From c16fb74cd1f76d83be7bfcc3e2fd0182557e1540 Mon Sep 17 00:00:00 2001 From: boban Date: Mon, 20 Oct 2025 21:21:25 +0200 Subject: [PATCH] =?UTF-8?q?Rechtebechebung=20f=C3=BCr=20User=20mit=20Sudor?= =?UTF-8?q?echte?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- a?->dns_string); | 14 - an config:clear | 30 -- app/Console/Commands/CheckUpdates.php | 39 +++ app/Console/Commands/ProvisionCert.php | 292 +++++++++--------- app/Providers/AppServiceProvider.php | 3 + .../components/partials/header.blade.php | 13 + .../domain/modal/domain-dns-modal.blade.php | 11 +- routes/console.php | 4 +- 8 files changed, 205 insertions(+), 201 deletions(-) delete mode 100644 a?->dns_string); delete mode 100644 an config:clear create mode 100644 app/Console/Commands/CheckUpdates.php diff --git a/a?->dns_string); b/a?->dns_string); deleted file mode 100644 index 1d9148b..0000000 --- a/a?->dns_string); +++ /dev/null @@ -1,14 +0,0 @@ -= App\Models\TlsaRecord {#6794 - id: 1, - domain_id: 9, - service: "_25._tcp", - host: "mx.nexlab.at", - usage: 3, - selector: 1, - matching: 1, - hash: "0922eee5f6090b241a3f8554a366b3c1adc4088eb1cdffa94ae838c6e580b983", - cert_path: "/etc/ssl/mail/fullchain.pem", - created_at: "2025-10-06 15:24:56", - updated_at: "2025-10-06 15:24:56", - } - diff --git a/an config:clear b/an config:clear deleted file mode 100644 index 35b2cbd..0000000 --- a/an config:clear +++ /dev/null @@ -1,30 +0,0 @@ - - SSUUMMMMAARRYY OOFF LLEESSSS CCOOMMMMAANNDDSS - - Commands marked with * may be preceded by a number, _N. - Notes in parentheses indicate the behavior if _N is given. - A key preceded by a caret indicates the Ctrl key; thus ^K is ctrl-K. - - h H Display this help. - q :q Q :Q ZZ Exit. - --------------------------------------------------------------------------- - - MMOOVVIINNGG - - e ^E j ^N CR * Forward one line (or _N lines). - y ^Y k ^K ^P * Backward one line (or _N lines). - f ^F ^V SPACE * Forward one window (or _N lines). - b ^B ESC-v * Backward one window (or _N lines). - z * Forward one window (and set window to _N). - w * Backward one window (and set window to _N). - ESC-SPACE * Forward one window, but don't stop at end-of-file. - d ^D * Forward one half-window (and set half-window to _N). - u ^U * Backward one half-window (and set half-window to _N). - ESC-) RightArrow * Right one half screen width (or _N positions). - ESC-( LeftArrow * Left one half screen width (or _N positions). - ESC-} ^RightArrow Right to last column displayed. - ESC-{ ^LeftArrow Left to first column. - F Forward forever; like "tail -f". - ESC-F Like F but stop when search pattern is found. - r ^R ^L Repaint screen. - R \ No newline at end of file diff --git a/app/Console/Commands/CheckUpdates.php b/app/Console/Commands/CheckUpdates.php new file mode 100644 index 0000000..722edee --- /dev/null +++ b/app/Console/Commands/CheckUpdates.php @@ -0,0 +1,39 @@ +warn('Keine Release-Tags gefunden.'); + cache()->forget('mailwolt.update_available'); + return 0; + } + + if (version_compare($latest, $current, '>')) { + cache()->forever('mailwolt.update_available', $latest); + $this->info("Update verfügbar: {$latest} (installiert: {$current})"); + } else { + cache()->forget('mailwolt.update_available'); + $this->info("Aktuell (installiert: {$current})."); + } + return 0; + } +} diff --git a/app/Console/Commands/ProvisionCert.php b/app/Console/Commands/ProvisionCert.php index cf6b21e..fcfe4a1 100644 --- a/app/Console/Commands/ProvisionCert.php +++ b/app/Console/Commands/ProvisionCert.php @@ -1,147 +1,147 @@ argument('domain'); - $email = (string)$this->option('email'); - $self = (bool)$this->option('self-signed'); - - $this->certPath = "{$this->sslDir}/cert.pem"; - $this->keyPath = "{$this->sslDir}/key.pem"; - - if (!is_dir($this->sslDir)) { - @mkdir($this->sslDir, 0750, true); - @chgrp($this->sslDir, 'www-data'); - } - - if ($self) { - return $this->issueSelfSigned($domain); - } - - // Versuche Let's Encrypt – bei Fehler fallback self-signed - $rc = $this->issueLetsEncrypt($domain, $email); - if ($rc !== 0) { - $this->warn('Let’s Encrypt fehlgeschlagen – erstelle Self-Signed als Fallback…'); - return $this->issueSelfSigned($domain); - } - return $rc; - } - - private function issueLetsEncrypt(string $domain, string $email): int - { - if (empty($email)) { - $this->error('Für Let’s Encrypt ist --email erforderlich.'); - return 2; - } - - // Webroot sicherstellen (Nginx-Standort ist im Installer bereits konfiguriert) - @mkdir('/var/www/letsencrypt', 0755, true); - - $cmd = [ - 'bash','-lc', - // non-interactive, webroot challenge - "certbot certonly --webroot -w /var/www/letsencrypt -d {$domain} ". - "--email ".escapeshellarg($email)." --agree-tos --no-eff-email --non-interactive --rsa-key-size 2048" - ]; - $p = new Process($cmd, null, ['PATH' => getenv('PATH') ?: '/usr/bin:/bin']); - $p->setTimeout(600); - $p->run(function($type,$buff){ $this->output->write($buff); }); - - if (!$p->isSuccessful()) { - $this->error('Certbot-Fehler.'); - return 1; - } - - // Pfade vom Certbot-Store - $leBase = "/etc/letsencrypt/live/{$domain}"; - $fullchain = "{$leBase}/fullchain.pem"; - $privkey = "{$leBase}/privkey.pem"; - - if (!is_file($fullchain) || !is_file($privkey)) { - $this->error("LE-Dateien fehlen unter {$leBase}"); - return 1; - } - - // In unsere Standard-Pfade kopieren (Nginx zeigt bereits darauf) - if (!@copy($fullchain, $this->certPath) || !@copy($privkey, $this->keyPath)) { - $this->error('Konnte Zertifikate nicht in /etc/mailwolt/ssl kopieren.'); - return 1; - } - - @chown($this->certPath, 'root'); @chgrp($this->certPath, 'www-data'); @chmod($this->certPath, 0640); - @chown($this->keyPath, 'root'); @chgrp($this->keyPath, 'www-data'); @chmod($this->keyPath, 0640); - - // Nginx reload - $reload = new Process(['bash','-lc','systemctl reload nginx']); - $reload->run(); - - $this->info('Let’s Encrypt Zertifikat gesetzt und Nginx neu geladen.'); - return 0; - } - - private function issueSelfSigned(string $domain): int - { - $cfgPath = "{$this->sslDir}/openssl.cnf"; - $cfg = <<keyPath} -out {$this->certPath} -config {$cfgPath}" - ]; - $p = new Process($cmd); - $p->setTimeout(60); - $p->run(function($t,$b){ $this->output->write($b); }); - - if (!$p->isSuccessful()) { - $this->error('Self-Signed Erstellung fehlgeschlagen.'); - return 1; - } - - @chown($this->certPath, 'root'); @chgrp($this->certPath, 'www-data'); @chmod($this->certPath, 0640); - @chown($this->keyPath, 'root'); @chgrp($this->keyPath, 'www-data'); @chmod($this->keyPath, 0640); - @chmod($this->sslDir, 0750); - - $reload = new Process(['bash','-lc','systemctl reload nginx']); - $reload->run(); - - $this->info('Self-Signed Zertifikat erstellt und Nginx neu geladen.'); - return 0; - } -} +// +//namespace App\Console\Commands; +// +//use Illuminate\Console\Command; +//use Symfony\Component\Process\Process; +// +//class ProvisionCert extends Command +//{ +//// protected $signature = 'mailwolt:provision-cert +//// {domain : z.B. mail.example.com} +//// {--email= : E-Mail für Let\'s Encrypt} +//// {--self-signed : Statt LE ein self-signed Zertifikat erzeugen}'; +//// +//// protected $description = 'Beschafft ein Zertifikat (LE oder self-signed) und setzt Nginx darauf.'; +//// +//// private string $sslDir = '/etc/mailwolt/ssl'; +//// private string $certPath; +//// private string $keyPath; +// +//// public function handle(): int +//// { +//// $domain = $this->argument('domain'); +//// $email = (string)$this->option('email'); +//// $self = (bool)$this->option('self-signed'); +//// +//// $this->certPath = "{$this->sslDir}/cert.pem"; +//// $this->keyPath = "{$this->sslDir}/key.pem"; +//// +//// if (!is_dir($this->sslDir)) { +//// @mkdir($this->sslDir, 0750, true); +//// @chgrp($this->sslDir, 'www-data'); +//// } +//// +//// if ($self) { +//// return $this->issueSelfSigned($domain); +//// } +//// +//// // Versuche Let's Encrypt – bei Fehler fallback self-signed +//// $rc = $this->issueLetsEncrypt($domain, $email); +//// if ($rc !== 0) { +//// $this->warn('Let’s Encrypt fehlgeschlagen – erstelle Self-Signed als Fallback…'); +//// return $this->issueSelfSigned($domain); +//// } +//// return $rc; +//// } +//// +//// private function issueLetsEncrypt(string $domain, string $email): int +//// { +//// if (empty($email)) { +//// $this->error('Für Let’s Encrypt ist --email erforderlich.'); +//// return 2; +//// } +//// +//// // Webroot sicherstellen (Nginx-Standort ist im Installer bereits konfiguriert) +//// @mkdir('/var/www/letsencrypt', 0755, true); +//// +//// $cmd = [ +//// 'bash','-lc', +//// // non-interactive, webroot challenge +//// "certbot certonly --webroot -w /var/www/letsencrypt -d {$domain} ". +//// "--email ".escapeshellarg($email)." --agree-tos --no-eff-email --non-interactive --rsa-key-size 2048" +//// ]; +//// $p = new Process($cmd, null, ['PATH' => getenv('PATH') ?: '/usr/bin:/bin']); +//// $p->setTimeout(600); +//// $p->run(function($type,$buff){ $this->output->write($buff); }); +//// +//// if (!$p->isSuccessful()) { +//// $this->error('Certbot-Fehler.'); +//// return 1; +//// } +//// +//// // Pfade vom Certbot-Store +//// $leBase = "/etc/letsencrypt/live/{$domain}"; +//// $fullchain = "{$leBase}/fullchain.pem"; +//// $privkey = "{$leBase}/privkey.pem"; +//// +//// if (!is_file($fullchain) || !is_file($privkey)) { +//// $this->error("LE-Dateien fehlen unter {$leBase}"); +//// return 1; +//// } +//// +//// // In unsere Standard-Pfade kopieren (Nginx zeigt bereits darauf) +//// if (!@copy($fullchain, $this->certPath) || !@copy($privkey, $this->keyPath)) { +//// $this->error('Konnte Zertifikate nicht in /etc/mailwolt/ssl kopieren.'); +//// return 1; +//// } +//// +//// @chown($this->certPath, 'root'); @chgrp($this->certPath, 'www-data'); @chmod($this->certPath, 0640); +//// @chown($this->keyPath, 'root'); @chgrp($this->keyPath, 'www-data'); @chmod($this->keyPath, 0640); +//// +//// // Nginx reload +//// $reload = new Process(['bash','-lc','systemctl reload nginx']); +//// $reload->run(); +//// +//// $this->info('Let’s Encrypt Zertifikat gesetzt und Nginx neu geladen.'); +//// return 0; +//// } +//// +//// private function issueSelfSigned(string $domain): int +//// { +//// $cfgPath = "{$this->sslDir}/openssl.cnf"; +//// $cfg = <<keyPath} -out {$this->certPath} -config {$cfgPath}" +//// ]; +//// $p = new Process($cmd); +//// $p->setTimeout(60); +//// $p->run(function($t,$b){ $this->output->write($b); }); +//// +//// if (!$p->isSuccessful()) { +//// $this->error('Self-Signed Erstellung fehlgeschlagen.'); +//// return 1; +//// } +//// +//// @chown($this->certPath, 'root'); @chgrp($this->certPath, 'www-data'); @chmod($this->certPath, 0640); +//// @chown($this->keyPath, 'root'); @chgrp($this->keyPath, 'www-data'); @chmod($this->keyPath, 0640); +//// @chmod($this->sslDir, 0750); +//// +//// $reload = new Process(['bash','-lc','systemctl reload nginx']); +//// $reload->run(); +//// +//// $this->info('Self-Signed Zertifikat erstellt und Nginx neu geladen.'); +//// return 0; +//// } +//} diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php index 73832b3..d4b9586 100644 --- a/app/Providers/AppServiceProvider.php +++ b/app/Providers/AppServiceProvider.php @@ -26,6 +26,9 @@ class AppServiceProvider extends ServiceProvider Domain::observe(DomainObserver::class); + $ver = trim(@file_get_contents(base_path('VERSION'))) ?: 'dev'; + config(['app.version' => $ver]); + try { $S = app(\App\Support\SettingsRepository::class); diff --git a/resources/views/components/partials/header.blade.php b/resources/views/components/partials/header.blade.php index c90b704..18cb40e 100644 --- a/resources/views/components/partials/header.blade.php +++ b/resources/views/components/partials/header.blade.php @@ -10,6 +10,19 @@ + @if ($latest = cache('mailwolt.update_available')) +
+
+
+ Neue Version verfügbar: {{ $latest }} +
+ +
+
+ @endif {{--