From 1e5ac9b3fc91fbb4aeeef4faecd453e64e01227e Mon Sep 17 00:00:00 2001 From: billz Date: Wed, 13 Sep 2023 21:26:19 +0200 Subject: [PATCH 01/11] Apply patch from RaspAP/raspap-insiders#209 --- .gitignore | 1 + ajax/bandwidth/get_bandwidth.php | 6 -- app/lib/Auth.php | 136 +++++++++++++++++++++++++++++++ includes/admin.php | 13 ++- includes/authenticate.php | 24 ++---- includes/functions.php | 4 +- index.php | 7 +- raspap.php | 19 ----- templates/admin.php | 27 ++++-- 9 files changed, 184 insertions(+), 53 deletions(-) create mode 100644 app/lib/Auth.php delete mode 100755 raspap.php diff --git a/.gitignore b/.gitignore index 1dd450a5b..a2a77b495 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ yarn-error.log *.swp includes/config.php rootCA.pem +vendor diff --git a/ajax/bandwidth/get_bandwidth.php b/ajax/bandwidth/get_bandwidth.php index 4fcf80570..70e9b8822 100644 --- a/ajax/bandwidth/get_bandwidth.php +++ b/ajax/bandwidth/get_bandwidth.php @@ -3,12 +3,6 @@ require '../../includes/csrf.php'; require_once '../../includes/config.php'; -require_once RASPI_CONFIG.'/raspap.php'; - -header('X-Frame-Options: DENY'); -header("Content-Security-Policy: default-src 'none'; connect-src 'self'"); -require_once '../../includes/authenticate.php'; - $interface = filter_input(INPUT_GET, 'inet', FILTER_SANITIZE_SPECIAL_CHARS); if (empty($interface)) { diff --git a/app/lib/Auth.php b/app/lib/Auth.php new file mode 100644 index 000000000..5e85d3df5 --- /dev/null +++ b/app/lib/Auth.php @@ -0,0 +1,136 @@ + + * @license https://github.com/raspap/raspap-webgui/blob/master/LICENSE + * @see https://www.php.net/manual/en/features.http-auth.php + */ + +declare(strict_types=1); + +namespace RaspAP\Authenticate; + +class HTTPAuth +{ + + /** + * @var string $realm + */ + public $realm = 'Authentication Required'; + + /** + * Stored login credentials + * @var array $auth_config + */ + protected $auth_config; + + /** + * Default login credentials + * @var array $auth_default + */ + private $auth_default = array( + 'admin_user' => 'admin', + 'admin_pass' => '$2y$10$YKIyWAmnQLtiJAy6QgHQ.eCpY4m.HCEbiHaTgN6.acNC6bDElzt.i' + ); + + // Constructor + public function __construct() + { + $this->auth_config = $this->getAuthConfig(); + } + + /* + * Determines if user is logged in + * return boolean + */ + public function isLogged() + { + return isset($_SESSION['user_id']); + } + + /* + * Authenticate a user using HTTP basic auth + */ + public function authenticate() + { + if (!$this->isLogged()) { + header('HTTP/1.0 401 Unauthorized'); + header('WWW-Authenticate: Basic realm="'.$this->realm.'"'); + if (function_exists('http_response_code')) { + // http_response_code will respond with proper HTTP version + http_response_code(401); + } else { + header('HTTP/1.0 401 Unauthorized'); + } + exit('Not authorized'.PHP_EOL); + } + } + + /* + * Attempt to login a user with supplied credentials + * @var string $user + * @var string $pass + * return boolean + */ + public function login(string $user, string $pass) + { + if ($this->isValidCredentials($user, $pass)) { + $_SESSION['user_id'] = $user; + return true; + } + return false; + } + + /* + * Gets the current authentication config + * return array $config + */ + public function getAuthConfig() + { + $config = $this->auth_default; + + if (file_exists(RASPI_CONFIG . '/raspap.auth')) { + if ($auth_details = fopen(RASPI_CONFIG . '/raspap.auth', 'r')) { + $config['admin_user'] = trim(fgets($auth_details)); + $config['admin_pass'] = trim(fgets($auth_details)); + fclose($auth_details); + } + } + return $config; + } + + /* + * Validates a set of credentials + * @var string $user + * @var string $pass + * return boolean + */ + protected function isValidCredentials(string $user, string $pass) + { + return $this->validateUser($user) && $this->validatePassword($pass); + } + + /** + * Validates a user + * + * @param string $user + */ + protected function validateUser(string $user) + { + return $user == $this->auth_config['admin_user']; + } + + /** + * Validates a password + * + * @param string $pass + */ + protected function validatePassword(string $pass) + { + return password_verify($pass, $this->auth_config['admin_pass']); + } + +} diff --git a/includes/admin.php b/includes/admin.php index ffe32e77e..68fec422c 100755 --- a/includes/admin.php +++ b/includes/admin.php @@ -2,9 +2,13 @@ require_once 'includes/status_messages.php'; -function DisplayAuthConfig($username, $password) +function DisplayAuthConfig($username) { $status = new StatusMessages(); + $auth = new \RaspAP\Authenticate\HTTPAuth; + $config = $auth->getAuthConfig(); + $password = $config['admin_pass']; + if (isset($_POST['UpdateAdminPassword'])) { if (password_verify($_POST['oldpass'], $password)) { $new_username=trim($_POST['username']); @@ -33,5 +37,10 @@ function DisplayAuthConfig($username, $password) } } - echo renderTemplate("admin", compact("status", "username")); + echo renderTemplate( + "admin", compact( + "status", + "username" + ) + ); } diff --git a/includes/authenticate.php