mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-08 22:18:28 +03:00
Cleanup RainLoop\Service with improved ?admin path detection
This commit is contained in:
parent
c804f35347
commit
9fea092c43
5 changed files with 63 additions and 82 deletions
|
|
@ -6,7 +6,11 @@ const
|
|||
HASH_PREFIX = '#/',
|
||||
SERVER_PREFIX = './?',
|
||||
VERSION = Settings.app('version'),
|
||||
VERSION_PREFIX = Settings.app('webVersionPath') || 'snappymail/v/' + VERSION + '/';
|
||||
VERSION_PREFIX = Settings.app('webVersionPath') || 'snappymail/v/' + VERSION + '/',
|
||||
|
||||
adminPath = () => rl.adminArea() && !Settings.app('adminHostUse'),
|
||||
|
||||
prefix = () => SERVER_PREFIX + (adminPath() ? Settings.app('adminPath') : '');
|
||||
|
||||
export const
|
||||
SUB_QUERY_PREFIX = '&q[]=',
|
||||
|
|
@ -20,9 +24,7 @@ export const
|
|||
/**
|
||||
* @returns {string}
|
||||
*/
|
||||
logoutLink = () => (rl.adminArea() && !Settings.app('adminHostUse'))
|
||||
? SERVER_PREFIX + Settings.app('adminPath')
|
||||
: ROOT,
|
||||
logoutLink = () => adminPath() ? prefix() : ROOT,
|
||||
|
||||
/**
|
||||
* @param {string} type
|
||||
|
|
@ -49,7 +51,7 @@ export const
|
|||
* @param {string} type
|
||||
* @returns {string}
|
||||
*/
|
||||
serverRequest = type => SERVER_PREFIX + '/' + type + '/' + SUB_QUERY_PREFIX + '/0/',
|
||||
serverRequest = type => prefix() + '/' + type + '/' + SUB_QUERY_PREFIX + '/0/',
|
||||
|
||||
/**
|
||||
* @param {string} lang
|
||||
|
|
|
|||
|
|
@ -178,10 +178,6 @@ $Plugin->addHook('hook.name', 'functionName');
|
|||
params:
|
||||
array &$aPaths
|
||||
|
||||
### filter.http-query
|
||||
params:
|
||||
string &$sQuery
|
||||
|
||||
### filter.json-response
|
||||
params:
|
||||
string $sAction
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ class Manager
|
|||
$this->oLogger = null;
|
||||
$this->oActions = $oActions;
|
||||
|
||||
$oConfig = $this->oActions->Config();
|
||||
$oConfig = $oActions->Config();
|
||||
$this->bIsEnabled = (bool) $oConfig->Get('plugins', 'enable', false);
|
||||
if ($this->bIsEnabled) {
|
||||
$sList = $oConfig->Get('plugins', 'enabled_list', '');
|
||||
|
|
|
|||
|
|
@ -2,31 +2,8 @@
|
|||
|
||||
namespace RainLoop;
|
||||
|
||||
class Service
|
||||
abstract class Service
|
||||
{
|
||||
/**
|
||||
* @var \MailSo\Base\Http
|
||||
*/
|
||||
private $oHttp;
|
||||
|
||||
/**
|
||||
* @var \RainLoop\Actions
|
||||
*/
|
||||
private $oActions;
|
||||
|
||||
/**
|
||||
* @var \RainLoop\ServiceActions
|
||||
*/
|
||||
private $oServiceActions;
|
||||
|
||||
function __construct()
|
||||
{
|
||||
$this->oHttp = \MailSo\Base\Http::SingletonInstance();
|
||||
$this->oActions = Api::Actions();
|
||||
|
||||
$this->oServiceActions = new ServiceActions($this->oHttp, $this->oActions);
|
||||
}
|
||||
|
||||
/**
|
||||
* @staticvar bool $bOne
|
||||
*/
|
||||
|
|
