Skip to content

Commit

Permalink
beta --> master - Update functionality (#2)
Browse files Browse the repository at this point in the history
Merged from base to master PR
  • Loading branch information
roenw authored May 28, 2019
1 parent f8672cf commit a34f247
Show file tree
Hide file tree
Showing 6 changed files with 235 additions and 34 deletions.
36 changes: 9 additions & 27 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,40 +32,24 @@ Prerequisites

Install
------
Check out [v1.2b](https://github.com/roenw/PiPass/blob/beta/README.md#Install) as it includes an automated install script! If you still wish to install v1.1, you may by expanding the details.
**NOTE:** Versions 1.2/1.2b and below are now deprecated due to not having automatic update checking functionality. Please update immediately by removing your current installation and following this much simpler setup guide.

<details>
Installing PiPass is straightforward and simple. It should take about 10-15 minutes. All it requires is a small change to your Pi-Hole's permissions, moving around some files, filling out a configuration file, and changing some settings with your webserver.
1. We'll get the most difficult stuff out of the way first. Use ``sudo visudo`` to edit your ``/etc/sudoers`` file. We will use this to give PHP permission to make changes to the whitelist. Add the following line to the _bottom_ of the file. Substitute ``USER_RUNNING_PHP`` in the file with the user that is running PHP on your system.

``USER_RUNNING_PHP ALL=(ALL) NOPASSWD: /usr/local/bin/pihole -w *, /usr/local/bin/pihole -w -d *``
> The /etc/sudoers file is a critical file to the security of your Linux installation. Adding anything other than what is above can expose your system to security threats.
2. Next, we have to tell our webserver to point all 404 erros to the homepage. It's not ideal and hopefully it can be changed in a future release, but as of now it's required for proper function. How you do this depends on your webserver. For lighttpd, comment out the existing 404 line and replace it with:

``server.error-handler-404 = "/index.php"``

I don't personally run lighttpd and this is untested, but it should work. Just don't be surprised if it doesn't ;)
I use nginx, so this code is verified working:
1. Make your webserver redirect all 404 errors to the webroot. For nginx, this is

```
location / {
try_files $uri $uri/ =404;
error_page 404 =200 http://$host;
try_files $uri $uri/ =404;
error_page 404 =200 http://$host;
}
```

3. We must instruct Pi-Hole to use a blockpage instead of returning ``NXDOMAIN``. Don't worry, this will still result in a blank space where advertisements should be. Using your favorite editor, edit ``/etc/pihole/pihole-FTL.conf`` and find the line ``BLOCKINGMODE``. Replace it with ``BLOCKINGMODE=IP`` and restart the Pi-Hole FTL service.

You can now test the configuration so far. Go to a website you know is blocked. It should return the ``index`` page, or a ``404 Not Found/403 Forbidden`` error if configured correctly.

4. To prepare for installation, ``cd`` to your webroot folder. Make sure there are no ``index`` files and there is no folder called ``blockpage``.
For lighttpd, use ``server.error-handler-404 = "/index.php"`` (this is untested, but should work)

5. Now, we're at the fun part. Making sure you are still in your webroot, run ``sudo git clone https://github.com/roenw/pipass.git && cd pipass && sudo git checkout tags/v1.1 && cd .. && sudo mv pipass/* . && sudo rm -r pipass/`` This command downloads all PiPass files and moves them to your webroot.
2. Execute ``cd ~ && wget https://apps.roen.us/pipass/getuser && mv getuser getuser.php && wget https://apps.roen.us/pipass/setup && mv setup setup.php`` to download the setup script and rename it.

6. Using your favorite text editor, edit ``config.php`` with appropriate information.
3. Execute ``sudo php setup.php`` to execute the setup script.

7. It works! (Hopefully)
</details>
4. Fill out the ``config.php`` configuration file.

Support
------
Expand All @@ -75,14 +59,12 @@ Pull requests are welcome!

Known Caveats
------
* /etc/sudoers file must be modified
* Requires webroot index
* Requires end-user to (sometimes) clear their DNS cache
* Configuration is not automated
* Does not work on websites with HSTS header cached :(


Future Ideas
------
* Configuration script (maybe even an apt package?)
* Ability to trigger permanent whitelist after password entry
* Admin console for PiPass
33 changes: 28 additions & 5 deletions blockpage/index.php
Original file line number Diff line number Diff line change
Expand Up @@ -116,14 +116,37 @@ function unblock() {
<code style="color:gray">TECHNICAL INFO:</code>
<br />
<code style="color:gray">Reported by $hostname ($server_ip) at $date. Running PiPass version $pipass_v.</code>
</div>
EOL;
} else {
echo <<<EOL
</div>
EOL;
}
?>
<?php
function get_data($url) {
$ch = curl_init();
$timeout = 5;
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}

$latestVersion = get_data("https://apps.roen.us/pipass/currentversion/");

if($latestVersion != $conf['pipass_v']) {
echo <<<EOL
<br />
<a href="https://github.com/roenw/pipass/releases/" class="badge badge-info">Update Available!</a>
EOL;
} else {
echo <<<EOL
<br />
<br />
<code>Your PiPass installation is up-to-date.</code>
EOL;
}
?>
</div>
</div>
</div>
<div aria-live="polite" aria-atomic="true" id="toastwrapper" style="position: relative; min-height: 200px;">
Expand Down
5 changes: 3 additions & 2 deletions config.php
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@
// A way of saying the amount of unblock seconds in english.
// For example, 300 seconds would equal 5 minutes.

$conf['pipass_v'] = "1.1 (beta)";
// PiPass current version.
$conf['pipass_v'] = "1.3";
// PiPass current version. Must be a NUMBER! Or else "update available"
// will be showing forever and you will get a HEADACHE trying to debug.
?>
5 changes: 5 additions & 0 deletions setup/getuser.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
<?php
$phpuser = get_current_user();
echo $phpuser;
return $phpuser;
?>
104 changes: 104 additions & 0 deletions setup/setup.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
<?php
$GLOBALS['document_root'] = null;

echo <<<EOL
\n\n\n\n\n\n\n\n\n\n
###### ######
# # # # # ## #### ####
# # # # # # # # #
###### # ###### # # #### ####
# # # ###### # #
# # # # # # # # #
# # # # # #### ####
\n
PiPass installer
\n
EOL;

sleep(5);

echo "[ / ] Root user check...\n";

if (0 == posix_getuid()) {
echo "[ + ] Root user check complete\n";
preInstall();
} else {
echo "[ X ] Root user check failed. Please run the script with sudo.\n";
exit;
}

function preInstall() {

echo "[ / ] DR check... Please enter your web document root. (e.g. /var/www/)\n";
$handle = fopen ("php://stdin","r");
$line = fgets($handle);
if(trim($line)) {
$GLOBALS['document_root'] = trim($line);
}


echo "[ / ] Is this the correct document root? (" .$GLOBALS['document_root'] .") [y/n]\n";
$handle = fopen ("php://stdin","r");
$line = fgets($handle);
if(trim($line) != "y") {
$GLOBALS['document_root'] = trim($line);
echo "[ - ] DR check failed. Exiting...\n";
} else {
if(is_dir($GLOBALS['document_root'])) {
install();
} else {
echo "[ - ] DR check failed. The directory does not exist. Exiting...\n";
exit;
}
}
}

function install() {
echo "[ + ] DR check succeeded, now installing PiPass... \n";
echo "[ / ] Getting current php user...\n";
$GLOBALS['phpuser'] = exec('php getuser.php');
$localPU = $GLOBALS['phpuser'];
echo "[ + ] Current php user is " .$GLOBALS['phpuser'] .".\n";
echo "[ / ] Building /etc/sudoers line to add...\n";
$sudoersline = "$localPU ALL=(ALL) NOPASSWD: /usr/local/bin/pihole -w *, /usr/local/bin/pihole -w -d *";
echo "[ / ] Checking if /etc/sudoers is already set up...\n";
$sudoersRes = exec("sudo cat /etc/sudoers | grep /usr/local/bin/pihole");
if(empty($sudoersRes)) {
echo "[ / ] Adding line to /etc/sudoers...\n";
exec("echo '$sudoersline' | sudo tee -a /etc/sudoers");
echo "[ + ] Permissions have been set up successfully!\n";
} else {
echo "[ / ] /etc/sudoers is already set up... not performing action.\n";
}
echo "[ / ] Now making sure that your document root folder is clear...\n";
$drf_local = $GLOBALS['document_root'];
$drfiles = exec("ls $drf_local | grep index");
if(!empty($drfiles)) {
echo "[ - ] It looks like there are index files in your webroot. Such as index.php, index.html, etc. Please remove them or change their name to continue installation.\n";
exit;
}