b/includes/authenticate.php index 3059ff42b..3f676be58 100755 --- a/includes/authenticate.php +++ b/includes/authenticate.php @@ -1,22 +1,16 @@ isLogged()) { + if ($auth->login($user, $pass)) { + $config = $auth->getAuthConfig(); } else { - header('HTTP/1.0 401 Unauthorized'); + $auth->authenticate(); } - exit('Not authorized'.PHP_EOL); } -} else { - $validated = true; } diff --git a/includes/functions.php b/includes/functions.php index ca264ff76..3b44b1e4f 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -668,6 +668,7 @@ function getThemeOpt() { if (!isset($_COOKIE['theme'])) { $theme = "custom.php"; + setcookie('theme', $theme); } else { $theme = $_COOKIE['theme']; } @@ -680,6 +681,7 @@ function getColorOpt() $color = "#2b8080"; } else { $color = $_COOKIE['color']; + setcookie('color', $color); } return $color; } @@ -737,7 +739,7 @@ function validate_host($host) // @return boolean function getNightmode() { - if ($_COOKIE['theme'] == 'lightsout.css') { + if (isset($_COOKIE['theme']) && $_COOKIE['theme'] == 'lightsout.css') { return true; } else { return false; diff --git a/index.php b/index.php index 96a45900b..a10faa67b 100755 --- a/index.php +++ b/index.php @@ -27,8 +27,8 @@ ensureCSRFSessionToken(); require_once 'includes/config.php'; +require_once 'app/lib/Auth.php'; require_once 'includes/defaults.php'; -require_once RASPI_CONFIG.'/raspap.php'; require_once 'includes/locale.php'; require_once 'includes/functions.php'; require_once 'includes/dashboard.php'; @@ -47,7 +47,6 @@ require_once 'includes/wireguard.php'; require_once 'includes/torproxy.php'; -$config = getConfig(); $output = $return = 0; $page = $_SERVER['PATH_INFO']; @@ -232,7 +231,7 @@ @@ -276,7 +275,7 @@ DisplayTorProxyConfig(); break; case "/auth_conf": - DisplayAuthConfig($config['admin_user'], $config['admin_pass']); + DisplayAuthConfig($_SESSION['user_id']); break; case "/save_hostapd_conf": SaveTORAndVPNConfig(); diff --git a/raspap.php b/raspap.php deleted file mode 100755 index e45e3eb4d..000000000 --- a/raspap.php +++ /dev/null @@ -1,19 +0,0 @@ - 'admin', - 'admin_pass' => '$2y$10$YKIyWAmnQLtiJAy6QgHQ.eCpY4m.HCEbiHaTgN6.acNC6bDElzt.i' - ); - - if (file_exists(RASPI_CONFIG . '/raspap.auth')) { - if ($auth_details = fopen(RASPI_CONFIG . '/raspap.auth', 'r')) { - $config['admin_user'] = trim(fgets($auth_details)); - $config['admin_pass'] = trim(fgets($auth_details)); - fclose($auth_details); - } - } - return $config; -} - diff --git a/templates/admin.php b/templates/admin.php index f6ea44c27..490a71f68 100755 --- a/templates/admin.php +++ b/templates/admin.php @@ -21,20 +21,35 @@
- - +
+
+ +
+ +
+
- - +
+
+ +
+ +
+
- - +
+
+ +
+ +
+
" /> From 1347cd7bfaf6830765953d3956828bdca16d2d23 Mon Sep 17 00:00:00 2001 From: billz Date: Wed, 13 Sep 2023 21:34:12 +0200 Subject: [PATCH 02/11] Swap fas hide/show icons --- templates/admin.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/admin.php b/templates/admin.php index 490a71f68..d074a10dd 100755 --- a/templates/admin.php +++ b/templates/admin.php @@ -25,7 +25,7 @@
- +
@@ -36,7 +36,7 @@
- +
@@ -47,7 +47,7 @@
- +
From 8044bc8cb1751c54876af4cd782ac09a3e131662 Mon Sep 17 00:00:00 2001 From: billz Date: Wed, 13 Sep 2023 21:45:12 +0200 Subject: [PATCH 03/11] Minor: untabify --- templates/admin.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/admin.php b/templates/admin.php index d074a10dd..ee6543b48 100755 --- a/templates/admin.php +++ b/templates/admin.php @@ -25,7 +25,7 @@
- +
@@ -36,7 +36,7 @@
- +
@@ -47,7 +47,7 @@
- +
From f9d27e3bae80d089a98a547bbd5212f588c11350 Mon Sep 17 00:00:00 2001 From: billz Date: Thu, 14 Sep 2023 15:14:02 +0200 Subject: [PATCH 04/11] Reorg index components into includes --- includes/functions.php | 7 ++ includes/navbar.php | 23 +++++ includes/page_actions.php | 57 +++++++++++ includes/sidebar.php | 103 ++++++++++++++++++++ index.php | 193 ++------------------------------------ 5 files changed, 198 insertions(+), 185 deletions(-) create mode 100755 includes/navbar.php create mode 100755 includes/page_actions.php create mode 100755 includes/sidebar.php diff --git a/includes/functions.php b/includes/functions.php index 3b44b1e4f..f42dd1225 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -664,6 +664,13 @@ function formatDateAgo($datetime, $full = false) return $string ? implode(', ', $string) . ' ago' : 'just now'; } +function initializeApp() +{ + $_SESSION["theme_url"] = getThemeOpt(); + $_SESSION["toggleState"] = getSidebarState(); + $_SESSION["bridgedEnabled"] = getBridgedState(); +} + function getThemeOpt() { if (!isset($_COOKIE['theme'])) { diff --git a/includes/navbar.php b/includes/navbar.php new file mode 100755 index 000000000..511bf5157 --- /dev/null +++ b/includes/navbar.php @@ -0,0 +1,23 @@ + diff --git a/includes/page_actions.php b/includes/page_actions.php new file mode 100755 index 000000000..f97bc5d16 --- /dev/null +++ b/includes/page_actions.php @@ -0,0 +1,57 @@ + diff --git a/includes/sidebar.php b/includes/sidebar.php new file mode 100755 index 000000000..299f4bb55 --- /dev/null +++ b/includes/sidebar.php @@ -0,0 +1,103 @@ + diff --git a/index.php b/index.php index a10faa67b..7af261922 100755 --- a/index.php +++ b/index.php @@ -47,14 +47,9 @@ require_once 'includes/wireguard.php'; require_once 'includes/torproxy.php'; -$output = $return = 0; -$page = $_SERVER['PATH_INFO']; - -$theme_url = getThemeOpt(); -$toggleState = getSidebarState(); -$bridgedEnabled = getBridgedState(); - -?> +initializeApp(); +?> + @@ -85,8 +80,7 @@ - - + " title="main" rel="stylesheet"> @@ -108,101 +102,8 @@
