added ncp-web

batch.sh

@@ -30,7 +30,7 @@ NO_HALT_STEP=1 ./installer.sh prepare.sh     $IP $IMGBASE                    ||
                ./installer.sh $NC_INSTALL    $IP $( ls -1t *.img | head -1 ) || exit 1
                ./installer.sh $NC_CONFIG     $IP $( ls -1t *.img | head -1 ) || exit 1
                ./installer.sh nextcloudpi.sh $IP $( ls -1t *.img | head -1 ) || exit 1
-#              ./installer.sh test-devel.sh  $IP $( ls -1t *.img | head -1 ) || exit 1
+#              ./installer.sh build-devel.sh $IP $( ls -1t *.img | head -1 ) || exit 1
 
 IMGFILE=$( ls -1t *.img | head -1 )
 IMGNAME=$( basename "$IMGFILE" _base_prepare_lamp_nc-nextcloud_nc-init_nextcloudpi.img )

etc/library.sh

@@ -204,11 +204,17 @@ function install_script()
 }
 
 function activate_script()
+{
+  local SCRIPT=$1
+  echo -e "Activating \e[1m$( basename $SCRIPT .sh )\e[0m"
+  launch_script $SCRIPT
+}
+
+function launch_script()
 {
   (
     local SCRIPT=$1
     source ./$SCRIPT 
-    echo -e "Activating \e[1m$( basename $SCRIPT .sh )\e[0m"
     set +x
     configure
   )

etc/nextcloudpi-config.d/nc-nextcloud.sh

@@ -116,14 +116,14 @@ EOF
     chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
   fi
 
-    # create and configure opcache dir
-    OPCACHEDIR=/var/www/nextcloud/data/.opcache
-    sed -i "s|^opcache.file_cache=.*|opcache.file_cache=$OPCACHEDIR|" /etc/php/7.0/mods-available/opcache.ini 
-    mkdir -p $OPCACHEDIR
-    chown -R www-data:www-data $OPCACHEDIR
-
-  ## SET APACHE VHOST
-    cat > /etc/apache2/sites-available/nextcloud.conf <<'EOF'
+  # create and configure opcache dir
+  OPCACHEDIR=/var/www/nextcloud/data/.opcache
+  sed -i "s|^opcache.file_cache=.*|opcache.file_cache=$OPCACHEDIR|" /etc/php/7.0/mods-available/opcache.ini 
+  mkdir -p $OPCACHEDIR
+  chown -R www-data:www-data $OPCACHEDIR
+
+## SET APACHE VHOST
+  cat > /etc/apache2/sites-available/nextcloud.conf <<'EOF'
 <IfModule mod_ssl.c>
   <VirtualHost _default_:443>
     DocumentRoot /var/www/nextcloud
@@ -144,10 +144,10 @@ EOF
   </Directory>
 </IfModule>
 EOF
-    a2ensite nextcloud
+  a2ensite nextcloud
   echo "Setting up Apache..."
 
-cat > /etc/apache2/sites-available/000-default.conf <<'EOF'
+  cat > /etc/apache2/sites-available/000-default.conf <<'EOF'
 <VirtualHost _default_:80>
   DocumentRoot /var/www/nextcloud
   <IfModule mod_rewrite.c>

ncp-web/csrf.php

@@ -0,0 +1,50 @@
+<?php
+///
+// NextcloudPi Web Panel CSRF protection library
+//
+// Inspired by http://blog.ircmaxell.com/2013/02/preventing-csrf-attacks.html
+//
+// Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
+// GPL licensed (see end of file) * Use at your own risk!
+//
+// More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/
+///
+
+function getCSRFToken() 
+{
+  $nonce = base64_encode( random_bytes(32) );
+  if (empty($_SESSION['csrf_tokens'])) 
+    $_SESSION['csrf_tokens'] = array();
+
+  $_SESSION['csrf_tokens'][$nonce] = true;
+  return $nonce;
+}
+
+function validateCSRFToken($token) 
+{
+  if (isset($_SESSION['csrf_tokens'][$token])) 
+  {
+    unset($_SESSION['csrf_tokens'][$token]);
+    return true;
+  }
+  return false;
+}
+
+
+// License
+//
+// This script is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License as published by
+// the Free Software Foundation; either version 2 of the License, or
+// (at your option) any later version.
+//
+// This script is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this script; if not, write to the
+// Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+// Boston, MA  02111-1307  USA
+?>

ncp-web/index.php

@@ -0,0 +1,130 @@
+<!--
+ NextcloudPi Web Panel javascript library
+
+ Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
+ GPL licensed (see end of file) * Use at your own risk!
+
+ More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/
+-->
+
+<!DOCTYPE html>
+<html class="ng-csp" data-placeholder-focus="false" lang="en" >
+<head>
+  <meta charset="utf-8">
+  <title>NextCloudPi Panel</title>
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+  <meta name="referrer" content="never">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0">
+  <meta name="mobile-web-app-capable" content="yes">
+<?php 
+    session_start();
+
+  // security headers
+  header("Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';"); 
+  header("X-XSS-Protection: 1; mode=block");
+  header("X-Content-Type-Options: nosniff");
+  header("X-Robots-Tag: none");
+  header("X-Permitted-Cross-Domain-Policies: none");
+  header("X-Frame-Options: DENY");
+  header("Cache-Control: max-age=15778463");
+  ini_set('session.cookie_httponly', 1);
+  if ( isset($_SERVER['HTTPS']) )
+    ini_set('session.cookie_secure', 1); 
+
+  // HTTP2 push headers
+  header("Link: </minified.js>; rel=preload; as=script;,</ncp.js>; rel=preload; as=script;,</ncp.css>; rel=preload; as=style;,</ncp-logo.png>; rel=preload; as=image;, </loading-small.gif>; rel=preload; as=image;, rel=preconnect href=ncp-launcher.php;");
+?>
+<link rel="icon" type="image/png" href="favicon.png" />
+<link rel="stylesheet" href="ncp.css">
+</head>
+<body id="body-user">
+  <noscript>
+  <div id="nojavascript"> <div>This application requires JavaScript for correct operation. Please <a href="http://enable-javascript.com/" target="_blank" rel="noreferrer">enable JavaScript</a> and reload the page.		</div> </div>
+  </noscript>
+  <div id="notification-container">
+    <div id="notification"></div>
+  </div>
+
+  <header role="banner"><div id="header">
+    <div id="header-left">
+        <a href="https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/"
+            id="nextcloudpi" tabindex="1" target="_blank">
+            <div class="logo-icon">
+                <h1 class="hidden-visually">NextCloudPi</h1>
+            </div>
+        </a>
+    </div>
+  </header>
+
+  <div id="content-wrapper">
+	<div id="content" class="app-files" role="main">
+		<div id="app-navigation">
+        	<ul id="ncp-options">
+              <?php
+
+              // fill options with contents from directory
+              $path  = '/usr/local/etc/nextcloudpi-config.d/';
+              $files = array_diff(scandir($path), array('.', '..','nc-wifi.sh'));
+
+              foreach($files as $file) 
+              {
+                $script = pathinfo( $file , PATHINFO_FILENAME );
+                $fh     = fopen( $path . $file ,'r');
+                while ($line = fgets($fh)) 
+                  if ( preg_match('/^DESCRIPTION="(.*)"$/', $line, $matches) )
+                  {
+                    echo "<li id=\"$script\" class=\"nav-recent\">";
+                    echo "<a href=\"#\"> $script </a>";
+                    echo "<input type=\"hidden\" value=\"$matches[1]\" />";
+                    echo "</li>";
+                  }
+                fclose($fh);
+              }
+              ?>
+            </ul>
+          </div>
+
+      <div id="app-content">
+        <h2 id="config-box-title">Configure NextCloudPi features</h2>
+        <br/>
+        <div id="config-box-wrapper" class="hidden">
+          <form>
+            <div id="config-box"></div>
+              <div id="config-button-wrapper">
+                <button id="config-button">Run</button>
+                <img id="loading-gif" src="loading-small.gif">
+              </div>
+          </form>
+          <textarea readonly id="details-box" rows="25" cols="60"></textarea>
+        </div>
+      </div>
+
+  </div>
+
+  <?php
+    include ('csrf.php');
+    echo '<input type="hidden" id="csrf-token" name="csrf-token" value="' . getCSRFToken() . '"/>';
+  ?>
+  <script src="minified.js"></script>
+  <script src="ncp.js"></script>
+</body>
+</html>
+
+<!--
+ License
+
+ This script is free software; you can redistribute it and/or modify it
+ under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This script is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this script; if not, write to the
+ Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+ Boston, MA  02111-1307  USA
+-->

ncp-web/ncp-launcher.php

@@ -0,0 +1,107 @@
+<?php 
+///
+// NextcloudPi Web Panel backend
+//
+// Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
+// GPL licensed (see end of file) * Use at your own risk!
+//
+// More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/
+///
+
+include ('csrf.php');
+
+session_start();
+
+if ( !$_POST['ref'] ) exit( '{ "output": "Invalid request" }' );
+
+if ( $_POST['action'] == "cfgreq" ) 
+{
+  //CSFR check
+  $token = isset($_POST['csrf_token']) ? $_POST['csrf_token'] : '';
+  if ( empty($token) || !validateCSRFToken($token) )
+    exit( '{ "output": "Unauthorized request" }' );
+
+  $path  = '/usr/local/etc/nextcloudpi-config.d/';
+  $files = array_diff(scandir($path), array('.', '..'));
+
+  $fh    = fopen( $path . $_POST['ref'] . '.sh' ,'r')
+             or exit( '{ "output": "' . $file . ' read error" }' );
+
+  // Get new token
+  echo '{ "token": "' . getCSRFToken() . '",';
+  echo ' "output": ';
+
+  $output = "<table>";
+
+  while ( $line = fgets($fh) ) 
+  {
+    if ( preg_match('/^(\w+)_=(.*)$/', $line, $matches) )
+    {
+      $output = $output . "<tr>";
+      $output = $output . "<td><label for=\"$matches[1]\">$matches[1]</label></td>";
+      $output = $output . "<td><input type=\"text\" name=\"$matches[1]\" id=\"$matches[1]\" value=\"$matches[2]\" size=\"40\"></td>";
+      $output = $output . "</tr>";
+    }
+  }
+
+  $output = $output . "</table>";
+  fclose($fh);
+
+  echo json_encode( $output ) . ' }'; // close JSON
+}
+
+else if ( $_POST['action'] == "launch" && $_POST['config'] )
+{
+  // CSRF check
+  $token = isset($_POST['csrf_token']) ? $_POST['csrf_token'] : '';
+  if ( empty($token) || !validateCSRFToken($token) )
+    exit( '{ "output": "Unauthorized request" }' );
+
+  chdir('/usr/local/etc/nextcloudpi-config.d/');
+
+  $file = $_POST['ref'] . '.sh';
+
+  if ( $_POST['config'] != "{}" )
+    $params = json_decode( $_POST['config'], true )
+                or exit( '{ "output": "Invalid request" }' );
+
+  $code = file_get_contents( $file )
+            or exit( '{ "output": "' . $file . ' read error" }' );
+
+  foreach( $params as $name => $value) 
+  {
+    preg_match( '/^[\w.@_\/-]+$/' , $value , $matches )
+      or exit( '{ "output": "Invalid input" , "token": "' . getCSRFToken() . '" }' );
+    $code = preg_replace( '/\n' . $name . '_=.*' . PHP_EOL . '/'  ,
+                        PHP_EOL . $name . '_=' . $value . PHP_EOL ,
+                        $code )
+              or exit();
+  }
+
+  file_put_contents($file, $code )
+    or exit( '{ "output": "' . $file . ' write error" }' );
+
+  // Get new token
+  echo '{ "token": "' . getCSRFToken() . '",';
+  echo ' "output": ';
+
+  echo json_encode( shell_exec( 'bash -c "sudo /home/www/ncp-launcher.sh ' . $file . '"' ) ) . ' }';
+}
+
+// License
+//
+// This script is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License as published by
+// the Free Software Foundation; either version 2 of the License, or
+// (at your option) any later version.
+//
+// This script is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this script; if not, write to the
+// Free Software Foundation, Inc., 59 Temple Place, Suite 330,
+// Boston, MA  02111-1307  USA
+?>