Compare commits

...

7 Commits
master ... main

15 changed files with 53 additions and 16 deletions
Split View
  1. +2
    -0
      .gitignore
  2. +13
    -0
      Dockerfile
  3. +12
    -2
      README.md
  4. +1
    -3
      cmd/decrypt.php.txt
  5. +16
    -0
      config/env.example.php
  6. +1
    -3
      lockbox/admin.php
  7. +0
    -0
      lockbox/css/custom.css
  8. +0
    -0
      lockbox/css/normalize.css
  9. +0
    -0
      lockbox/css/skeleton.css
  10. +0
    -0
      lockbox/img/logo.png
  11. +1
    -1
      lockbox/index.php
  12. +7
    -7
      lockbox/php/config.inc.php
  13. +0
    -0
      lockbox/php/footer.tpl.php
  14. +0
    -0
      lockbox/php/form.inc.php
  15. +0
    -0
      lockbox/php/header.tpl.php

+ 2
- 0
.gitignore View File

@@ -0,0 +1,2 @@
lockbox/php/env.php
.DS_Store

+ 13
- 0
Dockerfile View File

@@ -0,0 +1,13 @@
FROM php:7.4-apache

# Set working directy at web server root
WORKDIR /var/www/html

# Manually installs Lockbox
COPY ./lockbox/ .
COPY ./config/env.example.php ./php/env.php
COPY ./config/key.public .

# Create directory to save submissions and adjust permissions
RUN mkdir /var/www/data
RUN chown -R www-data:www-data /var/www/data

+ 12
- 2
README.md View File

@@ -1,3 +1,13 @@
![](./img/logo.png)
![](lockbox/img/logo.png)

This is the PHP/webserver component for Lockbox. For instructions visit [the Lockbox app's main repository](https://git.openprivacy.ca/openprivacy/lockbox).
This is the PHP/webserver component for Lockbox. For instructions visit [the Lockbox app`s main repository](https://git.openprivacy.ca/openprivacy/lockbox).


## Docker Install Instructions
Right now, there is a very basic process to building and deploying a Docker image of Lockbox in a container that contains php and an instance of apache webserver. The image has been tested on linux base OS and will need to be run of a host that already has the OS installed. Future development will aim to have a more robust install.

Note: This version of the Docker deployment is using an `env.php` file instead of environment variables due to some of the nuances with how php handles environment variables.

The `.docker` directory contains a Dockerfile to build an image for your deployment. Do the following before building the image:
* Modify `config/env.example.php` based on any customizations
* Generate a keypair (you can use the script in the `cmd` folder (`genkeys.php.txt`, which needs to be renamed to `genkeys.php` prior to use, or use a key pair you have already generated) and place the public key in the `config` folder as `key.public`

+ 1
- 3
cmd/decrypt.php.txt View File

@@ -1,7 +1,5 @@
<?php

require_once 'config.inc.php';

// Load private key
$privKey = base64_decode(file_get_contents("key.private"));
$pubKey = base64_decode(file_get_contents("key.public"));
@@ -18,7 +16,7 @@ foreach ($encrypted_submissions as $encrypted) {
$decryptedData = sodium_crypto_box_seal_open(base64_decode($parts[1]), $keypair);

// Parse exported variable
eval('$vars = '.$decryptedData.';');
$vars = json_decode($decryptedData, true);

// Print :)
foreach ($vars as $k => $v){


+ 16
- 0
config/env.example.php View File

@@ -0,0 +1,16 @@
<?php

$conf_vars = [
'LB_DL_PASS' => '',
'LB_FILE' => '/var/www/data/lockbox.dat', // This is the submissions file -- it should not be in your web directory!!!
'LB_PUBKEY_FILE' => '/var/www/html/key.public' // Absolute parth of public key file
];

// restrict the (optional) admin form to these IPs
$ips = array(
/* "127.0.0.1",
"192.168.0.0",
"172.16.0.0" */
);

?>

admin.php → lockbox/admin.php View File

@@ -2,8 +2,6 @@

require_once 'php/config.inc.php';

$password = "sexworkiswork";

define('FORMCONTENTS', '<form method="post">
<p>Password: <input type="password" name="password"> <input type="submit" class="button-primary" value="Download encrypted submissions"></p>
</form>');
@@ -30,7 +28,7 @@ if (count($ADMIN_IPS) > 0 && array_search($ip, $ADMIN_IPS) === false) {
include footer;
} else {
if (isset($_POST) && isset($_POST['password'])) {
if ($_POST['password'] === $password) {
if ($_POST['password'] === DL_PASS) {
header('Content-Type: application/octet-stream');
header("Content-Transfer-Encoding: Binary");
header("Content-disposition: attachment; filename=\"submissions.dat\"");

css/custom.css → lockbox/css/custom.css View File


css/normalize.css → lockbox/css/normalize.css View File


css/skeleton.css → lockbox/css/skeleton.css View File


img/logo.png → lockbox/img/logo.png View File


index.php → lockbox/index.php View File

@@ -15,7 +15,7 @@ if (isset($_POST) && count($_POST)>0) {
$data = json_encode($_POST);

// pubkey is a base64-encoded key generated by sodium_crypto_box_keypair
$pubKey = base64_decode(file_get_contents("key.public"));
$pubKey = base64_decode(file_get_contents(PK_FILE));

// for now, data is stored by encrypting each submission individually, base64 encoding it,
// and appending it as a separate line onto the end of the data file (prepending with a

php/config.inc.php → lockbox/php/config.inc.php View File

@@ -1,7 +1,9 @@
<?php

require_once 'env.php';

// This is the submissions file -- it should not be in your web directory!!!
define('FILE', '/var/www/data/lockbox.dat');
define('FILE', $conf_vars['LB_FILE']);

// Page/form title
define('MSG_TITLE', 'Lockbox by Open Privacy');
@@ -22,18 +24,16 @@ define('MSG_FAIL', '
define('MSG_FOOTER', '&copy;2020 <a href="https://openprivacy.ca/" target="_blank">Our Awesome Org</a> - All rights reserved. Form powered by <a href="https://git.openprivacy.ca/openprivacy/lockbox" target="_blank">Lockbox</a> by <a href="https://openprivacy.ca" target="_blank">Open Privacy</a>');

// restrict the (optional) admin form to these IPs
$ADMIN_IPS = array(
/* "1.2.3.501", // erinn
"9.5.1.06", // sarah
"92.102.94.l" // dan*/
);
$ADMIN_IPS = $ips;

// if you would like you disable the IP check (not recommended!) you can use this line instead:
// $ADMIN_IPS = array();

// password for downloading submissions from the admin form
define('DL_PASS', "");
define('DL_PASS', $conf_vars['LB_DL_PASS']);

// This is the path to the public key file
define('PK_FILE', $conf_vars['LB_PUBKEY_FILE']);

// ============ include file locations -- you shouldn't need to change below this line


php/footer.tpl.php → lockbox/php/footer.tpl.php View File


php/form.inc.php → lockbox/php/form.inc.php View File


php/header.tpl.php → lockbox/php/header.tpl.php View File


Loading…
Cancel
Save