From 77b0f506fb5ef07545822efe825656c3807cea9a Mon Sep 17 00:00:00 2001 From: systopia Date: Fri, 13 Feb 2015 11:13:40 +0100 Subject: [PATCH] added file cache restrictions and mail view --- proxy/config.php | 46 +++++++++++++++++++++++++++++++++++++--------- proxy/file.php | 25 +++++++++++++++++++++++-- proxy/mail.php | 22 ++++++++++++++++++++++ proxy/open.php | 1 - proxy/proxy.php | 28 ++++++++++++++++++++++------ 5 files changed, 104 insertions(+), 18 deletions(-) create mode 100644 proxy/mail.php diff --git a/proxy/config.php b/proxy/config.php index 192c12e..0974888 100644 --- a/proxy/config.php +++ b/proxy/config.php @@ -8,15 +8,32 @@ +---------------------------------------------------------*/ -// this is the primary variable that you would want to change +/**************************************************************** + ** URLS ** + ****************************************************************/ $target_civicrm = 'https://crmtest.muslimehelfen.org'; -$proxy_base = 'https://ssl.webpack.de/wp11230065.server-he.de'; +//$proxy_base = 'https://ssl.webpack.de/wp11230065.server-he.de'; +$proxy_base = 'http://localhost:8888/proxy'; -// default paths, override if you want -$target_rest = $target_civicrm . '/sites/all/modules/civicrm/extern/rest.php'; -$target_url = $target_civicrm . '/sites/all/modules/civicrm/extern/url.php'; -$target_open = $target_civicrm . '/sites/all/modules/civicrm/extern/open.php'; -$target_file = $target_civicrm . '/sites/default/files/civicrm/persist/'; + +/**************************************************************** + ** DEFAULT PATHS ** + ** ** + ** set to NULL to disable a feature ** + ****************************************************************/ + +// default paths, override if you want. Set to NULL to disable +$target_rest = $target_civicrm . '/sites/all/modules/civicrm/extern/rest.php'; +$target_url = $target_civicrm . '/sites/all/modules/civicrm/extern/url.php'; +$target_open = $target_civicrm . '/sites/all/modules/civicrm/extern/open.php'; +$target_file = $target_civicrm . '/sites/default/files/civicrm/persist/'; +$target_viewmail = $target_civicrm . '/civicrm/mailing/view'; + + + +/**************************************************************** + ** File Caching Options ** + ****************************************************************/ // API and SITE keys $api_key_map = array(); @@ -30,11 +47,22 @@ if (file_exists("secrets.php")) { // define file cache options, see http://pear.php.net/manual/en/package.caching.cache-lite.cache-lite.cache-lite.php $file_cache_options = array( 'cacheDir' => 'file_cache/', - 'lifeTime' => 3600 + 'lifeTime' => 86400 ); +// define regex patterns that shoud NOT be accepted +$file_cache_exclude = array(); -// define the REST actions that will be allowed +// if set, cached file must match at least one of these regex patterns +$file_cache_include = array( + //'#.+[.](png|jpe?g|gif)#i' // only media files + ); + + + +/**************************************************************** + ** REST API OPTIONS ** + ****************************************************************/ $rest_allowed_actions = array( 'MhApi' => array( 'getcontact' => array( diff --git a/proxy/file.php b/proxy/file.php index 5c1c6ce..9687807 100644 --- a/proxy/file.php +++ b/proxy/file.php @@ -10,6 +10,7 @@ require_once "config.php"; require_once "proxy.php"; +// see if file caching is enabled if (!$target_file) civiproxy_http_error("Feature disabled", 405); // basic check @@ -22,6 +23,26 @@ $parameters = civiproxy_get_parameters($valid_parameters); // check if id specified if (empty($parameters['id'])) civiproxy_http_error("Resource not found"); +// check restrictions +if (!empty($file_cache_exclude)) { + foreach ($file_cache_exclude as $pattern) { + if (preg_match($pattern, $parameters['id'])) { + civiproxy_http_error("Invalid Resource", 403); + } + } +} +if (!empty($file_cache_include)) { + $accept_id = FALSE; + foreach ($file_cache_include as $pattern) { + if (preg_match($pattern, $parameters['id'])) { + $accept_id = TRUE; + } + } + if (!