Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev

CHANGELOG.md

@@ -5,6 +5,7 @@
 - [AUTOCONF] Increase retry limit and improve stability of Kubernetes watch stream
 - [UI] Add caching for GitHub buttons to improve performance
 - [UI] Fix shenanigans with multiples
+- [DEPS] Updated NGINX version to `1.26.3` (For now, Fedora 40/41 doesn't support this version and therefor will use the version `1.26.2`)
 - [DEPS] Updated lua-resty-openssl version to 1.5.2
 
 ## v1.6.0-rc4 - 2025/01/29

docs/integrations.md

@@ -337,11 +337,11 @@ Please ensure that you have **NGINX 1.26.2 installed before installing BunkerWeb
     | sudo tee /etc/apt/sources.list.d/nginx.list
     ```
 
-    You should now be able to install NGINX 1.26.2 :
+    You should now be able to install NGINX 1.26.3 :
 
     ```shell
     sudo apt update && \
-    sudo apt install -y nginx=1.26.2-1~$(lsb_release -cs)
+    sudo apt install -y nginx=1.26.3-1~$(lsb_release -cs)
     ```
 
     !!! warning "Testing/dev version"
@@ -385,11 +385,11 @@ Please ensure that you have **NGINX 1.26.2 installed before installing BunkerWeb
     | sudo tee /etc/apt/sources.list.d/nginx.list
     ```
 
-    You should now be able to install NGINX 1.26.2 :
+    You should now be able to install NGINX 1.26.3 :
 
     ```shell
     sudo apt update && \
-    sudo apt install -y nginx=1.26.2-1~$(lsb_release -cs)
+    sudo apt install -y nginx=1.26.3-1~$(lsb_release -cs)
     ```
 
     !!! warning "Testing/dev version"
@@ -422,12 +422,8 @@ Please ensure that you have **NGINX 1.26.2 installed before installing BunkerWeb
 
 === "Fedora"
 
-    !!! info "Fedora Update Testing"
-        If you can't find the NGINX version listed in the stable repository, you can enable the `updates-testing` repository :
-
-        ```shell
-        sudo dnf config-manager --set-enabled updates-testing
-        ```
+    !!! warning "NGINX 1.26.3"
+        As of the writing of this documentation, the `1.26.3` version of NGINX is not yet available in the official Fedora repositories. So temporarily, you will need to use the version `1.26.2` provided by Fedora.
 
     Fedora already provides NGINX 1.26.2 that we support :
 
@@ -481,10 +477,10 @@ Please ensure that you have **NGINX 1.26.2 installed before installing BunkerWeb
     module_hotfixes=true
     ```
 
-    You should now be able to install NGINX 1.26.2 :
+    You should now be able to install NGINX 1.26.3 :
 
     ```shell
-    sudo dnf install nginx-1.26.2
+    sudo dnf install nginx-1.26.3
     ```
 
     !!! example "Disable the setup wizard"

src/bw/Dockerfile

@@ -1,4 +1,4 @@
-FROM nginx:1.26.2-alpine-slim@sha256:1d541dc68a99c4da7923e88b8e184f85034804a1ff59ee838a81d83c319267d8 AS builder
+FROM nginx:1.26.3-alpine-slim@sha256:e22e10bd833136245b39ffeb1a0d7c672f5597c18df4c462f327cc44fe0aa7a8 AS builder
 
 # Install temporary requirements for the dependencies
 RUN apk add --no-cache bash autoconf libtool automake geoip-dev g++ gcc curl-dev libxml2-dev pcre-dev make linux-headers musl-dev gd-dev gnupg brotli-dev openssl-dev patch readline-dev yajl yajl-dev yajl-tools py3-pip
@@ -42,7 +42,7 @@ COPY src/common/utils utils
 COPY src/VERSION VERSION
 COPY misc/*.ascii misc/
 
-FROM nginx:1.26.2-alpine-slim@sha256:1d541dc68a99c4da7923e88b8e184f85034804a1ff59ee838a81d83c319267d8
+FROM nginx:1.26.3-alpine-slim@sha256:e22e10bd833136245b39ffeb1a0d7c672f5597c18df4c462f327cc44fe0aa7a8
 
