From 0297285ef1287ed4db41104c2b5a877529e668a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20N=C3=A9grier?= Date: Wed, 11 Jul 2018 13:54:59 +0200 Subject: [PATCH 1/2] Disable UI via environment variable --- doc/installing_mouf.md | 8 +++++ .../Controllers/MoufInstallController.php | 17 +++++++++-- src/direct/utils/check_rights.php | 29 +++++++++++++------ src/splash.php | 29 +++++++++++++------ 4 files changed, 62 insertions(+), 21 deletions(-) diff --git a/doc/installing_mouf.md b/doc/installing_mouf.md index 742a624..2bda6dd 100644 --- a/doc/installing_mouf.md +++ b/doc/installing_mouf.md @@ -107,3 +107,11 @@ Mouf UI is designed to be used on a development environment, not on a production If you are running a production server (if you are not on a development environment), it is more secure to prevent Apache from writing to the application directories (or to open those rights on a very restrictive basis). In this scenario, you don't need to share write rights with Apache. + +Also, you might want to completely prevent users from accessing the UI. You can disable Mouf UI +by setting the `MOUF_UI` environment variable to 0. + +``` +# Disable Mouf UI via environment variable: +MOUF_UI=0 +``` diff --git a/src-dev/Mouf/Controllers/MoufInstallController.php b/src-dev/Mouf/Controllers/MoufInstallController.php index 2fec18e..9eedb94 100644 --- a/src-dev/Mouf/Controllers/MoufInstallController.php +++ b/src-dev/Mouf/Controllers/MoufInstallController.php @@ -7,8 +7,8 @@ * For the full copyright and license information, please view the LICENSE.txt * file that was distributed with this source code. */ -namespace Mouf\Controllers; - +namespace Mouf\Controllers; + use Mouf\Html\Template\TemplateInterface; use Mouf\Html\Widgets\MessageService\Service\UserMessageInterface; @@ -19,7 +19,7 @@ use Mouf\Html\HtmlElement\HtmlBlock; -use Mouf\Mvc\Splash\Controllers\Controller; +use Mouf\Mvc\Splash\Controllers\Controller; /** @@ -49,6 +49,17 @@ class MoufInstallController extends Controller { */ public function index() { + $moufUI = getenv('MOUF_UI'); + if ($moufUI !== false) { + $moufUI = (bool) $moufUI; + if (!$moufUI) { + header('HTTP/1.1 403 Forbidden'); + echo 'Error! Access to Mouf UI is forbidden on this environment (env variable MOUF_UI is set to 0)'; + exit; + } + } + unset($moufUI); + if (!extension_loaded("curl")) { $this->contentBlock->addFile(dirname(__FILE__)."/../../views/mouf_installer/missing_curl.php", $this); } else { diff --git a/src/direct/utils/check_rights.php b/src/direct/utils/check_rights.php index e78d7f1..c7c877c 100755 --- a/src/direct/utils/check_rights.php +++ b/src/direct/utils/check_rights.php @@ -1,13 +1,13 @@ - * - * For the full copyright and license information, please view the LICENSE.txt - * file that was distributed with this source code. - */ - +/* + * This file is part of the Mouf core package. + * + * (c) 2012 David Negrier + * + * For the full copyright and license information, please view the LICENSE.txt + * file that was distributed with this source code. + */ + /** * This file should be included at the beginning of each file of the "/direct" folder. * It checks that the rights are ok. @@ -15,6 +15,17 @@ * (because it could be a request from Mouf itself via Curl, and therefore not logged). */ +$moufUI = getenv('MOUF_UI'); +if ($moufUI !== false) { + $moufUI = (bool) $moufUI; + if (!$moufUI) { + header('HTTP/1.1 403 Forbidden'); + echo 'Error! Access to Mouf UI is forbidden on this environment (env variable MOUF_UI is set to 0)'; + exit; + } +} +unset($moufUI); + // TODO: remove this condition when everything is migrated to the new cookie propagation method. if ($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR'] /*|| $_SERVER['REMOTE_ADDR'] == '::1'*/) { return; diff --git a/src/splash.php b/src/splash.php index 660a4c6..9f26479 100755 --- a/src/splash.php +++ b/src/splash.php @@ -1,13 +1,24 @@ - * - * For the full copyright and license information, please view the LICENSE.txt - * file that was distributed with this source code. - */ - +/* + * This file is part of the Mouf core package. + * + * (c) 2012 David Negrier + * + * For the full copyright and license information, please view the LICENSE.txt + * file that was distributed with this source code. + */ + +$moufUI = getenv('MOUF_UI'); +if ($moufUI !== false) { + $moufUI = (bool) $moufUI; + if (!$moufUI) { + header('HTTP/1.1 403 Forbidden'); + echo 'Error! Access to Mouf UI is forbidden on this environment (env variable MOUF_UI is set to 0)'; + exit; + } +} +unset($moufUI); + // Let's load the Mouf file, and the MoufAdmin file. // The MoufAdmin will replace the Mouf configuration file. if (file_exists(dirname(__FILE__).'/../MoufComponents.php')) { From 3fa93f9a4df2ec90ce120ae795801a5cfcd2ffa0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20N=C3=A9grier?= Date: Wed, 11 Jul 2018 13:58:52 +0200 Subject: [PATCH 2/2] Fixing env variable check --- src/mouf_router.php | 13 ++++++++++++- src/splash.php | 11 ----------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/mouf_router.php b/src/mouf_router.php index d835d8d..5d96fab 100644 --- a/src/mouf_router.php +++ b/src/mouf_router.php @@ -1,4 +1,15 @@ -