From 084c5dce18941dab315e15e02b2e352839a46c89 Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Sun, 31 Dec 2023 15:44:40 +0200 Subject: [PATCH 01/57] Create dependabot.yml --- .github/dependabot.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..7df3892 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,11 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + - package-ecosystem: "composer" # See documentation for possible values + directory: "/" # Location of package manifests + schedule: + interval: "weekly" From 5fe0bde0527c847cfd60f0c84769ad7c1f74357d Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Sun, 31 Dec 2023 15:46:03 +0200 Subject: [PATCH 02/57] Create psalm.yml --- .github/workflows/psalm.yml | 38 +++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/psalm.yml diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml new file mode 100644 index 0000000..77a407b --- /dev/null +++ b/.github/workflows/psalm.yml @@ -0,0 +1,38 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Psalm Security Scan + +on: + push: + branches: [ "main" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "main" ] + schedule: + - cron: '26 13 * * 4' + +permissions: + contents: read + +jobs: + php-security: + runs-on: ubuntu-latest + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Psalm Security Scan + uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287 + + - name: Upload Security Analysis results to GitHub + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: results.sarif From 0b69c5d1c28b164fa4463c1608c33e349cbd164b Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Sun, 31 Dec 2023 16:02:37 +0200 Subject: [PATCH 03/57] Delete .github/workflows/psalm.yml --- .github/workflows/psalm.yml | 38 ------------------------------------- 1 file changed, 38 deletions(-) delete mode 100644 .github/workflows/psalm.yml diff --git a/.github/workflows/psalm.yml b/.github/workflows/psalm.yml deleted file mode 100644 index 77a407b..0000000 --- a/.github/workflows/psalm.yml +++ /dev/null @@ -1,38 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -name: Psalm Security Scan - -on: - push: - branches: [ "main" ] - pull_request: - # The branches below must be a subset of the branches above - branches: [ "main" ] - schedule: - - cron: '26 13 * * 4' - -permissions: - contents: read - -jobs: - php-security: - runs-on: ubuntu-latest - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Psalm Security Scan - uses: psalm/psalm-github-security-scan@f3e6fd9432bc3e44aec078572677ce9d2ef9c287 - - - name: Upload Security Analysis results to GitHub - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: results.sarif From bba5f6adef0a3780ee174d9bf105cce517408908 Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Mon, 1 Jan 2024 02:04:25 +0200 Subject: [PATCH 04/57] Small update in docs regarding JIT --- docs/install.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/install.md b/docs/install.md index ce012b5..44ae1d3 100644 --- a/docs/install.md +++ b/docs/install.md @@ -65,6 +65,13 @@ If you have 50000 or more domains, use: memory_limit = -1 ``` +In ```/etc/php/8.2/mods-available/opcache.ini``` make one additional change: + +```bash +opcache.jit=1255 +opcache.jit_buffer_size=100M +``` + After configuring PHP, restart the service to apply changes: ```bash From 85f247773e88e65832d2d625825315497d255e9f Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Mon, 1 Jan 2024 03:13:27 +0200 Subject: [PATCH 05/57] Fixed #59 --- docs/install.md | 79 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/docs/install.md b/docs/install.md index 44ae1d3..a48237b 100644 --- a/docs/install.md +++ b/docs/install.md @@ -620,6 +620,85 @@ Check the BIND9 logs to ensure that the .test zone is loaded without errors: grep named /var/log/syslog ``` +### 14.1 Regular DNS Server Setup: + +Before editing the configuration files, you need to copy the TSIG key from your hidden master server. The TSIG key configuration should look like this: + +```bash +key "test.key" { + algorithm hmac-sha256; + secret "base64-encoded-secret=="; +}; +``` + +#### Installation of BIND9: + +```bash +apt update +apt install bind9 bind9-utils bind9-doc +``` + +#### Add the TSIG key to the BIND Configuration: + +Create a directory to store zone files: + +```bash +mkdir /var/cache/bind/zones +``` + +Edit the `named.conf.local` file: + +```bash +nano /etc/bind/named.conf.local +``` + +First, define the TSIG key at the top of the file: + +```bash +key "test.key" { + algorithm hmac-sha256; + secret "base64-encoded-secret=="; // Replace with your actual base64-encoded key +}; +``` + +Then, add the slave zone configuration: + +```bash +zone "test." { + type slave; + file "/var/cache/bind/zones/test.zone"; + masters { 192.0.2.1 key "test.key"; }; // IP of the hidden master and TSIG key reference + allow-query { any; }; // Allow queries from all IPs + allow-transfer { none; }; // Disable zone transfers (AXFR) to others +}; +``` + +Make sure to replace `192.0.2.1` with the IP address of your hidden master server and `base64-encoded-secret==` with the actual secret from your TSIG key. + +#### Adjusting Permissions and Ownership: + +Ensure BIND has permission to write to the zone file and that the files are owned by the BIND user: + +```bash +chown bind:bind /var/cache/bind/zones +chmod 755 /var/cache/bind/zones +``` + +#### Restart BIND9 Service: + +After making these changes, restart the BIND9 service to apply them: + +```bash +systemctl restart bind9 +``` + +#### Verify Configuration and Zone Transfer: + +```bash +named-checkconf +grep 'transfer of "test."' /var/log/syslog +``` + ## 15. Setup Monitoring: For effective monitoring of your registry system, we highly recommend utilizing Prometheus. From 80d89a6b90e1f4a0cb0806c3bacb11bf02692017 Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Tue, 2 Jan 2024 00:23:46 +0200 Subject: [PATCH 06/57] Update for documentation --- automation/config.php.dist | 2 +- docs/install.md | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/automation/config.php.dist b/automation/config.php.dist index c2b318a..d6f5649 100644 --- a/automation/config.php.dist +++ b/automation/config.php.dist @@ -50,7 +50,7 @@ return [ 'urs_imap_username' => 'your_username', 'urs_imap_password' => 'your_password', - // Notifications Configuration + // Message Broker Configuration 'mailer' => 'phpmailer', // sendgrid, mailgun are also available 'mailer_api_key' => 'YOUR_API_KEY', 'mailer_domain' => 'example.com', diff --git a/docs/install.md b/docs/install.md index a48237b..77010c9 100644 --- a/docs/install.md +++ b/docs/install.md @@ -419,9 +419,13 @@ This command will install one of the packages which are essential for the messag To set up automated tasks for Namingo, open the example crontab file located at ```/opt/registry/automation/crontab.example```. Review the contents and copy the relevant lines into your system's crontab file. Remember to adjust the paths and timings as necessary to suit your environment. -### Running the `messagebroker.php` Script in the Background +### Configuring the Message Broker -To run the messagebroker.php script as a background process, execute the following command: ```/usr/bin/php /opt/registry/automation/messagebroker.php &```. This will start the script and place it in the background, allowing it to run independently of your current terminal session. +You can easily configure the message broker for email delivery in ```config.php```. It is compatible with SendGrid, Mailgun API, and PHPMailer for those opting to use their own SMTP server. All necessary settings are conveniently located under the mailer_ lines within the file. + +For establishing your own mail server, Mox, available at [GitHub](https://github.com/mjl-/mox), provides a comprehensive solution. Install Mox following its GitHub instructions, then enter the required details in the ```config.php``` file. + +To run the messagebroker.php script, execute the following command: ```/usr/bin/php /opt/registry/automation/messagebroker.php &```. This will start the script and place it in the background, allowing it to run independently of your current terminal session. ### Setting Up an Audit Trail Database for Namingo @@ -770,8 +774,4 @@ Run the monitoring tool using: prometheus --config.file=/etc/prometheus/prometheus.yml ``` -The tool will be available at ```http://:9090``` - -## 16. Setup Mail Server: - -For establishing your own mail server, Mox, available at [Mox GitHub](https://github.com/mjl-/mox), provides a comprehensive solution. Install Mox following its GitHub instructions, then integrate with Namingo. This setup ensures a cohesive and efficient operation of your mail server. \ No newline at end of file +The tool will be available at ```http://:9090``` \ No newline at end of file From a69a642a12eaf6521c46e599507a1634e1efba85 Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Tue, 2 Jan 2024 10:28:29 +0200 Subject: [PATCH 07/57] Fixed #36 --- cp/app/Controllers/ApplicationsController.php | 80 +++++++++++++++++ cp/app/Controllers/DomainsController.php | 86 ++++++++++++++++++- cp/composer.json | 3 +- 3 files changed, 167 insertions(+), 2 deletions(-) diff --git a/cp/app/Controllers/ApplicationsController.php b/cp/app/Controllers/ApplicationsController.php index 27a31fe..142a68d 100644 --- a/cp/app/Controllers/ApplicationsController.php +++ b/cp/app/Controllers/ApplicationsController.php @@ -5,6 +5,9 @@ namespace App\Controllers; use Psr\Http\Message\ResponseInterface as Response; use Psr\Http\Message\ServerRequestInterface as Request; use Psr\Container\ContainerInterface; +use Selective\XmlDSig\PublicKeyStore; +use Selective\XmlDSig\CryptoVerifier; +use Selective\XmlDSig\XmlSignatureVerifier; class ApplicationsController extends Controller { @@ -151,6 +154,83 @@ class ApplicationsController extends Controller $notafter = null; $accepted = null; } + + if ($phaseType === 'sunrise') { + if ($smd !== null && $smd !== '') { + // Extract the BASE64 encoded part + $beginMarker = "-----BEGIN ENCODED SMD-----"; + $endMarker = "-----END ENCODED SMD-----"; + $beginPos = strpos($smd, $beginMarker) + strlen($beginMarker); + $endPos = strpos($smd, $endMarker); + $encodedSMD = trim(substr($smd, $beginPos, $endPos - $beginPos)); + + // Decode the BASE64 content + $xmlContent = base64_decode($encodedSMD); + + // Load the XML content using DOMDocument + $domDocument = new \DOMDocument(); + $domDocument->preserveWhiteSpace = false; + $domDocument->formatOutput = true; + $domDocument->loadXML($xmlContent); + + // Parse data + $xpath = new \DOMXPath($domDocument); + $xpath->registerNamespace('smd', 'urn:ietf:params:xml:ns:signedMark-1.0'); + $xpath->registerNamespace('mark', 'urn:ietf:params:xml:ns:mark-1.0'); + + $notBefore = new \DateTime($xpath->evaluate('string(//smd:notBefore)')); + $notAfter = new \DateTime($xpath->evaluate('string(//smd:notAfter)')); + $markName = $xpath->evaluate('string(//mark:markName)'); + $labels = []; + foreach ($xpath->query('//mark:label') as $x_label) { + $labels[] = $x_label->nodeValue; + } + + if (!in_array($label, $labels)) { + return view($response, 'admin/domains/createApplication.twig', [ + 'domainName' => $domainName, + 'error' => "SMD file is not valid for the application being created.", + 'registrars' => $registrars, + 'registrar' => $registrar, + ]); + } + + // Check if current date and time is between notBefore and notAfter + $now = new \DateTime(); + if (!($now >= $notBefore && $now <= $notAfter)) { + // Current time is outside the valid range, return an error view + return view($response, 'admin/domains/createApplication.twig', [ + 'domainName' => $domainName, + 'error' => "Current time is outside the valid range.", + 'registrars' => $registrars, + 'registrar' => $registrar, + ]); + } + + // Verify the signature + $publicKeyStore = new PublicKeyStore(); + $publicKeyStore->loadFromDocument($domDocument); + $cryptoVerifier = new CryptoVerifier($publicKeyStore); + $xmlSignatureVerifier = new XmlSignatureVerifier($cryptoVerifier); + $isValid = $xmlSignatureVerifier->verifyXml($xmlContent); + + if (!$isValid) { + return view($response, 'admin/domains/createApplication.twig', [ + 'domainName' => $domainName, + 'error' => "The XML signature of the SMD file is not valid.", + 'registrars' => $registrars, + 'registrar' => $registrar, + ]); + } + } else { + return view($response, 'admin/domains/createApplication.twig', [ + 'domainName' => $domainName, + 'error' => "SMD upload is required in the 'sunrise' phase.", + 'registrars' => $registrars, + 'registrar' => $registrar, + ]); + } + } $domain_already_reserved = $db->selectValue( 'SELECT id FROM reserved_domain_names WHERE name = ? LIMIT 1', diff --git a/cp/app/Controllers/DomainsController.php b/cp/app/Controllers/DomainsController.php index f53c782..7e0cfc1 100644 --- a/cp/app/Controllers/DomainsController.php +++ b/cp/app/Controllers/DomainsController.php @@ -6,6 +6,9 @@ use App\Models\Domain; use Psr\Http\Message\ResponseInterface as Response; use Psr\Http\Message\ServerRequestInterface as Request; use Psr\Container\ContainerInterface; +use Selective\XmlDSig\PublicKeyStore; +use Selective\XmlDSig\CryptoVerifier; +use Selective\XmlDSig\XmlSignatureVerifier; class DomainsController extends Controller { @@ -248,7 +251,7 @@ class DomainsController extends Controller if (!isset($data['noticeid']) || $data['noticeid'] === '' || !isset($data['notafter']) || $data['notafter'] === '' || !isset($data['accepted']) || $data['accepted'] === '') { - // Trigger an error or handle the situation as needed + // Trigger an error return view($response, 'admin/domains/createDomain.twig', [ 'domainName' => $domainName, 'error' => "Error: 'noticeid', 'notafter', or 'accepted' cannot be empty when phaseType is 'claims'", @@ -266,6 +269,87 @@ class DomainsController extends Controller $notafter = null; $accepted = null; } + + if ($phaseType === 'sunrise') { + if ($smd !== null && $smd !