Add optional info page protection.

2014-06-29 17:51:00 +02:00 · 2014-06-29 17:51:00 +02:00 · 96480a5c50
commit 96480a5c50
parent db4932b9ce
7 changed files with 218 additions and 54 deletions
--- a/src/_h5ai/client/css/inc/h5ai-info.less
+++ b/src/_h5ai/client/css/inc/h5ai-info.less
@ -17,15 +17,6 @@ body#h5ai-info {
 		}
 	}

-	.build-version {
-		display: block;
-	}
-	.build-stamp {
-		display: block;
-		margin-top: 0.3em;
-		font-size: 0.6em;
-		color: #aaa;
-	}
 	.idx-file {
 		margin-top: 1em;
 		font-size: 0.6em;
@ -61,6 +52,56 @@ body#h5ai-info {
 		line-height: 1.4em;
 	}

+	#login-wrapper {
+		margin: 96px 0;
+		font-size: 14px;
+
+		#pass {
+			-moz-appearance: none;
+			-ms-appearance: none;
+			-webkit-appearance: none;
+			font-family: @font-family;
+			font-weight: @font-weight;
+			color: @col;
+			background: @col-widget-back-highlight;
+			border: @border-widget;
+			outline: none;
+			display: inline-block;
+			width: 200px;
+			height: 30px;
+			padding: 0 6px;
+			margin: 8px;
+		}
+		#login, #logout {
+			display: inline-block;
+			padding: 4px 16px;
+			margin: 8px;
+			background-color: @col-widget-back;
+			border: @border-widget;
+			cursor: pointer;
+
+			color: @col;
+			cursor: pointer;
+			text-decoration: none;
+			.transition(all 0.2s ease-in-out);
+
+			&:hover, &.hover {
+				background-color: @col-widget-back-highlight;
+				color: @col-hover;
+			}
+		}
+		#hint {
+			margin: 12px auto;
+			width: 320px;
+			color: @col;
+			font-size: 12px;
+		}
+	}
+
+	#tests-wrapper {
+		margin: 96px 0;
+	}
+
 	#tests {
 		display: inline-block;
 		list-style-type: none;
@ -69,16 +110,17 @@ body#h5ai-info {
 		padding: 0;

 		.test {
+			padding: 6px;
+
 			.label {
 				display: inline-block;
-				width: 370px;
+				width: 250px;
 			}
 			.result {
 				display: inline-block;
-				width: 70px;
+				width: 250px;
 				text-align: right;
 				font-weight: bold;
-				color: #aaa;

 				&.passed {
 					color: #5a5;
@ -91,7 +133,7 @@ body#h5ai-info {
 				margin: 4px 0 12px 12px;
 				font-size: 0.7em;
 				color: #aaa;
-				width: 370px;
+				width: 380px;
 				line-height: 1.2em;
 			}
 		}
--- a/src/_h5ai/client/js/inc/info.js
+++ b/src/_h5ai/client/js/inc/info.js
@ -1,36 +1,59 @@

 modulejs.define('info', ['$', 'config'], function ($, config) {

-	var template = '<li class="test">' +
-						'<span class="label"></span>' +
-						'<span class="result"></span>' +
-						'<div class="info"></div>' +
-					'</li>',
+	var testsTemp =
+			'<div id="tests-wrapper">' +
+				'<ul id="tests">' +
+			'</div>',
+
+		testTemp =
+			'<li class="test">' +
+				'<span class="label"></span>' +
+				'<span class="result"></span>' +
+				'<div class="info"></div>' +
+			'</li>',
+
+		loginTemp =
+			'<div id="login-wrapper">' +
+				'<input id="pass" type="text" placeholder="password"/>' +
+				'<span id="login">login</span>' +
+				'<span id="logout">logout</span>' +
+				'<div id="hint">' +
+					'The preset password is the empty string, so just hit login. ' +
+					'You might change it in the index file if you want to keep these informations private!' +
+				'</div>' +
+			'</div>',

 		setup = config.setup,
-		$tests = $("#tests"),
-
-		addTest = function (label, info, passed, result) {
-
-			$(template)
-				.find('.label')
-					.text(label)
-				.end()
-				.find('.result')
-					.addClass(passed ? 'passed' : 'failed')
-					.text(result ? result : (passed ? 'yes' : 'no'))
-				.end()
-				.find('.info')
-					.html(info)
-				.end()
-				.appendTo($tests);
-		},

