diff --git a/airtime_mvc/application/Bootstrap.php b/airtime_mvc/application/Bootstrap.php index 988e5ee4a..bb0954694 100644 --- a/airtime_mvc/application/Bootstrap.php +++ b/airtime_mvc/application/Bootstrap.php @@ -21,6 +21,7 @@ require_once "LocaleHelper.php"; require_once "HTTPHelper.php"; require_once "OsPath.php"; require_once "Database.php"; +require_once "ProvisioningHelper.php"; require_once "Timezone.php"; require_once "Auth.php"; require_once __DIR__.'/forms/helpers/ValidationTypes.php'; @@ -33,6 +34,13 @@ require_once __DIR__.'/modules/rest/controllers/MediaController.php'; require_once (APPLICATION_PATH."/logging/Logging.php"); Logging::setLogPath('/var/log/airtime/zendphp.log'); +// We need to manually route because we can't load Zend without the database being initialized first. +if (strpos($_SERVER["REQUEST_URI"], "/provisioning/create") !== false) { + $provisioningHelper = new ProvisioningHelper($CC_CONFIG["apiKey"][0]); + $provisioningHelper->createAction(); + die(); +} + Config::setAirtimeVersion(); require_once __DIR__."/configs/navigation.php"; diff --git a/airtime_mvc/application/common/ProvisioningHelper.php b/airtime_mvc/application/common/ProvisioningHelper.php new file mode 100644 index 000000000..a396f3911 --- /dev/null +++ b/airtime_mvc/application/common/ProvisioningHelper.php @@ -0,0 +1,159 @@ +apikey = $apikey; + } + + /** + * Endpoint for setting up and installing the Airtime database. This all has to be done without Zend + * which is why the code looks so old school (eg. http_response_code). (We can't currently bootstrap our + * Zend app without the database unfortunately.) + */ + public function createAction() + { + $apikey = $_SERVER['PHP_AUTH_USER']; + if (!isset($apikey) || $apikey != $this->apikey) { + Logging::info("Invalid API Key: $apikey"); + http_response_code(403); + echo "ERROR: Incorrect API key"; + return; + } + + try { + + $this->parsePostParams(); + + if (empty($this->instanceId)) + + //For security, the Airtime Pro provisioning system creates the database for the user. + // $this->setNewDatabaseConnection(); + //if ($this->checkDatabaseExists()) { + // throw new Exception("ERROR: Airtime database already exists"); + //} + //$this->createDatabase(); + + //All we need to do is create the database tables. + $this->createDatabaseTables(); + $this->initializeMusicDirsTable($this->instanceId); + } catch (Exception $e) { + http_response_code(400); + Logging::error($e->getMessage()); + echo $e->getMessage(); + return; + } + + http_response_code(201); + } + + /** + * Check if the database settings and credentials given are valid + * @return boolean true if the database given exists and the user is valid and can access it + */ + private function checkDatabaseExists() + { + $statement = self::$dbh->prepare("SELECT datname FROM pg_database WHERE datname = :dbname"); + $statement->execute(array(":dbname" => $this->dbname)); + $result = $statement->fetch(); + return isset($result[0]); + } + + private function parsePostParams() + { + $this->dbuser = $_POST['dbuser']; + $this->dbpass = $_POST['dbpass']; + $this->dbname = $_POST['dbname']; + $this->dbhost = $_POST['dbhost']; + $this->dbowner = $_POST['dbowner']; + $this->instanceId = $_POST['instanceid']; + } + + /** + * Set up a new database connection based on the parameters in the request + * @throws PDOException upon failure to connect + */ + private function setNewDatabaseConnection() + { + self::$dbh = new PDO("pgsql:host=" . $this->dbhost + . ";dbname=postgres" + . ";port=5432" . ";user=" . $this->dbuser + . ";password=" . $this->dbpass); + $err = self::$dbh->errorInfo(); + if ($err[1] != null) { + throw new PDOException("ERROR: Could not connect to database"); + } + } + + /** + * Creates the Airtime database using the given credentials + * @throws Exception + */ + private function createDatabase() + { + Logging::info("Creating database..."); + $statement = self::$dbh->prepare("CREATE DATABASE " . pg_escape_string($this->dbname) + . " WITH ENCODING 'UTF8' TEMPLATE template0" + . " OWNER " . pg_escape_string($this->dbowner)); + if (!$statement->execute()) { + throw new Exception("ERROR: Failed to create Airtime database"); + } + } + + /** + * Install the Airtime database + * @throws Exception + */ + private function createDatabaseTables() + { + Logging::info("Creating database tables..."); + $sqlDir = dirname(APPLICATION_PATH) . "/build/sql/"; + $files = array("schema.sql", "sequences.sql", "views.sql", "triggers.sql", "defaultdata.sql"); + foreach ($files as $f) { + /* + * Unfortunately, we need to use exec here due to PDO's lack of support for importing + * multi-line .sql files. PDO->exec() almost works, but any SQL errors stop the import, + * so the necessary DROPs on non-existent tables make it unusable. Prepared statements + * have multiple issues; they similarly die on any SQL errors, fail to read in multi-line + * commands, and fail on any unescaped ? or $ characters. + */ + exec("PGPASSWORD=$this->dbpass psql -U $this->dbuser --dbname $this->dbname -h $this->dbhost -f $sqlDir$f", $out, $status); + if ($status != 0) { + throw new Exception("ERROR: Failed to create database tables"); + } + } + } + + private function initializeMusicDirsTable($instanceId) + { + if (!is_string($instanceId) || empty($instanceId) || !is_numeric($instanceId)) + { + throw new Exception("Invalid instance id: " . $instanceId); + } + + $instanceIdPrefix = $instanceId[0]; + + //Reinitialize Propel, just in case... + Propel::init(__DIR__."/../configs/airtime-conf-production.php"); + + //Create the cc_music_dir entry + $musicDir = new CcMusicDirs(); + $musicDir->setType("stor"); + $musicDir->setExists(true); + $musicDir->setWatched(true); + $musicDir->setDirectory("/mnt/airtimepro/instances/$instanceIdPrefix/$instanceId/srv/airtime/stor/"); + $musicDir->save(); + } + + +} diff --git a/airtime_mvc/application/controllers/ProvisioningController.php b/airtime_mvc/application/controllers/ProvisioningController.php index e847ff661..fc0c28cbb 100644 --- a/airtime_mvc/application/controllers/ProvisioningController.php +++ b/airtime_mvc/application/controllers/ProvisioningController.php @@ -6,9 +6,18 @@ use Aws\S3\S3Client; class ProvisioningController extends Zend_Controller_Action { + public function init() { } + + /** + * + * The "create action" is in ProvisioningHelper because it needs to have no dependency on Zend, + * since when we bootstrap Zend, we already need the database set up and working (Bootstrap.php is a mess). + * + */ + /** * Delete the Airtime Pro station's files from Amazon S3 */ @@ -16,8 +25,8 @@ class ProvisioningController extends Zend_Controller_Action { $this->view->layout()->disableLayout(); $this->_helper->viewRenderer->setNoRender(true); - - if (!$this->verifyAPIKey()) { + + if (!RestAuth::verifyAuth(true, true, $this)) { return; } @@ -32,28 +41,5 @@ class ProvisioningController extends Zend_Controller_Action ->setHttpResponseCode(200) ->appendBody("OK"); } - - private function verifyAPIKey() - { - // The API key is passed in via HTTP "basic authentication": - // http://en.wikipedia.org/wiki/Basic_access_authentication - - $CC_CONFIG = Config::getConfig(); - - // Decode the API key that was passed to us in the HTTP request. - $authHeader = $this->getRequest()->getHeader("Authorization"); - $encodedRequestApiKey = substr($authHeader, strlen("Basic ")); - $encodedStoredApiKey = base64_encode($CC_CONFIG["apiKey"][0] . ":"); - - if ($encodedRequestApiKey === $encodedStoredApiKey) - { - return true; - } - - $this->getResponse() - ->setHttpResponseCode(401) - ->appendBody("ERROR: Incorrect API key."); - - return false; - } + } diff --git