3 files changed, 287 insertions, 0 deletions

diff --git a/server/proxy/apache.conf b/server/proxy/apache.conf
new file mode 100644
index 0000000..e0c49a5
--- /dev/null
+++ b/server/proxy/apache.conf
@@ -0,0 +1,99 @@
+<VirtualHost *:27443>
+	SSLEngine On
+	SSLCertificateFile /etc/ssl/sslforfree/sg.crt
+	SSLCertificateKeyFile /etc/ssl/sslforfree/sg.key
+	SSLProxyEngine On
+	SSLProxyCheckPeerCN Off
+	SSLProxyCheckPeerName Off
+	# The ServerName directive sets the request scheme, hostname and port that
+	# the server uses to identify itself. This is used when creating
+	# redirection URLs. In the context of virtual hosts, the ServerName
+	# specifies what hostname must appear in the request's Host: header to
+	# match this virtual host. For the default virtual host (this file) this
+	# value is not decisive as it is used as a last resort host regardless.
+	# However, you must set it for any further virtual host explicitly.
+	#ServerName www.example.com
+
+	#ServerAdmin webmaster@localhost
+	#DocumentRoot /var/www/apache2
+
+	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+	# error, crit, alert, emerg.
+	# It is also possible to configure the loglevel for particular
+	# modules, e.g.
+	#LogLevel info ssl:warn
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+	# For most configuration files from conf-available/, which are
+	# enabled or disabled at a global level, it is possible to
+	# include a line for only one particular virtual host. For example the
+	# following line enables the CGI configuration for this host only
+	# after it has been globally disabled with "a2disconf".
+	#Include conf-available/serve-cgi-bin.conf
+
+	RequestHeader unset Accept-Encoding
+	ProxyPreserveHost Off
+	ProxyPass "/" "https://zgimsis.gimb.org:443/"
+	ProxyPassReverse "/" "https://zgimsis.gimb.org:443/"
+	AddOutputFilterByType SUBSTITUTE text/html
+	Substitute "s|zgimsis.gimb.org|zgimsis.gimb.tk:27443|i"
+	Substitute "s/window.location.replace/console.log/i"
+	DumpIOInput Off
+	DumpIOOutput On
+	LogLevel dumpio:trace7
+	LogLevel debug
+
+</VirtualHost>
+<VirtualHost *:2780>
+#	ServerName cargova.xn--pga.ga
+#	SSLEngine On
+#	SSLCertificateFile /etc/ssl/sslforfree/sg.crt
+#	SSLCertificateKeyFile /etc/ssl/sslforfree/sg.key
+	SSLProxyEngine On
+	SSLProxyCheckPeerCN Off
+	SSLProxyCheckPeerName Off
+	# The ServerName directive sets the request scheme, hostname and port that
+	# the server uses to identify itself. This is used when creating
+	# redirection URLs. In the context of virtual hosts, the ServerName
+	# specifies what hostname must appear in the request's Host: header to
+	# match this virtual host. For the default virtual host (this file) this
+	# value is not decisive as it is used as a last resort host regardless.
+	# However, you must set it for any further virtual host explicitly.
+	#ServerName www.example.com
+
+	#ServerAdmin webmaster@localhost
+	#DocumentRoot /var/www/apache2
+
+	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+	# error, crit, alert, emerg.
+	# It is also possible to configure the loglevel for particular
+	# modules, e.g.
+	#LogLevel info ssl:warn
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+	# For most configuration files from conf-available/, which are
+	# enabled or disabled at a global level, it is possible to
+	# include a line for only one particular virtual host. For example the
+	# following line enables the CGI configuration for this host only
+	# after it has been globally disabled with "a2disconf".
