mirror of
https://github.com/unraid/webgui.git
synced 2026-04-24 11:19:25 -05:00
Merge pull request #1695 from dlandon/master
Add password encryption and rewrite set_proxy script in php
This commit is contained in:
tom mortensen
@@ -36,37 +36,31 @@ $cfg['proxy_name_1'] = $cfg['proxy_name_1'] ?? "";
|
||||
$cfg['proxy_name_2'] = $cfg['proxy_name_2'] ?? "";
|
||||
$cfg['proxy_name_3'] = $cfg['proxy_name_3'] ?? "";
|
||||
|
||||
/* Get the encrypted url. */
|
||||
$proxy_1_url = $cfg['proxy_url_1'] ?? "";
|
||||
|
||||
/* Parse the url, user, and password from the full url for proxy 1. */
|
||||
$url_array = get_url($cfg['proxy_url_1'] ?? "");
|
||||
$url_array = get_proxy_info($cfg['proxy_url_1'] ?? "", $cfg['proxy_user_1'] ?? "", $cfg['proxy_pass_1'] ?? "");
|
||||
$cfg['proxy_url_1'] = $url_array['url'];
|
||||
$cfg['proxy_user_1'] = $url_array['user'];
|
||||
$cfg['proxy_pass_1'] = $url_array['pass'];
|
||||
|
||||
/* Get the encrypted url. */
|
||||
$proxy_2_url = $cfg['proxy_url_2'] ?? "";
|
||||
$proxy_1_url = $url_array['full_url'];
|
||||
|
||||
/* Parse the url, user, and password from the full url for proxy 2. */
|
||||
$url_array = get_url($cfg['proxy_url_2'] ?? "");
|
||||
$url_array = get_proxy_info($cfg['proxy_url_2'] ?? "", $cfg['proxy_user_2'] ?? "", $cfg['proxy_pass_2'] ?? "");
|
||||
$cfg['proxy_url_2'] = $url_array['url'];
|
||||
$cfg['proxy_user_2'] = $url_array['user'];
|
||||
$cfg['proxy_pass_2'] = $url_array['pass'];
|
||||
|
||||
/* Get the encrypted url. */
|
||||
$proxy_3_url = $cfg['proxy_url_3'] ?? "";
|
||||
$proxy_2_url = $url_array['full_url'];
|
||||
|
||||
/* Parse the url, user, and password from the full url for proxy 3. */
|
||||
$url_array = get_url($cfg['proxy_url_3'] ?? "");
|
||||
$url_array = get_proxy_info($cfg['proxy_url_3'] ?? "", $cfg['proxy_user_3'] ?? "", $cfg['proxy_pass_3'] ?? "");
|
||||
$cfg['proxy_url_3'] = $url_array['url'];
|
||||
$cfg['proxy_user_3'] = $url_array['user'];
|
||||
$cfg['proxy_pass_3'] = $url_array['pass'];
|
||||
$proxy_3_url = $url_array['full_url'];
|
||||
?>
|
||||
|
||||
<form markdown="1" name="outgoing_proxy_manager" method="POST" action="/update.php" target="progressFrame">
|
||||
<input type="hidden" name="#file" value="/boot/config/proxy.cfg">
|
||||
<input type="hidden" name="#command" value="/plugins/<?=$opmPlugin;?>/scripts/outgoingproxy.sh">
|
||||
<input type="hidden" name="#file" value="<?=$plg_config_file;?>">
|
||||
<input type="hidden" name="#command" value="/plugins/<?=$opmPlugin;?>/scripts/outgoingproxy">
|
||||
<input type="hidden" name="#arg[1]" value="apply">
|
||||
|
||||
<p><strong>_(Enable Outgoing Proxy)_</strong></p>
|
||||
@@ -214,7 +208,7 @@ _(Password)_:
|
||||
/* Update the proxy status div */
|
||||
$('#proxy-status-3').html('<strong>' + data.proxy_status_3 + '</strong>');
|
||||
|
||||
// Get a reference to the dropdown element
|
||||
//*Get a reference to the dropdown element. */
|
||||
const dropdown = document.querySelector('select[name="proxy_active"]');
|
||||
const options = dropdown.getElementsByTagName('option');
|
||||
|
||||
@@ -238,10 +232,10 @@ _(Password)_:
|
||||
|
||||
if (optionToEnableOrDisable_2) {
|
||||
if (condition_2) {
|
||||
// Enable the option
|
||||
/* Enable the option. */
|
||||
optionToEnableOrDisable_2.removeAttribute('disabled');
|
||||
} else {
|
||||
// Disable the option
|
||||
/* Disable the option. */
|
||||
optionToEnableOrDisable_2.setAttribute('disabled', 'disabled');
