Merge pull request #960 from proditis/master

Improvements to multiple components
echoCTF · Aug 15, 2023 · 17f5fa4 · 17f5fa4
2 parents 7ef47db + e563ec0
commit 17f5fa4
Show file tree

Hide file tree

Showing 22 changed files with 464 additions and 51 deletions.
diff --git a/ansible/runonce/db.yml b/ansible/runonce/db.yml
@@ -91,8 +91,8 @@
       - libmemcached
       - py3-mysqlclient
       - libtool
-      - autoconf-2.69p3
-      - automake-1.16.3
+      - autoconf%2.69
+      - automake%1.16
     my_cnf:
       - { init_file:  "/etc/mysql-init.sql"}
       - { bind-address:  "{{db_ip}}" }

diff --git a/ansible/runonce/docker-servers.yml b/ansible/runonce/docker-servers.yml
@@ -151,10 +151,10 @@
 
   - name: Force /etc/network/interfaces
     ignore_errors: true
-    when: lookup('ansible.builtin.fileglob', inventory_dir+'/../files/etc_network_interfaces.j2') != []
+    when: lookup('ansible.builtin.fileglob', inventory_dir+'/../../files/etc_network_interfaces.j2') != []
     ansible.builtin.template:
-      src:  "{{inventory_dir}}/../files/etc_network_interfaces.j2"
-      dest: /etc/network/interfaces
+      src:  "{{inventory_dir}}/../../files/etc_network_interfaces.j2"
+      dest: "/etc/network/interfaces.d/{{network.driver_options.parent}}.conf"
       owner: root
       group: root
       mode: '0644'
@@ -204,9 +204,9 @@
         }
 
   - name: Configure new systemd docker overrides
-    when: lookup('ansible.builtin.fileglob', inventory_dir+'/../files/dockerd-service-override.conf') != []
+    when: lookup('ansible.builtin.fileglob', inventory_dir+'/../../files/dockerd-service-override.conf') != []
     copy:
-      src: "{{inventory_dir}}/../files/dockerd-service-override.conf"
+      src: "{{inventory_dir}}/../../files/dockerd-service-override.conf"
       dest: /etc/systemd/system/docker.service.d/
 
   - name: Reload systemd
@@ -274,9 +274,9 @@
     with_dict: "{{ containers }}"
 
   - name: Create iptables rules
-    when: lookup('ansible.builtin.fileglob', inventory_dir+'/../files/iptables_rules.v4') != []
+    when: lookup('ansible.builtin.fileglob', inventory_dir+'/../../files/iptables_rules.v4') != []
     template:
-      src:  "{{inventory_dir}}/../files/iptables_rules.v4"
+      src:  "{{inventory_dir}}/../../files/iptables_rules.v4"
       dest: /etc/iptables/rules.v4
 
   - name: Disable IPv6 (needs restart)
@@ -364,9 +364,9 @@
       - pm2
 
   - name: Copy local ctables
-    when: lookup('ansible.builtin.fileglob', inventory_dir+'/../files/ctables') != []
+    when: lookup('ansible.builtin.fileglob', inventory_dir+'/../../files/ctables') != []
     copy:
-      src:  "{{inventory_dir}}/../files/ctables"
+      src:  "{{inventory_dir}}/../../files/ctables"
       dest: /usr/local/bin/ctables
       owner: root
       group: root

diff --git a/ansible/runonce/includes/chroot_env.yml b/ansible/runonce/includes/chroot_env.yml
@@ -24,7 +24,7 @@ CHROOT_ENV:
 - "/usr/lib/libc++abi.so.*"
 - "/usr/lib/libm.so.*"
 - "/usr/lib/libssl.so.*"
-- "/usr/local/share/icu/70.1/icudt*l.dat"
+- "/usr/local/share/icu/72.1/icudt*l.dat"
 - "/usr/local/lib/libmemcached.so.*"
 - "/usr/local/lib/libintl.so.*"
 - "/usr/local/lib/libonig.so.*"

diff --git a/ansible/runonce/mui.yml b/ansible/runonce/mui.yml
@@ -95,8 +95,8 @@
       - libmemcached
       - py3-mysqlclient
       - libtool
-      - autoconf-2.69p3
-      - automake-1.16.3
+      - autoconf%2.69
+      - automake%1.16
       - pecl74-memcached
       - nginx
       - php-gd%7.4
@@ -234,7 +234,7 @@
       - usr/bin
       - usr/libexec
       - usr/local/lib
-      - usr/local/share/icu/69.1
+      - usr/local/share/icu/72.1
       - usr/lib
 
   - name: "Copy pf conf files"
@@ -398,7 +398,7 @@
       - "mkdir -p /home/moderatorUI/{{domain_name}}/backend/web/assets"
       - "chown -R moderatorUI /home/moderatorUI/{{domain_name}}/backend/web/assets"
       - "mkdir -p /var/log/cron"
-      - "ln -s /home/moderatorUI/{{domain_name}}/backend/yii /usr/local/bin/backend"
+      - "ln -sf /home/moderatorUI/{{domain_name}}/backend/yii /usr/local/bin/backend"
 
   - name: configure moderator rc.d
     command: rcctl {{item}}

diff --git a/ansible/runonce/pui.yml b/ansible/runonce/pui.yml
@@ -90,8 +90,8 @@
       - { name: mysqld, state: "disable" }
       - { name: memcached, state: "disable" }
     packages:
-      - autoconf-2.69p3
-      - automake-1.16.3
+      - autoconf%2.69
+      - automake%1.16
       - curl
       - git
       - libmemcached
@@ -105,6 +105,7 @@
       - php-pdo_mysql%7.4
       - php-zip%7.4
       - certbot
+      - py3-pip
       - py3-requests
       - py3-mysqlclient
   tasks:
@@ -185,7 +186,7 @@
       name: "{{packages}}"
 
   - name: Install lexicon (raw)
-    raw: pip install lexicon
+    raw: pip3 install lexicon
 
   - name: Install composer
     get_url:
@@ -253,7 +254,7 @@
       - usr/bin
       - usr/libexec
       - usr/local/lib
-      - usr/local/share/icu/69.1
+      - usr/local/share/icu/72.1
       - usr/lib
 
   - name: "Copy pf conf files"
@@ -429,7 +430,7 @@
       - mkdir -p /var/log/cron
       - chown -R participantUI /home/participantUI/{{domain_name}}/frontend/web/assets
       - chown -R participantUI /home/participantUI/{{domain_name}}/frontend/web/images/avatars/
-      - ln -s /home/participantUI/{{domain_name}}/frontend/yii /usr/local/bin/frontend
+      - ln -sf /home/participantUI/{{domain_name}}/frontend/yii /usr/local/bin/frontend
 
   - name: configure participant rc.d
     command: rcctl {{item}}
@@ -466,7 +467,7 @@
     when: GITHUB_OAUTH_TOKEN is defined and GITHUB_OAUTH_TOKEN!=""
 
   - name: run composer
-    command: chdir=/home/participantUI/{{domain_name}}/frontend php -d allow_url_fopen=on /usr/local/bin/composer install -n --no-dev --prefer-dist --no-progress --no-suggest
+    command: chdir=/home/participantUI/{{domain_name}}/frontend php -d allow_url_fopen=on /usr/local/bin/composer install -n --no-dev --prefer-dist --no-progress
 
   - name: Fix home folder permissions for nginx
     command: chown root.daemon /home/participantUI
@@ -528,14 +529,14 @@
 
