Added fixes

11 months ago · 541da8c203
parent c4646bd8e8
commit 541da8c203
10 changed files with 5332 additions and 0 deletions
--- a/bin/v-package-hook-checks
+++ b/bin/v-package-hook-checks
@ -0,0 +1,26 @@
 #!/bin/bash
 # info: script for rpm package hook for correct rights checking
 # options: [NONE]
 #
 # This function check needed rights for stndar5d service configurations
 #----------------------------------------------------------#
 #                Variables & Functions                     #
 #----------------------------------------------------------#
 # Includes
 # shellcheck source=/etc/hestiacp/hestia.conf
 source /etc/hestiacp/hestia.conf
 # shellcheck source=/usr/local/hestia/func/main.sh
 source $HESTIA/func/main.sh
 # load config file
 source_conf "$HESTIA/conf/hestia.conf"
 # load config file
 source_conf "$HESTIA/install/upgrade/upgrade.conf"
 if [ -e /etc/ssh/sshd_config ]; then
    stat -c "%a" /etc/ssh/sshd_config | grep -E "[0-9][4-7][4-7]"
    if [ $? -ne 0 ]; then
        chmod go+r /etc/ssh/sshd_config
    fi
 fi
--- a/install/rpm/filemanager/filegator/backend/Services/Archiver/Adapters/HestiaZipArchiver.php
+++ b/install/rpm/filemanager/filegator/backend/Services/Archiver/Adapters/HestiaZipArchiver.php
@ -0,0 +1,48 @@
 <?php
 namespace Filegator\Services\Archiver\Adapters;
 use Filegator\Container\Container;
 use Filegator\Services\Archiver\ArchiverInterface;
 use Filegator\Services\Service;
 use Filegator\Services\Storage\Filesystem as Storage;
 use Filegator\Services\Tmpfs\TmpfsInterface;
 use function Hestiacp\quoteshellarg\quoteshellarg;
 class HestiaZipArchiver extends ZipArchiver implements Service, ArchiverInterface {
 	protected $container;
 	public function __construct(TmpfsInterface $tmpfs, Container $container) {
 		$this->tmpfs = $tmpfs;
 		$this->container = $container;
 	}
 	public function uncompress(string $source, string $destination, Storage $storage) {
 		$auth = $this->container->get("Filegator\Services\Auth\AuthInterface");
 		$v_user = basename($auth->user()->getUsername());
 		if (!strlen($v_user)) {
 			return;
 		}
 		if (strpos($source, "/home") === false) {
 			$source = "/home/$v_user/" . $source;
 		}
 		if (strpos($destination, "/home") === false) {
 			$destination = "/home/$v_user/" . $destination;
 		}
 		exec(
 			"sudo /usr/local/hestia/bin/v-extract-fs-archive " .
 				quoteshellarg($v_user) .
 				" " .
 				quoteshellarg($source) .
 				" " .
 				quoteshellarg($destination),
 			$output,
 			$return_var,
 		);
 	}
 }
--- a/install/rpm/filemanager/filegator/backend/Services/Auth/Adapters/HestiaAuth.php
+++ b/install/rpm/filemanager/filegator/backend/Services/Auth/Adapters/HestiaAuth.php
@ -0,0 +1,122 @@
 <?php
 /*
 * This file is part of the FileGator package.