+	#Include conf-available/serve-cgi-bin.conf
+
+	RequestHeader unset Accept-Encoding
+	ProxyPreserveHost Off
+	ProxyPass "/" "https://zgimsis.gimb.org:443/"
+	ProxyPassReverse "/" "https://zgimsis.gimb.org:443/"
+	AddOutputFilterByType SUBSTITUTE text/html
+	Substitute "s/zgimsis.gimb.org/zgimsis.gimb.tk:2780/i"
+	Substitute "s/window.location.replace/console.log/i"
+	DumpIOInput Off
+	DumpIOOutput On
+	LogLevel dumpio:trace7
+	LogLevel debug
+
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
diff --git a/server/proxy/nginx.conf b/server/proxy/nginx.conf
new file mode 100644
index 0000000..222b8d2
--- /dev/null
+++ b/server/proxy/nginx.conf
@@ -0,0 +1,133 @@
+#server {
+#	server_name _;
+#    listen   80 default_server;
+#    # listen   443 default_server;
+#    listen   [::]:80 default_server;
+#    # listen   [::]:443 default_server;
+#    return   444;
+#}
+server {
+	listen 93.103.156.37:80;
+	listen [::]:80;
+	server_name .g.gimb.tk .gimsis.gimb.tk .zgimsis.gimb.tk .gimsisext.gimb.tk .gse.gimb.tk;
+	return 301 https://zgimsis.gimb.tk$request_uri;
+	port_in_redirect off;
+	server_name_in_redirect off;
+}
+server {
+	listen 93.103.156.37:443 ssl http2;
+	listen [::]:443 ssl http2;
+	ssl_certificate /etc/ssl/sslforfree/sg.crt;
+	ssl_certificate_key /etc/ssl/sslforfree/sg.key;
+	ssl_session_cache  builtin:1000  shared:SSL:10m;
+	ssl_prefer_server_ciphers on;
+	add_header Strict-Transport-Security "max-age=604800";
+	#root /var/www/html;
+	index index.php index.html index.htm index.nginx-debian.html;
+	server_name .g.gimb.tk .gimsis.gimb.tk .zgimsis.gimb.tk .gimsisext.gimb.tk .gse.gimb.tk;
+	location /gse/ {
+		#try_files $uri $uri/ =404;
+		proxy_pass       https://localhost:27443;
+		proxy_set_header Host      $host;
+		proxy_set_header X-Real-IP $remote_addr;
+		set $cors '';
+		set $both_conditions "";
+		add_header "x-debug-location-gse" "triggered";
+		if ($http_origin ~ \.?gimb\.tk$) {
+			set $cors 'true';
+			set $both_conditions "P";
+			add_header "x-debug-http-origin-check" "passed";
+		}
+		if ($cors = 'true') {
+			add_header "Access-Control-Allow-Origin" $http_origin always;
+			add_header "Access-Control-Allow-Credentials" "true" always;
+			add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always;
+			add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
+			add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
+		}
+		if ($request_method = 'OPTIONS') {
+			set $both_conditions "${both_conditions}D";
+		}
+		if ($both_conditions = PD) {
+			add_header "Access-Control-Allow-Origin" $http_origin always;
+			add_header "Access-Control-Allow-Credentials" "true" always;
+			add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always;
+			add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
+			add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
+			add_header 'Access-Control-Max-Age' -1;
+			add_header 'Content-Type' 'text/plain charset=UTF-8';
+			add_header 'Content-Length' 0;
+			return 204;
+		}
+	}
+	location / {
+		set $cors '';
+		if ($http_origin ~ \.?gimb\.tk$) {
+			set $cors 'true';
+		}
+		if ($cors = 'true') {
+			add_header "Access-Control-Allow-Origin" $http_origin always;
+			add_header "Access-Control-Allow-Credentials" "true" always;
+			add_header "Access-Control-Allow-Methods" "GET, POST, PATCH, PUT, DELETE, OPTIONS" always;
+			add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
+			add_header 'Access-Control-Expose-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,Authorization' always;
+		}
+		if ($request_method = 'OPTIONS') {
+			add_header 'Access-Control-Max-Age' 300;
+			add_header 'Content-Type' 'text/plain charset=UTF-8';
+			add_header 'Content-Length' 0;
+			return 204;
+		}
+		return 301 https://zgimsis.gimb.tk/gse/;
+	}
+	#location ~ \.php$ {
+	#	include snippets/fastcgi-php.conf;
+	#	fastcgi_pass unix:/run/php/php7.3-fpm.sock;
+	#}
+	location ~ /\.ht {
+		deny all;
+	}
+	port_in_redirect off;
+	server_name_in_redirect off;
+}
+server {
+	listen 93.103.156.37:80;
+	listen [::]:80;
+	server_name .la.gimb.tk .lopolisapi.gimb.tk .lopolis-api.gimb.tk;
