summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2024-10-09 16:14:39 +0200
committerSimon Rettberg2024-10-09 16:14:39 +0200
commit36fa9ba7863cf68a8c37613d6ff37cce72555653 (patch)
tree978b2b19a324fc326abbed809199191cac42297a
parent[webinterface] Add support for ACME, add option to redirect to cert domain (diff)
downloadslx-admin-36fa9ba7863cf68a8c37613d6ff37cce72555653.tar.gz
slx-admin-36fa9ba7863cf68a8c37613d6ff37cce72555653.tar.xz
slx-admin-36fa9ba7863cf68a8c37613d6ff37cce72555653.zip
[webinterface] Refactor TM-Calls for https changes
Move actual calls to WebInterface helper class, move a few common things to their own functions.
-rw-r--r--modules-available/webinterface/inc/webinterface.inc.php48
-rw-r--r--modules-available/webinterface/page.inc.php61
2 files changed, 67 insertions, 42 deletions
diff --git a/modules-available/webinterface/inc/webinterface.inc.php b/modules-available/webinterface/inc/webinterface.inc.php
index 6dfd924f..276110eb 100644
--- a/modules-available/webinterface/inc/webinterface.inc.php
+++ b/modules-available/webinterface/inc/webinterface.inc.php
@@ -9,6 +9,8 @@ class WebInterface
public const PROP_REDIRECT_DOMAIN = 'webinterface.redirect-domain';
+ public const PROP_API_KEY = 'webinterface.api-key';
+
/**
* Read data all handled domains from current certificate.
* SAN takes precedence, if empty, we fall back to CN.
@@ -62,4 +64,50 @@ class WebInterface
return !empty(Property::get(self::PROP_REDIRECT_DOMAIN, false));
}
+ public static function isHttpsRedirectEnabled(): bool
+ {
+ return Property::get(self::PROP_REDIRECT) === 'True';
+ }
+
+ public static function tmDisableHttps(): ?string
+ {
+ Property::set(WebInterface::PROP_TYPE, 'off');
+ Property::set(WebInterface::PROP_HSTS, 'off');
+ $task = Taskmanager::submit('LighttpdHttps', []);
+ return $task['id'] ?? null;
+ }
+
+ public static function tmGenerateRandomCert(): ?string
+ {
+ Property::set(WebInterface::PROP_TYPE, 'generated');
+ $task = Taskmanager::submit('LighttpdHttps', [
+ 'proxyip' => Property::getServerIp(),
+ 'redirect' => self::isHttpsRedirectEnabled(),
+ ]);
+ return $task['id'] ?? null;
+ }
+
+ public static function tmImportCustomCert(string $key, string $cert, ?string $chain = null): ?string
+ {
+ Property::set(WebInterface::PROP_TYPE, 'supplied');
+ $task = Taskmanager::submit('LighttpdHttps', [
+ 'importcert' => $cert,
+ 'importkey' => $key,
+ 'importchain' => $chain,
+ 'redirect' => self::isHttpsRedirectEnabled(),
+ ]);
+ return $task['id'] ?? null;
+ }
+
+ public static function tmSetHttpRedirectMode(): ?string
+ {
+ if (Property::get(WebInterface::PROP_TYPE) === 'off')
+ return null;
+ $task = Taskmanager::submit('LighttpdHttps', array(
+ 'redirectOnly' => true,
+ 'redirect' => self::isHttpsRedirectEnabled(),
+ ));
+ return $task['id'] ?? null;
+ }
+
} \ No newline at end of file
diff --git a/modules-available/webinterface/page.inc.php b/modules-available/webinterface/page.inc.php
index 35f21b38..318dd82c 100644
--- a/modules-available/webinterface/page.inc.php
+++ b/modules-available/webinterface/page.inc.php
@@ -33,6 +33,7 @@ class Page_WebInterface extends Page
private function actionConfigureHttps()
{
+ $this->setRedirectFromPost();
$mode = Request::post('mode');
switch ($mode) {
case 'off':
@@ -48,7 +49,7 @@ class Page_WebInterface extends Page
$taskId = $this->setAcmeMode();
break;
default:
- $taskId = $this->setRedirectMode();
