diff options
Diffstat (limited to 'modules-available/webinterface')
5 files changed, 88 insertions, 6 deletions
diff --git a/modules-available/webinterface/lang/de/template-tags.json b/modules-available/webinterface/lang/de/template-tags.json index ea1074d2..64ba84d0 100644 --- a/modules-available/webinterface/lang/de/template-tags.json +++ b/modules-available/webinterface/lang/de/template-tags.json @@ -3,14 +3,18 @@ "lang_caChain": "Optional k\u00f6nnen Sie hier die zum Zertifikat geh\u00f6rende Zertifikatkette (CA-Chain) einf\u00fcgen. Dies wird ben\u00f6tigt, wenn das Zertifikat nicht direkt von einer der in Browsern mitgeliferten CAs signiert wurde. Die Datei enth\u00e4lt ein oder meherere Zertifikatsbl\u00f6cke, im gleichen Format wie das oben gezeigte Zertifikat.", "lang_certificate": "Bitte f\u00fcgen Sie hier das Zertifikat ein. Das Zertifikat wird im Base64-codierten x509-Format erwartet (manchmal pem genannt). Es sieht in etwa wie folgt aus:", "lang_customCert": "Eigenes Zertifikat verwenden", + "lang_customization": "Designanpassung", + "lang_customizationDesc": "Hier k\u00f6nnen Sie kleine optische Anpassungen an der Weboberfl\u00e4che vornehmen. Dies ist hilfreich, wenn Sie z.B. ein Produktiv- und ein Testsystem betreiben und verhindern m\u00f6chten, dass Sie versehentlich in der falschen Weboberfl\u00e4che kritische Einstellungen ver\u00e4ndern.", "lang_generatedSelected": "Der Server verwendet zur Zeit ein automatisch generiertes, selbst signiertes Zertifikat.", "lang_hidePasswords": "Passw\u00f6rter maskieren", "lang_httpsDescription": "Hier k\u00f6nnen Sie festlegen, ob das Web-Interface auch per HTTPS erreichbar sein soll, und welches Zertifikat daf\u00fcr verwendet werden soll.", "lang_httpsRedirect": "Anfragen per HTTP immer auf HTTPS umleiten (sofern aktiviert)", "lang_httpsSettings": "HTTPS-Konfiguration", "lang_installAndRestart": "Zertifikat installieren und Webserver neustarten", + "lang_logoBackground": "Hintergrundfarbe des Logos", "lang_noHttps": "HTTPS wieder deaktivieren, aktuelles Zertifikat l\u00f6schen", "lang_offSelected": "HTTPS ist derzeit deaktiviert.", + "lang_pageTitlePrefix": "Pr\u00e4fix f\u00fcr den Seitentitel", "lang_passwordFields": "Passwortfelder", "lang_passwordsDescription": "Legen Sie fest, ob Passwortfelder in der Web-Schnittstelle maskiert werden, oder ob Ihr Inhalt sichtbar sein soll. Wenn Sie die Schnittstelle in einer sicheren Umgebung nutzen (keine neugierigen Augen), kann dies den Komfort erh\u00f6hen. Das Passwortfeld der Anmeldemaske ist von dieser Einstellung ausgenommen.", "lang_privateKey": "Bitte f\u00fcgen Sie hier den privaten Schl\u00fcssel ein, der zum obigen Zertifikat geh\u00f6rt. Er muss ebenfalls im \"pem\"-Format vorliegen, und sieht wie folgt aus:", @@ -18,6 +22,7 @@ "lang_showPasswords": "Passw\u00f6rter anzeigen", "lang_suppliedSelected": "Der Server verwendet zur Zeit ein \u00fcber die Option \"Eigenes Zertifikat\" hochgeladenes Zertifikat.", "lang_unknownSelected": "Unbekanntes oder ung\u00fcltiges Zertifikat vorhanden. Wahrscheinlich wurde der Server von einer alten Version aktualisiert. Um diese Meldung zu entfernen, die HTTPS-Konfiguration erneut vornehmen.", + "lang_useHsts": "HSTS aktivieren (dies erh\u00f6ht die Sicherheit, kann aber in bei sp\u00e4terem Deaktivieren von HTTPS zu Zugriffsproblemen f\u00fchren)", "lang_youreNotUsingHttps": "Sie besuchen diese Seite nicht per HTTPS (oder die HTTPS-Terminierung wird von einem vorgeschalteten Proxy \u00fcbernommen).", "lang_youreUsingHttps": "Sie besuchen diese Seite (aus Sicht des Webservers) per HTTPS." }