- - + +
@@ -210,89 +111,11 @@
- +
- +
From 8ff2a89cac948992dc5f3f5e2caac3724c4acfe0 Mon Sep 17 00:00:00 2001 From: billz Date: Thu, 14 Sep 2023 19:47:37 +0200 Subject: [PATCH 05/11] Update sidebar items, formatting + bump reported php-cgi version --- includes/sidebar.php | 60 ++++++++++++++++++-------------------------- index.php | 2 +- 2 files changed, 26 insertions(+), 36 deletions(-) diff --git a/includes/sidebar.php b/includes/sidebar.php index 299f4bb55..ada2a0b0d 100755 --- a/includes/sidebar.php +++ b/includes/sidebar.php @@ -25,71 +25,61 @@ - + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - + + - - - - - - - - + + - - - - + + diff --git a/index.php b/index.php index 7af261922..b0cd670eb 100755 --- a/index.php +++ b/index.php @@ -8,7 +8,7 @@ * Recommended distribution is Raspberry Pi OS (64-bit) Lite. Specific instructions to install the supported software are * in the README and original post by @SirLagz. For a quick run through, the packages required for the WebGUI are: * lighttpd (version 1.4.59 installed via apt) - * php-cgi (version 7.4.28 installed via apt) + * php-cgi (version 7.4.33 installed via apt) * along with their supporting packages, php7.3 will also need to be enabled. * * @author Lawrence Yau From 66b3b20bf4be215cf2848a58656ccf5c79ca9f6a Mon Sep 17 00:00:00 2001 From: billz Date: Thu, 14 Sep 2023 19:56:36 +0200 Subject: [PATCH 06/11] Update ajax post data w/ csrf_token --- app/js/custom.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/app/js/custom.js b/app/js/custom.js index d3fb9b3b0..1fd9f0dcd 100644 --- a/app/js/custom.js +++ b/app/js/custom.js @@ -18,7 +18,8 @@ function createNetmaskAddr(bitCount) { } function loadSummary(strInterface) { - $.post('ajax/networking/get_ip_summary.php',{interface:strInterface},function(data){ + var csrfToken = $('meta[name=csrf_token]').attr('content'); + $.post('ajax/networking/get_ip_summary.php',{'interface': strInterface, 'csrf_token': csrfToken},function(data){ jsonData = JSON.parse(data); if(jsonData['return'] == 0) { $('#'+strInterface+'-summary').html(jsonData['output'].join('
')); @@ -419,11 +420,12 @@ function loadChannelSelect(selected) { function setHardwareModeTooltip() { var iface = $('#cbxinterface').val(); var hwmodeText = ''; + var csrfToken = $('meta[name=csrf_token]').attr('content'); // Explanatory text if 802.11ac is disabled if ($('#cbxhwmode').find('option[value="ac"]').prop('disabled') == true ) { var hwmodeText = $('#hwmode').attr('data-tooltip'); } - $.post('ajax/networking/get_frequencies.php?',{'interface': iface},function(data){ + $.post('ajax/networking/get_frequencies.php?',{'interface': iface, 'csrf_token': csrfToken},function(data){ var responseText = JSON.parse(data); $('#tiphwmode').attr('data-original-title', responseText + '\n' + hwmodeText ); }); From 0116d874459ab4fde510ad45eeb2ca3c6f7d1b00 Mon Sep 17 00:00:00 2001 From: billz Date: Fri, 15 Sep 2023 20:02:37 +0200 Subject: [PATCH 07/11] Create loadFooterScripts(), update page_actions + formatting --- includes/functions.php | 12 ++++++++ includes/page_actions.php | 11 ++----- index.php | 61 ++++++++++++++++----------------------- 3 files changed, 40 insertions(+), 44 deletions(-) diff --git a/includes/functions.php b/includes/functions.php index f42dd1225..24a42f158 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -819,3 +819,15 @@ function getTooltip($msg, $id, $visible = true, $data_html = false) echo ''; } +// Load non default JS/ECMAScript in footer +function loadFooterScripts($extraFooterScripts) +{ + foreach ($extraFooterScripts as $script) { + echo '' , PHP_EOL; + } +} + diff --git a/includes/page_actions.php b/includes/page_actions.php index f97bc5d16..b460dd438 100755 --- a/includes/page_actions.php +++ b/includes/page_actions.php @@ -13,7 +13,7 @@ DisplayWPAConfig(); break; case "/network_conf": - DisplayNetworkingConfig($extraFooterScripts); + DisplayNetworkingConfig(); break; case "/hostapd_conf": DisplayHostAPDConfig(); @@ -30,12 +30,6 @@ case "/torproxy_conf": DisplayTorProxyConfig(); break; - case "/firewall_conf": - DisplayFirewallConfig(); - break; - case "/ddclient_conf": - DisplayDDClientConfig(); - break; case "/auth_conf": DisplayAuthConfig($_SESSION['user_id']); break; @@ -54,4 +48,5 @@ default: DisplayDashboard($extraFooterScripts); } - ?> + ?