admin: add htp header check; move to admin subdir

bb25b4a0 · Hahn Axel (hahn) · 1bab3747 · 1bab3747 · bb25b4a0 · bb25b4a0
Commit bb25b4a0 authored 3 years ago by Hahn Axel (hahn)
--- a/public_html/admin.php
+++ b/public_html/admin.php
-<?php
-/**
- * ----------------------------------------------------------------------
- *   _____          _ _               _                   _       _   
- *  |  __ \        | (_)             | |                 (_)     | |  
- *  | |__) |___  __| |_ _ __ ___  ___| |_   ___  ___ _ __ _ _ __ | |_ 
- *  |  _  // _ \/ _` | | '__/ _ \/ __| __| / __|/ __| '__| | '_ \| __|
- *  | | \ \  __/ (_| | | | |  __/ (__| |_  \__ \ (__| |  | | |_) | |_ 
- *  |_|  \_\___|\__,_|_|_|  \___|\___|\__| |___/\___|_|  |_| .__/ \__|
- *                                                         | |        
- *                                                         |_|        
- * ----------------------------------------------------------------------
- * admin: list all defined redirections
- * ----------------------------------------------------------------------
- * 2022-02-03  v0.1  <axel.hahn@iml.unibe.ch>  initial version 
- * ----------------------------------------------------------------------
- */
-require_once 'classes/redirect.admin.class.php';
-$oR=new redirectadmin();
-$sHtml='';
-// ----------------------------------------------------------------------
-// FUNCTIONS
-// ----------------------------------------------------------------------
-function getId($sDomain){
-    return 'id_'.md5($sDomain);
-}
-// ----------------------------------------------------------------------
-// MAIN
-// ----------------------------------------------------------------------
-if (!$oR->isEnabled()){
-    $sHtml.='<div class="error">Admin is disabled.</div>';
-} else {
-    // ---------- GET CONFIG DATA
-    $aHosts=$oR->getHosts();
-    // ---------- SHOW ERRORS
-    if(count($aHosts['_errors'])) {
-        $sHtml.= '<h2>Found errors</h2>'
-            .'<ol class="error">'
-            .'<li>' . implode('</li></li>', $aHosts['_errors']).'</li>'
-            .'</ol>'
-            ;
-        unset($aHosts['_errors']);
-    }
-    // ---------- LOOP OVER ALL ENTRIES
-    $sHtml.='<h2>Domains and their redirects</h2>'
-    .'<table class="mydatatable"><thead>
-    <tr>
-    <th>Host</th>
-    <th>Setup</th>
-    <th>Type</th>
-    <th>From</th>
-    <th>Code</th>
-    <th>Target</th>
-    </tr>
-    </thead><tbody>';
-    foreach($aHosts as $sHost => $aCfg){
-        $sTdFirst='<tr class="cfgtype-'.$aCfg['type'].'"><td>'.$sHost.'</td><td>'.$aCfg['type'].'</td>';
-        if (isset($aCfg['redirects'])){
-            $iCount=0;
-            foreach(['direct', 'regex'] as $sType){
-                if (count($aCfg['redirects'][$sType])){
-                    foreach($aCfg['redirects'][$sType] as $sFrom=>$aTo){
-                        $iCount++;
-                        $sHtml.=$sTdFirst
-                            .'<td class="type-'.$sType.'">'.$sType.'</td>'
-                            .'<td class="type-'.$sType.'">'.$sFrom.'</td>'
-                            .'<td class="http-'.$aTo['code'].'">'.$aTo['code'].'</td>'
-                            .'<td><a href="'.$aTo['target'].'" target="_blank">'.$aTo['target'].'</a></td>'
-                            .'</tr>';
-                    }
-                }
-            }
-        } else {
-            // type = alias
-            // $sHtml.='<tr>'.$sTdFirst.'<td></td><td></td><td></td><td>'.(isset($aCfg['target']) ? 'see config for <a href="#'.getId($aCfg['target']).'">'.$aCfg['target'].'</a>' : '').'</td></tr>';
-            $sHtml.=$sTdFirst.'<td></td><td></td><td></td><td>'.(isset($aCfg['target']) ? 'see config for <em>'.$aCfg['target'].'</em>' : '').'</td></tr>';
-        }
-    }
-    $sHtml.='</tbody></table>';
-}
-// ---------- OUTPUT
-?><!doctype html>
-<html>
-    <head>
-        <title>Redirects</title>
-        <link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/v/dt/dt-1.11.4/datatables.min.css"/>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js" integrity="sha512-894YE6QWD5I59HgZOGReFYm4dnWc1Qt5NtvYSaNcOP+u1T9qYdvdihz0PPSiiqn/+/3e7Jo4EaG7TubfWGUrMQ==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
-        <script type="text/javascript" src="https://cdn.datatables.net/v/dt/dt-1.11.4/datatables.min.js"></script>
-        <style>
