[Web] Add more map types soon; Do not expose private key via API if hidden in vars (fixes #3231)

2019-12-22 21:26:10 +01:00 · 2019-12-22 21:26:10 +01:00 · e47e54f3de
parent 26a267d3b6
commit e47e54f3de
7 changed files with 87 additions and 55 deletions
--- a/data/web/admin.php
+++ b/data/web/admin.php
@ -14,7 +14,7 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
  <ul class="nav nav-tabs" role="tablist">
    <li role="presentation" class="active"><a href="#tab-access" aria-controls="tab-access" role="tab" data-toggle="tab"><?=$lang['admin']['access'];?></a></li>
    <li role="presentation"><a href="#tab-config" aria-controls="tab-config" role="tab" data-toggle="tab"><?=$lang['admin']['configuration'];?></a></li>
-    <li role="presentation"><a href="#tab-routing" aria-controls="tab-config" role="tab" data-toggle="tab"><?=$lang['admin']['routing'];?></a></li>
+    <li role="presentation"><a href="#tab-routing" aria-controls="tab-routing" role="tab" data-toggle="tab"><?=$lang['admin']['routing'];?></a></li>
    <li role="presentation"><a href="#tab-sys-mails" aria-controls="tab-sys-mails" role="tab" data-toggle="tab"><?=$lang['admin']['sys_mails'];?></a></li>
    <li role="presentation"><a href="#tab-mailq" aria-controls="tab-mailq" role="tab" data-toggle="tab"><?=$lang['admin']['queue_manager'];?></a></li>
    <li role="presentation"><a href="#tab-rspamdmaps" aria-controls="tab-rspamdmaps" role="tab" data-toggle="tab"><?=$lang['admin']['rspamd_global_filters'];?></a></li>
@ -350,8 +350,8 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC

  <div role="tabpanel" class="tab-pane" id="tab-config">
    <div class="row">
-    <div id="sidebar-admin" class="col-sm-2 hidden-xs">
-      <div id="scrollbox" class="list-group">
+    <div id="sidebar-admin-config" class="col-sm-2 hidden-xs">
+      <div id="scrollbox-config" class="list-group">
        <a href="#dkim" class="list-group-item"><?=$lang['admin']['dkim_keys'];?></a>
        <a href="#fwdhosts" class="list-group-item"><?=$lang['admin']['forwarding_hosts'];?></a>
        <a href="#f2bparams" class="list-group-item"><?=$lang['admin']['f2b_parameters'];?></a>
@ -1139,43 +1139,57 @@ if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CAC
  </div>

  <div role="tabpanel" class="tab-pane" id="tab-rspamdmaps">
-    <div class="panel panel-default">
-      <div class="panel-heading">
-        <?=$lang['admin']['rspamd_global_filters'];?>
+    <div class="row">
+    <div id="sidebar-admin-maps" class="col-sm-2 hidden-xs">
+      <div id="scrollbox-maps" class="list-group">
+        <a href="#regexmaps" class="list-group-item">Regex maps</a>
+        <!-- <a href="#standardmaps" class="list-group-item">Standard maps</a> -->
+        <a href="#top" class="list-group-item" style="border-top:1px dashed #dadada">↸ <?=$lang['admin']['to_top'];?></a>
      </div>
-      <div class="panel-body">
-        <p><?=$lang['admin']['rspamd_global_filters_info'];?></p>
-        <div id="confirm_show_rspamd_global_filters" class="<?=($_SESSION['show_rspamd_global_filters'] === true) ? 'hidden' : '';?>">
-          <div class="form-group">
-            <div class="col-sm-offset-2 col-sm-10">
-              <label>
-                <input type="checkbox" id="show_rspamd_global_filters"> <?=$lang['admin']['rspamd_global_filters_agree'];?>
-              </label>
-            </div>
-          </div>
+    </div>
+    <div class="col-sm-10">
+      <div class="panel panel-default">
+        <div class="panel-heading">
+          <?=$lang['admin']['rspamd_global_filters'];?>
        </div>
-        <div id="rspamd_global_filters" class="<?=($_SESSION['show_rspamd_global_filters'] !== true) ? 'hidden' : '';?>">
-        <?php
-        foreach ($RSPAMD_MAPS as $rspamd_desc => $rspamd_map):
-        ?>
-        <hr>
-        <form class="form-horizontal" data-id="<?=$rspamd_map;?>" role="form" method="post">
-          <div class="form-group">
-            <label class="control-label col-sm-3" for="<?=$rspamd_map;?>"><?=$rspamd_desc;?><br><small><?=$rspamd_map;?></small></label>
-            <div class="col-sm-9">