|
||||
}
|
||||
}
|
||||
@@ -252,10 +246,10 @@ _(Password)_:
|
||||
|
||||
if (optionToEnableOrDisable_3) {
|
||||
if (condition_3) {
|
||||
// Enable the option
|
||||
/* Enable the option. */
|
||||
optionToEnableOrDisable_3.removeAttribute('disabled');
|
||||
} else {
|
||||
// Disable the option
|
||||
/* Disable the option. */
|
||||
optionToEnableOrDisable_3.setAttribute('disabled', 'disabled');
|
||||
}
|
||||
}
|
||||
@@ -313,5 +307,5 @@ _(Password)_:
|
||||
});
|
||||
|
||||
/* URL for Outgoing Proxy PHP file. */
|
||||
const OPMURL = '/plugins/<?=$opmPlugin;?>/OutgoingProxy.php';
|
||||
const OPMURL = '/plugins/<?=$opmPlugin;?>/include/OutgoingProxy.php';
|
||||
</script>
|
||||
|
||||
@@ -12,10 +12,7 @@
|
||||
$opmPlugin = "dynamix";
|
||||
|
||||
/* UI config file location. */
|
||||
$plg_config_file = "/boot/config/proxy.cfg";
|
||||
|
||||
/* Output config file location for set_proxy script. */
|
||||
$proxy_config_file = "/boot/config/proxy.cfg";
|
||||
$plg_config_file = "/boot/config/plugins/".$opmPlugin."/outgoingproxy.cfg";
|
||||
|
||||
/* Outgoing Proxy Manager logging tag. */
|
||||
$opm_log = "Outgoing Proxy Manager";
|
||||
@@ -39,6 +36,21 @@ function parse_plugin_config() {
|
||||
return($cfg);
|
||||
}
|
||||
|
||||
/* Write values to plugin config file. */
|
||||
function write_plugin_config($config) {
|
||||
global $plg_config_file;
|
||||
|
||||
/* Rewrite config file. */
|
||||
/* Convert the array to an INI string. */
|
||||
$iniString = '';
|
||||
foreach ($config as $key => $value) {
|
||||
$iniString .= "$key=\"$value\"\n";
|
||||
}
|
||||
|
||||
/* Write the INI string to a file. */
|
||||
file_put_contents($plg_config_file, $iniString);
|
||||
}
|
||||
|
||||
/* Check to see if the proxy is online and available. */
|
||||
function proxy_online($proxyUrl) {
|
||||
|
||||
@@ -70,15 +82,25 @@ function proxy_online($proxyUrl) {
|
||||
}
|
||||
|
||||
/* Get the URL with the user and password parsed from the url. */
|
||||
function get_url($cfg_url) {
|
||||
function get_proxy_info($cfg_url, $cfg_user = "", $cfg_pass = "") {
|
||||
/* Passed in values:
|
||||
cfg_url - can be with or without credentials (user and password).
|
||||
cfg_user - user from config file.
|
||||
cfg_pass - encrypted password from the config file.
|
||||
*/
|
||||
|
||||
/* An array is returned with the following values. */
|
||||
$return = [
|
||||
'url' => '',
|
||||
'user' => '',
|
||||
'pass' => '',
|
||||
'url' => '', /* URL without credentials. */
|
||||
'user' => '', /* User. */
|
||||
'pass' => '', /* Unencrypted password. */
|
||||
'full_url' => '', /* Full URL with credentials urlencoded. */
|
||||
];
|
||||
|
||||
if ($cfg_url) {
|
||||
/* Decrypt password. */
|
||||
$cfg_pass = decrypt_data($cfg_pass);
|
||||
|
||||
/* Parse the URL by removing the user and password. */
|
||||
$urlComponents = parse_url($cfg_url);
|
||||
|
||||
@@ -94,15 +116,76 @@ function get_url($cfg_url) {
|
||||
/* Extract the credentials. */
|
||||
if (strpos($cfg_url, '%') !== false) {
|
||||
/* The credentials are urlencoded. */
|
||||
$return['user'] = urldecode($user);
|
||||
$return['pass'] = urldecode($pass);
|
||||
$return['user'] = $user ? urldecode($user) : $cfg_user;
|
||||
$return['pass'] = $pass ? urldecode($pass) : $cfg_pass;
|
||||
} else {
|
||||
/* The credentials are not urlencoded. */
|
||||
$return['user'] = $user;
|
||||
$return['pass'] = $pass;
|
||||
$return['user'] = $user ? $user : $cfg_user;
