cphipps/watchstate
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

minor typo fixes

Browse Source
This commit is contained in:
arabcoders
2025-05-16 09:23:14 +03:00
parent b0663356e2
commit 1272d9969f
3 changed files with 25 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
config/config.php
View File

@@ -18,13 +18,13 @@ use Monolog\Level;
return (function () { return (function () {
$inContainer = inContainer(); $inContainer = inContainer();
$progressTimeCheck = fn (int $v, int $d): int => 0 === $v || $v >= 180 ? $v : $d; $progressTimeCheck = fn(int $v, int $d): int => 0 === $v || $v >= 180 ? $v : $d;
$config = [ $config = [
'name' => 'WatchState', 'name' => 'WatchState',
'version' => '$(version_via_ci)', 'version' => '$(version_via_ci)',
'tz' => env('WS_TZ', env('TZ', 'UTC')), 'tz' => env('WS_TZ', env('TZ', 'UTC')),
'path' => fixPath(env('WS_DATA_PATH', fn () => $inContainer ? '/config' : __DIR__ . '/../var')), 'path' => fixPath(env('WS_DATA_PATH', fn() => $inContainer ? '/config' : __DIR__ . '/../var')),
'logs' => [ 'logs' => [
'context' => (bool)env('WS_LOGS_CONTEXT', false), 'context' => (bool)env('WS_LOGS_CONTEXT', false),
'prune' => [ 'prune' => [
@@ -44,7 +44,7 @@ return (function () {
'encode' => JSON_INVALID_UTF8_IGNORE | JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE, 'encode' => JSON_INVALID_UTF8_IGNORE | JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_AMP | JSON_HEX_QUOT | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE,
'headers' => [ 'headers' => [
'Content-Type' => 'application/json', 'Content-Type' => 'application/json',
'X-Application-Version' => fn () => getAppVersion(), 'X-Application-Version' => fn() => getAppVersion(),
'Access-Control-Allow-Origin' => '*', 'Access-Control-Allow-Origin' => '*',
], ],
], ],
@@ -71,7 +71,7 @@ return (function () {
'proxy' => (bool)env('WS_TRUST_PROXY', false), 'proxy' => (bool)env('WS_TRUST_PROXY', false),
'header' => (string)env('WS_TRUST_HEADER', 'X-Forwarded-For'), 'header' => (string)env('WS_TRUST_HEADER', 'X-Forwarded-For'),
'local' => (bool)env('WS_TRUST_LOCAL', false), 'local' => (bool)env('WS_TRUST_LOCAL', false),
'localnet' => [ 'local_net' => [
'192.168.0.0/16', // RFC-1918 A-block. '192.168.0.0/16', // RFC-1918 A-block.
'127.0.0.1/32', // localhost IPv4 '127.0.0.1/32', // localhost IPv4
'10.0.0.0/8', // RFC-1918 C-block. '10.0.0.0/8', // RFC-1918 C-block.
@@ -162,14 +162,14 @@ return (function () {
$config['profiler'] = [ $config['profiler'] = [
'save' => (bool)env('WS_PROFILER_SAVE', true), 'save' => (bool)env('WS_PROFILER_SAVE', true),
'path' => env('WS_PROFILER_PATH', fn () => ag($config, 'tmpDir') . '/profiler'), 'path' => env('WS_PROFILER_PATH', fn() => ag($config, 'tmpDir') . '/profiler'),
'collector' => env('WS_PROFILER_COLLECTOR', null), 'collector' => env('WS_PROFILER_COLLECTOR', null),
]; ];
$config['cache'] = [ $config['cache'] = [
'prefix' => env('WS_CACHE_PREFIX', null), 'prefix' => env('WS_CACHE_PREFIX', null),
'url' => env('WS_CACHE_URL', 'redis://127.0.0.1:6379'), 'url' => env('WS_CACHE_URL', 'redis://127.0.0.1:6379'),
'path' => env('WS_CACHE_PATH', fn () => ag($config, 'tmpDir') . '/cache'), 'path' => env('WS_CACHE_PATH', fn() => ag($config, 'tmpDir') . '/cache'),
]; ];
$config['logger'] = [ $config['logger'] = [

