marc
/
CiviProxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added file cache restrictions and mail view

This commit is contained in:
systopia 2015-02-13 11:13:40 +01:00
parent 1c21ed90fe
commit 77b0f506fb
5 changed files with 104 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
proxy/config.php
View File

@ -8,15 +8,32 @@
+---------------------------------------------------------*/ +---------------------------------------------------------*/
// this is the primary variable that you would want to change /****************************************************************
** URLS **
****************************************************************/
$target_civicrm = 'https://crmtest.muslimehelfen.org'; $target_civicrm = 'https://crmtest.muslimehelfen.org';
$proxy_base = 'https://ssl.webpack.de/wp11230065.server-he.de'; //$proxy_base = 'https://ssl.webpack.de/wp11230065.server-he.de';
$proxy_base = 'http://localhost:8888/proxy';
// default paths, override if you want
/****************************************************************
** DEFAULT PATHS **
** **
** set to NULL to disable a feature **
****************************************************************/
// default paths, override if you want. Set to NULL to disable
$target_rest = $target_civicrm . '/sites/all/modules/civicrm/extern/rest.php'; $target_rest = $target_civicrm . '/sites/all/modules/civicrm/extern/rest.php';
$target_url = $target_civicrm . '/sites/all/modules/civicrm/extern/url.php'; $target_url = $target_civicrm . '/sites/all/modules/civicrm/extern/url.php';
$target_open = $target_civicrm . '/sites/all/modules/civicrm/extern/open.php'; $target_open = $target_civicrm . '/sites/all/modules/civicrm/extern/open.php';
$target_file = $target_civicrm . '/sites/default/files/civicrm/persist/'; $target_file = $target_civicrm . '/sites/default/files/civicrm/persist/';
$target_viewmail = $target_civicrm . '/civicrm/mailing/view';
/****************************************************************
** File Caching Options **
****************************************************************/
// API and SITE keys // API and SITE keys
$api_key_map = array(); $api_key_map = array();
@ -30,11 +47,22 @@ if (file_exists("secrets.php")) {
// define file cache options, see http://pear.php.net/manual/en/package.caching.cache-lite.cache-lite.cache-lite.php // define file cache options, see http://pear.php.net/manual/en/package.caching.cache-lite.cache-lite.cache-lite.php
$file_cache_options = array( $file_cache_options = array(
'cacheDir' => 'file_cache/', 'cacheDir' => 'file_cache/',
'lifeTime' => 3600 'lifeTime' => 86400
);
// define regex patterns that shoud NOT be accepted
$file_cache_exclude = array();
// if set, cached file must match at least one of these regex patterns
$file_cache_include = array(
//'#.+[.](png|jpe?g|gif)#i' // only media files
); );
// define the REST actions that will be allowed
/****************************************************************
** REST API OPTIONS **
****************************************************************/
$rest_allowed_actions = array( $rest_allowed_actions = array(
'MhApi' => array( 'MhApi' => array(
'getcontact' => array( 'getcontact' => array(

25
proxy/file.php
View File

@ -10,6 +10,7 @@
require_once "config.php"; require_once "config.php";
require_once "proxy.php"; require_once "proxy.php";
// see if file caching is enabled
if (!$target_file) civiproxy_http_error("Feature disabled", 405); if (!$target_file) civiproxy_http_error("Feature disabled", 405);
// basic check // basic check
@ -22,6 +23,26 @@ $parameters = civiproxy_get_parameters($valid_parameters);
// check if id specified // check if id specified
if (empty($parameters['id'])) civiproxy_http_error("Resource not found"); if (empty($parameters['id'])) civiproxy_http_error("Resource not found");
// check restrictions
if (!empty($file_cache_exclude)) {
foreach ($file_cache_exclude as $pattern) {
if (preg_match($pattern, $parameters['id'])) {
civiproxy_http_error("Invalid Resource", 403);
}
}
}
if (!empty($file_cache_include)) {
$accept_id = FALSE;
foreach ($file_cache_include as $pattern) {
if (preg_match($pattern, $parameters['id'])) {
$accept_id = TRUE;
}
}
if (!$accept_id) {
civiproxy_http_error("Invalid Resource", 403);
}
}
// load PEAR file cache // load PEAR file cache
ini_set('include_path', ini_get('include_path') . PATH_SEPARATOR . 'libs'); ini_set('include_path', ini_get('include_path') . PATH_SEPARATOR . 'libs');
if (!file_exists($file_cache_options['cacheDir'])) mkdir($file_cache_options['cacheDir']); if (!file_exists($file_cache_options['cacheDir'])) mkdir($file_cache_options['cacheDir']);
@ -36,7 +57,7 @@ $header = $file_cache->get($header_key);
$data = $file_cache->get($data_key); $data = $file_cache->get($data_key);
if ($header && $data) { if ($header && $data) {
error_log("CACHE HIT"); // error_log("CACHE HIT");
$header_lines = json_decode($header); $header_lines = json_decode($header);
foreach ($header_lines as $header_line) { foreach ($header_lines as $header_line) {
header($header_line); header($header_line);
@ -48,7 +69,7 @@ if ($header && $data) {
// if we get here, we have a cache miss => load // if we get here, we have a cache miss => load
$url = $target_file . $parameters['id']; $url = $target_file . $parameters['id'];
error_log("CACHE MISS. LOADING $url"); // error_log("CACHE MISS. LOADING $url");
$curlSession = curl_init(); $curlSession = curl_init();
curl_setopt($curlSession, CURLOPT_URL, $url); curl_setopt($curlSession, CURLOPT_URL, $url);