|
||||
$return['pass'] = $pass ? $pass : $cfg_pass;
|
||||
}
|
||||
|
||||
/* Put together the full url. */
|
||||
if (($return['user']) && ($return['pass'])) {
|
||||
$return['full_url'] = "http://".urlencode($return['user']).":".urlencode($return['pass'])."@".$host.":".$port;
|
||||
} else {
|
||||
$return['full_url'] = $return['url'];
|
||||
}
|
||||
}
|
||||
|
||||
return($return);
|
||||
}
|
||||
|
||||
/* Get configuration parameter. */
|
||||
function get_config($variable) {
|
||||
|
||||
$config = parse_plugin_config();
|
||||
|
||||
return $config[$variable] ?? "";
|
||||
}
|
||||
|
||||
/* Set configuration parameter. */
|
||||
function set_config($variable, $value) {
|
||||
|
||||
$config = parse_plugin_config();
|
||||
|
||||
$config[$variable] = $value;
|
||||
|
||||
write_plugin_config($config);
|
||||
}
|
||||
|
||||
/* Encrypt data. */
|
||||
function encrypt_data($data) {
|
||||
$key = get_config("key");
|
||||
if ((! $key) || strlen($key) != 32) {
|
||||
$key = substr(base64_encode(openssl_random_pseudo_bytes(32)), 0, 32);
|
||||
set_config("key", $key);
|
||||
}
|
||||
$iv = get_config("iv");
|
||||
if ((! $iv) || strlen($iv) != 16) {
|
||||
$iv = substr(base64_encode(openssl_random_pseudo_bytes(16)), 0, 16);
|
||||
set_config("iv", $iv);
|
||||
}
|
||||
|
||||
/* Encrypt the data using aes256. */
|
||||
$value = trim(openssl_encrypt($data, 'aes256', $key, $options=0, $iv));
|
||||
|
||||
return $value;
|
||||
}
|
||||
|
||||
/* Decrypt data. */
|
||||
function decrypt_data($data) {
|
||||
$key = get_config("key");
|
||||
$iv = get_config("iv");
|
||||
|
||||
/* Decrypt the data using aes256. */
|
||||
$value = openssl_decrypt($data, 'aes256', $key, $options=0, $iv);
|
||||
|
||||
/* Make sure the data is UTF-8 encoded. */
|
||||
if (! mb_check_encoding($value, 'UTF-8')) {
|
||||
outgoingproxy_log("Warning: Data is not UTF-8 encoded");
|
||||
$value = "";
|
||||
}
|
||||
|
||||
return $value;
|
||||
}
|
||||
?>
|
||||
|
||||
Regular → Executable
+32
-38
@@ -15,11 +15,21 @@ require_once("plugins/".$opmPlugin."/include/OutgoingProxyLib.php");
|
||||
|
||||
/* Save settings and update config. */
|
||||
function apply() {
|
||||
global $opmPlugin, $proxy_config_file;
|
||||
global $opmPlugin, $plg_config_file;
|
||||
|
||||
/* Process the new configuration. */
|
||||
$cfg = parse_plugin_config();
|
||||
|
||||
/* Generate encryption keys if they have not been generated. */
|
||||
if ((! isset($cfg['key'])) || (! isset($cfg['iv']))) {
|
||||
/* Doing an encryption will generate keys. */
|
||||
encrypt_data("test");
|
||||
|
||||
/* Get new keys. */
|
||||
$cfg['key'] = get_config("key");
|
||||
$cfg['iv'] = get_config("iv");
|
||||
}
|
||||
|
||||
for ($i = 1; $i <= 3; $i++) {
|
||||
$proxy_name = "proxy_name_".$i;
|
||||
$name = trim($cfg[$proxy_name]);
|
||||
@@ -31,54 +41,38 @@ function apply() {
|
||||
/* Confirm the url is in the proper format. */
|
||||
if (strpos($url, 'http://') !== false && preg_match('/:\d+$/', $url)) {
|
||||
/* The string contains 'http://' and a port designation at the end */
|
||||
$proxy_user = "proxy_user_".$i;
|
||||
$proxy_pass = "proxy_pass_".$i;
|
||||
|
||||
/* Parse the URL components. */
|
||||
$urlComponents = parse_url($url);
|
||||
|
||||
/* Replace user and password in the url. */
|
||||
$host = isset($urlComponents['host']) ? $urlComponents['host'] : '';
|
||||
$port = isset($urlComponents['port']) ? $urlComponents['port'] : '';
