feat: implement mail-login directadmin plugin

This commit is contained in:
Marek Miklewicz
2026-06-30 11:31:19 +02:00
parent f6506e3293
commit 77c5431db0
34 changed files with 1620 additions and 0 deletions
+59
View File
@@ -0,0 +1,59 @@
<?php
declare(strict_types=1);
return static function (): void {
if (Http::method() !== 'GET') {
Http::errorPage('Niedozwolona metoda żądania.', 405);
}
$settings = Settings::load(Settings::EXTERNAL_SETTINGS);
$ctx = DirectAdminContext::fromServer($_SERVER, $settings);
SourceAuthorizer::assertAllowed($ctx->sourceHost(), $settings);
$auditBase = [
'request_id' => bin2hex(random_bytes(8)),
'source_host' => $ctx->sourceHost(),
'server_name' => $ctx->serverName(),
'target_host' => $settings->targetBaseUrl(),
'username' => $ctx->username(),
'ttl' => $settings->loginKeyTtl(),
'user_ip_bound' => $settings->userIpBound() ? 1 : 0,
];
$clientIp = ClientIp::resolve($_SERVER, $settings);
$auditBase['client_ip'] = $clientIp;
$correlation = KeyName::build($ctx->serverName(), $ctx->username(), time());
$auditBase['correlation'] = $correlation;
$limiter = new RateLimiter(Settings::STATE_DIR . '/rate-limit');
$limiter->assertAllowed('user-' . $ctx->username(), $settings->rateLimitPerUserPerMinute(), 60);
$limiter->assertAllowed('ip-' . str_replace([':', '.'], '-', $clientIp), $settings->rateLimitPerIpPerMinute(), 60);
$redirectPath = UrlValidator::assertSafeRedirectPath($settings->redirectUrl());
$request = new LoginUrlRequest(
$ctx->username(),
$ctx->sourceHost(),
$ctx->serverName(),
$settings->loginKeyTtl(),
$settings->userIpBound(),
$clientIp,
$redirectPath
);
try {
$url = (new RemoteLoginUrlClient())->create($settings, $request);
AuditLog::append(Settings::AUDIT_LOG, $auditBase + [
'event' => 'create_login_url',
'result' => 'success',
]);
Http::redirectNoStore($url);
} catch (Throwable $e) {
AuditLog::append(Settings::AUDIT_LOG, $auditBase + [
'event' => 'create_login_url',
'result' => 'failure',
'category' => get_class($e),
'message' => $e->getMessage(),
]);
Http::errorPage('Nie można teraz zalogować do serwera poczty.', 502);
}
};