== '') { + // Extract the BASE64 encoded part + $beginMarker = "-----BEGIN ENCODED SMD-----"; + $endMarker = "-----END ENCODED SMD-----"; + $beginPos = strpos($smd, $beginMarker) + strlen($beginMarker); + $endPos = strpos($smd, $endMarker); + $encodedSMD = trim(substr($smd, $beginPos, $endPos - $beginPos)); + + // Decode the BASE64 content + $xmlContent = base64_decode($encodedSMD); + + // Load the XML content using DOMDocument + $domDocument = new \DOMDocument(); + $domDocument->preserveWhiteSpace = false; + $domDocument->formatOutput = true; + $domDocument->loadXML($xmlContent); + + // Parse data + $xpath = new \DOMXPath($domDocument); + $xpath->registerNamespace('smd', 'urn:ietf:params:xml:ns:signedMark-1.0'); + $xpath->registerNamespace('mark', 'urn:ietf:params:xml:ns:mark-1.0'); + + $notBefore = new \DateTime($xpath->evaluate('string(//smd:notBefore)')); + $notAfter = new \DateTime($xpath->evaluate('string(//smd:notAfter)')); + $markName = $xpath->evaluate('string(//mark:markName)'); + $labels = []; + foreach ($xpath->query('//mark:label') as $x_label) { + $labels[] = $x_label->nodeValue; + } + + if (!in_array($label, $labels)) { + return view($response, 'admin/domains/createDomain.twig', [ + 'domainName' => $domainName, + 'error' => "SMD file is not valid for the domain name being registered.", + 'registrars' => $registrars, + 'registrar' => $registrar, + 'launch_phases' => $launch_phases + ]); + } + + // Check if current date and time is between notBefore and notAfter + $now = new \DateTime(); + if (!($now >= $notBefore && $now <= $notAfter)) { + // Current time is outside the valid range, return an error view + return view($response, 'admin/domains/createDomain.twig', [ + 'domainName' => $domainName, + 'error' => "Current time is outside the valid range.", + 'registrars' => $registrars, + 'registrar' => $registrar, + 'launch_phases' => $launch_phases + ]); + } + + // Verify the signature + $publicKeyStore = new PublicKeyStore(); + $publicKeyStore->loadFromDocument($domDocument); + $cryptoVerifier = new CryptoVerifier($publicKeyStore); + $xmlSignatureVerifier = new XmlSignatureVerifier($cryptoVerifier); + $isValid = $xmlSignatureVerifier->verifyXml($xmlContent); + + if (!$isValid) { + return view($response, 'admin/domains/createDomain.twig', [ + 'domainName' => $domainName, + 'error' => "The XML signature of the SMD file is not valid.", + 'registrars' => $registrars, + 'registrar' => $registrar, + 'launch_phases' => $launch_phases + ]); + } + } else { + return view($response, 'admin/domains/createDomain.twig', [ + 'domainName' => $domainName, + 'error' => "SMD upload is required in the 'sunrise' phase.", + 'registrars' => $registrars, + 'registrar' => $registrar, + 'launch_phases' => $launch_phases + ]); + } + } $domain_already_reserved = $db->selectValue( 'SELECT id FROM reserved_domain_names WHERE name = ? LIMIT 1', diff --git a/cp/composer.json b/cp/composer.json index 9317730..6313315 100644 --- a/cp/composer.json +++ b/cp/composer.json @@ -44,7 +44,8 @@ "guzzlehttp/guzzle": "^7.8", "league/flysystem": "^3.23", "mpociot/vat-calculator": "^3.6", - "ramsey/uuid": "^4.7" + "ramsey/uuid": "^4.7", + "selective/xmldsig": "^3.1" }, "autoload": { "psr-4": { From 5156802dc3eaf615d6e620594053ae03db951a3a Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Tue, 2 Jan 2024 11:06:30 +0200 Subject: [PATCH 08/57] Work on #63; hidden software version --- cp/app/Controllers/SystemController.php | 16 +++++++++++++--- docs/install.md | 3 +++ docs/install.sh | 8 +++++++- 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/cp/app/Controllers/SystemController.php b/cp/app/Controllers/SystemController.php index 695d8c7..e0a0da7 100644 --- a/cp/app/Controllers/SystemController.php +++ b/cp/app/Controllers/SystemController.php @@ -930,19 +930,29 @@ class SystemController extends Controller return $response->withHeader('Location', '/registry/reserved')->withStatus(302); } - + $db = $this->container->get('db'); $types = $db->select("SELECT DISTINCT type FROM reserved_domain_names"); // Get the current URI $uri = $request->getUri()->getPath(); + // Set default types if $types is empty + if (empty($types)) { + $types = [ + ['type' => 'reserved'], + ['type' => 'restricted'] + ]; + } + $categories = []; foreach ($types as $type) { $typeNames = $db->select( 'SELECT name FROM reserved_domain_names WHERE type = ?', [ $type['type'] ] - ); - $categories[$type['type']] = array_column($typeNames, 'name'); + ); + + // Initialize the type with an empty array if no names are found + $categories[$type['type']] = $typeNames ? array_column($typeNames, 'name') : []; } return view($response,'admin/system/manageReserved.twig', [ diff --git a/docs/install.md b/docs/install.md index 77010c9..86f088c 100644 --- a/docs/install.md +++ b/docs/install.md @@ -190,6 +190,7 @@ rdap.example.com { encode gzip file_server tls your-email@example.com + header -Server header * { Referrer-Policy "no-referrer" Strict-Transport-Security max-age=31536000; @@ -209,6 +210,7 @@ whois.example.com { php_fastcgi unix//run/php/php8.2-fpm.sock file_server tls your-email@example.com + header -Server header * { Referrer-Policy "no-referrer" Strict-Transport-Security max-age=31536000; @@ -228,6 +230,7 @@ cp.example.com { encode gzip file_server tls your-email@example.com + header -Server log { output file /var/log/caddy/access.log format console diff --git a/docs/install.sh b/docs/install.sh index 44b4d78..e836515 100644 --- a/docs/install.sh +++ b/docs/install.sh @@ -76,7 +76,10 @@ if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" & edit_php_ini "$file" "session.cookie_domain" "example.com" edit_php_ini "$file" "memory_limit" "512M" done - + + edit_php_ini "/etc/php/8.2/mods-available/opcache.ini" "opcache.jit" "1255" + edit_php_ini "/etc/php/8.2/mods-available/opcache.ini" "opcache.jit_buffer_size" "100M" + # Restart PHP-FPM service echo "Restarting PHP 8.2-FPM service..." systemctl restart php8.2-fpm @@ -171,6 +174,7 @@ if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" & encode gzip file_server tls $YOUR_EMAIL + header -Server header * { Referrer-Policy "no-referrer" Strict-Transport-Security max-age=31536000; @@ -190,6 +194,7 @@ if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" & php_fastcgi unix//run/php/php8.2-fpm.sock file_server tls $YOUR_EMAIL + header -Server header * { Referrer-Policy "no-referrer" Strict-Transport-Security max-age=31536000; @@ -209,6 +214,7 @@ if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" & encode gzip file_server tls $YOUR_EMAIL + header -Server log { output file /var/log/caddy/access.log format console From 19074bc248b6f4dddc7cb6055202b9904841ed98 Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Tue, 2 Jan 2024 12:16:26 +0200 Subject: [PATCH 09/57] Updates and added option for auto logout --- cp/bootstrap/app.php | 5 +++++ cp/composer.json | 18 ++++++++---------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/cp/bootstrap/app.php b/cp/bootstrap/app.php index aabbbad..a5a9a67 100644 --- a/cp/bootstrap/app.php +++ b/cp/bootstrap/app.php @@ -89,6 +89,11 @@ $container->set('pdo', function () use ($pdo) { }); $container->set('auth', function() { + //$responseFactory = new \Nyholm\Psr7\Factory\Psr17Factory(); + //$response = $responseFactory->createResponse(); + //$autoLogout = new \Pinga\Auth\AutoLogout(); + //$autoLogout->watch(900, '/', null, 301, $response); + return new \App\Auth\Auth; }); diff --git a/cp/composer.json b/cp/composer.json index 6313315..bdeccf1 100644 --- a/cp/composer.json +++ b/cp/composer.json @@ -16,17 +16,15 @@ "ext-pdo": "*", "slim/slim": "4.12.0", "slim/twig-view": "^3.3.0", - "monolog/monolog": "^3.4.0", + "monolog/monolog": "^3.5.0", "respect/validation": "^2.2.4", "slim/csrf": "^1.3", "slim/flash": "^0.4", - "vlucas/phpdotenv": "^5.5", - "php-di/php-di": "^7.0.5", - "nyholm/psr7": "^1.8", - "nyholm/psr7-server": "^1.0.2", - "pinga/auth": "^0.2.1", - "phpmailer/phpmailer": "^6.8.1", - "utopia-php/messaging": "^0.3.0", + "vlucas/phpdotenv": "^5.6", + "php-di/php-di": "^7.0.6", + "nyholm/psr7": "^1.8.1", + "nyholm/psr7-server": "^1.1.0", + "pinga/auth": "^0.3.1", "filp/whoops": "^2.15.3", "imefisto/psr-swoole-native": "^1.1.2", "chubbyphp/chubbyphp-static-file": "^1.2", @@ -43,7 +41,7 @@ "matthiasmullie/scrapbook": "^1.5", "guzzlehttp/guzzle": "^7.8", "league/flysystem": "^3.23", - "mpociot/vat-calculator": "^3.6", + "mpociot/vat-calculator": "^3.7", "ramsey/uuid": "^4.7", "selective/xmldsig": "^3.1" }, @@ -52,4 +50,4 @@ "App\\": "app/" } } -} \ No newline at end of file +} From d84eec88e35423d760348dd205aea6094b52c242 Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Tue, 2 Jan 2024 15:06:58 +0200 Subject: [PATCH 10/57] UI bug fix --- cp/resources/views/admin/system/listTlds.twig | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cp/resources/views/admin/system/listTlds.twig b/cp/resources/views/admin/system/listTlds.twig index 54ec72c..156f6f9 100644 --- a/cp/resources/views/admin/system/listTlds.twig +++ b/cp/resources/views/admin/system/listTlds.twig @@ -25,11 +25,16 @@ {{ __('Manage Reserved Names') }} + + + + + {{ __('Create New TLD') }} - + From 174ae4d7238e1750ee1104870d6591950a859818 Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Tue, 2 Jan 2024 15:52:36 +0200 Subject: [PATCH 11/57] Fixes for the installer --- docs/install.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/install.sh b/docs/install.sh index e836515..0914ac3 100644 --- a/docs/install.sh +++ b/docs/install.sh @@ -49,7 +49,7 @@ if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" & gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg caddy-stable.gpg.key curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list echo "Updating package lists and upgrading packages..." - apt update && apt upgrade + apt update -y && apt upgrade -y echo "Installing additional required packages..." apt install -y bzip2 caddy composer gettext git gnupg2 net-tools php8.2 php8.2-cli php8.2-common php8.2-curl php8.2-ds php8.2-fpm php8.2-gd php8.2-gmp php8.2-gnupg php8.2-igbinary php8.2-imap php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-redis php8.2-soap php8.2-swoole php8.2-uuid php8.2-xml pv redis unzip wget whois @@ -98,7 +98,7 @@ if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" & Suites: jammy Components: main main/debug Signed-By: /etc/apt/keyrings/mariadb-keyring.pgp - EOF +EOF apt-get update apt install -y mariadb-client mariadb-server php8.2-mysql echo "Please follow the prompts for secure installation of MariaDB." @@ -138,6 +138,8 @@ if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" & chown -R www-data:www-data /var/log/namingo echo "Setting up firewall rules..." + ufw allow 22/tcp + ufw allow 22/udp ufw allow 43/tcp ufw allow 80/tcp ufw allow 80/udp @@ -239,13 +241,13 @@ if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" & Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(self), speaker=(), usb=(), vr=(); } } - EOF +EOF systemctl enable caddy systemctl restart caddy echo "Control Panel Setup..." - cp -r /opt/registry/cp /var/www/ + cp -r /opt/registry/cp /var/www mv /var/www/cp/env-sample /var/www/cp/.env # Update .env file with the actual values From 217948cb44266a74694782707c80f06df632b51b Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Tue, 2 Jan 2024 15:55:22 +0200 Subject: [PATCH 12/57] One more fix --- docs/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/install.sh b/docs/install.sh index 0914ac3..7a13861 100644 --- a/docs/install.sh +++ b/docs/install.sh @@ -42,7 +42,7 @@ if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" & echo "Installing required packages..." apt install -y curl software-properties-common ufw echo "Adding PHP repository..." - add-apt-repository ppa:ondrej/php + add-apt-repository ppa:ondrej/php -y apt install -y debian-keyring debian-archive-keyring apt-transport-https echo "Setting up Caddy repository..." curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o caddy-stable.gpg.key From 035fbe37ddb7aea7d5b58b42bfb365bf1d9d735d Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Tue, 2 Jan 2024 16:07:04 +0200 Subject: [PATCH 13/57] Update install.sh --- docs/install.