fix: harden backend synchronization
This commit is contained in:
@@ -50,6 +50,23 @@ function attach_rule_scope(AppContext $ctx, array $rule): array
|
||||
return $rule;
|
||||
}
|
||||
|
||||
/** @param array<string,mixed> $rule */
|
||||
function enforce_rule_backend_constraints(AppContext $ctx, ?string $currentId, array $rule): void
|
||||
{
|
||||
if ($ctx->settings->backendMode() !== 'da' || empty($rule['enabled'])) {
|
||||
return;
|
||||
}
|
||||
foreach ($ctx->rules->all($ctx->daUser->username()) as $existing) {
|
||||
if (empty($existing['enabled'])) {
|
||||
continue;
|
||||
}
|
||||
if ($currentId !== null && (string)($existing['id'] ?? '') === $currentId) {
|
||||
continue;
|
||||
}
|
||||
throw new RuntimeException($ctx->t('DirectAdmin backend supports only one enabled global rule.'));
|
||||
}
|
||||
}
|
||||
|
||||
function render_calendar_picker(AppContext $ctx, string $name, string $title, string $value): string
|
||||
{
|
||||
$mode = $ctx->settings->scheduleMode();
|
||||
@@ -79,15 +96,24 @@ function render_calendar_picker(AppContext $ctx, string $name, string $title, st
|
||||
'</select>';
|
||||
}
|
||||
return '<div class="panel"><h3>' . AppContext::e($title) . '</h3><div class="br-restore-layout"><div class="br-restore-calendar" data-calendar-picker data-schedule-mode="' . AppContext::e($mode) . '" data-calendar-name="' . AppContext::e($name) . '" data-visible-month="' . AppContext::e($visibleMonth) . '" data-selected-date="' . AppContext::e($selectedDate) . '"><h4>' . AppContext::e($title) . '</h4><div class="br-month-nav"><button type="button" class="br-month-btn" data-calendar-prev>‹</button><span class="br-month-label" data-calendar-month-label>' . AppContext::e($monthLabel) . '</span><button type="button" class="br-month-btn" data-calendar-next>›</button></div>' .
|
||||
'<table class="br-calendar-grid"><thead><tr><th>Pn</th><th>Wt</th><th>Śr</th><th>Cz</th><th>Pt</th><th>Sb</th><th>Nd</th></tr></thead><tbody data-calendar-days>' . $days . '</tbody></table>' .
|
||||
'<div class="br-date-label" id="' . AppContext::e($name . '_label') . '">Wybrano: ' . AppContext::e($selectedDate) . '</div><input type="hidden" id="' . AppContext::e($name . '_date') . '" name="' . AppContext::e($name . '_date') . '" value="' . AppContext::e($selectedDate) . '"></div>' .
|
||||
'<table class="br-calendar-grid"><thead><tr>' . render_weekday_headers($ctx) . '</tr></thead><tbody data-calendar-days>' . $days . '</tbody></table>' .
|
||||
'<div class="br-date-label" id="' . AppContext::e($name . '_label') . '">' . AppContext::e($ctx->t('Selected')) . ': ' . AppContext::e($selectedDate) . '</div><input type="hidden" id="' . AppContext::e($name . '_date') . '" name="' . AppContext::e($name . '_date') . '" value="' . AppContext::e($selectedDate) . '"></div>' .
|
||||
'<div class="br-restore-calendar"><h4>' . AppContext::e($ctx->t('Time')) . '</h4>' . $timeControl . '</div></div>' .
