: | return; |
921: | } |
922: | |
923: | |
924: | |
925: | |
926: | |
927: | |
928: | $userhome = $this->user_get_user_home($usernew); |
929: | $re = '!^' . $oldpwd['home'] . '!'; |
930: | mute_warn(); |
931: | $subdomains = $this->list_subdomains('path', $re); |
932: | unmute_warn(); |
933: | foreach ($subdomains as $subdomain => $path) { |
934: | $newpath = preg_replace('!' . DIRECTORY_SEPARATOR . $userold . '!', |
935: | DIRECTORY_SEPARATOR . $usernew, $path, 1); |
936: | if ($subdomain === $userold) { |
937: | $newsubdomain = $usernew; |
938: | } else { |
939: | $newsubdomain = $subdomain; |
940: | } |
941: | if ($this->rename_subdomain($subdomain, $newsubdomain, $newpath)) { |
942: | info("moved subdomain `%s' from `%s' to `%s'", $subdomain, $path, $newpath); |
943: | } |
944: | } |
945: | |
946: | return true; |
947: | } |
948: | |
949: | |
950: | |
951: | |
952: | |
953: | |
954: | |
955: | |
956: | |
957: | public function rename_subdomain(string $subdomain, string $newsubdomain = null, string $newpath = null): bool |
958: | { |
959: | if (!$this->subdomain_exists($subdomain)) { |
960: | $parts = array_values($this->split_host($subdomain)); |
961: | if ($parts[0] && $this->subdomain_exists($parts[0])) { |
962: | |
963: | warn("Requested subdomain %(local)s is global subdomain %(global)s. Retrying %(fn)s.", [ |
964: | 'local' => $subdomain, |
965: | 'global' => $parts[0], |
966: | 'fn' => 'web_' . __FUNCTION__ |
967: | ]); |
968: | return $this->rename_subdomain($parts[0], $newsubdomain, $newpath); |
969: | } |
970: | return error('%s: subdomain does not exist', $subdomain); |
971: | } |
972: | if ($newsubdomain && $subdomain !== $newsubdomain && $this->subdomain_exists($newsubdomain)) { |
973: | return error("destination subdomain `%s' already exists", $newsubdomain); |
974: | } |
975: | if (!$newsubdomain && !$newpath) { |
976: | return error('no rename operation specified'); |
977: | } |
978: | if ($newpath && ($newpath[0] != '/' && $newpath[0] != '.')) { |
979: | return error("invalid path `%s', subdomain path must " . |
980: | 'be relative or absolute', $newpath); |
981: | } |
982: | |
983: | if (!$newsubdomain) { |
984: | $newsubdomain = $subdomain; |
985: | } else { |
986: | $newsubdomain = strtolower($newsubdomain); |
987: | } |
988: | |
989: | unset($this->hostCache[$subdomain], $this->hostCache[$newsubdomain]); |
990: | $sdpath = Opcenter\Http\Apache::makeSubdomainPath($subdomain); |
991: | $stat = $this->file_stat($sdpath); |
992: | $old_path = $stat['link'] ? $stat['referent'] : $sdpath; |
993: | |
994: | if (!$newpath) { |
995: | $newpath = $old_path; |
996: | } |
997: | if (!$newsubdomain) { |
998: | $newsubdomain = $subdomain; |
999: | } |
1000: | |
1001: | |
1002: | if (!$this->file_exists($newpath . '/index.html')) { |
1003: | defer($_, fn() => $this->file_delete($newpath . '/index.html')); |
1004: | } |
1005: | |
1006: | if ($subdomain !== $newsubdomain) { |
1007: | if (!$this->remove_subdomain($subdomain) || !$this->add_subdomain($newsubdomain, $newpath)) { |
1008: | error("changing subdomain `%s' to `%s' failed", $subdomain, $newsubdomain); |
1009: | if (!$this->add_subdomain($subdomain, $old_path)) { |
1010: | error("critical: could not reassign subdomain `%(sub)s' to `%(path)s' after failed rename", [ |
1011: | 'sub' => $subdomain, |
