fixed gateway url
parent
f53e8ae1f0
commit
ff507b6e07
|
|
@ -342,7 +342,7 @@ menu:
|
|||
caption: Create phpMyAdmin Gateway
|
||||
action: create_pma_gateway
|
||||
settings: pmaGatewayConfig
|
||||
successText: "${response.out}"
|
||||
successText: "Gateway URL: ${response.out}"
|
||||
|
||||
settings:
|
||||
checkDomainConfig:
|
||||
|
|
@ -1014,7 +1014,7 @@ actions:
|
|||
- bash /home/litespeed/mbmanager/pma-gateway/create_pma_gateway.sh --validity="${settings.validity}" --slug="${settings.slug}" | tail -n1
|
||||
- return:
|
||||
type: info
|
||||
message: "${response.out}"
|
||||
message: "Gateway URL: ${response.out}"
|
||||
|
||||
responses:
|
||||
enableSuccess:
|
||||
|
|
|
|||
|
|
@ -37,50 +37,70 @@ SECRET_FILE="/var/lib/jelastic/keys/mbadmin_secret"
|
|||
sudo mkdir -p "$(dirname $SECRET_FILE)"
|
||||
if [[ ! -f "$SECRET_FILE" ]]; then
|
||||
sudo sh -c "openssl rand -hex 32 > $SECRET_FILE"
|
||||
sudo chmod 600 "$SECRET_FILE"
|
||||
fi
|
||||
SECRET=$(sudo cat "$SECRET_FILE")
|
||||
sudo chown litespeed:litespeed "$SECRET_FILE"
|
||||
sudo chmod 644 "$SECRET_FILE"
|
||||
SECRET=$(sudo cat "$SECRET_FILE" | xargs)
|
||||
|
||||
now=$(date +%s)
|
||||
expires=$((now + VALIDITY*60))
|
||||
# token = base64("$SLUG:$expires") . '.' . HMAC_SHA256(secret, data)
|
||||
data="$SLUG:$expires"
|
||||
base=$(printf "%s" "$data" | base64 -w0)
|
||||
mac=$(printf "%s" "$data" | openssl dgst -sha256 -hmac "$SECRET" | cut -d' ' -f2)
|
||||
base=$(printf "%s" "$data" | base64 | tr -d '\n')
|
||||
mac=$(php -r "echo hash_hmac('sha256', '$data', '$SECRET');")
|
||||
token="$base.$mac"
|
||||
|
||||
sudo tee "$GATEWAY_FILE" >/dev/null <<PHP
|
||||
sudo tee "$GATEWAY_FILE" >/dev/null <<'PHP'
|
||||
<?php
|
||||
// auto-generated gateway, valid until $expires
|
||||
// Secure phpMyAdmin gateway – auto-generated, do NOT edit manually.
|
||||
|
||||
ini_set('session.cookie_httponly', 1);
|
||||
$param = 'token';
|
||||
|
||||
function fail() { header('HTTP/1.1 403 Forbidden'); echo 'Access denied'; exit; }
|
||||
function deny() {
|
||||
http_response_code(403);
|
||||
echo 'Access denied';
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset(
|
||||
if (!isset($_GET[$param])) {
|
||||
deny();
|
||||
}
|
||||
|
||||
_PHPMYADMIN_PMA_GATEWAY_TOKEN')){fail();}
|
||||
$token =
|
||||
_PHPMYADMIN_PMA_GATEWAY_TOKEN;
|
||||
if (!strpos($token,'.')){fail();}
|
||||
list(
|
||||
$token = $_GET[$param];
|
||||
if (strpos($token, '.') === false) {
|
||||
deny();
|
||||
}
|
||||
|
||||
base, $sig) = explode('.', $token, 2);
|
||||
list($base, $sig) = explode('.', $token, 2);
|
||||
$data = base64_decode($base, true);
|
||||
if ($data === false){fail();}
|
||||
list(
|
||||
if ($data === false) {
|
||||
deny();
|
||||
}
|
||||
|
||||
slug, $exp) = explode(':', $data, 2);
|
||||
if (time()>intval($exp)){fail();}
|
||||
$secret = trim(file_get_contents('$SECRET_FILE'));
|
||||
if (hash_equals($sig, hash_hmac('sha256', $data, $secret)) === false){fail();}
|
||||
// set auth cookie then redirect
|
||||
if (strpos($data, ':') === false) {
|
||||
deny();
|
||||
}
|
||||
|
||||
list($slug, $exp) = explode(':', $data, 2);
|
||||
if (time() > intval($exp)) {
|
||||
deny();
|
||||
}
|
||||
|
||||
$secret = trim(file_get_contents('/var/lib/jelastic/keys/mbadmin_secret'));
|
||||
if (!hash_equals($sig, hash_hmac('sha256', $data, $secret))) {
|
||||
deny();
|
||||
}
|
||||
|
||||
// Issue short-lived cookie (same expiry as token) and redirect to phpMyAdmin root
|
||||
setcookie('pma_token', $sig, intval($exp), '/', '', true, true);
|
||||
header('Location: /');
|
||||
exit;
|
||||
?>
|
||||
PHP
|
||||
|
||||
sudo chmod 640 "$GATEWAY_FILE"
|
||||
sudo chown litespeed:litespeed "$GATEWAY_FILE"
|
||||
sudo chmod 644 "$GATEWAY_FILE"
|
||||
|
||||
URL="https://$ENV_HOST:8443/access-db-$SLUG.php?token=$token"
|
||||
echo "$URL"
|
||||
|
|
|
|||
Loading…
Reference in New Issue