Merge branch 'master' into dev_27
This commit is contained in:
Björn Endres
GitHub
commit
d4853095ce
|
|
@ -1,4 +1,5 @@
|
|||
secrets.php
|
||||
proxy/file_cache
|
||||
proxy/config.php
|
||||
debug.log
|
||||
.idea
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
# You may find this Dockerfile useful in development or production
|
||||
# From the CiviProxy directory
|
||||
# * Build a docker image with `docker build . -t civiproxy`
|
||||
# * Run a development container with `run -d -p 4050:80 -v $PWD/proxy:/var/www/html --name civiproxy civiproxy`
|
||||
|
||||
FROM php:7-apache
|
||||
|
||||
COPY proxy/ /var/www/html
|
||||
|
|
@ -36,16 +36,24 @@ The CiviProxy server is the actual policeman that receives all requests and deci
|
|||
|
||||
Once you have installed your CiviProxy server you need to complete a few configuration steps.
|
||||
### The Config.php file
|
||||
The configuration of CiviProxy is mainly controlled with one PHP file called `config.php`. You will need to locate that file in your CiviProxy scripts:
|
||||
|
||||
The configuration of CiviProxy is mainly controlled with one PHP file called `config.php`. Create this file by copying or renaming the `config.dist.php` file.
|
||||
|
||||
|
||||
|
||||
### Configuring the URL of your CiviProxy server
|
||||
|
||||
First thing you need to configure is the base URL of your CiviProxy server using the `$proxy_base` variable in the `config.php` file. As I have used a local test installation I have used `http://localhost/proxy`:
|
||||
```php
|
||||
// this should point to the base address of the CiviProxy installation
|
||||
$proxy_base = 'http://localhost/proxy';
|
||||
```
|
||||
|
||||
!!! note
|
||||
This guide assumes a Drupal7 target CiviCRM with clean URLs enabled. If this is not the case for you, you might have to adjust the URLs and/or encounter issues. If so, please report on GitHub!
|
||||
|
||||
### Configuring the link to the secure target CiviCRM
|
||||
|
||||
Next thing you want to configure is what your target CiviCRM is. This is the CiviCRM installation which you want CiviProxy to police, so the one where the actual data resides and is collected from or sent to.
|
||||
|
||||
The assumption is that this CiviCRM resides in some kind of VPN and will accept traffic only from the CiviProxy IP address (and probably a few trusted others like home workers or support people).
|
||||
|
|
|
|||
|
|
@ -49,6 +49,8 @@ Installing CiviProxy should be pretty straightforward:
|
|||
* check the [Configuring CiviProxy](configuration.md) page to see how to configure the CiviProxy extension.
|
||||
|
||||
## Installing the Proxy scripts your your CiviProxy server
|
||||
All you need to do is copy the **proxy** folder on the webspace you want to use for CiviProxy.
|
||||
|
||||
As described in [Configuring CiviProxy](configuration.md), you will need to make changes to the `config.php` file. You can either do those changes locally first and then move all the files to your webspace, or move all the files to your webspace first and then changes the `config.php` file there.
|
||||
1. Copy the **proxy** folder on the webspace you want to use for CiviProxy
|
||||
2. Create a `config.php` file using `config.dist.php` as a template.
|
||||
|
||||
See [Configuring CiviProxy](configuration.md) for details on what you need to include in the `config.php` file.
