ncp.sh: Move ncp.conf to ncp-template

Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com>
2026-01-10 15:12:01 -03:30 · 2023-12-26 18:43:33 +01:00 · 2023-12-26 18:43:33 +01:00 · 308aef9b2b
commit 308aef9b2b
parent 9396f7932b
4 changed files with 60 additions and 54 deletions
--- a/etc/ncp-templates/apache2/ncp.conf.sh
+++ b/etc/ncp-templates/apache2/ncp.conf.sh
@ -0,0 +1,52 @@
+#! /bin/bash
+
+set -e
+
+export WEBADMIN=ncp
+
+cat <<EOF
+Listen 4443
+<VirtualHost _default_:4443>
+  DocumentRoot /var/www/ncp-web
+  SSLEngine on
+  SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
+  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+  <IfModule mod_headers.c>
+    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
+  </IfModule>
+
+  # 2 days to avoid very big backups requests to timeout
+  TimeOut 172800
+
+  <IfModule mod_authnz_external.c>
+    DefineExternalAuth pwauth pipe /usr/sbin/pwauth
+  </IfModule>
+
+</VirtualHost>
+<Directory /var/www/ncp-web/>
+
+  AuthType Basic
+  AuthName "ncp-web login"
+  AuthBasicProvider external
+  AuthExternal pwauth
+
+  <RequireAll>
+
+   <RequireAny>
+      Require host localhost
+      Require local
+      Require ip 192.168
+      Require ip 172
+      Require ip 10
+      Require ip fe80::/10
+      Require ip fd00::/8
+   </RequireAny>
+
+   Require user $WEBADMIN
+
+  </RequireAll>
+
+</Directory>
+EOF
+
+systemctl reload apache2
--- a/ncp-web/ncp-launcher.php
+++ b/ncp-web/ncp-launcher.php
@ -66,7 +66,7 @@ if ( $_POST['action'] == "launch" && $_POST['config'] )

      // sanitize
      $val = trim(escapeshellarg($new_params[$id]),"'");
-      preg_match( '/[\'" &]/' , $val , $matches )
+      preg_match( '/[\&#;\'`|*?~<>^"()[{}$& ]/' , $val , $matches )
        and exit( '{ "output": "Invalid characters in input" , "token": "' . getCSRFToken() . '" }' );

      // save
--- a/ncp.sh
+++ b/ncp.sh
@ -70,59 +70,7 @@ EOF
 </Directory>
 EOF

-  cat > /etc/apache2/sites-available/ncp.conf <<EOF
-Listen 4443
-<VirtualHost _default_:4443>
-  DocumentRoot /var/www/ncp-web
-  SSLEngine on
-  SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
-  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
-  <IfModule mod_headers.c>
-    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
-  </IfModule>
-
-  # 2 days to avoid very big backups requests to timeout
-  TimeOut 172800
-
-  <IfModule mod_authnz_external.c>
-    DefineExternalAuth pwauth pipe /usr/sbin/pwauth
-  </IfModule>
-
-</VirtualHost>
-<Directory /var/www/ncp-web/>
-
-  AuthType Basic
-  AuthName "ncp-web login"
-  AuthBasicProvider external
-  AuthExternal pwauth
-
-  SetEnvIf Request_URI "^" noauth
-  SetEnvIf Request_URI "^index\.php$" !noauth
-  SetEnvIf Request_URI "^/$" !noauth
-  SetEnvIf Request_URI "^/wizard/index.php$" !noauth
-  SetEnvIf Request_URI "^/wizard/$" !noauth
-
-  <RequireAll>
-
-   <RequireAny>
-      Require host localhost
-      Require local
-      Require ip 192.168
-      Require ip 172
-      Require ip 10
-      Require ip fe80::/10
-      Require ip fd00::/8
-   </RequireAny>
-
-   <RequireAny>
-      Require env noauth
-      Require user $WEBADMIN
-   </RequireAny>
-
-  </RequireAll>
-
-</Directory>
-EOF
+  install_template apache2/ncp.conf.sh /etc/apache2/sites-available/ncp.conf --defaults

  $APTINSTALL libapache2-mod-authnz-external pwauth
  a2enmod authnz_external authn_core auth_basic
--- a/updates/1.53.1.sh
+++ b/updates/1.53.1.sh
@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -e
+
+source /usr/local/etc/library.sh
+
+install_template apache2/ncp.conf.sh /etc/apache2/sites-available/ncp.conf --defaults