marc
/
CiviProxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into dev_27

This commit is contained in:
Björn Endres 2019-09-24 14:14:09 +02:00 committed by GitHub
parent 47f6f1b4b8 9b4c5f8f99
commit d4853095ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 161 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,4 +1,5 @@
secrets.php secrets.php
proxy/file_cache proxy/file_cache
proxy/config.php
debug.log debug.log
.idea .idea

8
Dockerfile Normal file
View File

@ -0,0 +1,8 @@
# You may find this Dockerfile useful in development or production
# From the CiviProxy directory
# * Build a docker image with `docker build . -t civiproxy`
# * Run a development container with `run -d -p 4050:80 -v $PWD/proxy:/var/www/html --name civiproxy civiproxy`
FROM php:7-apache
COPY proxy/ /var/www/html

10
docs/configuration.md
View File

@ -36,16 +36,24 @@ The CiviProxy server is the actual policeman that receives all requests and deci
Once you have installed your CiviProxy server you need to complete a few configuration steps. Once you have installed your CiviProxy server you need to complete a few configuration steps.
### The Config.php file ### The Config.php file
The configuration of CiviProxy is mainly controlled with one PHP file called `config.php`. You will need to locate that file in your CiviProxy scripts:
The configuration of CiviProxy is mainly controlled with one PHP file called `config.php`. Create this file by copying or renaming the `config.dist.php` file.
![List of files on your CiviProxy server](img/file%20list%20proxy.png) ![List of files on your CiviProxy server](img/file%20list%20proxy.png)
### Configuring the URL of your CiviProxy server ### Configuring the URL of your CiviProxy server
First thing you need to configure is the base URL of your CiviProxy server using the `$proxy_base` variable in the `config.php` file. As I have used a local test installation I have used `http://localhost/proxy`: First thing you need to configure is the base URL of your CiviProxy server using the `$proxy_base` variable in the `config.php` file. As I have used a local test installation I have used `http://localhost/proxy`:
```php ```php
// this should point to the base address of the CiviProxy installation // this should point to the base address of the CiviProxy installation
$proxy_base = 'http://localhost/proxy'; $proxy_base = 'http://localhost/proxy';
``` ```
!!! note
This guide assumes a Drupal7 target CiviCRM with clean URLs enabled. If this is not the case for you, you might have to adjust the URLs and/or encounter issues. If so, please report on GitHub!
### Configuring the link to the secure target CiviCRM ### Configuring the link to the secure target CiviCRM
Next thing you want to configure is what your target CiviCRM is. This is the CiviCRM installation which you want CiviProxy to police, so the one where the actual data resides and is collected from or sent to. Next thing you want to configure is what your target CiviCRM is. This is the CiviCRM installation which you want CiviProxy to police, so the one where the actual data resides and is collected from or sent to.
The assumption is that this CiviCRM resides in some kind of VPN and will accept traffic only from the CiviProxy IP address (and probably a few trusted others like home workers or support people). The assumption is that this CiviCRM resides in some kind of VPN and will accept traffic only from the CiviProxy IP address (and probably a few trusted others like home workers or support people).

6
docs/installation.md
View File

@ -49,6 +49,8 @@ Installing CiviProxy should be pretty straightforward:
* check the [Configuring CiviProxy](configuration.md) page to see how to configure the CiviProxy extension. * check the [Configuring CiviProxy](configuration.md) page to see how to configure the CiviProxy extension.
## Installing the Proxy scripts your your CiviProxy server ## Installing the Proxy scripts your your CiviProxy server
All you need to do is copy the **proxy** folder on the webspace you want to use for CiviProxy.
As described in [Configuring CiviProxy](configuration.md), you will need to make changes to the `config.php` file. You can either do those changes locally first and then move all the files to your webspace, or move all the files to your webspace first and then changes the `config.php` file there. 1. Copy the **proxy** folder on the webspace you want to use for CiviProxy
2. Create a `config.php` file using `config.dist.php` as a template.
See [Configuring CiviProxy](configuration.md) for details on what you need to include in the `config.php` file.