|
||||
$user = isset($urlComponents['user']) ? $urlComponents['user'] : '';
|
||||
$pass = isset($urlComponents['pass']) ? $urlComponents['pass'] : '';
|
||||
$host = $urlComponents['host'] ?? "";
|
||||
$port = $urlComponents['port'] ?? "";
|
||||
$user = $urlComponents['user'] ?? "";
|
||||
$pass = $urlComponents['pass'] ?? "";
|
||||
|
||||
/* Remove credentials from the entered URL. */
|
||||
$cfg[$proxy_url] = "http://".$host.':'.$port;
|
||||
|
||||
/* Use the entered user if not blank. */
|
||||
$cfg_user = $cfg[$proxy_user] ?? "";
|
||||
$user = $cfg_user ? $cfg_user : $user;
|
||||
$encodedUser = (strpos($user, '%') === false) ? urlencode($user) : $user;
|
||||
$cfg_user = $cfg[$proxy_user] ?? "";
|
||||
$cfg[$proxy_user] = $cfg_user ? $cfg_user : urldecode($user);
|
||||
$encodedUser = (strpos($cfg[$proxy_user], '%') === false) ? urlencode($cfg[$proxy_user]) : $cfg[$proxy_user];
|
||||
|
||||
/* Use the entered pass if not blank. */
|
||||
$cfg_pass = $cfg[$proxy_pass] ?? "";
|
||||
$pass = $cfg_pass ? $cfg_pass : $pass;
|
||||
$encodedPass = (strpos($pass, '%') === false) ? urlencode($pass) : $pass;
|
||||
|
||||
/* Reconstruct the URL with new credentials. */
|
||||
if (($host) && ($port)) {
|
||||
$constructedUrl = 'http://';
|
||||
if (($encodedUser) && ($encodedPass)) {
|
||||
$constructedUrl .= $encodedUser.':'.$encodedPass.'@';
|
||||
}
|
||||
$constructedUrl .= $host.':'.$port;
|
||||
} else {
|
||||
$constructedUrl = "";
|
||||
}
|
||||
$cfg_pass = $cfg[$proxy_pass] ?? "";
|
||||
$cfg[$proxy_pass] = $cfg_pass ? $cfg_pass : urldecode($pass);
|
||||
$encodedPass = (strpos($cfg[$proxy_pass], '%') === false) ? urlencode($cfg[$proxy_pass]) : $cfg[$proxy_pass];
|
||||
$cfg[$proxy_pass] = encrypt_data($cfg[$proxy_pass]);
|
||||
} else {
|
||||
/* The string does not contain 'http://' and/or a port designation at the end */
|
||||
$constructedUrl = "";
|
||||
$cfg[$proxy_url] = "";
|
||||
}
|
||||
|
||||
/* Save the constructed url. */
|
||||
$cfg[$proxy_url] = $constructedUrl;
|
||||
} else if (! $name) {
|
||||
$cfg[$proxy_url] = "";
|
||||
}
|
||||
|
||||
/* Remove user and pass from the configuration file. */
|
||||
unset($cfg[$proxy_user]);
|
||||
unset($cfg[$proxy_pass]);
|
||||
}
|
||||
|
||||
|
||||
/* Rewrite config file. */
|
||||
/* Convert the array to an INI string. */
|
||||
$iniString = '';
|
||||
@@ -86,15 +80,15 @@ function apply() {
|
||||
$iniString .= "$key=\"$value\"\n";
|
||||
}
|
||||
|
||||
/* Write the INI string to a file. */
|
||||
file_put_contents($proxy_config_file, $iniString);
|
||||
/* Write the INI string to the plugin config file. */
|
||||
file_put_contents($plg_config_file, $iniString);
|
||||
|
||||
/* Let things settle. */
|
||||
sleep(1);
|
||||
|
||||
/* Now run the proxy setup script. */
|
||||
if (is_executable("/usr/local/sbin/set_proxy")) {
|
||||
exec("at -M -f /usr/local/sbin/set_proxy now 2>/dev/null");
|
||||
exec("/usr/local/sbin/set_proxy 1>/dev/null");
|
||||
|
||||
outgoingproxy_log("'set_proxy' script executed");
|
||||
} else {
|
||||
@@ -109,8 +103,8 @@ switch ($argv[1]) {
|
||||
break;
|
||||
|
||||
default:
|
||||
echo("Error: 'outgoingproxy.sh {$argv[1]}' not understood\n");
|
||||
echo("outgoingproxy.sh usage: 'apply'\n");
|
||||
echo("Error: 'outgoingproxy {$argv[1]}' not understood\n");
|
||||
echo("outgoingproxy usage: 'apply'\n");
|
||||
exit(0);
|
||||
break;
|
||||
}
|
||||
Reference in New Issue
Block a user