 *
 * (c) Milos Stojanovic <alcalbg@gmail.com>
 *
 * For the full copyright and license information, please view the LICENSE file
 */
 namespace Filegator\Services\Auth\Adapters;
 use Filegator\Services\Auth\AuthInterface;
 use Filegator\Services\Auth\User;
 use Filegator\Services\Auth\UsersCollection;
 use Filegator\Services\Service;
 use function Hestiacp\quoteshellarg\quoteshellarg;
 /**
 * @codeCoverageIgnore
 */
 class HestiaAuth implements Service, AuthInterface {
 	protected $permissions = [];
 	protected $private_repos = false;
 	protected $hestia_user = "";
 	public function init(array $config = []) {
 		if (isset($_SESSION["user"])) {
 			$v_user = $_SESSION["user"];
 		}
 		if (!empty($_SESSION["look"])) {
 			if (isset($_SESSION["look"]) && $_SESSION["userContext"] === "admin") {
 				$v_user = $_SESSION["look"];
 			}
 			if (
 				$_SESSION["look"] == "admin" &&
 				$_SESSION["POLICY_SYSTEM_PROTECTED_ADMIN"] == "yes"
 			) {
 				// Go away do not login
 				header("Location: /");
 				exit();
 			}
 		}
 		$this->hestia_user = $v_user;
 		$this->permissions = isset($config["permissions"]) ? (array) $config["permissions"] : [];
 		$this->private_repos = isset($config["private_repos"])
 			? (bool) $config["private_repos"]
 			: false;
 	}
 	public function user(): ?User {
 		$cmd = "/usr/bin/sudo /usr/local/hestia/bin/v-list-user";
 		exec($cmd . " " . quoteshellarg($this->hestia_user) . " json", $output, $return_var);
 		if ($return_var == 0) {
 			$data = json_decode(implode("", $output), true);
 			$hestia_user_info = $data[$this->hestia_user];
 			return $this->transformUser($hestia_user_info);
 		}
 		return $this->getGuest();
 	}
 	public function transformUser($hstuser): User {
 		$user = new User();
 		$user->setUsername($this->hestia_user);
 		$user->setName($this->hestia_user . " (" . $hstuser["NAME"] . ")");
 		$user->setRole("user");
 		$user->setPermissions($this->permissions);
 		$user->setHomedir("/");
 		return $user;
 	}
 	public function authenticate($username, $password): bool {
 		# Auth is handled by Hestia
 		return false;
 	}
 	public function forget() {
 		// Logout return to Hestia
 		return $this->getGuest();
 	}
 	public function store(User $user) {
 		return null; // not used
 	}
 	public function update($username, User $user, $password = ""): User {
 		// Password change is handled by Hestia
 		return $this->user();
 	}
 	public function add(User $user, $password): User {
 		return new User(); // not used
 	}
 	public function delete(User $user) {
 		return true; // not used
 	}
 	public function find($username): ?User {
 		return null; // not used
 	}
 	public function allUsers(): UsersCollection {
 		return new UsersCollection(); // not used
 	}
 	public function getGuest(): User {
 		$guest = new User();
 		$guest->setUsername("guest");
 		$guest->setName("Guest");
 		$guest->setRole("guest");
 		$guest->setHomedir("/");
 		$guest->setPermissions([]);
 		return $guest;
 	}
 }
--- a/install/rpm/filemanager/filegator/backend/Services/Session/Adapters/SessionStorage.php
+++ b/install/rpm/filemanager/filegator/backend/Services/Session/Adapters/SessionStorage.php
@ -0,0 +1,64 @@
 <?php
 /*
 * This file is part of the FileGator package.
 *
 * (c) Milos Stojanovic <alcalbg@gmail.com>
 *
 * For the full copyright and license information, please view the LICENSE file
 */
 namespace Filegator\Services\Session\Adapters;
 use Filegator\Kernel\Request;
 use Filegator\Services\Service;
 use Filegator\Services\Session\Session;
 use Filegator\Services\Session\SessionStorageInterface;
 class SessionStorage implements Service, SessionStorageInterface {
 	protected $request;
 	protected $config;
 	public function __construct(Request $request) {
 		$this->request = $request;
 	}
 	public function init(array $config = []) {
 		// we don't have a previous session attached
 		if (!$this->getSession()) {
 			$handler = $config["handler"];
 			$session = new Session($handler());
 			//$session->setName('filegator');
 			$this->setSession($session);
 		}
 	}
 	public function save() {
 		$this->getSession()->save();