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ There shouldn't be any requirements that any web hoster wouldn't comply with, bu
|
|||
|
||||
1. PHP 5.3+
|
||||
2. PHP PEAR (to install on Debian/Ubunto, run `apt-get install php-pear`)
|
||||
3. Read/write permissions on your webspace
|
||||
4. Reasonable amount of protection, i.e. only authorised users (you) can upload/download the files
|
||||
5. Ideally with it's own IP address (makes configuring the VPN easier)
|
||||
3. The `php-curl` module
|
||||
4. Read/write permissions on your webspace
|
||||
5. Reasonable amount of protection, i.e. only authorised users (you) can upload/download the files
|
||||
6. Ideally with it's own IP address (makes configuring the VPN easier)
|
||||
|
|
|
|||
|
|
@ -8,6 +8,13 @@
|
|||
+---------------------------------------------------------*/
|
||||
|
||||
|
||||
/****************************************************************
|
||||
** INSTALLATION **
|
||||
** **
|
||||
** 1. Make a copy of this file called config.php **
|
||||
****************************************************************/
|
||||
|
||||
|
||||
/****************************************************************
|
||||
** URLS **
|
||||
****************************************************************/
|
||||
105
proxy/proxy.php
105
proxy/proxy.php
|
|
@ -8,7 +8,7 @@
|
|||
+---------------------------------------------------------*/
|
||||
|
||||
require_once "config.php";
|
||||
$civiproxy_version = '0.6.dev1';
|
||||
$civiproxy_version = '0.6-dev';
|
||||
|
||||
/**
|
||||
* this will redirect the request to another URL,
|
||||
|
|
@ -138,8 +138,6 @@ function civiproxy_security_check($target, $quit=TRUE) {
|
|||
|
||||
global $debug;
|
||||
if (!empty($debug)) {
|
||||
$file = fopen($debug, 'a');
|
||||
|
||||
// filter log data
|
||||
$log_data = $_REQUEST;
|
||||
if (isset($log_data['api_key'])) {
|
||||
|
|
@ -149,15 +147,28 @@ function civiproxy_security_check($target, $quit=TRUE) {
|
|||
$log_data['key'] = substr($log_data['key'], 0, 4) . '...';
|
||||
}
|
||||
|
||||
// write log record
|
||||
fwrite($file, "REQUEST FROM " . $_SERVER['REMOTE_ADDR'] . " ON " . date('Y-m-d H:i:s') . ' -- ' . print_r($log_data ,1));
|
||||
fclose($file);
|
||||
// log
|
||||
civiproxy_log("REQUEST FROM " . $_SERVER['REMOTE_ADDR'] . " ON " . date('Y-m-d H:i:s') . ' -- ' . print_r($log_data ,1));
|
||||
}
|
||||
|
||||
// TODO: implement
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
/**
|
||||
* Log a message to the proxy log - if enabled
|
||||
*
|
||||
* @param $message string the log message
|
||||
*/
|
||||
function civiproxy_log($message) {
|
||||
global $debug;
|
||||
if (!empty($debug)) {
|
||||
$file = fopen($debug, 'a');
|
||||
fwrite($file, $message);
|
||||
fclose($file);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* extract and type check the parameters from the call params
|
||||
|
|
@ -186,7 +197,6 @@ function civiproxy_get_parameters($valid_parameters, $request = NULL) {
|
|||
$result[$name] = civiproxy_sanitise($request[$name], $type);
|
||||
}
|
||||
}
|
||||
|
||||
// process wildcard elements
|
||||
if ($default_sanitation !== NULL) {
|
||||
// i.e. we want the others too
|
||||
|
|
@ -325,7 +335,7 @@ function civiproxy_get_valid_allowed_actions_key($action, $rest_allowed_actions)
|
|||
$remote_addr = $_SERVER['REMOTE_ADDR'];
|
||||
// check IP specific whitelisting if specified for this address
|
||||
if (isset($rest_allowed_actions[$remote_addr])) {
|
||||
if (isset($rest_allowed_actions[$remote_addr][$action['entity']]) && isset($rest_allowed_actions[$remote_addr][$action['entity']][$action['action']])) {
|
||||
if (civiproxy_validate_api_entity_and_action($remote_addr, $action['entity'], $action['action'], $rest_allowed_actions)) {
|
||||
$valid_key = $remote_addr;
|
||||
} else {
|
||||
$valid_key = 'all';
|
||||
|
|
@ -335,3 +345,82 @@ function civiproxy_get_valid_allowed_actions_key($action, $rest_allowed_actions)
|
|||
}
|
||||
return $valid_key;
|
||||
}
|
||||
|
||||
/**
|
||||
* Function to check whether the api entity and api action are valid for the remote address.
|
||||
* This function does a case insensitive comparison.
|
||||
*
|
||||
* @param $remote_addr
|
||||
* 'all', or the remote address.