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/install.sh b/docs/install.sh index 7a13861..4d4df28 100644 --- a/docs/install.sh +++ b/docs/install.sh @@ -247,7 +247,7 @@ EOF systemctl restart caddy echo "Control Panel Setup..." - cp -r /opt/registry/cp /var/www + cp -r /opt/registry/cp /var/www/cp mv /var/www/cp/env-sample /var/www/cp/.env # Update .env file with the actual values @@ -266,32 +266,32 @@ EOF cp -r * /var/www/whois cd /var/www/whois composer require gregwar/captcha - mv config.php.dist config.php + mv /var/www/whois/config.php.dist /var/www/whois/config.php echo "Installing WHOIS Server." cd /opt/registry/whois/port43 composer install - mv config.php.dist config.php + mv /opt/registry/whois/port43/config.php.dist /opt/registry/whois/port43/config.php echo "Installing RDAP Server." cd /opt/registry/rdap composer install - mv config.php.dist config.php + mv /opt/registry/rdap/config.php.dist /opt/registry/rdap/config.php echo "Installing EPP Server." cd /opt/registry/epp composer install - mv config.php.dist config.php + mv /opt/registry/epp/config.php.dist /opt/registry/epp/config.php echo "Installing Automation Scripts." cd /opt/registry/automation composer install - mv config.php.dist config.php + mv /opt/registry/automation/config.php.dist /opt/registry/automation/config.php echo "Installing DAS Server." cd /opt/registry/das composer install - mv config.php.dist config.php + mv /opt/registry/das/config.php.dist /opt/registry/das/config.php echo "Installation complete! Please now configure components according to the instructions and start them one by one." else From 3e65b8dcfac4f3bb3d5fb064f2e257ad8d6f905c Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Tue, 2 Jan 2024 16:24:38 +0200 Subject: [PATCH 14/57] Installation clearing up --- automation/config.php.dist | 2 +- das/config.php.dist | 2 +- docs/install.sh | 41 +++++++++++++++++++++++++++++++----- epp/config.php.dist | 2 +- rdap/config.php.dist | 2 +- whois/port43/config.php.dist | 2 +- 6 files changed, 41 insertions(+), 10 deletions(-) diff --git a/automation/config.php.dist b/automation/config.php.dist index d6f5649..8f885a9 100644 --- a/automation/config.php.dist +++ b/automation/config.php.dist @@ -5,7 +5,7 @@ return [ 'db_type' => 'mysql', 'db_host' => 'localhost', 'db_port' => 3306, - 'db_database' => 'your_database_name', + 'db_database' => 'registry', 'db_username' => 'your_username', 'db_password' => 'your_password', diff --git a/das/config.php.dist b/das/config.php.dist index 80ecde7..acc9838 100644 --- a/das/config.php.dist +++ b/das/config.php.dist @@ -4,7 +4,7 @@ return [ 'db_type' => 'mysql', 'db_host' => 'localhost', 'db_port' => 3306, - 'db_database' => 'your_database_name', + 'db_database' => 'registry', 'db_username' => 'your_username', 'db_password' => 'your_password' ]; \ No newline at end of file diff --git a/docs/install.sh b/docs/install.sh index 4d4df28..7649d95 100644 --- a/docs/install.sh +++ b/docs/install.sh @@ -51,7 +51,7 @@ if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" & echo "Updating package lists and upgrading packages..." apt update -y && apt upgrade -y echo "Installing additional required packages..." - apt install -y bzip2 caddy composer gettext git gnupg2 net-tools php8.2 php8.2-cli php8.2-common php8.2-curl php8.2-ds php8.2-fpm php8.2-gd php8.2-gmp php8.2-gnupg php8.2-igbinary php8.2-imap php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-redis php8.2-soap php8.2-swoole php8.2-uuid php8.2-xml pv redis unzip wget whois + apt install -y bzip2 caddy gettext git gnupg2 net-tools php8.2 php8.2-cli php8.2-common php8.2-curl php8.2-ds php8.2-fpm php8.2-gd php8.2-gmp php8.2-gnupg php8.2-igbinary php8.2-imap php8.2-intl php8.2-mbstring php8.2-opcache php8.2-readline php8.2-redis php8.2-soap php8.2-swoole php8.2-uuid php8.2-xml pv redis unzip wget whois # Set timezone to UTC if it's not already currentTimezone=$(timedatectl status | grep "Time zone" | awk '{print $3}') @@ -76,10 +76,10 @@ if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" & edit_php_ini "$file" "session.cookie_domain" "example.com" edit_php_ini "$file" "memory_limit" "512M" done - - edit_php_ini "/etc/php/8.2/mods-available/opcache.ini" "opcache.jit" "1255" - edit_php_ini "/etc/php/8.2/mods-available/opcache.ini" "opcache.jit_buffer_size" "100M" - + + edit_php_ini "/etc/php/8.2/mods-available/opcache.ini" "opcache.jit" "1255" + edit_php_ini "/etc/php/8.2/mods-available/opcache.ini" "opcache.jit_buffer_size" "100M" + # Restart PHP-FPM service echo "Restarting PHP 8.2-FPM service..." systemctl restart php8.2-fpm @@ -256,6 +256,27 @@ EOF sed -i "s|example.com|$REGISTRY_DOMAIN|g" /var/www/cp/.env sed -i "s/DB_USERNAME=root/DB_USERNAME=$DB_USER/g" /var/www/cp/.env sed -i "s/DB_PASSWORD=/DB_PASSWORD=$DB_PASSWORD/g" /var/www/cp/.env + + php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" + EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)" + ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")" + + if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ] + then + >&2 echo 'ERROR: Invalid installer signature' + rm composer-setup.php + exit 1 + fi + + echo 'Composer installer verified' + + php composer-setup.php --quiet + + rm composer-setup.php + + mv composer.phar /usr/local/bin/composer + + echo 'Composer installed' cd /var/www/cp composer install @@ -272,26 +293,36 @@ EOF cd /opt/registry/whois/port43 composer install mv /opt/registry/whois/port43/config.php.dist /opt/registry/whois/port43/config.php + sed -i "s|'db_username' => 'your_username'|'db_username' => '$DB_USER'|g" /opt/registry/whois/port43/config.php + sed -i "s|'db_password' => 'your_password'|'db_password' => '$DB_PASSWORD'|g" /opt/registry/whois/port43/config.php echo "Installing RDAP Server." cd /opt/registry/rdap composer install mv /opt/registry/rdap/config.php.dist /opt/registry/rdap/config.php + sed -i "s|'db_username' => 'your_username'|'db_username' => '$DB_USER'|g" /opt/registry/rdap/config.php + sed -i "s|'db_password' => 'your_password'|'db_password' => '$DB_PASSWORD'|g" /opt/registry/rdap/config.php echo "Installing EPP Server." cd /opt/registry/epp composer install mv /opt/registry/epp/config.php.dist /opt/registry/epp/config.php + sed -i "s|'db_username' => 'your_username'|'db_username' => '$DB_USER'|g" /opt/registry/epp/config.php + sed -i "s|'db_password' => 'your_password'|'db_password' => '$DB_PASSWORD'|g" /opt/registry/epp/config.php echo "Installing Automation Scripts." cd /opt/registry/automation composer install mv /opt/registry/automation/config.php.dist /opt/registry/automation/config.php + sed -i "s|'db_username' => 'your_username'|'db_username' => '$DB_USER'|g" /opt/registry/automation/config.php + sed -i "s|'db_password' => 'your_password'|'db_password' => '$DB_PASSWORD'|g" /opt/registry/automation/config.php echo "Installing DAS Server." cd /opt/registry/das composer install mv /opt/registry/das/config.php.dist /opt/registry/das/config.php + sed -i "s|'db_username' => 'your_username'|'db_username' => '$DB_USER'|g" /opt/registry/das/config.php + sed -i "s|'db_password' => 'your_password'|'db_password' => '$DB_PASSWORD'|g" /opt/registry/das/config.php echo "Installation complete! Please now configure components according to the instructions and start them one by one." else diff --git a/epp/config.php.dist b/epp/config.php.dist index e115587..471ef3f 100644 --- a/epp/config.php.dist +++ b/epp/config.php.dist @@ -4,7 +4,7 @@ return [ 'db_type' => 'mysql', 'db_host' => 'localhost', 'db_port' => 3306, - 'db_database' => 'your_database_name', + 'db_database' => 'registry', 'db_username' => 'your_username', 'db_password' => 'your_password', 'epp_host' => '0.0.0.0', diff --git a/rdap/config.php.dist b/rdap/config.php.dist index 22a5aa0..494b417 100644 --- a/rdap/config.php.dist +++ b/rdap/config.php.dist @@ -4,7 +4,7 @@ return [ 'db_type' => 'mysql', 'db_host' => 'localhost', 'db_port' => 3306, - 'db_database' => 'your_database_name', + 'db_database' => 'registry', 'db_username' => 'your_username', 'db_password' => 'your_password', 'roid' => 'XX', diff --git a/whois/port43/config.php.dist b/whois/port43/config.php.dist index b9788a9..c5f9edc 100644 --- a/whois/port43/config.php.dist +++ b/whois/port43/config.php.dist @@ -4,7 +4,7 @@ return [ 'db_type' => 'mysql', 'db_host' => 'localhost', 'db_port' => 3306, - 'db_database' => 'your_database_name', + 'db_database' => 'registry', 'db_username' => 'your_username', 'db_password' => 'your_password', 'privacy' => false, From 83a9d35f0cd9d20df100fc0f37778303f8a01693 Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Wed, 3 Jan 2024 10:48:23 +0200 Subject: [PATCH 15/57] Few updates to the installer script. --- docs/install.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/install.sh b/docs/install.sh index 7649d95..da834ca 100644 --- a/docs/install.sh +++ b/docs/install.sh @@ -35,8 +35,8 @@ if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" & DB_TYPE=$(prompt_for_input "Enter preferred database type (MariaDB/PostgreSQL)") DB_USER=$(prompt_for_input "Enter database user") DB_PASSWORD=$(prompt_for_input "Enter database password") - PANEL_USER=$(prompt_for_input "Enter panel user") - PANEL_PASSWORD=$(prompt_for_input "Enter panel password") + PANEL_EMAIL=$(prompt_for_input "Enter panel admin email") + PANEL_PASSWORD=$(prompt_for_input "Enter panel admin password") # Step 1 - Components Installation echo "Installing required packages..." @@ -247,6 +247,7 @@ EOF systemctl restart caddy echo "Control Panel Setup..." + mkdir -p /var/www/cp cp -r /opt/registry/cp /var/www/cp mv /var/www/cp/env-sample /var/www/cp/.env @@ -323,6 +324,11 @@ EOF mv /opt/registry/das/config.php.dist /opt/registry/das/config.php sed -i "s|'db_username' => 'your_username'|'db_username' => '$DB_USER'|g" /opt/registry/das/config.php sed -i "s|'db_password' => 'your_password'|'db_password' => '$DB_PASSWORD'|g" /opt/registry/das/config.php + + echo "Configuring control panel admin." + sed -i "s|\$email = 'admin@example.com';|\$email = '$PANEL_EMAIL';|g" /var/www/cp/bin/create_admin_user.php + sed -i "s|\$newPW = 'admin_password';|\$newPW = '$PANEL_PASSWORD';|g" /var/www/cp/bin/create_admin_user.php + php /var/www/cp/bin/create_admin_user.php echo "Installation complete! Please now configure components according to the instructions and start them one by one." else From a590e804f3a3149121ad1c5d3949525b3c89bd3d Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Wed, 3 Jan 2024 10:59:14 +0200 Subject: [PATCH 16/57] One more issue removed from installer --- docs/install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/install.sh b/docs/install.sh index da834ca..e45cd7e 100644 --- a/docs/install.sh +++ b/docs/install.sh @@ -247,8 +247,8 @@ EOF systemctl restart caddy echo "Control Panel Setup..." - mkdir -p /var/www/cp - cp -r /opt/registry/cp /var/www/cp + mkdir -p /var/www + cp -r /opt/registry/cp /var/www mv /var/www/cp/env-sample /var/www/cp/.env # Update .env file with the actual values From b5cd42beeed7b37eaecb1d7c684da2430103461c Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Wed, 3 Jan 2024 11:30:26 +0200 Subject: [PATCH 17/57] A few more updates to the installer --- docs/install.sh | 49 ++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 38 insertions(+), 11 deletions(-) diff --git a/docs/install.sh b/docs/install.sh index e45cd7e..f9352fc 100644 --- a/docs/install.sh +++ b/docs/install.sh @@ -37,6 +37,7 @@ if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" & DB_PASSWORD=$(prompt_for_input "Enter database password") PANEL_EMAIL=$(prompt_for_input "Enter panel admin email") PANEL_PASSWORD=$(prompt_for_input "Enter panel admin password") + current_user=$(whoami) # Step 1 - Components Installation echo "Installing required packages..." @@ -246,7 +247,7 @@ EOF systemctl enable caddy systemctl restart caddy - echo "Control Panel Setup..." + echo "Installing Control Panel." mkdir -p /var/www cp -r /opt/registry/cp /var/www mv /var/www/cp/env-sample /var/www/cp/.env @@ -270,39 +271,50 @@ EOF fi echo 'Composer installer verified' - php composer-setup.php --quiet - rm composer-setup.php - mv composer.phar /usr/local/bin/composer - echo 'Composer installed' cd /var/www/cp composer install - echo "Control Panel configured." - + + echo "Importing database." + mysql -u "$DB_USER" -p"$DB_PASSWORD" < /opt/registry/database/registry.mariadb.sql + + echo "Installing Web WHOIS." mkdir -p /var/www/whois cd /opt/registry/whois/web cp -r * /var/www/whois cd /var/www/whois composer require gregwar/captcha mv /var/www/whois/config.php.dist /var/www/whois/config.php - + sed -i "s|'whois_url' => '.*'|'whois_url' => 'whois.${REGISTRY_DOMAIN}'|" /var/www/whois/config.php + sed -i "s|'rdap_url' => '.*'|'rdap_url' => 'rdap.${REGISTRY_DOMAIN}'|" /var/www/whois/config.php + echo "Installing WHOIS Server." cd /opt/registry/whois/port43 composer install mv /opt/registry/whois/port43/config.php.dist /opt/registry/whois/port43/config.php sed -i "s|'db_username' => 'your_username'|'db_username' => '$DB_USER'|g" /opt/registry/whois/port43/config.php sed -i "s|'db_password' => 'your_password'|'db_password' => '$DB_PASSWORD'|g" /opt/registry/whois/port43/config.php - + sed -i "s/User=root/User=$current_user/" /opt/registry/docs/whois.service + sed -i "s/Group=root/Group=$current_user/" /opt/registry/docs/whois.service + cp /opt/registry/docs/whois.service /etc/systemd/system/ + systemctl daemon-reload + systemctl enable whois.service + echo "Installing RDAP Server." cd /opt/registry/rdap composer install mv /opt/registry/rdap/config.php.dist /opt/registry/rdap/config.php sed -i "s|'db_username' => 'your_username'|'db_username' => '$DB_USER'|g" /opt/registry/rdap/config.php sed -i "s|'db_password' => 'your_password'|'db_password' => '$DB_PASSWORD'|g" /opt/registry/rdap/config.php + sed -i "s/User=root/User=$current_user/" /opt/registry/docs/rdap.service + sed -i "s/Group=root/Group=$current_user/" /opt/registry/docs/rdap.service + cp /opt/registry/docs/rdap.service /etc/systemd/system/ + systemctl daemon-reload + systemctl enable rdap.service echo "Installing EPP Server." cd /opt/registry/epp @@ -310,6 +322,11 @@ EOF mv /opt/registry/epp/config.php.dist /opt/registry/epp/config.php sed -i "s|'db_username' => 'your_username'|'db_username' => '$DB_USER'|g" /opt/registry/epp/config.php sed -i "s|'db_password' => 'your_password'|'db_password' => '$DB_PASSWORD'|g" /opt/registry/epp/config.php + sed -i "s/User=root/User=$current_user/" /opt/registry/docs/epp.service + sed -i "s/Group=root/Group=$current_user/" /opt/registry/docs/epp.service + cp /opt/registry/docs/epp.service /etc/systemd/system/ + systemctl daemon-reload + systemctl enable epp.service echo "Installing Automation Scripts." cd /opt/registry/automation @@ -324,13 +341,23 @@ EOF mv /opt/registry/das/config.php.dist /opt/registry/das/config.php sed -i "s|'db_username' => 'your_username'|'db_username' => '$DB_USER'|g" /opt/registry/das/config.php sed -i "s|'db_password' => 'your_password'|'db_password' => '$DB_PASSWORD'|g" /opt/registry/das/config.php - + sed -i "s/User=root/User=$current_user/" /opt/registry/docs/das.service + sed -i "s/Group=root/Group=$current_user/" /opt/registry/docs/das.service + cp /opt/registry/docs/das.service /etc/systemd/system/ + systemctl daemon-reload + systemctl enable das.service + echo "Configuring control panel admin." sed -i "s|\$email = 'admin@example.com';|\$email = '$PANEL_EMAIL';|g" /var/www/cp/bin/create_admin_user.php sed -i "s|\$newPW = 'admin_password';|\$newPW = '$PANEL_PASSWORD';|g" /var/www/cp/bin/create_admin_user.php php /var/www/cp/bin/create_admin_user.php - echo "Installation complete! Please now configure components according to the instructions and start them one by one." + echo -e "Installation complete!