access-restriction.php new, do not commit keys

1 files changed, 62 insertions, 0 deletions

diff --git a/access-restriction.php b/access-restriction.php
new file mode 100644
index 0000000..92049bc
--- /dev/null
+++ b/access-restriction.php
@@ -0,0 +1,62 @@
+<?php
+
+$keyFile = fopen("../key.ed25519", "r");
+if ($keyFile === false)
+  die();
+$privKey = trim(fgets($keyFile));
+$pubKey = trim(fgets($keyFile));
+fclose($keyFile);
+
+function client_identifier() {
+  return $_SERVER['SERVER_ADDR'] . " " . $_SERVER['REMOTE_ADDR'] . " " . $_SERVER['REMOTE_PORT'];
+}
+
+function zugriff_erlaubt() {
+  global $pubKey;
+  if (!(preg_match("/^192\.168\.[01]\.3$/", $_SERVER["REMOTE_ADDR"]) == 1))
+    return true;
+  if (array_key_exists('key',$_GET)) {
+    $pubKey = hex2bin($pubKey);
+    return sodium_crypto_sign_open(hex2bin($_GET["key"]), $pubKey) == client_identifier();
+  }
+  return false;
+}
+
+function attach_key($delimiter = '&') {
+  if (!array_key_exists('key', $_GET))
+    return;
+  print $delimiter . 'key=' . $_GET['key'];
+}
+
+if (!zugriff_erlaubt()) {
+?>
+<html>
+<head>
+  <script src="/encrypt_key.js"></script>
+  <script>
+    window.sodium = {
+      onload: function (sodium) {
+        var sodium = sodium;
+      }
+    };
+    function update_key(form) {
+      privateKey = "<?php echo $privKey; ?>";
+      privateKey = encrypt_private_key(form.password.value, privateKey);
+      privateKey = sodium.from_hex(privateKey);
+      let msg = sodium.crypto_sign("<?php print client_identifier(); ?>", privateKey);
+      form.key.value = sodium.to_hex(msg);
+    }
+  </script>
+  <script src="/sodium.js" async></script>
+</head>
+<body>
+<form action="" id="form" method="get">
+Passwort: <input type="password" id="password" onchange="update_key(this.form);">
+<input type="hidden" name="key" id="key">
+<input type="submit" value="weiter"">
+</form>
+</body>
+</html>
+<?php
+  die();
+}