From 937ea492716b9251211a2a0f73f3afd1ac871505 Mon Sep 17 00:00:00 2001 From: Teromene Date: Wed, 27 Jun 2018 18:09:41 +0100 Subject: [PATCH] Add basic authentication support (#728) * Move configuration in its own class in order to reduce the verbosity of index.php * Add authentication mechanism using HTTP auth * Add a method to get the config parameters * Remove the installation checks from the index page * Log all failed authentication attempts --- config.default.ini.php | 19 +++++++- index.php | 96 ++++--------------------------------- lib/Authentication.php | 31 ++++++++++++ lib/Configuration.php | 105 +++++++++++++++++++++++++++++++++++++++++ lib/RssBridge.php | 2 + 5 files changed, 164 insertions(+), 89 deletions(-) create mode 100644 lib/Authentication.php create mode 100644 lib/Configuration.php diff --git a/config.default.ini.php b/config.default.ini.php index d27ead1..5909ad8 100644 --- a/config.default.ini.php +++ b/config.default.ini.php @@ -24,4 +24,21 @@ name = "Hidden proxy name" ; Allow users to disable proxy usage for specific requests. ; true = enabled ; false = disabled (default) -by_bridge = false \ No newline at end of file +by_bridge = false + +[authentication] + +; Enables authentication for all requests to this RSS-Bridge instance. +; +; Warning: You'll have to upgrade existing feeds after enabling this option! +; +; true = enabled +; false = disabled (default) +enable = false + +; The username for authentication. Insert this name when prompted for login. +username = "" + +; The password for authentication. Insert this password when prompted for login. +; Use a strong password to prevent others from guessing your login! +password = "" diff --git a/index.php b/index.php index bcf1dae..8cb8908 100644 --- a/index.php +++ b/index.php @@ -1,67 +1,21 @@ $section) { - foreach($section as $key => $value) { - // Skip unknown sections and keys - if(array_key_exists($header, $config) && array_key_exists($key, $config[$header])) { - $config[$header][$key] = $value; - } - } - } -} - -if(!is_string($config['proxy']['url'])) - die('Parameter [proxy] => "url" is not a valid string! Please check "config.ini.php"!'); - -if(!empty($config['proxy']['url'])) - define('PROXY_URL', $config['proxy']['url']); - -if(!is_bool($config['proxy']['by_bridge'])) - die('Parameter [proxy] => "by_bridge" is not a valid Boolean! Please check "config.ini.php"!'); - -define('PROXY_BYBRIDGE', $config['proxy']['by_bridge']); - -if(!is_string($config['proxy']['name'])) - die('Parameter [proxy] => "name" is not a valid string! Please check "config.ini.php"!'); - -define('PROXY_NAME', $config['proxy']['name']); - -if(!is_bool($config['cache']['custom_timeout'])) - die('Parameter [cache] => "custom_timeout" is not a valid Boolean! Please check "config.ini.php"!'); - -define('CUSTOM_CACHE_TIMEOUT', $config['cache']['custom_timeout']); - -// Defines the minimum required PHP version for RSS-Bridge define('PHP_VERSION_REQUIRED', '5.6.0'); -date_default_timezone_set('UTC'); -error_reporting(0); - // Specify directory for cached files (using FileCache) define('CACHE_DIR', __DIR__ . '/cache'); // Specify path for whitelist file define('WHITELIST_FILE', __DIR__ . '/whitelist.txt'); +Configuration::verifyInstallation(); +Configuration::loadConfiguration(); + +Authentication::showPromptIfNeeded(); + +date_default_timezone_set('UTC'); +error_reporting(0); /* Move the CLI arguments to the $_GET array, in order to be able to use @@ -91,40 +45,6 @@ if(file_exists('DEBUG')) { } } -require_once __DIR__ . '/lib/RssBridge.php'; - -// Check PHP version -if(version_compare(PHP_VERSION, PHP_VERSION_REQUIRED) === -1) - die('RSS-Bridge requires at least PHP version ' . PHP_VERSION_REQUIRED . '!'); - -// extensions