@ -35,23 +12,23 @@ class Service
|
|||
static $bOne = null;
|
||||
if (null === $bOne)
|
||||
{
|
||||
$bOne = (new self)->RunResult();
|
||||
$bOne = static::RunResult();
|
||||
}
|
||||
|
||||
return $bOne;
|
||||
}
|
||||
|
||||
public function RunResult() : bool
|
||||
private static function RunResult() : bool
|
||||
{
|
||||
if ($this->oActions->Config()->Get('debug', 'enable', false))
|
||||
$oConfig = Api::Config();
|
||||
|
||||
if ($oConfig->Get('debug', 'enable', false))
|
||||
{
|
||||
\error_reporting(E_ALL);
|
||||
\ini_set('display_errors', 1);
|
||||
\ini_set('log_errors', 1);
|
||||
}
|
||||
|
||||
$oConfig = $this->oActions->Config();
|
||||
|
||||
$sServer = \trim($oConfig->Get('security', 'custom_server_signature', ''));
|
||||
if (\strlen($sServer))
|
||||
{
|
||||
|
|
@ -64,7 +41,7 @@ class Service
|
|||
// Google FLoC
|
||||
\header('Permissions-Policy: interest-cohort=()');
|
||||
|
||||
$this->setCSP();
|
||||
static::setCSP();
|
||||
|
||||
$sXFrameOptionsHeader = \trim($oConfig->Get('security', 'x_frame_options_header', '')) ?: 'DENY';
|
||||
\header('X-Frame-Options: '.$sXFrameOptionsHeader);
|
||||
|
|
@ -72,9 +49,10 @@ class Service
|
|||
$sXssProtectionOptionsHeader = \trim($oConfig->Get('security', 'x_xss_protection_header', '')) ?: '1; mode=block';
|
||||
\header('X-XSS-Protection: '.$sXssProtectionOptionsHeader);
|
||||
|
||||
if ($oConfig->Get('labs', 'force_https', false) && !$this->oHttp->IsSecure())
|
||||
$oHttp = \MailSo\Base\Http::SingletonInstance();
|
||||
if ($oConfig->Get('labs', 'force_https', false) && !$oHttp->IsSecure())
|
||||
{
|
||||
\header('Location: https://'.$this->oHttp->GetHost(false, false).$this->oHttp->GetUrl());
|
||||
\header('Location: https://'.$oHttp->GetHost(false, false).$oHttp->GetUrl());
|
||||
exit(0);
|
||||
}
|
||||
|
||||
|
|
@ -95,32 +73,36 @@ class Service
|
|||
}
|
||||
}
|
||||
|
||||
$this->oActions->Plugins()->RunHook('filter.http-query', array(&$sQuery));
|
||||
$aPaths = \explode('/', $sQuery);
|
||||
// unset($aPaths[1]); // was the rlspecauth/AuthAccountHash token
|
||||
$this->oActions->Plugins()->RunHook('filter.http-paths', array(&$aPaths));
|
||||
|
||||
$bAdmin = false;
|
||||
$sAdminPanelHost = $oConfig->Get('security', 'admin_panel_host', '');
|
||||
if (empty($sAdminPanelHost))
|
||||
{
|
||||
$bAdmin = !empty($aPaths[0]) && ($oConfig->Get('security', 'admin_panel_key', '') ?: 'admin') === $aPaths[0];
|
||||
$bAdmin && \array_shift($aPaths);
|
||||
}
|
||||
else if (empty($aPaths[0]) &&
|
||||
\mb_strtolower($sAdminPanelHost) === \mb_strtolower($this->oHttp->GetHost()))
|
||||
else if (empty($aPaths[0]) && \mb_strtolower($sAdminPanelHost) === \mb_strtolower($oHttp->GetHost()))
|
||||
{
|
||||
$bAdmin = true;
|
||||
}
|
||||
|
||||
if ($this->oHttp->IsPost())
|
||||
$oActions = Api::Actions();
|
||||
// $oActions = $bAdmin ? new ActionsAdmin() : Api::Actions();
|
||||
|
||||
$oActions->Plugins()->RunHook('filter.http-paths', array(&$aPaths));
|
||||
|
||||
if ($oHttp->IsPost())
|
||||
{
|
||||
$this->oHttp->ServerNoCache();
|
||||
$oHttp->ServerNoCache();
|
||||
}
|
||||
|
||||
$oServiceActions = new ServiceActions($oHttp, $oActions);
|
||||
|
||||
if ($bAdmin && !$oConfig->Get('security', 'allow_admin_panel', true))
|
||||
{
|
||||
\MailSo\Base\Http::StatusHeader(403);
|
||||
echo $this->oServiceActions->ErrorTemplates('Access Denied.',
|
||||
echo $oServiceActions->ErrorTemplates('Access Denied.',
|
||||
'Access to the SnappyMail Admin Panel is not allowed!');
|
||||
|
||||
return false;
|
||||
|
|
@ -128,11 +110,11 @@ class Service
|
|||
|
||||
$bIndex = true;
|
||||
$sResult = '';
|
||||
if (\count($aPaths) && !empty($aPaths[0]) && !$bAdmin && 'index' !== \strtolower($aPaths[0]))
|
||||
if (\count($aPaths) && !empty($aPaths[0]) && 'index' !== \strtolower($aPaths[0]))
|
||||
{
|
||||
if (!\SnappyMail\HTTP\SecFetch::isSameOrigin()) {
|
||||
\MailSo\Base\Http::StatusHeader(403);
|
||||
echo $this->oServiceActions->ErrorTemplates('Access Denied.',
|
||||
echo $oServiceActions->ErrorTemplates('Access Denied.',
|
||||
"Disallowed Sec-Fetch
|
||||
Dest: " . ($_SERVER['HTTP_SEC_FETCH_DEST'] ?? '') . "
|
||||
Mode: " . ($_SERVER['HTTP_SEC_FETCH_MODE'] ?? '') . "
|
||||
|
|
@ -145,13 +127,13 @@ class Service
|
|||
$sMethodName = 'Service'.\preg_replace('/@.+$/', '', $aPaths[0]);
|
||||
$sMethodExtra = \strpos($aPaths[0], '@') ? \preg_replace('/^[^@]+@/', '', $aPaths[0]) : '';
|
||||
|
||||
if (\method_exists($this->oServiceActions, $sMethodName) &&
|
||||
\is_callable(array($this->oServiceActions, $sMethodName)))
|
||||
if (\method_exists($oServiceActions, $sMethodName) &&
|
||||
\is_callable(array($oServiceActions, $sMethodName)))
|
||||
{
|
||||
$this->oServiceActions->SetQuery($sQuery)->SetPaths($aPaths);
|
||||
$sResult = $this->oServiceActions->{$sMethodName}($sMethodExtra);
|
||||
$oServiceActions->SetQuery($sQuery)->SetPaths($aPaths);
|
||||
$sResult = $oServiceActions->{$sMethodName}($sMethodExtra);
|
||||
}
|
||||
else if (!$this->oActions->Plugins()->RunAdditionalPart($aPaths[0], $aPaths))
|
||||
else if (!$oActions->Plugins()->RunAdditionalPart($aPaths[0], $aPaths))
|
||||
{
|
||||
$bIndex = true;
|
||||
}
|
||||
|
|
@ -161,11 +143,11 @@ class Service
|
|||
{
|
||||
// if (!\SnappyMail\HTTP\SecFetch::isEntering()) {
|
||||
\header('Content-Type: text/html; charset=utf-8');
|
||||
$this->oHttp->ServerNoCache();
|
||||
$oHttp->ServerNoCache();
|
||||
|
||||
if (!\is_dir(APP_DATA_FOLDER_PATH) || !\is_writable(APP_DATA_FOLDER_PATH))
|
||||
{
|
||||
echo $this->oServiceActions->ErrorTemplates(
|
||||
echo $oServiceActions->ErrorTemplates(
|
||||
'Permission denied!',
|
||||
'SnappyMail can not access the data folder "'.APP_DATA_FOLDER_PATH.'"'
|
||||
);
|
||||
|
|
@ -173,22 +155,22 @@ class Service
|
|||
return false;
|
||||
}
|
||||
|
||||
$sLanguage = $this->oActions->GetLanguage($bAdmin);
|
||||
$sLanguage = $oActions->GetLanguage($bAdmin);
|
||||
|
||||
$sAppJsMin = $oConfig->Get('labs', 'use_app_debug_js', false) ? '' : '.min';
|
||||
$sAppCssMin = $oConfig->Get('labs', 'use_app_debug_css', false) ? '' : '.min';
|
||||
|
||||
$sFaviconUrl = (string) $oConfig->Get('webmail', 'favicon_url', '');
|
||||
|
||||
$sFaviconPngLink = $sFaviconUrl ? $sFaviconUrl : $this->oActions->StaticPath('apple-touch-icon.png');
|
||||
$sAppleTouchLink = $sFaviconUrl ? '' : $this->oActions->StaticPath('apple-touch-icon.png');
|
||||
$sFaviconPngLink = $sFaviconUrl ? $sFaviconUrl : $oActions->StaticPath('apple-touch-icon.png');
|
||||
$sAppleTouchLink = $sFaviconUrl ? '' : $oActions->StaticPath('apple-touch-icon.png');
|
||||
|
||||
$aTemplateParameters = array(
|
||||
'{{BaseAppFaviconPngLinkTag}}' => $sFaviconPngLink ? '<link type="image/png" rel="shortcut icon" href="'.$sFaviconPngLink.'" />' : '',
|
||||
'{{BaseAppFaviconTouchLinkTag}}' => $sAppleTouchLink ? '<link type="image/png" rel="apple-touch-icon" href="'.$sAppleTouchLink.'" />' : '',
|
||||
'{{BaseAppMainCssLink}}' => $this->oActions->StaticPath('css/'.($bAdmin ? 'admin' : 'app').$sAppCssMin.'.css'),
|
||||
'{{BaseAppThemeCssLink}}' => $this->oActions->ThemeLink($bAdmin),
|
||||
'{{BaseAppManifestLink}}' => $this->oActions->StaticPath('manifest.json'),
|
||||
'{{BaseAppMainCssLink}}' => $oActions->StaticPath('css/'.($bAdmin ? 'admin' : 'app').$sAppCssMin.'.css'),
|
||||
'{{BaseAppThemeCssLink}}' => $oActions->ThemeLink($bAdmin),
|
||||
'{{BaseAppManifestLink}}' => $oActions->StaticPath('manifest.json'),
|
||||
'{{LoadingDescriptionEsc}}' => \htmlspecialchars($oConfig->Get('webmail', 'loading_description', 'SnappyMail'), ENT_QUOTES|ENT_IGNORE, 'UTF-8'),
|
||||
'{{BaseAppAdmin}}' => $bAdmin ? 1 : 0
|
||||
);
|
||||
|
|
@ -199,22 +181,22 @@ class Service
|
|||
$sCacheFileName = 'TMPL:' . $sLanguage . \md5(
|
||||
\json_encode(array(
|
||||
$oConfig->Get('cache', 'index', ''),
|
||||
$this->oActions->Plugins()->Hash(),
|
||||
$oActions->Plugins()->Hash(),
|
||||
$sAppJsMin,
|
||||
$sAppCssMin,
|
||||
$aTemplateParameters,
|
||||
APP_VERSION
|
||||
))
|
||||
);
|
||||
$sResult = $this->oActions->Cacher()->Get($sCacheFileName);
|
||||
$sResult = $oActions->Cacher()->Get($sCacheFileName);
|
||||
}
|
||||
|
||||
if ($sResult) {
|
||||
$sResult .= '<!--cached-->';
|
||||
} else {
|
||||
$aTemplateParameters['{{BaseAppThemeCss}}'] = $this->oActions->compileCss($this->oActions->GetTheme($bAdmin), $bAdmin);
|
||||
$aTemplateParameters['{{BaseLanguage}}'] = $this->oActions->compileLanguage($sLanguage, $bAdmin);
|
||||
$aTemplateParameters['{{BaseTemplates}}'] = $this->oServiceActions->compileTemplates($bAdmin);
|
||||
$aTemplateParameters['{{BaseAppThemeCss}}'] = $oActions->compileCss($oActions->GetTheme($bAdmin), $bAdmin);
|
||||
$aTemplateParameters['{{BaseLanguage}}'] = $oActions->compileLanguage($sLanguage, $bAdmin);
|
||||
$aTemplateParameters['{{BaseTemplates}}'] = $oServiceActions->compileTemplates($bAdmin);
|
||||
$aTemplateParameters['{{BaseAppBootCss}}'] = \file_get_contents(APP_VERSION_ROOT_PATH.'static/css/boot'.$sAppCssMin.'.css');
|
||||
$aTemplateParameters['{{BaseAppBootScript}}'] = \file_get_contents(APP_VERSION_ROOT_PATH.'static/js'.($sAppJsMin ? '/min' : '').'/boot'.$sAppJsMin.'.js');
|
||||
$sResult = \strtr(\file_get_contents(APP_VERSION_ROOT_PATH.'app/templates/Index.html'), $aTemplateParameters);
|
||||
|
|
@ -229,17 +211,17 @@ class Service
|
|||
$sResult = Utils::ClearHtmlOutput($sResult);
|
||||
}
|
||||