$accept_id) { + civiproxy_http_error("Invalid Resource", 403); + } +} + // load PEAR file cache ini_set('include_path', ini_get('include_path') . PATH_SEPARATOR . 'libs'); if (!file_exists($file_cache_options['cacheDir'])) mkdir($file_cache_options['cacheDir']); @@ -36,7 +57,7 @@ $header = $file_cache->get($header_key); $data = $file_cache->get($data_key); if ($header && $data) { - error_log("CACHE HIT"); + // error_log("CACHE HIT"); $header_lines = json_decode($header); foreach ($header_lines as $header_line) { header($header_line); @@ -48,7 +69,7 @@ if ($header && $data) { // if we get here, we have a cache miss => load $url = $target_file . $parameters['id']; -error_log("CACHE MISS. LOADING $url"); +// error_log("CACHE MISS. LOADING $url"); $curlSession = curl_init(); curl_setopt($curlSession, CURLOPT_URL, $url); diff --git a/proxy/mail.php b/proxy/mail.php new file mode 100644 index 0000000..f29265c --- /dev/null +++ b/proxy/mail.php @@ -0,0 +1,22 @@ + 'int' ); +$parameters = civiproxy_get_parameters($valid_parameters); +civiproxy_redirect($target_viewmail, $parameters); diff --git a/proxy/open.php b/proxy/open.php index 9ed172a..3ef671a 100644 --- a/proxy/open.php +++ b/proxy/open.php @@ -13,7 +13,6 @@ require_once "proxy.php"; // see if mail open tracking is enabled if (!$target_open) civiproxy_http_error("Feature disabled", 405); - // basic check civiproxy_security_check('open'); diff --git a/proxy/proxy.php b/proxy/proxy.php index 100e509..4461681 100644 --- a/proxy/proxy.php +++ b/proxy/proxy.php @@ -50,7 +50,7 @@ function civiproxy_redirect($url_requested, $parameters) { curl_setopt($curlSession, CURLOPT_HEADER, 1); curl_setopt($curlSession, CURLOPT_RETURNTRANSFER,1); curl_setopt($curlSession, CURLOPT_TIMEOUT, 30); - curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 1); + curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($curlSession, CURLOPT_CAINFO, 'target.pem'); //Send the request and store the result in an array @@ -58,7 +58,7 @@ function civiproxy_redirect($url_requested, $parameters) { // Check that a connection was made if (curl_error($curlSession)){ - print curl_error($curlSession); + civiproxy_http_error(curl_error($curlSession), curl_errno($curlSession)); } else { //clean duplicate header that seems to appear on fastcgi with output buffer on some servers!! @@ -93,9 +93,23 @@ function civiproxy_redirect($url_requested, $parameters) { * so they will point to this proxy instead */ function civiproxy_mend_URLs(&$string) { - // TODO: this will become more complex with the file cache - global $target_civicrm, $proxy_base; - $string = preg_replace("#$target_civicrm#", $proxy_base, $string); + global $target_rest, $target_url, $target_open, $target_file, $target_mail, $proxy_base; + + if ($target_rest) { + $string = preg_replace("#$target_rest#", $proxy_base . '/rest.php', $string); + } + if ($target_url) { + $string = preg_replace("#$target_url#", $proxy_base . '/url.php', $string); + } + if ($target_open) { + $string = preg_replace("#$target_open#", $proxy_base . '/open.php', $string); + } + if ($target_mail) { + $string = preg_replace("#$target_mail#", $proxy_base . '/mail.php', $string); + } + if ($target_file) { + $string = preg_replace("#$target_file#", $proxy_base . '/file.php?id=', $string); + } } /** @@ -160,6 +174,8 @@ function civiproxy_get_parameters($valid_parameters) { * and ends processing */ function civiproxy_http_error($message, $code = 404) { - header("HTTP/1.1 $code $message (CiviProxy $civiproxy_version)"); + global $civiproxy_version; + header("HTTP/1.1 $code $message (CiviProxy {$civiproxy_version})"); + // TODO: create error msg body exit(); }