22
proxy/mail.php Normal file
View File

@ -0,0 +1,22 @@
<?php
/*--------------------------------------------------------+
| SYSTOPIA CiviProxy |
| a simple proxy solution for external access to CiviCRM |
| Copyright (C) 2015 SYSTOPIA |
| Author: B. Endres (endres -at- systopia.de) |
| http://www.systopia.de/ |
+---------------------------------------------------------*/
require_once "config.php";
require_once "proxy.php";
// see if mail open tracking is enabled
if (!$target_viewmail) civiproxy_http_error("Feature disabled", 405);
// basic check
civiproxy_security_check('viewmail');
// basic restraints
$valid_parameters = array( 'id' => 'int' );
$parameters = civiproxy_get_parameters($valid_parameters);
civiproxy_redirect($target_viewmail, $parameters);

1
proxy/open.php
View File

@ -13,7 +13,6 @@ require_once "proxy.php";
// see if mail open tracking is enabled // see if mail open tracking is enabled
if (!$target_open) civiproxy_http_error("Feature disabled", 405); if (!$target_open) civiproxy_http_error("Feature disabled", 405);
// basic check // basic check
civiproxy_security_check('open'); civiproxy_security_check('open');

28
proxy/proxy.php
View File

@ -50,7 +50,7 @@ function civiproxy_redirect($url_requested, $parameters) {
curl_setopt($curlSession, CURLOPT_HEADER, 1); curl_setopt($curlSession, CURLOPT_HEADER, 1);
curl_setopt($curlSession, CURLOPT_RETURNTRANSFER,1); curl_setopt($curlSession, CURLOPT_RETURNTRANSFER,1);
curl_setopt($curlSession, CURLOPT_TIMEOUT, 30); curl_setopt($curlSession, CURLOPT_TIMEOUT, 30);
curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 1); curl_setopt($curlSession, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($curlSession, CURLOPT_CAINFO, 'target.pem'); curl_setopt($curlSession, CURLOPT_CAINFO, 'target.pem');
//Send the request and store the result in an array //Send the request and store the result in an array
@ -58,7 +58,7 @@ function civiproxy_redirect($url_requested, $parameters) {
// Check that a connection was made // Check that a connection was made
if (curl_error($curlSession)){ if (curl_error($curlSession)){
print curl_error($curlSession); civiproxy_http_error(curl_error($curlSession), curl_errno($curlSession));
} else { } else {
//clean duplicate header that seems to appear on fastcgi with output buffer on some servers!! //clean duplicate header that seems to appear on fastcgi with output buffer on some servers!!
@ -93,9 +93,23 @@ function civiproxy_redirect($url_requested, $parameters) {
* so they will point to this proxy instead * so they will point to this proxy instead
*/ */
function civiproxy_mend_URLs(&$string) { function civiproxy_mend_URLs(&$string) {
// TODO: this will become more complex with the file cache global $target_rest, $target_url, $target_open, $target_file, $target_mail, $proxy_base;
global $target_civicrm, $proxy_base;
$string = preg_replace("#$target_civicrm#", $proxy_base, $string); if ($target_rest) {
$string = preg_replace("#$target_rest#", $proxy_base . '/rest.php', $string);
}
if ($target_url) {
$string = preg_replace("#$target_url#", $proxy_base . '/url.php', $string);
}
if ($target_open) {
$string = preg_replace("#$target_open#", $proxy_base . '/open.php', $string);
}
if ($target_mail) {
$string = preg_replace("#$target_mail#", $proxy_base . '/mail.php', $string);
}
if ($target_file) {
$string = preg_replace("#$target_file#", $proxy_base . '/file.php?id=', $string);
}
} }
/** /**
@ -160,6 +174,8 @@ function civiproxy_get_parameters($valid_parameters) {
* and ends processing * and ends processing
*/ */
function civiproxy_http_error($message, $code = 404) { function civiproxy_http_error($message, $code = 404) {
header("HTTP/1.1 $code $message (CiviProxy $civiproxy_version)"); global $civiproxy_version;
header("HTTP/1.1 $code $message (CiviProxy {$civiproxy_version})");
// TODO: create error msg body
exit(); exit();
} }