diff --git a/README.md b/README.md index 812a9ac..9bb1e8e 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,45 @@ Note: Kritbit originally had 3 purposes - one of them being running commands rem Kritbit is designed to be simple and flexible. It makes no assumptions about your security and only provides minimal security procedures. I am not a crypto expert - but I make tools that work. So while I cannot guarantee that big brother won't be able to decrypt messages from external services - it should be good enough for most implementations. So please, if you find that the crypto security is less than perfect I accept patches of any size, creed, or color. The encryption technology used isn't meant to prevent a guy with a Beowulf cluster from cracking your message - but rather preventing some script kiddie with Firesheep from seeing what you are doing. +# Authentication/Authorization + +Each user logs in using OAuth (see below for setup) and can only edit jobs that they have created (there are no groups or way of "granting" permission). A job history can have a flag to allow anonymous users to view the history. However, kritbit does not censor the output so be careful allowing people to view history of jobs that may contain sensitive information. + +# Install + +1. Copy web/application/config.dist.php to web/application/config.php +2. Edit values for your environment[1] +3. Run `php migrations.php run` to setup your database +4. Run `php kritbit.php all-clear` to remove all sample data populated from the migrations +5. Run `php kritbit.php adduser you@gmail.com` to add yourself as an authorized user +6. Navigate to http://example.com/kritbit and you should be prompted to login with Google + +[1] - Kritbit is designed to authenticate through Google OAuth. Since Kritbit uses an OAuth library you can really use any OAuth provider such as Facebook (which is included). + +You must remember to change the REDIRECT_URI in config.php. If you don't want to use OAuth for login but want local users or Apache basic auth - all you have to do is modify login.php to read the user from those sources (which should be pretty simple as the login code there is very simple). + +To get OAuth keys needed for Google Auth you need to create a project on [Google's Developers Dashboard](https://console.developers.google.com/), which is free. + +kritbit can run on SQLite - however if you are going to deal with any volume you should use MySQL/MaraiaDB (other databases can be used - but you will need to modify some code). + +To use MySQL/MaraiaDB specify in config.php (MariaDB is a drop-in replacement for MySQL so it doesn't matter if you specify MySQL): + + $config["DATABASE_TYPE"] = "MySQL"; + $config['MYSQL_DBNAME'] = "dbname"; + $config['MYSQL_HOST'] = "localhost"; + $config['MYSQL_USER'] = "user"; + $config['MYSQL_PASS'] = "pass"; + +# Long-term TODO + +- Provide a way to offer more customization for viewing job information. Right now it's very generic - but it might be useful to be able to parse output and present custom columns or other data. +- Permission matrix allowing people to grant fine permissions to jobs and job history + + +# Patches + +Patches are welcome of any kind. But please do note that your code will be integrated into the project under the MIT license. Mention to your contribution may not appear in the code or file. But we can certainly make mention on the README describing your contribution. + # Attributions Kritbit uses the following projects @@ -33,5 +72,6 @@ Kritbit uses the following projects - [jQuery confirm](http://craftpip.github.io/jquery-confirm/) - [bootstrap fullscreen](http://craftpip.github.io/bootstrap-fullscreen-select/) - [dynatable](http://www.dynatable.com/) +- [is_cli](http://stackoverflow.com/a/25967493/195722) Made with <3 by Nathan Adams \ No newline at end of file diff --git a/web/application/config.dist.php b/web/application/config.dist.php index 788bb24..3d4ba6f 100644 --- a/web/application/config.dist.php +++ b/web/application/config.dist.php @@ -8,4 +8,8 @@ $config["DATABASE_FILE"] = "kritbot.sqlite3"; $config["GOOGLE_OAUTH_ID"] = ""; $config["GOOGLE_OAUTH_SECRET"] = ""; +$config["ACCEPTED_IPS"] = ["127.0.0.1", "::1"]; + +$config["REDIRECT_URI"] = ""; + return $config; \ No newline at end of file diff --git a/web/application/controllers/login.php b/web/application/controllers/login.php index 5a85cd9..615ace8 100644 --- a/web/application/controllers/login.php +++ b/web/application/controllers/login.php @@ -15,7 +15,7 @@ class login extends base { $authProvider = new GoogleAuthProvider($_GET, [ "client_id" => $this->config["GOOGLE_OAUTH_ID"], "client_secret" => $this->config["GOOGLE_OAUTH_SECRET"], - "redirect_uri" => "http://localhost:8080/login" + "redirect_uri" => $this->config["REDIRECT_URI"] ]); $oauth = new OAuth($authProvider, $_GET); diff --git a/web/kritbit.php b/web/kritbit.php new file mode 100644 index 0000000..f9ad2a6 --- /dev/null +++ b/web/kritbit.php @@ -0,0 +1,34 @@ +setupDatabaseConnection(); + +if (count($argv) == 1) { + echo "Possible commands are all-clear or adduser"; + exit(0); +} + +switch ($argv[1]) { + case "all-clear": + \vendor\DB\DB::query("DELETE FROM histories"); + \vendor\DB\DB::query("DELETE FROM users"); + \vendor\DB\DB::query("DELETE FROM sessions"); + \vendor\DB\DB::query("DELETE FROM jobs"); + break; + case "adduser": + $user = $argv[2]; + \vendor\DB\DB::query("INSERT INTO users VALUES (null, ?)", [$user]); + break; +} diff --git a/web/migrations.php b/web/migrations.php index 92985f2..ac9ef3d 100644 --- a/web/migrations.php +++ b/web/migrations.php @@ -1,5 +1,7 @@ runMigrations(); \ No newline at end of file diff --git a/web/system/engine/HF_Core.php b/web/system/engine/HF_Core.php index ece75e0..0b78a07 100644 --- a/web/system/engine/HF_Core.php +++ b/web/system/engine/HF_Core.php @@ -283,27 +283,30 @@ class HF_Core } } - public function runMigrations() { - global $argv; + public function setupDatabaseConnection() { switch($this->config["DATABASE_TYPE"]) { case "SQLITE": DB::$c = new \PDO("sqlite:" . $this->config["DATABASE_FILE"]); break; case "MySQL": - DB::$c = new \PDO( - "mysql:dbname={$this->config['MYSQL_DBNAME']};host={$this->config['MYSQL_HOST']}", - $this->config['MYSQL_USER'], - $this->config['MYSQL_PASS'], - array( - \PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8", - \PDO::ATTR_DEFAULT_FETCH_MODE => \PDO::FETCH_OBJ, - \PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION - ) - ); + DB::$c = new \PDO( + "mysql:dbname={$this->config['MYSQL_DBNAME']};host={$this->config['MYSQL_HOST']}", + $this->config['MYSQL_USER'], + $this->config['MYSQL_PASS'], + array( + \PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8", + \PDO::ATTR_DEFAULT_FETCH_MODE => \PDO::FETCH_OBJ, + \PDO::ATTR_ERRMODE => \PDO::ERRMODE_EXCEPTION + ) + ); break; } - DB::$c->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION); + DB::$c->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION); + } + public function runMigrations() { + global $argv; + $this->setupDatabaseConnection(); DB::query("CREATE TABLE IF NOT EXISTS migrations ( id INTEGER PRIMARY KEY AUTOINCREMENT, migration INTEGER, diff --git a/web/system/vendor/is_cli.php b/web/system/vendor/is_cli.php new file mode 100644 index 0000000..abb9488 --- /dev/null +++ b/web/system/vendor/is_cli.php @@ -0,0 +1,17 @@ + 0) + { + return true; + } + + return false; +} \ No newline at end of file