1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/rainloop_ynh.git synced 2024-09-03 20:16:18 +02:00
Allows user to backup/restore their PGP private keys from the browser
storage to the server using https://github.com/chtixof/pgpback_ynh
This commit is contained in:
scith 2016-12-18 02:22:23 +01:00
parent 6d59347886
commit c17c585a01
6 changed files with 129 additions and 2 deletions

View file

@ -16,6 +16,8 @@ Each user can add a remote carddav server from their own parameters interface.
- If you use baikal, the CardDav address is: https://DOMAIN.TLD/baikal/card.php/addressbooks/USER/default/
- If you use NextCloud, the CardDav address is: https://DOMAIN.TLD/nextcloud/remote.php/carddav/addressbooks/USER/contacts
Rainloop saves your PGP private keys in the browser storage. This means that you will loose your private keys if you clear your browser storage (e.g., private browsing, different computer...). This packages integrates [PGPback by chtixof](https://github.com/chtixof/pgpback_ynh) so you can store your PGP private keys on the server securely. Go to **http://DOMAIN.TLD/rainloop/pgpback** to backup your PGP keys on the server or restore them.
To upgrade the app once a new rainloop version is available, simply run in a local shell via ssh or otherwise :
``sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/rainloop_ynh rainloop``
@ -34,6 +36,7 @@ Chaque utilisateur peut ajouter un carnet d'adresse distant CardDav via leur pro
- Si vous utilisez Baikal, l'adresse à renseigner est du type : https://DOMAIN.TLD/baikal/card.php/addressbooks/UTILISATEUR/default/
- Si vous utilisez NextCloud, l'adresse à renseigner est du type : https://DOMAIN.TLD/nextcloud/remote.php/carddav/addressbooks/USER/contacts
Rainloop stocke les clés PGP privées dans le stockage de navigateur. Cela implique que vos clés seront perdues quand vous videz le stockage de navigateur (navigation incognito, changement d'ordinateur, ...). Ce paquet intègre [PGPback de chtixof](https://github.com/chtixof/pgpback_ynh) pour que vous puissiez stocker vos clés privées PGP de manière sécurisée sur le serveur. Rendez-vous **http://DOMAIN.TLD/rainloop/pgpback** pour stocker vos clés privées PGP sur le serveur ou les restaurer dans un nouveau navigateur.
Pour mettre à jour rainloop lorsqu'une nouvelle version est disponible, lancez en console locale (ssh ou autre) :
``sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/rainloop_ynh rainloop``

View file

@ -9,8 +9,12 @@ location PATHTOCHANGE {
deny all;
}
location ^~ PATHTOCHANGE/pgpback/keys {
deny all;
}
client_max_body_size 10G;
index index.php;
index index.php index.html;
try_files $uri $uri/ index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;

View file

@ -113,6 +113,9 @@
sudo sed -i "s@domain.tld@$domain@g" $final_path/index.php
sudo sed -i "s@PATHTOCHANGE@$path@g" $final_path/index.php
# Install PGPback by chtixof to allow users to backup/restore their PGP private keys on the server
sudo cp -rf ../sources/pgpback $final_path/.
# Set permissions to rainloop directory
sudo find $final_path/. -type d -exec chmod 755 {} \;
sudo find $final_path/. -type f -exec chmod 644 {} \;

23
sources/pgpback/fav.php Normal file
View file

@ -0,0 +1,23 @@
<?php
$text=file_get_contents('php://input');
$user=$_SERVER["PHP_AUTH_USER"];
$file='keys/pk_'.$user.'.json';
if ($user=="") {
$out='{"rc":-2,"pk":[]}';
} else if ($text=="") {
$fread=file_get_contents($file);
if ($fread==""){
$out='{"rc":-3,"pk":[]}';
} else {
$out='{"rc":-1,"pk":'.file_get_contents($file).'}';
}
} else {
$fstatus=file_put_contents($file,$text) ;
$out='{"rc":'.$fstatus.',"pk":[]}';
}
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Content-Type: application/json; charset=utf-8");
echo json_encode($out);
?>

View file

@ -0,0 +1,90 @@
<!DOCTYPE html>
<head>
<meta charset="utf-8">
<title>PGPBack
</title>
<style>
body {
background: #41444f;
color: #bbb;
}
a {
color: #fff;
text-decoration:none;
}
a:hover {
color: #fff;
text-decoration:underline;
}
</style>
</head>
<body>
<h1>PGPBack : OpenPGP keys backup for Rainloop</h1>
PGPBack has been tested with Chrome. It enables the following:<br><br>
<a id="arestorels" href="javascript:void(0)">Set the local OpenPGP keys from the server</a><br/><br/>
<a id="asavels" href="javascript:void(0)">Backup the local OpenPGP keys onto the server</a><br/><br/>
<a id="aclearls" href="javascript:void(0)">Clear the local OpenPGP keys (for security reasons)</a><br/><br/>
<script src="lib/jquery-1.11.2.min.js"></script>
<script>
$(document).ready(function() {
$('#asavels').click(function() {
if (confirm('The local OpenPGP keys will be loaded onto the server')) {
$.ajax("fav.php", {
data : JSON.stringify([localStorage["openpgp-private-keys"],localStorage["openpgp-public-keys"]]),
contentType : 'application/json',
type : 'POST',
dataType: 'json',
success: function (data) {
parseddata=JSON.parse(data);
switch (parseddata.rc){
case -2:
alert("User not logged in Yunohost. Keys not saved.");
break;
case -1:
case -3:
alert("No keys to save.");
break;
case 0:
alert("Problem when writing the data. Keys not saved.");
break;
default:
alert("Keys saved ("+parseddata.rc+" bytes).");
}
}
});
}
});
$('#aclearls').click(function() {
if (confirm('The local OpenPGP keys will be deleted')) {
delete localStorage["openpgp-private-keys"];
delete localStorage["openpgp-public-keys"];
}
});
$('#arestorels').click(function() {
if (confirm('The local OpenPGP keys will be replaced by those from the server')) {
$.ajax("fav.php", {
contentType : 'application/json',
type : 'POST',
dataType: 'json',
success: function (data) {
parseddata=JSON.parse(data);
switch (parseddata.rc){
case -2:
alert("User not logged in Yunohost. Keys not set.");
break;
case -3:
alert("No data found. Keys not set.");
break;
default:
localStorage["openpgp-private-keys"]=parseddata.pk[0];
localStorage["openpgp-public-keys"]=parseddata.pk[1];
alert("Keys set from the server.");
}
}
});
}
});
})
</script>
</body>
</html>

File diff suppressed because one or more lines are too long