v8.0.1: Add group_id to service-related functions utilizing user params

Enhance various service functions to accept and process group_id from user parameters. This update ensures that settings and actions are correctly scoped to the user's group, improving access control and accuracy of the returned data.

app/modules/db/user.py

@@ -204,6 +204,8 @@ def update_last_act_user(user_id: int, ip: str) -> None:
 def get_user_by_username(username: str) -> User:
 	try:
 		return User.get(User.username == username)
+	except User.DoesNotExist:
+		raise RoxywiResourceNotFound
 	except Exception as e:
 		out_error(e)
 

app/modules/roxywi/roxy.py

@@ -48,8 +48,11 @@ def versions():
 	except Exception as e:
 		raise Exception(f'Cannot get new version: {e}')
 
-	if version.parse(current_ver) < version.parse(new_ver):
-		json_data['need_update'] = 1
+	try:
+		if version.parse(current_ver) < version.parse(new_ver):
+			json_data['need_update'] = 1
+	except version.InvalidVersion as e:
+		roxywi_common.handle_json_exceptions(e, 'Cannot check new version')
 
 	return json_data
 

app/modules/service/haproxy.py

@@ -1,7 +1,7 @@
 import os
 import requests
 
-from flask import request
+from flask import request, g
 
 import app.modules.db.sql as sql
 import app.modules.server.server as server_mod
@@ -10,11 +10,11 @@ import app.modules.config.common as config_common
 import app.modules.roxywi.common as roxywi_common
 
 
-def stat_page_action(server_ip: str) -> bytes:
-    haproxy_user = sql.get_setting('haproxy_stats_user')
-    haproxy_pass = sql.get_setting('haproxy_stats_password')
-    stats_port = sql.get_setting('haproxy_stats_port')
-    stats_page = sql.get_setting('haproxy_stats_page')
+def stat_page_action(server_ip: str, group_id: int) -> bytes:
+    haproxy_user = sql.get_setting('haproxy_stats_user', group_id=group_id)
+    haproxy_pass = sql.get_setting('haproxy_stats_password', group_id=group_id)
+    stats_port = sql.get_setting('haproxy_stats_port', group_id=group_id)
+    stats_page = sql.get_setting('haproxy_stats_page', group_id=group_id)
 
     postdata = {
         'action': request.form.get('action'),
@@ -33,7 +33,7 @@ def stat_page_action(server_ip: str) -> bytes:
     return data.content
 
 
-def show_map(serv: str) -> str:
+def show_map(serv: str, group_id: int) -> str:
     import networkx as nx
     import matplotlib
 
@@ -41,7 +41,7 @@ def show_map(serv: str) -> str:
     import matplotlib.pyplot as plt
 
     service = 'haproxy'
-    stats_port = sql.get_setting(f'{service}_stats_port')
+    stats_port = sql.get_setting(f'{service}_stats_port', group_id=group_id)
     cfg = config_common.generate_config_path(service, serv)
     output = f'<center><h4 style="margin-bottom: 0;">Map from {serv}</h4>'
     error = config_mod.get_config(serv, cfg, service=service)
@@ -244,8 +244,8 @@ def show_map(serv: str) -> str:
 
 
 def runtime_command(serv: str, enable: str, backend: str, save: str) -> str:
-    server_state_file = sql.get_setting('server_state_file')
-    haproxy_sock = sql.get_setting('haproxy_sock')
+    server_state_file = sql.get_setting('server_state_file', group_id=g.user_params['group_id'])
+    haproxy_sock = sql.get_setting('haproxy_sock', group_id=g.user_params['group_id'])
     cmd = f"echo {enable} {backend} |sudo socat stdio {haproxy_sock}"
 
     if save == "on":

app/routes/config/routes.py

@@ -331,5 +331,6 @@ def show_compare(service, server_ip):
 
 
 @bp.route('/map/haproxy/<server_ip>/show')
+@get_user_params()
 def show_map(server_ip):
-    return service_haproxy.show_map(server_ip)
+    return service_haproxy.show_map(server_ip, g.user_params['group_id'])

app/routes/main/routes.py

@@ -131,17 +131,18 @@ def stats(service, serv):
 @bp.route('/stats/view/<service>/<server_ip>')
 @jwt_required()
 @check_services
+@get_user_params()
 def show_stats(service, server_ip):
     server_ip = common.is_ip_or_dns(server_ip)
 
     if service in ('nginx', 'apache'):
         try:
-            return service_common.get_stat_page(server_ip, service)
+            return service_common.get_stat_page(server_ip, service, g.user_params['group_id'])
         except Exception as e:
             return f'error: {e}'
     else:
         try:
-            return service_haproxy.stat_page_action(server_ip)
+            return service_haproxy.stat_page_action(server_ip, g.user_params['group_id'])
         except Exception as e:
             return f'error: {e}'
 

app/routes/runtime/routes.py

@@ -118,6 +118,7 @@ def change_maxconn(type_maxconn, server_ip):
 
 
 @bp.route('/action/<server_ip>', methods=['POST'])
+@get_user_params()
 def action(server_ip):
     server_ip = common.is_ip_or_dns(server_ip)
     enable = common.checkAjaxInput(request.form.get('servaction'))
@@ -131,9 +132,10 @@ def action(server_ip):
 
 
 @bp.post('/stats/action/<server_ip>')
+@get_user_params()
 def stat_page_action(server_ip):
     try:
-        return service_haproxy.stat_page_action(server_ip)
+        return service_haproxy.stat_page_action(server_ip, g.user_params['group_id'])
     except Exception as e:
         return f'{e}'