diff options
author | Simon Rettberg | 2024-10-09 16:14:39 +0200 |
---|---|---|
committer | Simon Rettberg | 2024-10-09 16:14:39 +0200 |
commit | 36fa9ba7863cf68a8c37613d6ff37cce72555653 (patch) | |
tree | 978b2b19a324fc326abbed809199191cac42297a | |
parent | [webinterface] Add support for ACME, add option to redirect to cert domain (diff) | |
download | slx-admin-36fa9ba7863cf68a8c37613d6ff37cce72555653.tar.gz slx-admin-36fa9ba7863cf68a8c37613d6ff37cce72555653.tar.xz slx-admin-36fa9ba7863cf68a8c37613d6ff37cce72555653.zip |
[webinterface] Refactor TM-Calls for https changes
Move actual calls to WebInterface helper class, move a few common things
to their own functions.
-rw-r--r-- | modules-available/webinterface/inc/webinterface.inc.php | 48 | ||||
-rw-r--r-- | modules-available/webinterface/page.inc.php | 61 |
2 files changed, 67 insertions, 42 deletions
diff --git a/modules-available/webinterface/inc/webinterface.inc.php b/modules-available/webinterface/inc/webinterface.inc.php index 6dfd924f..276110eb 100644 --- a/modules-available/webinterface/inc/webinterface.inc.php +++ b/modules-available/webinterface/inc/webinterface.inc.php @@ -9,6 +9,8 @@ class WebInterface public const PROP_REDIRECT_DOMAIN = 'webinterface.redirect-domain'; + public const PROP_API_KEY = 'webinterface.api-key'; + /** * Read data all handled domains from current certificate. * SAN takes precedence, if empty, we fall back to CN. @@ -62,4 +64,50 @@ class WebInterface return !empty(Property::get(self::PROP_REDIRECT_DOMAIN, false)); } + public static function isHttpsRedirectEnabled(): bool + { + return Property::get(self::PROP_REDIRECT) === 'True'; + } + + public static function tmDisableHttps(): ?string + { + Property::set(WebInterface::PROP_TYPE, 'off'); + Property::set(WebInterface::PROP_HSTS, 'off'); + $task = Taskmanager::submit('LighttpdHttps', []); + return $task['id'] ?? null; + } + + public static function tmGenerateRandomCert(): ?string + { + Property::set(WebInterface::PROP_TYPE, 'generated'); + $task = Taskmanager::submit('LighttpdHttps', [ + 'proxyip' => Property::getServerIp(), + 'redirect' => self::isHttpsRedirectEnabled(), + ]); + return $task['id'] ?? null; + } + + public static function tmImportCustomCert(string $key, string $cert, ?string $chain = null): ?string + { + Property::set(WebInterface::PROP_TYPE, 'supplied'); + $task = Taskmanager::submit('LighttpdHttps', [ + 'importcert' => $cert, + 'importkey' => $key, + 'importchain' => $chain, + 'redirect' => self::isHttpsRedirectEnabled(), + ]); + return $task['id'] ?? null; + } + + public static function tmSetHttpRedirectMode(): ?string + { + if (Property::get(WebInterface::PROP_TYPE) === 'off') + return null; + $task = Taskmanager::submit('LighttpdHttps', array( + 'redirectOnly' => true, + 'redirect' => self::isHttpsRedirectEnabled(), + )); + return $task['id'] ?? null; + } + }
\ No newline at end of file diff --git a/modules-available/webinterface/page.inc.php b/modules-available/webinterface/page.inc.php index 35f21b38..318dd82c 100644 --- a/modules-available/webinterface/page.inc.php +++ b/modules-available/webinterface/page.inc.php @@ -33,6 +33,7 @@ class Page_WebInterface extends Page private function actionConfigureHttps() { + $this->setRedirectFromPost(); $mode = Request::post('mode'); switch ($mode) { case 'off': @@ -48,7 +49,7 @@ class Page_WebInterface extends Page $taskId = $this->setAcmeMode(); break; default: - $taskId = $this->setRedirectMode(); + $taskId = $this->updateHttpsRedirectModeOnly(); break; } if ($mode !