 # Set default umask to prevent huge recursive chmod increasing the final image size
 RUN umask 027

src/common/core/backup/backup.py

@@ -5,7 +5,6 @@
 from os import environ, getenv
 from os.path import join, sep
 from pathlib import Path
-from re import compile as re_compile
 from subprocess import PIPE, run
 from sys import exit as sys_exit, path as sys_path
 from time import sleep
@@ -16,14 +15,15 @@
     if deps_path not in sys_path:
         sys_path.append(deps_path)
 
+from sqlalchemy.engine.url import make_url
+
 from common_utils import bytes_hash  # type: ignore
 from Database import Database  # type: ignore
 from logger import setup_logger  # type: ignore
 from model import Base  # type: ignore
 
 LOGGER = setup_logger("BACKUP")
 
-DB_STRING_RX = re_compile(r"^(?P<database>(mariadb|mysql)(\+pymysql)?|sqlite(\+pysqlite)?|postgresql(\+psycopg)?):/+(?P<path>/[^\s]+)")
 BACKUP_DIR = Path(getenv("BACKUP_DIRECTORY", "/var/lib/bunkerweb/backups"))
 DB_LOCK_FILE = Path(sep, "var", "lib", "bunkerweb", "db.lock")
 
@@ -58,35 +58,27 @@ def backup_database(current_time: datetime, db: Database = None, backup_dir: Pat
     """Backup the database."""
     db = db or Database(LOGGER)
 
-    database: Literal["sqlite", "mariadb", "mysql", "postgresql"] = db.database_uri.split(":")[0].split("+")[0]  # type: ignore
+    database_url = make_url(db.database_uri)
+    database: Literal["sqlite", "mariadb", "mysql", "postgresql"] = database_url.drivername.split("+")[0]
     backup_file = backup_dir.joinpath(f"backup-{database}-{current_time.strftime('%Y-%m-%d_%H-%M-%S')}.zip")
     LOGGER.debug(f"Backup file path: {backup_file}")
     stderr = "Table 'db.test_"
     current_time = datetime.now().astimezone()
 
     while "Table 'db.test_" in stderr and (datetime.now().astimezone() - current_time).total_seconds() < 10:
         if database == "sqlite":
-            match = DB_STRING_RX.search(db.database_uri)
-            if not match:
-                LOGGER.error(f"Invalid database string provided: {db.database_uri}, skipping backup ...")
-                sys_exit(1)
-
-            db_path = Path(match.group("path"))
+            db_path = Path(database_url.database)
 
             LOGGER.info("Creating a backup for the SQLite database ...")
 
             proc = run(["sqlite3", db_path.as_posix(), ".dump"], stdout=PIPE, stderr=PIPE)
         else:
-            db_host = db.database_uri.rsplit("@", 1)[1].split("/")[0].split(":")
-            db_port = None
-            if len(db_host) == 1:
-                db_host = db_host[0]
-            else:
-                db_host, db_port = db_host
-
-            db_user = db.database_uri.split("://")[1].split(":")[0]
-            db_password = db.database_uri.split("://")[1].split(":")[1].rsplit("@", 1)[0]
-            db_database_name = db.database_uri.split("/")[-1].split("?")[0]
+            url = make_url(db.database_uri)
+            db_user = url.username or ""
+            db_password = url.password or ""
+            db_host = url.host or ""
+            db_port = str(url.port) if url.port else ""
+            db_database_name = url.database or ""
 
             if database in ("mariadb", "mysql"):
                 LOGGER.info("Creating a backup for the MariaDB/MySQL database ...")
@@ -127,15 +119,11 @@ def restore_database(backup_file: Path, db: Database = None) -> Database:
     """Restore the database from a backup."""
     db = db or Database(LOGGER)
     Base.metadata.drop_all(db.sql_engine)
-    database: Literal["sqlite", "mariadb", "mysql", "postgresql"] = db.database_uri.split(":")[0].split("+")[0]  # type: ignore
+    database_url = make_url(db.database_uri)
+    database: Literal["sqlite", "mariadb", "mysql", "postgresql"] = database_url.drivername.split("+")[0]
 
     if database == "sqlite":
-        match = DB_STRING_RX.search(db.database_uri)
-        if not match:
-            LOGGER.error(f"Invalid database string provided: {db.database_uri}, skipping restore ...")
-            sys_exit(1)
-
-        db_path = Path(match.group("path"))
+        db_path = Path(database_url.database)
 
