From 78980dcae3e038072ef72b4cc55020d5a95c8b79 Mon Sep 17 00:00:00 2001 From: Miquel Lionel Date: Sun, 28 Feb 2021 11:35:59 +0100 Subject: use template instead of writing perl in perl - also renamed gpigeon.css -> styles.css. more standard - utf-8 rules. other charset can't defeat him. --- README.md | 5 +- gpigeon-template.cgi | 225 ++++++++++++++++----------------------------------- gpigeon.css | 35 -------- link-tmpl.cgi | 104 ++++++++++++++++++++++++ styles.css | 35 ++++++++ 5 files changed, 209 insertions(+), 195 deletions(-) delete mode 100644 gpigeon.css create mode 100644 link-tmpl.cgi create mode 100644 styles.css diff --git a/README.md b/README.md index fab7126..485cf42 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,5 @@ Mail::Sendmail then comment and uncomment some lines in . Installation ============ -I'm currently making a install script but frankly if you look around in -the source code you should figure things out quickly (hint: look for variables -values ending in 'goes_here'). +Look in the [gpigeon-template.cgi](https://git.les-miquelots.net/gpigeon/plain/gpigeon-template.cgi) source code you should figure things out quickly. +Hint: look for variables values ending in 'goes_here'. diff --git a/gpigeon-template.cgi b/gpigeon-template.cgi index 210cc59..1369c4e 100755 --- a/gpigeon-template.cgi +++ b/gpigeon-template.cgi @@ -6,16 +6,7 @@ use Crypt::Argon2 qw(argon2id_verify); use Email::Valid; use String::Random; use CGI qw(param); -#use CGI::Carp qw(fatalsToBrowser); - -sub escape_arobase { - my $mailaddress = shift; - my $arobase = '@'; - my $espaced_arob = q{\@}; - my $escapedmailaddress = $mailaddress; - $escapedmailaddress =~ s/$arobase/$espaced_arob/; - return $escapedmailaddress; -} +use CGI::Carp qw(fatalsToBrowser); sub untaint_cgi_filename { my $filename = shift; @@ -42,21 +33,13 @@ sub notif_if_defined{ delete @ENV{qw(IFS PATH CDPATH BASH_ENV)}; $ENV{'PATH'} = '/usr/bin'; -my $HAS_MAILSERVER = 0; -my $SRV_NAME = $ENV{'SERVER_NAME'}; -my $HTML_CONTENT_TYPE_HEADER = 'Content-type: text/html'; -my $HTML_CHARSET = 'UTF-8'; -my $HTML_CSS = '/gpigeon.css'; -my $mymailaddr = q{your_mail_address_goes_here}; -my $mymailaddr_pw = q{your_mail_address_password_goes_here}; -my $mymail_smtp = q{smtp_domain_goes_here}; -my $mymail_smtport = q{smtp_port_goes_here}; -my $mymail_gpgid = q{gpgid_goes_here}; #0xlong keyid form -my $PASSWD_HASH = q{password_hash_goes_here}; #argon2id hash please -my $mymailaddr_escaped = escape_arobase($mymailaddr); -my $msg_form_char_limit = 3000; +my $HOSTNAME = $ENV{'SERVER_NAME'}; +my $LINK_TEMPLATE_PATH='/usr/share/webapps/gpigeon/link-template.pl'; # this is the file where the SMTP and mail address values goes +my $msg_form_char_limit = 3000; +my $PASSWD_HASH = q{password_hash_goes_here}; #argon2id hash format my %text_strings = (link_del_ok => 'Successful removal !', addr => 'Address', + here => 'here', addr_ok => 'is valid!', addr_nok => 'is not valid !', addr_unknown => 'Unknown', @@ -80,171 +63,99 @@ my %text_strings = (link_del_ok => 'Successful removal !', msg_too_long => 'Cannot send message : message length must be under ' .