|
||||
'<input type="hidden" id="' . AppContext::e($name) . '" name="' . AppContext::e($name) . '" value="' . AppContext::e($value) . '" data-canonical-value="' . AppContext::e($name) . '"></div>';
|
||||
}
|
||||
|
||||
function render_preview_box(array $rule): string
|
||||
function render_preview_box(AppContext $ctx, array $rule): string
|
||||
{
|
||||
return '<div class="preview-box"><div><strong>Temat:</strong> ' . AppContext::e((string)$rule['subject']) . '</div><br><div>' . nl2br(AppContext::e((string)$rule['body'])) . '</div></div>';
|
||||
return '<div class="preview-box"><div><strong>' . AppContext::e($ctx->t('Subject')) . ':</strong> ' . AppContext::e((string)$rule['subject']) . '</div><br><div>' . nl2br(AppContext::e((string)$rule['body'])) . '</div></div>';
|
||||
}
|
||||
|
||||
function render_weekday_headers(AppContext $ctx): string
|
||||
{
|
||||
$html = '';
|
||||
foreach (['Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat', 'Sun'] as $day) {
|
||||
$html .= '<th>' . AppContext::e($ctx->t($day)) . '</th>';
|
||||
}
|
||||
return $html;
|
||||
}
|
||||
|
||||
function render_calendar_days(string $name, string $selectedDate, DateTimeImmutable $monthStart): string
|
||||
|
||||
@@ -8,8 +8,14 @@ return static function (AppContext $ctx): void {
|
||||
$ctx->requireCsrf('create');
|
||||
$input = normalize_rule_post($_POST);
|
||||
$rule = attach_rule_scope($ctx, RuleValidator::validate($input, $ctx->settings));
|
||||
$ctx->rules->create($ctx->daUser->username(), $rule);
|
||||
$ctx->syncActiveBackend();
|
||||
enforce_rule_backend_constraints($ctx, null, $rule);
|
||||
$created = $ctx->rules->create($ctx->daUser->username(), $rule);
|
||||
try {
|
||||
$ctx->syncActiveBackend();
|
||||
} catch (Throwable $syncError) {
|
||||
$ctx->rules->delete($ctx->daUser->username(), (string)$created['id']);
|
||||
throw $syncError;
|
||||
}
|
||||
Http::redirect($ctx->url('index.html', ['status' => 'created']));
|
||||
} catch (Throwable $e) {
|
||||
$errors[] = $e->getMessage();
|
||||
|
||||
@@ -20,7 +20,7 @@ return static function (AppContext $ctx): void {
|
||||
return;
|
||||
}
|
||||
}
|
||||
$body = '<div class="grid grid-2"><div class="panel"><h3>' . AppContext::e($ctx->t('Preview autoresponder')) . '</h3>' . render_preview_box($rule) . '</div>' .
|
||||
$body = '<div class="grid grid-2"><div class="panel"><h3>' . AppContext::e($ctx->t('Preview autoresponder')) . '</h3>' . render_preview_box($ctx, $rule) . '</div>' .
|
||||
'<div class="panel"><h3>' . AppContext::e($ctx->t('Confirm deletion')) . '</h3><div class="alert alert-err">' . AppContext::e($ctx->t('Deleting this rule will disable the automatic reply created by this rule for covered mailboxes.')) . '</div>' .
|
||||
'<form method="post" action="' . AppContext::e($ctx->url('delete.html')) . '">' . $ctx->csrfField('delete:' . $id) . '<input type="hidden" name="id" value="' . AppContext::e($id) . '">' .
|
||||
'<div class="actions"><button class="danger-fill" type="submit">' . AppContext::e($ctx->t('Delete autoresponder')) . '</button><a class="btn" href="' . AppContext::e($ctx->url('index.html')) . '">' . AppContext::e($ctx->t('Do not delete')) . '</a></div></form></div></div>';
|
||||
|
||||
@@ -8,7 +8,7 @@ return static function (AppContext $ctx): void {
|
||||
$ctx->render('Preview autoresponder', '<div class="alert alert-err">' . AppContext::e($ctx->t('Rule not found')) . '</div>');
|
||||
return;
|
||||
}
|
||||
$body = '<div class="grid grid-2"><div class="panel"><h3>' . AppContext::e($ctx->t('Preview autoresponder')) . '</h3>' . render_preview_box($rule) . '</div>' .
|
||||
$body = '<div class="grid grid-2"><div class="panel"><h3>' . AppContext::e($ctx->t('Preview autoresponder')) . '</h3>' . render_preview_box($ctx, $rule) . '</div>' .