-            a{color:royalblue;}
-            body{background: #f8f8f8; color: #234;}
-            .error{background: #fcc;}
-            pre{background: rgba(0,0,0,0.05);padding: 0.3em; border: 1px solid rgba(0,0,0,0.1)}
-            .cfgtype-alias{color:#89a; }
-            .http-301::after{color:#a55; content: ' (Moved Permanently)'}
-            .http-307::after{color:#488; content: ' (Temporary Redirect)'}
-            .http-308::after{color:#a95; content: ' (Permanent Redirect)'}
-            .type-direct{color:#383; }
-            .type-regex{color:#838; }
-        </style>
-    </head>
-    <body>
-        <h1>Redirects</h1>
-        <?php echo $sHtml; ?>
-        <script>
-            $(document).ready( function () {
-                $('.mydatatable').DataTable({
-                    "lengthMenu": [[10, 25, 50, 100, -1], [10, 25, 50, 100, "All"]],
-                    stateSave: true
-                });
-            } );
-        </script>
-    </body>
-</html>
--- a/public_html/classes/redirect.admin.class.php
+++ b/public_html/classes/redirect.admin.class.php
@@ -2,14 +2,13 @@
 require_once 'redirect.class.php';
 /**
 * ----------------------------------------------------------------------
- *   _____          _ _               _                   _       _   
+ *   _____ __  __ _        _____          _ _               _   
- *  |  __ \        | (_)             | |                 (_)     | |  
+ *  |_   _|  \/  | |      |  __ \        | (_)             | |  
- *  | |__) |___  __| |_ _ __ ___  ___| |_   ___  ___ _ __ _ _ __ | |_ 
+ *    | | | \  / | |      | |__) |___  __| |_ _ __ ___  ___| |_ 
- *  |  _  // _ \/ _` | | '__/ _ \/ __| __| / __|/ __| '__| | '_ \| __|
+ *    | | | |\/| | |      |  _  // _ \/ _` | | '__/ _ \/ __| __|
- *  | | \ \  __/ (_| | | | |  __/ (__| |_  \__ \ (__| |  | | |_) | |_ 
+ *   _| |_| |  | | |____  | | \ \  __/ (_| | | | |  __/ (__| |_ 
- *  |_|  \_\___|\__,_|_|_|  \___|\___|\__| |___/\___|_|  |_| .__/ \__|
+ *  |_____|_|  |_|______| |_|  \_\___|\__,_|_|_|  \___|\___|\__|
- *                                                         | |        
+ *
- *                                                         |_|        
 * ----------------------------------------------------------------------
 * Loads a config json from outside webroot and makes a 3xx redirect
 * if the definition exists
@@ -25,11 +24,96 @@ require_once 'redirect.class.php';
 */
 class redirectadmin extends redirect {
+    protected function _getCurlOptions(){
+        $aReturn=array(
+            CURLOPT_HEADER => true,
+            CURLOPT_FOLLOWLOCATION => true,
+            CURLOPT_RETURNTRANSFER => true,
+            CURLOPT_USERAGENT => strip_tags($this->sAbout),
+            // CURLOPT_USERPWD => isset($this->aProfileEffective['userpwd']) ? $this->aProfileEffective['userpwd'] : false,
+            CURLOPT_VERBOSE => false,
+            CURLOPT_ENCODING => 'gzip, deflate',  // to fetch encoding
+            CURLOPT_HTTPHEADER => array(
+                'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
+                'Accept-Language: en',
+                'DNT: 1',
+            ),
+            // TODO: this is unsafe .. better: let the user configure it
+            CURLOPT_SSL_VERIFYHOST => false,
+            CURLOPT_SSL_VERIFYPEER => false,
+            // CURLOPT_SSL_VERIFYSTATUS => false,
+            // v0.22 cookies
+            CURLOPT_COOKIEJAR => $this->sCcookieFilename,
+            CURLOPT_COOKIEFILE => $this->sCcookieFilename,
+            CURLOPT_TIMEOUT => 5,
+        );
+        return $aReturn;
+    }
+    /**
+     * make a single http(s) get request and return the response body
+     * @param string   $url          url to fetch
+     * @param boolean  $bHeaderOnly  optional: true=make HEAD request; default: false (=GET)
+     * @return string
+     */
+    public function httpGet($url, $bHeaderOnly = false) {
+        $ch = curl_init($url);
+        foreach ($this->_getCurlOptions() as $sCurlOption=>$sCurlValue){
+            curl_setopt($ch, $sCurlOption, $sCurlValue);
+        }
+        if ($bHeaderOnly) {
+            curl_setopt($ch, CURLOPT_HEADER, 1);
+            curl_setopt($ch, CURLOPT_NOBODY, 1);
+        }
+        $res = curl_exec($ch);
+        curl_close($ch);
+        return ($res);
+    }
+    public function renderHttpResponseHeader($sHeader){
