From 9f911349477be35286ddafd553a500806325dca6 Mon Sep 17 00:00:00 2001
From: Christian Heller <c.heller@plomlompom.de>
Date: Thu, 13 Dec 2018 21:28:15 +0100
Subject: [PATCH] Add IRClogs password protection.

---
 .../linkable_etc_files/web/etc/nginx/nginx.conf    |  8 +++++++-
 all_new_2018/setup_plomlombot.sh                   |  7 +++++--
 all_new_2018/user_scripts/plomlombot_daemon.sh     | 14 +++++++++-----
 all_new_2018/user_scripts/start_plomlombot.sh      |  4 ----
 4 files changed, 21 insertions(+), 12 deletions(-)
 delete mode 100755 all_new_2018/user_scripts/start_plomlombot.sh

diff --git a/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf b/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf
index fa1f106..411aa4b 100644
--- a/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf
+++ b/all_new_2018/linkable_etc_files/web/etc/nginx/nginx.conf
@@ -64,7 +64,13 @@ http {
             fastcgi_pass unix:/var/run/fcgiwrap.socket;
         }
 
-        location /irclogs/plomlompomtest/ {
+        location /irclogs/([^/]+)/ {
+            auth_basic "$1 logs";
+            auth_basic_user_file /var/www/irclogs_pw/$1;
+            autoindex on;
+        }
+
+        location /irclogs/ {
             autoindex on;
         }
     }
diff --git a/all_new_2018/setup_plomlombot.sh b/all_new_2018/setup_plomlombot.sh
index 6bfc4d6..4562588 100755
--- a/all_new_2018/setup_plomlombot.sh
+++ b/all_new_2018/setup_plomlombot.sh
@@ -10,9 +10,10 @@ gpg_key="$1"
 
 config_tree_prefix="${HOME}/config/all_new_2018/"
 irclogs_dir=/var/www/html/irclogs
+irclogs_pw_dir=/var/www/irclogs_pw
 cp "${config_tree_prefix}"/user_scripts/plomlombot_daemon.sh /home/plom/
 chown plom:plom /home/plom/plomlombot_daemon.sh
-apt -y install screen python3-venv gpg dirmngr
+apt -y install screen python3-venv gpg dirmngr apache2-utils
 su plom -c "gpg --recv-key ${gpg_key}"
 # TODO: After this, we could in theory remove dirmngr if we only installed it just now.
 su plom -c "cd && git clone /var/public_repos/plomlombot-irc"
@@ -20,7 +21,9 @@ systemctl enable /etc/systemd/system/plomlombot.service
 service plomlombot start
 mkdir -p "${irclogs_dir}"
 chown -R plom:plom "${irclogs_dir}"
+mkdir -p "${irclogs_pw_dir}"
+chown -R plom:plom "${irclogs_pw_dir}"
 echo "Don't forget to add a file ~/.plomlombot with content such as:"
 echo "gpg_key ${gpg_key}"
-echo "bot: SCREEN_SESSION_NAME BOT_NAME #CHANNEL_NAME IRC_SERVER_NAME"
+echo "bot: SCREEN_SESSION_NAME BOT_NAME #CHANNEL_NAME IRC_SERVER_NAME LOGS_USER LOGS_PW"
 echo "# file should end in newline or non-interpreted line such as this"
diff --git a/all_new_2018/user_scripts/plomlombot_daemon.sh b/all_new_2018/user_scripts/plomlombot_daemon.sh
index dcac4f6..df4f49d 100755
--- a/all_new_2018/user_scripts/plomlombot_daemon.sh
+++ b/all_new_2018/user_scripts/plomlombot_daemon.sh
@@ -5,6 +5,7 @@ set -e
 path=~/.plomlombot
 db_dir="${HOME}/plomlombot_db"
 irclogs_dir=/var/www/html/irclogs
+irclogs_pw_dir=/var/www/irclogs_pw
 while true; do
     if [ -f "${path}" ]; then
         cat "${path}" | while read line; do
@@ -16,7 +17,14 @@ while true; do
     	        session_name=$(echo -n "${line}" | cut -d' ' -f2)
     	        bot_name=$(echo -n "${line}" | cut -d' ' -f3)
     	        channel_name=$(echo -n "${line}" | cut -d' ' -f4)
+                shortened_channel_name="${channel_name}"
+                first_char=$(echo -n "${channel_name}" | cut -c1)
+                if [ "${first_char}" = "#" ]; then
+                    shortened_channel_name=$(echo -n "${channel_name}" | cut -c2-)
+                fi
     	        server_name=$(echo -n "${line}" | cut -d' ' -f5)
+                login_user=$(echo -n "${line}" | cut -d' ' -f6)
+                login_pw=$(echo -n "${line}" | cut -d' ' -f7)
     	        set +e
     	        screen -S "${session_name}" -Q select . > /dev/null
     	        start_screen=$?
@@ -30,12 +38,8 @@ while true; do
     	        logs_dir="${db_dir}/${md5_server}/${md5_channel}/logs"
     	        # FIXME: Note the trouble we will have if we have the same channel
     	        # name on different servers …
-                shortened_channel_name="${channel_name}"
-                first_char=$(echo -n "${channel_name}" | cut -c1)
-                if [ "${first_char}" = "#" ]; then
-                    shortened_channel_name=$(echo -n "${channel_name}" | cut -c2-)
-                fi
                 ln -sfn "${logs_dir}" "${irclogs_dir}/${shortened_channel_name}"
+                htpasswd -c "${irclogs_pw_dir}/${shortened_channel_name}" "${login_user}" "${login_pw}"
 
     	    # If "key:" line, encrypt old raw logs to that GPG key.
     	    elif [ "${first_word}" = "gpg_key": ]; then
diff --git a/all_new_2018/user_scripts/start_plomlombot.sh b/all_new_2018/user_scripts/start_plomlombot.sh
deleted file mode 100755
index 8a368bc..0000000
--- a/all_new_2018/user_scripts/start_plomlombot.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-set -e
-cd ~/plomlombot-irc
-./run.sh -r 604800 -n "$1" "$2"
-- 
2.30.2