mirror of
https://github.com/serghey-rodin/vesta.git
synced 2024-12-03 19:00:24 -08:00
116 lines
3.6 KiB
Bash
Executable File
116 lines
3.6 KiB
Bash
Executable File
#!/bin/bash
|
|
# info: add password protection for web domain
|
|
# options: USER DOMAIN AUTH_USER AUTH_PASSWORD [RESTART]
|
|
#
|
|
# The call is used for securing web domain with http auth
|
|
|
|
|
|
#----------------------------------------------------------#
|
|
# Variable&Function #
|
|
#----------------------------------------------------------#
|
|
|
|
# Argument definition
|
|
user=$1
|
|
domain=$2
|
|
auth_user=$3
|
|
password=$4; HIDE=4
|
|
restart=${5-yes}
|
|
|
|
# Includes
|
|
source $VESTA/func/main.sh
|
|
source $VESTA/func/domain.sh
|
|
source $VESTA/conf/vesta.conf
|
|
|
|
# Defining htpasswd file
|
|
htaccess="$HOMEDIR/$user/conf/web/$WEB_SYSTEM.$domain.conf_htaccess"
|
|
htpasswd="$HOMEDIR/$user/conf/web/$WEB_SYSTEM.$domain.htpasswd"
|
|
shtaccess="$HOMEDIR/$user/conf/web/s$WEB_SYSTEM.$domain.conf_htaccess"
|
|
shtpasswd="$HOMEDIR/$user/conf/web/s$WEB_SYSTEM.$domain.htpasswd"
|
|
docroot="$HOMEDIR/$user/web/$domain/public_html"
|
|
|
|
|
|
#----------------------------------------------------------#
|
|
# Verifications #
|
|
#----------------------------------------------------------#
|
|
|
|
check_args '4' "$#" 'USER DOMAIN AUTH_USER AUTH_PASSWORD [RESTART]'
|
|
is_format_valid 'user' 'domain'
|
|
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
|
|
is_object_valid 'user' 'USER' "$user"
|
|
is_object_unsuspended 'user' 'USER' "$user"
|
|
is_object_valid 'web' 'DOMAIN' "$domain"
|
|
is_object_unsuspended 'web' 'DOMAIN' "$domain"
|
|
is_password_valid
|
|
get_domain_values 'web'
|
|
if [ ! -z "$(echo "$AUTH_USER" |tr : '\n' |grep ^$auth_user$)" ]; then
|
|
echo "Error: auth user $auth_user already exists"
|
|
log_event "$E_EXISTS" "$ARGUMENTS"
|
|
exit $E_EXISTS
|
|
fi
|
|
|
|
|
|
#----------------------------------------------------------#
|
|
# Action #
|
|
#----------------------------------------------------------#
|
|
|
|
# Adding htaccess password protection
|
|
if [ ! -e "$htaccess" ]; then
|
|
if [ "$WEB_SYSTEM" != 'nginx' ]; then
|
|
echo "<Directory $docroot>" > $htaccess
|
|
echo " AuthUserFile $htpasswd" >> $htaccess
|
|
echo " AuthName \"$domain access\"" >> $htaccess
|
|
echo " AuthType Basic" >> $htaccess
|
|
echo " Require valid-user" >> $htaccess
|
|
echo "</Directory>" >> $htaccess
|
|
else
|
|
echo "auth_basic \"$domain password access\";" > $htaccess
|
|
echo "auth_basic_user_file $htpasswd;" >> $htaccess
|
|
fi
|
|
restart_required='yes'
|
|
fi
|
|
|
|
# Adding httpasswd user
|
|
auth_hash=$($BIN/v-generate-password-hash htpasswd htpasswd $password)
|
|
touch $htpasswd
|
|
chmod 640 $htpasswd $htaccess
|
|
chgrp $user $htpasswd $htaccess
|
|
sed -i "/^$auth_user:/d" $htpasswd
|
|
echo "$auth_user:$auth_hash" >> $htpasswd
|
|
|
|
# Symbolic link for secure web templates
|
|
if [ ! -L $shtpasswd ]; then
|
|
ln -s $htpasswd $shtpasswd
|
|
fi
|
|
if [ ! -L $shtaccess ]; then
|
|
ln -s $htaccess $shtaccess
|
|
fi
|
|
|
|
# Restarting web server
|
|
if [ "$restart" != 'no' ] && [ "$restart_required" = 'yes' ]; then
|
|
$BIN/v-restart-web
|
|
fi
|
|
|
|
#----------------------------------------------------------#
|
|
# Vesta #
|
|
#----------------------------------------------------------#
|
|
|
|
# Preparing web.conf keys
|
|
if [ ! -z "$AUTH_USER" ]; then
|
|
auth_user="$AUTH_USER:$auth_user"
|
|
auth_hash="$AUTH_HASH:$auth_hash"
|
|
else
|
|
# Adding new key into web.conf
|
|
add_object_key "web" 'DOMAIN' "$domain" 'AUTH_USER' 'U_DISK'
|
|
add_object_key "web" 'DOMAIN' "$domain" 'AUTH_HASH' 'U_DISK'
|
|
fi
|
|
|
|
# Updating config
|
|
update_object_value 'web' 'DOMAIN' "$domain" '$AUTH_USER' "$auth_user"
|
|
update_object_value 'web' 'DOMAIN' "$domain" '$AUTH_HASH' "$auth_hash"
|
|
|
|
# Logging
|
|
log_history "added http auth user $httpauth_user on $domain"
|
|
log_event "$OK" "$ARGUMENTS"
|
|
|
|
exit
|