check -if(!extension_loaded('openssl')) - die('"openssl" extension not loaded. Please check "php.ini"'); - -if(!extension_loaded('libxml')) - die('"libxml" extension not loaded. Please check "php.ini"'); - -if(!extension_loaded('mbstring')) - die('"mbstring" extension not loaded. Please check "php.ini"'); - -if(!extension_loaded('simplexml')) - die('"simplexml" extension not loaded. Please check "php.ini"'); - -if(!extension_loaded('curl')) - die('"curl" extension not loaded. Please check "php.ini"'); - -// configuration checks -if(ini_get('allow_url_fopen') !== "1") - die('"allow_url_fopen" is not set to "1". Please check "php.ini'); - -// Check cache folder permissions (write permissions required) -if(!is_writable(CACHE_DIR)) - die('RSS-Bridge does not have write permissions for ' . CACHE_DIR . '!'); - -// Check whitelist file permissions (only in DEBUG mode) -if(!file_exists(WHITELIST_FILE) && !is_writable(dirname(WHITELIST_FILE))) - die('RSS-Bridge does not have write permissions for ' . WHITELIST_FILE . '!'); - // FIXME : beta test UA spoofing, please report any blacklisting by PHP-fopen-unfriendly websites $userAgent = 'Mozilla/5.0(X11; Linux x86_64; rv:30.0)'; diff --git a/lib/Authentication.php b/lib/Authentication.php new file mode 100644 index 0000000..dc75d28 --- /dev/null +++ b/lib/Authentication.php @@ -0,0 +1,31 @@ + $section) { + foreach($section as $key => $value) { + // Skip unknown sections and keys + if(array_key_exists($header, Configuration::$config) && array_key_exists($key, Configuration::$config[$header])) { + Configuration::$config[$header][$key] = $value; + } + } + } + } + + if(!is_string(self::getConfig('proxy', 'url'))) + die('Parameter [proxy] => "url" is not a valid string! Please check "config.ini.php"!'); + + if(!empty(self::getConfig('proxy', 'url'))) + define('PROXY_URL', self::getConfig('proxy', 'url')); + + if(!is_bool(self::getConfig('proxy', 'by_bridge'))) + die('Parameter [proxy] => "by_bridge" is not a valid Boolean! Please check "config.ini.php"!'); + + define('PROXY_BYBRIDGE', self::getConfig('proxy', 'by_bridge')); + + if(!is_string(self::getConfig('proxy', 'name'))) + die('Parameter [proxy] => "name" is not a valid string! Please check "config.ini.php"!'); + + define('PROXY_NAME', self::getConfig('proxy', 'name')); + + if(!is_bool(self::getConfig('cache', 'custom_timeout'))) + die('Parameter [cache] => "custom_timeout" is not a valid Boolean! Please check "config.ini.php"!'); + + define('CUSTOM_CACHE_TIMEOUT', self::getConfig('cache', 'custom_timeout')); + + if(!is_bool(self::getConfig('authentication', 'enable'))) + die('Parameter [authentication] => "enable" is not a valid Boolean! Please check "config.ini.php"!'); + + if(!is_string(self::getConfig('authentication', 'username'))) + die('Parameter [authentication] => "username" is not a valid string! Please check "config.ini.php"!'); + + if(!is_string(self::getConfig('authentication', 'password'))) + die('Parameter [authentication] => "password" is not a valid string! Please check "config.ini.php"!'); + + } + + public static function getConfig($category, $key) { + + if(array_key_exists($category, self::$config) && array_key_exists($key, self::$config[$category])) { + return self::$config[$category][$key]; + } + + return null; + + } + +} diff --git a/lib/RssBridge.php b/lib/RssBridge.php index e2f9be3..8d0ef90 100644 --- a/lib/RssBridge.php +++ b/lib/RssBridge.php @@ -14,6 +14,8 @@ require __DIR__ . '/Bridge.php'; require __DIR__ . '/BridgeAbstract.php'; require __DIR__ . '/FeedExpander.php'; require __DIR__ . '/Cache.php'; +require __DIR__ . '/Authentication.php'; +require __DIR__ . '/Configuration.php'; require __DIR__ . '/validation.php'; require __DIR__ . '/html.php';