> + diff --git a/index.php b/index.php index b0cd670eb..1da42e063 100755 --- a/index.php +++ b/index.php @@ -4,12 +4,12 @@ * Raspbian WiFi Configuration Portal (RaspAP) * * Simple AP setup & WiFi management for Debian-based devices. - * Enables use of simple web interface rather than SSH to control WiFi and related services on the Raspberry Pi. + * Enables use of simple web interface rather than SSH to control WiFi and related services on the Raspberry Pi. * Recommended distribution is Raspberry Pi OS (64-bit) Lite. Specific instructions to install the supported software are * in the README and original post by @SirLagz. For a quick run through, the packages required for the WebGUI are: * lighttpd (version 1.4.59 installed via apt) * php-cgi (version 7.4.33 installed via apt) - * along with their supporting packages, php7.3 will also need to be enabled. + * along with their supporting packages, php7.4 will also need to be enabled. * * @author Lawrence Yau * @author Bill Zimmerman @@ -104,30 +104,28 @@ - - -
- - -
- - - - -
- -
-
- -
-
- -
-
- -
+ +
+ +
+ + + + +
+ +
+
+ +
+
+ +
+
+ +
@@ -152,15 +150,6 @@ - ' , PHP_EOL; - } - ?> + From 93166171db6e813fe2a5e255092f3f2ad94799e8 Mon Sep 17 00:00:00 2001 From: billz Date: Sat, 16 Sep 2023 10:39:14 +0200 Subject: [PATCH 08/11] Update additional ajax posts w/ csrf_token --- app/js/custom.js | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/app/js/custom.js b/app/js/custom.js index 1fd9f0dcd..c18ea8cef 100644 --- a/app/js/custom.js +++ b/app/js/custom.js @@ -123,21 +123,24 @@ $(document).on("click", "#gen_wpa_passphrase", function(e) { }); $(document).on("click", "#js-clearhostapd-log", function(e) { - $.post('ajax/logging/clearlog.php?',{'logfile':'/tmp/hostapd.log'},function(data){ + var csrfToken = $('meta[name=csrf_token]').attr('content'); + $.post('ajax/logging/clearlog.php?',{'logfile':'/tmp/hostapd.log', 'csrf_token': csrfToken},function(data){ jsonData = JSON.parse(data); $("#hostapd-log").val(""); }); }); $(document).on("click", "#js-cleardnsmasq-log", function(e) { - $.post('ajax/logging/clearlog.php?',{'logfile':'/var/log/dnsmasq.log'},function(data){ + var csrfToken = $('meta[name=csrf_token]').attr('content'); + $.post('ajax/logging/clearlog.php?',{'logfile':'/var/log/dnsmasq.log', 'csrf_token': csrfToken},function(data){ jsonData = JSON.parse(data); $("#dnsmasq-log").val(""); }); }); $(document).on("click", "#js-clearopenvpn-log", function(e) { - $.post('ajax/logging/clearlog.php?',{'logfile':'/tmp/openvpn.log'},function(data){ + var csrfToken = $('meta[name=csrf_token]').attr('content'); + $.post('ajax/logging/clearlog.php?',{'logfile':'/tmp/openvpn.log', 'csrf_token': csrfToken},function(data){ jsonData = JSON.parse(data); $("#openvpn-log").val(""); }); @@ -287,7 +290,8 @@ $('#configureClientModal').on('shown.bs.modal', function (e) { $('#ovpn-confirm-delete').on('click', '.btn-delete', function (e) { var cfg_id = $(this).data('recordId'); - $.post('ajax/openvpn/del_ovpncfg.php',{'cfg_id':cfg_id},function(data){ + var csrfToken = $('meta[name=csrf_token]').attr('content'); + $.post('ajax/openvpn/del_ovpncfg.php',{'cfg_id':cfg_id, 'csrf_token': csrfToken},function(data){ jsonData = JSON.parse(data); $("#ovpn-confirm-delete").modal('hide'); var row = $(document.getElementById("openvpn-client-row-" + cfg_id)); @@ -304,7 +308,8 @@ $('#ovpn-confirm-delete').on('show.bs.modal', function (e) { $('#ovpn-confirm-activate').on('click', '.btn-activate', function (e) { var cfg_id = $(this).data('record-id'); - $.post('ajax/openvpn/activate_ovpncfg.php',{'cfg_id':cfg_id},function(data){ + var csrfToken = $('meta[name=csrf_token]').attr('content'); + $.post('ajax/openvpn/activate_ovpncfg.php',{'cfg_id':cfg_id, 'csrf_token': csrfToken},function(data){ jsonData = JSON.parse(data); $("#ovpn-confirm-activate").modal('hide'); setTimeout(function(){ @@ -437,10 +442,11 @@ function setHardwareModeTooltip() { */ function updateBlocklist() { var blocklist_id = $('#cbxblocklist').val(); + var csrfToken = $('meta[name=csrf_token]').attr('content'); if (blocklist_id == '') { return; } $('#cbxblocklist-status').find('i').removeClass('fas fa-check').addClass('fas fa-cog fa-spin'); $('#cbxblocklist-status').removeClass('check-hidden').addClass('check-progress'); - $.post('ajax/adblock/update_blocklist.php',{ 'blocklist_id':blocklist_id },function(data){ + $.post('ajax/adblock/update_blocklist.php',{ 'blocklist_id':blocklist_id, 'csrf_token': csrfToken},function(data){ var jsonData = JSON.parse(data); if (jsonData['return'] == '0') { $('#cbxblocklist-status').find('i').removeClass('fas fa-cog fa-spin').addClass('fas fa-check'); @@ -459,7 +465,8 @@ $('.wg-keygen').click(function(){ var entity_pub = $(this).parent('div').prev('input[type="text"]'); var entity_priv = $(this).parent('div').next('input[type="hidden"]'); var updated = entity_pub.attr('name')+"-pubkey-status"; - $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name') },function(data){ + var csrfToken = $('meta[name=csrf_token]').attr('content'); + $.post('ajax/networking/get_wgkey.php',{'entity':entity_pub.attr('name'), 'csrf_token': csrfToken},function(data){ var jsonData = JSON.parse(data); entity_pub.val(jsonData.pubkey); $('#' + updated).removeClass('check-hidden').addClass('check-updated').delay(500).animate({ opacity: 1 }, 700); From c2d740ef44fe34b676d7e5607dd7976c651e5b7e Mon Sep 17 00:00:00 2001 From: billz Date: Sat, 16 Sep 2023 10:43:05 +0200 Subject: [PATCH 09/11] Implement PSR-4 compliant class autoloader --- includes/admin.php | 2 +- includes/authenticate.php | 2 +- includes/autoload.php | 41 ++++++++++++ includes/hostapd.php | 1 - includes/openvpn.php | 3 +- includes/sysstats.php | 2 - includes/system.php | 64 ++----------------- includes/wireguard.php | 2 +- index.php | 2 +- .../Auth.php => src/RaspAP/Auth/HTTPAuth.php | 2 +- .../RaspAP/System/Sysinfo.php | 59 ++++++++++++++++- .../RaspAP/Uploader/FileUpload.php | 6 +- templates/system/basic.php | 2 +- 13 files changed, 112 insertions(+), 76 deletions(-) create mode 100755 includes/autoload.php rename app/lib/Auth.php => src/RaspAP/Auth/HTTPAuth.php (99%) mode change 100644 => 100755 rename app/lib/system.php => src/RaspAP/System/Sysinfo.php (52%) mode change 100644 => 100755 rename app/lib/uploader.php => src/RaspAP/Uploader/FileUpload.php (99%) mode change 100644 => 100755 diff --git a/includes/admin.php b/includes/admin.php index 68fec422c..e3227db32 100755 --- a/includes/admin.php +++ b/includes/admin.php @@ -5,7 +5,7 @@ function DisplayAuthConfig($username) { $status = new StatusMessages(); - $auth = new \RaspAP\Authenticate\HTTPAuth; + $auth = new \RaspAP\Auth\HTTPAuth; $config = $auth->getAuthConfig(); $password = $config['admin_pass']; diff --git a/includes/authenticate.php b/includes/authenticate.php index 3f676be58..bceac97dd 100755 --- a/includes/authenticate.php +++ b/includes/authenticate.php @@ -4,7 +4,7 @@ $user = $_SERVER['PHP_AUTH_USER'] ?? ''; $pass = $_SERVER['PHP_AUTH_PW'] ?? ''; - $auth = new \RaspAP\Authenticate\HTTPAuth; + $auth = new \RaspAP\Auth\HTTPAuth; if (!$auth->isLogged()) { if ($auth->login($user, $pass)) { diff --git a/includes/autoload.php b/includes/autoload.php new file mode 100755 index 000000000..d39bd0c91 --- /dev/null +++ b/includes/autoload.php @@ -0,0 +1,41 @@ +set_max_file_size(64*KB); $upload->set_allowed_mime_types(array('ovpn' => 'text/plain')); $upload->file($file); diff --git a/includes/sysstats.php b/includes/sysstats.php index 5122c91ce..2f567a8b1 100755 --- a/includes/sysstats.php +++ b/includes/sysstats.php @@ -1,7 +1,5 @@ hostname(); diff --git a/includes/system.php b/includes/system.php index 3babf0c5a..26822ae86 100755 --- a/includes/system.php +++ b/includes/system.php @@ -3,64 +3,6 @@ require_once 'includes/status_messages.php'; require_once 'includes/functions.php'; require_once 'config.php'; -require_once 'app/lib/system.php'; - -/** - * Find the version of the Raspberry Pi - * Currently only used for the system information page but may useful elsewhere - */ - -function RPiVersion() -{ - // Lookup table from http://www.raspberrypi-spy.co.uk/2012/09/checking-your-raspberry-pi-board-version/ - $revisions = array( - '0002' => 'Model B Revision 1.0', - '0003' => 'Model B Revision 1.0 + ECN0001', - '0004' => 'Model B Revision 2.0 (256 MB)', - '0005' => 'Model B Revision 2.0 (256 MB)', - '0006' => 'Model B Revision 2.0 (256 MB)', - '0007' => 'Model A', - '0008' => 'Model A', - '0009' => 'Model A', - '000d' => 'Model B Revision 2.0 (512 MB)', - '000e' => 'Model B Revision 2.0 (512 MB)', - '000f' => 'Model B Revision 2.0 (512 MB)', - '0010' => 'Model B+', - '0013' => 'Model B+', - '0011' => 'Compute Module', - '0012' => 'Model A+', - 'a01041' => 'a01041', - 'a21041' => 'a21041', - '900092' => 'PiZero 1.2', - '900093' => 'PiZero 1.3', - '9000c1' => 'PiZero W', - 'a02082' => 'Pi 3 Model B', - 'a22082' => 'Pi 3 Model B', - 'a32082' => 'Pi 3 Model B', - 'a52082' => 'Pi 3 Model B', - 'a020d3' => 'Pi 3 Model B+', - 'a220a0' => 'Compute Module 3', - 'a020a0' => 'Compute Module 3', - 'a02100' => 'Compute Module 3+', - 'a03111' => 'Model 4B Revision 1.1 (1 GB)', - 'b03111' => 'Model 4B Revision 1.1 (2 GB)', - 'c03111' => 'Model 4B Revision 1.1 (4 GB)' - ); - - $cpuinfo_array = ''; - exec('cat /proc/cpuinfo', $cpuinfo_array); - $rev = trim(array_pop(explode(':', array_pop(preg_grep("/^Revision/", $cpuinfo_array))))); - if (array_key_exists($rev, $revisions)) { - return $revisions[$rev]; - } else { - exec('cat /proc/device-tree/model', $model); - if (isset($model[0])) { - return $model[0]; - } else { - return 'Unknown Device'; - } - } -} /** * @@ -134,7 +76,7 @@ function DisplaySystem(&$extraFooterScripts) // define locales $arrLocales = getLocales(); - #fetch system status variables. + // fetch system status variables $system = new \RaspAP\System\Sysinfo; $hostname = $system->hostname(); @@ -143,7 +85,8 @@ function DisplaySystem(&$extraFooterScripts) $os = $system->operatingSystem(); $kernel = $system->kernelVersion(); $systime = $system->systime(); - + $revision = $system->rpiRevision(); + // mem used $memused = $system->usedMemory(); $memused_status = "primary"; @@ -215,6 +158,7 @@ function