Merge pull request #19 from cosmocode/security

Add security config

composer.json

@@ -1,7 +1,7 @@
 {
     "minimum-stability": "dev",
     "require": {
-        "ruflin/elastica": "dev-master",
+        "ruflin/elastica": "7.*",
         "patrickschur/language-detection": "dev-master"
     },
     "config": {

conf/default.php

@@ -6,6 +6,8 @@
  */
 
 $conf['servers']      = 'localhost:9200';
+$conf['username']    = '';
+$conf['password']    = '';
 $conf['indexname']    = 'wiki';
 $conf['snippets']     = 'content';
 $conf['searchSyntax'] = 1;

conf/metadata.php

@@ -6,6 +6,8 @@
  */
 
 $meta['servers']      = array();
+$meta['username']    = array('string');
+$meta['password']    = array('password');
 $meta['indexname']    = array('string');
 $meta['snippets']     = array('multichoice', '_choices' => array('content','abstract'));
 $meta['searchSyntax'] = array('onoff');

helper/client.php

@@ -61,7 +61,9 @@ class helper_plugin_elasticsearch_client extends DokuWiki_Plugin {
      */
     public function connect() {
         if (!is_null($this->elasticaClient)) return $this->elasticaClient;
-
+        // security settings
+        $username = $this->getConf('username');
+        $password = $this->getConf('password');
         // parse servers config into DSN array
         $dsn = ['servers' => []];
         $servers = $this->getConf('servers');
@@ -74,7 +76,7 @@ public function connect() {
             if (!$port) $port = 80;
             $proxy = trim($proxy);
             if (!$host) continue;
-            $dsn['servers'][] = compact('host', 'port', 'proxy');
+            $dsn['servers'][] = compact('host', 'port', 'proxy', 'username', 'password');
         }
 
         $this->elasticaClient = new \Elastica\Client($dsn);

lang/de/settings.php

@@ -6,6 +6,8 @@
  */
 
 $lang['servers']      = 'ElasticSearch server: einer pro Zeile, Port-Nummer durch Doppelpunkt getrennt, optionaler Proxy nach einem Komma';
+$lang['username']     = 'Elastic Benutzer ist erforderlich bei aktivierter Sicherheit in Elastic (Standard ab Version 8)';
+$lang['password']     = 'Elastic Passwort ist erforderlich bei aktivierter Sicherheit in Elastic (Standard ab Version 8)';
 $lang['indexname']    = 'Zu benutzender Index-Name. Muss existieren oder kann mit dem cli.php tool erzeugt werden.';
 $lang['snippets']     = 'Text, der in den Suchergebnissen als Vorschau angezeigt wird';
 $lang['searchSyntax'] = 'Wiki-Syntax zusätzlich zum Seiteninhalt durchsuchen';

lang/en/settings.php

@@ -6,6 +6,8 @@
  */
 
 $lang['servers']      = 'ElasticSearch servers: one per line, add port number after a colon, give optional proxy after a comma';
+$lang['username']     = 'Elastic username is required if security is enabled in Elastic (default since version 8)';
+$lang['password']     = 'Elastic password is required if security is enabled in Elastic (default since version 8)';
 $lang['indexname']    = 'Index name to use, must exist or can be created with the cli.php tool.';
 $lang['snippets']     = 'Text to show in search result snippets';
 $lang['searchSyntax'] = 'Search in wiki syntax in addition to page content';

vendor/autoload.php

@@ -3,8 +3,21 @@
 // autoload.php @generated by Composer
 
 if (PHP_VERSION_ID < 50600) {
-    echo 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
-    exit(1);
+    if (!headers_sent()) {
+        header('HTTP/1.1 500 Internal Server Error');
+    }
+    $err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
+    if (!ini_get('display_errors')) {
+        if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') {
+            fwrite(STDERR, $err);
+        } elseif (!headers_sent()) {
+            echo $err;
+        }
+    }
+    trigger_error(
+        $err,
+        E_USER_ERROR
+    );
 }
 
 require_once __DIR__ . '/composer/autoload_real.php';