         # Clear the database
         proc = run(["sqlite3", db_path.as_posix(), ".read", "/dev/null"], stdout=PIPE, stderr=PIPE)
@@ -149,16 +137,12 @@ def restore_database(backup_file: Path, db: Database = None) -> Database:
         proc = run(["sqlite3", db_path.as_posix(), f".read {tmp_file.as_posix()}"], stdout=PIPE, stderr=PIPE)
         tmp_file.unlink(missing_ok=True)
     else:
-        db_host = db.database_uri.rsplit("@", 1)[1].split("/")[0].split(":")
-        db_port = None
-        if len(db_host) == 1:
-            db_host = db_host[0]
-        else:
-            db_host, db_port = db_host
-
-        db_user = db.database_uri.split("://")[1].split(":")[0]
-        db_password = db.database_uri.split("://")[1].split(":")[1].rsplit("@", 1)[0]
-        db_database_name = db.database_uri.split("/")[-1].split("?")[0]
+        url = make_url(db.database_uri)
+        db_user = url.username or ""
+        db_password = url.password or ""
+        db_host = url.host or ""
+        db_port = str(url.port) if url.port else ""
+        db_database_name = url.database or ""
 
         if database in ("mariadb", "mysql"):
             LOGGER.info("Restoring the MariaDB/MySQL database ...")

src/deps/deps.json

@@ -241,9 +241,9 @@
     },
     {
       "id": "nginx",
-      "name": "Nginx v1.26.2",
+      "name": "Nginx v1.26.3",
       "url": "https://github.com/nginx/nginx.git",
-      "commit": "37fe98355461d2f03d73e6a8e82ac4e4cd85d711",
+      "commit": "1be0fb0c9f9bc3489c7b40576efd6afe6b2eccd5",
       "post_install": "rm -r src/deps/src/nginx/docs"
     },
     {

src/linux/Dockerfile-debian

@@ -1,7 +1,7 @@
 FROM debian:bookworm-slim@sha256:321341744acb788e251ebd374aecc1a42d60ce65da7bd4ee9207ff6be6686a62 AS builder
 
 ENV OS=debian
-ENV NGINX_VERSION=1.26.2
+ENV NGINX_VERSION=1.26.3
 
 # Install Nginx and dependencies
 RUN apt update && \

src/linux/Dockerfile-rhel

@@ -1,7 +1,7 @@
 FROM redhat/ubi8:8.10@sha256:881aaf5fa0d1f85925a1b9668a1fc7f850a11ca30fd3e37ea194db4edff892a5 AS builder
 
 ENV OS=rhel
-ENV NGINX_VERSION=1.26.2
+ENV NGINX_VERSION=1.26.3
 
 # Copy rocky repo
 COPY src/linux/rocky-8.repo /etc/yum.repos.d/rocky.repo

src/linux/Dockerfile-rhel9

@@ -1,7 +1,7 @@
 FROM redhat/ubi9:9.5@sha256:53d6c19d664f4f418ce5c823d3a33dbb562a2550ea249cf07ef10aa063ace38f AS builder
 
 ENV OS=rhel
-ENV NGINX_VERSION=1.26.2
+ENV NGINX_VERSION=1.26.3
 
 # Copy rocky repo
 COPY src/linux/rocky-9.repo /etc/yum.repos.d/rocky.repo

src/linux/Dockerfile-ubuntu

@@ -1,7 +1,7 @@
 FROM ubuntu:noble@sha256:72297848456d5d37d1262630108ab308d3e9ec7ed1c3286a32fe09856619a782 AS builder
 