1012: | 'path' => $old_path |
1013: | ]); |
1014: | } |
1015: | |
1016: | return false; |
1017: | } |
1018: | } else if (!$this->remove_subdomain($subdomain, true) || !$this->add_subdomain($subdomain, $newpath)) { |
1019: | error("failed to change path for `%s' from `%s' to `%s'", |
1020: | $subdomain, |
1021: | $old_path, |
1022: | $newpath); |
1023: | if (!$this->add_subdomain($subdomain, $old_path)) { |
1024: | error("failed to restore subdomain `%s' to old path `%s'", |
1025: | $subdomain, |
1026: | $old_path); |
1027: | } |
1028: | |
1029: | return false; |
1030: | } |
1031: | |
1032: | $this->file_purge(false); |
1033: | |
1034: | if ($subdomain !== $newsubdomain) { |
1035: | MetaManager::instantiateContexted($this->getAuthContext()) |
1036: | ->merge($newpath, ['hostname' => $newsubdomain])->sync(); |
1037: | } |
1038: | return true; |
1039: | } |
1040: | |
1041: | |
1042: | |
1043: | |
1044: | |
1045: | |
1046: | |
1047: | |
1048: | public function remove_subdomain(string $subdomain, bool $keepdns = false): bool |
1049: | { |
1050: | |
1051: | $this->purge(); |
1052: | if (!IS_CLI) { |
1053: | |
1054: | $docroot = $this->get_docroot($subdomain); |
1055: | if (false && $docroot) { |
1056: | |
1057: | |
1058: | $mm = MetaManager::factory($this->getAuthContext()); |
1059: | $app = \Module\Support\Webapps\App\Loader::fromDocroot( |
1060: | array_get($mm->get($docroot), 'type', 'unknown'), |
1061: | $docroot, |
1062: | $this->getAuthContext() |
1063: | ); |
1064: | $app->uninstall(); |
1065: | } |
1066: | |
1067: | if (!$this->query('web_remove_subdomain', $subdomain)) { |
1068: | return false; |
1069: | } |
1070: | |
1071: | if (false && $docroot) { |
1072: | $mm->forget($docroot)->sync(); |
1073: | } |
1074: | return true; |
1075: | } |
1076: | |
1077: | $subdomain = strtolower((string)$subdomain); |
1078: | |
1079: | if (!preg_match(Regex::SUBDOMAIN, $subdomain) && |
1080: | 0 !== strncmp($subdomain, '*.', 2) && |
1081: | !preg_match(Regex::DOMAIN, preg_replace('/^\*\./', '', $subdomain)) |
1082: | ) |
1083: | { |
1084: | return error('%s: invalid subdomain', $subdomain); |
1085: | } |
1086: | if ($subdomain[0] === '*') { |
1087: | $subdomain = substr($subdomain, 2); |
1088: | } |
1089: | if (!$this->subdomain_exists($subdomain)) { |
1090: | return warn('%s: subdomain does not exist', $subdomain); |
1091: | } |
1092: | |
1093: | $this->map_subdomain('delete', $subdomain); |
1094: | $path = $this->domain_fs_path() . self::SUBDOMAIN_ROOT . "/$subdomain"; |
1095: | if (is_link($path)) { |
1096: | return unlink($path) && warn("subdomain `%s' path `%s' corrupted, removing reference", |
1097: | $subdomain, |
1098: | $this->file_unmake_path($path) |
1099: | ); |
1100: | } |
1101: | |
1102: | $dh = opendir($path); |
1103: | while (false !== ($entry = readdir($dh))) { |
1104: | if ($entry === '..' || $entry === '.') { |
1105: | continue; |
1106: | } |
1107: | if (!is_link($path . '/' . $entry) && is_dir($path . '/' . $entry)) { |
1108: | warn("directory found in subdomain `%s'", $entry); |
1109: | Filesystem::rmdir($path . '/' . $entry); |
1110: | } else { |
1111: | unlink($path . '/' . $entry); |
1112: | } |
1113: | } |
1114: | closedir($dh); |
1115: | rmdir($path); |
1116: | |
1117: | if (!$this->dns_configured() || $keepdns) { |
