Release

web/lib/app.php

@@ -0,0 +1,67 @@
+<?php
+if (session_status() !== PHP_SESSION_ACTIVE) {
+  session_set_cookie_params(['lifetime'=>0,'path'=>'/','httponly'=>true,'samesite'=>'Lax']);
+  session_start();
+}
+
+define('APP_ETC','/etc/snowpanel');
+define('APP_VAR','/var/lib/snowpanel');
+define('APP_CFG_ETC', APP_ETC.'/app.json');
+define('APP_CFG_VAR', APP_VAR.'/app.json');
+
+function app_cfg_path() {
+  if (is_file(APP_CFG_ETC)) return APP_CFG_ETC;
+  if (is_file(APP_CFG_VAR)) return APP_CFG_VAR;
+  return APP_CFG_ETC;
+}
+
+function app_is_installed() {
+  $p = app_cfg_path();
+  if (!is_file($p)) return false;
+  $j = json_decode((string)@file_get_contents($p), true);
+  return is_array($j) && !empty($j['admin_user']) && !empty($j['admin_pass']);
+}
+
+function app_load_config() {
+  $p = app_cfg_path();
+  $j = json_decode((string)@file_get_contents($p), true);
+  return is_array($j) ? $j : [];
+}
+
+function app_save_config(array $cfg) {
+  $target = APP_CFG_ETC;
+  $dir = dirname($target);
+  if (!is_dir($dir)) @mkdir($dir, 0770, true);
+  $ok = @file_put_contents($target, json_encode($cfg, JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES), LOCK_EX) !== false;
+  if (!$ok) {
+    $target = APP_CFG_VAR;
+    $dir = dirname($target);
+    if (!is_dir($dir)) @mkdir($dir, 0770, true);
+    $ok = @file_put_contents($target, json_encode($cfg, JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES), LOCK_EX) !== false;
+  }
+  if ($ok) {
+    @chgrp(dirname($target), 'www-data'); @chmod(dirname($target), 0770);
+    @chgrp($target, 'www-data'); @chmod($target, 0660);
+  }
+  return $ok;
+}
+
+function auth_login($u,$p) {
+  $cfg = app_load_config();
+  $ok = ($cfg['admin_user'] ?? '') === $u && password_verify($p, $cfg['admin_pass'] ?? '');
+  if ($ok) { $_SESSION['uid'] = $u; $_SESSION['ts'] = time(); }
+  return $ok;
+}
+
+function auth_require() {
+  if (empty($_SESSION['uid'])) { header('Location: /login.php'); exit; }
+}
+
+function auth_logout() {
+  $_SESSION = [];
+  if (ini_get('session.use_cookies')) {
+    $p = session_get_cookie_params();
+    setcookie(session_name(), '', time()-42000, $p['path'] ?? '/', $p['domain'] ?? '', !empty($p['secure']), !empty($p['httponly']));
+  }
+  @session_destroy();
+}

web/lib/snowctl.php

@@ -0,0 +1,28 @@
+<?php
+function snowctl_ports_range_normalize($s){
+  $s=trim($s);
+  $s=str_replace('-' ,':',$s);
+  if(!preg_match('~^\d{1,5}:\d{1,5}$~',$s)) return '';
+  [$a,$b]=array_map('intval',explode(':',$s,2));
+  if($a<1||$b<1||$a>$b||$b>65535) return '';
+  return $a.':'.$b;
+}
+function snowctl_build_flags(array $o){
+  $f=[];
+  if(!empty($o['broker'])) $f[]='-broker '.escapeshellarg($o['broker']);
+  if(!empty($o['stun']))   $f[]='-stun '.escapeshellarg($o['stun']);
+  if(!empty($o['range'])){ $r=snowctl_ports_range_normalize($o['range']); if($r!=='') $f[]='-ephemeral-ports-range '.$r; }
+  if(!empty($o['unsafe'])) $f[]='-unsafe-logging';
+  return implode(' ',$f);
+}
+function snowctl_override_path(){ return '/etc/systemd/system/snowflake-proxy.service.d/override.conf'; }
+function snowctl_apply_override($flags){
+  $d=dirname(snowctl_override_path());
+  if(!is_dir($d)) @mkdir($d,0755,true);
+  $exec='/usr/bin/snowflake-proxy';
+  $out="[Service]\nIPAccounting=yes\nExecStart=\nExecStart=$exec $flags\n";
+  @file_put_contents(snowctl_override_path(),$out);
+  @exec('systemctl daemon-reload 2>/dev/null');
+  @exec('systemctl restart snowflake-proxy 2>/dev/null');
+  return true;
+}