-              <textarea id="<?=$rspamd_map;?>" spellcheck="false" autocorrect="off" autocapitalize="none" class="form-control textarea-code" rows="10" name="rspamd_map_data" required><?=file_get_contents('/rspamd_custom_maps/' . $rspamd_map);?></textarea>
+        <div class="panel-body">
+          <p><?=$lang['admin']['rspamd_global_filters_info'];?></p>
+          <div id="confirm_show_rspamd_global_filters" class="<?=($_SESSION['show_rspamd_global_filters'] === true) ? 'hidden' : '';?>">
+            <div class="form-group">
+              <div class="col-sm-offset-2 col-sm-10">
+                <label>
+                  <input type="checkbox" id="show_rspamd_global_filters"> <?=$lang['admin']['rspamd_global_filters_agree'];?>
+                </label>
+              </div>
            </div>
          </div>
-          <div class="form-group">
-            <div class="col-sm-offset-3 col-sm-9">
-              <button class="btn btn-xs btn-default validate_rspamd_regex" data-regex-map="<?=$rspamd_map;?>" href="#"><?=$lang['add']['validate'];?></button>
-              <button class="btn btn-xs btn-success submit_rspamd_regex" data-action="edit_selected" data-id="<?=$rspamd_map;?>" data-item="<?=htmlspecialchars($rspamd_map);?>" data-api-url='edit/rspamd-map' data-api-attr='{}' href="#" disabled><?=$lang['edit']['save'];?></button>
+          <div id="rspamd_global_filters" class="<?=($_SESSION['show_rspamd_global_filters'] !== true) ? 'hidden' : '';?>">
+          <hr>
+          <span class="anchor" id="regexmaps"></span>
+          <h4>Regex Maps</h4>
+          <p><?=$lang['admin']['rspamd_global_filters_regex'];?></p>
+          <?php
+          foreach ($RSPAMD_MAPS['regex'] as $rspamd_regex_desc => $rspamd_regex_map):
+          ?>
+          <hr>
+          <form class="form-horizontal" data-id="<?=$rspamd_regex_map;?>" role="form" method="post">
+            <div class="form-group">
+              <label class="control-label col-sm-3" for="<?=$rspamd_regex_map;?>"><?=$rspamd_regex_desc;?><br><small><?=$rspamd_regex_map;?></small></label>
+              <div class="col-sm-9">
+                <textarea id="<?=$rspamd_regex_map;?>" spellcheck="false" autocorrect="off" autocapitalize="none" class="form-control textarea-code" rows="10" name="rspamd_regex_map_data" required><?=file_get_contents('/rspamd_custom_maps/' . $rspamd_regex_map);?></textarea>
+              </div>
            </div>
+            <div class="form-group">
+              <div class="col-sm-offset-3 col-sm-9">
+                <button class="btn btn-xs btn-default validate_rspamd_regex" data-regex-map="<?=$rspamd_regex_map;?>" href="#"><?=$lang['add']['validate'];?></button>
+                <button class="btn btn-xs btn-success submit_rspamd_regex" data-action="edit_selected" data-id="<?=$rspamd_regex_map;?>" data-item="<?=htmlspecialchars($rspamd_regex_map);?>" data-api-url='edit/rspamd-map' data-api-attr='{}' href="#" disabled><?=$lang['edit']['save'];?></button>
+              </div>
+            </div>
+          </form>
+          <?php
+          endforeach;
+          ?>
          </div>
-        </form>
-        <?php
-        endforeach;
-        ?>
        </div>
      </div>
    </div>
--- a/data/web/inc/functions.dkim.inc.php
+++ b/data/web/inc/functions.dkim.inc.php
@ -247,7 +247,12 @@ function dkim($_action, $_data = null) {
        }
        $dkimdata['dkim_txt'] = 'v=DKIM1;k=rsa;t=s;s=email;p=' . $redis_dkim_key_data;
        $dkimdata['dkim_selector'] = $redis->hGet('DKIM_SELECTORS', $_data);
-        $dkimdata['privkey'] = base64_encode($redis->hGet('DKIM_PRIV_KEYS', $dkimdata['dkim_selector'] . '.' . $_data));
+        if ($GLOBALS['SHOW_DKIM_PRIV_KEYS']) {
+          $dkimdata['privkey'] = base64_encode($redis->hGet('DKIM_PRIV_KEYS', $dkimdata['dkim_selector'] . '.' . $_data));
+        }
+        else {
+          $dkimdata['privkey'] = '';
+        }
      }
      return $dkimdata;
    break;
--- a/data/web/inc/vars.inc.php
+++ b/data/web/inc/vars.inc.php
@ -157,13 +157,15 @@ $MAILBOX_DEFAULT_ATTRIBUTES['mailbox_format'] = 'maildir:';

 // Set visible Rspamd maps in mailcow UI, do not change unless you know what you are doing
