From 1f4cf634f2510f762bba99128b02ffceee13aec4 Mon Sep 17 00:00:00 2001 From: Norman Date: Mon, 7 Dec 2020 14:30:01 -0800 Subject: [PATCH 1/3] Created separate env variables file --- .gitignore | 1 + admin.php | 4 +--- index.php | 4 ++-- php/config.inc.php | 14 +++++++------- php/env.example.php | 16 ++++++++++++++++ 5 files changed, 27 insertions(+), 12 deletions(-) create mode 100644 .gitignore create mode 100644 php/env.example.php diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..dfb8373 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +php/env.php diff --git a/admin.php b/admin.php index f9a3403..3820873 100644 --- a/admin.php +++ b/admin.php @@ -2,8 +2,6 @@ require_once 'php/config.inc.php'; -$password = "sexworkiswork"; - define('FORMCONTENTS', '

Password:

'); @@ -30,7 +28,7 @@ if (count($ADMIN_IPS) > 0 && array_search($ip, $ADMIN_IPS) === false) { include footer; } else { if (isset($_POST) && isset($_POST['password'])) { - if ($_POST['password'] === $password) { + if ($_POST['password'] === DL_PASS) { header('Content-Type: application/octet-stream'); header("Content-Transfer-Encoding: Binary"); header("Content-disposition: attachment; filename=\"submissions.dat\""); diff --git a/index.php b/index.php index df54247..4aa3908 100755 --- a/index.php +++ b/index.php @@ -1,4 +1,4 @@ -0) { $data = json_encode($_POST); // pubkey is a base64-encoded key generated by sodium_crypto_box_keypair - $pubKey = base64_decode(file_get_contents("key.public")); + $pubKey = base64_decode(file_get_contents(PK_FILE)); // for now, data is stored by encrypting each submission individually, base64 encoding it, // and appending it as a separate line onto the end of the data file (prepending with a diff --git a/php/config.inc.php b/php/config.inc.php index a856334..0231065 100644 --- a/php/config.inc.php +++ b/php/config.inc.php @@ -1,7 +1,9 @@ Our Awesome Org - All rights reserved. Form powered by Lockbox by Open Privacy'); // restrict the (optional) admin form to these IPs -$ADMIN_IPS = array( -/* "1.2.3.501", // erinn - "9.5.1.06", // sarah - "92.102.94.l" // dan*/ -); +$ADMIN_IPS = $ips; // if you would like you disable the IP check (not recommended!) you can use this line instead: // $ADMIN_IPS = array(); // password for downloading submissions from the admin form -define('DL_PASS', ""); +define('DL_PASS', $conf_vars['LB_DL_PASS']); +// This is the path to the public key file +define(PK_FILE, $_SERVER['DOCUMENT_ROOT']."/".$conf_vars['LB_PUBKEY_FILE']); // ============ include file locations -- you shouldn't need to change below this line diff --git a/php/env.example.php b/php/env.example.php new file mode 100644 index 0000000..a73f928 --- /dev/null +++ b/php/env.example.php @@ -0,0 +1,16 @@ + '', + 'LB_FILE' => '/var/www/data/lockbox.dat', // This is the submissions file -- it should not be in your web directory!!! + 'LB_PUBKEY_FILE' => 'lockbox-web/key.public' // Public key file location relative to the website root (i.e., $_SERVER['DOCUMENT_ROOT']) +]; + +// restrict the (optional) admin form to these IPs +$ips = array( +/* "127.0.0.1", + "192.168.0.0", + "172.16.0.0" */ +); + +?> \ No newline at end of file -- 2.25.1 From fc5248d827147949b1162c5d0167b15e7e9fe26d Mon Sep 17 00:00:00 2001 From: Norman Date: Wed, 16 Dec 2020 16:14:54 -0800 Subject: [PATCH 2/3] created Dockerfile --- .DS_Store | Bin 0 -> 6148 bytes .docker/Dockerfile | 12 ++++++++++++ .gitignore | 2 +- README.md | 14 ++++++++++++-- {php => config}/env.example.php | 2 +- admin.php => lockbox/admin.php | 0 {css => lockbox/css}/custom.css | 0 {css => lockbox/css}/normalize.css | 0 {css => lockbox/css}/skeleton.css | 0 {img => lockbox/img}/logo.png | Bin index.php => lockbox/index.php | 2 +- {php => lockbox/php}/config.inc.php | 2 +- {php => lockbox/php}/footer.tpl.php | 0 {php => lockbox/php}/form.inc.php | 0 {php => lockbox/php}/header.tpl.php | 0 15 files changed, 28 insertions(+), 6 deletions(-) create mode 100644 .DS_Store create mode 100644 .docker/Dockerfile rename {php => config}/env.example.php (67%) rename admin.php => lockbox/admin.php (100%) rename {css => lockbox/css}/custom.css (100%) rename {css => lockbox/css}/normalize.css (100%) rename {css => lockbox/css}/skeleton.css (100%) rename {img => lockbox/img}/logo.png (100%) rename index.php => lockbox/index.php (99%) rename {php => lockbox/php}/config.inc.php (95%) rename {php => lockbox/php}/footer.tpl.php (100%) rename {php => lockbox/php}/form.inc.php (100%) rename {php => lockbox/php}/header.tpl.php (100%) diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..5138c564454cac9ccb73032d6c4e2ded5795a6bb GIT binary patch literal 6148 zcmeH~J!%6%427R!7lt%jx}3%b$PET#pTHLg*pS9{Adu8^^gR7ES*H$5cmnB-G%I%Z zD|S`@Z2x(A0VV(&x+``bW@gM+IOB%P*XiSaeZRl4;#J@&VrHyNnC;iLL0pQvfVyTmjO&;ssLc!1UOG})p;=82 zR;?Ceh}WZ?+UmMqI#RP8R>OzYoz15hnq@nzF`-!xQ4j$Um=RcIKKc27r2jVm&svm< zfC&6E0=7P!4tu^-ovjbA=k?dB`g+i*aXG_}p8zI)6mRKa+;6_1_R^8c3Qa!