\n" + echo -e "Next steps:\n" + echo -e "1. Configure each component by editing their respective configuration files." + echo -e "2. Once configuration is complete, start each service with the following command:\n systemctl start SERVICE_NAME.service\n Replace 'SERVICE_NAME' with the specific service (whois, rdap, epp, das) as needed." + echo -e "3. To set up automation services, refer to the configuration manual and edit the files in:\n /opt/registry/automation\n" + echo -e "For more detailed information, please consult the accompanying documentation or support resources." else echo "Unsupported Linux distribution or version" fi From 43f827b74838bede000ec0d374e3df200fdae9d1 Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Wed, 3 Jan 2024 11:35:58 +0200 Subject: [PATCH 18/57] New recommendation in docs --- docs/install.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/docs/install.md b/docs/install.md index 86f088c..38f6cc1 100644 --- a/docs/install.md +++ b/docs/install.md @@ -777,4 +777,14 @@ Run the monitoring tool using: prometheus --config.file=/etc/prometheus/prometheus.yml ``` -The tool will be available at ```http://:9090``` \ No newline at end of file +The tool will be available at ```http://:9090``` + +## 16. Recommended Help Desk Solution: + +If you're in need of an effective help desk solution to complement your experience with Namingo, we recommend considering [FreeScout](https://freescout.net/), an AGPL-3.0 licensed, free and open-source software. FreeScout is known for its user-friendly interface and robust features, making it an excellent choice for managing customer queries and support tickets. + +### Please Note: + +- FreeScout is an independent software and is not a part of Namingo. It is licensed under the AGPL-3.0, which is different from Namingo's MIT license. +- The recommendation to use FreeScout is entirely optional and for the convenience of Namingo users. Namingo functions independently of FreeScout and does not require FreeScout for its operation. +- Ensure to comply with the AGPL-3.0 license terms if you choose to use FreeScout alongside Namingo. \ No newline at end of file From 2c48d487779cfd49d4332d64b1ec7a01b8bff8b0 Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Wed, 3 Jan 2024 19:59:42 +0200 Subject: [PATCH 19/57] Create SECURITY.md --- SECURITY.md | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..d261e5d --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,37 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 1.0-betaX | :white_check_mark: | +| < 1.0 | :x: | + +## Reporting a Vulnerability + +The Namingo team takes the security of our software seriously. If you believe you have found a security vulnerability in any version of our software, we would like you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem. + +Please follow these steps to report a vulnerability: + +1. **Do not report security vulnerabilities through public GitHub issues.** +2. Instead, please email us directly at [help@namingo.org](mailto:help@namingo.org). Provide a detailed description of the issue, including the following information: + - The version of the software that you are using + - A description of the vulnerability and how it can be reproduced + - The potential impact of the vulnerability +3. We will respond to your report within 48 hours to acknowledge receipt of your report and to outline the next steps in handling your submission. +4. After the initial reply to your report, the security team will endeavor to keep you informed of the progress being made towards a fix and full announcement. We may also ask for additional information or guidance. + +### Disclosure Policy + +When we receive a vulnerability report, our immediate priority is to confirm and fix the vulnerability. We ask that you do not publicly disclose the issue until we have had the chance to resolve it. + +We aim to handle all security issues transparently after the initial assessment phase. Once the issue is resolved, we will release a security advisory detailing the vulnerability, our response, and acknowledgments to the reporters. + +### Comments on this Policy + +If you have suggestions on how this process could be improved, please submit a pull request or issue. + +Thank you for helping to keep Namingo and its users safe. From 6d1f934d369c32e66cfbadda5079398dc2710ae6 Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Fri, 5 Jan 2024 14:18:40 +0200 Subject: [PATCH 20/57] Added user audit details in panel --- automation/audit.json | 4 ++ cp/app/Auth/Auth.php | 17 +++++ cp/app/Controllers/Auth/AuthController.php | 38 ++++++++++- cp/app/Controllers/ProfileController.php | 25 ++++++- cp/bootstrap/helper.php | 29 +++++++++ cp/resources/views/admin/profile/profile.twig | 65 +++++++++++++++---- database/registry.mariadb.sql | 22 +++++-- database/registry.postgres.sql | 22 +++++-- 8 files changed, 197 insertions(+), 25 deletions(-) diff --git a/automation/audit.json b/automation/audit.json index bd39c78..e44ecaa 100644 --- a/automation/audit.json +++ b/automation/audit.json @@ -204,6 +204,10 @@ "audit": true, "skip": null }, + "users_audit": { + "audit": true, + "skip": null + }, "users_confirmations": { "audit": null, "skip": null diff --git a/cp/app/Auth/Auth.php b/cp/app/Auth/Auth.php index 3017b7a..ae1643d 100644 --- a/cp/app/Auth/Auth.php +++ b/cp/app/Auth/Auth.php @@ -277,6 +277,23 @@ class Auth public static function changeCurrentPassword($oldPassword, $newPassword){ $auth = self::$auth; try { + global $container; + $db = $container->get('db'); + $currentDateTime = new \DateTime(); + $currentDate = $currentDateTime->format('Y-m-d H:i:s.v'); // Current timestamp + $db->insert( + 'users_audit', + [ + 'user_id' => $_SESSION['auth_user_id'], + 'user_event' => 'user.update.password', + 'user_resource' => 'control.panel', + 'user_agent' => $_SERVER['HTTP_USER_AGENT'], + 'user_ip' => get_client_ip(), + 'user_location' => get_client_location(), + 'event_time' => $currentDate, + 'user_data' => null + ] + ); $auth->changePassword($oldPassword, $newPassword); redirect()->route('profile')->with('success','Password has been changed'); } diff --git a/cp/app/Controllers/Auth/AuthController.php b/cp/app/Controllers/Auth/AuthController.php index 916d919..b4e3a2e 100644 --- a/cp/app/Controllers/Auth/AuthController.php +++ b/cp/app/Controllers/Auth/AuthController.php @@ -59,6 +59,8 @@ class AuthController extends Controller * @throws \Pinga\Auth\AuthError */ public function login(Request $request, Response $response){ + global $container; + $data = $request->getParsedBody(); if(isset($data['remember'])){ $remember = $data['remember']; @@ -71,8 +73,25 @@ class AuthController extends Controller $code = null; } $login = Auth::login($data['email'], $data['password'], $remember, $code); - if($login===true) + if($login===true) { + $db = $container->get('db'); + $currentDateTime = new \DateTime(); + $currentDate = $currentDateTime->format('Y-m-d H:i:s.v'); // Current timestamp + $db->insert( + 'users_audit', + [ + 'user_id' => $_SESSION['auth_user_id'], + 'user_event' => 'user.login', + 'user_resource' => 'control.panel', + 'user_agent' => $_SERVER['HTTP_USER_AGENT'], + 'user_ip' => get_client_ip(), + 'user_location' => get_client_location(), + 'event_time' => $currentDate, + 'user_data' => null + ] + ); redirect()->route('home'); + } } /** @@ -80,6 +99,23 @@ class AuthController extends Controller */ public function logout() { + global $container; + $db = $container->get('db'); + $currentDateTime = new \DateTime(); + $currentDate = $currentDateTime->format('Y-m-d H:i:s.v'); // Current timestamp + $db->insert( + 'users_audit', + [ + 'user_id' => $_SESSION['auth_user_id'], + 'user_event' => 'user.logout', + 'user_resource' => 'control.panel', + 'user_agent' => $_SERVER['HTTP_USER_AGENT'], + 'user_ip' => get_client_ip(), + 'user_location' => get_client_location(), + 'event_time' => $currentDate, + 'user_data' => null + ] + ); Auth::logout(); redirect()->route('login'); } diff --git a/cp/app/Controllers/ProfileController.php b/cp/app/Controllers/ProfileController.php index dad0ad8..fd2c1b6 100644 --- a/cp/app/Controllers/ProfileController.php +++ b/cp/app/Controllers/ProfileController.php @@ -73,12 +73,16 @@ class ProfileController extends Controller 'SELECT * FROM users_webauthn WHERE user_id = ?', [$userId] ); + $user_audit = $db->select( + 'SELECT * FROM users_audit WHERE user_id = ? ORDER BY event_time DESC', + [$userId] + ); if ($is_2fa_activated) { - return view($response,'admin/profile/profile.twig',['email' => $email, 'username' => $username, 'status' => $status, 'role' => $role, 'csrf_name' => $csrfName, 'csrf_value' => $csrfValue]); + return view($response,'admin/profile/profile.twig',['email' => $email, 'username' => $username, 'status' => $status, 'role' => $role, 'csrf_name' => $csrfName, 'csrf_value' => $csrfValue, 'userAudit' => $user_audit]); } else if ($is_weba_activated) { - return view($response,'admin/profile/profile.twig',['email' => $email, 'username' => $username, 'status' => $status, 'role' => $role, 'qrcodeDataUri' => $qrcodeDataUri, 'secret' => $secret, 'csrf_name' => $csrfName, 'csrf_value' => $csrfValue, 'weba' => $is_weba_activated]); + return view($response,'admin/profile/profile.twig',['email' => $email, 'username' => $username, 'status' => $status, 'role' => $role, 'qrcodeDataUri' => $qrcodeDataUri, 'secret' => $secret, 'csrf_name' => $csrfName, 'csrf_value' => $csrfValue, 'weba' => $is_weba_activated, 'userAudit' => $user_audit]); } else { - return view($response,'admin/profile/profile.twig',['email' => $email, 'username' => $username, 'status' => $status, 'role' => $role, 'qrcodeDataUri' => $qrcodeDataUri, 'secret' => $secret, 'csrf_name' => $csrfName, 'csrf_value' => $csrfValue]); + return view($response,'admin/profile/profile.twig',['email' => $email, 'username' => $username, 'status' => $status, 'role' => $role, 'qrcodeDataUri' => $qrcodeDataUri, 'secret' => $secret, 'csrf_name' => $csrfName, 'csrf_value' => $csrfValue, 'userAudit' => $user_audit]); } } @@ -114,6 +118,21 @@ class ProfileController extends Controller } try { + $currentDateTime = new \DateTime(); + $currentDate = $currentDateTime->format('Y-m-d H:i:s.v'); // Current timestamp + $db->insert( + 'users_audit', + [ + 'user_id' => $_SESSION['auth_user_id'], + 'user_event' => 'user.enable.2fa', + 'user_resource' => 'control.panel', + 'user_agent' => $_SERVER['HTTP_USER_AGENT'], + 'user_ip' => get_client_ip(), + 'user_location' => get_client_location(), + 'event_time' => $currentDate, + 'user_data' => null + ] + ); $db->update( 'users', [ diff --git a/cp/bootstrap/helper.php b/cp/bootstrap/helper.php index cf4fde0..6078694 100644 --- a/cp/bootstrap/helper.php +++ b/cp/bootstrap/helper.php @@ -396,4 +396,33 @@ function createUuidFromId($id) { // Handle exception return null; } +} + +// Function to get the client IP address +function get_client_ip() { + $ipaddress = ''; + if (getenv('HTTP_CLIENT_IP')) + $ipaddress = getenv('HTTP_CLIENT_IP'); + else if(getenv('HTTP_X_FORWARDED_FOR')) + $ipaddress = getenv('HTTP_X_FORWARDED_FOR'); + else if(getenv('HTTP_X_FORWARDED')) + $ipaddress = getenv('HTTP_X_FORWARDED'); + else if(getenv('HTTP_FORWARDED_FOR')) + $ipaddress = getenv('HTTP_FORWARDED_FOR'); + else if(getenv('HTTP_FORWARDED')) + $ipaddress = getenv('HTTP_FORWARDED'); + else if(getenv('REMOTE_ADDR')) + $ipaddress = getenv('REMOTE_ADDR'); + else + $ipaddress = 'UNKNOWN'; + return $ipaddress; +} + +function get_client_location() { + $PublicIP = get_client_ip(); + $json = file_get_contents("http://ipinfo.io/$PublicIP/geo"); + $json = json_decode($json, true); + $country = $json['country']; + + return $country; } \ No newline at end of file diff --git a/cp/resources/views/admin/profile/profile.twig b/cp/resources/views/admin/profile/profile.twig index f9f336d..bab419d 100644 --- a/cp/resources/views/admin/profile/profile.twig +++ b/cp/resources/views/admin/profile/profile.twig @@ -36,6 +36,9 @@
  • WebAuthn
    • +
  • + Log +
    • @@ -158,19 +161,55 @@ - {% for device in weba %} - - {{ device.user_agent }} - {{ device.created_at }} - - Edit - - - {% else %} - - No devices found. - - {% endfor %} + {% for device in weba %} + + {{ device.user_agent }} + {{ device.created_at }} + + Edit + + + {% else %} + + No devices found. + + {% endfor %} + + +
    + + + +
    +

    User Audit Log

    +
    +
    +

    Track and review all user activities in your account below. Monitor logins, profile changes, and other key actions to ensure security and transparency.

    +
    + + + + + + + + + + + + {% for user in userAudit %} + + + + + + + + {% else %} + + + + {% endfor %}
    EventUser AgentIPLocationTimestamp
    {{ user.user_event }}{{ user.user_agent }}{{ user.user_ip }}{{ user.user_location }}{{ user.event_time }}
    No log data for user.