 ENV OS=ubuntu
-ENV NGINX_VERSION=1.26.2
+ENV NGINX_VERSION=1.26.3
 
 # Install Nginx and dependencies
 RUN apt update && \

src/linux/Dockerfile-ubuntu-jammy

@@ -1,7 +1,7 @@
 FROM ubuntu:jammy@sha256:ed1544e454989078f5dec1bfdabd8c5cc9c48e0705d07b678ab6ae3fb61952d2 AS builder
 
 ENV OS=ubuntu
-ENV NGINX_VERSION=1.26.2
+ENV NGINX_VERSION=1.26.3
 
 # Install Nginx and dependencies
 RUN apt update && \

src/linux/fpm-debian

@@ -3,7 +3,7 @@
 --license agpl3
 --version %VERSION%
 --architecture %ARCH%
---depends bash --depends python3 --depends procps --depends python3-pip --depends 'nginx = 1.26.2-1~bookworm' --depends libcurl4 --depends libgeoip-dev --depends libxml2 --depends libyajl2 --depends libmagic1 --depends net-tools --depends sudo --depends lsof --depends libpq5 --depends libpcre3 --depends libcap2-bin --depends logrotate --depends mariadb-client --depends postgresql-client --depends sqlite3 --depends unzip --depends tar
+--depends bash --depends python3 --depends procps --depends python3-pip --depends 'nginx = 1.26.3-1~bookworm' --depends libcurl4 --depends libgeoip-dev --depends libxml2 --depends libyajl2 --depends libmagic1 --depends net-tools --depends sudo --depends lsof --depends libpq5 --depends libpcre3 --depends libcap2-bin --depends logrotate --depends mariadb-client --depends postgresql-client --depends sqlite3 --depends unzip --depends tar
 --description "BunkerWeb %VERSION% for Debian 12"
 --url "https://www.bunkerweb.io"
 --maintainer "Bunkerity <contact at bunkerity dot com>"

src/linux/fpm-rhel

@@ -3,7 +3,7 @@
 --license agpl3
 --version %VERSION%
 --architecture %ARCH%
---depends bash --depends python39 --depends 'nginx >= 1:1.26.2' --depends 'nginx < 1:1.27.0' --depends libcurl-devel --depends libxml2 --depends yajl --depends file-libs --depends net-tools --depends gd --depends sudo --depends procps --depends lsof --depends geoip --depends libpq --depends libcap --depends openssl --depends sqlite --depends unzip --depends tar
+--depends bash --depends python39 --depends 'nginx >= 1:1.26.3' --depends 'nginx < 1:1.27.0' --depends libcurl-devel --depends libxml2 --depends yajl --depends file-libs --depends net-tools --depends gd --depends sudo --depends procps --depends lsof --depends geoip --depends libpq --depends libcap --depends openssl --depends sqlite --depends unzip --depends tar
 --description "BunkerWeb %VERSION% for RHEL 8"
 --url "https://www.bunkerweb.io"
 --maintainer "Bunkerity <contact at bunkerity dot com>"

src/linux/fpm-rhel9

@@ -3,7 +3,7 @@
 --license agpl3
 --version %VERSION%
 --architecture %ARCH%
---depends bash --depends python39 --depends 'nginx >= 1:1.26.2' --depends 'nginx < 1:1.27.0' --depends libcurl-devel --depends libxml2 --depends yajl --depends file-libs --depends net-tools --depends gd --depends sudo --depends procps --depends lsof --depends libmaxminddb --depends libpq --depends libcap --depends openssl --depends mysql --depends postgresql --depends sqlite --depends unzip --depends tar
+--depends bash --depends python39 --depends 'nginx >= 1:1.26.3' --depends 'nginx < 1:1.27.0' --depends libcurl-devel --depends libxml2 --depends yajl --depends file-libs --depends net-tools --depends gd --depends sudo --depends procps --depends lsof --depends libmaxminddb --depends libpq --depends libcap --depends openssl --depends mysql --depends postgresql --depends sqlite --depends unzip --depends tar
 --description "BunkerWeb %VERSION% for RHEL 9"
 --url "https://www.bunkerweb.io"
 --maintainer "Bunkerity <contact at bunkerity dot com>"