\ No newline at end of file diff --git a/modules-available/webinterface/lang/en/template-tags.json b/modules-available/webinterface/lang/en/template-tags.json index efe649cb..0fb4cc96 100644 --- a/modules-available/webinterface/lang/en/template-tags.json +++ b/modules-available/webinterface/lang/en/template-tags.json @@ -3,14 +3,18 @@ "lang_caChain": "Here you can paste an optional certificate chain. It should only be required if you have a certificate that was not directly signed by a certificate authority known by the browsers. It should contain one or more certificate blocks, looking just like the certificate above.", "lang_certificate": "Please paste your certificate below. It has to be in base64 encoded x509 format (sometimes called pem). It should look something like this:", "lang_customCert": "Supply own certificate", + "lang_customization": "Design customization", + "lang_customizationDesc": "Here you can make small changes to the design of the web interface. This might help to prevent accidents if you run multiple satellite servers and have an open tab for all of them at the same time.", "lang_generatedSelected": "The server is currently using an automatically generated, self-signed certificate.", "lang_hidePasswords": "Mask passwords", "lang_httpsDescription": "Here you can set whether the web interface should be accessible via https. You can choose if you want to use a random self signed certificate, or supply your own.", "lang_httpsRedirect": "Redirect incoming HTTP requests to HTTPS (if enabled).", "lang_httpsSettings": "HTTPS settings", "lang_installAndRestart": "Installing certificate and restarting web server", + "lang_logoBackground": "Logo background color", "lang_noHttps": "Disable HTTPS, delete current certificate", "lang_offSelected": "HTTPS is currently disabled.", + "lang_pageTitlePrefix": "Page title prefix", "lang_passwordFields": "Password fields", "lang_passwordsDescription": "Set whether password fields should be masked or not. The password field of the login page to the web interface is always masked.", "lang_privateKey": "Please paste the private key belonging to the certificate here. It has to be in \"pem\" format too, which should look like this:", @@ -18,6 +22,7 @@ "lang_showPasswords": "Show passwords", "lang_suppliedSelected": "The server is currently using a certificate supplied using the \"Supply own certificate\" option.", "lang_unknownSelected": "Unknown or invalid certificate in use. The server war probably updated from an old version while HTTPS was already enabled. Redo the HTTPS configuration steps to get rid of this message.", + "lang_useHsts": "Use HSTS (increases security but might lead to problems accessing the site if you disable HTTPS later)", "lang_youreNotUsingHttps": "You're not using HTTPS to visit this website (or the HTTPS termination is done by a reverse proxy).", "lang_youreUsingHttps": "You're visiting this server through an HTTPS connection (from the server's point of view)." }
\ No newline at end of file diff --git a/modules-available/webinterface/page.inc.php b/modules-available/webinterface/page.inc.php index 93d659f0..e576807e 100644 --- a/modules-available/webinterface/page.inc.php +++ b/modules-available/webinterface/page.inc.php @@ -5,6 +5,7 @@ class Page_WebInterface extends Page const PROP_REDIRECT = 'webinterface.https-redirect'; const PROP_TYPE = 'webinterface.https-type'; + const PROP_HSTS = 'webinterface.https-hsts'; protected function doPreprocess() { @@ -20,17 +21,18 @@ class Page_WebInterface extends Page case 'password': $this->actionShowHidePassword(); break; + case 'customization': + $this->actionCustomization(); + break; } } private function actionConfigureHttps() { - $task = false; - $off = ''; - switch (Request::post('mode')) { + $mode = Request::post('mode'); + switch ($mode) { case 'off': $task = $this->setHttpsOff(); - $off = '&hsts=off'; break; case 'random': $task = $this->setHttpsRandomCert(); @@ -42,9 +44,12 @@ class Page_WebInterface extends Page $task = $this->setRedirectMode(); break; } + if ($mode !== 'off') { + Property::set(self::PROP_HSTS, Request::post('usehsts', false, 'string') === 'on' ? 