Merge branch 'release-1.4.1' into stable

CHANGELOG.md

@@ -6,6 +6,14 @@
 
  - [S] release are always compared to the previous [S] release.
 
+## Version 1.4.1 (2016-05-18) [S]
+ - Switch to HTTP Basic Auth for the RCC API
+ - Store password as hash
+ - Require SSL for using the RCC and the RCC API
+ - [FIX] Drawer "Go back" does not work
+ - [FIX] Missing nodejs dependencies
+ - [FIX] Disqus not completly migrated to new config
+
 ## Version 1.4.0 (2016-05-07) [S]
 
  - Fix: Feeds contain no text

bin/init_rcc.php

@@ -23,8 +23,14 @@ if ($password == "") {
     exit();
 }
 
+$options = [
+    'cost' => 12
+];
+
+$password = password_hash($password, PASSWORD_BCRYPT, $options);
+
 $username = '$username = "' . $username . '";';
-$password = '$password = "' . $password . '";';
+$password = '$password = \'' . $password . '\';';
 
 $file = '<?php' . "\n" . $username . "\n" . $password . "\n";
 

index.php

@@ -214,7 +214,7 @@ if ($config["design"]["drawer"] == "on") {
             // If viewing a blog or a tag
             ?>
             <!-- Set a back item instead of the blogs. -->
-            <a class="nav-item" onclick="goBack()">Go back</a>
+            <a class="nav-item" onclick="history.go(-1);">Go back</a>
             <?php
         }
         if ($config["blog"]["home"] == "on") { // If a blog home is existend

package.json

@@ -1,6 +1,6 @@
 {
   "name": "rangitaki",
-  "version": "1.4.0",
+  "version": "1.4.1",
   "description": "A simple PHP blogging engine without any database dependencies",
   "main": "index.php",
   "scripts": {
@@ -21,6 +21,7 @@
   },
   "homepage": "https://gitlab.com/mmk2410/rangitaki#README",
   "devDependencies": {
+    "coffee-script": "^1.10.0",
     "del": "^2.2.0",
     "gulp": "^3.9.1",
     "gulp-coffee": "^2.3.2",
@@ -30,6 +31,7 @@
     "gulp-size": "^2.1.0",
     "gulp-sourcemaps": "^2.0.0-alpha",
     "gulp-uglify": "^1.5.3",
-    "merge-stream": "^1.0.0"
+    "merge-stream": "^1.0.0",
+    "node-sass": "^3.7.0"
   }
 }

rcc/api/auth/DigestAuth.php

@@ -1,52 +0,0 @@
-<?php
-/**
- * PHP Version 7
- *
- * Authentication Helper Class
- *
- * @category Authentication
- * @package  Rbe
- * @author   Marcel Kapfer (mmk2410) <marcelmichaelkapfer@yahoo.co.nz>
- * @license  MIT License
- * @link     http://marcel-kapfer.de/rangitaki
- */
-namespace mmk2410\rbe\digestAuth;
-
-/**
- * PHP Version 7
- *
- * Authentication Helper Class
- *
- * @category Authentication
- * @package  Rbe
- * @author   Marcel Kapfer (mmk2410) <marcelmichaelkapfer@yahoo.co.nz>
- * @license  MIT License
- * @link     http://marcel-kapfer.de/rangitaki
- */
-class DigestAuth
-{
-
-    /**
-     * parser for http digest
-     *
-     * @param $txt  data to parse
-     *
-     * @return parsed data or FALSE
-     */
-    public function httpDigestParse($txt)
-    {
-        // protect against missing data
-        $needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
-        $data = array();
-        $keys = implode('|', array_keys($needed_parts));
-
-        preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
-
-        foreach ($matches as $m) {
-            $data[$m[1]] = $m[3] ? $m[3] : $m[4];
-            unset($needed_parts[$m[1]]);
-        }
-
-        return $needed_parts ? false : $data;
-    }
-}

rcc/api/auth/auth.php

@@ -1,39 +1,22 @@
 <?php
 // Marcel Kapfer (mmk2410)
 // License: MIT License
-// api digest auth
+// HTTP Basic Auth for the API
 
-require 'DigestAuth.php';
+$basedir = "../../../";
+
+require '../../ssl.php';
 
 require '../../password.php';
 
-use \mmk2410\rbe\digestAuth\DigestAuth as DigestAuth;
-
-$realm = 'Restricted area';
-
-$users = array($username => $password);
-
-if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
+if (!isset($_SERVER['PHP_AUTH_USER'])) {
+    header('WWW-Authenticate: Basic realm="RCC API"');
     header('HTTP/1.1 401 Unauthorized');
-    header('WWW-Authenticate: Digest realm="'.$realm.
-           '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
-
-    die('Access to RCC API not granted');
-}
-
-
-// analyze the PHP_AUTH_DIGEST variable
-if (!($data = DigestAuth::httpDigestParse($_SERVER['PHP_AUTH_DIGEST'])) ||
-    !isset($users[$data['username']])) {
-    die('Wrong Credentials!');
-}
-
-
-// generate the valid response
-$A1 = md5($data['username'] . ':' . $realm . ':' . $users[$data['username']]);
-$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
-$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
-
-if ($data['response'] != $valid_response) {
-    die('Wrong Credentials!');
+    echo "Access denied to the RCC API!";
+    exit;
+} elseif ($_SERVER['PHP_AUTH_USER'] != $username ||
+    !password_verify($_SERVER['PHP_AUTH_PW'], $password)) {
+        header('HTTP/1.1 401 Unauthorized');
+    echo "Wrong credentials: Access denied!";
+    exit;
 }

rcc/api/list/index.php

@@ -9,13 +9,13 @@ use \Psr\Http\Message\ResponseInterface as Response;
 require '../../../vendor/autoload.php';
 require '../../../res/php/Config.php';
 
-include '../auth/auth.php';
-
 use \mmk2410\rbe\config\Config as Config;
 
 $config = new Config("../../../config.yaml", '../../../vendor/autoload.php');
 $settings = $config->getConfig();
 
+include '../auth/auth.php';
+
 if ($settings["rcc"]["api"] == "on" && $settings["rcc"]["rcc"] == "on") {
     $app = new \Slim\App();
 

rcc/api/media/index.php

@@ -10,13 +10,13 @@ require '../../../vendor/autoload.php';
 require '../../../res/php/Config.php';
 require '../../../res/php/ArticleGenerator.php';
 
-include '../auth/auth.php';
-
 use \mmk2410\rbe\config\Config as Config;
 
 $config = new Config("../../../config.yaml", '../../../vendor/autoload.php');
 $settings = $config->getConfig();
 
+include '../auth/auth.php';
+
 if ($settings["rcc"]["api"] == "on" && $settings["rcc"]["rcc"] == "on") {
     $app = new \Slim\App();
 

rcc/api/post/index.php

@@ -10,13 +10,13 @@ require '../../../vendor/autoload.php';
 require '../../../res/php/Config.php';
 require '../../../res/php/ArticleGenerator.php';
 
-include '../auth/auth.php';
-
 use \mmk2410\rbe\config\Config as Config;
 
 $config = new Config("../../../config.yaml", '../../../vendor/autoload.php');
 $settings = $config->getConfig();
 
+include '../auth/auth.php';
+
 if ($settings["rcc"]["api"] == "on" && $settings["rcc"]["rcc"] == "on") {
     $app = new \Slim\App();
 

rcc/index.php

@@ -32,6 +32,17 @@
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
  * THE SOFTWARE.
  */
+
+require '../vendor/autoload.php';
+require '../res/php/Config.php';
+
+use \mmk2410\rbe\config\Config as Config;
+
+$config = new Config("../config.yaml", '../vendor/autoload.php');
+$settings = $config->getConfig();
+
+include './ssl.php';
+
 ?>
 
 <!DOCTYPE html>
@@ -64,12 +75,7 @@
 
     <div class="main">
 <?php
-require '../res/php/Config.php';
-use mmk2410\rbe\config\Config as Config;
-
-$configParser = new Config('../config.yaml', '../vendor/autoload.php');
-
-$config = $configParser->getConfig();
+$config = $settings;
 
 if ($config["rcc"]["rcc"] == "on") {
     include 'password.php';

rcc/password.php

@@ -1,3 +1,3 @@
 <?php
-$username = "example";
-$password = "example";
+$username = "test";
+$password = '$2y$12$nHitKTwHqU4GmI3ADVE05eH/723fCNgdQ65kQ53FyZUVVB03BjfCO';

rcc/ssl.php

@@ -0,0 +1,11 @@
+<?php
+// Marcel Kapfer (mmk2410) / Wilson O'Sullivan
+// License: MIT License
+// SSL Verification
+
+if ($settings["rcc"]["debug"] != "on") {
+    if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") {
+        header('HTTP/1.1 400 Bad Request');
+        exit();
+    }
+}

res/js/app.js

@@ -1 +1 @@
-(function(){var n,t,a,e,r,i;r=function(){var e,r;return e=!1,$(".fabmenu").click(function(){return e?(a(),e=!1):(t(),e=!0)}),r=!1,$(".nav-img, .overlay, .nav-close").click(function(){return r?(n(),r=!1):(i(),r=!0)}),$(document).keyup(function(t){return r&&27===t.which?(n(),r=!1):r||77!==t.which?void 0:(i(),r=!0)}),$(".articletext a").attr("target","_blank")},$(document).ready(r),e=function(){return history.go(-1)},t=function(){return $(".subfab").fadeIn(125),$(".fab-img").fadeOut(60,function(){return $(".fab-img").attr("src","./res/img/close.svg"),$(".fab-img").fadeIn(60)})},a=function(){return $(".subfab").fadeOut(125),$(".fab-img").fadeOut(60,function(){return $(".fab-img").attr("src","./res/img/share.svg"),$(".fab-img").fadeIn(60)})},i=function(){return $(".nav").animate({left:"0px"},125),$(".overlay").show(),$(".overlay").animate({opacity:"0.4"},125)},n=function(){return $(".nav").animate({left:"-301px"},125),$(".overlay").animate({opacity:"0.0"},125,function(){return $(".overlay").hide})}}).call(this);
+(function(){var n,t,a,e,r;e=function(){var e,i;return e=!1,$(".fabmenu").click(function(){return e?(a(),e=!1):(t(),e=!0)}),i=!1,$(".nav-img, .overlay, .nav-close").click(function(){return i?(n(),i=!1):(r(),i=!0)}),$(document).keyup(function(t){return i&&27===t.which?(n(),i=!1):i||77!==t.which?void 0:(r(),i=!0)}),$(".articletext a").attr("target","_blank")},$(document).ready(e),t=function(){return $(".subfab").fadeIn(125),$(".fab-img").fadeOut(60,function(){return $(".fab-img").attr("src","./res/img/close.svg"),$(".fab-img").fadeIn(60)})},a=function(){return $(".subfab").fadeOut(125),$(".fab-img").fadeOut(60,function(){return $(".fab-img").attr("src","./res/img/share.svg"),$(".fab-img").fadeIn(60)})},r=function(){return $(".nav").animate({left:"0px"},125),$(".overlay").show(),$(".overlay").animate({opacity:"0.4"},125)},n=function(){return $(".nav").animate({left:"-301px"},125),$(".overlay").animate({opacity:"0.0"},125,function(){return $(".overlay").hide})}}).call(this);

res/php/Disqus.php

@@ -22,7 +22,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 -->
 
-<?php if ($blogdisqus) { // check if disqus is enabled ?>
+<?php if ($config['blog']['disqus']) { // check if disqus is enabled ?>
     <section class="card">
         <div id="disqus_thread"></div>
         <script type="text/javascript">

src/coffee/app.coffee

@@ -64,9 +64,6 @@ main = () ->
 
 $(document).ready main
 
-goBack = () ->
-  history.go -1
-
 fabFadeIn = () ->
   $('.subfab').fadeIn 125
   $('.fab-img').fadeOut 60, ->
@@ -88,4 +85,3 @@ closeNav = () ->
   $('.nav').animate {"left": "-301px"}, 125
   $('.overlay').animate {"opacity": "0.0"}, 125, ->
     $('.overlay').hide
-

update-scripts/1-4-0_1-4-1.sh

@@ -0,0 +1,70 @@
+#!/bin/bash
+# Update script for Rangitaki from version 1.4.0 to 1.4.1
+
+version="1.4.1"
+new="./rbe-new"
+
+echo -n "Downloading version $version from GitLab... "
+git clone -q https://gitlab.com/mmk2410/rangitaki.git "$new"
+
+if [[ $1 == "--debug" ]]; then
+    cd $new
+    git checkout master
+    cd ../
+fi
+echo "done"
+
+echo -n "Updating ressources... "
+rm -rf ./res/
+mv $new/res/ ./
+echo "done"
+
+echo -n "Updating binaries... "
+rm -rf ./bin
+mv $new/bin/ ./
+echo "done"
+
+echo -n "Updating source files... "
+rm -rf ./src
+mv $new/src/ ./
+echo "done"
+
+echo -n "Updating RCC... "
+rm -rf ./rcc
+mv $new/rcc ./
+rm ./rcc/password.php
+echo "done"
+
+echo -n "Updating core... "
+rm ./index.php
+mv $new/index.php ./
+echo "done"
+
+echo -n "Updating npm... "
+mv $new/package.json ./
+echo "done"
+
+echo -n "Updating Changelog... "
+
+if [ -f ./CHANGELOG.txt ]; then
+    rm CHANGELOG.txt
+fi
+
+mv $new/CHANGELOG.md ./
+echo "done"
+
+if [[  $1 != "--debug" ]]; then
+    echo -n "Cleaning up... "
+    rm -rf $new
+    echo "done"
+fi
+
+if [ -d "./update-scripts" ]; then
+    echo -n "Remove obsolete update scripts folder... "
+    rm -rf "./update-scripts"
+    echo "done"
+fi
+
+echo "$version" > ./VERSION
+
+echo "Your Rangitaki installation is updated to version $version"