Merge pull request hestiacp#629 from Lupul/dev-0727-app-wizard

Web App Installer

Author: Lupul

bin/v-extract-fs-archive

@@ -1,14 +1,15 @@
 #!/bin/bash
 # info: archive to directory
-# options: USER ARCHIVE DIRECTORY
+# options: USER ARCHIVE DIRECTORY [SELECTED_DIR] [STRIP] [TEST]
 #
 # The function extracts archive into directory on the file system
 
 user=$1
 src_file=$2
 dst_dir=$3
 selected_dir=$4
-test=$5
+strip=$5
+test=$6
 
 # Includes
 source $HESTIA/func/main.sh
@@ -17,7 +18,7 @@ source $HESTIA/func/main.sh
 #                    Verifications                         #
 #----------------------------------------------------------#
 
-check_args '3' "$#" 'USER ARCHIVE DIRECTORY [SELECTED_DIR] [TEST]'
+check_args '3' "$#" 'USER ARCHIVE DIRECTORY [SELECTED_DIR] [STRIP] [TEST]'
 is_format_valid 'user'
 is_object_valid 'user' 'USER' "$user"
 
@@ -48,12 +49,16 @@ if [ -z "$(echo $rpath |egrep "^/tmp|^$homedir")" ]; then
     exit 2
 fi
 
+if [ ! -z "$strip" ]; then
+    is_int_format_valid "$strip" 'strip-components'
+    tar_strip_level="--strip-components $strip"
+fi
 # Extracting gziped archive
 if [ ! -z "$(echo $src_file |egrep -i  '.tgz|.tar.gz')" ]; then
     x='yes'
     if [ -z "$test" ] || [ "$test" = "no" ]; then
         setpriv --init-groups --reuid "$user" --regid "$user" -- mkdir -p "$dst_dir" >/dev/null 2>&1
-        setpriv --init-groups --reuid "$user" --regid "$user" -- tar -xzf "$src_file" -C "$dst_dir" --no-wildcards "$selected_dir" >/dev/null 2>&1
+        setpriv --init-groups --reuid "$user" --regid "$user" -- tar -xzf "$src_file" -C "$dst_dir" --no-wildcards "$selected_dir" $tar_strip_level >/dev/null 2>&1
         rc=$?
     else
         setpriv --init-groups --reuid "$user" --regid "$user" -- tar -tf "$src_file" --no-wildcards "$selected_dir" >/dev/null 2>&1
@@ -67,7 +72,7 @@ if [ ! -z "$(echo $src_file |egrep -i  '.tbz|.tar.bz')" ]; then
     x='yes'
     if [ -z "$test" ] || [ "$test" = "no" ]; then
         setpriv --init-groups --reuid "$user" --regid "$user" -- mkdir -p "$dst_dir" >/dev/null 2>&1
-        setpriv --init-groups --reuid "$user" --regid "$user" -- tar -xjf "$src_file" -C "$dst_dir" --no-wildcards "$selected_dir" >/dev/null 2>&1
+        setpriv --init-groups --reuid "$user" --regid "$user" -- tar -xjf "$src_file" -C "$dst_dir" --no-wildcards "$selected_dir" $tar_strip_level >/dev/null 2>&1
         rc=$?
     else
         setpriv --init-groups --reuid "$user" --regid "$user" -- tar -tf "$src_file" --no-wildcards "$selected_dir" >/dev/null 2>&1
@@ -111,7 +116,7 @@ if [ ! -z "$(echo $src_file |grep -i '.tar')" ] && [ -z "$x" ]; then
     x='yes'
     if [ -z "$test" ] || [ "$test" = "no" ]; then
         setpriv --init-groups --reuid "$user" --regid "$user" -- mkdir -p "$dst_dir" >/dev/null 2>&1
-        setpriv --init-groups --reuid "$user" --regid "$user" -- tar -xf "$src_file" -C "$dst_dir" --no-wildcards "$selected_dir" >/dev/null 2>&1
+        setpriv --init-groups --reuid "$user" --regid "$user" -- tar -xf "$src_file" -C "$dst_dir" --no-wildcards "$selected_dir" $tar_strip_level >/dev/null 2>&1
         rc=$?
     else
         setpriv --init-groups --reuid "$user" --regid "$user" -- tar -tf "$src_file" --no-wildcards "$selected_dir" >/dev/null 2>&1