    diff --git a/database/registry.mariadb.sql b/database/registry.mariadb.sql index 5bce1b5..fd4a65c 100644 --- a/database/registry.mariadb.sql +++ b/database/registry.mariadb.sql @@ -601,6 +601,20 @@ CREATE TABLE IF NOT EXISTS `registry`.`users` ( UNIQUE KEY `email` (`email`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci COMMENT='Panel Users'; +CREATE TABLE IF NOT EXISTS `registry`.`users_audit` ( + `user_id` int(10) unsigned NOT NULL, + `user_event` VARCHAR(255) NOT NULL, + `user_resource` VARCHAR(255) default NULL, + `user_agent` VARCHAR(255) NOT NULL, + `user_ip` VARCHAR(45) NOT NULL, + `user_location` VARCHAR(45) default NULL, + `event_time` DATETIME(3) NOT NULL, + `user_data` JSON default NULL, + KEY `user_id` (`user_id`), + KEY `user_event` (`user_event`), + KEY `user_ip` (`user_ip`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci COMMENT='Panel User Audit'; + CREATE TABLE IF NOT EXISTS `registry`.`users_confirmations` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `user_id` int(10) unsigned NOT NULL, @@ -616,24 +630,24 @@ CREATE TABLE IF NOT EXISTS `registry`.`users_confirmations` ( CREATE TABLE IF NOT EXISTS `registry`.`users_remembered` ( `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, - `user` int(10) unsigned NOT NULL, + `user_id` int(10) unsigned NOT NULL, `selector` varchar(24) CHARACTER SET latin1 COLLATE latin1_general_cs NOT NULL, `token` varchar(255) CHARACTER SET latin1 COLLATE latin1_general_cs NOT NULL, `expires` int(10) unsigned NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `selector` (`selector`), - KEY `user` (`user`) + KEY `user_id` (`user_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci COMMENT='Panel Users Remember'; CREATE TABLE IF NOT EXISTS `registry`.`users_resets` ( `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, - `user` int(10) unsigned NOT NULL, + `user_id` int(10) unsigned NOT NULL, `selector` varchar(20) CHARACTER SET latin1 COLLATE latin1_general_cs NOT NULL, `token` varchar(255) CHARACTER SET latin1 COLLATE latin1_general_cs NOT NULL, `expires` int(10) unsigned NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `selector` (`selector`), - KEY `user_expires` (`user`,`expires`) + KEY `user_expires` (`user_id`,`expires`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci COMMENT='Panel Users Reset'; CREATE TABLE IF NOT EXISTS `registry`.`users_throttling` ( diff --git a/database/registry.postgres.sql b/database/registry.postgres.sql index e5f01ad..4b9b5dd 100644 --- a/database/registry.postgres.sql +++ b/database/registry.postgres.sql @@ -573,6 +573,20 @@ CREATE TABLE IF NOT EXISTS registry.users ( "backup_codes" TEXT, ); +CREATE TABLE IF NOT EXISTS registry.users_audit ( + "user_id" SERIAL PRIMARY KEY CHECK ("id" >= 0), + "user_event" VARCHAR(255) NOT NULL, + "user_resource" VARCHAR(255) DEFAULT NULL, + "user_agent" VARCHAR(255) NOT NULL, + "user_ip" VARCHAR(45) NOT NULL, + "user_location" VARCHAR(45) DEFAULT NULL, + "event_time" TIMESTAMP(3) NOT NULL, + "user_data" JSONB DEFAULT NULL, + CONSTRAINT pk_users_audit PRIMARY KEY (user_id) +); +CREATE INDEX idx_user_event ON registry.users_audit (user_event); +CREATE INDEX idx_user_ip ON registry.users_audit (user_ip); + CREATE TABLE IF NOT EXISTS registry.users_confirmations ( "id" SERIAL PRIMARY KEY CHECK ("id" >= 0), "user_id" INTEGER NOT NULL CHECK ("user_id" >= 0), @@ -586,21 +600,21 @@ CREATE INDEX IF NOT EXISTS "user_id" ON registry.users_confirmations ("user_id") CREATE TABLE IF NOT EXISTS registry.users_remembered ( "id" BIGSERIAL PRIMARY KEY CHECK ("id" >= 0), - "user" INTEGER NOT NULL CHECK ("user" >= 0), + "user_id" INTEGER NOT NULL CHECK ("user_id" >= 0), "selector" VARCHAR(24) UNIQUE NOT NULL, "token" VARCHAR(255) NOT NULL, "expires" INTEGER NOT NULL CHECK ("expires" >= 0) ); -CREATE INDEX IF NOT EXISTS "user" ON registry.users_remembered ("user"); +CREATE INDEX IF NOT EXISTS "user_id" ON registry.users_remembered ("user_id"); CREATE TABLE IF NOT EXISTS registry.users_resets ( "id" BIGSERIAL PRIMARY KEY CHECK ("id" >= 0), - "user" INTEGER NOT NULL CHECK ("user" >= 0), + "user_id" INTEGER NOT NULL CHECK ("user_id" >= 0), "selector" VARCHAR(20) UNIQUE NOT NULL, "token" VARCHAR(255) NOT NULL, "expires" INTEGER NOT NULL CHECK ("expires" >= 0) ); -CREATE INDEX IF NOT EXISTS "user_expires" ON registry.users_resets ("user", "expires"); +CREATE INDEX IF NOT EXISTS "user_expires" ON registry.users_resets ("user_id", "expires"); CREATE TABLE IF NOT EXISTS registry.users_throttling ( "bucket" VARCHAR(44) PRIMARY KEY, From b7c78e7eb501b414a53af6662fb1308c4361af91 Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Fri, 5 Jan 2024 14:50:50 +0200 Subject: [PATCH 21/57] Updates on the installer --- docs/install.sh | 63 +++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 51 insertions(+), 12 deletions(-) diff --git a/docs/install.sh b/docs/install.sh index f9352fc..f725fcb 100644 --- a/docs/install.sh +++ b/docs/install.sh @@ -6,6 +6,11 @@ prompt_for_input() { echo $response } +prompt_for_password() { + read -sp "$1: " password + echo $password +} + # Function to edit or add a configuration line in php.ini edit_php_ini() { local file=$1 @@ -34,21 +39,37 @@ if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" & YOUR_EMAIL=$(prompt_for_input "Enter your email for TLS") DB_TYPE=$(prompt_for_input "Enter preferred database type (MariaDB/PostgreSQL)") DB_USER=$(prompt_for_input "Enter database user") - DB_PASSWORD=$(prompt_for_input "Enter database password") + DB_PASSWORD=$(prompt_for_password "Enter database password") + echo "" # Add a newline after the password input PANEL_EMAIL=$(prompt_for_input "Enter panel admin email") - PANEL_PASSWORD=$(prompt_for_input "Enter panel admin password") + PANEL_PASSWORD=$(prompt_for_password "Enter panel admin password") + echo "" # Add a newline after the password input current_user=$(whoami) # Step 1 - Components Installation - echo "Installing required packages..." - apt install -y curl software-properties-common ufw - echo "Adding PHP repository..." - add-apt-repository ppa:ondrej/php -y - apt install -y debian-keyring debian-archive-keyring apt-transport-https - echo "Setting up Caddy repository..." - curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o caddy-stable.gpg.key - gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg caddy-stable.gpg.key - curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list + if [[ "$OS" == "Ubuntu" && "$VER" == "22.04" ]]; then + echo "Installing required packages..." + apt install -y curl software-properties-common ufw + echo "Adding PHP repository..." + add-apt-repository ppa:ondrej/php -y + apt install -y debian-keyring debian-archive-keyring apt-transport-https + echo "Setting up Caddy repository..." + curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o caddy-stable.gpg.key + gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg caddy-stable.gpg.key + curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list + elif [[ "$OS" == "Debian GNU/Linux" && "$VER" == "12" ]]; then + echo "Installing required packages..." + apt install -y curl software-properties-common ufw gnupg + echo "Adding PHP repository..." + wget -qO - https://packages.sury.org/php/apt.gpg | apt-key add - + echo "deb https://packages.sury.org/php/ bookworm main" | tee /etc/apt/sources.list.d/php.list + apt install -y debian-keyring debian-archive-keyring apt-transport-https + echo "Setting up Caddy repository..." + curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' -o caddy-stable.gpg.key + gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg caddy-stable.gpg.key + curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | tee /etc/apt/sources.list.d/caddy-stable.list + fi + echo "Updating package lists and upgrading packages..." apt update -y && apt upgrade -y echo "Installing additional required packages..." @@ -89,7 +110,10 @@ if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" & if [ "$DB_TYPE" == "MariaDB" ]; then echo "Setting up MariaDB..." curl -o /etc/apt/keyrings/mariadb-keyring.pgp 'https://mariadb.org/mariadb_release_signing_key.pgp' - cat > /etc/apt/sources.list.d/mariadb.sources << EOF + + # Check for Ubuntu 22.04 or Debian 12 + if [[ "$OS" == "Ubuntu" && "$VER" == "22.04" ]]; then + cat > /etc/apt/sources.list.d/mariadb.sources << EOF # MariaDB 10.11 repository list - created 2023-12-02 22:16 UTC # https://mariadb.org/download/ X-Repolib-Name: MariaDB @@ -100,6 +124,21 @@ if [[ ("$OS" == "Ubuntu" && "$VER" == "22.04") || ("$OS" == "Debian GNU/Linux" & Components: main main/debug Signed-By: /etc/apt/keyrings/mariadb-keyring.pgp EOF + elif [[ "$OS" == "Debian GNU/Linux" && "$VER" == "12" ]]; then + cat > /etc/apt/sources.list.d/mariadb.sources << EOF + # MariaDB 10.11 repository list - created 2024-01-05 12:23 UTC + # https://mariadb.org/download/ + X-Repolib-Name: MariaDB + Types: deb + # deb.mariadb.org is a dynamic mirror if your preferred mirror goes offline. See https://mariadb.org/mirrorbits/ for details. + # URIs: https://deb.mariadb.org/10.11/debian + URIs: https://mirrors.chroot.ro/mariadb/repo/10.11/debian + Suites: bookworm + Components: main + Signed-By: /etc/apt/keyrings/mariadb-keyring.pgp +EOF + fi + apt-get update apt install -y mariadb-client mariadb-server php8.2-mysql echo "Please follow the prompts for secure installation of MariaDB." From 0cec56475a3a8631cd98313020af2f808d2949da Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Fri, 5 Jan 2024 15:55:57 +0200 Subject: [PATCH 22/57] Major PostgreSQL update --- database/registry.postgres.sql | 171 +++++++++++++-------------------- docs/install.md | 4 +- docs/install.sh | 8 +- 3 files changed, 78 insertions(+), 105 deletions(-) diff --git a/database/registry.postgres.sql b/database/registry.postgres.sql index 4b9b5dd..a869f55 100644 --- a/database/registry.postgres.sql +++ b/database/registry.postgres.sql @@ -1,7 +1,3 @@ -CREATE SCHEMA registry; -CREATE SCHEMA registryTransaction; -CREATE SCHEMA registryAudit; - SET search_path TO registry, registryTransaction, registryAudit, public; CREATE TABLE registry.launch_phases ( @@ -14,7 +10,6 @@ CREATE TABLE registry.launch_phases ( "start_date" TIMESTAMP(3) NOT NULL, "end_date" TIMESTAMP(3) DEFAULT NULL, "lastupdate" timestamp(3), - FOREIGN KEY ("tld_id") REFERENCES registry.domain_tld("id"), UNIQUE(phase_name) ); @@ -34,7 +29,6 @@ CREATE TABLE registry.domain_tld ( "idn_table" varchar(255) NOT NULL, "secure" SMALLINT NOT NULL, "launch_phase_id" INTEGER DEFAULT NULL, - FOREIGN KEY (launch_phase_id) REFERENCES launch_phase(id), unique ("tld") ); @@ -80,29 +74,26 @@ CREATE TABLE registry.allocation_tokens ( "tlds" JSON, "eppActions" JSON, "reducePremium" BOOLEAN NOT NULL, - "reduceYears" INT NOT NULL CHECK (reduceYears BETWEEN 0 AND 10), + "reduceYears" INT NOT NULL CHECK ("reduceYears" BETWEEN 0 AND 10), PRIMARY KEY (token) ); CREATE TABLE registry.error_log ( - "id" INT(11) NOT NULL AUTO_INCREMENT, - "registrar_id" int CHECK ("registrar_id" >= 0) NOT NULL,, + "id" SERIAL PRIMARY KEY, + "registrar_id" int CHECK ("registrar_id" >= 0) NOT NULL, "log" TEXT NOT NULL, - "date" TIMESTAMP(3) DEFAULT CURRENT_TIMESTAMP, - primary key ("id"), - FOREIGN KEY (registrar_id) REFERENCES registrar(id) + "date" TIMESTAMP(3) DEFAULT CURRENT_TIMESTAMP ); CREATE TABLE registry.reserved_domain_names ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "name" varchar(68) NOT NULL, "type" varchar CHECK ("type" IN ( 'reserved','restricted' )) NOT NULL default 'reserved', - primary key ("id"), unique ("name") ); CREATE TABLE registry.registrar ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "name" varchar(255) NOT NULL, "iana_id" int DEFAULT NULL, "clid" varchar(16) NOT NULL, @@ -122,9 +113,8 @@ CREATE TABLE registry.registrar ( "vat_number" VARCHAR(30) DEFAULT NULL, "crdate" timestamp(3) without time zone NOT NULL, "lastupdate" timestamp(3), - primary key ("id"), - unique ("clid") , - unique ("prefix") , + unique ("clid"), + unique ("prefix"), unique ("email") ); @@ -140,15 +130,14 @@ CREATE TRIGGER add_current_date_to_registrar BEFORE UPDATE ON registry.registrar update_registrar(); CREATE TABLE registry.registrar_whitelist ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "registrar_id" int CHECK ("registrar_id" >= 0) NOT NULL, "addr" varchar(45) NOT NULL, - primary key ("id"), unique ("registrar_id", "addr") ); CREATE TABLE registry.registrar_contact ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "registrar_id" int CHECK ("registrar_id" >= 0) NOT NULL, "type" varchar CHECK ("type" IN ( 'owner','admin','billing','tech','abuse' )) NOT NULL default 'admin', "title" varchar(255) default NULL, @@ -166,7 +155,6 @@ CREATE TABLE registry.registrar_contact ( "voice" varchar(17) default NULL, "fax" varchar(17) default NULL, "email" varchar(255) NOT NULL, - primary key ("id"), unique ("registrar_id", "type") ); @@ -178,7 +166,7 @@ CREATE TABLE registry.registrar_ote ( ); CREATE TABLE registry.poll ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "registrar_id" int CHECK ("registrar_id" >= 0) NOT NULL, "qdate" timestamp(3) without time zone NOT NULL, "msg" text default NULL, @@ -194,21 +182,19 @@ CREATE TABLE registry.poll ( "creditlimit" decimal(12,2) default '0.00', "creditthreshold" decimal(12,2) default '0.00', "creditthresholdtype" varchar CHECK ("creditthresholdtype" IN ( 'FIXED','PERCENT' )), - "availablecredit" decimal(12,2) default '0.00', - primary key ("id") + "availablecredit" decimal(12,2) default '0.00' ); CREATE TABLE registry.payment_history ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "registrar_id" int CHECK ("registrar_id" >= 0) NOT NULL, "date" timestamp(3) without time zone NOT NULL, "description" text NOT NULL, - "amount" decimal(12,2) NOT NULL, - primary key ("id") + "amount" decimal(12,2) NOT NULL ); CREATE TABLE registry.statement ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "registrar_id" int CHECK ("registrar_id" >= 0) NOT NULL, "date" timestamp(3) without time zone NOT NULL, "command" varchar CHECK ("command" IN ( 'create','renew','transfer','restore','autoRenew' )) NOT NULL default 'create', @@ -216,8 +202,7 @@ CREATE TABLE registry.statement ( "length_in_months" smallint CHECK ("length_in_months" >= 0) NOT NULL, "fromS" timestamp(3) without time zone NOT NULL, "toS" timestamp(3) without time zone NOT NULL, - "amount" decimal(12,2) NOT NULL, - primary key ("id") + "amount" decimal(12,2) NOT NULL ); CREATE TABLE registry.invoices ( @@ -231,13 +216,11 @@ CREATE TABLE registry.invoices ( "payment_status" VARCHAR(10) DEFAULT 'unpaid' CHECK (payment_status IN ('unpaid', 'paid', 'overdue', 'cancelled')), "notes" TEXT DEFAULT NULL, "created_at" TIMESTAMP(3) DEFAULT CURRENT_TIMESTAMP, - "updated_at" TIMESTAMP(3) DEFAULT CURRENT_TIMESTAMP, - FOREIGN KEY (registrar_id) REFERENCES registrar(id), - FOREIGN KEY (billing_contact_id) REFERENCES registrar_contact(id) + "updated_at" TIMESTAMP(3) DEFAULT CURRENT_TIMESTAMP ); CREATE TABLE registry.contact ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "identifier" varchar(255) NOT NULL, "voice" varchar(17) default NULL, "voice_x" int default NULL, @@ -260,12 +243,11 @@ CREATE TABLE registry.contact ( "disclose_voice" varchar CHECK ("disclose_voice" IN ( '0','1' )) NOT NULL default '1', "disclose_fax" varchar CHECK ("disclose_fax" IN ( '0','1' )) NOT