DisplaySystem(&$extraFooterScripts) "hostname", "uptime", "systime", + "revision", "cores", "os", "kernel", diff --git a/includes/wireguard.php b/includes/wireguard.php index dfe04d5c6..547dd0489 100755 --- a/includes/wireguard.php +++ b/includes/wireguard.php @@ -112,7 +112,7 @@ function SaveWireGuardUpload($status, $file, $optRules) throw new RuntimeException('Invalid parameters'); } - $upload = \RaspAP\Uploader\Upload::factory('wg',$tmp_destdir); + $upload = \RaspAP\Uploader\FileUpload::factory('wg',$tmp_destdir); $upload->set_max_file_size(64*KB); $upload->set_allowed_mime_types(array('text/plain')); $upload->file($file); diff --git a/index.php b/index.php index 1da42e063..83e2916db 100755 --- a/index.php +++ b/index.php @@ -27,7 +27,7 @@ ensureCSRFSessionToken(); require_once 'includes/config.php'; -require_once 'app/lib/Auth.php'; +require_once 'includes/autoload.php'; require_once 'includes/defaults.php'; require_once 'includes/locale.php'; require_once 'includes/functions.php'; diff --git a/app/lib/Auth.php b/src/RaspAP/Auth/HTTPAuth.php old mode 100644 new mode 100755 similarity index 99% rename from app/lib/Auth.php rename to src/RaspAP/Auth/HTTPAuth.php index 5e85d3df5..9751075f3 --- a/app/lib/Auth.php +++ b/src/RaspAP/Auth/HTTPAuth.php @@ -11,7 +11,7 @@ declare(strict_types=1); -namespace RaspAP\Authenticate; +namespace RaspAP\Auth; class HTTPAuth { diff --git a/app/lib/system.php b/src/RaspAP/System/Sysinfo.php old mode 100644 new mode 100755 similarity index 52% rename from app/lib/system.php rename to src/RaspAP/System/Sysinfo.php index 676c2201e..7a45728e9 --- a/app/lib/system.php +++ b/src/RaspAP/System/Sysinfo.php @@ -1,7 +1,7 @@ @@ -92,5 +92,62 @@ public function kernelVersion() $kernel = shell_exec("uname -r"); return $kernel; } + + /* + * Returns RPi Model and PCB Revision from Pi Revision Code (cpuinfo) + * @see http://www.raspberrypi-spy.co.uk/2012/09/checking-your-raspberry-pi-board-version/ + */ + public function rpiRevision() + { + $revisions = array( + '0002' => 'Model B Revision 1.0', + '0003' => 'Model B Revision 1.0 + ECN0001', + '0004' => 'Model B Revision 2.0 (256 MB)', + '0005' => 'Model B Revision 2.0 (256 MB)', + '0006' => 'Model B Revision 2.0 (256 MB)', + '0007' => 'Model A', + '0008' => 'Model A', + '0009' => 'Model A', + '000d' => 'Model B Revision 2.0 (512 MB)', + '000e' => 'Model B Revision 2.0 (512 MB)', + '000f' => 'Model B Revision 2.0 (512 MB)', + '0010' => 'Model B+', + '0013' => 'Model B+', + '0011' => 'Compute Module', + '0012' => 'Model A+', + 'a01041' => 'a01041', + 'a21041' => 'a21041', + '900092' => 'PiZero 1.2', + '900093' => 'PiZero 1.3', + '9000c1' => 'PiZero W', + 'a02082' => 'Pi 3 Model B', + 'a22082' => 'Pi 3 Model B', + 'a32082' => 'Pi 3 Model B', + 'a52082' => 'Pi 3 Model B', + 'a020d3' => 'Pi 3 Model B+', + 'a220a0' => 'Compute Module 3', + 'a020a0' => 'Compute Module 3', + 'a02100' => 'Compute Module 3+', + 'a03111' => 'Model 4B Revision 1.1 (1 GB)', + 'b03111' => 'Model 4B Revision 1.1 (2 GB)', + 'c03111' => 'Model 4B Revision 1.1 (4 GB)' + ); + + $cpuinfo_array = ''; + exec('cat /proc/cpuinfo', $cpuinfo_array); + $info = preg_grep("/^Revision/", $cpuinfo_array); + $tmp = explode(':', array_pop($info)); + $rev = trim(array_pop($tmp)); + if (array_key_exists($rev, $revisions)) { + return $revisions[$rev]; + } else { + exec('cat /proc/device-tree/model', $model); + if (isset($model[0])) { + return $model[0]; + } else { + return 'Unknown Device'; + } + } + } } diff --git a/app/lib/uploader.php b/src/RaspAP/Uploader/FileUpload.php old mode 100644 new mode 100755 similarity index 99% rename from app/lib/uploader.php rename to src/RaspAP/Uploader/FileUpload.php index e15e451cf..03cd00126 --- a/app/lib/uploader.php +++ b/src/RaspAP/Uploader/FileUpload.php @@ -3,8 +3,6 @@ /** * Simple PHP upload class * - * Adapted from aivis/PHP-file-upload-class - * * @description File upload class for RaspAP * @author Bill Zimmerman * @author Aivis Silins @@ -14,7 +12,7 @@ namespace RaspAP\Uploader; -class Upload +class FileUpload { /** @@ -110,7 +108,7 @@ class Upload */ public static function factory($destination, $root = false) { - return new Upload($destination, $root); + return new FileUpload($destination, $root); } /** diff --git a/templates/system/basic.php b/templates/system/basic.php index e231c2161..81adb6d21 100644 --- a/templates/system/basic.php +++ b/templates/system/basic.php @@ -14,7 +14,7 @@
-
+
From 07b950cf659146ab6864190c5ad595fbcdaecd25 Mon Sep 17 00:00:00 2001 From: billz Date: Sat, 16 Sep 2023 11:43:40 +0200 Subject: [PATCH 10/11] Migrate includes/status_message.php to RaspAP/Messages --- src/RaspAP/Messages/StatusMessage.php | 41 +++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100755 src/RaspAP/Messages/StatusMessage.php diff --git a/src/RaspAP/Messages/StatusMessage.php b/src/RaspAP/Messages/StatusMessage.php new file mode 100755 index 000000000..680014ceb --- /dev/null +++ b/src/RaspAP/Messages/StatusMessage.php @@ -0,0 +1,41 @@ + + * @license https://github.com/raspap/raspap-webgui/blob/master/LICENSE + */ + +namespace RaspAP\Messages; + +class StatusMessage +{ + public $messages = array(); + + public function addMessage($message, $level = 'success', $dismissable = true) + { + $status = '