+	return 301 https://lopolis-api.gimb.tk$request_uri;
+	port_in_redirect off;
+	server_name_in_redirect off;
+}
+server {
+	listen 93.103.156.37:443 ssl http2;
+	listen [::]:443 ssl http2;
+	ssl_certificate /etc/ssl/sslforfree/sg.crt;
+	ssl_certificate_key /etc/ssl/sslforfree/sg.key;
+	ssl_session_cache  builtin:1000  shared:SSL:10m;
+	ssl_prefer_server_ciphers on;
+	add_header Strict-Transport-Security "max-age=604800";
+	#root /var/www/html;
+	index index.php index.html index.htm index.nginx-debian.html;
+	server_name .la.gimb.tk .lopolisapi.gimb.tk .lopolis-api.gimb.tk;
+	location / {
+		#try_files $uri $uri/ =404;
+	    proxy_pass       http://localhost:44625;
+	    proxy_set_header Host      $host;
+	    proxy_set_header X-Real-IP $remote_addr;
+	}
+	#location / {
+#		return 301 https://zgimsis.gimb.tk/gse/;
+#	}
+	#location ~ \.php$ {
+	#	include snippets/fastcgi-php.conf;
+	#	fastcgi_pass unix:/run/php/php7.3-fpm.sock;
+	#}
+	location ~ /\.ht {
+		deny all;
+	}
+	add_header X-This-Is-Definetley-Not-Flask I-Really-Care-If-Someone-DoSes-This-/s;
+	add_header X-I-Mean-If-Someone-Wants-To-DoS-Me They-Have-The-Power-To-Do-It;
+	add_header X-Although-It-Is-Illegal-And-I Will-Report-You-To-SiCert-And-They-Will-Bit-Your-Ass;
+	port_in_redirect off;
+	server_name_in_redirect off;
+}
diff --git a/server/report/index.php b/server/report/index.php
new file mode 100644
index 0000000..7b48b35
--- /dev/null
+++ b/server/report/index.php
@@ -0,0 +1,55 @@
+<?php
+	header("Content-Type: text/plain");
+	$warning = "this beziapp report service is here to inform the developers of client errors and stores IP address, user agent ".
+		"and error details. The error reporting is not mandatory and can be distabled in the settings. If you want to delete any of ".
+		"your personal information submitted to this server or if you want a data dump of your error entries, please send an email".
+		"to the maintainers of this beziapp reporting server (sijanecantonluka@gmail.com). We do not store any other information, ".
+		"such as usernames, so if you have a dynamic IP and it changes, there's no way of proving that you sent the reports. If ".
+		"that's the case, we won't delete or provide any error reports to you. You must have proof of IP address ownership by ".
+		"requesting a special link that we will send you via email when data deletion/dump will be requested. Again, failing the ".
+		"IP address verification process will force us into not sending or deleting any data. GDPR sucks.";
+	if($_REQUEST["type"] != "error") {
+		http_response_code(400);
+		exit("only error reports are supported on this instance. ".$warning);
+	}
+	if(empty($_REQUEST["client"]["app_version"])) {
+		http_response_code(400);
+		exit("you must provide your app version. ".$warning);
+	}
+
+	$servername = "localhost";
+	$username = "beziappreports";
+	$password = "not today!";
+	$dbname = "beziappreports";
+	$conn = new mysqli($servername, $username, $password, $dbname);
+	if ($conn->connect_error) {
+		http_response_code(500);
+		die("database connection failed. ".$warning); // . $conn->connect_error);
+	}
+
+	$query = "CREATE TABLE IF NOT EXISTS error_reports (
+		msg							VARCHAR(420)		,
+		url							VARCHAR(420)		,
+		line						INT							,
+		colno						INT							,
+		obj							VARCHAR(420)		,
+		ua							VARCHAR(420)		,
+		app_version			VARCHAR(420)		,
+		previous_commit	VARCHAR(69)			,
+		ip							VARCHAR(69)			,
+	)";
+	$result = mysqli_query($conn, $query);
+
+	$stmt = $conn->prepare("INSERT INTO error_reports (msg, url, line, colno, obj, ua, app_version, previous_commit, ip) VALUES".
+		"(?, ?, ?, ?, ?, ?, ?, ?, ?)");
+	$stmt->bind_param("ssiisssss", $_REQUEST["error"]["msg"], $_REQUEST["error"]["url"], $_REQUEST["error"]["line"],
+		$_REQUEST["error"]["column"], $_REQUEST["error"]["obj"], $_REQUEST["client"]["ua"], $_REQUEST["client"]["app_version"],
+		$_REQUEST["client"]["previous_commit"], $_SERVER["REMOTE_ADDR"]);
+
+	$stmt->execute();
+
+	$stmt->close();
+	$conn->close();
+
+	exit("report saved. ".$warning);
+?>