 $RSPAMD_MAPS = array(
-  'Header-From: Blacklist' => 'global_mime_from_blacklist.map',
-  'Header-From: Whitelist' => 'global_mime_from_whitelist.map',
-  'Envelope Sender Blacklist' => 'global_smtp_from_blacklist.map',
-  'Envelope Sender Whitelist' => 'global_smtp_from_whitelist.map',
-  'Recipient Blacklist' => 'global_rcpt_blacklist.map',
-  'Recipient Whitelist' => 'global_rcpt_whitelist.map',
-  'Fishy TLDS (only fired in combination with bad words)' => 'fishy_tlds.map',
-  'Bad Words (only fired in combination with fishy TLDs)' => 'bad_words.map',
-  'Bad Languages' => 'bad_languages.map',
+  'regex' => array(
+    'Header-From: Blacklist' => 'global_mime_from_blacklist.map',
+    'Header-From: Whitelist' => 'global_mime_from_whitelist.map',
+    'Envelope Sender Blacklist' => 'global_smtp_from_blacklist.map',
+    'Envelope Sender Whitelist' => 'global_smtp_from_whitelist.map',
+    'Recipient Blacklist' => 'global_rcpt_blacklist.map',
+    'Recipient Whitelist' => 'global_rcpt_whitelist.map',
+    'Fishy TLDS (only fired in combination with bad words)' => 'fishy_tlds.map',
+    'Bad Words (only fired in combination with fishy TLDs)' => 'bad_words.map',
+    'Bad Languages' => 'bad_languages.map',
+  )
 );
--- a/data/web/js/site/admin.js
+++ b/data/web/js/site/admin.js
@ -442,23 +442,31 @@ jQuery(function($){
  });
 });
 $(window).load(function(){
-  initial_width = $("#sidebar-admin").width();
-  $("#scrollbox").css("width", initial_width);
+  initial_width_config = $("#sidebar-admin-config").width();
+  initial_width_maps = $("#sidebar-admin-maps").width();
+  $("#scrollbox-config").css("width", initial_width_config);
+  $("#scrollbox-maps").css("width", initial_width_maps);
  if (sessionStorage.scrollTop > 70) {
-    $('#scrollbox').addClass('scrollboxFixed');
+    $('#scrollbox-config').addClass('scrollboxFixed');
+    $('#scrollbox-maps').addClass('scrollboxFixed');
  }
  $(window).bind('scroll', function() {
    if ($(window).scrollTop() > 70) {
-      $('#scrollbox').addClass('scrollboxFixed');
+      $('#scrollbox-config').addClass('scrollboxFixed');
+      $('#scrollbox-maps').addClass('scrollboxFixed');
    } else {
-      $('#scrollbox').removeClass('scrollboxFixed');
+      $('#scrollbox-config').removeClass('scrollboxFixed');
+      $('#scrollbox-maps').removeClass('scrollboxFixed');
    }
  });
 });
 function resizeScrollbox() {
-  on_resize_width = $("#sidebar-admin").width();
-  $("#scrollbox").removeAttr("style");
-  $("#scrollbox").css("width", on_resize_width);
+  on_resize_width_config = $("#sidebar-admin-config").width();
+  on_resize_width_maps = $("#sidebar-admin-maps").width();
+  $("#scrollbox-config").removeAttr("style");
+  $("#scrollbox-config").css("width", on_resize_width_config);
+  $("#scrollbox-maps").removeAttr("style");
+  $("#scrollbox-maps").css("width", on_resize_width_maps);
 }
 $(window).on('resize', resizeScrollbox);
 $('a[data-toggle="tab"]').on('shown.bs.tab', resizeScrollbox);
--- a/data/web/lang/lang.de.json
+++ b/data/web/lang/lang.de.json
@ -497,7 +497,8 @@
        "transport_dest_format": "Syntax: example.org, .example.org, *, box@example.org (mehrere Werte getrennt durch Komma einzugeben)",
        "rspamd_global_filters_agree": "Ich werde vorsichtig sein!",
        "rspamd_global_filters": "Globale Filter-Maps",
-        "rspamd_global_filters_info": "Globale Filter-Maps steuern globales White- und Blacklisting dieses Servers. Die akzeptierte Form für Einträge sind <b>ausschließlich</b> Regular Expressions.\r\n  Trotz rudimentärer Überprüfung der Map, kann es zu fehlerhaften Einträgen kommen, die Rspamd im schlechtesten Fall mit unvorhersehbarer Funktionalität bestraft.<br>\r\n  Das korrekte Format lautet \"/pattern/options\" (Beispiel: <code>/.+@domain\\.tld/i</code>).<br>\r\n  Der Name der Map beschreibt die jeweilige Funktion.<br>\r\n  Rspamd versucht die Maps umgehend aufzulösen. Bei Problemen sollte <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">Rspamd manuell neugestartet werden</a>.",
+        "rspamd_global_filters_info": "Globale Filter-Maps steuern globales White- und Blacklisting dieses Servers.",