'. _($message); + if ($dismissable) { + $status .= ''; + } + $status .= '
'; + + array_push($this->messages, $status); + } + + public function showMessages($clear = true) + { + foreach ($this->messages as $message) { + echo $message; + } + if ($clear) { + $this->messages = array(); + } + } +} From 33c596189db7a911cf952bd459fad50fbcede6f6 Mon Sep 17 00:00:00 2001 From: billz Date: Sat, 16 Sep 2023 11:46:11 +0200 Subject: [PATCH 11/11] Apply autoloader support for status messages --- app/css/all.css | 5 + includes/adblock.php | 3 +- includes/admin.php | 4 +- includes/configure_client.php | 3 +- includes/dashboard.php | 2 +- includes/dhcp.php | 3 +- includes/firewall.php | 368 ---------------------------------- includes/hostapd.php | 6 +- includes/networking.php | 4 +- includes/openvpn.php | 3 +- includes/status_messages.php | 30 --- includes/system.php | 4 +- includes/torproxy.php | 2 - includes/wireguard.php | 3 +- templates/firewall.php | 110 ---------- 15 files changed, 15 insertions(+), 535 deletions(-) delete mode 100755 includes/firewall.php delete mode 100755 includes/status_messages.php delete mode 100755 templates/firewall.php diff --git a/app/css/all.css b/app/css/all.css index 12a47159e..d9de52e34 100644 --- a/app/css/all.css +++ b/app/css/all.css @@ -228,3 +228,8 @@ button > i.fas { pointer-events: none; } +.close { + font-weight: 400; + font-size: 1.3rem; +} + diff --git a/includes/adblock.php b/includes/adblock.php index bf16bcb7c..021f4d2c2 100755 --- a/includes/adblock.php +++ b/includes/adblock.php @@ -1,6 +1,5 @@ getAuthConfig(); $password = $config['admin_pass']; diff --git a/includes/configure_client.php b/includes/configure_client.php index accc7f269..64164f947 100755 --- a/includes/configure_client.php +++ b/includes/configure_client.php @@ -1,6 +1,5 @@ addMessage(_('Interface name invalid.'), 'danger'); diff --git a/includes/dhcp.php b/includes/dhcp.php index 726013749..65c04ceb4 100755 --- a/includes/dhcp.php +++ b/includes/dhcp.php @@ -1,6 +1,5 @@ $sect ) { - if (isRuleEnabled($sect, $conf) ) { - $str_rules= createRuleStr($sect, $conf); - if (!empty($str_rules) ) { - if (isIPv4($sect) ) { file_put_contents(RASPAP_IPTABLES_SCRIPT, $str_rules, FILE_APPEND); - } - if (isIPv6($sect) ) { file_put_contents(RASPAP_IP6TABLES_SCRIPT, $str_rules, FILE_APPEND); - } - ++$count; - } - } - } - } - } - if ($count > 0 ) { - exec("chmod +x ".RASPAP_IPTABLES_SCRIPT); - exec("sudo ".RASPAP_IPTABLES_SCRIPT); - exec("sudo iptables-save | sudo tee /etc/iptables/rules.v4"); - unlink(RASPAP_IPTABLES_SCRIPT); - exec("chmod +x ".RASPAP_IP6TABLES_SCRIPT); - exec("sudo ".RASPAP_IP6TABLES_SCRIPT); - exec("sudo ip6tables-save | sudo tee /etc/iptables/rules.v6"); - unlink(RASPAP_IP6TABLES_SCRIPT); - } - return ($count > 0); -} - -/** - * - * @param array $conf - * @return string $ret - */ -function WriteFirewallConf($conf) -{ - $ret = false; - if (is_array($conf) ) { write_php_ini($conf, RASPI_FIREWALL_CONF); - } - return $ret; -} - -/** - * - * @return array $conf - */ -function ReadFirewallConf() -{ - $conf = array(); - if (file_exists(RASPI_FIREWALL_CONF) ) { - $conf = parse_ini_file(RASPI_FIREWALL_CONF); - } - if ( !isset($conf["firewall-enable"]) ) { - $conf["firewall-enable"] = false; - $conf["ssh-enable"] = false; - $conf["http-enable"] = false; - $conf["excl-devices"] = ""; - $conf["excluded-ips"] = ""; - $conf["ap-device"] = ""; - $conf["client-device"] = ""; - $conf["restricted-ips"] = ""; - } - exec('ifconfig | grep -E -i "^tun[0-9]"', $ret); - $conf["openvpn-enable"] = !empty($ret); - unset($ret); - exec('ifconfig | grep -E -i "^wg[0-9]"', $ret); - $conf["wireguard-enable"] = !empty($ret); - return $conf; -} - -/** - * - * @return string $ips - */ -function getVPN_IPs() -{ - $ips = ""; - // get openvpn and wireguard server IPs - if (RASPI_OPENVPN_ENABLED && ($fconf = glob(RASPI_OPENVPN_CLIENT_PATH ."/*.conf")) !== false && !empty($fconf) ) { - foreach ( $fconf as $f ) { - unset($result); - exec('cat '.$f.' | sed -rn "s/^remote\s*([a-z0-9\.\-\_:]*)\s*([0-9]*)\s*$/\1 \2/ip" ', $result); - if (!empty($result) ) { - $result = explode(" ", $result[0]); - $ip = (isset($result[0])) ? $result[0] : ""; - $port = (isset($result[1])) ? $result[1] : ""; - if (!empty($ip) ) { - $ip = gethostbyname($ip); - if (filter_var($ip, FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) { $ips .= " $ip"; - } - } - } - } - } - // get wireguard server IPs - if (RASPI_WIREGUARD_ENABLED && ($fconf = glob(RASPI_WIREGUARD_PATH ."/*.conf")) !== false && !empty($fconf) ) { - foreach ( $fconf as $f ) { - unset($result); - exec('sudo /bin/cat '.$f.' | sed -rn "s/^endpoint\s*=\s*\[?([a-z0-9\.