1118: | return true; |
1119: | } |
1120: | $hostcomponents = [ |
1121: | 'subdomain' => $subdomain, |
1122: | 'domain' => '' |
1123: | ]; |
1124: | if (false !== strpos($subdomain, '.')) { |
1125: | $hostcomponents = $this->split_host($subdomain); |
1126: | } |
1127: | if (!$hostcomponents['subdomain']) { |
1128: | return true; |
1129: | } |
1130: | if (!$hostcomponents['domain']) { |
1131: | $hostcomponents['domain'] = array_keys($this->list_domains()); |
1132: | } |
1133: | $ret = true; |
1134: | |
1135: | $ips = []; |
1136: | if ($tmp = $this->dns_get_public_ip()) { |
1137: | $ips = (array)$tmp; |
1138: | } |
1139: | if ($tmp = $this->dns_get_public_ip6()) { |
1140: | $ips = array_merge($ips, (array)$tmp); |
1141: | } |
1142: | |
1143: | $components = ['']; |
1144: | if (DNS_SUBDOMAIN_IMPLICIT_WWW) { |
1145: | $components[] = 'www'; |
1146: | } |
1147: | foreach ((array)$hostcomponents['domain'] as $domain) { |
1148: | foreach ($components as $component) { |
1149: | $subdomain = ltrim("{$component}." . $hostcomponents['subdomain'], '.'); |
1150: | foreach ($ips as $ip) { |
1151: | $rr = false === strpos($ip, ':') ? 'A' : 'AAAA'; |
1152: | if ($this->dns_record_exists($domain, $subdomain, $rr, $ip)) { |
1153: | $oldex = \Error_Reporter::exception_upgrade(\Error_Reporter::E_ERROR); |
1154: | try { |
1155: | $ret &= $this->dns_remove_record($domain, $subdomain, $rr, $ip); |
1156: | } catch (\apnscpException $e) { |
1157: | warn($e->getMessage()); |
1158: | } finally { |
1159: | \Error_Reporter::exception_upgrade($oldex); |
1160: | } |
1161: | } |
1162: | } |
1163: | } |
1164: | } |
1165: | |
1166: | return (bool)$ret; |
1167: | } |
1168: | |
1169: | |
1170: | |
1171: | |
1172: | |
1173: | |
1174: | public function purge(): void |
1175: | { |
1176: | $this->pathCache = []; |
1177: | $this->hostCache = []; |
1178: | if (!IS_CLI) { |
1179: | $this->query('web_purge'); |
1180: | } |
1181: | } |
1182: | |
1183: | |
1184: | |
1185: | |
1186: | |
1187: | |
1188: | |
1189: | |
1190: | |
1191: | |
1192: | |
1193: | public function map_subdomain(string $mode, string $subdomain, string $path = null, string $user = null): bool |
1194: | { |
1195: | if (!IS_CLI) { |
1196: | return $this->query('web_map_subdomain', |
1197: | $mode, |
1198: | $subdomain, |
1199: | $path, |
1200: | $user); |
1201: | } |
1202: | |
1203: | $mode = substr($mode, 0, 3); |
1204: | if (!preg_match(Regex::SUBDOMAIN, $subdomain) && |
1205: | !preg_match(Regex::DOMAIN, $subdomain)) |
1206: | { |
1207: | return error($subdomain . ': invalid subdomain'); |
1208: | } |
1209: | if ($mode != 'add' && $mode != 'del') { |
1210: | return error($mode . ': invalid mapping operation'); |
1211: | } |
1212: | if ($mode == 'del') { |
1213: | $docroot = $this->get_docroot($subdomain); |
1214: | if ($docroot) { |
1215: | MetaManager::factory($this->getAuthContext())->forget($docroot)->sync(); |
1216: | } |
1217: | |
1218: | return $this->file_delete('/home/*/all_subdomains/' . $subdomain); |
1219: | } |
1220: | if ($mode == 'add') { |
1221: | if (!$user) { |
1222: | $stat = $this->file_stat($path); |
1223: | if (!$stat) { |
1224: | return error("Cannot map subdomain - failed to determine user from `%s'", $path); |
1225: | } |
1226: | |
1227: | $user = $stat['uid'] >= \User_Module::MIN_UID ? $this->user_get_username_from_uid($stat['uid']) : $this->username; |