NULL default '1', "disclose_email" varchar CHECK ("disclose_email" IN ( '0','1' )) NOT NULL default '1', - primary key ("id"), unique ("identifier") ); CREATE TABLE registry.contact_postalinfo ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "contact_id" int CHECK ("contact_id" >= 0) NOT NULL, "type" varchar CHECK ("type" IN ( 'int','loc' )) NOT NULL default 'int', "name" varchar(255) NOT NULL, @@ -283,29 +265,26 @@ CREATE TABLE registry.contact_postalinfo ( "disclose_org_loc" varchar CHECK ("disclose_org_loc" IN ( '0','1' )) NOT NULL default '1', "disclose_addr_int" varchar CHECK ("disclose_addr_int" IN ( '0','1' )) NOT NULL default '1', "disclose_addr_loc" varchar CHECK ("disclose_addr_loc" IN ( '0','1' )) NOT NULL default '1', - primary key ("id"), unique ("contact_id", "type") ); CREATE TABLE registry.contact_authinfo ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "contact_id" int CHECK ("contact_id" >= 0) NOT NULL, "authtype" varchar CHECK ("authtype" IN ( 'pw','ext' )) NOT NULL default 'pw', "authinfo" varchar(64) NOT NULL, - primary key ("id"), unique ("contact_id") ); CREATE TABLE registry.contact_status ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "contact_id" int CHECK ("contact_id" >= 0) NOT NULL, "status" varchar CHECK ("status" IN ( 'clientDeleteProhibited','clientTransferProhibited','clientUpdateProhibited','linked','ok','pendingCreate','pendingDelete','pendingTransfer','pendingUpdate','serverDeleteProhibited','serverTransferProhibited','serverUpdateProhibited' )) NOT NULL default 'ok', - primary key ("id"), unique ("contact_id", "status") ); CREATE TABLE registry.domain ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "name" varchar(68) NOT NULL, "tldid" int CHECK ("tldid" >= 0) NOT NULL, "registrant" int CHECK ("registrant" >= 0) default NULL, @@ -349,12 +328,11 @@ CREATE TABLE registry.domain ( "tm_notice_validator" VARCHAR(30) DEFAULT NULL, "tm_smd_id" TEXT DEFAULT NULL, "tm_phase" text DEFAULT 'NONE'::text NOT NULL, - primary key ("id"), unique ("name") ); CREATE TABLE registry.application ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "name" varchar(68) NOT NULL, "tldid" int CHECK ("tldid" >= 0) NOT NULL, "registrant" int CHECK ("registrant" >= 0) default NULL, @@ -384,55 +362,49 @@ CREATE TABLE registry.application ( "tm_notice_id" VARCHAR(150) DEFAULT NULL, "tm_notice_validator" VARCHAR(30) DEFAULT NULL, "tm_smd_id" TEXT DEFAULT NULL, - "tm_phase" text DEFAULT 'NONE'::text NOT NULL, - primary key ("id") + "tm_phase" text DEFAULT 'NONE'::text NOT NULL ); CREATE TABLE registry.domain_contact_map ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "domain_id" int CHECK ("domain_id" >= 0) NOT NULL, "contact_id" int CHECK ("contact_id" >= 0) NOT NULL, "type" varchar CHECK ("type" IN ( 'admin','billing','tech' )) NOT NULL default 'admin', - primary key ("id"), unique ("domain_id", "contact_id", "type") ); CREATE TABLE registry.application_contact_map ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "domain_id" int CHECK ("domain_id" >= 0) NOT NULL, "contact_id" int CHECK ("contact_id" >= 0) NOT NULL, "type" varchar CHECK ("type" IN ( 'admin','billing','tech' )) NOT NULL default 'admin', - primary key ("id"), unique ("domain_id", "contact_id", "type") ); CREATE TABLE registry.domain_authinfo ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "domain_id" int CHECK ("domain_id" >= 0) NOT NULL, "authtype" varchar CHECK ("authtype" IN ( 'pw','ext' )) NOT NULL default 'pw', "authinfo" varchar(64) NOT NULL, - primary key ("id"), unique ("domain_id") ); CREATE TABLE registry.domain_status ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "domain_id" int CHECK ("domain_id" >= 0) NOT NULL, "status" varchar CHECK ("status" IN ( 'clientDeleteProhibited','clientHold','clientRenewProhibited','clientTransferProhibited','clientUpdateProhibited','inactive','ok','pendingCreate','pendingDelete','pendingRenew','pendingTransfer','pendingUpdate','serverDeleteProhibited','serverHold','serverRenewProhibited','serverTransferProhibited','serverUpdateProhibited' )) NOT NULL default 'ok', - primary key ("id"), unique ("domain_id", "status") ); CREATE TABLE registry.application_status ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "domain_id" int CHECK ("domain_id" >= 0) NOT NULL, "status" varchar CHECK ("status" IN ( 'pendingValidation','validated','invalid','pendingAllocation','allocated','rejected','custom' )) NOT NULL default 'pendingValidation', - primary key ("id"), unique ("domain_id", "status") ); CREATE TABLE registry.secdns ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "domain_id" int CHECK ("domain_id" >= 0) NOT NULL, "maxsiglife" int CHECK ("maxsiglife" >= 0) default '604800', "interface" varchar CHECK ("interface" IN ( 'dsData','keyData' )) NOT NULL default 'dsData', @@ -444,12 +416,11 @@ CREATE TABLE registry.secdns ( "protocol" smallint CHECK ("protocol" >= 0) default NULL, "keydata_alg" smallint CHECK ("keydata_alg" >= 0) default NULL, "pubkey" varchar(255) default NULL, - primary key ("id"), unique ("domain_id", "digest") ); CREATE TABLE registry.host ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "name" varchar(255) NOT NULL, "domain_id" int CHECK ("domain_id" >= 0) default NULL, "clid" int CHECK ("clid" >= 0) NOT NULL, @@ -458,45 +429,40 @@ CREATE TABLE registry.host ( "upid" int CHECK ("upid" >= 0) default NULL, "lastupdate" timestamp(3) without time zone default NULL, "trdate" timestamp(3) without time zone default NULL, - primary key ("id"), unique ("name") ); CREATE TABLE registry.domain_host_map ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "domain_id" int CHECK ("domain_id" >= 0) NOT NULL, "host_id" int CHECK ("host_id" >= 0) NOT NULL, - primary key ("id"), unique ("domain_id", "host_id") ); CREATE TABLE registry.application_host_map ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "domain_id" int CHECK ("domain_id" >= 0) NOT NULL, "host_id" int CHECK ("host_id" >= 0) NOT NULL, - primary key ("id"), unique ("domain_id", "host_id") ); CREATE TABLE registry.host_addr ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "host_id" int CHECK ("host_id" >= 0) NOT NULL, "addr" varchar(45) NOT NULL, "ip" varchar CHECK ("ip" IN ( 'v4','v6' )) NOT NULL default 'v4', - primary key ("id"), unique ("host_id", "addr", "ip") ); CREATE TABLE registry.host_status ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "host_id" int CHECK ("host_id" >= 0) NOT NULL, "status" varchar CHECK ("status" IN ( 'clientDeleteProhibited','clientUpdateProhibited','linked','ok','pendingCreate','pendingDelete','pendingTransfer','pendingUpdate','serverDeleteProhibited','serverUpdateProhibited' )) NOT NULL default 'ok', - primary key ("id"), unique ("host_id", "status") ); CREATE TABLE registry.domain_auto_approve_transfer ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "name" varchar(68) NOT NULL, "registrant" int CHECK ("registrant" >= 0) default NULL, "crdate" timestamp(3) without time zone NOT NULL, @@ -511,12 +477,11 @@ CREATE TABLE registry.domain_auto_approve_transfer ( "redate" timestamp(3) without time zone default NULL, "acid" int CHECK ("acid" >= 0) default NULL, "acdate" timestamp(3) without time zone default NULL, - "transfer_exdate" timestamp(3) without time zone default NULL, - primary key ("id") + "transfer_exdate" timestamp(3) without time zone default NULL ); CREATE TABLE registry.contact_auto_approve_transfer ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "identifier" varchar(255) NOT NULL, "voice" varchar(17) default NULL, "voice_x" int default NULL, @@ -538,12 +503,11 @@ CREATE TABLE registry.contact_auto_approve_transfer ( "acdate" timestamp(3) without time zone default NULL, "disclose_voice" varchar CHECK ("disclose_voice" IN ( '0','1' )) NOT NULL default '1', "disclose_fax" varchar CHECK ("disclose_fax" IN ( '0','1' )) NOT NULL default '1', - "disclose_email" varchar CHECK ("disclose_email" IN ( '0','1' )) NOT NULL default '1', - primary key ("id") + "disclose_email" varchar CHECK ("disclose_email" IN ( '0','1' )) NOT NULL default '1' ); CREATE TABLE registry.statistics ( - "id" serial8, + "id" SERIAL PRIMARY KEY, "date" date NOT NULL, "total_domains" int CHECK ("total_domains" >= 0) NOT NULL DEFAULT '0', "created_domains" int CHECK ("created_domains" >= 0) NOT NULL DEFAULT '0', @@ -551,7 +515,6 @@ CREATE TABLE registry.statistics ( "transfered_domains" int CHECK ("transfered_domains" >= 0) NOT NULL DEFAULT '0', "deleted_domains" int CHECK ("deleted_domains" >= 0) NOT NULL DEFAULT '0', "restored_domains" int CHECK ("restored_domains" >= 0) NOT NULL DEFAULT '0', - primary key ("id"), unique ("date") ); @@ -570,19 +533,18 @@ CREATE TABLE IF NOT EXISTS registry.users ( "tfa_secret" VARCHAR(32), "tfa_enabled" BOOLEAN DEFAULT false, "auth_method" VARCHAR(255) DEFAULT 'password', - "backup_codes" TEXT, + "backup_codes" TEXT ); CREATE TABLE IF NOT EXISTS registry.users_audit ( - "user_id" SERIAL PRIMARY KEY CHECK ("id" >= 0), + "user_id" SERIAL PRIMARY KEY CHECK ("user_id" >= 0), "user_event" VARCHAR(255) NOT NULL, "user_resource" VARCHAR(255) DEFAULT NULL, "user_agent" VARCHAR(255) NOT NULL, "user_ip" VARCHAR(45) NOT NULL, "user_location" VARCHAR(45) DEFAULT NULL, "event_time" TIMESTAMP(3) NOT NULL, - "user_data" JSONB DEFAULT NULL, - CONSTRAINT pk_users_audit PRIMARY KEY (user_id) + "user_data" JSONB DEFAULT NULL ); CREATE INDEX idx_user_event ON registry.users_audit (user_event); CREATE INDEX idx_user_ip ON registry.users_audit (user_ip); @@ -633,21 +595,16 @@ CREATE TABLE IF NOT EXISTS registry.users_webauthn ( "sign_count" BIGINT NOT NULL, "user_agent" TEXT, "created_at" TIMESTAMP(3) WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, - "last_used_at" TIMESTAMP(3) WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP, - FOREIGN KEY (user_id) REFERENCES users(id) + "last_used_at" TIMESTAMP(3) WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP ); CREATE TABLE IF NOT EXISTS registry.registrar_users ( - "registrar_id" int NOT NULL, - "user_id" int NOT NULL, - "PRIMARY KEY" (registrar_id, user_id), - "FOREIGN KEY" (registrar_id) REFERENCES registrar(id) ON DELETE CASCADE, - "FOREIGN KEY" (user_id) REFERENCES users(id) ON DELETE CASCADE -) WITH (OIDS=FALSE); -COMMENT ON TABLE registrar_users IS 'Linking Registrars with Panel Users'; + "registrar_id" int NOT NULL PRIMARY KEY, + "user_id" int NOT NULL +); CREATE TABLE registry.urs_actions ( - "id" serial8 PRIMARY KEY, + "id" SERIAL PRIMARY KEY, "domain_name" VARCHAR(255) NOT NULL, "urs_provider" VARCHAR(255) NOT NULL, "action_date" DATE NOT NULL, @@ -660,7 +617,7 @@ CREATE TYPE status_enum AS ENUM ('Deposited', 'Retrieved', 'Failed'); CREATE TYPE verification_status_enum AS ENUM ('Verified', 'Failed', 'Pending'); CREATE TABLE registry.rde_escrow_deposits ( - "id" serial8 PRIMARY KEY, + "id" SERIAL PRIMARY KEY, "deposit_id" VARCHAR(255) UNIQUE, -- Unique deposit identifier "deposit_date" DATE NOT NULL, "revision" INTEGER NOT NULL DEFAULT 1, @@ -710,8 +667,7 @@ CREATE TABLE registry.promotion_pricing ( "created_by" varchar(255), "created_at" timestamp(3) without time zone, "updated_by" varchar(255), - "updated_at" timestamp(3) without time zone, - FOREIGN KEY ("tld_id") REFERENCES registry.domain_tld("id") + "updated_at" timestamp(3) without time zone ); CREATE INDEX idx_promotion_pricing_tld_id ON promotion_pricing (tld_id); @@ -727,9 +683,7 @@ CREATE TABLE registry.premium_domain_pricing ( "id" serial8 PRIMARY KEY, "domain_name" VARCHAR(255) NOT NULL, "tld_id" INT CHECK ("tld_id" >= 0) NOT NULL, - "category_id" INT, - FOREIGN KEY ("tld_id") REFERENCES registry.domain_tld("id"), - FOREIGN KEY ("category_id") REFERENCES registry.premium_domain_categories("category_id") + "category_id" INT ); -- Create custom types for status and priority @@ -756,9 +710,7 @@ CREATE TABLE registry.support_tickets ( "relevant_urls" TEXT DEFAULT NULL, "date_of_incident" DATE DEFAULT NULL, "date_created" TIMESTAMP(3) WITHOUT TIME ZONE DEFAULT CURRENT_TIMESTAMP, - "last_updated" TIMESTAMP(3) WITHOUT TIME ZONE DEFAULT CURRENT_TIMESTAMP, - FOREIGN KEY (user_id) REFERENCES registry.users(id), - FOREIGN KEY (category_id) REFERENCES registry.ticket_categories(id) + "last_updated" TIMESTAMP(3) WITHOUT TIME ZONE DEFAULT CURRENT_TIMESTAMP ); CREATE TABLE registry.ticket_responses ( @@ -766,8 +718,7 @@ CREATE TABLE registry.ticket_responses ( "ticket_id" INTEGER NOT NULL, "responder_id" INTEGER NOT NULL, "response" TEXT NOT NULL, - "date_created" TIMESTAMP(3) WITHOUT TIME ZONE DEFAULT CURRENT_TIMESTAMP, - FOREIGN KEY (ticket_id) REFERENCES support_tickets(id) + "date_created" TIMESTAMP(3) WITHOUT TIME ZONE DEFAULT CURRENT_TIMESTAMP ); CREATE TABLE registry.tmch_claims ( @@ -855,9 +806,17 @@ INSERT INTO registry.settings (name, value) VALUES ('whois_server', 'whois.example.com'), ('rdap_server', 'https://rdap.example.com'); +ALTER TABLE registry.domain_tld ADD FOREIGN KEY (launch_phase_id) REFERENCES registry.launch_phases(id); +ALTER TABLE registry.launch_phases ADD FOREIGN KEY (tld_id) REFERENCES registry.domain_tld(id); +ALTER TABLE registry.error_log ADD FOREIGN KEY (registrar_id) REFERENCES registry.registrar(id); +ALTER TABLE registry.invoices ADD FOREIGN KEY (registrar_id) REFERENCES registry.registrar(id); +ALTER TABLE registry.invoices ADD FOREIGN KEY (billing_contact_id) REFERENCES registry.registrar_contact(id); +ALTER TABLE registry.users_webauthn ADD FOREIGN KEY (user_id) REFERENCES users(id); ALTER TABLE registry.domain_price ADD FOREIGN KEY ("tldid") REFERENCES registry.domain_tld ("id"); ALTER TABLE registry.domain_restore_price ADD FOREIGN KEY ("tldid") REFERENCES registry.domain_tld ("id"); ALTER TABLE registry.registrar_whitelist ADD FOREIGN KEY ("registrar_id") REFERENCES registry.registrar ("id"); +ALTER TABLE registry.registrar_users ADD FOREIGN KEY (registrar_id) REFERENCES registry.registrar(id) ON DELETE CASCADE; +ALTER TABLE registry.registrar_users ADD FOREIGN KEY (user_id) REFERENCES registry.users(id) ON DELETE CASCADE; ALTER TABLE