Make the rspamd webui available, fixes #157

7 years ago · 1a3f85fbc2
parent 3675fdb915
commit 1a3f85fbc2
4 changed files with 38 additions and 4 deletions
--- a/core/admin/mailu/init.py
+++ b/core/admin/mailu/init.py
@ -45,7 +45,8 @@ default_config = {
    'DISABLE_STATISTICS': 'False',
    'WELCOME': 'False',
    'WELCOME_SUBJECT': 'Dummy welcome topic',
-    'WELCOME_BODY': 'Dummy welcome body'
+    'WELCOME_BODY': 'Dummy welcome body',
+    'WEB_ADMIN': '/admin'
 }

 # Load configuration from the environment if available
@ -78,12 +79,12 @@ def get_locale():
 # Login configuration
 login_manager = flask_login.LoginManager()
 login_manager.init_app(app)
-login_manager.login_view = ".login"
+login_manager.login_view = "ui.login"

@login_manager.unauthorized_handler
 def handle_needs_login():
    return flask.redirect(
-        flask.url_for('.login', next=flask.request.endpoint)
+        flask.url_for('ui.login', next=flask.request.endpoint)
    )

@app.context_processor
--- a/core/admin/mailu/internal/views.py
+++ b/core/admin/mailu/internal/views.py
@ -2,6 +2,7 @@ from mailu import db, models, app, limiter
 from mailu.internal import internal, nginx

 import flask
+import flask_login


@internal.route("/auth/email")
@ -17,3 +18,13 @@ def nginx_authentication():
    for key, value in headers.items():
        response.headers[key] = str(value)
    return response
+
+
+@internal.route("/auth/admin")
+def admin_authentication():
+    """ Fails if the user is not an authenticated admin.
+    """
+    if (not flask_login.current_user.is_anonymous
+        and flask_login.current_user.global_admin):
+        return ""
+    return flask.abort(403)
--- a/core/admin/mailu/ui/templates/sidebar.html
+++ b/core/admin/mailu/ui/templates/sidebar.html
@ -36,7 +36,7 @@
        <i class="fa fa-ticket"></i> <span>{% trans %}Authentication tokens{% endtrans %}</span>
      </a>
    </li>
-    
+
    <li class="header">{% trans %}Administration{% endtrans %}</li>
    {% if current_user.global_admin %}
    <li>
@ -59,6 +59,11 @@
        <i class="fa fa-reply-all"></i> <span>{% trans %}Relayed domains{% endtrans %}</span>
      </a>
    </li>
+    <li>
+      <a href="{{ config["WEB_ADMIN"] }}/antispam/">
+        <i class="fa fa-trash-o"></i> <span>{% trans %}Antispam{% endtrans %}</span>
+      </a>
+    </li>
    {% endif %}
    {% if current_user.manager_of or current_user.global_admin %}
    <li>
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@ -71,11 +71,20 @@ http {
      location {{ WEB_ADMIN }} {
        return 301 {{ WEB_ADMIN }}/ui;
      }
+
      location ~ {{ WEB_ADMIN }}/(ui|static) {
        rewrite ^{{ WEB_ADMIN }}/(.*) /$1 break;
        proxy_set_header X-Forwarded-Prefix {{ WEB_ADMIN }};
        proxy_pass http://admin;
      }
+
+      location {{ WEB_ADMIN }}/antispam {
+        rewrite ^{{ WEB_ADMIN }}/antispam/(.*) /$1 break;
+        auth_request /internal/auth/admin;
+        proxy_set_header X-Real-IP "";
+        proxy_set_header X-Forwarded-For "";
+        proxy_pass http://antispam:11334;
+      }
      {% endif %}

      {% if WEBDAV != 'none' %}
@ -85,6 +94,14 @@ http {
      }
      {% endif %}
      {% endif %}
+
+      location /internal {
+        internal;
+
+        proxy_pass http://admin;
+        proxy_pass_request_body off;
+        proxy_set_header Content-Length "";
+      }
    }

    # Forwarding authentication server