+ $taskId = $this->updateHttpsRedirectModeOnly();
break;
}
if ($mode !== 'off') {
@@ -211,47 +212,40 @@ class Page_WebInterface extends Page
Render::addTemplate('customization', $data);
}
+ private function setRedirectFromPost(): void
+ {
+ $force = Request::post('httpsredirect', false, 'string') === 'on';
+ Property::set(WebInterface::PROP_REDIRECT, $force ? 'True' : 'False');
+ }
+
+ private function updateHttpsRedirectModeOnly(): ?string
+ {
+ return WebInterface::tmSetHttpRedirectMode();
+ }
+
private function setHttpsOff(): ?string
{
- Property::set(WebInterface::PROP_TYPE, 'off');
- Property::set(WebInterface::PROP_HSTS, 'off');
Header('Strict-Transport-Security: max-age=0', true);
Session::deleteCookie();
- $task = Taskmanager::submit('LighttpdHttps', array());
- return $task['id'] ?? null;
+ return WebInterface::tmDisableHttps();
}
private function setHttpsRandomCert(): ?string
{
- $force = Request::post('httpsredirect', false, 'string') === 'on';
- Property::set(WebInterface::PROP_TYPE, 'generated');
- Property::set(WebInterface::PROP_REDIRECT, $force ? 'True' : 'False');
- $task = Taskmanager::submit('LighttpdHttps', array(
- 'proxyip' => Property::getServerIp(),
- 'redirect' => $force,
- ));
- return $task['id'] ?? null;
+ return WebInterface::tmGenerateRandomCert();
}
private function setHttpsCustomCert(): ?string
{
- $force = Request::post('httpsredirect', false, 'string') === 'on';
- Property::set(WebInterface::PROP_TYPE, 'supplied');
- Property::set(WebInterface::PROP_REDIRECT, $force ? 'True' : 'False');
- $task = Taskmanager::submit('LighttpdHttps', array(
- 'importcert' => Request::post('certificate', 'bla'),
- 'importkey' => Request::post('privatekey', 'bla'),
- 'importchain' => Request::post('cachain', ''),
- 'redirect' => $force,
- ));
- return $task['id'] ?? null;
+ $cert = Request::post('certificate', Request::REQUIRED, 'string');
+ $key = Request::post('privatekey', Request::REQUIRED, 'string');
+ $chain = Request::post('cachain', '', 'string');
+ return WebInterface::tmImportCustomCert($key, $cert, $chain);
}
private function setAcmeMode(): ?string
{
- $force = Request::post('httpsredirect', false, 'string') === 'on';
Property::set(WebInterface::PROP_TYPE, 'acme');
- Property::set(WebInterface::PROP_REDIRECT, $force ? 'True' : 'False');
$wipeAll = Request::post('acme-wipe-all', false, 'bool');
// Get params
$provider = Request::post('acme-provider', Request::REQUIRED, 'string');
@@ -281,7 +275,6 @@ class Page_WebInterface extends Page
&& empty(array_diff($domains, Acme::getDomains()))) {
if (Acme::tryEnable())
return null; // Nothing to do, old setup works
- error_log('FUUUU');
return Acme::renew(); // Hope for the best, otherwise user needs to check "force reissue"
}
if (!Acme::setConfig($provider, $mail, $kid, $hmac))
@@ -290,21 +283,5 @@ class Page_WebInterface extends Page
return Acme::issueNewCertificate($wipeAll);
}
- private function setRedirectMode(): ?string
- {
- $force = Request::post('httpsredirect', false, 'string') === 'on';
- Property::set(WebInterface::PROP_REDIRECT, $force ? 'True' : 'False');
- if (Property::get(WebInterface::PROP_TYPE) === 'off') {
- // Don't bother running the task if https isn't enabled - just
- // update the state in DB
- return null;
- }
- $task = Taskmanager::submit('LighttpdHttps', array(
- 'redirectOnly' => true,
- 'redirect' => $force,
- ));
- return $task['id'] ?? null;
- }
-
}