echo "[ + ] In document root... downloading files.\n";
exec("cd $drf_local && sudo git clone https://github.com/roenw/pipass.git/");
echo "[ + ] Files downloaded. Selecting version v1.2b\n";
function get_data($url) {
$ch = curl_init();
$timeout = 5;
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}

$latestVersion = get_data("https://apps.roen.us/pipass/currentversion/");
exec("cd $drf_local/pipass && sudo git checkout tags/v$latestVersion");
echo "[ + ] Selected version v1.2b\n";
echo "[ + ] Moving all files up a directory...\n";
exec("cd $drf_local && sudo mv pipass/* .");
echo "[ + ] Success.\n";
echo "[ + ] Installation complete. Please set your webserver to redirect all 404 pages to the homepage (web root). This function is not automated yet.\n";
echo "[ + ] NOTE: Make sure you fill out config.php or you will get stuck in a redirect loop!\n";
}
?>
86 changes: 86 additions & 0 deletions setup/update.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
<?php
$GLOBALS['document_root'] = null;

echo <<<EOL
\n\n\n\n\n\n\n\n\n\n
###### ######
# # # # # ## #### ####
# # # # # # # # #
###### # ###### # # #### ####
# # # ###### # #
# # # # # # # # #
# # # # # #### ####
\n
PiPass updater
\n
EOL;

sleep(5);

echo "[ / ] Root user check...\n";

if (0 == posix_getuid()) {
echo "[ + ] Root user check complete\n";
preInstall();
} else {
echo "[ X ] Root user check failed. Please run the script with sudo.\n";
exit;
}

function preInstall() {

echo "[ / ] DR check... Please enter your web document root. (e.g. /var/www/)\n";
$handle = fopen ("php://stdin","r");
$line = fgets($handle);
if(trim($line)) {
$GLOBALS['document_root'] = trim($line);
}


echo "[ / ] Is this the correct document root? (" .$GLOBALS['document_root'] .") [y/n]\n";
$handle = fopen ("php://stdin","r");
$line = fgets($handle);
if(trim($line) != "y") {
$GLOBALS['document_root'] = trim($line);
echo "[ - ] DR check failed. Exiting...\n";
} else {
if(is_dir($GLOBALS['document_root'])) {
update();
} else {
echo "[ - ] DR check failed. The directory does not exist. Exiting...\n";
exit;
}
}
}

function update() {
echo "[ + ] Backed up your config file. \n";
echo "[ + ] DR check succeeded, now updating PiPass... \n";
echo "[ + ] In document root... backing up config file.\n";
$drf_local = $GLOBALS['document_root'];
exec("cd $drf_local && sudo mv config.php config.php.bak");
echo "[ + ] Collecting files...\n";
exec("cd $drf_local && sudo rm -r blockpage pipass && sudo rm index.php");
exec("cd $drf_local && sudo git clone https://github.com/roenw/pipass.git/");
function get_data($url) {
$ch = curl_init();
$timeout = 5;
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}

$latestVersion = get_data("https://apps.roen.us/pipass/currentversion/");
echo "[ + ] Files downloaded. Selecting latest version v$latestVersion.\n";
exec("cd $drf_local/pipass && sudo git checkout tags/v$latestVersion");
echo "[ + ] Selected version v$latestVersion\n";
echo "[ + ] Moving all files up a directory...\n";
exec("cd $drf_local && sudo mv pipass/* .");
echo "[ + ] Success.\n";
echo "[ + ] Update complete.\n";
echo "[ + ] NOTE: Make sure you fill out config.php or you will get stuck in a redirect loop!\n";
}
?>

0 comments on commit a34f247

Please sign in to comment.