a/airtime_mvc/application/modules/rest/helpers/RestAuth.php b/airtime_mvc/application/modules/rest/helpers/RestAuth.php index 6024ad582..d7390ab8b 100644 --- a/airtime_mvc/application/modules/rest/helpers/RestAuth.php +++ b/airtime_mvc/application/modules/rest/helpers/RestAuth.php @@ -1,64 +1,60 @@ getResponse(); - $resp->setHttpResponseCode(401); - $resp->appendBody("ERROR: Incorrect API key."); - - return false; - } - - public static function getOwnerId() - { - try { - if (RestAuth::verifySession()) { - $service_user = new Application_Service_UserService(); - return $service_user->getCurrentUser()->getDbId(); - } else { - $defaultOwner = CcSubjsQuery::create() - ->filterByDbType('A') - ->orderByDbId() - ->findOne(); - if (!$defaultOwner) { - // what to do if there is no admin user? - // should we handle this case? - return null; - } - return $defaultOwner->getDbId(); - } - } catch(Exception $e) { - Logging::info($e->getMessage()); - } - } - - private static function verifySession() - { - $auth = Zend_Auth::getInstance(); - return $auth->hasIdentity(); - } - - private static function verifyAPIKey() - { - //The API key is passed in via HTTP "basic authentication": - // http://en.wikipedia.org/wiki/Basic_access_authentication - $CC_CONFIG = Config::getConfig(); - - //Decode the API key that was passed to us in the HTTP request. - $authHeader = $this->getRequest()->getHeader("Authorization"); - $encodedRequestApiKey = substr($authHeader, strlen("Basic ")); - $encodedStoredApiKey = base64_encode($CC_CONFIG["apiKey"][0] . ":"); - - return ($encodedRequestApiKey === $encodedStoredApiKey); - } - +class RestAuth { + + public static function verifyAuth($checkApiKey, $checkSession, $action) { + //Session takes precedence over API key for now: + if ($checkSession && self::verifySession() + || $checkApiKey && self::verifyAPIKey($action) + ) { + return true; + } + + $action->getResponse() + ->setHttpResponseCode(401) + ->appendBody(json_encode(array("message" => "ERROR: Incorrect API key."))); + + return false; + } + + public static function getOwnerId() { + try { + if (self::verifySession()) { + $service_user = new Application_Service_UserService(); + return $service_user->getCurrentUser()->getDbId(); + } else { + $defaultOwner = CcSubjsQuery::create() + ->filterByDbType(array('A', 'S'), Criteria::IN) + ->orderByDbId() + ->findOne(); + if (!$defaultOwner) { + // what to do if there is no admin user? + // should we handle this case? + return null; + } + return $defaultOwner->getDbId(); + } + } catch (Exception $e) { + Logging::info($e->getMessage()); + } + } + + private static function verifySession() { + $auth = Zend_Auth::getInstance(); + return $auth->hasIdentity(); + } + + private static function verifyAPIKey($action) { + //The API key is passed in via HTTP "basic authentication": + // http://en.wikipedia.org/wiki/Basic_access_authentication + $CC_CONFIG = Config::getConfig(); + + //Decode the API key that was passed to us in the HTTP request. + $authHeader = $action->getRequest()->getHeader("Authorization"); + $encodedRequestApiKey = substr($authHeader, strlen("Basic ")); + $encodedStoredApiKey = base64_encode($CC_CONFIG["apiKey"][0] . ":"); + + return ($encodedRequestApiKey === $encodedStoredApiKey); + } + } \ No newline at end of file diff --git a/airtime_mvc/build/sql/defaultdata.sql b/airtime_mvc/build/sql/defaultdata.sql index af82be2b8..3c1a60752 100644 --- a/airtime_mvc/build/sql/defaultdata.sql +++ b/airtime_mvc/build/sql/defaultdata.sql @@ -1,3 +1,6 @@ +-- Schema version +INSERT INTO cc_pref("keystr", "valstr") VALUES('system_version', '2.5.9'); + INSERT INTO cc_subjs ("login", "type", "pass") VALUES ('admin', 'A', md5('admin')); -- added in 2.3 INSERT INTO cc_stream_setting ("keyname", "value", "type") VALUES ('off_air_meta', 'Airtime - offline', 'string');