beenull/raspap-webgui-mirror
1
0
Fork 0
mirror of https://github.com/RaspAP/raspap-webgui.git synced 2024-09-16 18:01:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Apply autoloader support for status messages

Browse source
This commit is contained in:
billz 2023-09-16 11:46:11 +02:00
parent 07b950cf65
commit 33c596189d
15 changed files with 15 additions and 535 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/css/all.css
View file

@ -228,3 +228,8 @@ button > i.fas {
pointer-events: none;
}
.close {
font-weight: 400;
font-size: 1.3rem;
}

3
includes/adblock.php
View file

@ -1,6 +1,5 @@
<?php
require_once 'includes/status_messages.php';
require_once 'config.php';
/**
@ -9,7 +8,7 @@ require_once 'config.php';
*/
function DisplayAdBlockConfig()
{
$status = new StatusMessages();
$status = new \RaspAP\Messages\StatusMessage;
$enabled = false;
$custom_enabled = false;

4
includes/admin.php
View file

@ -1,10 +1,8 @@
<?php
require_once 'includes/status_messages.php';
function DisplayAuthConfig($username)
{
$status = new StatusMessages();
$status = new \RaspAP\Messages\StatusMessage;
$auth = new \RaspAP\Auth\HTTPAuth;
$config = $auth->getAuthConfig();
$password = $config['admin_pass'];

3
includes/configure_client.php
View file

@ -1,6 +1,5 @@
<?php
require_once 'includes/status_messages.php';
require_once 'includes/wifi_functions.php';
/**
@ -9,7 +8,7 @@ require_once 'includes/wifi_functions.php';
*/
function DisplayWPAConfig()
{
$status = new StatusMessages();
$status = new \RaspAP\Messages\StatusMessage;
$networks = [];
getWifiInterface();

2
includes/dashboard.php
View file

@ -10,7 +10,7 @@ require_once 'includes/functions.php';
function DisplayDashboard(&$extraFooterScripts)
{
getWifiInterface();
$status = new StatusMessages();
$status = new \RaspAP\Messages\StatusMessage;
// Need this check interface name for proper shell execution.
if (!preg_match('/^([a-zA-Z0-9]+)$/', $_SESSION['wifi_client_interface'])) {
$status->addMessage(_('Interface name invalid.'), 'danger');

3
includes/dhcp.php
View file

@ -1,6 +1,5 @@
<?php
require_once 'includes/status_messages.php';
require_once 'config.php';
/**
@ -8,7 +7,7 @@ require_once 'config.php';
*/
function DisplayDHCPConfig()
{
$status = new StatusMessages();
$status = new \RaspAP\Messages\StatusMessage;
if (!RASPI_MONITOR_ENABLED) {
if (isset($_POST['savedhcpdsettings'])) {
saveDHCPConfig($status);

368
includes/firewall.php
View file

@ -1,368 +0,0 @@
<?php
require_once 'includes/status_messages.php';
require_once 'includes/functions.php';
define('RASPAP_IPTABLES_SCRIPT', "/tmp/iptables_raspap.sh");
define('RASPAP_IP6TABLES_SCRIPT', "/tmp/ip6tables_raspap.sh");
/**
*
* @param array $rule
* @param array $conf
* @return array $don
*/
function getDependson(&$rule, &$conf)
{
if (isset($rule["dependson"][0]) ) {
$don = &$rule["dependson"];
if (!empty($don[0]) && isset($conf[$don[0]["var"]]) ) {
if (!isset($don[0]["type"]) ) { $don[0]["type"]="bool";
}
return $don;
}
}
return false;
}
/**
*
* @param array $sect
* @param array $conf
* @return boolean $active
*/
function isRuleEnabled(&$sect, &$conf)
{
$fw_on = isset($conf["firewall-enable"]) && $conf["firewall-enable"];
$active = isset($sect["fw-state"]) && $sect["fw-state"]==1;
$active = $fw_on ? $active : !$active;
$active = $active || !isset($sect["fw-state"]);
if (($don = getDependson($sect, $conf)) !== false
&& $don[0]["type"] == "bool" && !$conf[$don[0]["var"]]
) { $active = false;
}
return $active;
}
/**
*
* @param array $sect
* @param array $conf
* @return string $str
*/
function createRuleStr(&$sect, &$conf)
{
if (!is_array($sect["rules"]) ) { return "";
}
$rules = $sect["rules"];
$depon = getDependson($sect, $conf);
$rs = array();
foreach ( $rules as $rule ) {
if (preg_match('/\$[a-z0-9]*\$/i', $rule) ) {
$r = array($rule);
foreach ( $depon as $dep ) {
$rr = array();
$repl=$val="";
switch ( $dep["type"] ) {
case "list":
if (isset($dep["var"]) && !empty($conf[$dep["var"]]) ) { $val = explode(' ', $conf[$dep["var"]]);
}
if (!empty($val) && isset($dep["replace"]) ) { $repl=$dep["replace"];
}
break;
case "string":
if (isset($dep["var"]) ) { $val=$conf[$dep["var"]];
}
if (!empty($val) && isset($dep["replace"]) ) { $repl=$dep["replace"];
}
break;
default:
break;
}
if (!empty($repl) && !empty($val) ) {
if (is_array($val) ) {
foreach ( $val as $v ) { $rr = array_merge($rr, str_replace($repl, $v, $r));
}
}
else { $rr = array_merge($rr, str_replace($repl, $val, $r));
}
}
$r = !empty($rr) ? $rr : $r;
}
$rs = array_merge($rs, $rr);
} else {
$rs[] = $rule;
}
}
$str="";
foreach ( $rs as $r ) {
if (!preg_match('/\$[a-z0-9]*\$/i', $r) ) { $str .= '$IPT '.$r."\n";
}
}
return $str;
}
/**
*
* @param array $rule
* @return boolean
*/
function isIPv4(&$rule)
{
return !isset($rule["ip-version"]) || strstr($rule["ip-version"], "4") !== false;
}
/**
*
* @param array $rule
* @return boolean
*/
function isIPv6(&$rule)
{
return !isset($rule["ip-version"]) || strstr($rule["ip-version"], "6") !== false;
}
/**
*
* @return boolean
*/
function configureFirewall()
{
$json = file_get_contents(RASPI_IPTABLES_CONF);
$ipt = json_decode($json, true);
$conf = ReadFirewallConf();
$txt = "#!/bin/bash\n";
file_put_contents(RASPAP_IPTABLES_SCRIPT, $txt);
file_put_contents(RASPAP_IP6TABLES_SCRIPT, $txt);
file_put_contents(RASPAP_IPTABLES_SCRIPT, 'IPT="iptables"'."\n", FILE_APPEND);
file_put_contents(RASPAP_IP6TABLES_SCRIPT, 'IPT="ip6tables"'."\n", FILE_APPEND);
$txt = "\$IPT -F\n";
$txt .= "\$IPT -X\n";
$txt .= "\$IPT -t nat -F\n";
file_put_contents(RASPAP_IPTABLES_SCRIPT, $txt, FILE_APPEND);
file_put_contents(RASPAP_IP6TABLES_SCRIPT, $txt, FILE_APPEND);
if (empty($conf) || empty($ipt) ) { return false;
}
$count=0;
foreach ( $ipt["order"] as $idx ) {
if (isset($ipt[$idx]) ) {
foreach ( $ipt[$idx] as $i => $sect ) {
if (isRuleEnabled($sect, $conf) ) {
$str_rules= createRuleStr($sect, $conf);
if (!empty($str_rules) ) {
if (isIPv4($sect) ) { file_put_contents(RASPAP_IPTABLES_SCRIPT, $str_rules, FILE_APPEND);
}
if (isIPv6($sect) ) { file_put_contents(RASPAP_IP6TABLES_SCRIPT, $str_rules, FILE_APPEND);
}
++$count;
}
}
}
}
}
if ($count > 0 ) {
exec("chmod +x ".RASPAP_IPTABLES_SCRIPT);
exec("sudo ".RASPAP_IPTABLES_SCRIPT);
exec("sudo iptables-save | sudo tee /etc/iptables/rules.v4");
unlink(RASPAP_IPTABLES_SCRIPT);
exec("chmod +x ".RASPAP_IP6TABLES_SCRIPT);
exec("sudo ".RASPAP_IP6TABLES_SCRIPT);
exec("sudo ip6tables-save | sudo tee /etc/iptables/rules.v6");
unlink(RASPAP_IP6TABLES_SCRIPT);
}
return ($count > 0);
}
/**
*
* @param array $conf
* @return string $ret
*/
function WriteFirewallConf($conf)
{
$ret = false;
if (is_array($conf) ) { write_php_ini($conf, RASPI_FIREWALL_CONF);
}
return $ret;
}
/**
*
* @return array $conf
*/
function ReadFirewallConf()
{
$conf = array();
if (file_exists(RASPI_FIREWALL_CONF) ) {
$conf = parse_ini_file(RASPI_FIREWALL_CONF);
}
if ( !isset($conf["firewall-enable"]) ) {
$conf["firewall-enable"] = false;
$conf["ssh-enable"] = false;
$conf["http-enable"] = false;
$conf["excl-devices"] = "";
$conf["excluded-ips"] = "";
$conf["ap-device"] = "";
$conf["client-device"] = "";
$conf["restricted-ips"] = "";
}
exec('ifconfig | grep -E -i "^tun[0-9]"', $ret);
$conf["openvpn-enable"] = !empty($ret);
unset($ret);
exec('ifconfig | grep -E -i "^wg[0-9]"', $ret);
$conf["wireguard-enable"] = !empty($ret);
return $conf;
}
/**
*
* @return string $ips
*/
function getVPN_IPs()
{
$ips = "";
// get openvpn and wireguard server IPs
if (RASPI_OPENVPN_ENABLED && ($fconf = glob(RASPI_OPENVPN_CLIENT_PATH ."/*.conf")) !== false && !empty($fconf) ) {
foreach ( $fconf as $f ) {
unset($result);
exec('cat '.$f.' | sed -rn "s/^remote\s*([a-z0-9\.\-\_:]*)\s*([0-9]*)\s*$/\1 \2/ip" ', $result);
if (!empty($result) ) {
$result = explode(" ", $result[0]);
$ip = (isset($result[0])) ? $result[0] : "";
$port = (isset($result[1])) ? $result[1] : "";
if (!empty($ip) ) {
$ip = gethostbyname($ip);
if (filter_var($ip, FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) { $ips .= " $ip";
}
}
}
}
}
// get wireguard server IPs
if (RASPI_WIREGUARD_ENABLED && ($fconf = glob(RASPI_WIREGUARD_PATH ."/*.conf")) !== false && !empty($fconf) ) {
foreach ( $fconf as $f ) {
unset($result);
exec('sudo /bin/cat '.$f.' | sed -rn "s/^endpoint\s*=\s*\[?([a-z0-9\.\-\_:]*)\]?:([0-9]*)\s*$/\1 \2/ip" ', $result);
if (!empty($result) ) {
$result = explode(" ", $result[0]);
$ip = (isset($result[0])) ? $result[0] : "";
$port = (isset($result[1])) ? $result[1] : "";
