haproxy-wi/app/modules/server/ssh.py

import os

import paramiko
from flask import render_template, request

import modules.db.sql as sql
import modules.common.common as common
from modules.server import ssh_connection
import modules.roxywi.common as roxywi_common
import modules.roxy_wi_tools as roxy_wi_tools

error_mess = common.error_mess
get_config = roxy_wi_tools.GetConfigVar()


def return_ssh_keys_path(server_ip: str, **kwargs) -> dict:
	lib_path = get_config.get_config_var('main', 'lib_path')
	ssh_settings = {}
	if kwargs.get('id'):
		sshs = sql.select_ssh(id=kwargs.get('id'))
	else:
		sshs = sql.select_ssh(serv=server_ip)

	for ssh in sshs:
		ssh_settings.setdefault('enabled', ssh.enable)
		ssh_settings.setdefault('user', ssh.username)
		ssh_settings.setdefault('password', ssh.password)
		ssh_key = f'{lib_path}/keys/{ssh.name}.pem' if ssh.enable == 1 else ''
		ssh_settings.setdefault('key', ssh_key)

	try:
		ssh_port = [str(server[10]) for server in sql.select_servers(server=server_ip)]
		ssh_settings.setdefault('port', ssh_port[0])
	except Exception as e:
		raise Exception(f'error: Cannot get SSH settings: {e}')

	return ssh_settings


def ssh_connect(server_ip):
	ssh_settings = return_ssh_keys_path(server_ip)
	ssh = ssh_connection.SshConnection(
		server_ip, ssh_settings['port'],
		ssh_settings['user'],
		ssh_settings['password'],
		ssh_settings['enabled'],
		ssh_settings['key']
	)

	return ssh


def create_ssh_cred() -> str:
	name = common.checkAjaxInput(request.form.get('new_ssh'))
	enable = common.checkAjaxInput(request.form.get('ssh_enable'))
	group = common.checkAjaxInput(request.form.get('new_group'))
	group_name = sql.get_group_name_by_id(group)
	username = common.checkAjaxInput(request.form.get('ssh_user'))
	password = common.checkAjaxInput(request.form.get('ssh_pass'))
	page = common.checkAjaxInput(request.form.get('page'))
	page = page.split("#")[0]
	lang = roxywi_common.get_user_lang_for_flask()
	name = f'{name}_{group_name}'

	if username is None or name is None:
		return error_mess
	else:
		if sql.insert_new_ssh(name, enable, group, username, password):
			roxywi_common.logging('Roxy-WI server', f'New SSH credentials {name} has been created', roxywi=1, login=1)
			return render_template('ajax/new_ssh.html', groups=sql.select_groups(), sshs=sql.select_ssh(name=name), page=page, lang=lang)


def create_ssh_cread_api(name: str, enable: str, group: str, username: str, password: str) -> bool:
	groups = sql.select_groups(id=group)
	for group in groups:
		user_group = group.name
	name = common.checkAjaxInput(name)
	name = f'{name}_{user_group}'
	enable = common.checkAjaxInput(enable)
	username = common.checkAjaxInput(username)
	password = common.checkAjaxInput(password)

	if username is None or name is None:
		return False
	else:
		if sql.insert_new_ssh(name, enable, group, username, password):
			return True


def upload_ssh_key(name: str, user_group: str, key: str) -> str:
	if '..' in name:
		raise Exception('error: nice try')

	if name == '':
		raise Exception('error: please select credentials first')

	try:
		key = paramiko.pkey.load_private_key(key)
	except Exception as e:
		raise Exception(f'error: Cannot save SSH key file: {e}')

	lib_path = get_config.get_config_var('main', 'lib_path')
	full_dir = f'{lib_path}/keys/'
	ssh_keys = f'{name}.pem'

	try:
		_check_split = name.split('_')[1]
		split_name = True
	except Exception:
		split_name = False

	if not os.path.isfile(ssh_keys) and not split_name:
		name = f'{name}_{user_group}'

	if not os.path.exists(full_dir):
		os.makedirs(full_dir)

	ssh_keys = f'{full_dir}{name}.pem'

	try:
		key.write_private_key_file(ssh_keys)
	except Exception as e:
		raise Exception(f'error: Cannot save SSH key file: {e}')
	else:
		try:
			os.chmod(ssh_keys, 0o600)
		except IOError as e:
			roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1)
			raise Exception(f'error: something went wrong: {e}')

		roxywi_common.logging("Roxy-WI server", f"A new SSH cert has been uploaded {ssh_keys}", roxywi=1, login=1)
		return f'success: SSH key has been saved into: {ssh_keys}'


def update_ssh_key() -> str:
	ssh_id = common.checkAjaxInput(request.form.get('id'))
	name = common.checkAjaxInput(request.form.get('name'))
	enable = common.checkAjaxInput(request.form.get('ssh_enable'))
	group = common.checkAjaxInput(request.form.get('group'))
	username = common.checkAjaxInput(request.form.get('ssh_user'))
	password = common.checkAjaxInput(request.form.get('ssh_pass'))
	new_ssh_key_name = ''

	if username is None:
		return error_mess
	else:
		lib_path = get_config.get_config_var('main', 'lib_path')

		for sshs in sql.select_ssh(id=ssh_id):
			ssh_enable = sshs.enable
			ssh_key_name = f'{lib_path}/keys/{sshs.name}.pem'
			new_ssh_key_name = f'{lib_path}/keys/{name}.pem'

		if ssh_enable == 1:
			os.rename(ssh_key_name, new_ssh_key_name)
			os.chmod(new_ssh_key_name, 0o600)

		sql.update_ssh(ssh_id, name, enable, group, username, password)
		roxywi_common.logging('Roxy-WI server', f'The SSH credentials {name} has been updated ', roxywi=1, login=1)

		return 'ok'


def delete_ssh_key(ssh_id) -> str:
	lib_path = get_config.get_config_var('main', 'lib_path')
	name = ''
	ssh_enable = 0
	ssh_key_name = ''

	for sshs in sql.select_ssh(id=ssh_id):
		ssh_enable = sshs.enable
		name = sshs.name
		ssh_key_name = f'{lib_path}/keys/{sshs.name}.pem'

	if ssh_enable == 1:
		try:
			os.remove(ssh_key_name)
		except Exception:
			pass
	if sql.delete_ssh(ssh_id):
		roxywi_common.logging('Roxy-WI server', f'The SSH credentials {name} has deleted', roxywi=1, login=1)
		return 'ok'