1228: | |
1229: | } |
1230: | $user_home = '/home/' . $user; |
1231: | $user_home_abs = $this->domain_fs_path() . $user_home; |
1232: | |
1233: | if (!file_exists($this->domain_fs_path() . $path)) { |
1234: | warn($path . ': path does not exist, creating link'); |
1235: | } |
1236: | if (!file_exists($user_home_abs . '/all_subdomains')) { |
1237: | $this->file_create_directory($user_home . '/all_subdomains'); |
1238: | $this->file_chown($user_home . '/all_subdomains', $user); |
1239: | } |
1240: | $this->file_symlink($path, $user_home . '/all_subdomains/' . $subdomain) && |
1241: | $this->file_chown_symlink($user_home . '/all_subdomains/' . $subdomain, $user); |
1242: | } |
1243: | |
1244: | return true; |
1245: | } |
1246: | |
1247: | |
1248: | |
1249: | |
1250: | |
1251: | |
1252: | |
1253: | |
1254: | |
1255: | |
1256: | |
1257: | |
1258: | |
1259: | public function add_subdomain(string $subdomain, string $docroot): bool |
1260: | { |
1261: | if (!IS_CLI) { |
1262: | return $this->query('web_add_subdomain', $subdomain, $docroot); |
1263: | } |
1264: | |
1265: | $subdomain = strtolower(trim((string)$subdomain)); |
1266: | if ($subdomain === 'www') { |
1267: | return error('illegal subdomain name'); |
1268: | } |
1269: | $subdomain = preg_replace('/^www\./', '', strtolower($subdomain)); |
1270: | if (!$subdomain) { |
1271: | return error('Missing subdomain'); |
1272: | } |
1273: | |
1274: | if (!preg_match(Regex::SUBDOMAIN, $subdomain) && |
1275: | 0 !== strncmp($subdomain, '*.', 2) && |
1276: | !preg_match(Regex::DOMAIN, preg_replace('/^\*\./', '', $subdomain)) |
1277: | ) { |
1278: | return error($subdomain . ': invalid subdomain'); |
1279: | } |
1280: | if ($this->subdomain_exists($subdomain)) { |
1281: | return error($subdomain . ': subdomain exists'); |
1282: | } else if ($subdomain === gethostname()) { |
1283: | warn("Subdomain duplicates system hostname `%s'. Supplied document root will " . |
1284: | 'never have precedence over system document root.', $subdomain); |
1285: | } |
1286: | |
1287: | $components = filter(fn() => $this->split_host( |
1288: | preg_replace('/^\*\./', '', $subdomain) |
1289: | ), ':err_split_host_invalid'); |
1290: | |
1291: | if (str_contains($subdomain, '.') && |
1292: | (false === $components || !$this->domain_exists($components['domain']))) |
1293: | { |
1294: | return error("Global subdomain subdomains are unsupported"); |
1295: | } |
1296: | |
1297: | if ($docroot[0] != '/' && $docroot[0] != '.') { |
1298: | return error("invalid path `%s', subdomain path must " . |
1299: | 'be relative or absolute', $docroot); |
1300: | } |
1301: | |
1302: | |
1303: | |
1304: | |
1305: | |
1306: | |
1307: | |
1308: | |
1309: | |
1310: | |
1311: | |
1312: | $domains = array_keys($this->list_domains()); |
1313: | if ($subdomain[0] === '*') { |
1314: | $subdomain = substr($subdomain, 2); |
1315: | $domain = ''; |
1316: | if (!in_array($subdomain, $domains, true)) { |
1317: | return error("domain `%s' not attached to account (DNS > Addon Domains)", $domain); |
1318: | } |
1319: | } |
1320: | if ( null !== ($limit = $this->getConfig('apache', 'subnum', null) ) && ($limit <= count($this->list_subdomains())) ) { |
1321: | return error('Subdomain limit %d has been reached - cannot add %s', $limit, $subdomain); |