$msg_form_char_limit . ' characters.', msg_empty => 'Cannot send message : message is empty. You can type up to ' . $msg_form_char_limit . ' characters.', notif_login_failure => 'Cannot login. Check if your username and password match.' - ); +); my $cgi_query_get = CGI->new; my $PASSWD = $cgi_query_get->param('password'); -my ($notif_de_creation, $notif_mail_valide, $notif_suppression) = undef; +my ($linkgen_notif, $mailisok_notif, $deletion_notif) = undef; my @created_links = (); if (argon2id_verify($PASSWD_HASH,$PASSWD)){ - my $psswd_formfield = ''; + my $hidden_pwfield = ''; if (defined $cgi_query_get->param('supprlien')){ my $pending_deletion = $cgi_query_get->param('supprlien'); - my $gpg_form_fn = "./l/$pending_deletion"; - if (unlink untaint_cgi_filename($gpg_form_fn)){ - $notif_suppression=qq{$text_strings{link_del_ok}}; + my $linkfile_fn = "./l/$pending_deletion"; + if (unlink untaint_cgi_filename($linkfile_fn)){ + $deletion_notif=qq{$text_strings{link_del_ok}}; } else { - $notif_suppression=qq{$text_strings{link_del_failed} $gpg_form_fn : $!}; + $deletion_notif=qq{$text_strings{link_del_failed} $linkfile_fn : $!}; } } if (defined $cgi_query_get->param('supprtout')){ opendir my $link_dir_handle, './l' or die "Can't open ./l: $!"; - while (readdir $link_dir_handle) { if ($_ ne '.' and $_ ne '..'){ - my $gpg_form_fn = "./l/$_"; - unlink untaint_cgi_filename($gpg_form_fn) or die "$!"; - $notif_suppression=qq{$text_strings{link_del_ok}}; + my $linkfile_fn = "./l/$_"; + unlink untaint_cgi_filename($linkfile_fn) or die "$!"; + $deletion_notif=qq{$text_strings{link_del_ok}}; } } closedir $link_dir_handle; } if (defined $cgi_query_get->param('mail')){ - my $non_gpguser = scalar $cgi_query_get->param('mail'); + my $link_asker = scalar $cgi_query_get->param('mail'); - if ( Email::Valid->address($non_gpguser) ){ - $notif_mail_valide = qq{$text_strings{addr} $non_gpguser $text_strings{addr_ok}}; - my $escaped_non_gpguser = escape_arobase($non_gpguser); + if ( Email::Valid->address($link_asker) ){ + $mailisok_notif = qq{$text_strings{addr} $link_asker $text_strings{addr_ok}}; + my $escaped_link_asker = escape_arobase($link_asker); my $str_rand_obj = String::Random->new; my $random_fn = $str_rand_obj->randregex('\w{64}'); - my $GENERATED_FORM_FILENAME = "$random_fn.cgi"; - my $MAILFORM_LINK = "http://$SRV_NAME/cgi-bin/l/$GENERATED_FORM_FILENAME"; - my $MAILFORM_RELPATH = "./l/$GENERATED_FORM_FILENAME"; - if (open my $gpg_form_fh, ">", $MAILFORM_RELPATH){ - print $gpg_form_fh '#! /usr/bin/perl -wT',"\n\n", - ' my $non_gpguser = q{'. $non_gpguser .'};', "\n", - 'delete @ENV{qw(IFS PATH CDPATH BASH_ENV)};', "\n", - '$ENV{\'PATH\'}="/usr/bin";', "\n", - 'use warnings;', "\n", - 'use strict;',"\n", - 'use GPG;',"\n", - '#use CGI::Carp qw(fatalsToBrowser);', "\n", - 'use CGI qw(param);', "\n", - 'my $cgi_query_get = CGI->new;', "\n", - 'my ($msg_form, $enc_msg, $error_processing_msg,$msg_form_char_limit) = undef;', "\n", - '$msg_form_char_limit = '. $msg_form_char_limit . ' ;', "\n", - '$msg_form = $cgi_query_get->param(\'msg\');', "\n", - 'my $length_msg_form = length $msg_form;', "\n", - - 'if (defined $length_msg_form and $length_msg_form > $msg_form_char_limit){', "\n", - ' $error_processing_msg = q{'. $text_strings{msg_too_long} .'.};', "\n", - '} elsif (defined $length_msg_form and $length_msg_form eq 0 ){', "\n", - ' $error_processing_msg = q{'. $text_strings{msg_empty} . '.};', "\n", - '} else {', "\n", - ' if (defined $length_msg_form and $ENV{\'REQUEST_METHOD\'} eq \'POST\'){',"\n", - ' $msg_form =~ tr/\r//d;', "\n", - ' my $gpg = new GPG(gnupg_path => "/usr/bin", homedir => "/usr/share/www-data/.gnupg/");', "\n", - ' $enc_msg = $gpg->encrypt("De la part de " . $non_gpguser . ":\n". $msg_form, \''. $mymail_gpgid .'\') or die $gpg->error();', "\n"; - if ($HAS_MAILSERVER){ - undef $mymailaddr_escaped; - print $gpg_form_fh "\n", - ' use Mail::Sendmail;', "\n", - ' my %mail = ( To => \''.$mymailaddr.'\', ', "\n", - ' From => \''.$mymailaddr.'\', ', "\n", - ' Subject => \'Gpigeon\', ', "\n", - ' Message => "$enc_msg\n" ', "\n", - ' );', "\n", - ' sendmail(%mail) or die $Mail::Sendmail::error;', "\n"; - } - else { - print $gpg_form_fh "\n", - ' use Net::SMTP;',"\n", - ' use Net::SMTPS;',"\n", - ' my $smtp = Net::SMTPS->new(\''. $mymail_smtp .'\', Port => \''. $mymail_smtport .'\', doSSL => \'ssl\', Debug_SSL => 0);', "\n", - ' $smtp->auth(\''. $mymailaddr .'\', \''. $mymailaddr_pw .'\') or die;', "\n", - ' $smtp->mail(\''. $mymailaddr .'\') or die "Net::SMTP module has broke: $!.";', "\n", - ' if ($smtp->to(\''. $mymailaddr .'\')){', "\n", - ' $smtp->data();', "\n", - ' $smtp->datasend("To: '. $mymailaddr_escaped .'\n");', "\n", - ' $smtp->datasend("\n");', "\n", - ' $smtp->datasend("$enc_msg\n");', "\n", - ' $smtp->dataend();', "\n", - ' }', "\n", - ' else {', "\n", - ' die $smtp->message();', "\n", - ' }', "\n"; - } - print $gpg_form_fh "\n", - ' unlink "../' . $MAILFORM_RELPATH . '";', "\n", - ' print "Location: /merci/index.html\n\n";', "\n", - ' }', "\n", - '}', "\n", - 'print "Content-type: text/html", "\n\n";', "\n", - 'print q{', "\n", - '', "\n", - ' ', "\n", - ' ', "\n", - ' ', - ' ',"\n",'',"\n", - ' Formulaire d\'envoi de message GPG',"\n", - ' ', "\n", - ' ', "\n", - '

'. $text_strings[7] . '' . $non_gpguser .' :

', "\n", - '
', "\n", - '
', - '};', "\n", - 'if (defined $error_processing_msg){printf $error_processing_msg;}', "\n", - 'printf qq{
- ', "\n", - '
', "\n", - ' ', "\n", - ' };'; - close $gpg_form_fh; - chmod(0755,$MAILFORM_RELPATH); - $notif_de_creation=qq{$text_strings{link_generated_ok} $non_gpguser:
$MAILFORM_LINK}; } - else{ - close $gpg_form_fh and die "Can't open $MAILFORM_RELPATH: $!"; - } + my $HREF_LINK = "https://$HOSTNAME/cgi-bin/l/$GENERATED_FORM_FILENAME"; + my $LINK_FILENAME = "./l/$GENERATED_FORM_FILENAME"; + + open my $in, '<', $LINK_TEMPLATE_PATH or die "Can't read link template file: $!"; + open my $out, '>', $LINK_FILENAME or die "Can't write to link file: $!"; + while( <$in> ) { + s/{link_user}/{$link_asker}/g; + s/{link_filename}/{$LINK_FILENAME}/g; + s/{msg_too_long}/$text_strings{msg_too_long}/g; + s/{msg_empty}/$text_strings{msg_empty}/g; + s/{msg_form_char_limit}/$msg_form_char_limit/g; + s/{link_send_btn}/$text_strings{link_send_btn}/g; + print $out $_; + } + close $in or die; + chmod(0755,$LINK_FILENAME) or die; + close $out or die; + + $linkgen_notif = qq{$text_strings{link_generated_ok} $link_asker:
$HREF_LINK}; } else{ - $notif_mail_valide = qq{$text_strings{addr} $non_gpguser $text_strings{addr_nok}.}; + $mailisok_notif = qq{$text_strings{addr} $link_asker $text_strings{addr_nok}.}; } } - - opendir my $link_dir_handle, './l' or die "Can't open ./l: $!"; + + opendir my $link_dir_handle, './l' or die "Can't open ./l: $!"; while (readdir $link_dir_handle) { if ($_ ne '.' and $_ ne '..'){ - my $gpg_form_fn = $_; - my $non_gpguser = undef; - if (open my $gpg_form_handle , '<', "./l/$gpg_form_fn"){ - - for (1..3){ - $non_gpguser = readline $gpg_form_handle; - $non_gpguser =~ s/q\{(.*?)\}//i; - $non_gpguser = $1; + my $linkfile_fn = $_; + my $link_asker = undef; + if (open my $linkfile_handle , '<', "./l/$linkfile_fn"){ + for (1..2){ + $link_asker = readline $linkfile_handle; + $link_asker =~ s/q\{(.*?)\}//i; + $link_asker = $1; } - close $gpg_form_handle; + close $linkfile_handle; - if (not defined $non_gpguser){ - $non_gpguser = $text_strings{unknown}; + if (not defined $link_asker){ + $link_asker = $text_strings{unknown}; } - #create links table html push @created_links, qq{ - ici - $non_gpguser + ici + $link_asker
- - + +
@@ -252,21 +163,21 @@ if (argon2id_verify($PASSWD_HASH,$PASSWD)){ } else { - close $gpg_form_handle; - die 'Content-type: text/plain', "\n\n", "Error: Can't open $gpg_form_fn: $!"; + close $linkfile_handle; + die 'Content-type: text/plain', "\n\n", "Error: Can't open $linkfile_fn: $!"; } } } closedir $link_dir_handle; - print $HTML_CONTENT_TYPE_HEADER,"\n\n", + print 'Content-type: text/html',"\n\n", qq{ - - - + + + $text_strings{web_title} @@ -276,27 +187,27 @@ if (argon2id_verify($PASSWD_HASH,$PASSWD)){
- $psswd_formfield + $hidden_pwfield

- $psswd_formfield + $hidden_pwfield Mail de la personne:
}, - notif_if_defined($notif_mail_valide), + notif_if_defined($mailisok_notif), '
' - notif_if_defined($notif_de_creation), + notif_if_defined($linkgen_notif), qq{
- $psswd_formfield + $hidden_pwfield
}, - notif_if_defined($notif_suppression), + notif_if_defined($deletion_notif), qq{ diff --git a/gpigeon.css b/gpigeon.css deleted file mode 100644 index 2739deb..0000000 --- a/gpigeon.css +++ /dev/null @@ -1,35 +0,0 @@ -html{ - background-color:skyblue -} - -th{ - padding:10px; - font-size:110%; -} - -td{ - text-align:center; - padding: 5px ; -} - -input{ - padding:10px; - margin:5px; - margin-top:10px; -} - -table{ - margin-top:10px; - border: 1px solid black; -} - -th,tr,td{ - border:1px solid black; -} - -body{ - font-family:sans-serif; - width:80%; - margin:auto; - font-size:12pt; -} diff --git a/link-tmpl.cgi b/link-tmpl.cgi new file mode 100644 index 0000000..b0761a2 --- /dev/null +++ b/link-tmpl.cgi @@ -0,0 +1,104 @@ +#! /usr/bin/perl -wT +my $linkuser = q{link_user}; +my $linkfilename = q{link_filename}; + +use warnings; +use strict; +use GPG; +use CGI qw(param); + +$ENV{'PATH'}="/usr/bin"; +delete @ENV{qw(IFS PATH CDPATH BASH_ENV)}; + +sub escape_arobase { + my $escapedmailaddress = shift; + $escapedmailaddress =~ s/@/\\@/; + return $escapedmailaddress; +} + +my $HAS_MAILSERVER = 0; +my $mymailaddr = q{your mail address goes here}; +my $mymail_gpgid = q{your gpg id in the 0xlong form goes here}; #0xlong keyid form +my $mailsender = q{mail address sending encrypted text goes here. recommended to be different from $mymailaddr}; +my $mailsender_smtp = q{your SMTP mail domain name goes here}; +my $mailsender_port = q{your SMTP port goes here}; +my $mailsender_pw = q{password for $mailsender address goes here}; +my $GPG_HOMEDIR = '/usr/share/webapps/gpigeon/gnupg/'; +my $cgi_query_get = CGI->new; +my $msg_form = $cgi_query_get->param('msg'); +my $length_msg_form = length $msg_form; +my ($enc_msg, $error_processing_msg) = undef; + +if (defined $length_msg_form and $length_msg_form > {msg_form_char_limit}){ + $error_processing_msg = q{{msg_too_long}}; +} +elsif (defined $length_msg_form and $length_msg_form eq 0 ){ + $error_processing_msg = q{{msg_empty}}; +} +else { + if (defined $length_msg_form and $ENV{REQUEST_METHOD} eq 'POST'){ + $msg_form =~ tr/\r//d; + my $gpg = new GPG(gnupg_path => "/usr/bin", homedir => $GPG_HOMEDIR); + $enc_msg = $gpg->encrypt("$linkuser:\n\n$msg_form", $mymail_gpgid) or die $gpg->error(); + + if ($HAS_MAILSERVER){ + undef $mymailaddr_escaped; + use Mail::Sendmail; + my %mail = ( To => "$mymailaddr" + From => "$mailsender" + Subject => '.' + Message => "$enc_msg\n" + ); + sendmail(%mail) or die $Mail::Sendmail::error; + } + else { + use Net::SMTP; + use Net::SMTPS; + my $smtp = Net::SMTPS->new($mailsender_smtp, Port => $mailsender_port, doSSL => 'ssl', Debug_SSL => 0); + my $mymailaddr_escaped = escape_arobase{$mymailaddr}; + my $mailsender_escaped = escape_arobase($mailsender); + + $smtp->auth($mailsender, $mailsender_pw) or die; + $smtp->mail($mailsender) or die "Net::SMTP module has broke: $!."; + if ($smtp->to($mymailaddr)){ + $smtp->data(); + $smtp->datasend("From: $mailsender_escaped\n"); + $smtp->datasend("To: $mymailaddr_escaped\n"); + $smtp->datasend("Subject: .\n"); + $smtp->datasend("\n"); + $smtp->datasend("$enc_msg\n"); + $smtp->dataend(); + } + else { + die $smtp->message(); + } + + unlink "../l/$linkfilename"; + print "Location: /merci/index.html\n\n"; + } + } +} +print "Content-type: text/html", "\n\n"; +print qq{ + + + + + + + Formulaire d'envoi de message GPG + + +

type_msg_below:

+ +
+}; +if (defined $error_processing_msg){ + printf $error_processing_msg; +} +printf q{ +
+ + + + }; diff --git a/styles.css b/styles.css new file mode 100644 index 0000000..2739deb --- /dev/null +++ b/styles.css @@ -0,0 +1,35 @@ +html{ + background-color:skyblue +} + +th{ + padding:10px; + font-size:110%; +} + +td{ + text-align:center; + padding: 5px ; +} + +input{ + padding:10px; + margin:5px; + margin-top:10px; +} + +table{ + margin-top:10px; + border: 1px solid black; +} + +th,tr,td{ + border:1px solid black; +} + +body{ + font-family:sans-serif; + width:80%; + margin:auto; + font-size:12pt; +} -- cgit v1.2.3-70-g09d2
$text_strings{theader_link}