|
||||
'<div class="panel"><h3>' . AppContext::e($ctx->t('Rule details')) . '</h3><div class="summary-card"><div class="kv"><strong>' . AppContext::e($ctx->t('Status')) . '</strong><span>' . AppContext::e($ctx->t(!empty($rule['enabled']) ? 'Enabled' : 'Disabled')) . '</span></div>' .
|
||||
'<div class="kv"><strong>' . AppContext::e($ctx->t('Sending period')) . '</strong><span>' . AppContext::e(date('Y-m-d H:i', (int)$rule['start_ts']) . ' - ' . date('Y-m-d H:i', (int)$rule['end_ts'])) . '</span></div></div>' .
|
||||
'<div class="actions"><a class="btn" href="' . AppContext::e($ctx->url('update.html', ['id' => $id])) . '">' . AppContext::e($ctx->t('Edit')) . '</a><a class="btn danger" href="' . AppContext::e($ctx->url('delete.html', ['id' => $id])) . '">' . AppContext::e($ctx->t('Delete')) . '</a><a class="btn" href="' . AppContext::e($ctx->url('index.html')) . '">' . AppContext::e($ctx->t('Back')) . '</a></div></div></div>';
|
||||
|
||||
@@ -9,7 +9,9 @@ return static function (AppContext $ctx): void {
|
||||
if ($rule === null) {
|
||||
throw new RuntimeException($ctx->t('Rule not found'));
|
||||
}
|
||||
$ctx->rules->update($ctx->daUser->username(), $id, ['enabled' => empty($rule['enabled'])]);
|
||||
$next = ['enabled' => empty($rule['enabled'])];
|
||||
enforce_rule_backend_constraints($ctx, $id, $next);
|
||||
$ctx->rules->update($ctx->daUser->username(), $id, $next);
|
||||
$ctx->syncActiveBackend();
|
||||
Http::redirect($ctx->url('index.html', ['status' => 'toggled']));
|
||||
};
|
||||
|
||||
@@ -14,6 +14,7 @@ return static function (AppContext $ctx): void {
|
||||
$ctx->requireCsrf('update:' . $id);
|
||||
$input = normalize_rule_post($_POST);
|
||||
$patch = attach_rule_scope($ctx, RuleValidator::validate($input, $ctx->settings));
|
||||
enforce_rule_backend_constraints($ctx, $id, $patch);
|
||||
$ctx->rules->update($ctx->daUser->username(), $id, $patch);
|
||||
$ctx->syncActiveBackend();
|
||||
Http::redirect($ctx->url('index.html', ['status' => 'updated']));
|
||||
|
||||
@@ -101,7 +101,7 @@ final class AppContext
|
||||
echo '<header><h1>' . self::e($this->t($title)) . '</h1><p>' . self::e($this->t('Manage automatic replies for account mailboxes')) . '</p></header>';
|
||||
echo '<div class="top-actions"><a class="btn amber' . ($this->action() === 'index' ? ' active' : '') . '" href="' . self::e($this->url('index.html')) . '">' . self::e($this->t('AUTORESPONDERS')) . '</a>';
|
||||
echo '<a class="btn amber' . ($this->action() === 'create' ? ' active' : '') . '" href="' . self::e($this->url('create.html')) . '">' . self::e($this->t('ADD AUTORESPONDER')) . '</a></div>';
|
||||
echo '<section class="main-section">' . $alerts . $this->lang->translateHtml($body) . '</section></div>';
|
||||
echo '<section class="main-section">' . $alerts . $body . '</section></div>';
|
||||
echo '<script>' . $this->scripts() . '</script></body></html>';
|
||||
}
|
||||
|
||||
|
||||
@@ -5,9 +5,11 @@ class DirectAdminVacationApi
|
||||
{
|
||||
/** @var callable|null */
|
||||
private $request;
|
||||
private string $daBinary = '/usr/local/bin/da';
|
||||
|
||||
public function __construct(private string $daBinary = '/usr/local/bin/da', ?callable $request = null)
|
||||
public function __construct(string $daBinary = '/usr/local/bin/da', ?callable $request = null)