1322: | } |
1323: | |
1324: | |
1325: | $FQDN = false; |
1326: | |
1327: | |
1328: | $recs_to_add = array(); |
1329: | foreach ($domains as $domain) { |
1330: | if (preg_match('/\.' . $domain . '$/', $subdomain)) { |
1331: | |
1332: | $FQDN = true; |
1333: | $recs_to_add = array( |
1334: | array( |
1335: | 'subdomain' => substr($subdomain, 0, -strlen($domain) - 1), |
1336: | 'domain' => $domain |
1337: | ) |
1338: | ); |
1339: | break; |
1340: | } else if ($subdomain === $domain) { |
1341: | |
1342: | $recs_to_add[] = array( |
1343: | 'subdomain' => '*', |
1344: | 'domain' => $domain |
1345: | ); |
1346: | |
1347: | } |
1348: | } |
1349: | if (!$recs_to_add) { |
1350: | |
1351: | foreach ($domains as $domain) { |
1352: | $recs_to_add[] = array( |
1353: | 'subdomain' => $subdomain, |
1354: | 'domain' => $domain |
1355: | ); |
1356: | } |
1357: | } |
1358: | |
1359: | $ips = []; |
1360: | if ($tmp = $this->dns_get_public_ip()) { |
1361: | $ips = (array)$tmp; |
1362: | } |
1363: | if ($tmp = $this->dns_get_public_ip6()) { |
1364: | $ips = array_merge($ips, (array)$tmp); |
1365: | } |
1366: | |
1367: | foreach ($recs_to_add as $record) { |
1368: | foreach ($ips as $ip) { |
1369: | $rr = false === strpos($ip, ':') ? 'A' : 'AAAA'; |
1370: | $this->dns_add_record_conditionally($record['domain'], $record['subdomain'], $rr, $ip); |
1371: | if ($record['subdomain'] !== '*') { |
1372: | $this->dns_add_record_conditionally( |
1373: | $record['domain'], |
1374: | 'www.' . $record['subdomain'], |
1375: | $rr, |
1376: | $ip |
1377: | ); |
1378: | } |
1379: | } |
1380: | } |
1381: | |
1382: | |
1383: | |
1384: | |
1385: | |
1386: | |
1387: | |
1388: | $realpath = $this->file_unmake_path(realpath($this->file_make_path($docroot))); |
1389: | |
1390: | if (preg_match('!^/home/([^/]+)!', $realpath, $user_home)) { |
1391: | $user = $user_home[1]; |
1392: | $stat = $this->file_stat('/home/' . $user); |
1393: | if (!$stat) { |
1394: | return error("user `%s' does not exist", $user); |
1395: | } |
1396: | |
1397: | if (!$this->file_chmod("/home/{$user}", decoct($stat['permissions']) | 001)) { |
1398: | return false; |
1399: | } |
1400: | |
1401: | if ($this->php_jailed()) { |
1402: | |
1403: | $this->file_set_acls("/home/{$user}", $this->get_user($subdomain,''), 'x'); |
1404: | } |
1405: | |
1406: | } else { |
1407: | $user = $this->getServiceValue('siteinfo', 'admin_user'); |
1408: | } |
1409: | |
1410: | $prefix = $this->domain_fs_path(); |
1411: | if (!$this->file_exists($docroot) || empty($this->file_get_directory_contents($docroot))) { |
1412: | if (\Util_PHP::is_link($prefix . $docroot)) { |
1413: | |
1414: | |
1415: | $newlink = Opcenter\Filesystem::abs2rel($docroot, readlink($prefix . $docroot)); |
1416: | warn('converted unfollowable absolute symlink to relative (document root): %s -> %s', $docroot, |
1417: | $newlink); |
1418: | unlink($prefix . $docroot); |
1419: | $ret = $this->file_symlink($newlink, $docroot); |
1420: | } else { |
1421: | $ret = $this->file_create_directory($docroot, 0755, true); |
1422: | } |
1423: | |
1424: | if (!$ret) { |
1425: | return $ret; |
1426: | } |
1427: | $this->file_chown($docroot, $user); |
1428: | $index = $prefix . $docroot . '/index.html'; |
1429: | $template = (string)(new ConfigurationWriter('apache.placeholder', |