7
docs/requirements.md
View File

@ -4,6 +4,7 @@ There shouldn't be any requirements that any web hoster wouldn't comply with, bu
1. PHP 5.3+ 1. PHP 5.3+
2. PHP PEAR (to install on Debian/Ubunto, run `apt-get install php-pear`) 2. PHP PEAR (to install on Debian/Ubunto, run `apt-get install php-pear`)
3. Read/write permissions on your webspace 3. The `php-curl` module
4. Reasonable amount of protection, i.e. only authorised users (you) can upload/download the files 4. Read/write permissions on your webspace
5. Ideally with it's own IP address (makes configuring the VPN easier) 5. Reasonable amount of protection, i.e. only authorised users (you) can upload/download the files
6. Ideally with it's own IP address (makes configuring the VPN easier)

7
proxy/config.php → proxy/config.dist.php
View File

@ -8,6 +8,13 @@
+---------------------------------------------------------*/ +---------------------------------------------------------*/
/****************************************************************
** INSTALLATION **
** **
** 1. Make a copy of this file called config.php **
****************************************************************/
/**************************************************************** /****************************************************************
** URLS ** ** URLS **
****************************************************************/ ****************************************************************/

105
proxy/proxy.php
View File

@ -8,7 +8,7 @@
+---------------------------------------------------------*/ +---------------------------------------------------------*/
require_once "config.php"; require_once "config.php";
$civiproxy_version = '0.6.dev1'; $civiproxy_version = '0.6-dev';
/** /**
* this will redirect the request to another URL, * this will redirect the request to another URL,
@ -138,8 +138,6 @@ function civiproxy_security_check($target, $quit=TRUE) {
global $debug; global $debug;
if (!empty($debug)) { if (!empty($debug)) {
$file = fopen($debug, 'a');
// filter log data // filter log data
$log_data = $_REQUEST; $log_data = $_REQUEST;
if (isset($log_data['api_key'])) { if (isset($log_data['api_key'])) {
@ -149,15 +147,28 @@ function civiproxy_security_check($target, $quit=TRUE) {
$log_data['key'] = substr($log_data['key'], 0, 4) . '...'; $log_data['key'] = substr($log_data['key'], 0, 4) . '...';
} }
// write log record // log
fwrite($file, "REQUEST FROM " . $_SERVER['REMOTE_ADDR'] . " ON " . date('Y-m-d H:i:s') . ' -- ' . print_r($log_data ,1)); civiproxy_log("REQUEST FROM " . $_SERVER['REMOTE_ADDR'] . " ON " . date('Y-m-d H:i:s') . ' -- ' . print_r($log_data ,1));
fclose($file);
} }
// TODO: implement // TODO: implement
return TRUE; return TRUE;
} }
/**
* Log a message to the proxy log - if enabled
*
* @param $message string the log message
*/
function civiproxy_log($message) {
global $debug;
if (!empty($debug)) {
$file = fopen($debug, 'a');
fwrite($file, $message);
fclose($file);
}
}
/** /**
* extract and type check the parameters from the call params * extract and type check the parameters from the call params
@ -186,7 +197,6 @@ function civiproxy_get_parameters($valid_parameters, $request = NULL) {
$result[$name] = civiproxy_sanitise($request[$name], $type); $result[$name] = civiproxy_sanitise($request[$name], $type);
} }
} }
// process wildcard elements // process wildcard elements
if ($default_sanitation !== NULL) { if ($default_sanitation !== NULL) {
// i.e. we want the others too // i.e. we want the others too
@ -325,7 +335,7 @@ function civiproxy_get_valid_allowed_actions_key($action, $rest_allowed_actions)
$remote_addr = $_SERVER['REMOTE_ADDR']; $remote_addr = $_SERVER['REMOTE_ADDR'];
// check IP specific whitelisting if specified for this address // check IP specific whitelisting if specified for this address
if (isset($rest_allowed_actions[$remote_addr])) { if (isset($rest_allowed_actions[$remote_addr])) {
if (isset($rest_allowed_actions[$remote_addr][$action['entity']]) && isset($rest_allowed_actions[$remote_addr][$action['entity']][$action['action']])) { if (civiproxy_validate_api_entity_and_action($remote_addr, $action['entity'], $action['action'], $rest_allowed_actions)) {
$valid_key = $remote_addr; $valid_key = $remote_addr;
} else { } else {
$valid_key = 'all'; $valid_key = 'all';
@ -335,3 +345,82 @@ function civiproxy_get_valid_allowed_actions_key($action, $rest_allowed_actions)
} }
return $valid_key; return $valid_key;
} }
/**
* Function to check whether the api entity and api action are valid for the remote address.
* This function does a case insensitive comparison.
*
* @param $remote_addr
* 'all', or the remote address.
* @param $api_entity
* The api entity.
* @param $api_action
* The api action.
* @param $rest_allowed_actions
* The array with the allowed actions.
* @return bool
*/
function civiproxy_validate_api_entity_and_action($remote_addr, $api_entity, $api_action, $rest_allowed_actions) {
if (!isset($rest_allowed_actions[$remote_addr])) {
return false;
}
$api_entity = strtolower($api_entity);
$api_action = strtolower($api_action);
if (isset($rest_allowed_actions[$remote_addr][$api_entity]) && isset($rest_allowed_actions[$remote_addr][$api_entity][$api_action])) {
return true;
}
// Did not find the lower case variant.
// loop through the array
foreach($rest_allowed_actions[$remote_addr] as $allowed_entity => $allowed_actions) {
if (strtolower($allowed_entity) == $api_entity) {
foreach($allowed_actions as $allowed_action => $fields) {
if (strtolower($allowed_action) == $api_action) {
return true;
}
}
}
}
return false;
}
/**
* Function to retrieve the valid parameters of an api call
* This function does a case insensitive comparison.
*
* @param $remote_addr
* 'all', or the remote address.
* @param $api_entity
* The api entity.
* @param $api_action
* The api action.
* @param $rest_allowed_actions
* The array with the allowed actions.
* @return array()|null
**/
function civiproxy_retrieve_api_parameters($remote_addr, $api_entity, $api_action, $rest_allowed_actions) {
if (!isset($rest_allowed_actions[$remote_addr])) {
return null;
}
$api_entity = strtolower($api_entity);
$api_action = strtolower($api_action);
if (isset($rest_allowed_actions[$remote_addr][$api_entity]) && isset($rest_allowed_actions[$remote_addr][$api_entity][$api_action])) {
return $rest_allowed_actions[$remote_addr][$api_entity][$api_action];
}
// Did not find the lower case variant.
// loop through the array
foreach($rest_allowed_actions[$remote_addr] as $allowed_entity => $allowed_actions) {
if (strtolower($allowed_entity) == $api_entity) {
foreach($allowed_actions as $allowed_action => $parameters) {
if (strtolower($allowed_action) == $api_action) {
return $parameters;
}
}
}
}
return null;
}