'True' : 'False'); + } if (isset($task['id'])) { Session::set('https-id', $task['id']); - Util::redirect('?do=WebInterface&show=httpsupdate' . $off); + Util::redirect('?do=WebInterface&show=httpsupdate'); } Util::redirect('?do=WebInterface'); } @@ -55,6 +60,17 @@ class Page_WebInterface extends Page Util::redirect('?do=WebInterface'); } + private function actionCustomization() + { + $prefix = Request::post('prefix', '', 'string'); + if (!empty($prefix) && !preg_match('/[\]\)\}\-_\s\&\$\!\/\+\*\^\>]$/', $prefix)) { + $prefix .= ' '; + } + Property::set('page-title-prefix', $prefix); + Property::set('logo-background', Request::post('bgcolor', '', 'string')); + Util::redirect('?do=WebInterface'); + } + protected function doRender() { // @@ -65,11 +81,13 @@ class Page_WebInterface extends Page } $type = Property::get(self::PROP_TYPE); $force = Property::get(self::PROP_REDIRECT) === 'True'; + $hsts = Property::get(self::PROP_HSTS) === 'True'; $https = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'; $exists = file_exists('/etc/lighttpd/server.pem'); $data = array( 'httpsUsed' => $https, - 'redirect_checked' => ($force ? 'checked' : '') + 'redirect_checked' => ($force ? 'checked' : ''), + 'hsts_checked' => ($hsts ? 'checked' : '') ); // Type should be 'off', 'generated', 'supplied' if ($type === 'off') { @@ -114,12 +132,30 @@ class Page_WebInterface extends Page else $data['selected_hide'] = 'checked'; Render::addTemplate('passwords', $data); + $data = array('prefix' => Property::get('page-title-prefix')); + $data['colors'] = array_map(function ($i) { return array('color' => $i ? '#' . $i : '', 'text' => Render::readableColor($i)); }, + array('', 'f00', '0f0', '00f', 'ff0', 'f0f', '0ff', 'fff', '000', 'f90', '09f', '90f', 'f09', '9f0')); + $color = Property::get('logo-background'); + foreach ($data['colors'] as &$c) { + if ($c['color'] === $color) { + $c['selected'] = 'selected'; + $color = false; + break; + } + } + unset($c); + if ($color) { + $data['colors'][] = array('color' => $color, 'selected' => 'selected'); + } + Render::addTemplate('customization', $data); } private function setHttpsOff() { Property::set(self::PROP_TYPE, 'off'); + Property::set(self::PROP_HSTS, 'off'); Header('Strict-Transport-Security: max-age=0', true); + Session::deleteCookie(); return Taskmanager::submit('LighttpdHttps', array()); } diff --git a/modules-available/webinterface/templates/customization.html b/modules-available/webinterface/templates/customization.html new file mode 100644 index 00000000..7949f95b --- /dev/null +++ b/modules-available/webinterface/templates/customization.html @@ -0,0 +1,30 @@ +<form action="?do=WebInterface" method="post"> + <input type="hidden" name="token" value="{{token}}"> + <input type="hidden" name="action" value="customization"> + <div class="panel panel-default"> + <div class="panel-heading">{{lang_customization}}</div> + <div class="panel-body"> + <p>{{lang_customizationDesc}}</p> + <div> + <label> + {{lang_pageTitlePrefix}} + <input type="text" class="form-control" name="prefix" value="{{prefix}}"> + </label> + + </div> + <div> + <label> + {{lang_logoBackground}} + <select class="form-control" name="bgcolor"> + {{#colors}} + <option style="color:{{text}};background:{{color}}" {{selected}}>{{color}}</option> + {{/colors}} + </select> + </label> + </div> + <div class="pull-right"> + <button type="submit" class="btn btn-primary">{{lang_save}}</button> + </div> + </div> + </div> +</form> diff --git a/modules-available/webinterface/templates/https.html b/modules-available/webinterface/templates/https.html index 77585ddf..ecfe5f5d 100644 --- a/modules-available/webinterface/templates/https.html +++ b/modules-available/webinterface/templates/https.html @@ -78,6 +78,12 @@ MIIFfTCCA... {{lang_httpsRedirect}} </span> </div> + <div class="input-group"> + <span class="input-group-addon"><input id="usehsts" type="checkbox" name="usehsts" value="on" {{hsts_checked}}></span> + <span class="form-control" onclick="$('#usehsts').prop('checked', !$('#usehsts').prop('checked'))"> + {{lang_useHsts}} + </span> + </div> <br> <div class="pull-right"> |