[API] Allow to set API options in mailcow.conf, fixes #1457

data/Dockerfiles/phpfpm/docker-entrypoint.sh

@@ -1,11 +1,9 @@
 #!/bin/bash
 set -e
 
-if [[ ! -d "/data/dkim/txt" || ! -d "/data/dkim/keys" ]] ; then mkdir -p /data/dkim/{txt,keys} ; chown -R www-data:www-data /data/dkim; fi
-if [[ $(stat -c %U /data/dkim/) != "www-data" ]] ; then chown -R www-data:www-data /data/dkim ; fi
+function array_by_comma { local IFS=","; echo "$*"; }
 
 # Wait for containers
-
 while ! mysqladmin ping --host mysql -u${DBUSER} -p${DBPASS} --silent; do
   sleep 2
 done
@@ -26,11 +24,33 @@ do
   DOMAIN_ARR+=("$line")
 done < <(mysql -h mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SELECT alias_domain FROM alias_domain" -Bs)
 
-
 if [[ ! -z ${DOMAIN_ARR} ]]; then
 for domain in "${DOMAIN_ARR[@]}"; do
   redis-cli -h redis-mailcow HSET DOMAIN_MAP ${domain} 1
 done
 fi
 
+# Set API options if env vars are not empty
+
+if [[ ! -z ${API_ALLOW_FROM} ]] && [[ ! -z ${API_KEY} ]]; then
+  IFS=',' read -r -a API_ALLOW_FROM_ARR <<< "${API_ALLOW_FROM}"
+  declare -a VALIDATED_API_ALLOW_FROM_ARR
+  REGEX_IP6='^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}$'
+  REGEX_IP4='^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
+
+  for IP in "${API_ALLOW_FROM_ARR[@]}"; do
+    if [[ ${IP} =~ ${REGEX_IP6} ]] || [[ ${IP} =~ ${REGEX_IP4} ]]; then
+      VALIDATED_API_ALLOW_FROM_ARR+=("${IP}")
+    fi
+  done
+  VALIDATED_IPS=$(array_by_comma ${VALIDATED_API_ALLOW_FROM_ARR[*]})
+  if [[ ! -z ${VALIDATED_IPS} ]]; then
+    mysql --host mysql-mailcow -u ${DBUSER} -p${DBPASS} ${DBNAME} << EOF
+INSERT INTO api (username, api_key, active, allow_from)
+SELECT username, "${API_KEY}", '1', "${VALIDATED_IPS}" FROM admin WHERE superadmin='1' AND active='1'
+ON DUPLICATE KEY UPDATE active = '1', allow_from = "${VALIDATED_IPS}", api_key = "${API_KEY}";
+EOF
+  fi
+fi
+
 exec "$@"

docker-compose.yml

@@ -104,7 +104,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.14
+      image: mailcow/phpfpm:1.15
       build: ./data/Dockerfiles/phpfpm
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
@@ -133,6 +133,8 @@ services:
         - SUBMISSION_PORT=${SUBMISSION_PORT:-587}
         - SMTPS_PORT=${SMTPS_PORT:-465}
         - SMTP_PORT=${SMTP_PORT:-25}
+        - API_KEY=${API_KEY:-}
+        - API_ALLOW_FROM=${API_ALLOW_FROM:-}
       restart: always
       sysctls:
         - net.ipv6.conf.all.disable_ipv6=${SYSCTL_IPV6_DISABLED:-0}

generate_config.sh

@@ -131,6 +131,11 @@ IPV6_NETWORK=fd4d:6169:6c63:6f77::/64
 # Use 1 for disabled, 0 for enabled
 SYSCTL_IPV6_DISABLED=0
 
+# Create or override API key for web uI
+# You _must_ define API_ALLOW_FROM, which is a comma separated list of IPs
+#API_KEY=
+#ÀPI_ALLOW_FROM=127.0.0.1,1.2.3.4
+
 EOF
 
 mkdir -p data/assets/ssl

update.sh

@@ -50,6 +50,8 @@ CONFIG_ARRAY=(
   "SYSCTL_IPV6_DISABLED"
   "COMPOSE_PROJECT_NAME"
   "SQL_PORT"
+  "API_KEY"
+  "API_ALLOW_FROM"
 )
 
 sed -i '$a\' mailcow.conf
@@ -107,6 +109,18 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo '# Bind SQL to 127.0.0.1 on port 13306' >> mailcow.conf
       echo "SQL_PORT=127.0.0.1:13306" >> mailcow.conf
     fi
+  elif [[ ${option} == "API_KEY" ]]; then
+    if ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo '# Create or override API key for web UI' >> mailcow.conf
+      echo "#API_KEY=" >> mailcow.conf
+    fi
+  elif [[ ${option} == "API_ALLOW_FROM" ]]; then
+    if ! grep -q ${option} mailcow.conf; then
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo '# Must be set for API_KEY to be active' >> mailcow.conf
+      echo "#API_ALLOW_FROM=" >> mailcow.conf
+    fi
   elif [[ ${option} == "SNAT_TO_SOURCE" ]]; then
     if ! grep -q ${option} mailcow.conf; then
       echo "Adding new option \"${option}\" to mailcow.conf"