|
||||
* @param $api_entity
|
||||
* The api entity.
|
||||
* @param $api_action
|
||||
* The api action.
|
||||
* @param $rest_allowed_actions
|
||||
* The array with the allowed actions.
|
||||
* @return bool
|
||||
*/
|
||||
function civiproxy_validate_api_entity_and_action($remote_addr, $api_entity, $api_action, $rest_allowed_actions) {
|
||||
if (!isset($rest_allowed_actions[$remote_addr])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$api_entity = strtolower($api_entity);
|
||||
$api_action = strtolower($api_action);
|
||||
if (isset($rest_allowed_actions[$remote_addr][$api_entity]) && isset($rest_allowed_actions[$remote_addr][$api_entity][$api_action])) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Did not find the lower case variant.
|
||||
// loop through the array
|
||||
foreach($rest_allowed_actions[$remote_addr] as $allowed_entity => $allowed_actions) {
|
||||
if (strtolower($allowed_entity) == $api_entity) {
|
||||
foreach($allowed_actions as $allowed_action => $fields) {
|
||||
if (strtolower($allowed_action) == $api_action) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Function to retrieve the valid parameters of an api call
|
||||
* This function does a case insensitive comparison.
|
||||
*
|
||||
* @param $remote_addr
|
||||
* 'all', or the remote address.
|
||||
* @param $api_entity
|
||||
* The api entity.
|
||||
* @param $api_action
|
||||
* The api action.
|
||||
* @param $rest_allowed_actions
|
||||
* The array with the allowed actions.
|
||||
* @return array()|null
|
||||
**/
|
||||
function civiproxy_retrieve_api_parameters($remote_addr, $api_entity, $api_action, $rest_allowed_actions) {
|
||||
if (!isset($rest_allowed_actions[$remote_addr])) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$api_entity = strtolower($api_entity);
|
||||
$api_action = strtolower($api_action);
|
||||
if (isset($rest_allowed_actions[$remote_addr][$api_entity]) && isset($rest_allowed_actions[$remote_addr][$api_entity][$api_action])) {
|
||||
return $rest_allowed_actions[$remote_addr][$api_entity][$api_action];
|
||||
}
|
||||
|
||||
// Did not find the lower case variant.
|
||||
// loop through the array
|
||||
foreach($rest_allowed_actions[$remote_addr] as $allowed_entity => $allowed_actions) {
|
||||
if (strtolower($allowed_entity) == $api_entity) {
|
||||
foreach($allowed_actions as $allowed_action => $parameters) {
|
||||
if (strtolower($allowed_action) == $api_action) {
|
||||
return $parameters;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -52,10 +52,8 @@ if (!isset($action['version']) || $action['version'] != 3) {
|
|||
if (isset($rest_allowed_actions['all'])) {
|
||||
// get valid key for the rest_allowed_actions
|
||||
$valid_allowed_key = civiproxy_get_valid_allowed_actions_key($action, $rest_allowed_actions);
|
||||
|
||||
if (isset($rest_allowed_actions[$valid_allowed_key][$action['entity']]) && isset($rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']])) {
|
||||
$valid_parameters = $rest_allowed_actions[$valid_allowed_key][$action['entity']][$action['action']];
|
||||
} else {
|
||||
$valid_parameters = civiproxy_retrieve_api_parameters($valid_allowed_key, $action['entity'], $action['action'], $rest_allowed_actions);
|
||||
if (!$valid_parameters) {
|
||||
civiproxy_rest_error("Invalid entity/action.");
|
||||
}
|
||||
} else {
|
||||
|
|
@ -80,7 +78,7 @@ global $rest_evaluate_json_parameter;
|
|||
if ($rest_evaluate_json_parameter) {
|
||||
if (isset($_REQUEST['json'])) {
|
||||
$json_data = json_decode($_REQUEST['json'], true);
|
||||
if (!empty($json_data)) {
|
||||
if (!empty($json_data) && is_array($json_data)) {
|
||||
$json_parameters = civiproxy_get_parameters($valid_parameters, $json_data);
|
||||
$parameters['json'] = json_encode($json_parameters);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue