feat: PHP网站默认开启防跨站

TheTNB · Oct 25, 2024 · a65bcf5 · a65bcf5
1 parent 145387b
commit a65bcf5
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 6 deletions.
diff --git a/internal/data/website.go b/internal/data/website.go
@@ -271,6 +271,14 @@ func (r *websiteRepo) Create(req *request.WebsiteCreate) (*biz.Website, error) {
 		return nil, err
 	}
 
+	// PHP 网站默认开启防跨站
+	if req.PHP > 0 {
+		userIni := filepath.Join(req.Path, ".user.ini")
+		_, _ = shell.Execf(`chattr -i '%s'`, userIni)
+		_ = io.Write(userIni, fmt.Sprintf("open_basedir=%s:/tmp/", req.Path), 0644)
+		_, _ = shell.Execf(`chattr +i '%s'`, userIni)
+	}
+
 	// 创建面板网站
 	w := &biz.Website{
 		Name:   req.Name,
@@ -417,11 +425,6 @@ func (r *websiteRepo) Update(req *request.WebsiteUpdate) error {
 		if err = p.SetOCSP(req.OCSP); err != nil {
 			return err
 		}
-		if quic {
-			if err = p.SetAltSvc(`'h3=":$server_port"; ma=2592000'`); err != nil {
-				return err
-			}
-		}
 	} else {
 		if err = p.ClearSetHTTPS(); err != nil {
 			return err
@@ -435,6 +438,12 @@ func (r *websiteRepo) Update(req *request.WebsiteUpdate) error {
 		if err = p.SetOCSP(false); err != nil {
 			return err
 		}
+	}
+	if quic {
+		if err = p.SetAltSvc(`'h3=":$server_port"; ma=2592000'`); err != nil {
+			return err
+		}
+	} else {
 		if err = p.SetAltSvc(``); err != nil {
 			return err
 		}

diff --git a/pkg/types/website.go b/pkg/types/website.go
@@ -3,7 +3,7 @@ package types
 // WebsiteListen 网站监听配置
 type WebsiteListen struct {
 	Address string `form:"address" json:"address" validate:"required"` // 监听地址 e.g. 80 0.0.0.0:80 [::]:80
-	HTTPS   bool   `form:"https" json:"https" validate:"required"`     // 是否启用HTTPS
+	HTTPS   bool   `form:"https" json:"https"`                         // 是否启用HTTPS
 	QUIC    bool   `form:"quic" json:"quic"`                           // 是否启用QUIC
 }