20
config/env.spec.php
View File

@@ -67,7 +67,7 @@ return (function () {
], ],
[ [
'key' => 'WS_TRUST_LOCAL', 'key' => 'WS_TRUST_LOCAL',
'description' => 'Bypass the authentication layer for local IP Addresses for WebUI.', 'description' => 'Bypass the WebUI authentication layer for local IP addresses.',
'type' => 'bool', 'type' => 'bool',
'danger' => true, 'danger' => true,
], ],
@@ -276,20 +276,22 @@ return (function () {
return $value; return $value;
} }
$hash = password_hash($value, Config::get('password.algo'), Config::get('password.options', [])); try {
return $prefix . password_hash(
if (false === $hash) { $value,
throw new ValidationException('Invalid password. Password hashing failed.'); Config::get('password.algo'),
Config::get('password.options', [])
);
} catch (ValueError $e) {
throw new ValidationException('Invalid password. Password hashing failed.', $e);
} }
return $prefix . $hash;
}, },
'mask' => true, 'mask' => true,
'protected' => true, 'protected' => true,
], ],
[ [
'key' => 'WS_SYSTEM_SECRET', 'key' => 'WS_SYSTEM_SECRET',
'description' => 'The secret key which is used to sign sucessful auth requests.', 'description' => 'The secret key which is used to sign successful auth requests.',
'type' => 'string', 'type' => 'string',
'validate' => function (mixed $value): string { 'validate' => function (mixed $value): string {
if (empty($value)) { if (empty($value)) {

15
src/API/System/Auth.php
View File

@@ -12,10 +12,10 @@ use App\Libs\Config;
use App\Libs\DataUtil; use App\Libs\DataUtil;
use App\Libs\Enums\Http\Method; use App\Libs\Enums\Http\Method;
use App\Libs\Enums\Http\Status; use App\Libs\Enums\Http\Status;
use App\Libs\IpUtils;
use App\Libs\Middlewares\AuthorizationMiddleware; use App\Libs\Middlewares\AuthorizationMiddleware;
use App\Libs\TokenUtil; use App\Libs\TokenUtil;
use App\Libs\Traits\APITraits; use App\Libs\Traits\APITraits;
use App\Libs\IpUtils;
use Psr\Http\Message\ResponseInterface as iResponse; use Psr\Http\Message\ResponseInterface as iResponse;
use Psr\Http\Message\ServerRequestInterface as iRequest; use Psr\Http\Message\ServerRequestInterface as iRequest;
use Throwable; use Throwable;
@@ -42,13 +42,14 @@ final class Auth
return api_response(Status::NO_CONTENT); return api_response(Status::NO_CONTENT);
} }
if (false === Config::get('trust.local', false)) { $localNet = Config::get('trust.local_net', []);
if (true !== (bool)Config::get('trust.local', false) || count($localNet) < 1) {
return api_response(Status::OK); return api_response(Status::OK);
} }
$localAddress = getClientIp($request); $localAddress = getClientIp($request);
if (false === IpUtils::checkIp($localAddress, Config::get('trust.localnet', []))) { if (false === IpUtils::checkIp($localAddress, $localNet)) {
return api_response(Status::OK); return api_response(Status::OK);
} }
@@ -123,8 +124,8 @@ final class Auth
try { try {
$payload = json_decode($payload, true, flags: JSON_THROW_ON_ERROR); $payload = json_decode($payload, true, flags: JSON_THROW_ON_ERROR);
$tokenUser = ag($payload, 'username', fn () => TokenUtil::generateSecret()); $tokenUser = ag($payload, 'username', fn() => TokenUtil::generateSecret());
$systemUser = Config::get('system.user', fn () => TokenUtil::generateSecret()); $systemUser = Config::get('system.user', fn() => TokenUtil::generateSecret());
if (false === hash_equals($systemUser, $tokenUser)) { if (false === hash_equals($systemUser, $tokenUser)) {
return api_error('Invalid token.', Status::UNAUTHORIZED); return api_error('Invalid token.', Status::UNAUTHORIZED);
@@ -254,8 +255,8 @@ final class Auth
return api_error('Invalid current password.', Status::UNAUTHORIZED); return api_error('Invalid current password.', Status::UNAUTHORIZED);
} }
$repsonse = APIRequest(Method::POST, '/system/env/WS_SYSTEM_PASSWORD', ['value' => $new_password]); $response = APIRequest(Method::POST, '/system/env/WS_SYSTEM_PASSWORD', ['value' => $new_password]);
if (Status::OK !== $repsonse->status) { if (Status::OK !== $response->status) {
return api_error('Failed to set new password.', Status::INTERNAL_SERVER_ERROR); return api_error('Failed to set new password.', Status::INTERNAL_SERVER_ERROR);
} }