2023-03-05 15:30:06 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
namespace Core\Documents;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
use Core\Configuration\Settings;
|
|
|
|
|
use Core\Elements\Document;
|
|
|
|
|
use Core\Objects\DatabaseEntity\GpgKey;
|
|
|
|
|
use Core\Objects\DatabaseEntity\Language;
|
|
|
|
|
use Core\Objects\Router\Router;
|
2024-03-27 20:50:57 +01:00
|
|
|
use DateTimeInterface;
|
2023-03-05 15:30:06 +01:00
|
|
|
|
|
|
|
|
// Source: https://www.rfc-editor.org/rfc/rfc9116
|
|
|
|
|
class Security extends Document {
|
|
|
|
|
|
|
|
|
|
public function __construct(Router $router) {
|
|
|
|
|
parent::__construct($router);
|
|
|
|
|
$this->searchable = false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getTitle(): string {
|
|
|
|
|
return "security.txt";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getCode(array $params = []) {
|
|
|
|
|
|
|
|
|
|
$activeRoute = $this->router->getActiveRoute();
|
|
|
|
|
|
|
|
|
|
$sql = $this->getContext()->getSQL();
|
|
|
|
|
$settings = $this->getSettings();
|
|
|
|
|
$mailSettings = Settings::getAll($sql, "^mail_");
|
|
|
|
|
|
|
|
|
|
if ($activeRoute->getPattern() === "/.well-known/security.txt") {
|
|
|
|
|
|
|
|
|
|
// The order in which they appear is not an indication of priority; the listed languages are intended to have equal priority.
|
|
|
|
|
$languageCodes = implode(", ", array_map(function (Language $language) {
|
|
|
|
|
return $language->getShortCode();
|
|
|
|
|
}, Language::findAll($sql)));
|
|
|
|
|
|
|
|
|
|
$expires = (new \DateTime())->setTime(0, 0, 0)->modify("+3 months");
|
|
|
|
|
$baseUrl = $settings->getBaseUrl();
|
|
|
|
|
$gpgKey = null;
|
|
|
|
|
|
|
|
|
|
$lines = [
|
|
|
|
|
"# This project is based on the open-source framework hosted on https://github.com/rhergenreder/web-base",
|
2024-03-27 20:50:57 +01:00
|
|
|
"# Any non site-specific issues can be reported via the github security reporting feature:",
|
2023-03-05 15:30:06 +01:00
|
|
|
"# https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability",
|
|
|
|
|
"",
|
|
|
|
|
"Canonical: $baseUrl/.well-known/security.txt",
|
|
|
|
|
"Preferred-Languages: $languageCodes",
|
2024-03-27 20:50:57 +01:00
|
|
|
"Expires: " . $expires->format(DateTimeInterface::ATOM),
|
2023-03-05 15:30:06 +01:00
|
|
|
"",
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
if (isset($mailSettings["mail_contact"])) {
|
|
|
|
|
$lines[] = "Contact: " . $mailSettings["mail_contact"];
|
|
|
|
|
|
|
|
|
|
if (isset($mailSettings["mail_contact_gpg_key_id"])) {
|
|
|
|
|
$gpgKey = GpgKey::find($sql, $mailSettings["mail_contact_gpg_key_id"]);
|
|
|
|
|
if ($gpgKey) {
|
|
|
|
|
$lines[] = "Encryption: $baseUrl/.well-known/gpg-key.txt";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$code = implode("\n", $lines);
|
|
|
|
|
|
|
|
|
|
if ($gpgKey !== null) {
|
|
|
|
|
$res = GpgKey::sign($code, $gpgKey->getFingerprint());
|
|
|
|
|
if ($res["success"]) {
|
|
|
|
|
$code = $res["data"];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $code;
|
|
|
|
|
} else if ($activeRoute->getPattern() === "/.well-known/gpg-key.txt") {
|
|
|
|
|
|
|
|
|
|
if (isset($mailSettings["mail_contact_gpg_key_id"])) {
|
|
|
|
|
$gpgKey = GpgKey::find($sql, $mailSettings["mail_contact_gpg_key_id"]);
|
|
|
|
|
if ($gpgKey !== null) {
|
|
|
|
|
header("Content-Type: text/plain");
|
|
|
|
|
$res = $gpgKey->_export(true);
|
|
|
|
|
if ($res["success"]) {
|
|
|
|
|
return $res["data"];
|
|
|
|
|
} else {
|
|
|
|
|
return "Error exporting public key: " . $res["msg"];
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-03-27 20:50:57 +01:00
|
|
|
} else {
|
|
|
|
|
http_response_code(412);
|
|
|
|
|
return "No gpg key configured yet.";
|
2023-03-05 15:30:06 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
http_response_code(404);
|
|
|
|
|
return "";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function sendHeaders(): void {
|
|
|
|
|
parent::sendHeaders();
|
|
|
|
|
header("Content-Type: text/plain");
|
|
|
|
|
}
|
|
|
|
|
}
|
