Skip to content

Commit 60353c1

Browse files
author
Kristan Kenney
committed
Adjust API allowed IP check during upgrades
Ensures empty key value is respected
1 parent e7d3b79 commit 60353c1

3 files changed

Lines changed: 13 additions & 34 deletions

File tree

func/upgrade.sh

Lines changed: 13 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -144,16 +144,22 @@ upgrade_health_check() {
144144
$BIN/v-change-sys-config-value "INACTIVE_SESSION_TIMEOUT" "60"
145145
fi
146146

147-
# Enforce Subdomain ownership
147+
# Enforce subdomain ownership
148148
if [ -z "$ENFORCE_SUBDOMAIN_OWNERSHIP" ]; then
149149
echo "[ ! ] Adding missing variable to hestia.conf: ENFORCE_SUBDOMAIN_OWNERSHIP ('yes')"
150150
$BIN/v-change-sys-config-value "ENFORCE_SUBDOMAIN_OWNERSHIP" "yes"
151-
fi
152-
# API Allowed IP
153-
if [ -z "$API_ALLOWED_IP" ]; then
154-
echo "[ ! ] Adding missing variable to hestia.conf: API_ALLOWED_IP ('allow-all')"
155-
$BIN/v-change-sys-config-value "API_ALLOWED_IP" "allow-all"
156-
fi
151+
fi
152+
153+
# API access allowed IP's
154+
if [ "$API" = "yes" ]; then
155+
check_api_key=$(grep "API_ALLOWED_IP" $HESTIA/conf/hestia.conf)
156+
if [ -z "$check_api_key" ]; then
157+
if [ -z "$API_ALLOWED_IP" ]; then
158+
echo "[ ! ] Adding missing variable to hestia.conf: API_ALLOWED_IP ('allow-all')"
159+
$BIN/v-change-sys-config-value "API_ALLOWED_IP" "allow-all"
160+
fi
161+
fi
162+
fi
157163

158164
echo "[ * ] Health check complete. Starting upgrade from $VERSION to $new_version..."
159165
echo "============================================================================="
@@ -674,13 +680,6 @@ upgrade_rainloop(){
674680
fi
675681
}
676682

677-
disable_api(){
678-
if [ "$API" = "no" ]; then
679-
echo "[ ! ] Disable Api..."
680-
sed -i 's|//die("Error: Disabled");|die("Error: Disabled");|g' $HESTIA/web/api/index.php
681-
$HESTIA/bin/v-change-sys-config-value "API_ALLOWED_IP" ""
682-
fi
683-
}
684683
upgrade_rebuild_web_templates() {
685684
if [ "$UPGRADE_UPDATE_WEB_TEMPLATES" = "true" ]; then
686685
echo "[ ! ] Updating default web domain templates..."

install/upgrade/versions/1.4.0.sh

Lines changed: 0 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -105,21 +105,3 @@ if [ -f /etc/apt/sources.list.d/postgresql.list ]; then
105105
echo "[ * ] Updating PostgreSQL repository..."
106106
sed -i 's|deb https://apt.postgresql.org/pub/repos/apt/|deb [arch=amd64] https://apt.postgresql.org/pub/repos/apt/|g' /etc/apt/sources.list.d/postgresql.list
107107
fi
108-
109-
# New configuration value for enforcing subdomain ownership
110-
check=$(cat $HESTIA/conf/hestia.conf | grep 'ENFORCE_SUBDOMAIN_OWNERSHIP');
111-
if [ -z "$check" ]; then
112-
echo "[ * ] Setting ENFORCE_SUBDOMAIN_OWNERSHIP to no..."
113-
echo "ENFORCE_SUBDOMAIN_OWNERSHIP='no'" >> $HESTIA/conf/hestia.conf
114-
fi
115-
116-
# New API feature to set allowed IPs
117-
if [ "$api" = "yes" ]; then
118-
check=$(cat $HESTIA/conf/hestia.conf | grep 'API_ALLOWED_IP');
119-
if [ -z "$check" ]; then
120-
echo "[ * ] Setting API_ALLOWED_IP to allow-all..."
121-
echo "API_ALLOWED_IP='allow-all'" >> $HESTIA/conf/hestia.conf
122-
fi
123-
else
124-
$HESTIA/bin/v-change-sys-api disable
125-
fi

src/deb/hestia/postinst

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -72,8 +72,6 @@ upgrade_roundcube | tee -a $LOG
7272
# Upgrade Rainloop if applicable
7373
upgrade_rainloop | tee -a $LOG
7474

75-
# Check disabled API
76-
disable_api | tee -a $LOG
7775
# Set new version number in hestia.conf
7876
upgrade_set_version $new_version
7977

0 commit comments

Comments
 (0)