== 'off') { @@ -211,47 +212,40 @@ class Page_WebInterface extends Page Render::addTemplate('customization', $data); } + private function setRedirectFromPost(): void + { + $force = Request::post('httpsredirect', false, 'string') === 'on'; + Property::set(WebInterface::PROP_REDIRECT, $force ? 'True' : 'False'); + } + + private function updateHttpsRedirectModeOnly(): ?string + { + return WebInterface::tmSetHttpRedirectMode(); + } + private function setHttpsOff(): ?string { - Property::set(WebInterface::PROP_TYPE, 'off'); - Property::set(WebInterface::PROP_HSTS, 'off'); Header('Strict-Transport-Security: max-age=0', true); Session::deleteCookie(); - $task = Taskmanager::submit('LighttpdHttps', array()); - return $task['id'] ?? null; + return WebInterface::tmDisableHttps(); } private function setHttpsRandomCert(): ?string { - $force = Request::post('httpsredirect', false, 'string') === 'on'; - Property::set(WebInterface::PROP_TYPE, 'generated'); - Property::set(WebInterface::PROP_REDIRECT, $force ? 'True' : 'False'); - $task = Taskmanager::submit('LighttpdHttps', array( - 'proxyip' => Property::getServerIp(), - 'redirect' => $force, - )); - return $task['id'] ?? null; + return WebInterface::tmGenerateRandomCert(); } private function setHttpsCustomCert(): ?string { - $force = Request::post('httpsredirect', false, 'string') === 'on'; - Property::set(WebInterface::PROP_TYPE, 'supplied'); - Property::set(WebInterface::PROP_REDIRECT, $force ? 'True' : 'False'); - $task = Taskmanager::submit('LighttpdHttps', array( - 'importcert' => Request::post('certificate', 'bla'), - 'importkey' => Request::post('privatekey', 'bla'), - 'importchain' => Request::post('cachain', ''), - 'redirect' => $force, - )); - return $task['id'] ?? null; + $cert = Request::post('certificate', Request::REQUIRED, 'string'); + $key = Request::post('privatekey', Request::REQUIRED, 'string'); + $chain = Request::post('cachain', '', 'string'); + return WebInterface::tmImportCustomCert($key, $cert, $chain); } private function setAcmeMode(): ?string { - $force = Request::post('httpsredirect', false, 'string') === 'on'; Property::set(WebInterface::PROP_TYPE, 'acme'); - Property::set(WebInterface::PROP_REDIRECT, $force ? 'True' : 'False'); $wipeAll = Request::post('acme-wipe-all', false, 'bool'); // Get params $provider = Request::post('acme-provider', Request::REQUIRED, 'string'); @@ -281,7 +275,6 @@ class Page_WebInterface extends Page && empty(array_diff($domains, Acme::getDomains()))) { if (Acme::tryEnable()) return null; // Nothing to do, old setup works - error_log('FUUUU'); return Acme::renew(); // Hope for the best, otherwise user needs to check "force reissue" } if (!Acme::setConfig($provider, $mail, $kid, $hmac)) @@ -290,21 +283,5 @@ class Page_WebInterface extends Page return Acme::issueNewCertificate($wipeAll); } - private function setRedirectMode(): ?string - { - $force = Request::post('httpsredirect', false, 'string') === 'on'; - Property::set(WebInterface::PROP_REDIRECT, $force ? 'True' : 'False'); - if (Property::get(WebInterface::PROP_TYPE) === 'off') { - // Don't bother running the task if https isn't enabled - just - // update the state in DB - return null; - } - $task = Taskmanager::submit('LighttpdHttps', array( - 'redirectOnly' => true, - 'redirect' => $force, - )); - return $task['id'] ?? null; - } - } |