(fk8n8 H{*=HsYIhNR literal 0 HcmV?d00001 diff --git a/.docker/Dockerfile b/.docker/Dockerfile new file mode 100644 index 0000000..b4c3e57 --- /dev/null +++ b/.docker/Dockerfile @@ -0,0 +1,12 @@ +FROM php:7.4-apache + +# Set working directy at web server root +WORKDIR /var/www/html + +# Manually installs Lockbox +COPY ../lockbox/* / +COPY ../config/env.example.php ./php/env.php +COPY ../config/key.public . + +RUN mkdir /var/www/data +RUN chmod 666 /var/www/data \ No newline at end of file diff --git a/.gitignore b/.gitignore index dfb8373..f0772f0 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -php/env.php +lockbox/php/env.php diff --git a/README.md b/README.md index a58375c..2de18fb 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,13 @@ -![](./img/logo.png) +![](lockbox/img/logo.png) -This is the PHP/webserver component for Lockbox. For instructions visit [the Lockbox app's main repository](https://git.openprivacy.ca/openprivacy/lockbox). \ No newline at end of file +This is the PHP/webserver component for Lockbox. For instructions visit [the Lockbox app`s main repository](https://git.openprivacy.ca/openprivacy/lockbox). + + +## Docker Install Instructions +Right now, there is a very basic process to building and deploying a Docker image of Lockbox in a container that contains php and an instance of apache webserver. The image has been tested on linux base OS and will need to be run of a host that already has the OS installed. Future development will aim to have a more robust install. + +Note: This version of the Docker deployment is using an `env.php` file instead of environment variables due to some of the nuances with how php handles environment variables. + +The `.docker` directory contains a Dockerfile to build an image for your deployment. Do the following before building the image: +* Modify `config/env.example.php` based on any customizations +* Generate a keypair (you can use the script in the `cmd` folder (`genkeys.php.txt`, which needs to be renamed to `genkeys.php` prior to use, or use a key pair you have already generated) and place the public key in the `config` folder as `key.public` \ No newline at end of file diff --git a/php/env.example.php b/config/env.example.php similarity index 67% rename from php/env.example.php rename to config/env.example.php index a73f928..96318f7 100644 --- a/php/env.example.php +++ b/config/env.example.php @@ -3,7 +3,7 @@ $conf_vars = [ 'LB_DL_PASS' => '', 'LB_FILE' => '/var/www/data/lockbox.dat', // This is the submissions file -- it should not be in your web directory!!! - 'LB_PUBKEY_FILE' => 'lockbox-web/key.public' // Public key file location relative to the website root (i.e., $_SERVER['DOCUMENT_ROOT']) + 'LB_PUBKEY_FILE' => '/var/www/html/key.public' // Absolute parth of public key file ]; // restrict the (optional) admin form to these IPs diff --git a/admin.php b/lockbox/admin.php similarity index 100% rename from admin.php rename to lockbox/admin.php diff --git a/css/custom.css b/lockbox/css/custom.css similarity index 100% rename from css/custom.css rename to lockbox/css/custom.css diff --git a/css/normalize.css b/lockbox/css/normalize.css similarity index 100% rename from css/normalize.css rename to lockbox/css/normalize.css diff --git a/css/skeleton.css b/lockbox/css/skeleton.css similarity index 100% rename from css/skeleton.css rename to lockbox/css/skeleton.css diff --git a/img/logo.png b/lockbox/img/logo.png similarity index 100% rename from img/logo.png rename to lockbox/img/logo.png diff --git a/index.php b/lockbox/index.php similarity index 99% rename from index.php rename to lockbox/index.php index 4aa3908..d2f1188 100755 --- a/index.php +++ b/lockbox/index.php @@ -1,4 +1,4 @@ - Date: Wed, 16 Dec 2020 17:04:47 -0800 Subject: [PATCH 3/3] Fixed Dockerfile --- .docker/Dockerfile | 12 ------------ Dockerfile | 13 +++++++++++++ 2 files changed, 13 insertions(+), 12 deletions(-) delete mode 100644 .docker/Dockerfile create mode 100644 Dockerfile diff --git a/.docker/Dockerfile b/.docker/Dockerfile deleted file mode 100644 index b4c3e57..0000000 --- a/.docker/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -FROM php:7.4-apache - -# Set working directy at web server root -WORKDIR /var/www/html - -# Manually installs Lockbox -COPY ../lockbox/* / -COPY ../config/env.example.php ./php/env.php -COPY ../config/key.public . - -RUN mkdir /var/www/data -RUN chmod 666 /var/www/data \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..f2989fe --- /dev/null +++ b/Dockerfile @@ -0,0 +1,13 @@ +FROM php:7.4-apache + +# Set working directy at web server root +WORKDIR /var/www/html + +# Manually installs Lockbox +COPY ./lockbox/ . +COPY ./config/env.example.php ./php/env.php +COPY ./config/key.public . + +# Create directory to save submissions and adjust permissions +RUN mkdir /var/www/data +RUN chown -R www-data:www-data /var/www/data \ No newline at end of file -- 2.25.1