if (!empty($ip) ) {
$ip = gethostbyname($ip);
if (filter_var($ip, FILTER_VALIDATE_IP) && strpos($ips, $ip) === false ) { $ips .= " $ip";
}
}
}
}
}
return trim($ips);
}
/**
*
* @return array $fw_conf
*/
function getFirewallConfiguration()
{
$fw_conf = ReadFirewallConf();
$json = file_get_contents(RASPI_IPTABLES_CONF);
getWifiInterface();
$ap_device = $_SESSION['ap_interface'];
$clients = getClients();
$str_clients = "";
foreach( $clients["device"] as $dev ) {
if (!$dev["isAP"] ) {
if (!empty($str_clients) ) { $str_clients .= ", ";
}
$str_clients .= $dev["name"];
}
}
$fw_conf["ap-device"] = $ap_device;
$fw_conf["client-list"] = $str_clients;
$id=findCurrentClientIndex($clients);
if ($id >= 0 ) { $fw_conf["client-device"] = $clients["device"][$id]["name"];
}
return $fw_conf;
}
/**
*
*/
function updateFirewall()
{
$fw_conf = getFirewallConfiguration();
if ( isset($fw_conf["firewall-enable"]) ) {
WriteFirewallConf($fw_conf);
configureFirewall();
}
return;
}
/**
*
*/
function DisplayFirewallConfig()
{
$status = new StatusMessages();
$fw_conf = getFirewallConfiguration();
$ap_device = $fw_conf["ap-device"];
$str_clients = $fw_conf["client-list"];
if (!empty($_POST)) {
$fw_conf["ssh-enable"] = isset($_POST['ssh-enable']);
$fw_conf["http-enable"] = isset($_POST['http-enable']);
$fw_conf["firewall-enable"] = isset($_POST['firewall-enable']) || isset($_POST['apply-firewall']);
if (isset($_POST['firewall-enable']) ) { $status->addMessage(_('Firewall is now enabled'), 'success');
}
if (isset($_POST['apply-firewall']) ) { $status->addMessage(_('Firewall settings changed'), 'success');
}
if (isset($_POST['firewall-disable']) ) { $status->addMessage(_('Firewall is now disabled'), 'warning');
}
if (isset($_POST['save-firewall']) ) { $status->addMessage(_('Firewall settings saved. Firewall is still disabled.'), 'success');
}
if (isset($_POST['excl-devices']) ) {
$excl = filter_var($_POST['excl-devices'], FILTER_SANITIZE_STRING);
$excl = str_replace(',', ' ', $excl);
$excl = trim(preg_replace('/\s+/', ' ', $excl));
if ($fw_conf["excl-devices"] != $excl ) {
$status->addMessage(_('Exclude devices '. $excl), 'success');
$fw_conf["excl-devices"] = $excl;
}
}
if (isset($_POST['excluded-ips']) ) {
$excl = filter_var($_POST['excluded-ips'], FILTER_SANITIZE_STRING);
$excl = str_replace(',', ' ', $excl);
$excl = trim(preg_replace('/\s+/', ' ', $excl));
if (!empty($excl) ) {
$excl = explode(' ', $excl);
$str_excl = "";
foreach ( $excl as $ip ) {
if (filter_var($ip, FILTER_VALIDATE_IP) ) { $str_excl .= "$ip ";
} else { $status->addMessage(_('Exclude IP address '. $ip . ' failed - not a valid IP address'), 'warning');
}
}
}
$str_excl = trim($str_excl);
if ($fw_conf["excluded-ips"] != $str_excl ) {
$status->addMessage(_('Exclude IP address(es) '. $str_excl), 'success');
$fw_conf["excluded-ips"] = $str_excl;
}
}
WriteFirewallConf($fw_conf);
configureFirewall();
}
$vpn_ips = getVPN_IPs();
echo renderTemplate(
"firewall", compact(
"status",
"ap_device",
"str_clients",
"fw_conf",
"vpn_ips"
)
);
}

