php: init

src/html/index.php

@@ -0,0 +1,48 @@
+<?php
+
+$access_list_path = '/etc/tuer3.0/door_access_hashs';
+
+if (!hasCredentials())
+	render_default();
+elseif (hasValidCredentials())
+	execute_cmd($_POST['cmd']);
+else
+	render_failure();
+
+function executeCmd($cmd) {
+	switch($cmd) {
+	case 'indoor_lock':
+		sendKeyBLE('lock');
+		break;
+	case 'indoor_open':
+		sendKeyBLE('open');
+		break;
+	default:
+		render_failure();
+	}
+}
+function hasCredentials() {
+	$secret = $_GET['secret'] || $_COOKIES['secret'];
+	return is_string($secret) && !empty($secret);
+}
+
+function hasValidCredentials() {
+	$secret = $_GET['secret'] || $_COOKIES['secret'];
+	$cipher = hash('sha512', $secret);
+
+	$tokens = hasAccessTokens($cipher, $access_list_path); 
+	return false;
+}
+function hasAccessTokens($needle, $path) {
+	$lines = file($path, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
+	foreach($lines as $line) {
+		if (str_starts_with(ltrim($line), '#'))
+			continue;
+		$values = explode(';', $line);
+		if (count($values) != 3)
+			continue;
+		if ($needle == $values[2])
+			return true;
+	}
+	return false;
+}

systemd/php8.2-fpm@.service

@@ -0,0 +1,66 @@
+[Unit]
+Description=The PHP 8.2 FastCGI Process Manager for %I
+Documentation=man:php-fpm8.2(8)
+After=network.target
+Before=nginx.service
+# PartOf=php.target
+
+[Service]
+Type=notify
+PIDFile=/run/php-fpm/%i/main.pid
+ExecStart=/usr/sbin/php-fpm8.2 --nodaemonize --fpm-config /etc/php/8.2/fpm/sites/%i/php.conf --php-ini /etc/php/8.2/fpm/sites/%i/php.ini --pid /run/php-fpm/%i/main.pid --force-stderr
+ExecReload=/bin/kill -USR2 $MAINPID
+
+StandardOutput=journal
+StandardError=journal
+
+User=www-data
+Group=www-data
+WorkingDirectory=/var/www/%i
+Environment=HOME=/var/www/%i
+Environment=TEMP=/var/lib/php-fpm/%i/tmp TMP=/var/lib/php-fpm/%i/tmp TMPDIR=/var/lib/php-fpm/%i/tmp
+
+TemporaryFileSystem=/var:ro
+InaccessiblePaths=/boot /home /lost+found /media /mnt /opt /root /srv
+
+# permits for /var/run
+RuntimeDirectory=php-fpm/%i
+#TemporaryFileSystem=/var/run/php-fpm:ro
+BindPaths=/var/run/php-fpm/%i
+ReadWritePaths=/var/run/php-fpm/%i
+BindPaths=/var/run/postgresql
+
+#TemporaryFileSystem=/var/lib/php-fpm:ro
+BindPaths=/var/lib/php-fpm/%i
+StateDirectory=php-fpm/%i/sessions
+ReadWritePaths=/var/lib/php-fpm/%i/sessions
+StateDirectory=php-fpm/%i/tmp
+ReadWritePaths=/var/lib/php-fpm/%i/tmp
+
+TemporaryFileSystem=/etc/php/8.2/fpm/sites:ro
+BindPaths=/etc/php/8.2/fpm/sites/%i
+ConfigurationDirectory=php/8.2/fpm/sites/%i
+ReadOnlyPaths=/etc/php/8.2/fpm/sites/%i
+
+#TemporaryFileSystem=/var/www:ro
+BindPaths=/var/www/%i
+ReadWritePaths=/var/www/%i
+
+ProtectSystem=strict
+PrivateUsers=yes
+ProtectHostname=yes
+ProtectClock=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectKernelLogs=yes
+ProtectControlGroups=yes
+PrivateDevices=yes
+ProtectHome=yes
+ProtectProc=invisible
+PrivateTmp=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+MemoryDenyWriteExecute=yes
+RestrictSUIDSGID=yes
+
+[Install]
+WantedBy=multi-user.target

systemd/php8.2-fpm@.socket

@@ -0,0 +1,12 @@
+[Unit]
+Description=Socket for php8.2-fpm service of %I
+#BindsTo=php8.2-fpm@%i.service
+
+[Socket]
+ListenStream=/run/php-fpm-%i.sock
+SocketMode=0660
+SocketUser=www-data
+SocketGroup=www-data
+
+[Install]
+WantedBy=sockets.target