From 15e870d3bb82472a21ccc2db4a88daf8e1c67479 Mon Sep 17 00:00:00 2001 From: Pavel Loginov Date: Tue, 27 Sep 2022 22:06:34 +0300 Subject: [PATCH] v6.2.0.0 Changelog: https://roxy-wi.org/changelog#6_2_0 --- app/add.py | 11 +++++++++-- app/config.py | 15 ++++++++------- app/funct.py | 30 ++++++++++++------------------ app/ha.py | 10 ++++++++-- app/hapservers.py | 8 ++++---- app/history.py | 9 ++++----- app/logs.py | 16 +++++++--------- app/metrics.py | 10 +++++----- app/nettools.py | 6 +++++- app/overview.py | 16 +++++++++++++--- app/portscanner.py | 7 ++++++- app/provisioning.py | 11 +++++++++-- app/runtimeapi.py | 11 +++++++++-- app/sections.py | 17 +++++++++++------ app/servers.py | 10 ++++++++-- app/smon.py | 10 +++++++++- app/statsview.py | 11 +++++------ app/users.py | 10 ++++++++-- app/versions.py | 14 +++++++------- app/viewlogs.py | 16 +++++++++------- 20 files changed, 156 insertions(+), 92 deletions(-) diff --git a/app/add.py b/app/add.py index 6c3fdcbd..02cd09a8 100644 --- a/app/add.py +++ b/app/add.py @@ -17,7 +17,15 @@ form = funct.form serv = form.getvalue('serv') print('Content-type: text/html\n') -funct.check_login(service=1) + +user, user_id, role, token, servers, user_services = funct.get_users_params(haproxy=1) + +try: + funct.check_login(user_id, token, service=1) +except Exception as e: + print(f'error {e}') + sys.exit() + funct.page_for_admin(level=3) if all(v is None for v in [ @@ -25,7 +33,6 @@ if all(v is None for v in [ form.getvalue('peers-name'), form.getvalue('generateconfig') ]): try: - user, user_id, role, token, servers, user_services = funct.get_users_params(haproxy=1) cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) group = cookie.get('group') user_group = group.value diff --git a/app/config.py b/app/config.py index 0dd8fc46..f61f851c 100644 --- a/app/config.py +++ b/app/config.py @@ -1,5 +1,6 @@ #!/usr/bin/env python3 import os +import sys from jinja2 import Environment, FileSystemLoader @@ -12,11 +13,14 @@ env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('config.html') print('Content-type: text/html\n') -funct.check_login() form = funct.form serv = funct.is_ip_or_dns(form.getvalue('serv')) -service = funct.checkAjaxInput(form.getvalue('service')) +try: + service = funct.checkAjaxInput(form.getvalue('service')) +except Exception: + print('') + is_serv_protected = False try: config_file_name = form.getvalue('config_file_name').replace('92', '/') @@ -29,14 +33,11 @@ error = "" aftersave = "" is_restart = '' -try: - user, user_id, role, token, servers, user_services = funct.get_users_params() -except Exception as e: - print(str(e)) +user, user_id, role, token, servers, user_services = funct.get_users_params() if service in ('haproxy', 'nginx', 'keepalived', 'apache'): service_desc = sql.select_service(service) - if funct.check_login(service=service_desc.service_id): + if funct.check_login(user_id, token, service=service_desc.service_id): title = f"Working with {service_desc.service} configuration files" action = f"config.py?service={service_desc.slug}" configs_dir = get_config_var.get_config_var('configs', 'kp_save_configs_dir') diff --git a/app/funct.py b/app/funct.py index 2406c660..e94b1859 100644 --- a/app/funct.py +++ b/app/funct.py @@ -117,7 +117,6 @@ def get_user_group(**kwargs) -> str: def logging(server_ip: str, action: str, **kwargs) -> None: import sql import distro - import logging login = '' cur_date = get_data('logs') @@ -178,11 +177,6 @@ def logging(server_ip: str, action: str, **kwargs) -> None: if kwargs.get('keep_history'): keep_action_history(kwargs.get('service'), action, server_ip, login, ip) - # logging.basicConfig(filename=log_file, - # filemode='a', - # format='%(levelname)s: %(message)s', - # level=logging.INFO) - try: with open(log_file, 'a') as log: log.write(mess) @@ -273,17 +267,18 @@ def slack_send_mess(mess, **kwargs): logging('localhost', str(e), haproxywi=1) -def check_login(**kwargs): +def check_login(user_uuid, token, **kwargs): import sql - user_uuid = None - cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) - try: - user_uuid = cookie.get('uuid') - except Exception: + + if user_uuid is None: print('') + ref = os.environ.get("REQUEST_URI") - sql.delete_old_uuid() + try: + sql.delete_old_uuid() + except Exception as e: + raise Exception(f'error: cannot connect to DB {e}') if user_uuid is not None: if sql.get_user_name_by_uuid(user_uuid.value) is None: @@ -299,7 +294,6 @@ def check_login(**kwargs): print('') return False - user, user_uuid, role, token, servers, user_services = get_users_params() sql.update_last_act_user(user_uuid.value, token) else: print('' % ref) @@ -434,12 +428,12 @@ def diff_config(oldcfg, cfg, **kwargs): for line in output: diff += date + " user: " + login + ", group: " + user_group + " " + line + "\n" + log_file = f"{log_path}/config_edit-{get_data('logs')}" try: - log = open(log_path + "/config_edit-" + get_data('logs') + ".log", "a") - log.write(diff) - log.close() + with open(log_file, 'a') as log: + log.write(mess) except IOError: - print('
Can\'t read write change to log. %s
' % stderr) + print(f'
Can\'t read write change to log. {stderr}
') pass diff --git a/app/ha.py b/app/ha.py index 0d8bef98..48b1fd0d 100644 --- a/app/ha.py +++ b/app/ha.py @@ -5,8 +5,6 @@ env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('ha.html') print('Content-type: text/html\n') -funct.check_login(service=3) -funct.page_for_admin(level=2) form = funct.form serv = form.getvalue('serv') @@ -16,6 +14,14 @@ try: except Exception: pass +try: + funct.check_login(user_id, token, service=3) +except Exception as e: + print(f'error {e}') + sys.exit() + +funct.page_for_admin(level=2) + try: user_status, user_plan = funct.return_user_status() except Exception as e: diff --git a/app/hapservers.py b/app/hapservers.py index c9657d47..2782bad2 100644 --- a/app/hapservers.py +++ b/app/hapservers.py @@ -12,11 +12,11 @@ env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('hapservers.html') print('Content-type: text/html\n') -funct.check_login() -services = [] -servers: object + user, user_id, role, token, servers, user_services = funct.get_users_params() +services = [] +servers: object form = funct.form serv = funct.is_ip_or_dns(form.getvalue('serv')) service = funct.checkAjaxInput(form.getvalue('service')) @@ -31,7 +31,7 @@ restart_settings = '' if service in ('haproxy', 'nginx', 'keepalived', 'apache'): service_desc = sql.select_service(service) - if funct.check_login(service=service_desc.service_id): + if funct.check_login(user_id, token, service=service_desc.service_id): title = f'{service_desc.service} servers overview' if serv: if funct.check_is_server_in_group(serv): diff --git a/app/history.py b/app/history.py index def3613d..797e3912 100644 --- a/app/history.py +++ b/app/history.py @@ -7,7 +7,6 @@ env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('history.html') print('Content-type: text/html\n') -funct.check_login() try: user, user_id, role, token, servers, user_services \ @@ -19,11 +18,11 @@ except Exception: form = funct.form serv = funct.is_ip_or_dns(form.getvalue('serv')) service = form.getvalue('service') -user_id = form.getvalue('user_id') +user_id_history = form.getvalue('user_id') if service in ('haproxy', 'nginx', 'keepalived', 'apache'): service_desc = sql.select_service(service) - if funct.check_login(service=service_desc.service_id): + if funct.check_login(user_id, token, service=service_desc.service_id): title = f'{service_desc.service} service history' server_id = sql.select_server_id_by_ip(serv) history = sql.select_action_history_by_server_id_and_service( @@ -37,9 +36,9 @@ elif service == 'server': server_id = sql.select_server_id_by_ip(serv) history = sql.select_action_history_by_server_id(server_id) elif service == 'user': - if user_id: + if user_id_history: title = 'User history' - history = sql.select_action_history_by_user_id(user_id) + history = sql.select_action_history_by_user_id(user_id_history) users = sql.select_users() diff --git a/app/logs.py b/app/logs.py index ae734ef3..2091b6af 100644 --- a/app/logs.py +++ b/app/logs.py @@ -5,6 +5,12 @@ from jinja2 import Environment, FileSystemLoader env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('logs.html') form = funct.form +print('Content-type: text/html\n') + +try: + user, user_id, role, token, servers, user_services = funct.get_users_params() +except Exception: + pass if form.getvalue('grep') is None: grep = "" @@ -29,17 +35,9 @@ waf = form.getvalue('waf') service = funct.checkAjaxInput(form.getvalue('service')) remote_file = form.getvalue('file') -print('Content-type: text/html\n') -funct.check_login() - -try: - user, user_id, role, token, servers, user_services = funct.get_users_params() -except Exception: - pass - if service in ('haproxy', 'nginx', 'keepalived', 'apache'): service_desc = sql.select_service(service) - if funct.check_login(service=service_desc.service_id): + if funct.check_login(user_id, token, service=service_desc.service_id): title = f"{service_desc.service}`s logs" servers = sql.get_dick_permit(service=service_desc.slug) elif waf == '1': diff --git a/app/metrics.py b/app/metrics.py index 7669d79b..8a094236 100644 --- a/app/metrics.py +++ b/app/metrics.py @@ -9,11 +9,11 @@ form = funct.form service = form.getvalue('service') title = 'Metrics service' -funct.check_login() print('Content-type: text/html\n') +user, user_id, role, token, servers, user_services = funct.get_users_params() + try: - user, user_id, role, token, servers, user_services = funct.get_users_params() if distro.id() == 'ubuntu': cmd = "apt list --installed 2>&1 |grep roxy-wi-metrics" else: @@ -26,15 +26,15 @@ try: servers = '' else: if service == 'nginx': - if funct.check_login(service=2): + if funct.check_login(user_id, token, service=2): title = "NGINX`s metrics" servers = sql.select_nginx_servers_metrics_for_master() elif service == 'apache': - if funct.check_login(service=4): + if funct.check_login(user_id, token, service=4): title = "Apache`s metrics" servers = sql.select_apache_servers_metrics_for_master() else: - if funct.check_login(service=1): + if funct.check_login(user_id, token, service=1): title = "HAProxy`s metrics" servers = sql.select_servers_metrics() service = 'haproxy' diff --git a/app/nettools.py b/app/nettools.py index 8272eac5..e6659be5 100644 --- a/app/nettools.py +++ b/app/nettools.py @@ -6,7 +6,6 @@ template = env.get_template('nettools.html') form = funct.form print('Content-type: text/html\n') -funct.check_login() try: user, user_id, role, token, servers, user_services \ @@ -14,6 +13,11 @@ try: except Exception: pass +try: + funct.check_login(user_id, token) +except Exception as e: + print(f'error {e}') + sys.exit() output_from_parsed_template = template.render(h2=1, autorefresh=0, title="Network tools", diff --git a/app/overview.py b/app/overview.py index 3b6bed5b..ca9b7585 100644 --- a/app/overview.py +++ b/app/overview.py @@ -1,6 +1,7 @@ #!/usr/bin/env python3 # -*- coding: utf-8 -*- import os +import sys import psutil import funct @@ -12,8 +13,6 @@ template = env.get_template('ovw.html') print('Content-type: text/html\n') -funct.check_login() - grafana = 0 metrics_worker = 0 checker_worker = 0 @@ -24,6 +23,17 @@ host = os.environ.get('HTTP_HOST', '') try: user, user_id, role, token, servers, user_services = funct.get_users_params() +except Exception as e: + print(f'error {e}') + sys.exit() + +try: + funct.check_login(user_id, token) +except Exception as e: + print(f'error {e}') + sys.exit() + +try: groups = sql.select_groups() user_group = funct.get_user_group(id=1) @@ -85,7 +95,7 @@ except Exception as e: servers = '' stderr = '' token = '' - print(str(e)) + # print(str(e)) rendered_template = template.render( h2=1, autorefresh=1, title="Overview", role=role, user=user, groups=groups, roles=sql.select_roles(), diff --git a/app/portscanner.py b/app/portscanner.py index edbdc0d3..8dad466f 100644 --- a/app/portscanner.py +++ b/app/portscanner.py @@ -9,13 +9,18 @@ form = funct.form serv = form.getvalue('history') print('Content-type: text/html\n') -funct.check_login() try: user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1) except Exception as e: print(str(e)) +try: + funct.check_login(user_id, token) +except Exception as e: + print(f'error {e}') + sys.exit() + if serv: title = 'Port scanner history for ' + serv port_scanner_settings = sql.select_port_scanner_history(serv) diff --git a/app/provisioning.py b/app/provisioning.py index 07cdb780..1740470e 100644 --- a/app/provisioning.py +++ b/app/provisioning.py @@ -7,10 +7,17 @@ template = env.get_template('provisioning.html') form = funct.form print('Content-type: text/html\n') -funct.check_login() + +user, user_id, role, token, servers, user_services = funct.get_users_params() + +try: + funct.check_login(user_id, token) +except Exception as e: + print(f'error {e}') + sys.exit() + funct.page_for_admin(level=2) try: - user, user_id, role, token, servers, user_services = funct.get_users_params() if role == 1: groups = sql.select_groups() else: diff --git a/app/runtimeapi.py b/app/runtimeapi.py index 596553ec..0cb8a09a 100644 --- a/app/runtimeapi.py +++ b/app/runtimeapi.py @@ -5,11 +5,18 @@ env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('runtimeapi.html') print('Content-type: text/html\n') -funct.check_login(service=1) + +user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1, haproxy=1) + +try: + funct.check_login(user_id, token, service=1) +except Exception as e: + print(f'error {e}') + sys.exit() + form = funct.form try: - user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1, haproxy=1) servbackend = form.getvalue('servbackend') serv = form.getvalue('serv') if servbackend is None: diff --git a/app/sections.py b/app/sections.py index eae0fbb4..85da030c 100644 --- a/app/sections.py +++ b/app/sections.py @@ -12,7 +12,17 @@ env = Environment(loader=FileSystemLoader('templates/'), autoescape=True, extens template = env.get_template('sections.html') print('Content-type: text/html\n') -funct.check_login(service=1) + +try: + user, user_id, role, token, servers, user_services = funct.get_users_params() +except Exception: + pass + +try: + funct.check_login(user_id, token, service=1) +except Exception as e: + print(f'error {e}') + sys.exit() form = funct.form serv = form.getvalue('serv') @@ -29,11 +39,6 @@ end_line = "" warning = '' is_restart = '' -try: - user, user_id, role, token, servers, user_services = funct.get_users_params() -except Exception: - pass - hap_configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir') if serv is not None and open is not None: diff --git a/app/servers.py b/app/servers.py index 4c7fbbc8..afcf5028 100644 --- a/app/servers.py +++ b/app/servers.py @@ -9,10 +9,16 @@ template = env.get_template('servers.html') form = funct.form print('Content-type: text/html\n') -funct.check_login() +user, user_id, role, token, servers, user_services = funct.get_users_params() + +try: + funct.check_login(user_id, token) +except Exception as e: + print(f'error {e}') + sys.exit() + funct.page_for_admin(level=2) try: - user, user_id, role, token, servers, user_services = funct.get_users_params() ldap_enable = sql.get_setting('ldap_enable') user_group = funct.get_user_group(id=1) settings = sql.get_setting('', all=1) diff --git a/app/smon.py b/app/smon.py index dfa64891..f1965b48 100644 --- a/app/smon.py +++ b/app/smon.py @@ -4,6 +4,15 @@ import sql from jinja2 import Environment, FileSystemLoader env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('smon.html') + +user, user_id, role, token, servers, user_services = funct.get_users_params() + +try: + funct.check_login(user_id, token) +except Exception as e: + print(f'error {e}') + sys.exit() + form = funct.form action = form.getvalue('action') sort = form.getvalue('sort') @@ -12,7 +21,6 @@ autorefresh = 0 print('Content-type: text/html\n') funct.check_login() -user, user_id, role, token, servers, user_services = funct.get_users_params() user_group = funct.get_user_group(id=1) cmd = "systemctl is-active roxy-wi-smon" smon_status, stderr = funct.subprocess_execute(cmd) diff --git a/app/statsview.py b/app/statsview.py index 8d1105fb..0189f430 100644 --- a/app/statsview.py +++ b/app/statsview.py @@ -4,16 +4,15 @@ import sql from jinja2 import Environment, FileSystemLoader env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('statsview.html') +print('Content-type: text/html\n') + +user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1, haproxy=1) + form = funct.form serv = form.getvalue('serv') service = form.getvalue('service') -print('Content-type: text/html\n') -funct.check_login() - try: - user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1, haproxy=1) - if serv is None: first_serv = servers for i in first_serv: @@ -24,7 +23,7 @@ except Exception: if service in ('haproxy', 'nginx', 'apache'): service_desc = sql.select_service(service) - if funct.check_login(service=service_desc.service_id): + if funct.check_login(user_id, token, service=service_desc.service_id): title = f'{service_desc.service} stats page' sql.get_dick_permit(service=service_desc.slug) else: diff --git a/app/users.py b/app/users.py index 0633ae44..152cc4f7 100644 --- a/app/users.py +++ b/app/users.py @@ -12,11 +12,17 @@ form = funct.form print('Content-type: text/html\n') -funct.check_login() +user, user_id, role, token, servers, user_services = funct.get_users_params() + +try: + funct.check_login(user_id, token) +except Exception as e: + print(f'error {e}') + sys.exit() + funct.page_for_admin() try: - user, user_id, role, token, servers, user_services = funct.get_users_params() users = sql.select_users() settings = sql.get_setting('', all=1) ldap_enable = sql.get_setting('ldap_enable') diff --git a/app/versions.py b/app/versions.py index 26e3d75e..50a1246d 100644 --- a/app/versions.py +++ b/app/versions.py @@ -12,7 +12,12 @@ env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('delver.html') print('Content-type: text/html\n') -funct.check_login() + +try: + user, user_id, role, token, servers, user_services = funct.get_users_params(disable=1) +except Exception: + pass + funct.page_for_admin(level=3) form = funct.form @@ -29,14 +34,9 @@ file = set() if configver: template = env.get_template('configver.html') -try: - user, user_id, role, token, servers, user_services = funct.get_users_params(disable=1) -except Exception: - pass - if service in ('haproxy', 'nginx', 'keepalived', 'apache'): service_desc = sql.select_service(service) - if funct.check_login(service=service_desc.service_id): + if funct.check_login(user_id, token, service=service_desc.service_id): title = f"Working with versions {service_desc.service} configs" servers = sql.get_dick_permit(service=service_desc.slug) action = f'versions.py?service={service_desc.slug}' diff --git a/app/viewlogs.py b/app/viewlogs.py index 53b81618..7cb83347 100644 --- a/app/viewlogs.py +++ b/app/viewlogs.py @@ -12,6 +12,15 @@ get_config_var = roxy_wi_tools.GetConfigVar() env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('logs.html') form = funct.form +print('Content-type: text/html\n') + +user, user_id, role, token, servers, user_services = funct.get_users_params() + +try: + funct.check_login(user_id, token) +except Exception as e: + print(f'error {e}') + sys.exit() if form.getvalue('grep') is None: grep = "" @@ -35,8 +44,6 @@ hour1 = form.getvalue('hour1') minut = form.getvalue('minut') minut1 = form.getvalue('minut1') -print('Content-type: text/html\n') -funct.check_login() if form.getvalue('type') == '2': funct.page_for_admin(level=2) page = 'for_editor' @@ -58,11 +65,6 @@ try: except Exception: pass -try: - user, user_id, role, token, servers, user_services = funct.get_users_params() -except Exception: - pass - selects = funct.get_files(log_path, file_format="log") if form.getvalue('type') is None: selects.append(['fail2ban.log', 'fail2ban.log'])