+        $sReturn=$sHeader;
+        if(!$sReturn){
+            $sReturn='<pre><span class="status status-error">Request failed. </span><br>'
+                .'No data... no response.<br>'
+                .'Maybe ... '
+                .'<ul>'
+                    .'<li>the nostname does not exist ... </li>'
+                    .'<li>or there is a network problem ... or </li>'
+                    .'<li>the webservice on the target system does not run.</li>'
+                .'</ul>'
+            .'</pre>'
+            ;
+        } else {
+            $sReturn=preg_replace('/(HTTP.*)\\r/', '</pre><pre><strong>$1</strong>', $sReturn);
+            $sReturn=preg_replace('/(HTTP.*200.*)/', '<span class="status status-ok">$1</span>', $sReturn);
+            $sReturn=preg_replace('/(HTTP.*30.*)/', '<span class="status status-redirect">$1</span>', $sReturn);
+            $sReturn=preg_replace('/(HTTP.*40.*)/', '<span class="status status-error">$1</span>', $sReturn);
+            $sReturn=preg_replace('/(HTTP.*50.*)/', '<span class="status status-error">$1</span>', $sReturn);
+            $sReturn=preg_replace('/(x-debug-.*)\\r/i', '<span class="debug">$1</span>', $sReturn);
+            $sReturn=preg_replace('/(location:.*)\\r/i', '<span class="location">$1</span>', $sReturn);
+            $sReturn.='</pre>';
+        }
+        return $sReturn;
+    }
+    /**
+     * check if admin is enabled
+     * @return bool
+     */
    public function isEnabled(){
        $sFile2Enable=__DIR__ . '/'.basename(__FILE__).'_enabled.txt';
        return file_exists($sFile2Enable);
    }
+    public function httpHead($sUrl){
+    }
+    /**
+     * get an array with all config entries in all json
+     */
    public function getHosts(){
        $aReturn = array();
        $aErrors = array();

--- a/public_html/classes/redirect.class.php
+++ b/public_html/classes/redirect.class.php
 <?php
 /**
 * ----------------------------------------------------------------------
- *   _____          _ _               _                   _       _   
+ *   _____ __  __ _        _____          _ _               _   
- *  |  __ \        | (_)             | |                 (_)     | |  
+ *  |_   _|  \/  | |      |  __ \        | (_)             | |  
- *  | |__) |___  __| |_ _ __ ___  ___| |_   ___  ___ _ __ _ _ __ | |_ 
+ *    | | | \  / | |      | |__) |___  __| |_ _ __ ___  ___| |_ 
- *  |  _  // _ \/ _` | | '__/ _ \/ __| __| / __|/ __| '__| | '_ \| __|
+ *    | | | |\/| | |      |  _  // _ \/ _` | | '__/ _ \/ __| __|
- *  | | \ \  __/ (_| | | | |  __/ (__| |_  \__ \ (__| |  | | |_) | |_ 
+ *   _| |_| |  | | |____  | | \ \  __/ (_| | | | |  __/ (__| |_ 
- *  |_|  \_\___|\__,_|_|_|  \___|\___|\__| |___/\___|_|  |_| .__/ \__|
+ *  |_____|_|  |_|______| |_|  \_\___|\__,_|_|_|  \___|\___|\__|
- *                                                         | |        
+ *
- *                                                         |_|        
 * ----------------------------------------------------------------------
 * Loads a config json from outside webroot and makes a 3xx redirect
 * if the definition exists

--- a/public_html/index.php
+++ b/public_html/index.php
@@ -2,14 +2,13 @@
 /**
 * ----------------------------------------------------------------------
- *   _____          _ _               _                   _       _   
+ *   _____ __  __ _        _____          _ _               _   
- *  |  __ \        | (_)             | |                 (_)     | |  
+ *  |_   _|  \/  | |      |  __ \        | (_)             | |  
- *  | |__) |___  __| |_ _ __ ___  ___| |_   ___  ___ _ __ _ _ __ | |_ 
+ *    | | | \  / | |      | |__) |___  __| |_ _ __ ___  ___| |_ 
- *  |  _  // _ \/ _` | | '__/ _ \/ __| __| / __|/ __| '__| | '_ \| __|
+ *    | | | |\/| | |      |  _  // _ \/ _` | | '__/ _ \/ __| __|
- *  | | \ \  __/ (_| | | | |  __/ (__| |_  \__ \ (__| |  | | |_) | |_ 
+ *   _| |_| |  | | |____  | | \ \  __/ (_| | | | |  __/ (__| |_ 
- *  |_|  \_\___|\__,_|_|_|  \___|\___|\__| |___/\___|_|  |_| .__/ \__|
+ *  |_____|_|  |_|______| |_|  \_\___|\__,_|_|_|  \___|\___|\__|
- *                                                         | |        
+ *                                                          
- *                                                         |_|        
 * ----------------------------------------------------------------------
 */