Merge branch 'feature/api' into main

Author: Kristan Kenney

bin/v-change-sys-api

@@ -44,6 +44,7 @@ if [ "$status" = "enable" ]; then
 else
     if [ $API = "yes" ]; then
         $HESTIA/bin/v-change-sys-config-value "API" "no"
+        $HESTIA/bin/v-change-sys-config-value "API_ALLOWED_IP" ""
         sed -i 's|//die("Error: Disabled");|die("Error: Disabled");|g' $HESTIA/web/api/index.php
     fi
 fi

func/upgrade.sh

@@ -151,8 +151,8 @@ upgrade_health_check() {
     fi    
     # API Allowed IP
     if [ -z "$API_ALLOWED_IP" ]; then
-        echo "[ ! ] Adding missing variable to hestia.conf: API_ALLOWED_IP ('')"        
-        $BIN/v-change-sys-config-value "API_ALLOWED_IP" "127.0.0.1"
+        echo "[ ! ] Adding missing variable to hestia.conf: API_ALLOWED_IP ('allow-all')"        
+        $BIN/v-change-sys-config-value "API_ALLOWED_IP" "allow-all"
     fi  
 
     echo "[ * ] Health check complete. Starting upgrade from $VERSION to $new_version..."
@@ -678,6 +678,7 @@ disable_api(){
     if [ "$API" = "no" ]; then
         echo "[ ! ] Disable Api..."
         sed -i 's|//die("Error: Disabled");|die("Error: Disabled");|g' $HESTIA/web/api/index.php
+        $HESTIA/bin/v-change-sys-config-value "API_ALLOWED_IP" ""
     fi
 }
 upgrade_rebuild_web_templates() {

web/api/index.php

@@ -45,8 +45,9 @@ function api($hst_hash, $hst_user, $hst_password, $hst_returncode, $hst_cmd, $hs
         echo 'Error: authentication failed';
         exit;
     }
-    if ( $settings['config']['API_ALLOWED_IP'] != '' ){
+    if ( $settings['config']['API_ALLOWED_IP'] != 'allow-all' ){
         $ip_list = explode(',',$settings['config']['API_ALLOWED_IP']);
+        $ip_list[] = '127.0.0.1';
         if ( !in_array(get_real_user_ip(), $ip_list)){
            echo 'Error: authentication failed';
            exit; 

web/edit/server/index.php

@@ -694,24 +694,16 @@
             $v_security_adv = 'yes';
         }
     }
-    if (empty($_SESSION['error_msg'])) {
-        if ($_POST['v_api'] != $_SESSION['API']) {
-            $api_status = 'disable';
-            if ($_POST['v_api'] == 'yes'){
-                $api_status = 'enable';
-            }
-            exec (HESTIA_CMD."v-change-sys-api ".escapeshellarg($api_status), $output, $return_var);
-            check_return_code($return_var,$output);
-            unset($output);
-            if (empty($_SESSION['error_msg'])) $v_login_style = $_POST['v_api'];
-            $v_security_adv = 'yes';
-        }
-    }
+    
     if (empty($_SESSION['error_msg'])) {
         if ($_POST['v_api_allowed_ip'] != $_SESSION['API_ALLOWED_IP']) {
             $ips = array();
             foreach(explode("\n",$_POST['v_api_allowed_ip']) as $ip){ 
-                if(filter_var(trim($ip), FILTER_VALIDATE_IP)){
+                if ($ip != "allow-all") {
+                    if(filter_var(trim($ip), FILTER_VALIDATE_IP)){
+                        $ips[] = trim($ip);
+                    }
+                }else{
                     $ips[] = trim($ip);
                 }
             }
@@ -724,6 +716,21 @@
             }
         }
     }
+    
+    if (empty($_SESSION['error_msg'])) {
+        if ($_POST['v_api'] != $_SESSION['API']) {
+            $api_status = 'disable';
+            if ($_POST['v_api'] == 'yes'){
+                $api_status = 'enable';
+            }
+            exec (HESTIA_CMD."v-change-sys-api ".escapeshellarg($api_status), $output, $return_var);
+            check_return_code($return_var,$output);
+            unset($output);
+            if (empty($_SESSION['error_msg'])) $v_login_style = $_POST['v_api'];
+            $v_security_adv = 'yes';
+        }
+    }
+
     // Update SSL certificate
     if ((!empty($_POST['v_ssl_crt'])) && (empty($_SESSION['error_msg']))) {
         if (($v_ssl_crt != str_replace("\r\n", "\n",  $_POST['v_ssl_crt'])) || ($v_ssl_key != str_replace("\r\n", "\n",  $_POST['v_ssl_key']))) {