feat: implement mail-login directadmin plugin
This commit is contained in:
@@ -0,0 +1,59 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
return static function (): void {
|
||||
if (Http::method() !== 'GET') {
|
||||
Http::errorPage('Niedozwolona metoda żądania.', 405);
|
||||
}
|
||||
|
||||
$settings = Settings::load(Settings::EXTERNAL_SETTINGS);
|
||||
$ctx = DirectAdminContext::fromServer($_SERVER, $settings);
|
||||
SourceAuthorizer::assertAllowed($ctx->sourceHost(), $settings);
|
||||
|
||||
$auditBase = [
|
||||
'request_id' => bin2hex(random_bytes(8)),
|
||||
'source_host' => $ctx->sourceHost(),
|
||||
'server_name' => $ctx->serverName(),
|
||||
'target_host' => $settings->targetBaseUrl(),
|
||||
'username' => $ctx->username(),
|
||||
'ttl' => $settings->loginKeyTtl(),
|
||||
'user_ip_bound' => $settings->userIpBound() ? 1 : 0,
|
||||
];
|
||||
|
||||
$clientIp = ClientIp::resolve($_SERVER, $settings);
|
||||
$auditBase['client_ip'] = $clientIp;
|
||||
$correlation = KeyName::build($ctx->serverName(), $ctx->username(), time());
|
||||
$auditBase['correlation'] = $correlation;
|
||||
|
||||
$limiter = new RateLimiter(Settings::STATE_DIR . '/rate-limit');
|
||||
$limiter->assertAllowed('user-' . $ctx->username(), $settings->rateLimitPerUserPerMinute(), 60);
|
||||
$limiter->assertAllowed('ip-' . str_replace([':', '.'], '-', $clientIp), $settings->rateLimitPerIpPerMinute(), 60);
|
||||
|
||||
$redirectPath = UrlValidator::assertSafeRedirectPath($settings->redirectUrl());
|
||||
$request = new LoginUrlRequest(
|
||||
$ctx->username(),
|
||||
$ctx->sourceHost(),
|
||||
$ctx->serverName(),
|
||||
$settings->loginKeyTtl(),
|
||||
$settings->userIpBound(),
|
||||
$clientIp,
|
||||
$redirectPath
|
||||
);
|
||||
|
||||
try {
|
||||
$url = (new RemoteLoginUrlClient())->create($settings, $request);
|
||||
AuditLog::append(Settings::AUDIT_LOG, $auditBase + [
|
||||
'event' => 'create_login_url',
|
||||
'result' => 'success',
|
||||
]);
|
||||
Http::redirectNoStore($url);
|
||||
} catch (Throwable $e) {
|
||||
AuditLog::append(Settings::AUDIT_LOG, $auditBase + [
|
||||
'event' => 'create_login_url',
|
||||
'result' => 'failure',
|
||||
'category' => get_class($e),
|
||||
'message' => $e->getMessage(),
|
||||
]);
|
||||
Http::errorPage('Nie można teraz zalogować do serwera poczty.', 502);
|
||||
}
|
||||
};
|
||||
Reference in New Issue
Block a user