1430: | \Opcenter\SiteConfiguration::shallow($this->getAuthContext())))->compile([ |
1431: | 'hostname' => $subdomain, |
1432: | 'docroot' => $docroot, |
1433: | 'user' => $user |
1434: | ]); |
1435: | file_put_contents($index, $template) && |
1436: | Filesystem::chogp($index, (int)$this->user_get_uid_from_username($user), $this->group_id, 0644); |
1437: | } |
1438: | $subdomainpath = Opcenter\Http\Apache::makeSubdomainPath($subdomain); |
1439: | |
1440: | defer($_, function () use($subdomain) { |
1441: | UIPanel::instantiateContexted($this->getAuthContext())->freshen($subdomain, "", |
1442: | (bool)SCREENSHOTS_ENABLED); |
1443: | }); |
1444: | |
1445: | return $this->add_subdomain_raw($subdomain, |
1446: | Opcenter\Filesystem::abs2rel($subdomainpath, $docroot)) && |
1447: | $this->map_subdomain('add', $subdomain, $docroot); |
1448: | } |
1449: | |
1450: | public function add_subdomain_raw(string $subdomain, string $docroot): bool |
1451: | { |
1452: | $prefix = $this->domain_fs_path(); |
1453: | $subdomain_path = Opcenter\Http\Apache::makeSubdomainPath($subdomain); |
1454: | $subdomain_parent = dirname($prefix . $subdomain_path); |
1455: | if (!file_exists($subdomain_parent)) { |
1456: | \Opcenter\Filesystem::mkdir($subdomain_parent, $this->user_id, $this->group_id); |
1457: | } |
1458: | $tmp = $docroot; |
1459: | if ($docroot[0] === '.' && $docroot[1] == '.') { |
1460: | $tmp = $subdomain_parent . DIRECTORY_SEPARATOR . $docroot; |
1461: | } |
1462: | clearstatcache(true, $tmp); |
1463: | $user = fileowner($tmp); |
1464: | if (!file_exists($tmp)) { |
1465: | Error_Reporter::print_debug_bt(); |
1466: | } |
1467: | |
1468: | return symlink($docroot, $prefix . $subdomain_path) && |
1469: | Util_PHP::lchown($prefix . $subdomain_path, $user) && |
1470: | Util_PHP::lchgrp($prefix . $subdomain_path, $this->group_id); |
1471: | } |
1472: | |
1473: | |
1474: | |
1475: | |
1476: | |
1477: | |
1478: | public function status(): array |
1479: | { |
1480: | return Apache::getReportedServiceStatus(); |
1481: | } |
1482: | |
1483: | |
1484: | |
1485: | |
1486: | public function _create() |
1487: | { |
1488: | Apache::activate(); |
1489: | } |
1490: | |
1491: | public function _verify_conf(\Opcenter\Service\ConfigurationContext $ctx): bool |
1492: | { |
1493: | return true; |
1494: | } |
1495: | |
1496: | public function _reload(string $why = '', array $args = []) |
1497: | { |
1498: | if (in_array($why, ['', 'php', 'aliases', Ssl_Module::SYS_RHOOK, Ssl_Module::USER_RHOOK], true)) { |
1499: | return Apache::activate(); |
1500: | } |
1501: | } |
1502: | |
1503: | public function _housekeeping() { |
1504: | |
1505: | $class = new ReflectionClass(\Service\CaptureDevices\Chromedriver::class); |
1506: | $instance = $class->newInstanceWithoutConstructor(); |
1507: | if ($instance->running()) { |
1508: | $instance->stop(true); |
1509: | } |
1510: | } |
1511: | |
1512: | public function _cron(Cronus $c) { |
1513: | if (SCREENSHOTS_ENABLED && !APNSCPD_HEADLESS) { |
1514: | $c->schedule(60 * 60, 'screenshots', static function () { |
1515: | |
1516: | $n = (int)sprintf('%u', SCREENSHOTS_BATCH); |
1517: | $job = (new \Service\BulkCapture(new \Service\CaptureDevices\Chromedriver)); |
1518: | $job->batch($n); |
1519: | |
1520: | }); |
1521: | } |
1522: | |
