From 8c10b0ac4d8f0638260286deb0db0ad08c73911f Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Wed, 3 Dec 2008 13:34:32 -0500 Subject: [PATCH] fine-tuning the privacy flag darcs-hash:20081203183432-5ed1f-7626661b797f64594f990ee06d9e13b73b265b49.gz --- README | 97 +++++++++++++++++++++++++------------------------ actions/api.php | 6 +++ index.php | 7 +++- 3 files changed, 62 insertions(+), 48 deletions(-) diff --git a/README b/README index 228d0b1d08..f40e2e2bd2 100644 --- a/README +++ b/README @@ -117,7 +117,7 @@ run correctly. *must* support the MyISAM storage engine -- the default for most MySQL servers -- *and* the InnoDB storage engine. - A Web server. Preferably, you should have Apache 2.2.x with the - mod_rewrite extension installed and enabled. + mod_rewrite extension installed and enabled. Your PHP installation must include the following PHP extensions: @@ -168,7 +168,7 @@ and the URLs are listed here for your convenience. but won't work with OpenID. http://pear.php.net/package/DB - OAuth.php from http://oauth.googlecode.com/svn/code/php/ -- markdown.php from http://michelf.com/projects/php-markdown/ +- markdown.php from http://michelf.com/projects/php-markdown/ - PEAR Mail, for sending out mail notifications http://pear.php.net/package/Mail - PEAR Net_SMTP, if you use the SMTP factory for notifications @@ -198,32 +198,32 @@ especially if you've previously installed PHP/MySQL packages. 1. Unpack the tarball you downloaded on your Web server. Usually a command like this will work: - + tar zxf laconica-0.6.2.tar.gz - + ...which will make a laconica-0.6.2 subdirectory in your current directory. (If you don't have shell access on your Web server, you may have to unpack the tarball on your local computer and FTP the files to the server.) - + 2. Move the tarball to a directory of your choosing in your Web root directory. Usually something like this will work: - + mv laconica-0.6.2 /var/www/mublog - + This will make your Laconica instance available in the mublog path of your server, like "http://example.net/mublog". "microblog" or "laconica" might also be good path names. If you know how to configure virtual hosts on your web server, you can try setting up "http://micro.example.net/" or the like. - + 3. You should also take this moment to make your avatar subdirectory writeable by the Web server. An insecure way to do this is: - + chmod a+w /var/www/mublog/avatar - + On some systems, this will probably work: - + chgrp www-data /var/www/mublog/avatar chmod g+w /var/www/mublog/avatar @@ -233,13 +233,13 @@ especially if you've previously installed PHP/MySQL packages. 4. Create a database to hold your microblog data. Something like this should work: - + mysqladmin -u "username" --password="password" create laconica - + Note that Laconica must have its own database; you can't share the database with another program. You can name it whatever you want, though. - + (If you don't have shell access to your server, you may need to use a tool like PHPAdmin to create a database. Check your hosting service's documentation for how to create a new MySQL database.) @@ -252,22 +252,22 @@ especially if you've previously installed PHP/MySQL packages. You may want to test by logging into the database and checking that the tables were created. Here's an example: - + SHOW TABLES; - + 6. Create a new database account that Laconica will use to access the database. If you have shell access, this will probably work from the MySQL shell: - + GRANT SELECT,INSERT,DELETE,UPDATE on laconica.* TO 'lacuser'@'localhost' IDENTIFIED BY 'lacpassword'; - + You should change 'lacuser' and 'lacpassword' to your preferred new username and password. You may want to test logging in as this new user and testing that you can SELECT from some of the tables in the DB (use SHOW TABLES to see which ones are there). - + 7. Copy the config.php.sample in the Laconica directory to config.php. 8. Edit config.php to set the basic configuration for your system. @@ -282,8 +282,8 @@ especially if you've previously installed PHP/MySQL packages. will be empty. If not, magic has happened! You can now register a new user, post some notices, edit your profile, etc. However, you may want to wait to do that stuff if you think you can set up - "fancy URLs" (see below), since some URLs are stored in the database. - + "fancy URLs" (see below), since some URLs are stored in the database. + Fancy URLs ---------- @@ -308,7 +308,7 @@ in your server. import the .htaccess file into your conf file instead. If you're not sure how to do it, you may save yourself a lot of headache by just leaving the .htaccess file. - + 2. Change the "RewriteBase" in the new .htaccess file to be the URL path to your Laconica installation on your server. Typically this will be the path to your Laconica directory relative to your Web root. @@ -316,7 +316,7 @@ in your server. 3. Add or uncomment or change a line in your config.php file so it says: $config['site']['fancy'] = true; - + You should now be able to navigate to a "fancy" URL on your server, like: @@ -375,27 +375,27 @@ For this to work, there *must* be a domain or sub-domain for which all 2. Make sure the maildaemon.php file is executable: - chmod +x scripts/maildaemon.php - + chmod +x scripts/maildaemon.php + Note that "daemon" is kind of a misnomer here; the script is more of a filter than a daemon. - + 2. Edit /etc/aliases on your mail server and add the following line: *: /path/to/laconica/scripts/maildaemon.php 3. Run whatever code you need to to update your aliases database. For many mail servers (Postfix, Exim, Sendmail), this should work: - + newaliases - + You may need to restart your mail server for the new database to take effect. 4. Set the following in your config.php file: $config['mail']['domain'] = 'yourdomain.example.net'; - + At this point, post-by-email and post-by-SMS-gateway should work. Note that if your mail server is on a different computer from your email server, you'll need to have a full installation of Laconica, a working @@ -413,19 +413,19 @@ well. 1. You may want to strongly consider setting up your own XMPP server. Ejabberd, OpenFire, and JabberD are all Open Source servers. Jabber, Inc. provides a high-performance commercial server. - + 2. You must register a Jabber ID (JID) with your new server. It helps to choose a name like "update@example.com" or "notice" or something similar. Alternately, your "update JID" can be registered on a publicly-available XMPP service, like jabber.org or GTalk. - + Laconica will not register the JID with your chosen XMPP server; you need to do this manually, with an XMPP client like Gajim, Telepathy, or Pidgin.im. - + 3. Configure your site's XMPP variables, as described below in the configuration section. - + On a default installation, your site can broadcast messages using XMPP. Users won't be able to post messages using XMPP unless you've got the XMPP daemon running. See 'Queues and daemons' below for how @@ -449,7 +449,7 @@ To configure a downstream site to receive your public stream, add their "JID" (Jabber ID) to your config.php as follows: $config['xmpp']['public'][] = 'downstream@example.net'; - + (Don't miss those square brackets at the end.) Note that your XMPP broadcasting must be configured as mentioned above. Although you can send out messages at "Web time", high-volume sites should strongly @@ -483,11 +483,11 @@ server is probably a good idea for high-volume sites. more daemon options. Note that if you set the 'user' and/or 'group' options, you'll need to create that user and/or group by hand. They're not created automatically. - + 4. On the queues server, run the command scripts/startdaemons.sh. It needs as a parameter the install path; if you run it from the Laconica dir, "." should suffice. - + This will run six (for now) queue handlers: * xmppdaemon.php - listens for new XMPP messages from users and stores @@ -549,7 +549,7 @@ Laconica instance. bots where to find all the sitemap files; it *must* be in the main installation directory or higher. Both types of file must be available through HTTP. - + 2. To generate your sitemaps, run the following command on your server: php scripts/sitemap.php -f index-file-path -d sitemap-directory -u URL-prefix-for-sitemaps @@ -559,7 +559,7 @@ Laconica instance. you want the sitemaps stored, like './sitemaps/' (make sure the dir exists). URL-prefix-for-sitemaps is the full URL for the sitemap dir, typically something like 'http://example.net/mublog/sitemaps/'. - + You can use several methods for submitting your sitemap index to search engines to get your site indexed. One is to add a line like the following to your robots.txt file: @@ -661,9 +661,9 @@ to the end first before trying them. RewriteBase to use the correct path. 10. Rebuild the database. Go to your Laconica directory and run the rebuilddb.sh script like this: - + ./scripts/rebuilddb.sh rootuser rootpassword database db/laconica.sql - + Here, rootuser and rootpassword are the username and password for a user who can drop and create databases as well as tables; typically that's _not_ the user Laconica runs as. @@ -744,7 +744,7 @@ path: The path part of your site's URLs, like 'mublog' or '/' (installed in root). fancy: whether or not your site uses fancy URLs (see Fancy URLs section above). Default is false. -logfile: full path to a file for Laconica to save logging +logfile: full path to a file for Laconica to save logging information to. You may want to use this if you don't have access to syslog. locale_path: full path to the directory for locale data. Unless you @@ -775,6 +775,9 @@ closed: If set to 'true', will disallow registration on your site. the service, *then* set this variable to 'true'. inviteonly: If set to 'true', will only allow registration if the user was invited by an existing user. +private: If set to 'true', anonymous users will be redirected to the + 'login' page. Also, API methods that normally require no + authentication will require it. db -- @@ -798,7 +801,7 @@ db_driver: You can try changing this to 'MDB2' to use the other driver debug: On a database error, you may get a message saying to set this value to 5 to see debug messages in the browser. This breaks just about all pages, and will also expose the username and - password + password quote_identifiers: Set this to true if you're using postgresql. type: either 'mysql' or 'postgresql' (used for some bits of database-type-specific SQL in the code). Defaults to mysql. @@ -853,7 +856,7 @@ backend: the backend to use for mail, one of 'mail', 'sendmail', and 'smtp'. Defaults to PEAR's default, 'mail'. params: if the mail backend requires any parameters, you can provide them in an associative array. - + nickname -------- @@ -941,7 +944,7 @@ Miscellaneous tagging stuff. dropoff: Decay factor for tag listing, in seconds. Defaults to exponential decay over ten days; you can twiddle with it to try and get better results for your site. - + daemon ------ @@ -1027,7 +1030,7 @@ assumptions. emit oodles of print lines directly to the browser of your users. Among these lines will be your database username and password. Do not enable this option on a production Web site for any reason. - + - "Edit dataobject.ini with the following settings..." dataobject.ini is a development file for the DB_DataObject framework and is not used by the running software. It was removed from the Laconica @@ -1044,8 +1047,8 @@ development version of Laconica. To get it, use the darcs version control tool (http://darcs.net/) like so: darcs get http://laconi.ca/darcs/ mublog - -To keep it up-to-date, use 'darcs pull'. Watch for conflicts! + +To keep it up-to-date, use 'darcs pull'. Watch for conflicts! Further information =================== diff --git a/actions/api.php b/actions/api.php index b36d644e62..ff46e62e76 100644 --- a/actions/api.php +++ b/actions/api.php @@ -120,6 +120,12 @@ class ApiAction extends Action { 'statuses/followers', 'favorites/favorites'); + # If the site is "private", all API methods need authentication + + if (common_config('site', 'private')) { + return true; + } + $fullname = "$this->api_action/$this->api_method"; if (in_array($fullname, $bareauth)) { diff --git a/index.php b/index.php index 6767203582..546524d9ba 100644 --- a/index.php +++ b/index.php @@ -36,7 +36,12 @@ if (!$action || !preg_match('/^[a-zA-Z0-9_-]*$/', $action)) { common_redirect(common_local_url('public')); } -if (!$user && common_config('site', 'private') && !in_array($action, array('login', 'api', 'doc')) { +// If the site is private, and they're not on one of the "public" +// parts of the site, redirect to login + +if (!$user && common_config('site', 'private') && + !in_array($action, array('login', 'openidlogin', 'api', 'doc'))) +{ common_redirect(common_local_url('login')); }