 		addTests = function () {

+			var addTest = function (label, info, passed, result) {
+
+					$(testTemp)
+						.find('.label')
+							.text(label)
+						.end()
+						.find('.result')
+							.addClass(passed ? 'passed' : 'failed')
+							.text(result ? result : (passed ? 'yes' : 'no'))
+						.end()
+						.find('.info')
+							.html(info)
+						.end()
+						.appendTo('#tests');
+				};
+
+			$(testsTemp).appendTo('body');
+
+			addTest(
+				'Server software', 'Server is one of apache, lighttpd, nginx or cherokee',
+				setup.HAS_SERVER, setup.SERVER_NAME + ' ' + setup.SERVER_VERSION
+			);
+
 			addTest(
 				'PHP version', 'PHP version &gt;= ' + setup.MIN_PHP_VERSION,
-				setup.HAS_PHP_VERSION
+				setup.HAS_PHP_VERSION, setup.PHP_VERSION
 			);

 			addTest(
@ -49,8 +72,8 @@ modulejs.define('info', ['$', 'config'], function ($, config) {
 			);

 			addTest(
-				'Movie thumbs', 'Command line program <code>ffmpeg</code> or <code>avconv</code> available',
-				setup.HAS_CMD_FFMPEG || setup.HAS_CMD_AVCONV
+				'Movie thumbs', 'Command line program <code>avconv</code> or <code>ffmpeg</code> available',
+				setup.HAS_CMD_AVCONV || setup.HAS_CMD_FFMPEG
 			);

 			addTest(
@ -69,15 +92,75 @@ modulejs.define('info', ['$', 'config'], function ($, config) {
 			);

 			addTest(
-				'Folder sizes', 'Command line program <code>du</code> available',
+				'Shell du', 'Command line program <code>du</code> available',
 				setup.HAS_CMD_DU
 			);
 		},

+		addLogin = function () {
+
+			var request = function (data) {
+
+					$.ajax({
+							url: 'server/php/index.php',
+							type: 'POST',
+							dataType: 'JSON',
+							data: data
+						})
+						.always(function () {
+
+							window.location.reload();
+						});
+				},
+
+				onLogin = function () {
+
+					request({
+						'action': 'login',
+						'pass': $('#pass').val()
+					});
+				},
+
+				onLogout = function () {
+
+					request({
+						'action': 'logout'
+					});
+				},
+
+				onKeydown = function (event) {
+
+					if (event.which === 13) {
+						onLogin();
+					}
+				};
+
+			$(loginTemp).appendTo('body');
+
+			if (setup.AS_ADMIN) {
+				$('#pass').remove();
+				$('#login').remove();
+				$('#logout').on('click', onLogout);
+			} else {
+				$('#pass').on('keydown', onKeydown).focus();
+				$('#login').on('click', onLogin);
+				$('#logout').remove();
+			}
+			if (setup.HAS_CUSTOM_PASSHASH) {
+				$('#hint').remove();
+			}
+		},
+
 		init = function () {

-			$('.idx-file .value').text(setup.INDEX_HREF);
-			addTests();
+			$('<span class="idx-file">Index: <code class="value"></code></span>')
+				.appendTo('body')
+				.find('.value').text(setup.INDEX_HREF);
+
+			if (setup.AS_ADMIN) {
+				addTests();
+			}
+			addLogin();
 		};

 	init();
--- a/src/_h5ai/index.html.jade
+++ b/src/_h5ai/index.html.jade
@ -20,13 +20,6 @@ html.no-js.browser( lang="en" )

 		h1
 			a( href="{{pkg.url}}" ) {{pkg.name}}
-		span.build-version version {{pkg.version}}
-		span.build-stamp {{stamp}}
-		span.idx-file Index: 
-			code.value
-
-		h2 Server Setup
-		ul#tests

 		div#bottombar.clearfix
 			span.left
--- a/src/_h5ai/server/php/inc/class-api.php
+++ b/src/_h5ai/server/php/inc/class-api.php
@ -8,7 +8,7 @@ class Api {

 	public function __construct($app) {

-		$this->actions = array("get", "getThumbHref", "download", "upload", "delete", "rename");
+		$this->actions = array("login", "logout", "get", "getThumbHref", "download");
 		$this->app = $app;
 		$this->options = $app->get_options();
 	}
@ -24,6 +24,21 @@ class Api {
 	}