 	}
 	public function set(string $key, $data) {
 		return $this->getSession()->set($key, $data);
 	}
 	public function get(string $key, $default = null) {
 		return $this->getSession() ? $this->getSession()->get($key, $default) : $default;
 	}
 	public function invalidate() {
 		if (!$this->getSession()->isStarted()) {
 			$this->getSession()->start();
 		}
 		$this->getSession()->invalidate();
 	}
 	private function setSession(Session $session) {
 		return $this->request->setSession($session);
 	}
 	private function getSession(): ?Session {
 		return $this->request->getSession();
 	}
 }
--- a/install/rpm/filemanager/filegator/composer.json
+++ b/install/rpm/filemanager/filegator/composer.json
@ -0,0 +1,47 @@
 {
 	"name": "filegator/filegator",
 	"description": "Filegator",
 	"license": "MIT",
 	"type": "project",
 	"config": {
 		"platform": {
 			"php": "7.2.5"
 		}
 	},
 	"require": {
 		"php": "^7.2",
 		"monolog/monolog": "^1.24",
 		"nikic/fast-route": "^1.3",
 		"symfony/security-csrf": "^4.4",
 		"symfony/http-foundation": "^4.4",
 		"dibi/dibi": "^4.1",
 		"php-di/php-di": "^6.0",
 		"rakit/validation": "^1.1",
 		"league/flysystem": "^1.1",
 		"league/flysystem-ziparchive": "^1.0",
 		"league/flysystem-sftp": "^1.0",
 		"hestiacp/phpquoteshellarg": "^1.0"
 	},
 	"authors": [
 		{
 			"name": "Milos Stojanovic",
 			"email": "alcalbg@gmail.com"
 		}
 	],
 	"autoload": {
 		"psr-4": {
 			"Filegator\\": "backend"
 		}
 	},
 	"autoload-dev": {
 		"psr-4": {
 			"Tests\\": "tests/backend/"
 		}
 	},
 	"require-dev": {
 		"phpunit/phpunit": "^8.0",
 		"symfony/var-dumper": "^4.4",
 		"league/flysystem-memory": "^1.0",
 		"phpstan/phpstan": "^0.11.8"
 	}
 }
--- a/install/rpm/filemanager/filegator/composer.lock
+++ b/install/rpm/filemanager/filegator/composer.lock
--- a/install/rpm/filemanager/filegator/configuration.php
+++ b/install/rpm/filemanager/filegator/configuration.php
@ -0,0 +1,175 @@
 <?php
 use function Hestiacp\quoteshellarg\quoteshellarg;
 $dist_config = require __DIR__ . "/configuration_sample.php";
 $dist_config["public_path"] = "/fm/";
 $dist_config["frontend_config"]["app_name"] = "File Manager - Hestia Control Panel";
 $dist_config["frontend_config"]["logo"] = "../images/logo.svg";
 $dist_config["frontend_config"]["editable"] = [
 	".txt",
 	".css",
 	".js",
 	".ts",
 	".html",
 	".php",
 	".py",
 	".yml",
 	".xml",
 	".md",
 	".log",
 	".csv",
 	".conf",
 	".config",
 	".ini",
 	".scss",
 	".sh",
 	".env",
 	".example",
 	".htaccess",
 	".twig",
 	".tpl",
 	".yaml",
 ];
 $dist_config["frontend_config"]["guest_redirection"] = "/login/";
 $dist_config["frontend_config"]["upload_max_size"] = 1024 * 1024 * 1024;
 $dist_config["services"]["Filegator\Services\Storage\Filesystem"]["config"][
 	"adapter"
 ] = function () {
 	if (!empty($_SESSION["INACTIVE_SESSION_TIMEOUT"])) {
 		if ($_SESSION["INACTIVE_SESSION_TIMEOUT"] * 60 + $_SESSION["LAST_ACTIVITY"] < time()) {
 			$v_user = quoteshellarg($_SESSION["user"]);
 			$v_session_id = quoteshellarg($_SESSION["token"]);
 			exec(
 				"/usr/local/hestia/bin/v-log-user-logout " . $v_user . " " . $v_session_id,
 				$output,
 				$return_var,
 			);
 			unset($_SESSION);
 			session_unset();
 			session_destroy();
 			session_start();
 			echo '<meta http-equiv="refresh" content="0; url=/">';
 			exit();
 		} else {
 			$_SESSION["LAST_ACTIVITY"] = time();
 		}
 	} else {
 		echo '<meta http-equiv="refresh" content="0; url=/">';
 	}
 	if (isset($_SESSION["user"])) {
 		$v_user = $_SESSION["user"];
 	}
 	if (!empty($_SESSION["look"])) {
 		if (isset($_SESSION["look"]) && $_SESSION["userContext"] === "admin") {
 			$v_user = $_SESSION["look"];
 		}
 		if (
 			isset($_SESSION["look"]) &&
 			$_SESSION["look"] == "admin" &&
 			$_SESSION["POLICY_SYSTEM_PROTECTED_ADMIN"] == "yes"
 		) {
 			header("Location: /");
 		}
 	}
 	# Create filemanager sftp key if missing and trash it after 30 min
 	if (!file_exists("/home/" . basename($v_user) . "/.ssh/hst-filemanager-key")) {
 		exec(
 			"sudo /usr/local/hestia/bin/v-add-user-sftp-key " .
 				quoteshellarg(basename($v_user)) .