bin/v-run-cli-cmd

@@ -0,0 +1,76 @@
+#!/bin/bash
+# info: run cli command
+# options: USER FILE
+#
+# The function runs a limited list of cli commands with dropped privileges as the specific hestia user
+
+user=$1
+clicmd=$2
+
+# Includes
+source $HESTIA/func/main.sh
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER CMD [ARGS]'
+is_format_valid 'user'
+is_object_valid 'user' 'USER' "$user"
+
+# Checking user homedir
+homedir=$(grep "^$user:" /etc/passwd | cut -f 6 -d :)
+if [ -z $homedir ]; then
+    check_result $E_NOTEXIST "Error: user home directory doesn't exist"
+fi
+
+if [ "$clicmd" = "composer" ]; then
+    realcmd="$homedir/.composer/composer"
+else
+    realcmd="$(which "$clicmd")"
+    check_result $? "Unknown cli command" $E_NOTEXIST
+fi
+
+if [ ! -x "$realcmd" ]; then
+    check_result $E_NOTEXIST "Error: Cli command does not exist"
+fi
+
+if [ "$realcmd" != '/bin/ps'            -a \
+     "$realcmd" != '/bin/ls'            -a \
+     "$realcmd" != '/bin/tar'           -a \
+     "$realcmd" != '/bin/zip'           -a \
+     "$realcmd" != '/usr/bin/unzip'     -a \
+     "$realcmd" != '/bin/gzip'          -a \
+     "$realcmd" != '/bin/gunzip'        -a \
+     "$realcmd" != '/bin/mkdir'         -a \
+     "$realcmd" != '/usr/bin/find'      -a \
+     "$realcmd" != '/bin/grep'          -a \
+     "$realcmd" != '/bin/egrep'         -a \
+     "$realcmd" != '/bin/sed'           -a \
+     "$realcmd" != '/bin/cat'           -a \
+     "$realcmd" != '/usr/bin/php5.6'    -a \
+     "$realcmd" != '/usr/bin/php7.0'    -a \
+     "$realcmd" != '/usr/bin/php7.1'    -a \
+     "$realcmd" != '/usr/bin/php7.2'    -a \
+     "$realcmd" != '/usr/bin/php7.3'    -a \
+     "$realcmd" != '/usr/bin/php7.4'    -a \
+     "$realcmd" != '/usr/bin/php'       -a \
+     "$clicmd"  != 'composer' ]; then
+    check_result $E_FORBIDEN "Error: Cli command not enabled"
+fi
+
+all_scriptargs=("$@")
+for ((I=3; I <= $# ; I++)); do
+    cmdArgs="$cmdArgs ${all_scriptargs[${I}-1]}"
+done
+
+setpriv --init-groups --reuid "$user" --regid "$user" -- $realcmd $cmdArgs
+if [ $? -ne 0 ]; then 
+    echo "Error: cmd exited with errors"
+    exit 3
+fi
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit

install/deb/templates/web/nginx/php-fpm/opencart.stpl

@@ -37,6 +37,11 @@ server {
         rewrite ^/(.+)$ /index.php?_route_=$1 last;
     }
 
+    location /storage/ {
+        deny    all;
+        return  404;
+    }
+
     location /vstats/ {
         alias   %home%/%user%/web/%domain%/stats/;
         include %home%/%user%/web/%domain%/stats/auth.conf*;

install/deb/templates/web/nginx/php-fpm/opencart.tpl

@@ -31,6 +31,11 @@ server {
         rewrite ^/(.+)$ /index.php?_route_=$1 last;
     }
 
+    location /storage/ {
+        deny    all;
+        return  404;
+    }
+
     location /vstats/ {
         alias   %home%/%user%/web/%domain%/stats/;
         include %home%/%user%/web/%domain%/stats/auth.conf*;

