p3k
/
XRay
mirror of https://github.com/aaronpk/XRay.git
1
0
Fork 0
Code Issues 0 Releases 77 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
113 Commits
2 Branches
60 MiB
Tree: 5f5392a7b8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5f5392a7b8'
${ noResults }
XRay/controllers/Certbot.php

156 lines
4.1 KiB
Raw Normal View History

add certbot configuration tool
8 years ago
 
  1. <?php
  2. use Symfony\Component\HttpFoundation\Request;
  3. use Symfony\Component\HttpFoundation\Response;
  4. 

  5. class Certbot {
  6. 

  7.   private $mc;
  8.   private $http;
  9. 

  10.   public function index(Request $request, Response $response) {
  11.     session_start();
  12. 

  13.     $state = mt_rand(10000,99999);
  14.     $_SESSION['state'] = $state;
  15. 

  16.     $response->setContent(view('certbot', [
  17.       'title' => 'X-Ray',
  18.       'state' => $state
  19.     ]));
  20.     return $response;
  21.   }
  22. 

  23.   public function start_auth(Request $request, Response $response) {
  24.     session_start();
  25. 

  26.     $_SESSION['client_id'] = $request->get('client_id');
  27.     $_SESSION['redirect_uri'] = $request->get('redirect_uri');
  28. 

  29.     $query = http_build_query([
  30.       'me' => $request->get('me'),
  31.       'client_id' => $request->get('client_id'),
  32.       'redirect_uri' => $request->get('redirect_uri'),
  33.       'state' => $request->get('state'),
  34.     ]);
  35. 

  36.     $response->headers->set('Location', 'https://indieauth.com/auth?'.$query);
  37.     $response->setStatusCode(302);
  38.     return $response;
  39.   }
  40. 

  41.   public function redirect(Request $request, Response $response) {
  42.     session_start();
  43. 

  44.     $this->http = new p3k\HTTP();
  45. 

  46.     if(!isset($_SESSION['state']) || $_SESSION['state'] != $request->get('state')) {
  47.       $response->headers->set('Location', '/cert?error=invalid_state');
  48.       $response->setStatusCode(302);
  49.       return $response;
  50.     }
  51. 

  52.     if($code = $request->get('code')) {
  53. 

  54.       $res = $this->http->post('https://indieauth.com/auth', http_build_query([
  55.         'code' => $code,
  56.         'client_id' => $_SESSION['client_id'],
  57.         'redirect_uri' => $_SESSION['redirect_uri'],
  58.         'state' => $_SESSION['state']
  59.       ]), [
  60.         'Accept: application/json'
  61.       ]);
  62.       $verify = json_decode($res['body'], true);
  63. 

  64.       unset($_SESSION['state']);
  65. 

  66.       if(isset($verify['me'])) {
  67. 

  68.         if(in_array($verify['me'], Config::$admins)) {
  69.           $_SESSION['me'] = $verify['me'];
  70.           $response->headers->set('Location', '/cert');
  71.         } else {
  72.           $response->headers->set('Location', '/cert?error=invalid_user');
  73.         }
  74. 

  75.       } else {
  76.         $response->headers->set('Location', '/cert?error=invalid');
  77.       }
  78. 

  79.     } else {
  80.       $response->headers->set('Location', '/cert?error=missing_code');
  81.     }
  82. 

  83.     $response->setStatusCode(302);
  84.     return $response;
  85.   }
  86. 

  87.   public function save_challenge(Request $request, Response $response) {
  88.     session_start();
  89. 

  90.     if(!isset($_SESSION['me']) || !in_array($_SESSION['me'], Config::$admins)) {
  91.       $response->headers->set('Location', '/cert?error=forbidden');
  92.       $response->setStatusCode(302);
  93.       return $response;
  94.     }
  95. 

  96.     $token = $request->get('token');
  97.     $challenge = $request->get('challenge');
  98. 

  99.     if(preg_match('/acme-challenge\/(.+)/', $token, $match)) {
  100.       $token = $match[1];
  101.     } elseif(!preg_match('/^[_a-zA-Z0-9]+$/', $token)) {
  102.       echo "Invalid token format\n";
  103.       die();
  104.     }
  105. 

  106.     $this->_mc();
  107.     $this->mc->set('acme-challenge-'.$token, json_encode([
  108.       'token' => $token,
  109.       'challenge' => $challenge
  110.     ]), 0, 600);
  111. 

  112.     $response->setContent(view('certbot', [
  113.       'title' => 'X-Ray',
  114.       'challenge' => $challenge,
  115.       'token' => $token,
  116.       'verified' => true
  117.     ]));
  118.     return $response;
  119.   }
  120. 

  121.   public function logout(Request $request, Response $response) {
  122.     session_start();
  123.     unset($_SESSION['me']);
  124.     unset($_SESSION['client_id']);
  125.     unset($_SESSION['redirect_uri']);
  126.     unset($_SESSION['state']);
  127.     session_destroy();
  128.     $response->headers->set('Location', '/cert');
  129.     $response->setStatusCode(302);
  130.     return $response;
  131.   }
  132. 

  133.   public function challenge(Request $request, Response $response, array $args) {
  134.     $this->_mc();
  135. 

  136.     $token = $args['token'];
  137. 

  138.     if($cache = $this->mc->get('acme-challenge-'.$token)) {
  139.       $acme = json_decode($cache, true);
  140. 

  141.       $response->setContent($acme['challenge']);
  142.     } else {
  143.       $response->setStatusCode(404);
  144.       $response->setContent("Not Found\n");
  145.     }
  146. 

  147.     $response->headers->set('Content-Type', 'text/plain');
  148.     return $response;
  149.   }
  150. 

  151.   private function _mc() {
  152.     $this->mc = new Memcache();
  153.     $this->mc->addServer('127.0.0.1');
  154.   }
  155. 

  156. }