 				" 30",
 			$output,
 			$return_var,
 		);
 		// filemanager also requires .ssh chmod o+x ... hopefully we can improve it to g+x or u+x someday
 		// current minimum for filemanager: chmod 0701 .ssh
 		shell_exec("sudo chmod o+x " . quoteshellarg("/home/" . basename($v_user) . "/.ssh"));
 	}
 	if (!isset($_SESSION["SFTP_PORT"])) {
 		exec("sudo /usr/local/hestia/bin/v-list-sys-sshd-port json", $output, $result);
 		$port = json_decode(implode("", $output));
 		if (is_numeric($port[0]) && $port[0] > 0) {
 			$_SESSION["SFTP_PORT"] = $port[0];
 		} elseif (
 			preg_match('/^\s*Port\s+(\d+)$/im', file_get_contents("/etc/ssh/sshd_config"), $matches)
 		) {
 			$_SESSION["SFTP_PORT"] = $matches[1] ?? 22;
 		} else {
 			$_SESSION["SFTP_PORT"] = 22;
 		}
 	}
 	preg_match(
 		'/(Hestia SFTP Chroot\nMatch User)(.*)/i',
 		file_get_contents("/etc/ssh/sshd_config"),
 		$matches,
 	);
 	$user_list = explode(",", $matches[2]);
 	if (in_array($v_user, $user_list)) {
 		$root = "/";
 	} else {
 		$root = "/home/" . $v_user;
 	}
 	return new \League\Flysystem\Sftp\SftpAdapter([
 		"host" => "127.0.0.1",
 		"port" => intval($_SESSION["SFTP_PORT"]),
 		"username" => basename($v_user),
 		"privateKey" => "/home/" . basename($v_user) . "/.ssh/hst-filemanager-key",
 		"root" => $root,
 		"timeout" => 10,
 		"directoryPerm" => 0755,
 	]);
 };
 $dist_config["services"]["Filegator\Services\Archiver\ArchiverInterface"] = [
 	"handler" => "\Filegator\Services\Archiver\Adapters\HestiaZipArchiver",
 	"config" => [],
 ];
 $dist_config["services"]["Filegator\Services\Auth\AuthInterface"] = [
 	"handler" => "\Filegator\Services\Auth\Adapters\HestiaAuth",
 	"config" => [
 		"permissions" => ["read", "write", "upload", "download", "batchdownload", "zip"],
 		"private_repos" => false,
 	],
 ];
 $dist_config["services"]["Filegator\Services\View\ViewInterface"]["config"] = [
 	"add_to_head" => '
    <style>
        .logo {
            width: 46px;
        }
    </style>
    ',
 	"add_to_body" => '
 <script>
    var checkVueLoaded = setInterval(function() {
        if (document.getElementsByClassName("container").length) {
            clearInterval(checkVueLoaded);
            var navProfile = document.getElementsByClassName("navbar-item profile")[0]; navProfile.replaceWith(navProfile.cloneNode(true))
            document.getElementsByClassName("navbar-item logout")[0].text="Exit to Control Panel \u00BB";
            div = document.getElementsByClassName("container")[0];
            callback = function(){
                if (document.getElementsByClassName("navbar-item logout")[0]){
                    if ( document.getElementsByClassName("navbar-item logout")[0].text != "Exit to Control Panel \u00BB" ){
                        var navProfile = document.getElementsByClassName("navbar-item profile")[0]; navProfile.replaceWith(navProfile.cloneNode(true))
                        document.getElementsByClassName("navbar-item logout")[0].text="Exit to Control Panel \u00BB";
                    }
                }
            }
            config = {
                childList:true,
                subtree:true
            }
            observer = new MutationObserver(callback);
            observer.observe(div,config);
        }
    }, 200);
 </script>',
 ];
 return $dist_config;
--- a/install/rpm/filemanager/install-fm.sh
+++ b/install/rpm/filemanager/install-fm.sh
@ -0,0 +1,71 @@
 #!/bin/bash
 # Checking root permissions
 if [ "x$(id -u)" != 'x0' ]; then