   - name: Install renewal policy for letsencrypt
     ini_file:
-        path: "/etc/letsencrypt/renewal/{{domain_name}}.conf"
-        section: renewalparams
-        option: "{{item.key}}"
-        value: "{{item.value}}"
+      path: "/etc/letsencrypt/renewal/{{domain_name}}.conf"
+      section: renewalparams
+      option: "{{item.key}}"
+      value: "{{item.value}}"
     with_items:
-      manual_auth_hook: /etc/letsencrypt/lexicon-vultr.sh create
-      manual_cleanup_hook: /etc/letsencrypt/lexicon-vultr.sh delete
-      post_hook: /etc/nginx/install_renewed_cert.sh
+      - { key: manual_auth_hook, value: "/etc/letsencrypt/lexicon-vultr.sh create" }
+      - { key: manual_cleanup_hook, value: "/etc/letsencrypt/lexicon-vultr.sh delete" }
+      - { key: post_hook, value: "/etc/nginx/install_renewed_cert.sh" }
 
   - name: Execute fw_update
     command: fw_update -a

diff --git a/backend/commands/PlayerController.php b/backend/commands/PlayerController.php
@@ -292,7 +292,7 @@ public function actionPendingAvatars($full=false)
   /**
    * Check mails for known spammers.
    */
-  public function actionCheckStopforumspam($interval=null)
+  public function actionCheckStopforumspam($interval=null,$confidence=90)
   {
     $players=Player::find();
     if($interval!==null)
@@ -307,7 +307,7 @@ public function actionCheckStopforumspam($interval=null)
       $SFS->email=$p->email;
       $result=$SFS->check();
       $retData=json_decode($result)->email;
-      if(property_exists($retData,'confidence') && $retData->confidence>0)
+      if(property_exists($retData,'confidence') && $retData->confidence>=intval($confidence))
       {
         printf("Banning %d: %s %d %d => %s\n",$p->id,$p->email,$p->active,$p->status,floatval($retData->confidence));
         $p->ban();
@@ -322,25 +322,30 @@ public function actionCheckStopforumspam($interval=null)
   public function actionCheckSpammy($domains=false)
   {
     $skip_domains=[];
-    $players=Player::find()->select(["right(email, length(email)-INSTR(email, '@')) as email"])->distinct();
+    $players=Player::find()->select(["SUBSTRING_INDEX(email,'@',-1) as email"])->distinct();
     foreach($skip_domains as $d)
       $players->andWhere(['not like','email', $d]);
       echo "Found ",$players->count()," distinct domains.\n";
     foreach($players->all() as $p)
     {
       try{
-      $DNS_NS=dns_get_record($p->email, DNS_NS);
-      $DNS_MX=dns_get_record($p->email, DNS_MX);
-      $DNS_A=dns_get_record($p->email, DNS_A);
+        $DNS_NS=dns_get_record($p->email, DNS_NS);
+        $DNS_MX=dns_get_record($p->email, DNS_MX);
+        $DNS_A=dns_get_record($p->email, DNS_A);
       }
       catch(\Exception $e)
       {
-        echo "Failed to resolve [",$p->email,"]",$e->getMessage(),"\n";
+        echo "Error: Failed to resolve [",$p->email,"]",$e->getMessage(),"\n";
       }
       if($DNS_NS===[] && $DNS_MX===[])
       {
         echo "Domain[",$p->email,"] has empty MX & NS records\n";
       }
+      $validator = new \app\components\validators\MXServersValidator();
+      $validator->mxonly=true;
+      if (!$validator->validate($p->email, $error)) {
+        echo "Domain[",$p->email,"] MX Validator error\n";
+      }
     }
   }
 