|
||||
{
|
||||
$this->daBinary = $daBinary;
|
||||
$this->request = $request;
|
||||
}
|
||||
|
||||
@@ -47,6 +49,37 @@ class DirectAdminVacationApi
|
||||
$this->requestAsUser($owner, 'CMD_API_EMAIL_VACATION', $this->buildSavePayload($email, $rule, $exists));
|
||||
}
|
||||
|
||||
public function vacationExists(string $owner, string $email): bool
|
||||
{
|
||||
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
throw new InvalidArgumentException('Invalid mailbox email');
|
||||
}
|
||||
[$local, $domain] = explode('@', strtolower($email), 2);
|
||||
return in_array($local, $this->listVacations($owner, $domain), true);
|
||||
}
|
||||
|
||||
/** @return string[] */
|
||||
public function listVacations(string $owner, string $domain): array
|
||||
{
|
||||
if (!preg_match('/^[A-Za-z0-9.-]+$/', $domain)) {
|
||||
throw new InvalidArgumentException('Invalid domain');
|
||||
}
|
||||
$response = $this->requestAsUser($owner, 'CMD_API_EMAIL_VACATION', ['domain' => strtolower($domain)]);
|
||||
$users = [];
|
||||
foreach (explode('&', trim($response)) as $pair) {
|
||||
if ($pair === '' || !str_contains($pair, '=')) {
|
||||
continue;
|
||||
}
|
||||
[$key] = explode('=', $pair, 2);
|
||||
$local = strtolower(urldecode($key));
|
||||
if (preg_match('/^[A-Za-z0-9._+-]+$/', $local)) {
|
||||
$users[] = $local;
|
||||
}
|
||||
}
|
||||
sort($users);
|
||||
return array_values(array_unique($users));
|
||||
}
|
||||
|
||||
public function deleteVacation(string $owner, string $email): void
|
||||
{
|
||||
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
@@ -70,7 +103,7 @@ class DirectAdminVacationApi
|
||||
}
|
||||
|
||||
/** @param array<string,string> $payload */
|
||||
private function requestAsUser(string $owner, string $endpoint, array $payload): void
|
||||
private function requestAsUser(string $owner, string $endpoint, array $payload): string
|
||||
{
|
||||
if (!preg_match('/^[A-Za-z0-9._-]+$/', $owner)) {
|
||||
throw new InvalidArgumentException('Invalid DirectAdmin owner');
|
||||
@@ -80,7 +113,7 @@ class DirectAdminVacationApi
|
||||
if ($result === false) {
|
||||
throw new RuntimeException('DirectAdmin API request failed');
|
||||
}
|
||||
return;
|
||||
return (string)$result;
|
||||
}
|
||||
$baseUrl = $this->apiUrl($owner);
|
||||
$url = rtrim($baseUrl, '/') . '/' . $endpoint;
|
||||
@@ -90,7 +123,7 @@ class DirectAdminVacationApi
|
||||
$args[] = $key . '=' . $value;
|
||||
}
|
||||
$args[] = $url;
|
||||
$this->run($args, '');
|
||||
return $this->run($args, '');
|
||||
}
|
||||
|
||||
private function apiUrl(string $owner): string
|
||||
|
||||
@@ -49,7 +49,11 @@ final class DirectAdminVacationSyncService
|
||||
$next = [];
|
||||
foreach ($targets as $mailbox) {
|
||||
$email = strtolower((string)$mailbox['email']);
|
||||
$this->api->saveVacation($username, $email, $rule, isset($existing[$email]));
|
||||
$isTracked = isset($existing[$email]);
|
||||
if (!$isTracked && $this->api->vacationExists($username, $email)) {
|
||||
throw new RuntimeException('Untracked DirectAdmin vacation already exists for ' . $email);
|
||||
}
|
||||
$this->api->saveVacation($username, $email, $rule, $isTracked);
|
||||
$next[] = [
|
||||
'rule_id' => $ruleId,
|
||||
'domain' => (string)$mailbox['domain'],
|
||||
|
||||
Reference in New Issue
Block a user