 	echo "Error: Script can be run executed only by root"
 	exit 10
 fi
 if [ -z "$HESTIA" ]; then
 	HESTIA="/usr/local/hestia"
 fi
 user='admin'
 fm_error='no'
 source $HESTIA/func/main.sh
 source $HESTIA/install/upgrade/upgrade.conf
 if [ -z "$HOMEDIR" ] || [ -z "$HESTIA_INSTALL_DIR" ]; then
 	echo "Error: Hestia environment vars not present"
 	exit 2
 fi
 FM_INSTALL_DIR="$HESTIA/web/fm"
 FM_FILE="filegator_latest"
 FM_URL="https://github.com/filegator/static/raw/master/builds/filegator_latest.zip"
 COMPOSER_BIN="$HOMEDIR/$user/.composer/composer"
 if [ ! -f "$COMPOSER_BIN" ]; then
 	$BIN/v-add-user-composer "$user"
 	if [ $? -ne 0 ]; then
 		$BIN/v-add-user-notification admin 'Composer installation failed!' '<p class="u-text-bold">The File Manager will not work without Composer.</p><p>Please try running the installer from a shell session:<br><code>bash $HESTIA/install/deb/filemanager/install-fm.sh</code></p><p>If this issue continues, please <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a>.</p>'
 		fm_error='yes'
 	fi
 fi
 if [ "$fm_error" != "yes" ]; then
 	rm --recursive --force "$FM_INSTALL_DIR"
 	mkdir -p "$FM_INSTALL_DIR"
 	cd "$FM_INSTALL_DIR"
 	[ ! -f "${FM_INSTALL_DIR}/${FM_FILE}" ] && wget "$FM_URL" --quiet -O "${FM_INSTALL_DIR}/${FM_FILE}.zip"
 	unzip -qq "${FM_INSTALL_DIR}/${FM_FILE}.zip"
 	mv --force ${FM_INSTALL_DIR}/filegator/* "${FM_INSTALL_DIR}"
 	rm --recursive --force ${FM_INSTALL_DIR}/${FM_FILE}
 	[[ -f "${FM_INSTALL_DIR}/${FM_FILE}" ]] && rm "${FM_INSTALL_DIR}/${FM_FILE}"
 	cp --recursive --force ${HESTIA_INSTALL_DIR}/filemanager/filegator/* "${FM_INSTALL_DIR}"
 	chown $user: -R "${FM_INSTALL_DIR}"
 	# Check if php7.3 is available and run the installer
 	if [ -f "/usr/bin/php7.3" ]; then
 		COMPOSER_HOME="$HOMEDIR/$user/.config/composer" user_exec /usr/bin/php7.3 $COMPOSER_BIN --quiet --no-dev install
 		if [ $? -ne 0 ]; then
 			$BIN/v-add-user-notification admin 'File Manager installation failed!' '<p>Please try running the installer from a shell session:<br><code>bash $HESTIA/install/deb/filemanager/install-fm.sh</code></p><p>If this issue continues, please <a href="https://github.com/hestiacp/hestiacp/issues" target="_blank">open an issue on GitHub</a>.</p>'
 			fm_error="yes"
 		fi
 	else
 		$BIN/v-add-user-notification admin 'File Manager installation failed!' '<p class="u-text-bold">Unable to proceed with installation of File Manager.</p><p>Package <span class="u-text-bold">php7.3-cli</span> is missing from your system. Please check your PHP installation and environment settings.</p>'
 		fm_error="yes"
 	fi
 	if [ "$fm_error" != "yes" ]; then
 		chown root: -R "${FM_INSTALL_DIR}"
 		chown $user: "${FM_INSTALL_DIR}/private"
 		chown $user: "${FM_INSTALL_DIR}/private/logs"
 		chown $user: "${FM_INSTALL_DIR}/repository"
 	fi
 fi
--- a/src/rpm/hestia/hestia.spec
+++ b/src/rpm/hestia/hestia.spec
@ -163,6 +163,12 @@ fi
 %postun
 %systemd_postun_with_restart hestia.service
 %triggerin -- openssh-server
 /usr/local/hestia/bin/v-package-hook-checks
 %posttrans
 /usr/local/hestia/bin/v-package-hook-checks
 %files
 %defattr(-,root,root)
 %attr(755,root,root) /usr/local/hestia
--- a/src/rpm/php/php-fpm.conf
+++ b/src/rpm/php/php-fpm.conf
@ -41,3 +41,5 @@ php_admin_value[upload_max_filesize] = 256M
 php_admin_value[max_execution_time] = 300
 php_admin_value[max_input_time] = 300
 php_admin_value[session.save_path] = /usr/local/hestia/data/sessions
 php_admin_value[open_basedir] = /usr/local/hestia/:/tmp/:/dev/:/home/:/etc/ssh/:/backup/:/var/tmp/