v5.1.3.0

Changelog: https://haproxy-wi.org/changelog.py#5_1_3
2021-05-16 11:27:47 +06:00 · 2021-05-16 11:27:47 +06:00 · 15257c92ce
parent fd784a9e82
commit 15257c92ce
9 changed files with 182 additions and 25 deletions
--- a/app/create_db.py
+++ b/app/create_db.py
@ -1230,9 +1230,30 @@ def update_db_v_5_1_2(**kwargs):
 	con.close()


+def update_db_v_5_1_3(**kwargs):
+	con, cur = get_cur()
+	sql = """
+	ALTER TABLE `servers` ADD COLUMN protected INTEGER NOT NULL DEFAULT 0;
+	"""
+	try:
+		cur.execute(sql)
+		con.commit()
+	except sqltool.Error as e:
+		if kwargs.get('silent') != 1:
+			if e.args[0] == 'duplicate column name: protected' or e == " 1060 (42S21): Duplicate column name 'protected' ":
+				print('Updating... DB has been updated to version 5.1.3')
+			else:
+				print("An error occurred:", e)
+	else:
+		print("DB has been updated to version 5.1.3")
+
+	cur.close()
+	con.close()
+
+
 def update_ver():
 	con, cur = get_cur()
-	sql = """update version set version = '5.1.2.0'; """
+	sql = """update version set version = '5.1.3.0'; """
 	try:
 		cur.execute(sql)
 		con.commit()
@ -1274,6 +1295,7 @@ def update_all():
 	update_db_v_5_1_0_1()
 	update_db_v_5_1_1()
 	update_db_v_5_1_2()
+	update_db_v_5_1_3()
 	update_ver()


@ -1309,6 +1331,7 @@ def update_all_silent():
 	update_db_v_5_1_0_1(silent=1)
 	update_db_v_5_1_1(silent=1)
 	update_db_v_5_1_2(silent=1)
+	update_db_v_5_1_3(silent=1)
 	update_ver()


--- a/app/options.py
+++ b/app/options.py
@ -918,6 +918,12 @@ if serv is not None and form.getvalue('right') is not None:
    print(stderr)

 if serv is not None and act == "configShow":
+    import http.cookies
+
+    cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
+    user_uuid = cookie.get('uuid')
+    role_id = sql.get_user_role_by_uuid(user_uuid.value)
+
    if form.getvalue('service') == 'keepalived':
        configs_dir = funct.get_config_var('configs', 'kp_save_configs_dir')
        cfg = '.conf'
@ -940,6 +946,8 @@ if serv is not None and act == "configShow":
        conf = open(cfg, "r")
    except IOError:
        print('<div class="alert alert-danger">Can\'t read config file</div>')
+        
+    is_serv_protected = sql.is_serv_protected(serv)

    from jinja2 import Environment, FileSystemLoader

@ -950,8 +958,9 @@ if serv is not None and act == "configShow":
    template = template.render(conf=conf,
                               serv=serv,
                               configver=form.getvalue('configver'),
-                               role=funct.is_admin(level=3),
-                               service=form.getvalue('service'))
+                               role=role_id,
+                               service=form.getvalue('service'),
+                               is_serv_protected=is_serv_protected)
    print(template)

    if form.getvalue('configver') is None:
@ -1786,12 +1795,13 @@ if form.getvalue('updateserver') is not None:
    serv_id = form.getvalue('id')
    cred = form.getvalue('cred')
    port = form.getvalue('port')
+    protected = form.getvalue('protected')
    desc = form.getvalue('desc')

    if name is None or port is None:
        print(error_mess)
    else:
-        sql.update_server(name, group, typeip, enable, master, serv_id, cred, port, desc, haproxy, nginx, firewall)
+        sql.update_server(name, group, typeip, enable, master, serv_id, cred, port, desc, haproxy, nginx, firewall, protected)
        funct.logging('the server ' + name, ' has been updated ', haproxywi=1, login=1)

 if form.getvalue('serverdel') is not None:
--- a/app/sql.py
+++ b/app/sql.py
@ -365,7 +365,7 @@ def update_hapwi_server(server_id, alert, metrics, active, service_name):
 	con.close()


-def update_server(hostname, group, typeip, enable, master, id, cred, port, desc, haproxy, nginx, firewall):
+def update_server(hostname, group, typeip, enable, master, id, cred, port, desc, haproxy, nginx, firewall, protected):
 	con, cur = get_cur()
 	sql = """ update servers set 
 			hostname = '%s',
@ -378,8 +378,9 @@ def update_server(hostname, group, typeip, enable, master, id, cred, port, desc,
 			`desc` = '%s',
 			haproxy = '%s',
 			nginx = '%s',
-			firewall_enable = '%s'
-			where id = '%s'""" % (hostname, group, typeip, enable, master, cred, port, desc, haproxy, nginx, firewall, id)
+			firewall_enable = '%s',
+			protected = '%s'
+			where id = '%s'""" % (hostname, group, typeip, enable, master, cred, port, desc, haproxy, nginx, firewall, protected, id)
 	try:
 		cur.execute(sql)
 		con.commit()
@ -1367,7 +1368,7 @@ def delete_savedserver(id):
 	con.close()


-def insert_mentrics(serv, curr_con, cur_ssl_con, sess_rate, max_sess_rate):
+def insert_metrics(serv, curr_con, cur_ssl_con, sess_rate, max_sess_rate):
 	con, cur = get_cur()
 	if mysql_enable == '1':
 		sql = """ insert into metrics (serv, curr_con, cur_ssl_con, sess_rate, max_sess_rate, date) values('%s', '%s', '%s', '%s', '%s', now()) """ % (serv, curr_con, cur_ssl_con, sess_rate, max_sess_rate)
@ -1383,6 +1384,35 @@ def insert_mentrics(serv, curr_con, cur_ssl_con, sess_rate, max_sess_rate):
 	con.close()


+def insert_metrics_http(serv, http_2xx, http_3xx, http_4xx, http_5xx):
+	con, cur = get_cur()
+	if mysql_enable == '1':
+		sql = """ insert into metrics_http_status (serv, `2xx`, `3xx`, `4xx`, `5xx`, date) values('%s', '%s', '%s', '%s', '%s', now()) """ % (serv, http_2xx, http_3xx, http_4xx, http_5xx)
+	else:
+		sql = """ insert into metrics_http_status (serv, `2xx`, `3xx`, `4xx`, `5xx`, date) values('%s', '%s', '%s', '%s', '%s',  datetime('now', 'localtime')) """ % (serv, http_2xx, http_3xx, http_4xx, http_5xx)
+	try:
+		cur.execute(sql)
+		con.commit()
+	except sqltool.Error as e:
+		funct.out_error(e)
+		con.rollback()
+	cur.close()
+	con.close()
+
+
+# def select_waf_metrics_enable(id):
+# 	con, cur = get_cur()
+# 	sql = """ select waf.metrics from waf left join servers as serv on waf.server_id = serv.id where server_id = '%s' """ % id
+# 	try:
+# 		cur.execute(sql)
+# 	except sqltool.Error as e:
+# 		funct.out_error(e)
+# 	else:
+# 		return cur.fetchall()
+# 	cur.close()
+# 	con.close()
+
+
 def select_waf_metrics_enable_server(ip):
 	con, cur = get_cur()
 	sql = """ select waf.metrics from waf  left join servers as serv on waf.server_id = serv.id where ip = '%s' """ % ip
@ -1601,7 +1631,7 @@ def delete_waf_server(id):
 	con.close()


-def insert_waf_mentrics(serv, conn):
+def insert_waf_metrics(serv, conn):
 	con, cur = get_cur()
 	if mysql_enable == '1':
 		sql = """ insert into waf_metrics (serv, conn, date) values('%s', '%s', now()) """ % (serv, conn)
@ -1617,7 +1647,7 @@ def insert_waf_mentrics(serv, conn):
 	con.close()


-def delete_waf_mentrics():
+def delete_waf_metrics():
 	con, cur = get_cur()
 	if mysql_enable == '1':
 		sql = """ delete from metrics where date < now() - INTERVAL 3 day """
@ -1646,7 +1676,7 @@ def update_waf_metrics_enable(name, enable):
 	con.close()


-def delete_mentrics():
+def delete_metrics():
 	con, cur = get_cur()
 	if mysql_enable == '1':
 		sql = """ delete from metrics where date < now() - INTERVAL 3 day """
@ -1662,6 +1692,21 @@ def delete_mentrics():
 	con.close()


+def delete_http_metrics():
+	con, cur = get_cur()
+	if mysql_enable == '1':
+		sql = """ delete from metrics_http_status where date < now() - INTERVAL 3 day """
+	else:
+		sql = """ delete from metrics_http_status where date < datetime('now', '-3 days') """
+	try:
+		cur.execute(sql)
+		con.commit()
+	except sqltool.Error as e:
+		funct.out_error(e)
+		con.rollback()
+	cur.close()
+	con.close()
+

 def select_metrics(serv, **kwargs):
 	con, cur = get_cur()
@ -1703,6 +1748,46 @@ def select_metrics(serv, **kwargs):
 	con.close()


+def select_metrics_http(serv, **kwargs):
+	con, cur = get_cur()
+
+	if mysql_enable == '1':
+		if kwargs.get('time_range') == '60':
+			date_from = "and date > now() - INTERVAL 60 minute and rowid % 2 = 0"
+		elif kwargs.get('time_range') == '180':
+			date_from = "and date > now() - INTERVAL 180 minute and rowid % 5 = 0"
+		elif kwargs.get('time_range') == '360':
+			date_from = "and date > now() - INTERVAL 360 minute and rowid % 7 = 0"
+		elif kwargs.get('time_range') == '720':
+			date_from = "and date > now() - INTERVAL 720 minute and rowid % 9 = 0"
+		else:
+			date_from = "and date > now() - INTERVAL 30 minute"
+		sql = """ select * from metrics_http_status where serv = '{serv}' {date_from} order by `date` desc """.format(serv=serv, date_from=date_from)
+	else:
+		if kwargs.get('time_range') == '60':
+			date_from = "and date > datetime('now', '-60 minutes', 'localtime') and rowid % 2 = 0"
+		elif kwargs.get('time_range') == '180':
+			date_from = "and date > datetime('now', '-180 minutes', 'localtime') and rowid % 5 = 0"
+		elif kwargs.get('time_range') == '360':
+			date_from = "and date > datetime('now', '-360 minutes', 'localtime') and rowid % 7 = 0"
+		elif kwargs.get('time_range') == '720':
+			date_from = "and date > datetime('now', '-720 minutes', 'localtime') and rowid % 9 = 0"
+		else:
+			date_from = "and date > datetime('now', '-30 minutes', 'localtime')"
+
+		sql = """ select * from (select * from metrics_http_status where serv = '{serv}' {date_from} order by `date`) order by `date` """.format(serv=serv, date_from=date_from)
+
+	try:
+		cur.execute(sql)
+	except sqltool.Error as e:
+		funct.out_error(e)
+	else:
+		return cur.fetchall()
+
+	cur.close()
+	con.close()
+
+
 def select_servers_metrics_for_master(**kwargs):
 	con, cur = get_cur()
 	sql = """select ip from servers where metrics = 1 """
@ -3332,6 +3417,23 @@ def update_aws_provider(new_name, new_key, new_secret, provider_id):
 		con.close()


+def is_serv_protected(serv):
+	con, cur = get_cur()
+	sql = """ select protected from servers where ip = '%s'""" % serv
+
+	try:
+		cur.execute(sql)
+	except sqltool.Error as e:
+		cur.close()
+		con.close()
+		return ""
+	else:
+		for p in cur.fetchall():
+			return True if p[0] else False
+	cur.close()
+	con.close()
+
+
 form = funct.form
 error_mess = 'error: All fields must be completed'

--- a/app/templates/ajax/config_show.html
+++ b/app/templates/ajax/config_show.html
@ -1,14 +1,16 @@
-	<center>
+	<div style="text-align: center;">
 		<h4>Config from {{serv}}</h4>
 		<p class="accordion-expand-holder">
-			{% if role %}
+			{% if role <= 3 %}
+				{% if not is_serv_protected or role <= 2 %}
 				<a class="ui-button ui-widget ui-corner-all" title="Edit this run config" href="config.py?service={{service}}&serv={{serv}}&open=open">Edit</a>
+				{% endif %}
 			{% endif %}
-			<a class="accordion-expand-all ui-button ui-widget ui-corner-all" href="#">Expand all</a>		
+			<a class="accordion-expand-all ui-button ui-widget ui-corner-all" href="#">Expand all</a>
 			<button id="raw">Raw</button>
 			<button id="according" style="display: none;">According</button>
 		</p>
-	</center>	
+	</div>

 	<div style="margin-left: 16%" class="configShow">
 	{% set i = 0 -%}
@ -222,6 +224,8 @@
 	{% if configver %}
 	<br>
 	<center>
+		{% if role <= 3 %}
+		{% if not is_serv_protected or role <= 2 %}
 		<form action="versions.py?service={{service}}" method="post">
 			<input type="hidden" value="{{serv}}" name="serv">
 			<input type="hidden" value="{{configver}}" name="configver">
@ -232,6 +236,8 @@
 			<button type='submit' value='reload' name='save' class='btn btn-default'>Upload and reload</button>
 			{% endif %}
 		</form>
+		{% endif %}
+		{% endif %}
 		<div class="alert alert-info"><b>Note:</b> If you reconfigure Master server, Slave will reconfigured automatically</div>
 	</center>
 	{% endif %}
--- a/app/templates/include/admin_servers.html
+++ b/app/templates/include/admin_servers.html
@ -15,9 +15,12 @@
 			</th>
 			<th class="checkbox-head" style="width: 5%">HAProxy</th>
 			<th style="width: 5%">Nginx</th>
-			<th style="width: 15%;">
+			<th style="width: 10%;">
 				<span title="If the server has a firewall enabled, enable this option">Firewalld</span>
 			</th>
+			<th class="checkbox-head" style="width: 5%">
+				<span title="If protection is enabled, then the server is inaccessible for editing by everyone except the admin role">Protected</span>
+			</th>
 			<th style="width: 10%">
 				<span title="Actions with the master config will automatically apply on the slave">Slave for</span>
 			</th>
@ -102,6 +105,14 @@
 					<button onclick="viewFirewallRules('{{server.2}}')" title="View firewall rules on server {{server.1}}">view</button>
 				</div>
 			</td>
+			<td class="checkbox" style="padding-left: 15px;">
+				{% set id = 'protected-' + server.0|string() %}
+				{% if server.20 == 1 %}
+					{{ checkbox(id, checked='checked') }}
+				{% else %}
+					{{ checkbox(id) }}
+				{% endif %}
+			</td>
 			<td>
 				<select id="slavefor-{{server.0}}">
 					<option value="0" selected>Not slave</option>
--- a/app/templates/sections.html
+++ b/app/templates/sections.html
@ -4,7 +4,7 @@
 <script src="/inc/codemirror/codemirror.js"></script>
 <script src="/inc/codemirror/nginx.js"></script>
 <script src="/inc/codemirror/haproxy.js"></script>
-<center>
+<div style="text-align: center;">
 	<p>
 		<form action="{{ action }}" method="post">
 			<select autofocus required name="section" id="{{ select_id }}">
@ -27,16 +27,15 @@
 		{% if role <= 3 %}
 			<div id="config">
 				<h4>You are editing "{{section}}" section from server {{ serv }}</h4>
-				</center>
 				<form action="{{ action }}" name="saveconfig" method="post">
 					<input type="hidden" value="{{ serv }}" name="serv"> 
 					<input type="hidden" value="{{ start_line }}" name="start_line"> 
 					<input type="hidden" value="{{ end_line }}" name="end_line"> 
 					<input type="hidden" value="{{ cfg }}.old" name="oldconfig">
-					<div style="margin-left: 23%;width: 60%;">
+					<div style="margin-left: 23%;width: 60%; text-align: left">
 						<textarea name="config" class="config" id="config_text_area" rows="35" cols="80" style="height: 40%">{{ config }}</textarea>
 					</div>
-					<center>
+					{% if not is_serv_protected or role <= 2 %}
 					<p>
 						<button type="submit" value="test" name="save" class="btn btn-default">Just test</button>
 						<button type="submit" value="save" name="save" class="btn btn-default">Just save</button>
@ -46,6 +45,7 @@
 						<button type="submit" value="delete" name="save" class="btn btn-default">Delete this section</button>
 						{% endif %}
 					</p>
+					{% endif %}
 				</form>
 				<script>
 					var myCodeMirror = CodeMirror.fromTextArea(document.getElementById("config_text_area"), {mode: "haproxy", lineNumbers: true});
@ -59,7 +59,6 @@
 				<script>
 					myCodeMirror.refresh();
 				</script>
-			</center>
 		{% endif %}
 	{% endif %}
 	{% if aftersave %}
@ -73,5 +72,6 @@
 		{% endif %}
 		<script>window.history.pushState("Config", "Config", cur_url[0])</script>
 	{% endif %}
-	</center>
+	</div>
+</div>
 {% endblock %}
--- a/inc/script.js
+++ b/inc/script.js
@ -14,7 +14,7 @@ function escapeHtml(unsafe) {
 		.replace(/"/g, "&quot;")
 		.replace(/'/g, "&#039;");
 }
-var wait_mess = '<div class="alert alert-warning">Please don\'t close and don\'t represh page. Wait until the work is completed. This may take some time </div>'
+var wait_mess = '<div class="alert alert-warning">Please do not close or refresh the page. Wait until the job is completed. This may take some time</div>'
 $( function() {		
   $('.menu li ul li').each(function () {
       var link = $(this).find('a').attr('href');
--- a/inc/users.js
+++ b/inc/users.js
@ -1669,6 +1669,7 @@ function updateServer(id) {
 	var haproxy = 0;
 	var nginx = 0;
 	var firewall = 0;
+	var protected_serv = 0;
 	if ($('#typeip-'+id).is(':checked')) {
 		typeip = '1';
 	}
@ -1684,6 +1685,9 @@ function updateServer(id) {
 	if ($('#firewall-'+id).is(':checked')) {
 		firewall = '1';
 	}
+	if ($('#protected-'+id).is(':checked')) {
+		protected_serv = '1';
+	}
 	var servergroup = $('#servergroup-'+id+' option:selected' ).val();
 	if (cur_url[0].split('#')[0] == "servers.py") {
 		 servergroup = $('#new-server-group-add').val();
@ -1703,6 +1707,7 @@ function updateServer(id) {
 			cred: $('#credentials-'+id+' option:selected').val(),
 			id: id,
 			desc: $('#desc-'+id).val(),
+			protected: protected_serv,
 			token: $('#token').val()
 		},
 		type: "POST",
@ -2142,7 +2147,7 @@ function ajaxActionServies(action, service) {
 }
 function updateService(service) {
 	$("#ajax-update").html('')
-	$("#ajax-update").html('<div class="alert alert-warning">Please don\'t close and don\'t represh page. Wait until the work is completed. This may take some time </div>');
+	$("#ajax-update").html(wait_mess);
 	$.ajax( {
 		url: "options.py",
 		data: {
--- a/inc/waf.js
+++ b/inc/waf.js
@ -55,7 +55,7 @@ function metrics_waf(name) {
 }
 function installWaf(ip1) {
 	$("#ajax").html('')
-	$("#ajax").html('<div class="alert alert-warning">Please don\'t close and don\'t represh page. Wait until the work is completed. This may take some time </div>');
+	$("#ajax").html(wait_mess);
 	$.ajax( {
 		url: "options.py",
 		data: {