web/add/webapp/index.php

@@ -0,0 +1,100 @@
+<?php
+ob_start();
+$TAB = 'WEB';
+
+// Main include
+include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
+require_once $_SERVER['DOCUMENT_ROOT']."/src/init.php";
+
+// Check domain argument
+if (empty($_GET['domain'])) {
+    header("Location: /list/web/");
+    exit;
+}
+
+// Edit as someone else?
+if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) {
+    $user=escapeshellarg($_GET['user']);
+}
+
+// Get all user domains 
+exec (HESTIA_CMD."v-list-web-domains ".escapeshellarg($user)." json", $output, $return_var);
+$user_domains = json_decode(implode('', $output), true);
+$user_domains = array_keys($user_domains);
+unset($output);
+
+// List domain
+$v_domain = $_GET['domain'];
+if(!in_array($v_domain, $user_domains)) {
+    header("Location: /list/web/");
+    exit;
+}
+
+$v_web_apps = [
+    [ 'name'=>'Wordpress', 'group'=>'cms', 'enabled'=>true, 'version'=>'5.2.4', 'thumbnail'=>'/images/webapps/wp-thumb.png' ],
+    [ 'name'=>'Drupal',    'group'=>'cms', 'enabled'=>false,'version'=>'latest', 'thumbnail'=>'/images/webapps/drupal-thumb.png' ],
+    [ 'name'=>'Joomla',    'group'=>'cms', 'enabled'=>false,'version'=>'latest', 'thumbnail'=>'/images/webapps/joomla-thumb.png' ],
+
+    [ 'name'=>'Opencart',   'group'=>'ecommerce', 'enabled'=>true,  'version'=>'3.0.3.2', 'thumbnail'=>'/images/webapps/opencart-thumb.png' ],
+    [ 'name'=>'Prestashop', 'group'=>'ecommerce', 'enabled'=>true, 'version'=>'1.7.6.1', 'thumbnail'=>'/images/webapps/prestashop-thumb.png' ],
+    [ 'name'=>'Magento',    'group'=>'ecommerce', 'enabled'=>false, 'version'=>'latest', 'thumbnail'=>'/images/webapps/magento-thumb.png' ],
+
+    [ 'name'=>'Laravel', 'group'=>'starter', 'enabled'=>true, 'version'=>'6.x', 'thumbnail'=>'/images/webapps/laravel-thumb.png' ],
+    [ 'name'=>'Symfony', 'group'=>'starter', 'enabled'=>true, 'version'=>'4.3.x', 'thumbnail'=>'/images/webapps/symfony-thumb.png' ],
+];
+
+// Check GET request
+if (!empty($_GET['app'])) {
+    $app = basename($_GET['app']);
+    
+    try {
+        $hestia = new \Hestia\System\HestiaApp();
+        $app_installer_class = '\Hestia\WebApp\Installers\\' . $app . 'Setup';
+        $app_installer = new $app_installer_class($v_domain, $hestia);
+        $installer = new \Hestia\WebApp\AppWizard($app_installer, $v_domain, $hestia);
+    } catch (Exception $e) {
+        $_SESSION['error_msg'] = $e->getMessage();
+        header('Location: /add/webapp/?domain=' . $v_domain);
+        exit();
+    }
+    $GLOBALS['WebappInstaller'] = $installer;
+}
+
+// Check POST request
+if (!empty($_POST['ok']) && !empty($app) ) {
+
+    // Check token
+    if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) {
+        header('location: /login/');
+        exit();
+    }
+
+    if ($installer) {
+        try{
+            if (!$installer->execute($_POST)){
+                $result = $installer->getStatus();
+                if(!empty($result))
+                    $_SESSION['error_msg'] = implode(PHP_EOL, $result);
+            } else {
+                $_SESSION['ok_msg'] = htmlspecialchars($app) . " App was installed succesfully !";
+                header('Location: /add/webapp/?domain=' . $v_domain);
+                exit();
+            }
+        } catch (Exception $e) {
+           $_SESSION['error_msg'] = $e->getMessage();
+           header('Location: /add/webapp/?app='.rawurlencode($app).'&domain=' . $v_domain);
+           exit();
+        }
+    }
+}
+
+if(!empty($installer)) {
+    render_page($user, $TAB, 'setup_webapp');
+} else {
+    render_page($user, $TAB, 'add_webapp');
+}
+
+
+// Flush session messages
+unset($_SESSION['error_msg']);
+unset($_SESSION['ok_msg']);

web/css/styles.min.css

@@ -1114,6 +1114,83 @@ form#vstobjects .alert {
   width: 380px;
 }
 
+.app-list.cards {
+  xdisplay: flex;
+  xflex-wrap: wrap;
+  align-content: center;
+  margin-bottom: 10rem;
+
+}
+
+
+.card {
+  float:left;
+  overflow: hidden;
+  background-color: #f5f5f5;
+  border:1px solid #e6e6e6;
+  box-sizing: border-box;
+  width:200px;
+  min-height:260px;
+  margin-top:3em;
+  margin-right:3em;
+  box-shadow: 0px 0px 3px rgba(0,0,0,0.1);
+  color: #353535;
+
+}
+
+.card.disable {
+  color: #b6b6b6;
+}
+
+.card.disable .card-thumb {
+  filter: grayscale(100%);
+  opacity: 0.3;
+}
+
+.card:nth-child(4n+1) {
+  clear:left;
+}
+.card:nth-child(4n) {
+  margin-right:0;
+}
+
+.card .card-details {
+  font-size: 0.8rem;
+  padding: 0.5em 0.8em;
+  border-top: 1px solid #e6e6e6;
+  text-align: center;
+
+}
+.card .card-details p {
+  margin: 0 0 0.3em 0;
+  font-size: 1em;
+  text-align: left;
+}
+
+.card p.card-title {
+  font-size: 1.2em;
+  font-weight: 500;
+}
+
+.card .card-thumb {
+  background-color: #fff;
+  display: block;
+  height: 180px;
+  width: 200px;
+  text-align: center;
+}
+.card .card-thumb img {
+  max-height: 180px;
+  max-width: 200px;
+  height: auto;
+  width: auto;
+
+}
+
+.card button {
+  margin:0.3em;
+}
+
 .l-stat {
   margin: 34px auto;
   position: fixed;