[Ejabberd] More fixes for Ejabberd integration (WIP)

2021-02-12 10:04:19 +01:00
parent 2bac898a15
commit f2453e316f
7 changed files with 118 additions and 35 deletions
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -443,7 +443,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
          }
          $domain				= idn_to_ascii(strtolower(trim($_data['domain'])), 0, INTL_IDNA_VARIANT_UTS46);
          $description  = $_data['description'];
-          $xmpp_prefix  = $_data['xmpp_prefix'];
+          $xmpp_prefix = preg_replace('/[^\da-z-]/i', '', $_data['xmpp_prefix']);
          if (empty($description)) {
            $description = $domain;
          }
@@ -2115,6 +2115,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                );
                continue;
              }
+              $xmpp_prefix = preg_replace('/[^\da-z-]/i', '', $xmpp_prefix);
              $stmt = $pdo->prepare("UPDATE `domain` SET
              `description` = :description,
              `gal` = :gal,
@@ -2167,6 +2168,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
                );
                continue;
              }
+              $xmpp_prefix = preg_replace('/[^\da-z-]/i', '', $xmpp_prefix);
              // todo: should be using api here
              $stmt = $pdo->prepare("SELECT
                  COUNT(*) AS count,
--- a/data/web/inc/functions.xmpp.inc.php
+++ b/data/web/inc/functions.xmpp.inc.php
@@ -128,55 +128,104 @@ function xmpp_rebuild_configs() {

    touch('/ejabberd/ejabberd_hosts.yml');
    touch('/ejabberd/ejabberd_acl.yml');
+    touch('/etc/nginx/conf.d/ejabberd.conf');
    $ejabberd_hosts_md5 = md5_file('/ejabberd/ejabberd_hosts.yml');
    $ejabberd_acl_md5 = md5_file('/ejabberd/ejabberd_acl.yml');
+    $ejabberd_site_md5 = md5_file('/etc/nginx/conf.d/ejabberd.conf');

    if (!empty($xmpp_domains)) {
      // Handle hosts file
-      $map_handle = fopen('/ejabberd/ejabberd_hosts.yml', 'w');
-      if (!$map_handle) {
+      $hosts_handle = fopen('/ejabberd/ejabberd_hosts.yml', 'w');
+      if (!$hosts_handle) {
        throw new Exception($lang['danger']['file_open_error']);
      }
-      fwrite($map_handle, '# Autogenerated by mailcow' . PHP_EOL);
-      fwrite($map_handle, 'hosts:' . PHP_EOL);
+      fwrite($hosts_handle, '# Autogenerated by mailcow' . PHP_EOL);
+      fwrite($hosts_handle, 'hosts:' . PHP_EOL);
      foreach ($xmpp_domains as $domain => $domain_values) {
-        fwrite($map_handle, '  - ' . $xmpp_domains[$domain]['xmpp_host'] . PHP_EOL);
+        fwrite($hosts_handle, '  - ' . $xmpp_domains[$domain]['xmpp_host'] . PHP_EOL);
      }
-      fclose($map_handle);
+      fclose($hosts_handle);