\-\_:]*)\]?:([0-9]*)\s*$/\1 \2/ip" ', $result); - if (!empty($result) ) { - $result = explode(" ", $result[0]); - $ip = (isset($result[0])) ? $result[0] : ""; - $port = (isset($result[1])) ? $result[1] : ""; - if (!empty($ip) ) { - $ip = gethostbyname($ip); - if (filter_var($ip, FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) { $ips .= " $ip"; - } - } - } - } - } - return trim($ips); -} - -/** - * - * @return array $fw_conf - */ -function getFirewallConfiguration() -{ - $fw_conf = ReadFirewallConf(); - - $json = file_get_contents(RASPI_IPTABLES_CONF); - getWifiInterface(); - $ap_device = $_SESSION['ap_interface']; - $clients = getClients(); - $str_clients = ""; - foreach( $clients["device"] as $dev ) { - if (!$dev["isAP"] ) { - if (!empty($str_clients) ) { $str_clients .= ", "; - } - $str_clients .= $dev["name"]; - } - } - $fw_conf["ap-device"] = $ap_device; - $fw_conf["client-list"] = $str_clients; - $id=findCurrentClientIndex($clients); - if ($id >= 0 ) { $fw_conf["client-device"] = $clients["device"][$id]["name"]; - } - return $fw_conf; -} - -/** - * - */ -function updateFirewall() -{ - $fw_conf = getFirewallConfiguration(); - if ( isset($fw_conf["firewall-enable"]) ) { - WriteFirewallConf($fw_conf); - configureFirewall(); - } - return; -} - -/** - * - */ -function DisplayFirewallConfig() -{ - $status = new StatusMessages(); - - $fw_conf = getFirewallConfiguration(); - $ap_device = $fw_conf["ap-device"]; - $str_clients = $fw_conf["client-list"]; - - if (!empty($_POST)) { - $fw_conf["ssh-enable"] = isset($_POST['ssh-enable']); - $fw_conf["http-enable"] = isset($_POST['http-enable']); - $fw_conf["firewall-enable"] = isset($_POST['firewall-enable']) || isset($_POST['apply-firewall']); - if (isset($_POST['firewall-enable']) ) { $status->addMessage(_('Firewall is now enabled'), 'success'); - } - if (isset($_POST['apply-firewall']) ) { $status->addMessage(_('Firewall settings changed'), 'success'); - } - if (isset($_POST['firewall-disable']) ) { $status->addMessage(_('Firewall is now disabled'), 'warning'); - } - if (isset($_POST['save-firewall']) ) { $status->addMessage(_('Firewall settings saved. Firewall is still disabled.'), 'success'); - } - if (isset($_POST['excl-devices']) ) { - $excl = filter_var($_POST['excl-devices'], FILTER_SANITIZE_STRING); - $excl = str_replace(',', ' ', $excl); - $excl = trim(preg_replace('/\s+/', ' ', $excl)); - if ($fw_conf["excl-devices"] != $excl ) { - $status->addMessage(_('Exclude devices '. $excl), 'success'); - $fw_conf["excl-devices"] = $excl; - } - } - if (isset($_POST['excluded-ips']) ) { - $excl = filter_var($_POST['excluded-ips'], FILTER_SANITIZE_STRING); - $excl = str_replace(',', ' ', $excl); - $excl = trim(preg_replace('/\s+/', ' ', $excl)); - if (!empty($excl) ) { - $excl = explode(' ', $excl); - $str_excl = ""; - foreach ( $excl as $ip ) { - if (filter_var($ip, FILTER_VALIDATE_IP) ) { $str_excl .= "$ip "; - } else { $status->addMessage(_('Exclude IP address '. $ip . ' failed - not a valid IP address'), 'warning'); - } - } - } - $str_excl = trim($str_excl); - if ($fw_conf["excluded-ips"] != $str_excl ) { - $status->addMessage(_('Exclude IP address(es) '. $str_excl), 'success'); - $fw_conf["excluded-ips"] = $str_excl; - } - } - WriteFirewallConf($fw_conf); - configureFirewall(); - } - $vpn_ips = getVPN_IPs(); - echo renderTemplate( - "firewall", compact( - "status", - "ap_device", - "str_clients", - "fw_conf", - "vpn_ips" - ) - ); -} - diff --git a/includes/hostapd.php b/includes/hostapd.php index c300c3e5a..af4882783 100755 --- a/includes/hostapd.php +++ b/includes/hostapd.php @@ -1,21 +1,17 @@ operatingSystem(); - /** * Initialize hostapd values, display interface * */ function DisplayHostAPDConfig() { - $status = new StatusMessages(); + $status = new \RaspAP\Messages\StatusMessage; $system = new \RaspAP\System\Sysinfo; $operatingSystem = $system->operatingSystem(); $arrConfig = array(); diff --git a/includes/networking.php b/includes/networking.php index 345ca14e7..9669fca4d 100755 --- a/includes/networking.php +++ b/includes/networking.php @@ -1,6 +1,5 @@ '. _($message); - if ($dismissable) { - $status .= ''; - } - $status .= '
'; - - array_push($this->messages, $status); - } - - public function showMessages($clear = true) - { - foreach ($this->messages as $message) { - echo $message; - } - if ($clear) { - $this->messages = array(); - } - } -} diff --git a/includes/system.php b/includes/system.php index 26822ae86..c65d374d2 100755 --- a/includes/system.php +++ b/includes/system.php @@ -1,6 +1,5 @@ -
-
-
-
-
- -
-
-
-
- showMessages(); ?> -

- - - - - -
-
-

- -
-
- %s."), $ap_device); ?> -
-

-
-
-
- -
-
-
-
- > - -
-
- > - -
-

- -

-
-
-
-
-
- - " aria-describedby="exclusion-description" > -

- -
- %s"), $str_clients); ?>
- %s is per default excluded."), $ap_device); ?> -
-

-
-
-
-
-
- - " aria-describedby="excl-ips-description" > -

- -
-
- %s"), $vpn_ips); ?> -
-

-
-
- - " name="apply-firewall" /> - " name="firewall-disable" data-toggle="modal" data-target="#firewallModal"/> - - " name="save-firewall" /> - " name="firewall-enable" data-toggle="modal" data-target="#firewallModal"/> - -
-
- -
-
- - - - -