+	private function on_login() {
+
+		$pass = use_request_param("pass");
+		$_SESSION[AS_ADMIN_SESSION_KEY] = sha1($pass) === PASSHASH;
+		json_exit(array("as_admin" => $_SESSION[AS_ADMIN_SESSION_KEY]));
+	}
+
+
+	private function on_logout() {
+
+		$_SESSION[AS_ADMIN_SESSION_KEY] = false;
+		json_exit(array("as_admin" => $_SESSION[AS_ADMIN_SESSION_KEY]));
+	}
+
+
 	private function on_get() {

 		$response = array();
--- a/src/_h5ai/server/php/inc/class-app.php
+++ b/src/_h5ai/server/php/inc/class-app.php
@ -26,11 +26,21 @@ class App {

 		$consts = get_defined_constants(true);
 		$setup = $consts["user"];
-		// $setup["PHP_VERSION"] = PHP_VERSION;
-		unset($setup["APP_PATH"]);
-		unset($setup["ROOT_PATH"]);
-		unset($setup["CURRENT_PATH"]);
-		unset($setup["CACHE_PATH"]);
+
+		$setup["PHP_VERSION"] = PHP_VERSION;
+		unset($setup["AS_ADMIN_SESSION_KEY"]);
+		unset($setup["PASSHASH"]);
+
+		if (!AS_ADMIN) {
+			unset($setup["APP_PATH"]);
+			unset($setup["CACHE_PATH"]);
+			unset($setup["CURRENT_PATH"]);
+			unset($setup["PHP_VERSION"]);
+			unset($setup["ROOT_PATH"]);
+			unset($setup["SERVER_NAME"]);
+			unset($setup["SERVER_VERSION"]);
+		}
+
 		return $setup;
 	}

--- a/src/_h5ai/server/php/inc/setup.php
+++ b/src/_h5ai/server/php/inc/setup.php
@ -10,12 +10,20 @@ function setup() {

 	define("NAME", "{{pkg.name}}");
 	define("VERSION", "{{pkg.version}}");
+	define("STAMP", "{{stamp}}");

 	define("BACKEND", "PHP");
 	define("API", true);
 	define("FILE_PREFIX", "_{{pkg.name}}");


+	// ADMIN
+	session_start();
+	define("AS_ADMIN_SESSION_KEY", "__H5AI_AS_ADMIN__");
+	define("AS_ADMIN", isset($_SESSION[AS_ADMIN_SESSION_KEY]) && $_SESSION[AS_ADMIN_SESSION_KEY] === true);
+	define("HAS_CUSTOM_PASSHASH", PASSHASH !== "da39a3ee5e6b4b0d3255bfef95601890afd80709");
+
+
 	// PHP
 	define("MIN_PHP_VERSION", "5.3.0");
 	define("HAS_PHP_VERSION", version_compare(PHP_VERSION, MIN_PHP_VERSION) >= 0);
@ -38,6 +46,7 @@ function setup() {
 	}
 	define("SERVER_NAME", $server_name);
 	define("SERVER_VERSION", $server_version);
+	define("HAS_SERVER", in_array($server_name, array("apache", "lighttd", "nginx", "cherokee")));
 	define("HAS_WIN_OS", strtolower(substr(PHP_OS, 0, 3)) === "win");


--- a/src/_h5ai/server/php/index.php
+++ b/src/_h5ai/server/php/index.php
@ -1,5 +1,17 @@
 <?php

+
+
+/*********************************************************************
+  SHA1 hash of the info page password, the preset password is the
+  empty string. You might change it if you want to keep these
+  informations private.
+  Online hash generator: http://www.sha1.cz/
+*********************************************************************/
+define("PASSHASH", "da39a3ee5e6b4b0d3255bfef95601890afd80709");
+
+
+
 function normalize_path($path, $trailing_slash = false) {

 	$path = preg_replace("#\\\\+|/+#", "/", $path);