+        "rspamd_global_filters_regex": "Die akzeptierte Form für Einträge sind <b>ausschließlich</b> Regular Expressions.\r\n  Trotz rudimentärer Überprüfung der Map, kann es zu fehlerhaften Einträgen kommen, die Rspamd im schlechtesten Fall mit unvorhersehbarer Funktionalität bestraft.<br>\r\n  Das korrekte Format lautet \"/pattern/options\" (Beispiel: <code>/.+@domain\\.tld/i</code>).<br>\r\n  Der Name der Map beschreibt die jeweilige Funktion.<br>\r\n  Rspamd versucht die Maps umgehend aufzulösen. Bei Problemen sollte <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">Rspamd manuell neugestartet werden</a>.",
        "add_admin": "Administrator hinzufügen",
        "dkim_domains_selector": "Selektor",
        "search_domain_da": "Suche Domains",
--- a/data/web/lang/lang.en.json
+++ b/data/web/lang/lang.en.json
@ -509,7 +509,8 @@
        "transport_dest_format": "Syntax: example.org, .example.org, *, box@example.org (multiple values can be comma-separated)",
        "rspamd_global_filters_agree": "I will be careful!",
        "rspamd_global_filters": "Global filter maps",
-        "rspamd_global_filters_info": "Global filter maps contain different kind of global black and whitelists. Their names explain their purpose. All content must contain valid regular expression in the format of \"/pattern/options\" (e.g. <code>/.+@domain\\.tld/i</code>).<br>\r\n  Although rudimentary checks are being executed on each line of regex, Rspamds functionality can be broken, if it fails to read the syntax correctly.<br>\r\n  Rspamd will try to read the map content when changed. If you experience problems, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">restart Rspamd</a> to enforce a map reload."
+        "rspamd_global_filters_info": "Global filter maps contain different kind of global black and whitelists.",
+        "rspamd_global_filters_regex": "Their names explain their purpose. All content must contain valid regular expression in the format of \"/pattern/options\" (e.g. <code>/.+@domain\\.tld/i</code>).<br>\r\n  Although rudimentary checks are being executed on each line of regex, Rspamds functionality can be broken, if it fails to read the syntax correctly.<br>\r\n  Rspamd will try to read the map content when changed. If you experience problems, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">restart Rspamd</a> to enforce a map reload."
    },
    "start": {
        "mailcow_apps_detail": "Use a mailcow app to access your mails, calendar, contacts and more.",
--- a/data/web/lang/lang.nl.json
+++ b/data/web/lang/lang.nl.json
@ -499,7 +499,8 @@
        "transport_dest_format": "Voorbeeld: example.org, .example.org, *, postvak@example.org (meerdere waarden zijn kommagescheiden)",
        "rspamd_global_filters_agree": "Ik ben me ervan bewust dat aanpassingen desastreuze gevolgen kunnen hebben",
        "rspamd_global_filters": "Globale filters",
-        "rspamd_global_filters_info": "Ieder globaal filter heeft zijn eigen functie, zie de namen. De velden kunnen enkel regular expressions bevatten met het formaat \"/pattern/options\", bijvoorbeeld <code>/.+@domain\\.tld/i</code>.<br>Ondanks dat alle invoer wordt gecontroleerd op fouten, is het toch mogelijk dat Rspamd onbruikbaar wordt als deze de invoer niet kan lezen.<br>Als je problemen ervaart, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">herstart Rspamd</a> dan om de filters opnieuw te laten lezen."
+        "rspamd_global_filters_info": "Ieder globaal filter heeft zijn eigen functie, zie de namen.",
+        "rspamd_global_filters_regex": "De velden kunnen enkel regular expressions bevatten met het formaat \"/pattern/options\", bijvoorbeeld <code>/.+@domain\\.tld/i</code>.<br>Ondanks dat alle invoer wordt gecontroleerd op fouten, is het toch mogelijk dat Rspamd onbruikbaar wordt als deze de invoer niet kan lezen.<br>Als je problemen ervaart, <a href=\"\" data-toggle=\"modal\" data-container=\"rspamd-mailcow\" data-target=\"#RestartContainer\">herstart Rspamd</a> dan om de filters opnieuw te laten lezen."
    },
    "start": {
        "mailcow_apps_detail": "Gebruik een Mailcow-app om je mails, agenda, contacten en meer te bekijken.",