1523: | |
1524: | if (TELEMETRY_ENABLED) { |
1525: | $collector = new Collector(PostgreSQL::pdo()); |
1526: | |
1527: | if ( !($status = $this->status()) ) { |
1528: | |
1529: | |
1530: | |
1531: | $status = array_fill_keys(array_values(ApacheMetrics::ATTRVAL_MAP), 0); |
1532: | } |
1533: | |
1534: | foreach (ApacheMetrics::ATTRVAL_MAP as $attr => $metric) { |
1535: | $collector->add("apache-{$attr}", null, (int)$status[$metric]); |
1536: | } |
1537: | } |
1538: | } |
1539: | |
1540: | public function _delete() |
1541: | { |
1542: | |
1543: | } |
1544: | |
1545: | public function http_config_dir(): string |
1546: | { |
1547: | deprecated_func('use site_config_dir'); |
1548: | |
1549: | return $this->site_config_dir(); |
1550: | } |
1551: | |
1552: | public function config_dir(): string |
1553: | { |
1554: | return Apache::CONFIG_PATH; |
1555: | } |
1556: | |
1557: | public function _delete_user(string $user) |
1558: | { |
1559: | $this->remove_user_subdomain($user); |
1560: | } |
1561: | |
1562: | |
1563: | |
1564: | |
1565: | |
1566: | |
1567: | |
1568: | public function remove_user_subdomain(string $user): bool |
1569: | { |
1570: | $ret = true; |
1571: | $home = $this->user_get_user_home($user) . '/'; |
1572: | foreach ($this->list_subdomains() as $subdomain => $dir) { |
1573: | if (!str_starts_with($dir, $home)) { |
1574: | continue; |
1575: | } |
1576: | $ret &= $this->remove_subdomain($subdomain); |
1577: | } |
1578: | |
1579: | return (bool)$ret; |
1580: | } |
1581: | |
1582: | |
1583: | |
1584: | |
1585: | |
1586: | |
1587: | |
1588: | |
1589: | public function set_ssl(string $hostname, int|HSTSMode $redirection_mode = HSTSMode::disabled): bool |
1590: | { |
1591: | if (!IS_CLI) { |
1592: | return $this->query('web_set_ssl', $hostname, $redirection_mode); |
1593: | } |
1594: | |
1595: | if (!($parts = filter(fn() => $this->split_host($hostname), ':err_split_host_invalid')) || |
1596: | !$this->domain_exists($parts['domain'])) |
1597: | { |
1598: | return error("Invalid hostname"); |
1599: | } |
1600: | |
1601: | if (is_int($redirection_mode)) { |
1602: | try { |
1603: | $redirection_mode = HSTSMode::from($redirection_mode); |
1604: | } catch (ValueError) { |
1605: | return error("Invalid mode"); |
1606: | } |
1607: | } |
1608: | |
1609: | if (!empty($parts['subdomain']) && $redirection_mode > HSTSMode::enabled) { |
1610: | return error("HSTS subdomain settings may not contain a subdomain"); |
1611: | } |
1612: | |
1613: | $map = TlsMap::open(TlsMap::DOMAIN_MAP, TlsMap::MODE_WRITE); |
1614: | $map["{$this->site_id}:{$hostname}"] = $redirection_mode->value; |
1615: | $map->sync(); |
1616: | |
1617: | return true; |
1618: | } |
1619: | |
1620: | |
1621: | |
1622: | |
1623: | public function remove_ssl(string $hostname): bool |
1624: | { |
1625: | if (!IS_CLI) { |
1626: | return $this->query('web_remove_ssl', $hostname); |
1627: | } |
1628: | |
1629: | if (!filter(fn() => $this->split_host($hostname), ':err_split_host_invalid')) { |
1630: | return error("Invalid hostname"); |
1631: | } |
1632: | |
1633: | $key = "{$this->site_id}:{$hostname}"; |
1634: | |
1635: | $map = TlsMap::open(TlsMap::DOMAIN_MAP, TlsMap::MODE_WRITE); |
1636: | if (!$map->offsetExists($key)) { |
1637: | return warn("Hostname %(host)s does not exist", ['host' => $hostname]); |
