From e54c1a750bf453c364ab0b3ccc72be052ac07da8 Mon Sep 17 00:00:00 2001 From: Kyle Drake Date: Thu, 20 Nov 2014 04:44:44 -0800 Subject: [PATCH] services for proxy data --- app.rb | 84 +++++++++++++++++++++++++++++++++++++++++++++ config.yml.template | 4 ++- ext/string.rb | 6 +++- models/site.rb | 8 +++++ 4 files changed, 100 insertions(+), 2 deletions(-) diff --git a/app.rb b/app.rb index 0d3bb4c0..eae2ee23 100644 --- a/app.rb +++ b/app.rb @@ -1,6 +1,8 @@ require 'base64' require 'uri' require 'net/http' +require 'zlib' +require 'rubygems/package' require './environment.rb' use Rack::Session::Cookie, key: 'neocities', @@ -1446,6 +1448,88 @@ post '/site/:username/block' do |username| end end +get '/sysops/proxy/map.txt' do + require_proxy_auth + domains = '' + Site.exclude(domain: nil). + exclude(domain: ''). + select(:username,:domain). + all. + collect do |s| + domains << "#{s.domain} #{s.username};\n" + end + content_type :text + domains +end + +get '/sysops/proxy/sslcerts.tar.gz' do + require_proxy_auth + sites = Site.ssl_sites + + nginx_config = '' + + tar = StringIO.new + + Gem::Package::TarWriter.new(tar) do |writer| + writer.mkdir 'sslcerts', 0740 + writer.mkdir 'sslcerts/certs', 0740 + + sites.each do |site| + writer.add_file "sslcerts/certs/#{site.username}.key", 0640 do |f| + f.write site.ssl_key + end + + writer.add_file "sslcerts/certs/#{site.username}.crt", 0640 do |f| + f.write site.ssl_cert + end + + nginx_config << %{ + server { + listen 443 ssl; + server_name #{site.domain} *.#{site.domain}; + ssl_certificate certs/#{site.username}.crt; + ssl_certificate_key certs/#{site.username}.key; + + location / { + proxy_http_version 1.1; + proxy_set_header Host #{site.username}.neocities.org; + proxy_pass http://127.0.0.1$request_uri; + } + } + }.unindent + end + + writer.add_file "sslcerts/sslsites.conf", 0640 do |f| + f.write nginx_config + end + end + + tar.rewind + + package = StringIO.new 'b' + package.set_encoding 'binary' + gzip = Zlib::GzipWriter.new package + gzip.write tar.read + tar.close + gzip.finish + package.rewind + + attachment + package.read +end + +class ProxyAccessViolation < StandardError; end + +def require_proxy_auth + begin + auth = request.env['HTTP_AUTHORIZATION'] + user, pass = Base64.decode64(auth.match(/Basic (.+)/)[1]).split(':') + raise ProxyAccessViolation unless pass == $config['proxy_pass'] + rescue + raise ProxyAccessViolation, "Violator: #{request.ip}" unless pass == $config['proxy_pass'] + end +end + def require_admin redirect '/' unless signed_in? && current_site.is_admin end diff --git a/config.yml.template b/config.yml.template index afb13194..b939c853 100644 --- a/config.yml.template +++ b/config.yml.template @@ -9,6 +9,7 @@ development: stripe_publishable_key: fillout stripe_api_key: fillout ip_hash_salt: "400$8$1$fc21863da5d531c1" + proxy_pass: 'somethinglongandrandom' test: database: 'postgres://neocities@127.0.0.1/neocities_test' database_pool: 1 @@ -19,4 +20,5 @@ test: sidekiq_pass: ENTER PASS HERE stripe_publishable_key: fillout stripe_api_key: fillout - ip_hash_salt: "400$8$1$fc21863da5d531c1" \ No newline at end of file + ip_hash_salt: "400$8$1$fc21863da5d531c1" + proxy_pass: 'somethinglongandrandom' \ No newline at end of file diff --git a/ext/string.rb b/ext/string.rb index 032e818b..ed56207c 100644 --- a/ext/string.rb +++ b/ext/string.rb @@ -11,4 +11,8 @@ class String self[0..length] end end -end + + def unindent + gsub /^#{scan(/^\s*/).min_by{|l|l.length}}/, "" + end +end \ No newline at end of file diff --git a/models/site.rb b/models/site.rb index f7183912..2e449d83 100644 --- a/models/site.rb +++ b/models/site.rb @@ -230,6 +230,14 @@ class Site < Sequel::Model false end + + def ssl_sites + select(:id, :username, :domain, :ssl_key, :ssl_cert). + exclude(domain: nil). + exclude(ssl_key: nil). + exclude(ssl_cert: nil). + all + end end def ip=(ip)