@@ -372,7 +377,7 @@ public function actionCheckDupips($skip_uids=false)
 
   public function actionFailValidation($delete=false)
   {
-    $allRecords=Player::find()->all();
+    $allRecords=Player::find()->active()->all();
     foreach($allRecords as $p)
     {
         $p->scenario='validator';

diff --git a/backend/components/Mailer.php b/backend/components/Mailer.php
@@ -19,7 +19,7 @@ public function init()
 
     if(Yii::$app->sys->mail_port !== false)
     {
-      $config['port']=Yii::$app->sys->mail_port;
+      $config['port']=intval(Yii::$app->sys->mail_port);
     }
 
     if(Yii::$app->sys->mail_username !== false)

diff --git a/backend/components/validators/HourRegistrationValidator.php b/backend/components/validators/HourRegistrationValidator.php
@@ -0,0 +1,56 @@
+<?php
+/**
+ * Check memcache key for registrations performed by this IP.
+ */
+namespace app\components\validators;
+
+use yii\validators\Validator;
+use yii\helpers\ArrayHelper;
+
+class HourRegistrationValidator extends Validator
+{
+    public $max=3;
+    public $message;
+    public $counter;
+    public $client_ip;
+    public function init()
+    {
+        $this->message=\Yii::t('app',"You reached your maximum registrations for this hour!");
+        if(!$this->counter)
+          $this->counter=intval(\Yii::$app->cache->memcache->get('registeredip:'.$this->client_ip));
+        parent::init();
+    }
+    public function validateValue($value)
+    {
+      if (\Yii::$app->sys->signup_HourRegistrationValidator!==false && intval($this->counter)>=$this->max)
+      {
+        return [$this->message, [
+            'signup_ip' => $value,
+        ]];
+      }
+
+    }
+    public function validateAttribute($model, $attribute)
+    {
+        $value = $model->$attribute;
+        if(\Yii::$app->sys->signup_HourRegistrationValidator!==false && intval($this->counter)>=$this->max)
+        {
+            $model->addError($attribute, $this->message);
+        }
+    }
+
+    public function clientValidateAttribute($model, $attribute, $view)
+    {
+        if(\Yii::$app->sys->signup_HourRegistrationValidator!==false)
+        {
+            $message = json_encode($this->message, JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
+            return <<<JS
+if ({$this->counter}>={$this->max}) {
+    messages.push($message);
+    return false;
+}
+JS;
+
+        }
+    }
+}
diff --git a/backend/components/validators/LowerRangeValidator copy.php b/backend/components/validators/LowerRangeValidator copy.php
@@ -0,0 +1,70 @@
+<?php
+/**
+ * @link http://www.yiiframework.com/
+ * @copyright Copyright (c) 2008 Yii Software LLC
+ * @license http://www.yiiframework.com/license/
+ */
+
+namespace app\components\validators;
+
+use Yii;
+use yii\base\InvalidConfigException;
+use yii\helpers\ArrayHelper;
+use yii\validators\ValidationAsset;
+/**
+ * RangeValidator validates that the attribute value is among a list of values.
+ *
+ * The range can be specified via the [[range]] property.
+ * If the [[not]] property is set true, the validator will ensure the attribute value
+ * is NOT among the specified range.
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @since 2.0
+ */
+class LowerRangeValidator extends \yii\validators\RangeValidator
+{
+    /**
+     * @var array|\Traversable|\Closure $range
+     */
+    public $range;
+    /**
+     * @var bool whether the comparison is strict (both type and value must be the same)
+     */
+    public $strict=false;
+    /**
+     * @var bool whether to invert the validation logic. Defaults to false. If set to true,
+     * the attribute value should NOT be among the list of values defined via [[range]].
+     */
+    public $not=false;
+    /**
+     * @var bool whether to allow array type attribute.
+     */
+    public $allowArray=false;
+
+
+    /**
+     * {@inheritdoc}
+     */
+    public function init()
+    {
+        parent::init();
+        if($this->message === null)
+        {
+            $this->message=Yii::t('yii', '{attribute} is invalid.');
+        }
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function validateValue($value)
+    {
+        $in=false;
+
+        if(ArrayHelper::isIn(mb_strtolower($value), (array) $this->range, $this->strict))
+        {
+            $in=true;
+        }
+        return $this->not !== $in ? null : [$this->message, []];
+    }
+}