8
proxy/rest.php
View File

@ -52,10 +52,8 @@ if (!isset($action['version']) || $action['version'] != 3) {
if (isset($rest_allowed_actions['all'])) { if (isset($rest_allowed_actions['all'])) {
// get valid key for the rest_allowed_actions // get valid key for the rest_allowed_actions
$valid_allowed_key = civiproxy_get_valid_allowed_actions_key($action, $rest_allowed_actions); $valid_allowed_key = civiproxy_get_valid_allowed_actions_key($action, $rest_allowed_actions);
$valid_parameters = civiproxy_retrieve_api_parameters($valid_allowed_key, $action['entity'], $action['action'], $rest_allowed_actions);
if (isset($rest_allowed_actions[$valid_allowed_key][$action['entity']]) && isset($rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']])) { if (!$valid_parameters) {
$valid_parameters = $rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']];
} else {
civiproxy_rest_error("Invalid entity/action."); civiproxy_rest_error("Invalid entity/action.");
} }
} else { } else {
@ -80,7 +78,7 @@ global $rest_evaluate_json_parameter;
if ($rest_evaluate_json_parameter) { if ($rest_evaluate_json_parameter) {
if (isset($_REQUEST['json'])) { if (isset($_REQUEST['json'])) {
$json_data = json_decode($_REQUEST['json'], true); $json_data = json_decode($_REQUEST['json'], true);
if (!empty($json_data)) { if (!empty($json_data) && is_array($json_data)) {
$json_parameters = civiproxy_get_parameters($valid_parameters, $json_data); $json_parameters = civiproxy_get_parameters($valid_parameters, $json_data);
$parameters['json'] = json_encode($json_parameters); $parameters['json'] = json_encode($json_parameters);
} }