src/linux/fpm-ubuntu

@@ -3,7 +3,7 @@
 --license agpl3
 --version %VERSION%
 --architecture %ARCH%
---depends bash --depends python3 --depends python3-pip --depends 'nginx = 1.26.2-1~noble' --depends libcurl4 --depends libgeoip-dev --depends libxml2 --depends libyajl2 --depends libmagic1 --depends net-tools --depends sudo --depends procps --depends lsof --depends libpq5 --depends libcap2-bin --depends logrotate --depends mariadb-client --depends postgresql-client --depends sqlite3 --depends unzip --depends libpcre3 --depends tar
+--depends bash --depends python3 --depends python3-pip --depends 'nginx = 1.26.3-1~noble' --depends libcurl4 --depends libgeoip-dev --depends libxml2 --depends libyajl2 --depends libmagic1 --depends net-tools --depends sudo --depends procps --depends lsof --depends libpq5 --depends libcap2-bin --depends logrotate --depends mariadb-client --depends postgresql-client --depends sqlite3 --depends unzip --depends libpcre3 --depends tar
 --description "BunkerWeb %VERSION% for Ubuntu 24.04"
 --url "https://www.bunkerweb.io"
 --maintainer "Bunkerity <contact at bunkerity dot com>"

src/linux/fpm-ubuntu-jammy

@@ -3,7 +3,7 @@
 --license agpl3
 --version %VERSION%
 --architecture %ARCH%
---depends bash --depends python3 --depends python3-pip --depends 'nginx = 1.26.2-1~jammy' --depends libcurl4 --depends libgeoip-dev --depends libxml2 --depends libyajl2 --depends libmagic1 --depends net-tools --depends sudo --depends procps --depends lsof --depends libpq5 --depends libcap2-bin --depends logrotate --depends mariadb-client --depends postgresql-client --depends sqlite3 --depends unzip --depends libpcre3 --depends tar
+--depends bash --depends python3 --depends python3-pip --depends 'nginx = 1.26.3-1~jammy' --depends libcurl4 --depends libgeoip-dev --depends libxml2 --depends libyajl2 --depends libmagic1 --depends net-tools --depends sudo --depends procps --depends lsof --depends libpq5 --depends libcap2-bin --depends logrotate --depends mariadb-client --depends postgresql-client --depends sqlite3 --depends unzip --depends libpcre3 --depends tar
 --description "BunkerWeb %VERSION% for Ubuntu 22.04"
 --url "https://www.bunkerweb.io"
 --maintainer "Bunkerity <contact at bunkerity dot com>"

src/ui/app/static/js/plugins-settings.js

@@ -990,7 +990,11 @@ $(document).ready(() => {
     $(`button[data-bs-target="#navs-templates-${usedTemplate}"]`).tab("show");
   }
 
-  if (currentMode === "easy" && currentTemplate !== "low") {
+  if (
+    !$(`button[data-bs-target="#navs-templates-${currentTemplate}"]`).hasClass(
+      "active",
+    )
+  ) {
     $(`button[data-bs-target="#navs-templates-${currentTemplate}"]`).tab(
       "show",
     );

src/ui/main.py

@@ -102,12 +102,6 @@
     sess = Session()
     sess.init_app(app)
 
-    # CSRF protection
-    app.config["WTF_CSRF_TIME_LIMIT"] = None
-    app.config["WTF_CSRF_SSL_STRICT"] = False
-    csrf = CSRFProtect()
-    csrf.init_app(app)
-
     principal = Principal()
     principal.init_app(app)
 
@@ -122,6 +116,12 @@
     login_manager.login_view = "login.login_page"
     login_manager.anonymous_user = AnonymousUser
 
+    # CSRF protection
+    app.config["WTF_CSRF_METHODS"] = ("POST",)
+    app.config["WTF_CSRF_SSL_STRICT"] = False
+    csrf = CSRFProtect()
+    csrf.init_app(app)
+
     def custom_url_for(endpoint, **values):
         if endpoint:
             try: