Adjust API allowed IP check during upgrades

Kristan Kenney · Kristan Kenney · commit 60353c1a0020 · 2021-03-28T15:55:48.000-03:00
Ensures empty key value is respected
diff --git a/func/upgrade.sh b/func/upgrade.sh
@@ -144,16 +144,22 @@ upgrade_health_check() {
         $BIN/v-change-sys-config-value "INACTIVE_SESSION_TIMEOUT" "60"
     fi
 
-    # Enforce Subdomain ownership
+    # Enforce subdomain ownership
     if [ -z "$ENFORCE_SUBDOMAIN_OWNERSHIP" ]; then
         echo "[ ! ] Adding missing variable to hestia.conf: ENFORCE_SUBDOMAIN_OWNERSHIP ('yes')"
         $BIN/v-change-sys-config-value "ENFORCE_SUBDOMAIN_OWNERSHIP" "yes"
-    fi    
-    # API Allowed IP
-    if [ -z "$API_ALLOWED_IP" ]; then
-        echo "[ ! ] Adding missing variable to hestia.conf: API_ALLOWED_IP ('allow-all')"        
-        $BIN/v-change-sys-config-value "API_ALLOWED_IP" "allow-all"
-    fi  
+    fi
+
+    # API access allowed IP's
+    if [ "$API" = "yes" ]; then
+        check_api_key=$(grep "API_ALLOWED_IP" $HESTIA/conf/hestia.conf)
+        if [ -z "$check_api_key" ]; then
+            if [ -z "$API_ALLOWED_IP" ]; then
+                echo "[ ! ] Adding missing variable to hestia.conf: API_ALLOWED_IP ('allow-all')"        
+                $BIN/v-change-sys-config-value "API_ALLOWED_IP" "allow-all"
+            fi
+        fi
+    fi
     
     echo "[ * ] Health check complete. Starting upgrade from $VERSION to $new_version..."
     echo "============================================================================="
@@ -674,13 +680,6 @@ upgrade_rainloop(){
     fi
 }
 
-disable_api(){
-    if [ "$API" = "no" ]; then
-        echo "[ ! ] Disable Api..."
-        sed -i 's|//die("Error: Disabled");|die("Error: Disabled");|g' $HESTIA/web/api/index.php
-        $HESTIA/bin/v-change-sys-config-value "API_ALLOWED_IP" ""
-    fi
-}
 upgrade_rebuild_web_templates() {
     if [ "$UPGRADE_UPDATE_WEB_TEMPLATES" = "true" ]; then
         echo "[ ! ] Updating default web domain templates..."
diff --git a/install/upgrade/versions/1.4.0.sh b/install/upgrade/versions/1.4.0.sh
@@ -105,21 +105,3 @@ if [ -f /etc/apt/sources.list.d/postgresql.list ]; then
     echo "[ * ] Updating PostgreSQL repository..."
     sed -i 's|deb https://apt.postgresql.org/pub/repos/apt/|deb [arch=amd64] https://apt.postgresql.org/pub/repos/apt/|g' /etc/apt/sources.list.d/postgresql.list
 fi
-
-# New configuration value for enforcing subdomain ownership
-check=$(cat $HESTIA/conf/hestia.conf | grep 'ENFORCE_SUBDOMAIN_OWNERSHIP');
-if [ -z "$check" ]; then 
-    echo "[ * ] Setting ENFORCE_SUBDOMAIN_OWNERSHIP to no..."
-    echo "ENFORCE_SUBDOMAIN_OWNERSHIP='no'" >> $HESTIA/conf/hestia.conf
-fi
-
-# New API feature to set allowed IPs
-if [ "$api" = "yes" ]; then
-    check=$(cat $HESTIA/conf/hestia.conf | grep 'API_ALLOWED_IP');
-    if [ -z "$check" ]; then 
-        echo "[ * ] Setting API_ALLOWED_IP to allow-all..."
-        echo "API_ALLOWED_IP='allow-all'" >> $HESTIA/conf/hestia.conf
-    fi
-else
-    $HESTIA/bin/v-change-sys-api disable
-fi
diff --git a/src/deb/hestia/postinst b/src/deb/hestia/postinst
@@ -72,8 +72,6 @@ upgrade_roundcube | tee -a $LOG
 # Upgrade Rainloop if applicable
 upgrade_rainloop | tee -a $LOG
 
-# Check disabled API
-disable_api | tee -a $LOG
 # Set new version number in hestia.conf
 upgrade_set_version $new_version
 