1638: | } |
1639: | unset($map[$key]); |
1640: | |
1641: | return $map->sync(); |
1642: | } |
1643: | |
1644: | |
1645: | |
1646: | |
1647: | |
1648: | |
1649: | public function list_ssl(): array |
1650: | { |
1651: | $hosts = []; |
1652: | $map = TlsMap::open(TlsMap::DOMAIN_MAP, TlsMap::MODE_READ); |
1653: | $prefix = "{$this->site_id}:"; |
1654: | foreach ($map as $key => $mode) { |
1655: | if (str_starts_with($key, $prefix)) { |
1656: | $hosts[substr($key, strlen($prefix))] = (int)$mode; |
1657: | } |
1658: | } |
1659: | |
1660: | return $hosts; |
1661: | } |
1662: | |
1663: | |
1664: | |
1665: | |
1666: | |
1667: | |
1668: | |
1669: | public function ssl_mode(string $hostname): ?int |
1670: | { |
1671: | if (!preg_match(Regex::HTTP_HOST, $hostname)) { |
1672: | return nerror("Invalid hostname"); |
1673: | } |
1674: | |
1675: | $map = TlsMap::open(TlsMap::DOMAIN_MAP, TlsMap::MODE_READ); |
1676: | $key = "{$this->site_id}:{$hostname}"; |
1677: | return $map[$key] ?? null; |
1678: | } |
1679: | |
1680: | |
1681: | |
1682: | |
1683: | |
1684: | |
1685: | |
1686: | public function inventory_capture(array $sites = null): void { |
1687: | if (!$sites) { |
1688: | $sites = \Opcenter\Account\Enumerate::sites(); |
1689: | } |
1690: | $driver = new \Service\BulkCapture(new \Service\CaptureDevices\Chromedriver); |
1691: | foreach ($sites as $site) { |
1692: | $oldex = \Error_Reporter::exception_upgrade(\Error_Reporter::E_FATAL|\Error_Reporter::E_ERROR); |
1693: | try { |
1694: | $ctx = \Auth::context(null, $site); |
1695: | $afi = \apnscpFunctionInterceptor::factory($ctx); |
1696: | } catch (\apnscpException $e) { |
1697: | continue; |
1698: | } finally { |
1699: | \Error_Reporter::exception_upgrade($oldex); |
1700: | } |
1701: | |
1702: | if (!posix_getuid()) { |
1703: | |
1704: | $serviceRef = new \Opcenter\Http\Php\Fpm\StateRestore($ctx->site); |
1705: | } |
1706: | |
1707: | foreach ((new \Module\Support\Webapps\Finder($ctx))->getAllApplicationRoots() as $meta) { |
1708: | if (empty($meta['hostname'])) { |
1709: | continue; |
1710: | } |
1711: | |
1712: | debug('%(site)s: Capturing %(url)s (IP: %(ip)s)', [ |
1713: | 'site' => $ctx->site, |
1714: | 'url' => rtrim(implode('/', [$meta['hostname'], $meta['path']]), '/'), |
1715: | 'ip' => $afi->site_ip_address() |
1716: | ]); |
1717: | $driver->snap($meta['hostname'], $meta['path'], $afi->site_ip_address()); |
1718: | } |
1719: | |
1720: | } |
1721: | } |
1722: | |
1723: | |
1724: | |
1725: | |
1726: | |
1727: | |
1728: | |
1729: | |
1730: | |
1731: | |
1732: | |
1733: | public function capture(string $hostname, string $path = '', \Service\BulkCapture $service = null): bool |
1734: | { |
1735: | if (APNSCPD_HEADLESS) { |
1736: | return warn('Panel in headless mode'); |
1737: | } |
1738: | |
1739: | $hostname = strtolower($hostname); |
1740: | if (!$this->normalize_path($hostname, $path)) { |
1741: | return error("Site `%s/%s' is not hosted on account", $hostname, $path); |
1742: | } |
1743: | if (!$service) { |
1744: | $service = new \Service\BulkCapture(new \Service\CaptureDevices\Chromedriver); |
1745: | } |
1746: | return $service->snap($hostname, $path, $this->site_ip_address()); |
1747: | } |
1748: | |
1749: | public function _create_user(string $user) |
1750: | { |
1751: | |
1752: | } |
1753: | } |