tony
/
mb-admin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mb-admin/scripts/pma-gateway/create_pma_gateway.sh

107 lines
2.6 KiB
Bash
Raw Normal View History

phpMyadmin instant login
2025-08-26 16:26:33 +00:00
#!/bin/bash
# ==============================================================================
# Script: create_pma_gateway.sh
# Purpose: Create a time-limited gateway URL for phpMyAdmin on Virtuozzo LLSMP.
# Usage: create_pma_gateway.sh --validity=30 [--slug=myalias]
# Outputs: Prints the generated URL.
# ==============================================================================
set -euo pipefail
SLUG=""
VALIDITY=30 # minutes
for arg in "$@"; do
case $arg in
--slug=*) SLUG="${arg#*=}" ;;
--validity=*) VALIDITY="${arg#*=}" ;;
*) echo "Unknown argument $arg"; exit 1 ;;
esac
done
if [[ -z "$SLUG" ]]; then
SLUG=$(openssl rand -hex 4) # 8-char random
fi
# Determine environment public host (no node prefix)
if [[ -n "${JELASTIC_ENV_DOMAIN:-}" ]]; then
ENV_HOST="$JELASTIC_ENV_DOMAIN"
else
ENV_HOST=$(hostname -f)
ENV_HOST=${ENV_HOST#node*-} # strip nodeXXXX-
fi
PMADB_DIR="/usr/share/phpMyAdmin"
GATEWAY_FILE="$PMADB_DIR/access-db-$SLUG.php"
SECRET_FILE="/var/lib/jelastic/keys/mbadmin_secret"
sudo mkdir -p "$(dirname $SECRET_FILE)"
if [[ ! -f "$SECRET_FILE" ]]; then
sudo sh -c "openssl rand -hex 32 > $SECRET_FILE"
fi
fixed gateway url
2025-08-26 17:27:43 +00:00
sudo chown litespeed:litespeed "$SECRET_FILE"
sudo chmod 644 "$SECRET_FILE"
SECRET=$(sudo cat "$SECRET_FILE" | xargs)
phpMyadmin instant login
2025-08-26 16:26:33 +00:00
now=$(date +%s)
expires=$((now + VALIDITY*60))
# token = base64("$SLUG:$expires") . '.' . HMAC_SHA256(secret, data)
data="$SLUG:$expires"
fixed gateway url
2025-08-26 17:27:43 +00:00
base=$(printf "%s" "$data" | base64 | tr -d '\n')
mac=$(php -r "echo hash_hmac('sha256', '$data', '$SECRET');")
phpMyadmin instant login
2025-08-26 16:26:33 +00:00
token="$base.$mac"
fixed gateway url
2025-08-26 17:27:43 +00:00
sudo tee "$GATEWAY_FILE" >/dev/null <<'PHP'
phpMyadmin instant login
2025-08-26 16:26:33 +00:00
<?php
fixed gateway url
2025-08-26 17:27:43 +00:00
// Secure phpMyAdmin gateway auto-generated, do NOT edit manually.
phpMyadmin instant login
2025-08-26 16:26:33 +00:00
ini_set('session.cookie_httponly', 1);
fixed gateway url
2025-08-26 17:27:43 +00:00
$param = 'token';
function deny() {
http_response_code(403);
echo 'Access denied';
exit;
}
if (!isset($_GET[$param])) {
deny();
}
$token = $_GET[$param];
if (strpos($token, '.') === false) {
deny();
}
phpMyadmin instant login
2025-08-26 16:26:33 +00:00
fixed gateway url
2025-08-26 17:27:43 +00:00
list($base, $sig) = explode('.', $token, 2);
phpMyadmin instant login
2025-08-26 16:26:33 +00:00
$data = base64_decode($base, true);
fixed gateway url
2025-08-26 17:27:43 +00:00
if ($data === false) {
deny();
}
if (strpos($data, ':') === false) {
deny();
}
list($slug, $exp) = explode(':', $data, 2);
if (time() > intval($exp)) {
deny();
}
$secret = trim(file_get_contents('/var/lib/jelastic/keys/mbadmin_secret'));
if (!hash_equals($sig, hash_hmac('sha256', $data, $secret))) {
deny();
}
// Issue short-lived cookie (same expiry as token) and redirect to phpMyAdmin root
phpMyadmin instant login
2025-08-26 16:26:33 +00:00
setcookie('pma_token', $sig, intval($exp), '/', '', true, true);
header('Location: /');
exit;
?>
PHP
fixed gateway url
2025-08-26 17:27:43 +00:00
sudo chown litespeed:litespeed "$GATEWAY_FILE"
sudo chmod 644 "$GATEWAY_FILE"
phpMyadmin instant login
2025-08-26 16:26:33 +00:00
URL="https://$ENV_HOST:8443/access-db-$SLUG.php?token=$token"
echo "$URL"