zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-04-24 09:12:35 +02:00
Code Issues Projects Releases Packages Wiki Activity
neocities/app/sysops.rb

84 lines
No EOL
2 KiB
Ruby
Raw Blame History

require 'zlib'
require 'rubygems/package'
get '/sysops/proxy/map.txt' do
require_proxy_auth
domains = ''
Site.exclude(domain: nil).
exclude(domain: '').
select(:username,:domain).
all.
collect do |s|
domains << "#{s.domain} #{s.username};\n"
end
content_type :text
domains
end
get '/sysops/proxy/sslcerts.tar.gz' do
require_proxy_auth
sites = Site.ssl_sites
nginx_config = ''
tar = StringIO.new
Gem::Package::TarWriter.new(tar) do |writer|
writer.mkdir 'sslcerts', 0740
writer.mkdir 'sslcerts/certs', 0740
sites.each do |site|
writer.add_file "sslcerts/certs/#{site.username}.key", 0640 do |f|
f.write site.ssl_key
end
writer.add_file "sslcerts/certs/#{site.username}.crt", 0640 do |f|
f.write site.ssl_cert
end
nginx_config << %{
server {
listen 443 ssl;
server_name #{site.domain} *.#{site.domain};
ssl_certificate sslsites/certs/#{site.username}.crt;
ssl_certificate_key sslsites/certs/#{site.username}.key;
location / {
proxy_http_version 1.1;
proxy_set_header Host #{site.username}.neocities.org;
proxy_pass http://127.0.0.1$request_uri;
}
}
}.unindent
end
writer.add_file "sslcerts/sslsites.conf", 0640 do |f|
f.write nginx_config
end
end
tar.rewind
package = StringIO.new 'b'
package.set_encoding 'binary'
gzip = Zlib::GzipWriter.new package
gzip.write tar.read
tar.close
gzip.finish
package.rewind
attachment
package.read
end
class ProxyAccessViolation < StandardError; end
def require_proxy_auth
begin
auth = request.env['HTTP_AUTHORIZATION']
user, pass = Base64.decode64(auth.match(/Basic (.+)/)[1]).split(':')
raise ProxyAccessViolation unless pass == $config['proxy_pass']
rescue
raise ProxyAccessViolation, "Violator: #{request.ip}" unless pass == $config['proxy_pass']
end
end
Reference in a new issue View git blame Copy permalink