v6.2.0.0

Changelog: https://roxy-wi.org/changelog#6_2_0
2022-09-27 22:06:34 +03:00 · 2022-09-27 22:06:34 +03:00 · 15e870d3bb
parent e4d7640b2c
commit 15e870d3bb
20 changed files with 156 additions and 92 deletions
--- a/app/add.py
+++ b/app/add.py
@ -17,7 +17,15 @@ form = funct.form
 serv = form.getvalue('serv')

 print('Content-type: text/html\n')
-funct.check_login(service=1)
+
+user, user_id, role, token, servers, user_services = funct.get_users_params(haproxy=1)
+
+try:
+	funct.check_login(user_id, token, service=1)
+except Exception as e:
+	print(f'error {e}')
+	sys.exit()
+
 funct.page_for_admin(level=3)

 if all(v is None for v in [
@ -25,7 +33,6 @@ if all(v is None for v in [
 	form.getvalue('peers-name'), form.getvalue('generateconfig')
 ]):
 	try:
-		user, user_id, role, token, servers, user_services = funct.get_users_params(haproxy=1)
 		cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
 		group = cookie.get('group')
 		user_group = group.value
--- a/app/config.py
+++ b/app/config.py
@ -1,5 +1,6 @@
 #!/usr/bin/env python3
 import os
+import sys

 from jinja2 import Environment, FileSystemLoader

@ -12,11 +13,14 @@ env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
 template = env.get_template('config.html')

 print('Content-type: text/html\n')
-funct.check_login()

 form = funct.form
 serv = funct.is_ip_or_dns(form.getvalue('serv'))
-service = funct.checkAjaxInput(form.getvalue('service'))
+try:
+	service = funct.checkAjaxInput(form.getvalue('service'))
+except Exception:
+	print('<meta http-equiv="refresh" content="0; url=/app/">')
+
 is_serv_protected = False
 try:
 	config_file_name = form.getvalue('config_file_name').replace('92', '/')
@ -29,14 +33,11 @@ error = ""
 aftersave = ""
 is_restart = ''

-try:
-	user, user_id, role, token, servers, user_services = funct.get_users_params()
-except Exception as e:
-	print(str(e))
+user, user_id, role, token, servers, user_services = funct.get_users_params()

 if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
 	service_desc = sql.select_service(service)
-	if funct.check_login(service=service_desc.service_id):
+	if funct.check_login(user_id, token, service=service_desc.service_id):
 		title = f"Working with {service_desc.service} configuration files"
 		action = f"config.py?service={service_desc.slug}"
 		configs_dir = get_config_var.get_config_var('configs', 'kp_save_configs_dir')
--- a/app/funct.py
+++ b/app/funct.py
@ -117,7 +117,6 @@ def get_user_group(**kwargs) -> str:
 def logging(server_ip: str, action: str, **kwargs) -> None:
 	import sql
 	import distro
-	import logging

 	login = ''
 	cur_date = get_data('logs')
@ -178,11 +177,6 @@ def logging(server_ip: str, action: str, **kwargs) -> None:
 		if kwargs.get('keep_history'):
 			keep_action_history(kwargs.get('service'), action, server_ip, login, ip)

-	# logging.basicConfig(filename=log_file,
-	# 					filemode='a',
-	# 					format='%(levelname)s: %(message)s',
-	# 					level=logging.INFO)
-
 	try:
 		with open(log_file, 'a') as log:
 			log.write(mess)
@ -273,17 +267,18 @@ def slack_send_mess(mess, **kwargs):
 		logging('localhost', str(e), haproxywi=1)


-def check_login(**kwargs):
+def check_login(user_uuid, token, **kwargs):
 	import sql
-	user_uuid = None
-	cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
-	try:
-		user_uuid = cookie.get('uuid')
-	except Exception:
+
+	if user_uuid is None:
 		print('<meta http-equiv="refresh" content="0; url=/app/login.py">')
+
 	ref = os.environ.get("REQUEST_URI")

-	sql.delete_old_uuid()
+	try:
+		sql.delete_old_uuid()
+	except Exception as e:
+		raise Exception(f'error: cannot connect to DB {e}')

 	if user_uuid is not None:
 		if sql.get_user_name_by_uuid(user_uuid.value) is None:
@ -299,7 +294,6 @@ def check_login(**kwargs):
 				print('<meta http-equiv="refresh" content="0; url=overview.py">')
 				return False

-		user, user_uuid, role, token, servers, user_services = get_users_params()
 		sql.update_last_act_user(user_uuid.value, token)
 	else:
 		print('<meta http-equiv="refresh" content="0; url=login.py?ref=%s">' % ref)
@ -434,12 +428,12 @@ def diff_config(oldcfg, cfg, **kwargs):
 		for line in output:
 			diff += date + " user: " + login + ", group: " + user_group + " " + line + "\n"

+	log_file = f"{log_path}/config_edit-{get_data('logs')}"
 	try:
-		log = open(log_path + "/config_edit-" + get_data('logs') + ".log", "a")
-		log.write(diff)
-		log.close()
+		with open(log_file, 'a') as log:
+			log.write(mess)
 	except IOError:
-		print('<center><div class="alert alert-danger">Can\'t read write change to log. %s</div></center>' % stderr)
+		print(f'<center><div class="alert alert-danger">Can\'t read write change to log. {stderr}</div></center>')
 		pass


--- a/app/ha.py
+++ b/app/ha.py
@ -5,8 +5,6 @@ env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
 template = env.get_template('ha.html')

 print('Content-type: text/html\n')
-funct.check_login(service=3)
-funct.page_for_admin(level=2)

 form = funct.form
 serv = form.getvalue('serv')
@ -16,6 +14,14 @@ try:
 except Exception:
 	pass

+try:
+	funct.check_login(user_id, token, service=3)
+except Exception as e:
+	print(f'error {e}')
+	sys.exit()
+
+funct.page_for_admin(level=2)
+
 try:
 	user_status, user_plan = funct.return_user_status()
 except Exception as e:
--- a/app/hapservers.py
+++ b/app/hapservers.py
@ -12,11 +12,11 @@ env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
 template = env.get_template('hapservers.html')

 print('Content-type: text/html\n')
-funct.check_login()
-services = []
-servers: object
+
 user, user_id, role, token, servers, user_services = funct.get_users_params()

+services = []
+servers: object
 form = funct.form
 serv = funct.is_ip_or_dns(form.getvalue('serv'))
 service = funct.checkAjaxInput(form.getvalue('service'))
@ -31,7 +31,7 @@ restart_settings = ''

 if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
    service_desc = sql.select_service(service)
-    if funct.check_login(service=service_desc.service_id):
+    if funct.check_login(user_id, token, service=service_desc.service_id):
        title = f'{service_desc.service} servers overview'
        if serv:
            if funct.check_is_server_in_group(serv):
--- a/app/history.py
+++ b/app/history.py
@ -7,7 +7,6 @@ env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
 template = env.get_template('history.html')

 print('Content-type: text/html\n')
-funct.check_login()

 try:
    user, user_id, role, token, servers, user_services \
@ -19,11 +18,11 @@ except Exception:
 form = funct.form
 serv = funct.is_ip_or_dns(form.getvalue('serv'))
 service = form.getvalue('service')
-user_id = form.getvalue('user_id')
+user_id_history = form.getvalue('user_id')

 if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
    service_desc = sql.select_service(service)
-    if funct.check_login(service=service_desc.service_id):
+    if funct.check_login(user_id, token, service=service_desc.service_id):
        title = f'{service_desc.service} service history'
        server_id = sql.select_server_id_by_ip(serv)
        history = sql.select_action_history_by_server_id_and_service(
@ -37,9 +36,9 @@ elif service == 'server':
            server_id = sql.select_server_id_by_ip(serv)
            history = sql.select_action_history_by_server_id(server_id)
 elif service == 'user':
-    if user_id:
+    if user_id_history:
        title = 'User history'
-        history = sql.select_action_history_by_user_id(user_id)
+        history = sql.select_action_history_by_user_id(user_id_history)

 users = sql.select_users()

--- a/app/logs.py
+++ b/app/logs.py
@ -5,6 +5,12 @@ from jinja2 import Environment, FileSystemLoader
 env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
 template = env.get_template('logs.html')
 form = funct.form
+print('Content-type: text/html\n')
+
+try:
+	user, user_id, role, token, servers, user_services = funct.get_users_params()
+except Exception:
+	pass

 if form.getvalue('grep') is None:
 	grep = ""
@ -29,17 +35,9 @@ waf = form.getvalue('waf')
 service = funct.checkAjaxInput(form.getvalue('service'))
 remote_file = form.getvalue('file')

-print('Content-type: text/html\n')
-funct.check_login()
-
-try:
-	user, user_id, role, token, servers, user_services = funct.get_users_params()
-except Exception:
-	pass
-
 if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
 	service_desc = sql.select_service(service)
-	if funct.check_login(service=service_desc.service_id):
+	if funct.check_login(user_id, token, service=service_desc.service_id):
 		title = f"{service_desc.service}`s logs"
 		servers = sql.get_dick_permit(service=service_desc.slug)
 elif waf == '1':
--- a/app/metrics.py
+++ b/app/metrics.py
@ -9,11 +9,11 @@ form = funct.form
 service = form.getvalue('service')
 title = 'Metrics service'

-funct.check_login()
 print('Content-type: text/html\n')

+user, user_id, role, token, servers, user_services = funct.get_users_params()
+
 try:
-	user, user_id, role, token, servers, user_services = funct.get_users_params()
 	if distro.id() == 'ubuntu':
 		cmd = "apt list --installed 2>&1 |grep roxy-wi-metrics"
 	else:
@ -26,15 +26,15 @@ try:
 			servers = ''
 		else:
 			if service == 'nginx':
-				if funct.check_login(service=2):
+				if funct.check_login(user_id, token, service=2):
 					title = "NGINX`s metrics"
 					servers = sql.select_nginx_servers_metrics_for_master()
 			elif service == 'apache':
-				if funct.check_login(service=4):
+				if funct.check_login(user_id, token, service=4):
 					title = "Apache`s metrics"
 					servers = sql.select_apache_servers_metrics_for_master()
 			else:
-				if funct.check_login(service=1):
+				if funct.check_login(user_id, token, service=1):
 					title = "HAProxy`s metrics"
 					servers = sql.select_servers_metrics()
 					service = 'haproxy'
--- a/app/nettools.py
+++ b/app/nettools.py
@ -6,7 +6,6 @@ template = env.get_template('nettools.html')
 form = funct.form

 print('Content-type: text/html\n')
-funct.check_login()

 try:
    user, user_id, role, token, servers, user_services \
@ -14,6 +13,11 @@ try:
 except Exception:
    pass

+try:
+    funct.check_login(user_id, token)
+except Exception as e:
+    print(f'error {e}')
+    sys.exit()

 output_from_parsed_template = template.render(h2=1, autorefresh=0,
                                              title="Network tools",
--- a/app/overview.py
+++ b/app/overview.py
@ -1,6 +1,7 @@
 #!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 import os
+import sys
 import psutil

 import funct
@ -12,8 +13,6 @@ template = env.get_template('ovw.html')

 print('Content-type: text/html\n')

-funct.check_login()
-
 grafana = 0
 metrics_worker = 0
 checker_worker = 0
@ -24,6 +23,17 @@ host = os.environ.get('HTTP_HOST', '')

 try:
 	user, user_id, role, token, servers, user_services = funct.get_users_params()
+except Exception as e:
+	print(f'error {e}')
+	sys.exit()
+
+try:
+	funct.check_login(user_id, token)
+except Exception as e:
+	print(f'error {e}')
+	sys.exit()
+
+try:
 	groups = sql.select_groups()
 	user_group = funct.get_user_group(id=1)

@ -85,7 +95,7 @@ except Exception as e:
 	servers = ''
 	stderr = ''
 	token = ''
-	print(str(e))
+	# print(str(e))

 rendered_template = template.render(
 	h2=1, autorefresh=1, title="Overview", role=role, user=user, groups=groups, roles=sql.select_roles(),
--- a/app/portscanner.py
+++ b/app/portscanner.py
@ -9,13 +9,18 @@ form = funct.form
 serv = form.getvalue('history')

 print('Content-type: text/html\n')
-funct.check_login()

 try:
    user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1)
 except Exception as e:
    print(str(e))

+try:
+    funct.check_login(user_id, token)
+except Exception as e:
+    print(f'error {e}')
+    sys.exit()
+
 if serv:
    title = 'Port scanner history for ' + serv
    port_scanner_settings = sql.select_port_scanner_history(serv)
--- a/app/provisioning.py
+++ b/app/provisioning.py
@ -7,10 +7,17 @@ template = env.get_template('provisioning.html')
 form = funct.form

 print('Content-type: text/html\n')
-funct.check_login()
+
+user, user_id, role, token, servers, user_services = funct.get_users_params()
+
+try:
+    funct.check_login(user_id, token)
+except Exception as e:
+    print(f'error {e}')
+    sys.exit()
+
 funct.page_for_admin(level=2)
 try:
-    user, user_id, role, token, servers, user_services = funct.get_users_params()
    if role == 1:
        groups = sql.select_groups()
    else:
--- a/app/runtimeapi.py
+++ b/app/runtimeapi.py
@ -5,11 +5,18 @@ env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
 template = env.get_template('runtimeapi.html')

 print('Content-type: text/html\n')
-funct.check_login(service=1)
+
+user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1, haproxy=1)
+
+try:
+	funct.check_login(user_id, token, service=1)
+except Exception as e:
+	print(f'error {e}')
+	sys.exit()
+
 form = funct.form

 try:
-	user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1, haproxy=1)
 	servbackend = form.getvalue('servbackend')
 	serv = form.getvalue('serv')
 	if servbackend is None:
--- a/app/sections.py
+++ b/app/sections.py
@ -12,7 +12,17 @@ env = Environment(loader=FileSystemLoader('templates/'), autoescape=True, extens
 template = env.get_template('sections.html')

 print('Content-type: text/html\n')
-funct.check_login(service=1)
+
+try:
+	user, user_id, role, token, servers, user_services = funct.get_users_params()
+except Exception:
+	pass
+
+try:
+	funct.check_login(user_id, token, service=1)
+except Exception as e:
+	print(f'error {e}')
+	sys.exit()

 form = funct.form
 serv = form.getvalue('serv')
@ -29,11 +39,6 @@ end_line = ""
 warning = ''
 is_restart = ''

-try:
-	user, user_id, role, token, servers, user_services = funct.get_users_params()
-except Exception:
-	pass
-
 hap_configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')

 if serv is not None and open is not None:
--- a/app/servers.py
+++ b/app/servers.py
@ -9,10 +9,16 @@ template = env.get_template('servers.html')
 form = funct.form

 print('Content-type: text/html\n')
-funct.check_login()
+user, user_id, role, token, servers, user_services = funct.get_users_params()
+
+try:
+	funct.check_login(user_id, token)
+except Exception as e:
+	print(f'error {e}')
+	sys.exit()
+
 funct.page_for_admin(level=2)
 try:
-	user, user_id, role, token, servers, user_services = funct.get_users_params()
 	ldap_enable = sql.get_setting('ldap_enable')
 	user_group = funct.get_user_group(id=1)
 	settings = sql.get_setting('', all=1)
--- a/app/smon.py
+++ b/app/smon.py
@ -4,6 +4,15 @@ import sql
 from jinja2 import Environment, FileSystemLoader
 env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
 template = env.get_template('smon.html')
+
+user, user_id, role, token, servers, user_services = funct.get_users_params()
+
+try:
+	funct.check_login(user_id, token)
+except Exception as e:
+	print(f'error {e}')
+	sys.exit()
+
 form = funct.form
 action = form.getvalue('action')
 sort = form.getvalue('sort')
@ -12,7 +21,6 @@ autorefresh = 0
 print('Content-type: text/html\n')
 funct.check_login()

-user, user_id, role, token, servers, user_services = funct.get_users_params()
 user_group = funct.get_user_group(id=1)
 cmd = "systemctl is-active roxy-wi-smon"
 smon_status, stderr = funct.subprocess_execute(cmd)
--- a/app/statsview.py
+++ b/app/statsview.py
@ -4,16 +4,15 @@ import sql
 from jinja2 import Environment, FileSystemLoader
 env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
 template = env.get_template('statsview.html')
+print('Content-type: text/html\n')
+
+user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1, haproxy=1)
+
 form = funct.form
 serv = form.getvalue('serv')
 service = form.getvalue('service')

-print('Content-type: text/html\n')
-funct.check_login()
-
 try:
-	user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1, haproxy=1)
-
 	if serv is None:
 		first_serv = servers
 		for i in first_serv:
@ -24,7 +23,7 @@ except Exception:

 if service in ('haproxy', 'nginx', 'apache'):
 	service_desc = sql.select_service(service)
-	if funct.check_login(service=service_desc.service_id):
+	if funct.check_login(user_id, token, service=service_desc.service_id):
 		title = f'{service_desc.service} stats page'
 		sql.get_dick_permit(service=service_desc.slug)
 else:
--- a/app/users.py
+++ b/app/users.py
@ -12,11 +12,17 @@ form = funct.form

 print('Content-type: text/html\n')

-funct.check_login()
+user, user_id, role, token, servers, user_services = funct.get_users_params()
+
+try:
+	funct.check_login(user_id, token)
+except Exception as e:
+	print(f'error {e}')
+	sys.exit()
+
 funct.page_for_admin()

 try:
-	user, user_id, role, token, servers, user_services = funct.get_users_params()
 	users = sql.select_users()
 	settings = sql.get_setting('', all=1)
 	ldap_enable = sql.get_setting('ldap_enable')
--- a/app/versions.py
+++ b/app/versions.py
@ -12,7 +12,12 @@ env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
 template = env.get_template('delver.html')

 print('Content-type: text/html\n')
-funct.check_login()
+
+try:
+	user, user_id, role, token, servers, user_services = funct.get_users_params(disable=1)
+except Exception:
+	pass
+
 funct.page_for_admin(level=3)

 form = funct.form
@ -29,14 +34,9 @@ file = set()
 if configver:
 	template = env.get_template('configver.html')

-try:
-	user, user_id, role, token, servers, user_services = funct.get_users_params(disable=1)
-except Exception:
-	pass
-
 if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
 	service_desc = sql.select_service(service)
-	if funct.check_login(service=service_desc.service_id):
+	if funct.check_login(user_id, token, service=service_desc.service_id):
 		title = f"Working with versions {service_desc.service} configs"
 		servers = sql.get_dick_permit(service=service_desc.slug)
 		action = f'versions.py?service={service_desc.slug}'
--- a/app/viewlogs.py
+++ b/app/viewlogs.py
@ -12,6 +12,15 @@ get_config_var = roxy_wi_tools.GetConfigVar()
 env = Environment(loader=FileSystemLoader('templates/'), autoescape=True)
 template = env.get_template('logs.html')
 form = funct.form
+print('Content-type: text/html\n')
+
+user, user_id, role, token, servers, user_services = funct.get_users_params()
+
+try:
+	funct.check_login(user_id, token)
+except Exception as e:
+	print(f'error {e}')
+	sys.exit()

 if form.getvalue('grep') is None:
 	grep = ""
@ -35,8 +44,6 @@ hour1 = form.getvalue('hour1')
 minut = form.getvalue('minut')
 minut1 = form.getvalue('minut1')

-print('Content-type: text/html\n')
-funct.check_login()
 if form.getvalue('type') == '2':
 	funct.page_for_admin(level=2)
 	page = 'for_editor'
@ -58,11 +65,6 @@ try:
 except Exception:
 	pass

-try:
-	user, user_id, role, token, servers, user_services = funct.get_users_params()
-except Exception:
-	pass
-
 selects = funct.get_files(log_path, file_format="log")
 if form.getvalue('type') is None:
 	selects.append(['fail2ban.log', 'fail2ban.log'])