From 6ded3dbd9552a37af0ebbf561759d35c38ee3f28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9?= Date: Fri, 8 Jun 2018 09:11:03 +0200 Subject: [PATCH] [API] Allow to set API options in mailcow.conf, fixes #1457 --- data/Dockerfiles/phpfpm/docker-entrypoint.sh | 28 +++++++++++++++++--- docker-compose.yml | 4 ++- generate_config.sh | 5 ++++ update.sh | 14 ++++++++++ 4 files changed, 46 insertions(+), 5 deletions(-) diff --git a/data/Dockerfiles/phpfpm/docker-entrypoint.sh b/data/Dockerfiles/phpfpm/docker-entrypoint.sh index 8e8d507ca..8bc81c970 100755 --- a/data/Dockerfiles/phpfpm/docker-entrypoint.sh +++ b/data/Dockerfiles/phpfpm/docker-entrypoint.sh @@ -1,11 +1,9 @@ #!/bin/bash set -e -if [[ ! -d "/data/dkim/txt" || ! -d "/data/dkim/keys" ]] ; then mkdir -p /data/dkim/{txt,keys} ; chown -R www-data:www-data /data/dkim; fi -if [[ $(stat -c %U /data/dkim/) != "www-data" ]] ; then chown -R www-data:www-data /data/dkim ; fi +function array_by_comma { local IFS=","; echo "$*"; } # Wait for containers - while ! mysqladmin ping --host mysql -u${DBUSER} -p${DBPASS} --silent; do sleep 2 done @@ -26,11 +24,33 @@ do DOMAIN_ARR+=("$line") done < <(mysql -h mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT alias_domain FROM alias_domain" -Bs) - if [[ ! -z ${DOMAIN_ARR} ]]; then for domain in "${DOMAIN_ARR[@]}"; do redis-cli -h redis-mailcow HSET DOMAIN_MAP ${domain} 1 done fi +# Set API options if env vars are not empty + +if [[ ! -z ${API_ALLOW_FROM} ]] && [[ ! -z ${API_KEY} ]]; then + IFS=',' read -r -a API_ALLOW_FROM_ARR <<< "${API_ALLOW_FROM}" + declare -a VALIDATED_API_ALLOW_FROM_ARR + REGEX_IP6='^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}$' + REGEX_IP4='^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' + + for IP in "${API_ALLOW_FROM_ARR[@]}"; do + if [[ ${IP} =~ ${REGEX_IP6} ]] || [[ ${IP} =~ ${REGEX_IP4} ]]; then + VALIDATED_API_ALLOW_FROM_ARR+=("${IP}") + fi + done + VALIDATED_IPS=$(array_by_comma ${VALIDATED_API_ALLOW_FROM_ARR[*]}) + if [[ ! -z ${VALIDATED_IPS} ]]; then + mysql --host mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF +INSERT INTO api (username, api_key, active, allow_from) +SELECT username, "${API_KEY}", '1', "${VALIDATED_IPS}" FROM admin WHERE superadmin='1' AND active='1' +ON DUPLICATE KEY UPDATE active = '1', allow_from = "${VALIDATED_IPS}", api_key = "${API_KEY}"; +EOF + fi +fi + exec "$@" diff --git a/docker-compose.yml b/docker-compose.yml index 546be3a0a..1b8886599 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -104,7 +104,7 @@ services: - rspamd php-fpm-mailcow: - image: mailcow/phpfpm:1.14 + image: mailcow/phpfpm:1.15 build: ./data/Dockerfiles/phpfpm command: "php-fpm -d date.timezone=${TZ} -d expose_php=0" depends_on: @@ -133,6 +133,8 @@ services: - SUBMISSION_PORT=${SUBMISSION_PORT:-587} - SMTPS_PORT=${SMTPS_PORT:-465} - SMTP_PORT=${SMTP_PORT:-25} + - API_KEY=${API_KEY:-} + - API_ALLOW_FROM=${API_ALLOW_FROM:-} restart: always sysctls: - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0} diff --git a/generate_config.sh b/generate_config.sh index ee38bd4a8..484059e6b 100755 --- a/generate_config.sh +++ b/generate_config.sh @@ -131,6 +131,11 @@ IPV6_NETWORK=fd4d:6169:6c63:6f77::/64 # Use 1 for disabled, 0 for enabled SYSCTL_IPV6_DISABLED=0 +# Create or override API key for web uI +# You _must_ define API_ALLOW_FROM, which is a comma separated list of IPs +#API_KEY= +#ÀPI_ALLOW_FROM=127.0.0.1,1.2.3.4 + EOF mkdir -p data/assets/ssl diff --git a/update.sh b/update.sh index 02a3b6130..e83a473fc 100755 --- a/update.sh +++ b/update.sh @@ -50,6 +50,8 @@ CONFIG_ARRAY=( "SYSCTL_IPV6_DISABLED" "COMPOSE_PROJECT_NAME" "SQL_PORT" + "API_KEY" + "API_ALLOW_FROM" ) sed -i '$a\' mailcow.conf @@ -107,6 +109,18 @@ for option in ${CONFIG_ARRAY[@]}; do echo '# Bind SQL to 127.0.0.1 on port 13306' >> mailcow.conf echo "SQL_PORT=127.0.0.1:13306" >> mailcow.conf fi + elif [[ ${option} == "API_KEY" ]]; then + if ! grep -q ${option} mailcow.conf; then + echo "Adding new option \"${option}\" to mailcow.conf" + echo '# Create or override API key for web UI' >> mailcow.conf + echo "#API_KEY=" >> mailcow.conf + fi + elif [[ ${option} == "API_ALLOW_FROM" ]]; then + if ! grep -q ${option} mailcow.conf; then + echo "Adding new option \"${option}\" to mailcow.conf" + echo '# Must be set for API_KEY to be active' >> mailcow.conf + echo "#API_ALLOW_FROM=" >> mailcow.conf + fi elif [[ ${option} == "SNAT_TO_SOURCE" ]]; then if ! grep -q ${option} mailcow.conf; then echo "Adding new option \"${option}\" to mailcow.conf"