update signup.php to work with userqueue changes to help race condition

2023-08-25 07:02:30 +00:00
7 changed files with 67 additions and 46 deletions
--- a/articles/main.md
+++ b/articles/main.md
@ -8,7 +8,11 @@ We're so glad you could drop by and we hope you enjoy your visit. Stay a while!
 The Thunix project provide Secure Shell (SSH) accounts, Web Hosting, Email Accounts, and many other UNIX-like services. But, most of all, we are a community of users. It was founded by hexhaxtron in the Summer of 2017, and was continued by [ubergeek](/~ubergeek) since 2018 however in 2023 [deepend](/~deepend) has since taken the role. We aim to provide the best service possible with a wide variety of features, and we hope you have fun with it!


-Join us on IRC on irc.newnet.net/6697 in the #thunix channel, or just click here for a web client: [![#thunix channel](https://stats.newnet.net/badges/badge.php?channel=%23thunix)](https://tilde.chat/kiwi/#thunix)
+## Project Phoenix
+
+The thunix Phoenix project aims to provide a new user experience for shell users, with integration into the wider Tildeverse network.
+
+Join us on IRC on irc.tilde.chat/6697 in the #thunix channel, or just click here for a web client: [![#thunix channel](https://tilde.chat/badges/badge.php?channel=%23thunix)](https://tilde.chat/kiwi/#thunix)

 If you want to sign up for an account, simply open our [signup form](/signup) and provide us with:

--- a/articles/server.md
+++ b/articles/server.md
@ -14,10 +14,10 @@ Thunix offers webmail at [https://thunix.net/webmail](/webmail). You can also co

 ## SSH Fingerprints

-256 SHA256:iuqEWXCqUNihqO7o4xLrJ05M+te09i3P+WrHZsjUdZY thunix.net (ECDSA)  
-3072 SHA256:7gZXCqNUYBfrTQ8wYmLrD6rVc5zL5nYf2l5t8ZrLIBU thunix.net (RSA)  
-256 SHA256:d+J8u5pmQ8sR1BM8/EpUiNAlL9by371utl1ncNgFG6A thunix.net (ED25519)  
- 
+256 SHA256:iuqEWXCqUNihqO7o4xLrJ05M+te09i3P+WrHZsjUdZY root@thunix (ECDSA)  
+256 SHA256:d+J8u5pmQ8sR1BM8/EpUiNAlL9by371utl1ncNgFG6A root@thunix (ED25519)  
+3072 SHA256:7gZXCqNUYBfrTQ8wYmLrD6rVc5zL5nYf2l5t8ZrLIBU root@thunix (RSA)  
+
 ## Onion Service

 Thunix's websites are available as a onion site as well. (SSH access is currently not available over Tor)
@ -29,10 +29,10 @@ BZFlag runs on the standard port. If you have a specific map you want loaded, se

 ## IRC Chat

-Thunix is part of the Newnet IRC network. You can access chat via the terminal, with the 'chat' command, via your favorite email client at irc.newnet.net/6697, or via a web chat interface located [![#thunix channel](https://stats.newnet.net/badges/badge.php?channel=%23thunix)](https://web.newnet.net/?join=thunix). 
+Thunix is part of the tilde.chat network. You can access chat via the terminal, with the 'chat' command, via your favorite email client at irc.tilde.chat/6697, or via a web chat interface located [![#thunix channel](https://tilde.chat/badges/badge.php?channel=%23thunix)](https://web.tilde.chat/?join=thunix). 


-## FOSS Project Mirrors 
+## FOSS Project Mirrors (Offline)

 Thunix hosts mirrors for several FOSS projects. You can see the full mirror list in the sidebar link.

@ -42,4 +42,8 @@ Collaborative creation, modification and management of digital content.
 - LAMP (Apache HTTP server, MySQL database and PHP scripting language) is an open source software stack on Linux environment, available to host a variety of web sites, content management systems and applications.
 - Django web development framework.

+## Tildenet Client VPN (Offline)
+
+Thunix allows users to connect into [tildenet](https://intranet.tildeverse.org), via [Wireguard](https://www.wireguard.com/).  If you're interested in accessing Tildenet, send an email to [root](mailto:root@thunix.net), requesting a wireguard client VPN, or ask in IRC.
+
 <!-- Begin autogen content from /includes/server.php -->
--- a/githook.php
+++ b/githook.php
@ -16,6 +16,8 @@

 /* security */
 $access_token     = "secret";
+$ansible_lastrun  = '/dev/shm/ansible-hook-last-run';
+$ansible_dropfile = '/dev/shm/run-ansible';
 $www_lastrun      = '/dev/shm/www-hook-last-run';
 $www_dropfile     = '/dev/shm/run-www';
 $gopher_lastrun   = '/dev/shm/gopher-hook-last-run';
@ -49,6 +51,24 @@ if ( strcmp($remoteip, $allowedip) !== 0 )
 	exit(0);
 }

+// Hook for ansible here
+if ($data["repository"]["full_name"] == 'thunix/ansible') {
+	syslog(LOG_INFO, 'Ansible Webhook recieved.');
+	// We limit runs to once per 5 minutes, so they don't try
+	// overlapping.  Systemd shouldn't allow it, but we'll check
+	// anyways
+	if ( time () - filemtime ( $ansible_lastrun ) > $ratelimit ) {
+		touch ( $ansible_dropfile );
+		touch ( $ansible_lastrun );
+		echo "HTTP 200 - Ansible webhook recieved.\n";
+		}
+	else {
+		http_response_code(429);
+		echo "HTTP 429 - Rate Limited.\n";
+		exit(0);
+		}
+}
+
 // Hook for www repo here.  Same rules apply, as above, for www.  We
 // could probably make it able to run more frequently.  Backend job is
 // just a git pull, and is quick.
--- a/humans.txt
+++ b/humans.txt
@ -1,16 +1,15 @@
    /* TEAM */
-    Your title: deepend, naglfar
+    Your title: ubergeek, naglfar, fosslinux
    Site: https://thunix.net, root@thunix.net 
-    Location: Quebec, Canada
+    Location: Frankfurt, Germany
    							
    /* THANKS */
-    Name: deepend     https://thunix.net/~deepend
-          ubergeek    https://thunix.net/~ubergeek
+    Name: ubergeek    https://thunix.net/~ubergeek
          naglfar     https://thunix.net/~naglfar
 					fosslinux		https://thunix.net/~fosslinux
                                
    /* SITE */
-    Last update: 2023/12/26 
+    Last update: 2019/10/31 
    Standards: HTML5
    Components: Apache2, Git, and PHP, Parsedown, Parsedown Extra
    Software: vim, geany, ansible, wiki.php 
--- a/includes/footer.md
+++ b/includes/footer.md
@ -2,4 +2,6 @@ All content is licensed as [CC BY-SA 4.0 license](https://creativecommons.org/li

 All questions, comments, and concerns about this site should be sent to [the administration team](/contact).

-Created with valid [HTML](https://validator.w3.org/check?uri=referer) and [CSS](https://jigsaw.w3.org/css-validator/check/referer) code.
+Created with valid [HTML](https://validator.w3.org/check?uri=referer) and [CSS](https://jigsaw.w3.org/css-validator/check/referer) code.
+
+Services and hosting sponsored by [WNY Technology Collaborative](https://wnytechcollab.com).
--- a/includes/sidebar.md
+++ b/includes/sidebar.md
@ -26,5 +26,6 @@
 -   Server Staff
    ------------

-    -   [deepend](/~deepend/)
-    -   [Naglfar](/~naglfar/)
+    -   [Ubergeek](/~ubergeek/)
+    -   [Naglfar](/~naglfar/)
+    -   [fosslinux](/~fosslinux/)
--- a/includes/signup.php
+++ b/includes/signup.php
@ -9,13 +9,10 @@ $interest         = $_GET['interest'];
 $pubkey           = $_GET['pubkey'];
 $tv               = $_GET['tv'];

-// username passed lowercased
 $username = strtolower($username);
-
-// strip new line characters from the end
 $pubkey = trim($pubkey);

-$from 		  = 'From: www-data <www-data@thunix.net>';
+$from             = 'From: www-data <www-data@thunix.net>';
 $destination_addr = "newuser@thunix.net";
 $subject          = "New User Registration";
 $mailbody         = "A new user has tried to register.
@ -25,39 +22,33 @@ Email Address:  $email
 Interest:       $interest
 Pubkey:         $pubkey";

-// In the future, here, we *should* be able to build a process that 
-// somehow auto-verifies the user, and instead of email, it'll kick off the new user process here
-
 $user_queue       = '/dev/shm/userqueue';
+$user_file        = $user_queue . '/' . $username;

-// Spam attempt
 $success = 'success1';
-if ( $tv == "tildeverse" )
-{
-  // Success!
-  $success = 'success2';
-  
-// Check if username already taken
-if (posix_getpwnam($username)) {
-    $success = 'success3';
-}
+if ($tv == "tildeverse") {
+    $success = 'success2';

-// Simple SSH public key format check
-$valid_key_starts = ['ssh-rsa', 'ssh-dss', 'ecdsa-sha2', 'ssh-ed25519'];
-$key_parts = explode(' ', $pubkey, 3);
-if (!in_array($key_parts[0], $valid_key_starts) || count($key_parts) < 2) {
-    $success = 'success4';
-}
+    // Check if username already taken
+    exec("id $username 2>&1", $null, $retval);
+    if ($retval == 0)
+        $success = 'success3';

-if ($success == "success2") {
-    mail($destination_addr, $subject, $mailbody, $from);
-    $fp = fopen($user_queue, 'a');
-    fwrite($fp, "'$username','$email','$pubkey'\n");
-    fclose($fp);
-}
+    // Check SSH public key format:
+    exec("echo $pubkey | ssh-keygen -l -f - 2>&1", $null, $retval);
+    if ($retval != 0)
+        $success = 'success4';
+
+    if ($success == "success2") {
+        mail($destination_addr, $subject, $mailbody, $from);
+
+        // Use a file for each username to avoid race conditions
+        $fp = fopen($user_file, 'w');
+        fwrite($fp, "'$username','$email','$pubkey'\n");
+        fclose($fp);
+    }
 }

 header("Location: $site_root/?page=$success");
 die();
-
-?>
+?>