6
includes/hostapd.php
View file

@ -1,21 +1,17 @@
<?php
require_once 'status_messages.php';
require_once 'includes/wifi_functions.php';
require_once 'includes/config.php';
getWifiInterface();
$system = new \RaspAP\System\Sysinfo;
$os = $system->operatingSystem();
/**
* Initialize hostapd values, display interface
*
*/
function DisplayHostAPDConfig()
{
$status = new StatusMessages();
$status = new \RaspAP\Messages\StatusMessage;
$system = new \RaspAP\System\Sysinfo;
$operatingSystem = $system->operatingSystem();
$arrConfig = array();

4
includes/networking.php
View file

@ -1,6 +1,5 @@
<?php
require_once 'includes/status_messages.php';
require_once 'includes/internetRoute.php';
/**
@ -9,8 +8,7 @@ require_once 'includes/internetRoute.php';
*/
function DisplayNetworkingConfig()
{
$status = new StatusMessages();
$status = new \RaspAP\Messages\StatusMessage;
exec("ls /sys/class/net | grep -v lo", $interfaces);
$routeInfo = getRouteInfo(true);

3
includes/openvpn.php
View file

@ -1,6 +1,5 @@
<?php
require_once 'includes/status_messages.php';
require_once 'includes/config.php';
require_once 'includes/wifi_functions.php';
@ -11,7 +10,7 @@ getWifiInterface();
*/
function DisplayOpenVPNConfig()
{
$status = new StatusMessages();
$status = new \RaspAP\Messages\StatusMessage;
if (!RASPI_MONITOR_ENABLED) {
if (isset($_POST['SaveOpenVPNSettings'])) {
if (isset($_POST['authUser'])) {

30
includes/status_messages.php
View file

@ -1,30 +0,0 @@
<?php
class StatusMessages
{
public $messages = array();
public function addMessage($message, $level = 'success', $dismissable = true)
{
$status = '<div class="alert alert-'.$level;
if ($dismissable) {
$status .= ' alert-dismissable';
}
$status .= '">'. _($message);
if ($dismissable) {
$status .= '<button type="button" class="close" data-dismiss="alert" aria-hidden="true">x</button>';
}
$status .= '</div>';
array_push($this->messages, $status);
}
public function showMessages($clear = true)
{
foreach ($this->messages as $message) {
echo $message;
}
if ($clear) {
$this->messages = array();
}
}
}

4
includes/system.php
View file

@ -1,6 +1,5 @@
<?php
require_once 'includes/status_messages.php';
require_once 'includes/functions.php';
require_once 'config.php';
@ -9,8 +8,7 @@ require_once 'config.php';
*/
function DisplaySystem(&$extraFooterScripts)
{
$status = new StatusMessages();
$status = new \RaspAP\Messages\StatusMessage;
if (isset($_POST['SaveLanguage'])) {
if (isset($_POST['locale'])) {

2
includes/torproxy.php
View file

@ -1,7 +1,5 @@
<?php
require_once 'includes/status_messages.php';
/**
* Manage Tor Proxy configuration
*/

3
includes/wireguard.php
View file

@ -1,6 +1,5 @@
<?php
require_once 'includes/status_messages.php';
require_once 'config.php';
/**
@ -8,7 +7,7 @@ require_once 'config.php';
*/
function DisplayWireGuardConfig()
{
$status = new StatusMessages();
$status = new \RaspAP\Messages\StatusMessage;
if (!RASPI_MONITOR_ENABLED) {
$optRules = $_POST['wgRules'];
$optConf = $_POST['wgCnfOpt'];

110
templates/firewall.php
View file

@ -1,110 +0,0 @@
<div class="row">
<div class="col-lg-12">
<div class="card">
<div class="card-header">
<div class="row">
<div class="col">
<i class="fas fa-shield-alt mr-2"></i><?php echo _("Firewall"); ?>
</div>
</div><!-- /.row -->
</div><!-- /.card-header -->
<div class="card-body">
<?php $status->showMessages(); ?>
<h4><?php echo _("Client Firewall"); ?></h4>
<?php if ( $fw_conf["firewall-enable"]) : ?>
<i class="fas fa-circle mr-2 service-status-up"></i><?php echo _("Firewall is ENABLED"); ?>
<?php else : ?>
<i class="fas fa-circle mr-2 service-status-down"></i><?php echo _("Firewall is OFF"); ?>
<?php endif ?>
<div class="row">
<div class="col-md-6">
<p class="mr-2">
<small>
<?php echo _("The default firewall will only allow outgoing and already established traffic."); ?><br />
<?php echo _("No incoming UDP traffic is allowed."); ?><br />
<?php printf(_("There are no restrictions for the access point <code>%s</code>."), $ap_device); ?>
</small>
</p>
</div>
</div>
<form id="frm-firewall" action="firewall_conf" method="POST" >
<?php echo CSRFTokenFieldTag(); ?>
<h5><?php echo _("Exception: Service"); ?></h4>
<div class="row">
<div class="form-group col-md-6">
<div class="custom-control custom-switch">
<input class="custom-control-input" id="ssh-enable" type="checkbox" name="ssh-enable" value="1" aria-describedby="exception-description" <?php if ($fw_conf["ssh-enable"]) echo "checked"; ?> >
<label class="custom-control-label" for="ssh-enable"><?php echo _("allow SSH access on port 22") ?></label>
</div>
<div class="custom-control custom-switch">
<input class="custom-control-input" id="http-enable" type="checkbox" name="http-enable" value="1" aria-describedby="exceptions-description" <?php if ($fw_conf["http-enable"]) echo "checked"; ?> >
<label class="custom-control-label" for="http-enable"><?php echo _("allow access to the RaspAP GUI on port 80 or 443") ?></label>
</div>
<p class="mb-0" id="exceptions-description">
<small><?php echo _("Allow incoming connections for some services from the internet side.") ?></small>
</p>
</div>
</div>
<h5><?php echo _("Exception: network device"); ?></h4>
<div class="row">
<div class="form-group col-md-6">
<label for="excl-device"><?php echo _("Exclude device(s)") ?></label>
<input class="form-control" id="excl-devices" type="text" name="excl-devices" value="<?php echo $fw_conf["excl-devices"] ?>" aria-describedby="exclusion-description" >
<p class="mb-0" id="exclusion-description">
<small>
<?php echo _("Exclude the given network device(s) (separated by a blank or comma) from firewall rules."); ?><br />
<?php printf(_("Current client devices: <code>%s</code>"), $str_clients); ?><br />
<?php printf(_("The access point <code>%s</code> is per default excluded."), $ap_device); ?>
</small>
</p>
</div>
</div>
<h5><?php echo _("Exception: IP-Address"); ?></h4>
<div class="row">
<div class="form-group col-md-6">
<label for="excluded-ips"><?php echo _("Allow incoming connections from") ?></label>
<input class="form-control" id="excluded-ips" type="text" name="excluded-ips" value="<?php echo $fw_conf["excluded-ips"] ?>" aria-describedby="excl-ips-description" >
<p class="mb-0" id="excl-ips-description">
<small>
<?php echo _("For the given IP-addresses (separated by a blank or comma) the incoming connection (via TCP and UDP) is accepted."); ?><br />
<?php echo _("This is required for an OpenVPN via UDP or Wireguard connection."); ?><br />
<?php if ( !empty($vpn_ips) ) printf (_("The list of configured VPN server IP addresses: <code><b>%s</b></code>"), $vpn_ips); ?>
</small>
</p>
</div>
</div>
<?php if ($fw_conf["firewall-enable"]) : ?>
<input type="submit" class="btn btn-outline btn-primary" value="<?php echo _("Apply changes"); ?>" name="apply-firewall" />
<input type="submit" class="btn btn-warning firewall-apply" value="<?php echo _("Disable Firewall") ?>" name="firewall-disable" data-toggle="modal" data-target="#firewallModal"/>
<?php else : ?>
<input type="submit" class="btn btn-outline btn-primary" value="<?php echo _("Save settings"); ?>" name="save-firewall" />
<input type="submit" class="btn btn-success firewall-apply" value="<?php echo _("Enable Firewall") ?>" name="firewall-enable" data-toggle="modal" data-target="#firewallModal"/>
<?php endif ?>
</form>
</div><!-- /.card-body -->
<div class="card-footer"></div>
</div><!-- /.card -->
</div><!-- /.col-lg-12 -->
</div><!-- /.row -->
<!-- Modal -->
<div class="modal fade" id="firewallModal" tabindex="-1" role="dialog" aria-labelledby="ModalLabel" aria-hidden="true">
<div class="modal-dialog" role="document">
<div class="modal-content">
<div class="modal-header">
<div class="modal-title" id="ModalLabel">
<i class="fas fa-sync-alt mr-2"></i><?php echo _("Executing firewall option") ?>
</div>
</div>
<div class="modal-body">
<div class="col-md-12 mb-3 mt-1">
<?php if($fw_conf["firewall-enable"]) echo _("Disabling firewall").'...'; else echo _("Enabling firewall").'...'; ?>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-outline btn-primary" data-dismiss="modal"><?php echo _("Close"); ?></button>
</div>
</div>
</div>
</div>