if ($sCacheFileName) {
|
||||
$this->oActions->Cacher()->Set($sCacheFileName, $sResult);
|
||||
$oActions->Cacher()->Set($sCacheFileName, $sResult);
|
||||
}
|
||||
}
|
||||
|
||||
$sScriptNonce = \SnappyMail\UUID::generate();
|
||||
$this->setCSP($sScriptNonce);
|
||||
static::setCSP($sScriptNonce);
|
||||
$sResult = \str_replace('nonce=""', 'nonce="'.$sScriptNonce.'"', $sResult);
|
||||
/*
|
||||
\preg_match('<script[^>]+>(.+)</script>', $sResult, $script);
|
||||
$sScriptHash = 'sha256-'.\base64_encode(\hash('sha256', $script[1], true));
|
||||
$this->setCSP(null, $sScriptHash);
|
||||
static::setCSP(null, $sScriptHash);
|
||||
*/
|
||||
}
|
||||
else if (!\headers_sent())
|
||||
|
|
@ -251,17 +233,17 @@ class Service
|
|||
echo $sResult;
|
||||
unset($sResult);
|
||||
|
||||
$this->oActions->BootEnd();
|
||||
$oActions->BootEnd();
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
private function setCSP(string $sScriptNonce = null) : void
|
||||
private static function setCSP(string $sScriptNonce = null) : void
|
||||
{
|
||||
// "img-src https:" is allowed due to remote images in e-mails
|
||||
$sContentSecurityPolicy = \trim($this->oActions->Config()->Get('security', 'content_security_policy', ''))
|
||||
$sContentSecurityPolicy = \trim(Api::Config()->Get('security', 'content_security_policy', ''))
|
||||
?: "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: http:; style-src 'self' 'unsafe-inline'";
|
||||
if ($this->oActions->Config()->Get('security', 'use_local_proxy_for_external_images', '')) {
|
||||
if (Api::Config()->Get('security', 'use_local_proxy_for_external_images', '')) {
|
||||
$sContentSecurityPolicy = \preg_replace('/(img-src[^;]+)\\shttps:(\\s|;|$)/D', '$1$2', $sContentSecurityPolicy);
|
||||
$sContentSecurityPolicy = \preg_replace('/(img-src[^;]+)\\shttp:(\\s|;|$)/D', '$1$2', $sContentSecurityPolicy);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -99,6 +99,7 @@ class ServiceActions
|
|||
}
|
||||
else if (!empty($sAction))
|
||||
{
|
||||
// if ($this->oActions instanceof ActionsAdmin)
|
||||
if (0 === \stripos($sAction, 'Admin') && 'AdminLogin' !== $sAction && 'AdminLogout' !== $sAction) {
|
||||
$this->oActions->IsAdminLoggined();
|
||||
}
|
||||
|
|
@ -335,7 +336,7 @@ class ServiceActions
|
|||
{
|
||||
$bResult = false;
|
||||
$sData = empty($this->aPaths[1]) ? '' : $this->aPaths[1];
|
||||
if (!empty($sData) && $this->oActions->Config()->Get('labs', 'use_local_proxy_for_external_images', false))
|
||||
if (!empty($sData) && $this->Config()->Get('labs', 'use_local_proxy_for_external_images', false))
|
||||
{
|
||||
$this->oActions->verifyCacheByKey($sData);
|
||||
|
||||
|
|
@ -419,8 +420,8 @@ class ServiceActions
|
|||
|
||||
if (\strlen($sRawError))
|
||||
{
|
||||
$this->oActions->Logger()->Write($sRawError, \MailSo\Log\Enumerations\Type::ERROR);
|
||||
$this->oActions->Logger()->WriteDump($this->aPaths, \MailSo\Log\Enumerations\Type::ERROR, 'PATHS');
|
||||
$this->Logger()->Write($sRawError, \MailSo\Log\Enumerations\Type::ERROR);
|
||||
$this->Logger()->WriteDump($this->aPaths, \MailSo\Log\Enumerations\Type::ERROR, 'PATHS');
|
||||
}
|
||||
|
||||
if ($oException)
|
||||
|
|
@ -702,7 +703,7 @@ class ServiceActions
|
|||
}
|
||||
catch (\Throwable $oException)
|
||||
{
|
||||
$this->oActions->Logger()->WriteException($oException);
|
||||
$this->Logger()->WriteException($oException);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -736,7 +737,7 @@ class ServiceActions
|
|||
}
|
||||
catch (\Throwable $oException)
|
||||
{
|
||||
$this->oActions->Logger()->WriteException($oException);
|
||||
$this->Logger()->WriteException($oException);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue