[Web] Separate Login pages

2025-12-29 09:41:32 +00:00 · 2025-01-27 15:59:50 +01:00
parent 1e70a20188
commit aca01c8aa2
29 changed files with 798 additions and 338 deletions
--- a/data/web/admin/dashboard.php
+++ b/data/web/admin/dashboard.php
@@ -0,0 +1,93 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.admin.inc.php';
+
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
+  header('Location: /domainadmin/mailbox');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
+  header('Location: /user');
+  exit();
+}
+elseif (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != "admin") {
+  header('Location: /admin');
+  exit();
+}
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
+$_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
+$solr_status = (preg_match("/^([yY][eE][sS]|[yY])+$/", $_ENV["SKIP_SOLR"])) ? false : solr_status();
+$clamd_status = (preg_match("/^([yY][eE][sS]|[yY])+$/", $_ENV["SKIP_CLAMD"])) ? false : true;
+
+
+if (!isset($_SESSION['gal']) && $license_cache = $redis->Get('LICENSE_STATUS_CACHE')) {
+  $_SESSION['gal'] = json_decode($license_cache, true);
+}
+
+$js_minifier->add('/web/js/site/dashboard.js');
+
+// vmail df
+$exec_fields = array('cmd' => 'system', 'task' => 'df', 'dir' => '/var/vmail');
+$vmail_df = explode(',', (string)json_decode(docker('post', 'dovecot-mailcow', 'exec', $exec_fields), true));
+
+// containers
+$containers_info = (array) docker('info');
+if ($clamd_status === false) unset($containers_info['clamd-mailcow']);
+if ($solr_status === false) unset($containers_info['solr-mailcow']);
+ksort($containers_info);
+$containers = array();
+foreach ($containers_info as $container => $container_info) {
+  if (!isset($container_info['State']) || !is_array($container_info['State']) || !isset($container_info['State']['StartedAt'])){
+    continue;
+  }
+  date_default_timezone_set('UTC');
+  $StartedAt = date_parse($container_info['State']['StartedAt']);
+  if ($StartedAt['hour'] !== false) {
+    $date = new \DateTime();
+    $date->setTimestamp(mktime(
+      $StartedAt['hour'],
+      $StartedAt['minute'],
+      $StartedAt['second'],
+      $StartedAt['month'],
+      $StartedAt['day'],
+      $StartedAt['year']));
+    try {
+      $user_tz = new DateTimeZone(getenv('TZ'));
+      $date->setTimezone($user_tz);
+      $container_info['State']['StartedAtHR'] = $date->format('r');
+    } catch(Exception $e) {
+      $container_info['State']['StartedAtHR'] = '?';
+    }
+  }
+  else {
+    $container_info['State']['StartedAtHR'] = '?';
+  }
+  $containers[$container] = $container_info;
+}
+
+// get mailcow data
+$hostname = getenv('MAILCOW_HOSTNAME');
+$timezone = getenv('TZ');
+
+$template = 'dashboard.twig';
+$template_data = [
+  'log_lines' => getenv('LOG_LINES'),
+  'vmail_df' => $vmail_df,
+  'hostname' => $hostname,
+  'timezone' => $timezone,
+  'gal' => @$_SESSION['gal'],
+  'license_guid' => license('guid'),
+  'solr_status' => $solr_status,
+  'solr_uptime' => round($solr_status['status']['dovecot-fts']['uptime'] / 1000 / 60 / 60),
+  'clamd_status' => $clamd_status,
+  'containers' => $containers,
+  'ip_check' => customize('get', 'ip_check'),
+  'lang_admin' => json_encode($lang['admin']),
+  'lang_debug' => json_encode($lang['debug']),
+  'lang_datatables' => json_encode($lang['datatables']),
+];
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
+
+
--- a/data/web/admin/index.php
+++ b/data/web/admin/index.php
@@ -0,0 +1,29 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.admin.inc.php';
+
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'admin') {
+  header('Location: /admin/dashboard');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
+  header('Location: /domainadmin/mailbox');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
+  header('Location: /user');
+  exit();
+}
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
+$_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
+$_SESSION['index_query_string'] = $_SERVER['QUERY_STRING'];
+
+
+$template = 'admin_index.twig';
+$template_data = [
+  'login_delay' => @$_SESSION['ldelay']
+];
+
+$js_minifier->add('/web/js/site/index.js');
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
--- a/data/web/admin/mailbox.php
+++ b/data/web/admin/mailbox.php
@@ -0,0 +1,58 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.admin.inc.php';
+
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
+  header('Location: /domainadmin/mailbox');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
+  header('Location: /user');
+  exit();
+}
+elseif (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != "admin") {
+  header('Location: /admin');
+  exit();
+}
+
+require_once $_SERVER['DOCUMENT_ROOT'] .  '/inc/header.inc.php';
+$_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
+
+
+
+$js_minifier->add('/web/js/site/mailbox.js');
+$js_minifier->add('/web/js/presets/sieveMailbox.js');
+$js_minifier->add('/web/js/site/pwgen.js');
+
+$role = "admin";
+$is_dual = (!empty($_SESSION["dual-login"]["username"])) ? 'true' : 'false';
+$allow_admin_email_login = (preg_match("/^([yY][eE][sS]|[yY])+$/", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN"])) ? 'true' : 'false';
+
+// domains
+$domains = mailbox('get', 'domains');
+
+// mailboxes
+$mailboxes = [];
+foreach ($domains as $domain) {
+  foreach (mailbox('get', 'mailboxes', $domain) as $mailbox) {
+    $mailboxes[] = $mailbox;
+  }
+}
+
+$template = 'mailbox.twig';
+$template_data = [
+  'acl' => $_SESSION['acl'],
+  'acl_json' => json_encode($_SESSION['acl']),
+  'role' => $role,
+  'is_dual' => $is_dual,
+  'allow_admin_email_login' => $allow_admin_email_login,
+  'global_filters' => mailbox('get', 'global_filter_details'),
+  'domains' => $domains,
+  'mailboxes' => $mailboxes,
+  'lang_mailbox' => json_encode($lang['mailbox']),
+  'lang_rl' => json_encode($lang['ratelimit']),
+  'lang_edit' => json_encode($lang['edit']),
+  'lang_datatables' => json_encode($lang['datatables']),
+];
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
--- a/data/web/admin/queue.php
+++ b/data/web/admin/queue.php
@@ -0,0 +1,35 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.admin.inc.php';
+
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
+  header('Location: /domainadmin/mailbox');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
+  header('Location: /user');
+  exit();
+}
+elseif (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != "admin") {
+  header('Location: /admin');
+  exit();
+}
+
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
+$js_minifier->add('/web/js/site/queue.js');
+$_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
+
+$role = "admin";
+
+$template = 'queue.twig';
+$template_data = [
+  'acl' => $_SESSION['acl'],
+  'acl_json' => json_encode($_SESSION['acl']),
+  'role' => $role,
+  'lang_admin' => json_encode($lang['admin']),
+  'lang_queue' => json_encode($lang['queue']),
+  'lang_datatables' => json_encode($lang['datatables'])
+];
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';
--- a/data/web/admin/system.php
+++ b/data/web/admin/system.php
@@ -0,0 +1,138 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.admin.inc.php';
+
+if (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'domainadmin') {
+  header('Location: /domainadmin/mailbox');
+  exit();
+}
+elseif (isset($_SESSION['mailcow_cc_role']) && $_SESSION['mailcow_cc_role'] == 'user') {
+  header('Location: /user');
+  exit();
+}
+elseif (!isset($_SESSION['mailcow_cc_role']) || $_SESSION['mailcow_cc_role'] != "admin") {
+  header('Location: /admin');
+  exit();
+}
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/header.inc.php';
+$_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
+$tfa_data = get_tfa();
+$fido2_data = fido2(array("action" => "get_friendly_names"));
+
+$js_minifier->add('/web/js/site/admin.js');
+$js_minifier->add('/web/js/presets/rspamd.js');
+$js_minifier->add('/web/js/site/pwgen.js');
+
+// all domains
+$domains = mailbox('get', 'domains');
+$all_domains =  array_merge($domains, mailbox('get', 'alias_domains'));
+
+// mailboxes
+$mailboxes = [];
+foreach ($all_domains as $domain) {
+  foreach (mailbox('get', 'mailboxes', $domain) as $mailbox) {
+    $mailboxes[] = $mailbox;
+  }
+}
+$mailboxes = array_filter($mailboxes);
+
+// DKIM domains
+$dkim_domains = [];
+$dkim_domains_with_keys = [];
+foreach($domains as $domain) {
+  $dkim_domains[$domain] = ['dkim' => null, 'alias_domains' => []];
+  if (!empty($dkim = dkim('details', $domain))) {
+    $dkim_domains_with_keys[] = $domain;
+    if ($GLOBALS['SHOW_DKIM_PRIV_KEYS'] !== true) {
+      $dkim['privkey'] = base64_encode('Please set $SHOW_DKIM_PRIV_KEYS to true to show DKIM private keys.');
+    }
+    $dkim_domains[$domain]['dkim'] = $dkim;
+  }
+
+  // get alias domains
+  foreach (mailbox('get', 'alias_domains', $domain) as $alias_domain) {
+    $dkim_domains[$domain]['alias_domains'][$alias_domain] = ['dkim' => null];
+    if (!empty($dkim = dkim('details', $alias_domain))) {
+      $dkim_domains_with_keys[] = $alias_domain;
+      if ($GLOBALS['SHOW_DKIM_PRIV_KEYS'] !== true) {
+        $dkim['privkey'] = base64_encode('Please set $SHOW_DKIM_PRIV_KEYS to true to show DKIM private keys.');
+      }
+      $dkim_domains[$domain]['alias_domains'][$alias_domain]['dkim'] = $dkim;
+    }
+  }
+}
+$dkim_blind_domains = [];
+foreach(dkim('blind') as $blind) {
+  $dkim_blind_domains[$blind] = ['dkim' => null];
+  if (!empty($dkim = dkim('details', $blind))) {
+    $dkim_domains_with_keys[] = $blind;
+    if ($GLOBALS['SHOW_DKIM_PRIV_KEYS'] !== true) {
+      $dkim['privkey'] = base64_encode('Please set $SHOW_DKIM_PRIV_KEYS to true to show DKIM private keys.');
+    }
+    $dkim_blind_domains[$blind]['dkim'] = $dkim;
+  }
+}
+
+// rsettings
+$rsettings = array_map(function ($rsetting){
+  $rsetting['details'] = rsettings('details', $rsetting['id']);
+  return $rsetting;
+}, rsettings('get'));
+
+// rspamd regex maps
+$rspamd_regex_maps = [];
+foreach ($RSPAMD_MAPS['regex'] as $rspamd_regex_desc => $rspamd_regex_map) {
+  $rspamd_regex_maps[$rspamd_regex_desc] = [
+    'map' => $rspamd_regex_map,
+    'data' => file_get_contents('/rspamd_custom_maps/' . $rspamd_regex_map)
+  ];
+}
+
+// cors settings
+$cors_settings = cors('get');
+$cors_settings['allowed_origins'] = str_replace(", ", "\n", $cors_settings['allowed_origins']);
+$cors_settings['allowed_methods'] = explode(", ", $cors_settings['allowed_methods']);
+
+$f2b_data = fail2ban('get');
+// mbox templates
+$mbox_templates = mailbox('get', 'mailbox_templates');
+
+$template = 'admin.twig';
+$template_data = [
+  'tfa_data' => $tfa_data,
+  'tfa_id' => @$_SESSION['tfa_id'],
+  'fido2_cid' => @$_SESSION['fido2_cid'],
+  'fido2_data' => $fido2_data,
+  'api' => [
+    'ro' => admin_api('ro', 'get'),
+    'rw' => admin_api('rw', 'get'),
+  ],
+  'dkim_domains' => $dkim_domains,
+  'dkim_domains_with_keys' => $dkim_domains_with_keys,
+  'dkim_blind_domains' => $dkim_blind_domains,
+  'domains' => $domains,
+  'all_domains' => $all_domains,
+  'mailboxes' => $mailboxes,
+  'f2b_data' => $f2b_data,
+  'f2b_banlist_url' => getBaseUrl() . "/f2b-banlist?id=" . $f2b_data['banlist_id'],
+  'q_data' => quarantine('settings'),
+  'qn_data' => quota_notification('get'),
+  'pw_reset_data' => reset_password('get_notification'),
+  'rsettings_map' => file_get_contents('http://nginx:8081/settings.php'),
+  'rsettings' => $rsettings,
+  'rspamd_regex_maps' => $rspamd_regex_maps,
+  'logo_specs' => customize('get', 'main_logo_specs'),
+  'logo_dark_specs' => customize('get', 'main_logo_dark_specs'),
+  'ip_check' => customize('get', 'ip_check'),
+  'password_complexity' => password_complexity('get'),
+  'show_rspamd_global_filters' => @$_SESSION['show_rspamd_global_filters'],
+  'cors_settings' => $cors_settings,
+  'is_https' => isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on',
+  'iam_settings' => $iam_settings,
+  'mbox_templates' => $mbox_templates,
+  'lang_admin' => json_encode($lang['admin']),
+  'lang_datatables' => json_encode($lang['datatables'])
+];
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/footer.inc.php';