Use server-side password generator for generating token.

Fix setup correctly writing the value for API to mailu.env
Normalize env vars for front container.
Update reverse proxy with API information.
main
Dimitri Huisman 2 years ago
parent 0673d32306
commit 75afe1092d
No known key found for this signature in database

@ -252,7 +252,7 @@ http {
{% endif %}
{% endif %}
{% if API == 'true' %}
{% if API %}
location ~ {{ WEB_API or '/api' }} {
include /etc/nginx/proxy.conf;
proxy_pass http://$admin;

@ -5,8 +5,7 @@ import logging as log
import sys
from socrate import system, conf
system.set_env()
args = os.environ.copy()
args = system.set_env()
log.basicConfig(stream=sys.stderr, level=args.get("LOG_LEVEL", "WARNING"))
args['TLS_PERMISSIVE'] = str(args.get('TLS_PERMISSIVE')).lower() not in ('false', 'no')

@ -70,14 +70,14 @@ Then on your own frontend, point to these local ports. In practice, you only nee
REAL_IP_FROM=x.x.x.x,y.y.y.y.y
#x.x.x.x,y.y.y.y.y is the static IP address your reverse proxy uses for connecting to Mailu.
Because the admin interface is served as ``/admin``, the Webmail as ``/webmail``, the single sign on page as ``/sso``, webdav as ``/webdav``, the client-autoconfiguration and the static files endpoint as ``/static``, you may also want to use a single virtual host and serve other applications (still Nginx):
Because the admin interface is served as ``/admin``, the RESTful API as ``/api``, the Webmail as ``/webmail``, the single sign on page as ``/sso``, webdav as ``/webdav``, the client-autoconfiguration and the static files endpoint as ``/static``, you may also want to use a single virtual host and serve other applications (still Nginx):
.. code-block:: nginx
server {
# [...] here goes your standard configuration
location ~* ^/(admin|sso|static|webdav|webmail|(apple\.)?mobileconfig|(\.well\-known/autoconfig/)?mail/|Autodiscover/Autodiscover) {
location ~* ^/(admin|api|sso|static|webdav|webmail|(apple\.)?mobileconfig|(\.well\-known/autoconfig/)?mail/|Autodiscover/Autodiscover) {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass https://localhost:8443;

@ -1,7 +1,5 @@
//API_TOKEN generator
var random_array = new Uint32Array(2);
crypto.getRandomValues(random_array);
var token = random_array[0].toString() + random_array[1].toString();
//Store API token in variable.
var token = $("#api_token").val();
$(document).ready(function() {
if ($("#webmail").val() == 'none') {
@ -39,7 +37,7 @@ $(document).ready(function() {
});
$(document).ready(function() {
if ($('#api').prop('checked')) {
if ($('#api_enabled').prop('checked')) {
$("#api_path").show();
$("#api_path").val("/api")
$("#api_token").show();
@ -54,7 +52,7 @@ $(document).ready(function() {
$("#api_token").val("");
$("#api_token_label").hide();
}
$("#api").change(function() {
$("#api_enabled").change(function() {
if ($(this).is(":checked")) {
$("#api_path").show();
$("#api_path").val("/api");

@ -93,11 +93,11 @@ manage your email domains, users, etc.</p>
It is not possible to use the API without an API token.</p>
<div class="form-group">
<input type="checkbox" name="api_enabled" value="true" id="api" >
<input type="checkbox" name="api_enabled" value="true" id="api_enabled" >
<label>Enable the API (and path to the API)</label>
<input class="form-control" type="text" name="api_path" id="api_path" style="display: none">
<label name="api_token_label" id="api_token_label">API token</label>
<input class="form-control" type="text" name="api_token" id="api_token" style="display: none">
<input class="form-control" type="text" name="api_token" id="api_token" style="display: none" value="{{ secret(32) }}">
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>

Loading…
Cancel
Save