v8.1.6: Fix minor bugs and enhance security in multiple modules

Removed a debug print statement, added error handling for SSH commands, updated token inputs to be password-protected, and fixed a log path in Fail2Ban configuration. Updated server list handling in templates to improve code consistency. These changes enhance reliability, security, and maintainability across the application.
2025-03-13 10:45:39 +03:00 · 2025-03-13 10:45:39 +03:00 · 32db39fdd5
parent f3f540c291
commit 32db39fdd5
6 changed files with 15 additions and 9 deletions
--- a/app/modules/db/checker.py
+++ b/app/modules/db/checker.py
@ -42,7 +42,6 @@ def update_checker_setting_for_server(service_id: int, server_id: int, **kwargs)
 		query = (CheckerSetting.update(**kwargs).where(
 			(CheckerSetting.service_id == service_id) & (CheckerSetting.server_id == server_id)
 		))
-		print(query)
 		query.execute()
 	except Exception as e:
 		out_error(e)
--- a/app/routes/add/routes.py
+++ b/app/routes/add/routes.py
@ -64,7 +64,8 @@ def add(service):
        'h2': 1,
        'add': request.form.get('add'),
        'conf_add': request.form.get('conf'),
-        'lang': g.user_params['lang']
+        'lang': g.user_params['lang'],
+        'all_servers': roxywi_common.get_dick_permit()
    }

    if service == 'haproxy':
--- a/app/templates/add.html
+++ b/app/templates/add.html
@ -365,7 +365,7 @@ for (var i = 0; i <= serv_ports.length; i++) {
                {{ lang.words.server|title() }}
            </td>
            <td>
-                {{ select('new-le-server_id', values=g.user_params['servers'], is_servers='true', by_id=1) }}
+                {{ select('new-le-server_id', values=all_servers, is_servers='true', by_id=1) }}
            </td>
        </tr>
        <tr>
--- a/app/templates/ajax/channels.html
+++ b/app/templates/ajax/channels.html
@ -18,7 +18,7 @@
    <tr id="telegram-table-{{telegram.id}}" class="{{ loop.cycle('odd', 'even') }}">
        <td class="padding10 first-collumn">
            {% set id = 'telegram-token-' + telegram.id|string() %}
-            {{ input(id, value=telegram.token, size='30') }}
+            {{ input(id, value=telegram.token, size='30', type='password') }}
        </td>
        <td>
            {% set id = 'telegram-chanel-' + telegram.id|string() %}
@ -70,7 +70,7 @@
    <tr id="slack-table-{{slack.id}}" class="{{ loop.cycle('odd', 'even') }}">
        <td class="padding10 first-collumn">
            {% set id = 'slack-token-' + slack.id|string() %}
-            {{ input(id, value=slack.token, size='30') }}
+            {{ input(id, value=slack.token, size='30', type='password') }}
        </td>
        <td>
            {% set id = 'slack-chanel-' + slack.id|string() %}
@ -122,7 +122,7 @@
    <tr id="pd-table-{{pd.id}}" class="{{ loop.cycle('odd', 'even') }}">
        <td class="padding10 first-collumn">
            {% set id = 'pd-token-' + pd.id|string() %}
-            {{ input(id, value=pd.token, size='30') }}
+            {{ input(id, value=pd.token, size='30', type='password') }}
        </td>
        <td>
            {% set id = 'pd-chanel-' + pd.id|string() %}
--- a/app/views/service/views.py
+++ b/app/views/service/views.py
@ -113,7 +113,10 @@ class ServiceView(MethodView):
                container_name = sql.get_setting(f'{service}_container_name')
                cmd = (f"sudo docker exec -it {container_name} /usr/sbin/nginx -v 2>&1|awk '{{print $3}}' && "
                       f"docker ps -a -f name={container_name} --format '{{{{.Status}}}}' && ps ax |grep nginx:|grep -v grep |wc -l")
-                out = server_mod.ssh_command(server.ip, cmd)
+                try:
+                    out = server_mod.ssh_command(server.ip, cmd)
+                except Exception as e:
+                    return ErrorResponse(error=str(e)).model_dump(mode='json'), 500
                out = out.replace('\n', '')
                out1 = out.split('\r')
                if out1[0] == 'from':
@ -124,7 +127,10 @@ class ServiceView(MethodView):
            else:
                cmd = ("/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active'"
                       "|awk '{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l")
-                out = server_mod.ssh_command(server.ip, cmd)
+                try:
+                    out = server_mod.ssh_command(server.ip, cmd)
+                except Exception as e:
+                    return ErrorResponse(error=str(e)).model_dump(mode='json'), 500
                out = out.replace('\n', '')
                out1 = out.split('\r')
                try:
--- a/config_other/fail2ban/jail.d/roxy-wi.conf
+++ b/config_other/fail2ban/jail.d/roxy-wi.conf
@ -3,7 +3,7 @@ enabled  = true
 filter   = roxy-wi
 port     = http,https
 action   = iptables[name=roxy-wi, port=https, protocol=tcp]
-logpath  = /var/log/roxy-wi/roxy-wi-*.log
+logpath  = /var/log/roxy-wi/roxy-wi.log
 findtime = 600
 bantime  = 600
 maxretry = 2