registry.registrar_contact ADD FOREIGN KEY ("registrar_id") REFERENCES registry.registrar ("id"); ALTER TABLE registry.poll ADD FOREIGN KEY ("registrar_id") REFERENCES registry.registrar ("id"); ALTER TABLE registry.payment_history ADD FOREIGN KEY ("registrar_id") REFERENCES registry.registrar ("id"); @@ -893,7 +852,13 @@ ALTER TABLE registry.application_host_map ADD FOREIGN KEY ("domain_id") REFERENC ALTER TABLE registry.application_host_map ADD FOREIGN KEY ("host_id") REFERENCES registry.host ("id"); ALTER TABLE registry.host_addr ADD FOREIGN KEY ("host_id") REFERENCES registry.host ("id"); ALTER TABLE registry.host_status ADD FOREIGN KEY ("host_id") REFERENCES registry.host ("id"); - +ALTER TABLE registry.promotion_pricing ADD FOREIGN KEY ("tld_id") REFERENCES registry.domain_tld("id"); +ALTER TABLE registry.premium_domain_pricing ADD FOREIGN KEY ("tld_id") REFERENCES registry.domain_tld("id"); +ALTER TABLE registry.premium_domain_pricing ADD FOREIGN KEY ("category_id") REFERENCES registry.premium_domain_categories("category_id"); +ALTER TABLE registry.support_tickets ADD FOREIGN KEY ("user_id") REFERENCES registry.users(id); +ALTER TABLE registry.support_tickets ADD FOREIGN KEY ("category_id") REFERENCES registry.ticket_categories(id); +ALTER TABLE registry.ticket_responses ADD FOREIGN KEY ("ticket_id") REFERENCES registry.support_tickets(id); + CREATE TABLE registryTransaction.transaction_identifier ( id BIGSERIAL PRIMARY KEY, registrar_id INT NOT NULL, diff --git a/docs/install.md b/docs/install.md index 38f6cc1..02f1a13 100644 --- a/docs/install.md +++ b/docs/install.md @@ -125,7 +125,9 @@ Now you need to update PostgreSQL Admin User Password: sudo -u postgres psql postgres=# postgres=# ALTER USER postgres PASSWORD 'demoPassword'; -postgres=# CREATE DATABASE registry; +postgres=# CREATE SCHEMA registry; +postgres=# CREATE SCHEMA registryTransaction; +postgres=# CREATE SCHEMA registryAudit; postgres=# \q ``` diff --git a/docs/install.sh b/docs/install.sh index f725fcb..f4e7ad2 100644 --- a/docs/install.sh +++ b/docs/install.sh @@ -166,7 +166,13 @@ EOF psql --version echo "Configuring PostgreSQL..." sudo -u postgres psql -c "ALTER USER postgres PASSWORD '$DB_PASSWORD';" - sudo -u postgres psql -c "CREATE DATABASE registry;" + sudo -u postgres psql -c "CREATE SCHEMA registry;" + sudo -u postgres psql -c "CREATE SCHEMA registryTransaction;" + sudo -u postgres psql -c "CREATE SCHEMA registryAudit;" + + echo "Importing SQL file into PostgreSQL..." + psql -U postgres -d postgres -f /opt/registry/database/registry.postgres.sql + echo "SQL import completed." fi mkdir /usr/share/adminer From c256cd9fc9d34539c53512c039afd1d9a153418a Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Fri, 5 Jan 2024 22:11:06 +0200 Subject: [PATCH 23/57] Another PgSQL update --- cp/bin/create_admin_user.php | 10 +- cp/bootstrap/database.php | 2 +- cp/config/app.php | 1 - database/registry.postgres.sql | 293 ++++++++++------------ database/registryTransaction.postgres.sql | 19 ++ docs/install.md | 8 +- docs/install.sh | 11 +- 7 files changed, 173 insertions(+), 171 deletions(-) create mode 100644 database/registryTransaction.postgres.sql diff --git a/cp/bin/create_admin_user.php b/cp/bin/create_admin_user.php index 9ccb24d..6e77b47 100644 --- a/cp/bin/create_admin_user.php +++ b/cp/bin/create_admin_user.php @@ -6,6 +6,7 @@ $dotenv = Dotenv\Dotenv::createImmutable(__DIR__ . '/..'); $dotenv->load(); // Retrieve database connection details from environment variables +$dbDriver = $_ENV['DB_DRIVER']; $dbHost = $_ENV['DB_HOST']; $dbName = $_ENV['DB_DATABASE']; $dbUser = $_ENV['DB_USERNAME']; @@ -26,12 +27,17 @@ $hashedPassword = password_hash($newPW, PASSWORD_ARGON2ID, $options); try { // Create PDO instance - $pdo = new PDO("mysql:host=$dbHost;dbname=$dbName;charset=utf8", $dbUser, $dbPass); + if ($dbDriver == 'mysql') { + $dsn = "mysql:host=$dbHost;dbname=$dbName;charset=utf8"; + } elseif ($dbDriver == 'pgsql') { + $dsn = "pgsql:host=$dbHost;dbname=$dbName"; + } + $pdo = new PDO($dsn, $dbUser, $dbPass); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // SQL query $sql = "INSERT INTO users (email, password, username, status, verified, resettable, roles_mask, registered, last_login, force_logout, tfa_secret, tfa_enabled, auth_method, backup_codes) - VALUES (:email, :password, :username, 0, 1, 1, 0, 1, NULL, 0, NULL, 0, 'password', NULL)"; + VALUES (:email, :password, :username, 0, 1, 1, 0, 1, NULL, 0, NULL, false, 'password', NULL)"; // Prepare and execute SQL statement $stmt = $pdo->prepare($sql); diff --git a/cp/bootstrap/database.php b/cp/bootstrap/database.php index 3e953d8..9e34d90 100644 --- a/cp/bootstrap/database.php +++ b/cp/bootstrap/database.php @@ -13,7 +13,7 @@ elseif (config('default') == 'sqlite') { } // PostgreSQL Connection elseif (config('default') == 'pgsql') { - $pdo = new \PDO($config['pgsql']['driver'].':dbname='.$config['pgsql']['database'].';host='.$config['pgsql']['host'].';charset='.$config['pgsql']['charset'].'', $config['pgsql']['username'], $config['pgsql']['password']); + $pdo = new \PDO($config['pgsql']['driver'].':dbname='.$config['pgsql']['database'].';host='.$config['pgsql']['host'].';', $config['pgsql']['username'], $config['pgsql']['password']); $db = \Pinga\Db\PdoDatabase::fromPdo($pdo); } // SQL Server Connection diff --git a/cp/config/app.php b/cp/config/app.php index 20230e1..b252e9e 100644 --- a/cp/config/app.php +++ b/cp/config/app.php @@ -43,7 +43,6 @@ return [ 'database' => $_ENV['DB_DATABASE'] ?? 'db_username', 'username' => $_ENV['DB_USERNAME'] ?? 'db_password', 'password' => $_ENV['DB_PASSWORD'] ?? '', - 'charset' => 'utf8', 'prefix' => '', 'schema' => 'public', 'sslmode' => 'prefer', diff --git a/database/registry.postgres.sql b/database/registry.postgres.sql index a869f55..0f4bb45 100644 --- a/database/registry.postgres.sql +++ b/database/registry.postgres.sql @@ -1,6 +1,4 @@ -SET search_path TO registry, registryTransaction, registryAudit, public; - -CREATE TABLE registry.launch_phases ( +CREATE TABLE launch_phases ( "id" SERIAL PRIMARY KEY, "tld_id" INT CHECK ("tld_id" >= 0), "phase_name" VARCHAR(75) DEFAULT NULL, @@ -20,10 +18,10 @@ BEGIN END; ' LANGUAGE 'plpgsql'; -CREATE TRIGGER add_current_date_to_launch_phases BEFORE UPDATE ON registry.launch_phases FOR EACH ROW EXECUTE PROCEDURE +CREATE TRIGGER add_current_date_to_launch_phases BEFORE UPDATE ON launch_phases FOR EACH ROW EXECUTE PROCEDURE update_phases(); -CREATE TABLE registry.domain_tld ( +CREATE TABLE domain_tld ( "id" SERIAL PRIMARY KEY, "tld" varchar(32) NOT NULL, "idn_table" varchar(255) NOT NULL, @@ -32,13 +30,13 @@ CREATE TABLE registry.domain_tld ( unique ("tld") ); -CREATE TABLE registry.settings ( +CREATE TABLE settings ( "name" varchar(64) NOT NULL, "value" varchar(255) default NULL, PRIMARY KEY ("name") ); -CREATE TABLE registry.domain_price ( +CREATE TABLE domain_price ( "id" SERIAL PRIMARY KEY, "tldid" int CHECK ("tldid" >= 0) NOT NULL, "command" varchar CHECK ("command" IN ( 'create','renew','transfer' )) NOT NULL default 'create', @@ -56,14 +54,14 @@ CREATE TABLE registry.domain_price ( unique ("tldid", "command") ); -CREATE TABLE registry.domain_restore_price ( +CREATE TABLE domain_restore_price ( "id" SERIAL PRIMARY KEY, "tldid" int CHECK ("tldid" >= 0) NOT NULL, "price" decimal(10,2) NOT NULL default '0.00', unique ("tldid") ); -CREATE TABLE registry.allocation_tokens ( +CREATE TABLE allocation_tokens ( "token" VARCHAR(255) NOT NULL, "domain_name" VARCHAR(255), "tokenStatus" VARCHAR(100), @@ -78,21 +76,21 @@ CREATE TABLE registry.allocation_tokens ( PRIMARY KEY (token) ); -CREATE TABLE registry.error_log ( +CREATE TABLE error_log ( "id" SERIAL PRIMARY KEY, "registrar_id" int CHECK ("registrar_id" >= 0) NOT NULL, "log" TEXT NOT NULL, "date" TIMESTAMP(3) DEFAULT CURRENT_TIMESTAMP ); -CREATE TABLE registry.reserved_domain_names ( +CREATE TABLE reserved_domain_names ( "id" SERIAL PRIMARY KEY, "name" varchar(68) NOT NULL, "type" varchar CHECK ("type" IN ( 'reserved','restricted' )) NOT NULL default 'reserved', unique ("name") ); -CREATE TABLE registry.registrar ( +CREATE TABLE registrar ( "id" SERIAL PRIMARY KEY, "name" varchar(255) NOT NULL, "iana_id" int DEFAULT NULL, @@ -126,17 +124,17 @@ END; ' LANGUAGE 'plpgsql'; -- before INSERT is handled by 'default CURRENT_TIMESTAMP' -CREATE TRIGGER add_current_date_to_registrar BEFORE UPDATE ON registry.registrar FOR EACH ROW EXECUTE PROCEDURE +CREATE TRIGGER add_current_date_to_registrar BEFORE UPDATE ON registrar FOR EACH ROW EXECUTE PROCEDURE update_registrar(); -CREATE TABLE registry.registrar_whitelist ( +CREATE TABLE registrar_whitelist ( "id" SERIAL PRIMARY KEY, "registrar_id" int CHECK ("registrar_id" >= 0) NOT NULL, "addr" varchar(45) NOT NULL, unique ("registrar_id", "addr") ); -CREATE TABLE registry.registrar_contact ( +CREATE TABLE registrar_contact ( "id" SERIAL PRIMARY KEY, "registrar_id" int CHECK ("registrar_id" >= 0) NOT NULL, "type" varchar CHECK ("type" IN ( 'owner','admin','billing','tech','abuse' )) NOT NULL default 'admin', @@ -158,14 +156,14 @@ CREATE TABLE registry.registrar_contact ( unique ("registrar_id", "type") ); -CREATE TABLE registry.registrar_ote ( +CREATE TABLE registrar_ote ( "registrar_id" integer NOT NULL, "command" varchar(75) NOT NULL, "result" int NOT NULL, CONSTRAINT test UNIQUE ("registrar_id", "command", "result") ); -CREATE TABLE registry.poll ( +CREATE TABLE poll ( "id" SERIAL PRIMARY KEY, "registrar_id" int CHECK ("registrar_id" >= 0) NOT NULL, "qdate" timestamp(3) without time zone NOT NULL, @@ -185,7 +183,7 @@ CREATE TABLE registry.poll ( "availablecredit" decimal(12,2) default '0.00' ); -CREATE TABLE registry.payment_history ( +CREATE TABLE payment_history ( "id" SERIAL PRIMARY KEY, "registrar_id" int CHECK ("registrar_id" >= 0) NOT NULL, "date" timestamp(3) without time zone NOT NULL, @@ -193,7 +191,7 @@ CREATE TABLE registry.payment_history ( "amount" decimal(12,2) NOT NULL ); -CREATE TABLE registry.statement ( +CREATE TABLE statement ( "id" SERIAL PRIMARY KEY, "registrar_id" int CHECK ("registrar_id" >= 0) NOT NULL, "date" timestamp(3) without time zone NOT NULL, @@ -205,7 +203,7 @@ CREATE TABLE registry.statement ( "amount" decimal(12,2) NOT NULL ); -CREATE TABLE registry.invoices ( +CREATE TABLE invoices ( "id" SERIAL PRIMARY KEY, "registrar_id" INT, "invoice_number" varchar(25) DEFAULT NULL, @@ -219,7 +217,7 @@ CREATE TABLE registry.invoices ( "updated_at" TIMESTAMP(3) DEFAULT CURRENT_TIMESTAMP ); -CREATE TABLE registry.contact ( +CREATE TABLE contact ( "id" SERIAL PRIMARY KEY, "identifier" varchar(255) NOT NULL, "voice" varchar(17) default NULL, @@ -246,7 +244,7 @@ CREATE TABLE registry.contact ( unique ("identifier") ); -CREATE TABLE registry.contact_postalinfo ( +CREATE TABLE contact_postalinfo ( "id" SERIAL PRIMARY KEY, "contact_id" int CHECK ("contact_id" >= 0) NOT NULL, "type" varchar CHECK ("type" IN ( 'int','loc' )) NOT NULL default 'int', @@ -268,7 +266,7 @@ CREATE TABLE registry.contact_postalinfo ( unique ("contact_id", "type") ); -CREATE TABLE registry.contact_authinfo ( +CREATE TABLE contact_authinfo ( "id" SERIAL PRIMARY KEY, "contact_id" int CHECK ("contact_id" >= 0) NOT NULL, "authtype" varchar CHECK ("authtype" IN ( 'pw','ext' )) NOT NULL default 'pw', @@ -276,14 +274,14 @@ CREATE TABLE registry.contact_authinfo ( unique ("contact_id") ); -CREATE TABLE registry.contact_status ( +CREATE TABLE contact_status ( "id" SERIAL PRIMARY KEY, "contact_id" int CHECK ("contact_id" >= 0) NOT NULL, "status" varchar CHECK ("status" IN ( 'clientDeleteProhibited','clientTransferProhibited','clientUpdateProhibited','linked','ok','pendingCreate','pendingDelete','pendingTransfer','pendingUpdate','serverDeleteProhibited','serverTransferProhibited','serverUpdateProhibited' )) NOT NULL default 'ok', unique ("contact_id", "status") ); -CREATE TABLE registry.domain ( +CREATE TABLE domain ( "id" SERIAL PRIMARY KEY, "name" varchar(68) NOT NULL, "tldid" int CHECK ("tldid" >= 0) NOT NULL, @@ -331,7 +329,7 @@ CREATE TABLE registry.domain ( unique ("name") ); -CREATE TABLE registry.application ( +CREATE TABLE application ( "id" SERIAL PRIMARY KEY, "name" varchar(68) NOT NULL, "tldid" int CHECK ("tldid" >= 0) NOT NULL, @@ -365,7 +363,7 @@ CREATE TABLE registry.application ( "tm_phase" text DEFAULT 'NONE'::text NOT NULL ); -CREATE TABLE registry.domain_contact_map ( +CREATE TABLE domain_contact_map ( "id" SERIAL PRIMARY KEY, "domain_id" int CHECK ("domain_id" >= 0) NOT NULL, "contact_id" int CHECK ("contact_id" >= 0) NOT NULL, @@ -373,7 +371,7 @@ CREATE TABLE registry.domain_contact_map ( unique ("domain_id", "contact_id", "type") ); -CREATE TABLE registry.application_contact_map ( +CREATE TABLE application_contact_map ( "id" SERIAL PRIMARY KEY, "domain_id" int CHECK ("domain_id" >= 0) NOT NULL, "contact_id" int CHECK ("contact_id" >= 0) NOT NULL, @@ -381,7 +379,7 @@ CREATE TABLE registry.application_contact_map ( unique ("domain_id", "contact_id", "type") ); -CREATE TABLE registry.domain_authinfo ( +CREATE TABLE domain_authinfo ( "id" SERIAL PRIMARY KEY, "domain_id" int CHECK ("domain_id" >= 0) NOT NULL, "authtype" varchar CHECK ("authtype" IN ( 'pw','ext' )) NOT NULL default 'pw', @@ -389,21 +387,21 @@ CREATE TABLE registry.domain_authinfo ( unique ("domain_id") ); -CREATE TABLE registry.domain_status ( +CREATE TABLE domain_status ( "id" SERIAL PRIMARY KEY, "domain_id" int CHECK ("domain_id" >= 0) NOT NULL, "status" varchar CHECK ("status" IN ( 'clientDeleteProhibited','clientHold','clientRenewProhibited','clientTransferProhibited','clientUpdateProhibited','inactive','ok','pendingCreate','pendingDelete','pendingRenew','pendingTransfer','pendingUpdate','serverDeleteProhibited','serverHold','serverRenewProhibited','serverTransferProhibited','serverUpdateProhibited' )) NOT NULL default 'ok', unique ("domain_id", "status") ); -CREATE TABLE registry.application_status ( +CREATE TABLE application_status ( "id" SERIAL PRIMARY KEY, "domain_id" int CHECK ("domain_id" >= 0) NOT NULL, "status" varchar CHECK ("status" IN ( 'pendingValidation','validated','invalid','pendingAllocation','allocated','rejected','custom' )) NOT NULL default 'pendingValidation', unique ("domain_id", "status") ); -CREATE TABLE registry.secdns ( +CREATE TABLE secdns ( "id" SERIAL PRIMARY KEY, "domain_id" int CHECK ("domain_id" >= 0) NOT NULL, "maxsiglife" int CHECK ("maxsiglife" >= 0) default '604800', @@ -419,7 +417,7 @@ CREATE TABLE registry.secdns ( unique ("domain_id", "digest") ); -CREATE TABLE registry.host ( +CREATE TABLE host ( "id" SERIAL PRIMARY KEY, "name" varchar(255) NOT NULL, "domain_id" int CHECK ("domain_id" >= 0) default NULL, @@ -432,21 +430,21 @@ CREATE TABLE registry.host ( unique ("name") ); -CREATE TABLE registry.domain_host_map ( +CREATE TABLE domain_host_map ( "id" SERIAL PRIMARY KEY, "domain_id" int CHECK ("domain_id" >= 0) NOT NULL, "host_id" int CHECK ("host_id" >= 0) NOT NULL, unique ("domain_id", "host_id") ); -CREATE TABLE registry.application_host_map ( +CREATE TABLE application_host_map ( "id" SERIAL PRIMARY KEY, "domain_id" int CHECK ("domain_id" >= 0) NOT NULL, "host_id" int CHECK ("host_id" >= 0) NOT NULL, unique ("domain_id", "host_id") ); -CREATE TABLE registry.host_addr ( +CREATE TABLE host_addr ( "id" SERIAL PRIMARY KEY, "host_id" int CHECK ("host_id" >= 0) NOT NULL, "addr" varchar(45) NOT NULL, @@ -454,14 +452,14 @@ CREATE TABLE registry.host_addr ( unique ("host_id", "addr", "ip") ); -CREATE TABLE registry.host_status ( +CREATE TABLE host_status ( "id" SERIAL PRIMARY KEY, "host_id" int CHECK ("host_id" >= 0) NOT NULL, "status" varchar CHECK ("status" IN ( 'clientDeleteProhibited','clientUpdateProhibited','linked','ok','pendingCreate','pendingDelete','pendingTransfer','pendingUpdate','serverDeleteProhibited','serverUpdateProhibited' )) NOT NULL default 'ok', unique ("host_id", "status") ); -CREATE TABLE registry.domain_auto_approve_transfer ( +CREATE TABLE domain_auto_approve_transfer ( "id" SERIAL PRIMARY KEY, "name" varchar(68) NOT NULL, "registrant" int CHECK ("registrant" >= 0) default NULL, @@ -480,7 +478,7 @@ CREATE TABLE registry.domain_auto_approve_transfer ( "transfer_exdate" timestamp(3) without time zone default NULL ); -CREATE TABLE registry.contact_auto_approve_transfer ( +CREATE TABLE contact_auto_approve_transfer ( "id" SERIAL PRIMARY KEY, "identifier" varchar(255) NOT NULL, "voice" varchar(17) default NULL, @@ -506,7 +504,7 @@ CREATE TABLE registry.contact_auto_approve_transfer ( "disclose_email" varchar CHECK ("disclose_email" IN ( '0','1' )) NOT NULL default '1' ); -CREATE TABLE registry.statistics ( +CREATE TABLE statistics ( "id" SERIAL PRIMARY KEY, "date" date NOT NULL, "total_domains" int CHECK ("total_domains" >= 0) NOT NULL DEFAULT '0', @@ -518,7 +516,7 @@ CREATE TABLE registry.statistics ( unique ("date") ); -CREATE TABLE IF NOT EXISTS registry.users ( +CREATE TABLE IF NOT EXISTS users ( "id" SERIAL PRIMARY KEY CHECK ("id" >= 0), "email" VARCHAR(249) UNIQUE NOT NULL, "password" VARCHAR(255) NOT NULL, @@ -536,8 +534,8 @@ CREATE TABLE IF NOT EXISTS registry.users ( "backup_codes" TEXT ); -CREATE TABLE IF NOT EXISTS registry.users_audit ( - "user_id" SERIAL PRIMARY KEY CHECK ("user_id" >= 0), +CREATE TABLE IF NOT EXISTS users_audit ( + "user_id" INT NOT NULL, "user_event" VARCHAR(255) NOT NULL, "user_resource" VARCHAR(255) DEFAULT NULL, "user_agent" VARCHAR(255) NOT NULL, @@ -546,10 +544,10 @@ CREATE TABLE IF NOT EXISTS registry.users_audit ( "event_time" TIMESTAMP(3) NOT NULL, "user_data" JSONB DEFAULT NULL ); -CREATE INDEX idx_user_event ON registry.users_audit (user_event); -CREATE INDEX idx_user_ip ON registry.users_audit (user_ip); +CREATE INDEX idx_user_event ON users_audit (user_event); +CREATE INDEX idx_user_ip ON users_audit (user_ip); -CREATE TABLE IF NOT EXISTS registry.users_confirmations ( +CREATE TABLE IF NOT EXISTS users_confirmations ( "id" SERIAL PRIMARY KEY CHECK ("id" >= 0), "user_id" INTEGER NOT NULL CHECK ("user_id" >= 0), "email" VARCHAR(249) NOT NULL, @@ -557,36 +555,36 @@ CREATE TABLE IF NOT EXISTS registry.users_confirmations ( "token" VARCHAR(255) NOT NULL, "expires" INTEGER NOT NULL CHECK ("expires" >= 0) ); -CREATE INDEX IF NOT EXISTS "email_expires" ON registry.users_confirmations ("email", "expires"); -CREATE INDEX IF NOT EXISTS "user_id" ON registry.users_confirmations ("user_id"); +CREATE INDEX IF NOT EXISTS "email_expires" ON users_confirmations ("email", "expires"); +CREATE INDEX IF NOT EXISTS "user_id" ON users_confirmations ("user_id"); -CREATE TABLE IF NOT EXISTS registry.users_remembered ( +CREATE TABLE IF NOT EXISTS users_remembered ( "id" BIGSERIAL PRIMARY KEY CHECK ("id" >= 0), "user_id" INTEGER NOT NULL CHECK ("user_id" >= 0), "selector" VARCHAR(24) UNIQUE NOT NULL, "token" VARCHAR(255) NOT NULL, "expires" INTEGER NOT NULL CHECK ("expires" >= 0) ); -CREATE INDEX IF NOT EXISTS "user_id" ON registry.users_remembered ("user_id"); +CREATE INDEX IF NOT EXISTS "re_user_id" ON users_remembered ("user_id"); -CREATE TABLE IF NOT EXISTS registry.users_resets ( +CREATE TABLE IF NOT EXISTS users_resets ( "id" BIGSERIAL PRIMARY KEY CHECK ("id" >= 0), "user_id" INTEGER NOT NULL CHECK ("user_id" >= 0), "selector" VARCHAR(20) UNIQUE NOT NULL, "token" VARCHAR(255) NOT NULL, "expires" INTEGER NOT NULL CHECK ("expires" >= 0) ); -CREATE INDEX IF NOT EXISTS "user_expires" ON registry.users_resets ("user_id", "expires"); +CREATE INDEX IF NOT EXISTS "user_expires" ON users_resets ("user_id", "expires"); -CREATE TABLE IF NOT EXISTS registry.users_throttling ( +CREATE TABLE IF NOT EXISTS users_throttling ( "bucket" VARCHAR(44) PRIMARY KEY, "tokens" REAL NOT NULL CHECK ("tokens" >= 0), "replenished_at" INTEGER NOT NULL CHECK ("replenished_at" >= 0), "expires_at" INTEGER NOT NULL CHECK ("expires_at" >= 0) ); -CREATE INDEX IF NOT EXISTS "expires_at" ON registry.users_throttling ("expires_at"); +CREATE INDEX IF NOT EXISTS "expires_at" ON users_throttling ("expires_at"); -CREATE TABLE IF NOT EXISTS registry.users_webauthn ( +CREATE TABLE IF NOT EXISTS users_webauthn ( "id" SERIAL PRIMARY KEY, "user_id" INTEGER NOT NULL, "credential_id" BYTEA NOT NULL, @@ -598,12 +596,12 @@ CREATE TABLE IF NOT EXISTS registry.users_webauthn ( "last_used_at" TIMESTAMP(3) WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP ); -CREATE TABLE IF NOT EXISTS registry.registrar_users ( +CREATE TABLE IF NOT EXISTS registrar_users ( "registrar_id" int NOT NULL PRIMARY KEY, "user_id" int NOT NULL ); -CREATE TABLE registry.urs_actions ( +CREATE TABLE urs_actions ( "id" SERIAL PRIMARY KEY, "domain_name" VARCHAR(255) NOT NULL, "urs_provider" VARCHAR(255) NOT NULL, @@ -616,7 +614,7 @@ CREATE TYPE deposit_type_enum AS ENUM ('Full', 'Incremental', 'Differential'); CREATE TYPE status_enum AS ENUM ('Deposited', 'Retrieved', 'Failed'); CREATE TYPE verification_status_enum AS ENUM ('Verified', 'Failed', 'Pending'); -CREATE TABLE registry.rde_escrow_deposits ( +CREATE TABLE rde_escrow_deposits ( "id" SERIAL PRIMARY KEY, "deposit_id" VARCHAR(255) UNIQUE, -- Unique deposit identifier "deposit_date" DATE NOT NULL, @@ -636,7 +634,7 @@ CREATE TABLE registry.rde_escrow_deposits ( CREATE TYPE report_status_enum AS ENUM ('Pending', 'Submitted', 'Accepted', 'Rejected'); -CREATE TABLE registry.icann_reports ( +CREATE TABLE icann_reports ( "id" serial8 PRIMARY KEY, "report_date" DATE NOT NULL, "type" VARCHAR(255) NOT NULL, @@ -646,7 +644,7 @@ CREATE TABLE registry.icann_reports ( "notes" TEXT ); -CREATE TABLE registry.promotion_pricing ( +CREATE TABLE promotion_pricing ( "id" SERIAL PRIMARY KEY, "tld_id" INT CHECK ("tld_id" >= 0), "promo_name" varchar(255) NOT NULL, @@ -672,14 +670,14 @@ CREATE TABLE registry.promotion_pricing ( CREATE INDEX idx_promotion_pricing_tld_id ON promotion_pricing (tld_id); -CREATE TABLE registry.premium_domain_categories ( +CREATE TABLE premium_domain_categories ( "category_id" serial8 PRIMARY KEY, "category_name" VARCHAR(255) NOT NULL, "category_price" NUMERIC(10, 2) NOT NULL, UNIQUE (category_name) ); -CREATE TABLE registry.premium_domain_pricing ( +CREATE TABLE premium_domain_pricing ( "id" serial8 PRIMARY KEY, "domain_name" VARCHAR(255) NOT NULL, "tld_id" INT CHECK ("tld_id" >= 0) NOT NULL, @@ -690,13 +688,13 @@ CREATE TABLE registry.premium_domain_pricing ( CREATE TYPE ticket_status AS ENUM ('Open', 'In Progress', 'Resolved', 'Closed'); CREATE TYPE ticket_priority AS ENUM ('Low', 'Medium', 'High', 'Critical'); -CREATE TABLE registry.ticket_categories ( +CREATE TABLE ticket_categories ( "id" SERIAL PRIMARY KEY, "name" VARCHAR(255) NOT NULL, "description" TEXT ); -CREATE TABLE registry.support_tickets ( +CREATE TABLE support_tickets ( "id" SERIAL PRIMARY KEY, "user_id" INTEGER NOT NULL, "category_id" INTEGER NOT NULL, @@ -713,7 +711,7 @@ CREATE TABLE registry.support_tickets ( "last_updated" TIMESTAMP(3) WITHOUT TIME ZONE DEFAULT CURRENT_TIMESTAMP ); -CREATE TABLE registry.ticket_responses ( +CREATE TABLE ticket_responses ( "id" SERIAL PRIMARY KEY, "ticket_id" INTEGER NOT NULL, "responder_id" INTEGER NOT NULL, @@ -721,7 +719,7 @@ CREATE TABLE registry.ticket_responses ( "date_created" TIMESTAMP(3) WITHOUT TIME ZONE DEFAULT CURRENT_TIMESTAMP ); -CREATE TABLE registry.tmch_claims ( +CREATE TABLE tmch_claims ( "id" SERIAL PRIMARY KEY, "domain_label" VARCHAR(100) NOT NULL, "claim_key" VARCHAR(200) NOT NULL, @@ -729,42 +727,42 @@ CREATE TABLE registry.tmch_claims ( CONSTRAINT tmch_claims_unique UNIQUE (claim_key, domain_label) ); -CREATE TABLE registry.tmch_revocation ( +CREATE TABLE tmch_revocation ( "id" SERIAL PRIMARY KEY, "smd_id" VARCHAR(100) NOT NULL, "revocation_time" TIMESTAMP(3) NOT NULL, CONSTRAINT tmch_revocation_unique UNIQUE (smd_id) ); -CREATE TABLE registry.tmch_crl ( +CREATE TABLE tmch_crl ( "id" SERIAL PRIMARY KEY, "content" TEXT NOT NULL, "url" VARCHAR(255) NOT NULL, "update_timestamp" TIMESTAMP(3) NOT NULL ); -INSERT INTO registry.domain_tld VALUES('1','.TEST','/^(?!-)(?!.*--)[A-Z0-9-]{1,63}(? Date: Fri, 5 Jan 2024 22:16:00 +0200 Subject: [PATCH 24/57] Bugfix --- cp/routes/web.php | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/cp/routes/web.php b/cp/routes/web.php index 50122a7..c4dab6f 100644 --- a/cp/routes/web.php +++ b/cp/routes/web.php @@ -137,10 +137,20 @@ $app->any('/api[/{params:.*}]', function ( $args ) use ($container) { $db = config('connections'); + if (config('default') == 'mysql') { + $db_username = $db['mysql']['username']; + $db_password = $db['mysql']['password']; + $db_database = $db['mysql']['database']; + } elseif (config('default') == 'pgsql') { + $db_username = $db['pgsql']['username']; + $db_password = $db['pgsql']['password']; + $db_database = $db['pgsql']['database']; + } $config = new Config([ - 'username' => $db['mysql']['username'], - 'password' => $db['mysql']['password'], - 'database' => $db['mysql']['database'], + 'driver' => config('default'), + 'username' => $db_username, + 'password' => $db_password, + 'database' => $db_database, 'basePath' => '/api', 'middlewares' => 'customization,dbAuth,authorization,sanitation,multiTenancy', 'authorization.tableHandler' => function ($operation, $tableName) { @@ -211,9 +221,17 @@ $app->any('/log-api[/{params:.*}]', function ( $args ) use ($container) { $db = config('connections'); + if (config('default') == 'mysql') { + $db_username = $db['mysql']['username']; + $db_password = $db['mysql']['password']; + } elseif (config('default') == 'pgsql') { + $db_username = $db['pgsql']['username']; + $db_password = $db['pgsql']['password']; + } $config = new Config([ - 'username' => $db['mysql']['username'], - 'password' => $db['mysql']['password'], + 'driver' => config('default'), + 'username' => $db_username, + 'password' => $db_password, 'database' => 'registryTransaction', 'basePath' => '/log-api', 'middlewares' => 'customization,dbAuth,multiTenancy', From 12104af70fc11ad508e607d42882135f929fc15d Mon Sep 17 00:00:00 2001 From: Pinga <121483313+getpinga@users.noreply.github.com> Date: Mon, 8 Jan 2024 13:04:16 +0200 Subject: [PATCH 25/57] Full translation preparation for contacts and hosts --- .../views/admin/contacts/createContact.twig | 106 ++++++-------- .../views/admin/contacts/listContacts.twig | 18 +-- .../views/admin/contacts/updateContact.twig | 102 ++++++------- .../views/admin/contacts/viewContact.twig | 136 ++++++++---------- .../views/admin/hosts/createHost.twig | 18 +-- cp/resources/views/admin/hosts/listHosts.twig | 18 +-- .../views/admin/hosts/updateHost.twig | 18 +-- .../views/admin/hosts/updateInternalHost.twig | 18 +-- cp/resources/views/admin/hosts/viewHost.twig | 20 +-- cp/resources/views/layouts/app.twig | 6 +- cp/resources/views/partials/css-tables.twig | 40 +++--- cp/resources/views/partials/css.twig | 28 ++-- cp/resources/views/partials/footer.twig | 23 +++ 13 files changed, 231 insertions(+), 320 deletions(-) create mode 100644 cp/resources/views/partials/footer.twig diff --git a/cp/resources/views/admin/contacts/createContact.twig b/cp/resources/views/admin/contacts/createContact.twig index 5287956..9d86647 100644 --- a/cp/resources/views/admin/contacts/createContact.twig +++ b/cp/resources/views/admin/contacts/createContact.twig @@ -11,7 +11,7 @@
    - Overview + {{ __('Overview') }}

    {{ __('Create Contact') }} @@ -56,21 +56,21 @@
    -
    General & Internationalized Info
    +
    {{ __('General & Internationalized Info') }}
    - +
    {% if registrars and not registrar %}
    - +
    - +
    - +
    - +
    - +
    - +
    - +
    - + - Disclose Address in WHOIS + {{ __('Disclose Address in WHOIS') }}
    -
    Contact Details
    +
    {{ __('Contact Details') }}
    - +
    - +
    - +
    - +
    - + - Auto-generated authentication information for the contact. + {{ __('Auto-generated authentication information for the contact') }}.
    - +
    @@ -187,7 +187,7 @@
    - +
    @@ -195,15 +195,15 @@
    - +
    - +
    - +
    @@ -214,7 +214,7 @@
    @@ -222,64 +222,64 @@
    -
    -
    -
    -
      -
    • - Copyright © 2023 - Namingo. -
      • -
    -
    -
    -
    - + {% include 'partials/footer.twig' %}