      // Handle ACL file
-      $map_handle = fopen('/ejabberd/ejabberd_acl.yml', 'w');
-      if (!$map_handle) {
+      $acl_handle = fopen('/ejabberd/ejabberd_acl.yml', 'w');
+      if (!$acl_handle) {
        throw new Exception($lang['danger']['file_open_error']);
      }
-      fwrite($map_handle, '# Autogenerated by mailcow' . PHP_EOL);
-      fwrite($map_handle, 'append_host_config:' . PHP_EOL);
+      fwrite($acl_handle, '# Autogenerated by mailcow' . PHP_EOL);
+      fwrite($acl_handle, 'append_host_config:' . PHP_EOL);
      foreach ($xmpp_domains as $domain => $domain_values) {
-        fwrite($map_handle, '  ' . $xmpp_domains[$domain]['xmpp_host'] . ':' . PHP_EOL);
-        fwrite($map_handle, '    acl:' . PHP_EOL);
-        fwrite($map_handle, '      admin:' . PHP_EOL);
-        fwrite($map_handle, '        user:' . PHP_EOL);
+        fwrite($acl_handle, '  ' . $xmpp_domains[$domain]['xmpp_host'] . ':' . PHP_EOL);
+        fwrite($acl_handle, '    acl:' . PHP_EOL);
+        fwrite($acl_handle, '      admin:' . PHP_EOL);
+        fwrite($acl_handle, '        user:' . PHP_EOL);
        foreach ($xmpp_domains[$domain]['xmpp_admins'] as $xmpp_admin) {
-          fwrite($map_handle, '          - ' . $xmpp_admin . PHP_EOL);
+          fwrite($acl_handle, '          - ' . $xmpp_admin . PHP_EOL);
        }
      }
-      fclose($map_handle);
+      fclose($acl_handle);
+
+      // Handle Nginx site
+      $site_handle = @fopen('/etc/nginx/conf.d/ejabberd.conf', 'r+');
+      if ($site_handle !== false) {
+        ftruncate($site_handle, 0);
+        fclose($site_handle);
+      }
+      $site_handle = fopen('/etc/nginx/conf.d/ejabberd.conf', 'w');
+      if (!$site_handle) {
+        throw new Exception($lang['danger']['file_open_error']);
+      }
+      fwrite($site_handle, '# Autogenerated by mailcow' . PHP_EOL);
+      foreach ($xmpp_domains as $domain => $domain_values) {
+        $site_config = <<<EOF
+server {
+  root /web;
+
+  listen 80;
+  listen [::]:80;
+
+  server_name *.%s %s;
+
+  if (\$request_uri ~* "%%0A|%%0D") {
+    return 403;
+  }
+
+  set_real_ip_from 10.0.0.0/8;
+  set_real_ip_from 172.16.0.0/12;
+  set_real_ip_from 192.168.0.0/16;
+  set_real_ip_from fc00::/7;
+  real_ip_header X-Forwarded-For;
+  real_ip_recursive on;
+
+  location / {
+    proxy_pass http://ejabberd:5281/;
+    proxy_set_header Host \$http_host;
+    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+    proxy_set_header X-Real-IP \$remote_addr;
+    proxy_redirect off;
+  }
+}
+
+EOF;
+        fwrite($site_handle, sprintf($site_config, $xmpp_domains[$domain]['xmpp_host'], $xmpp_domains[$domain]['xmpp_host']));
+      }
+      fclose($site_handle);
    }
    else {
      // Write empty hosts file
-      $map_handle = fopen('/ejabberd/ejabberd_hosts.yml', 'w');
-      if (!$map_handle) {
+      $hosts_handle = fopen('/ejabberd/ejabberd_hosts.yml', 'w');
+      if (!$hosts_handle) {
        throw new Exception($lang['danger']['file_open_error']);
      }
-      fwrite($map_handle, '# Autogenerated by mailcow' . PHP_EOL);
-      fclose($map_handle);
+      fwrite($hosts_handle, '# Autogenerated by mailcow' . PHP_EOL);
+      fclose($hosts_handle);
+
      // Write empty ACL file
-      $map_handle = fopen('/ejabberd/ejabberd_acl.yml', 'w');
-      if (!$map_handle) {
+      $acl_handle = fopen('/ejabberd/ejabberd_acl.yml', 'w');
+      if (!$acl_handle) {
        throw new Exception($lang['danger']['file_open_error']);
      }
-      fwrite($map_handle, '# Autogenerated by mailcow' . PHP_EOL);
-      fclose($map_handle);
+      fwrite($acl_handle, '# Autogenerated by mailcow' . PHP_EOL);
+      fclose($acl_handle);
    }

    if (md5_file('/ejabberd/ejabberd_acl.yml') != $ejabberd_acl_md5) {
@@ -196,6 +245,29 @@ function xmpp_rebuild_configs() {
      );
    }

+    if (md5_file('/etc/nginx/conf.d/ejabberd.conf') != $ejabberd_site_md5) {
+      $response = json_decode(docker('post', 'nginx-mailcow', 'exec', array("cmd" => "reload", "task" => "nginx"), 'Content-type: application/json'), true);
+      if (isset($response['type']) && $response['type'] == "success") {
+        $_SESSION['return'][] = array(
+          'type' => 'success',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => 'nginx_reloaded'
+        );
+      }
+      else {
+        if (!empty($response['msg'])) {
+          $error = $response['msg'];
+        }
+        else {
+          $error = '-';
+        }
+        $_SESSION['return'][] = array(
+          'type' => 'danger',
+          'log' => array(__FUNCTION__, $_action, $_data_log),
+          'msg' => array('nginx_reload_failed', htmlspecialchars($error))
+        );
+      }
+    }
  }
  catch (Exception $e) {
    $_SESSION['return'][] = array(