github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity

v7.0.0.0 

Changelog: https://roxy-wi.org/changelog#7.0.0
pull/364/head
Aidaho 2023-09-30 11:48:54 +03:00
parent d75ad2b893
commit 658a41706e
31 changed files with 902 additions and 1062 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/__init__.py
View File

@ -16,6 +16,12 @@ login_manager = LoginManager(app)
app.config['SITEMAP_INCLUDE_RULES_WITHOUT_PARAMS'] = True
app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(days=3)
from app.routes.main import bp as main_bp
app.register_blueprint(main_bp)
from app.routes.overview import bp as overview_bp
app.register_blueprint(overview_bp)
from app.routes.add import bp as add_bp
app.register_blueprint(add_bp, url_prefix='/add')
@ -25,6 +31,9 @@ app.register_blueprint(service_bp, url_prefix='/service')
from app.routes.config import bp as config_bp
app.register_blueprint(config_bp, url_prefix='/config')
from app.routes.logs import bp as logs_bp
app.register_blueprint(logs_bp, url_prefix='/logs')
from app.routes.metric import bp as metric_bp
app.register_blueprint(metric_bp, url_prefix='/metrics')
@ -40,6 +49,9 @@ app.register_blueprint(smon_bp, url_prefix='/smon')
from app.routes.checker import bp as checker_bp
app.register_blueprint(checker_bp, url_prefix='/checker')
from app.routes.portscanner import bp as portscanner_bp
app.register_blueprint(portscanner_bp, url_prefix='/portscanner')
from app.routes.install import bp as install_bp
app.register_blueprint(install_bp, url_prefix='/install')
@ -51,6 +63,3 @@ app.register_blueprint(server_bp, url_prefix='/server')
from app.routes.admin import bp as admin_bp
app.register_blueprint(admin_bp, url_prefix='/admin')
from app import views
from app import ajax_views

191
app/ajax_views.py
View File

@ -1,191 +0,0 @@
import os
import sys
from flask import render_template, request
from flask_login import login_required
from app import app, login_manager, cache
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
import modules.service.action as service_action
import modules.service.common as service_common
import modules.service.haproxy as service_haproxy
import modules.roxywi.roxy as roxy
import modules.roxywi.logs as roxy_logs
import modules.roxywi.nettools as nettools
import modules.roxywi.common as roxywi_common
import modules.roxywi.overview as roxy_overview
@app.route('/overview/services')
@login_required
def show_services_overview():
return roxy_overview.show_services_overview()
@app.route('/overview/server/<server_ip>')
@login_required
def overview_server(server_ip):
return roxy_overview.show_overview(server_ip)
@app.route('/overview/users')
@login_required
def overview_users():
return roxy_overview.user_owv()
@app.route('/overview/sub')
@login_required
@cache.cached()
def overview_sub():
return roxy_overview.show_sub_ovw()
@app.route('/logs/<service>/<serv>', methods=['GET', 'POST'])
@login_required
def show_remote_log_files(service, serv):
service = common.checkAjaxInput(service)
serv = common.checkAjaxInput(serv)
log_path = sql.get_setting(f'{service}_path_logs')
return_files = server_mod.get_remote_files(serv, log_path, 'log')
if 'error: ' in return_files:
return return_files
lang = roxywi_common.get_user_lang_for_flask()
return render_template(
'ajax/show_log_files.html', serv=serv, return_files=return_files, path_dir=log_path, lang=lang
)
@app.route('/logs/<service>/<serv>/<rows>', defaults={'waf': '0'}, methods=['GET', 'POST'])
@app.route('/logs/<service>/waf/<serv>/<rows>', defaults={'waf': '1'}, methods=['GET', 'POST'])
@login_required
def show_logs(service, serv, rows, waf):
if request.method == 'GET':
grep = request.args.get('grep')
exgrep = request.args.get('exgrep')
hour = request.args.get('hour')
minute = request.args.get('minute')
hour1 = request.args.get('hour1')
minute1 = request.args.get('minute1')
log_file = request.args.get('file')
else:
grep = request.form.get('grep')
exgrep = request.form.get('exgrep')
hour = request.form.get('hour')
minute = request.form.get('minute')
hour1 = request.form.get('hour1')
minute1 = request.form.get('minute1')
log_file = request.form.get('file')
if roxywi_common.check_user_group_for_flask():
try:
out = roxy_logs.show_roxy_log(serv=serv, rows=rows, waf=waf, grep=grep, exgrep=exgrep, hour=hour, minute=minute,
hour1=hour1, minute1=minute1, service=service, log_file=log_file)
except Exception as e:
return str(e)
else:
return out
@app.route('/internal/show_version')
@cache.cached()
def show_roxywi_version():
return render_template('ajax/check_version.html', versions=roxy.versions())
@app.route('/stats/view/<service>/<server_ip>')
def show_stats(service, server_ip):
server_ip = common.is_ip_or_dns(server_ip)
if service in ('nginx', 'apache'):
return service_common.get_stat_page(server_ip, service)
else:
return service_haproxy.stat_page_action(server_ip)
@app.route('/portscanner/history/<server_ip>')
@login_required
def portscanner_history(server_ip):
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
history = sql.select_port_scanner_history(server_ip)
user_subscription = roxywi_common.return_user_subscription()
return render_template(
'include/port_scan_history.html', h2=1, autorefresh=0, role=user_params['role'], user=user, servers=user_params['servers'],
history=history, user_services=user_params['user_services'], token=user_params['token'],
user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], lang=user_params['lang']
)
@app.post('/portscanner/settings')
def change_settings_portscanner():
server_id = common.checkAjaxInput(request.form.get('server_id'))
enabled = common.checkAjaxInput(request.form.get('enabled'))
notify = common.checkAjaxInput(request.form.get('notify'))
history = common.checkAjaxInput(request.form.get('history'))
user_group_id = [server[3] for server in sql.select_servers(id=server_id)]
try:
if sql.insert_port_scanner_settings(server_id, user_group_id[0], enabled, notify, history):
return 'ok'
else:
if sql.update_port_scanner_settings(server_id, user_group_id[0], enabled, notify, history):
return 'ok'
except Exception as e:
return f'error: Cannot save settings: {e}'
else:
return 'ok'
@app.route('/portscanner/scan/<int:server_id>')
def scan_port(server_id):
server = sql.select_servers(id=server_id)
ip = ''
for s in server:
ip = s[2]
cmd = f"sudo nmap -sS {ip} |grep -E '^[[:digit:]]'|sed 's/ */ /g'"
cmd1 = f"sudo nmap -sS {ip} |head -5|tail -2"
stdout, stderr = server_mod.subprocess_execute(cmd)
stdout1, stderr1 = server_mod.subprocess_execute(cmd1)
if stderr != '':
return f'error: {stderr}'
else:
lang = roxywi_common.get_user_lang_for_flask()
return render_template('ajax/scan_ports.html', ports=stdout, info=stdout1, lang=lang)
@app.post('/nettols/<check>')
def nettols_check(check):
server_from = common.checkAjaxInput(request.form.get('server_from'))
server_to = common.is_ip_or_dns(request.form.get('server_to'))
action = common.checkAjaxInput(request.form.get('nettools_action'))
port_to = common.checkAjaxInput(request.form.get('nettools_telnet_port_to'))
dns_name = common.checkAjaxInput(request.form.get('nettools_nslookup_name'))
dns_name = common.is_ip_or_dns(dns_name)
record_type = common.checkAjaxInput(request.form.get('nettools_nslookup_record_type'))
if check == 'icmp':
return nettools.ping_from_server(server_from, server_to, action)
elif check == 'tcp':
return nettools.telnet_from_server(server_from, server_to, port_to)
elif check == 'dns':
return nettools.nslookup_from_server(server_from, dns_name, record_type)
else:
return 'error: Wrong check'

101
app/modules/roxywi/roxy.py
View File

@ -2,9 +2,11 @@ import os
import re
import distro
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.retry import Retry
import modules.db.sql as sql
import modules.server.server as server_mod
import modules.roxywi.common as roxywi_common
@ -19,43 +21,6 @@ def is_docker() -> bool:
return False
def update_roxy_wi(service):
restart_service = ''
services = ['roxy-wi-checker',
'roxy-wi',
'roxy-wi-keep_alive',
'roxy-wi-smon',
'roxy-wi-metrics',
'roxy-wi-portscanner',
'roxy-wi-socket',
'roxy-wi-prometheus-exporter']
if service not in services:
raise Exception(f'error: {service} is not part of Roxy-WI')
if distro.id() == 'ubuntu':
try:
if service == 'roxy-wi-keep_alive':
service = 'roxy-wi-keep-alive'
except Exception:
pass
if service != 'roxy-wi':
restart_service = f'&& sudo systemctl restart {service}'
cmd = f'sudo -S apt-get update && sudo apt-get install {service} {restart_service}'
else:
if service != 'roxy-wi':
restart_service = f'&& sudo systemctl restart {service}'
cmd = f'sudo -S yum -y install {service} {restart_service}'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr:
return stderr
else:
return output
def check_ver():
return sql.get_ver()
@ -87,67 +52,7 @@ def versions():
return current_ver, new_ver, current_ver_without_dots, new_ver_without_dots
def get_services_status():
services = []
is_in_docker = is_docker()
services_name = {
'roxy-wi-checker': '',
'roxy-wi-keep_alive': '',
'roxy-wi-metrics': '',
'roxy-wi-portscanner': '',
'roxy-wi-smon': '',
'roxy-wi-socket': '',
'roxy-wi-prometheus-exporter': 'Prometheus exporter',
'prometheus': 'Prometheus service',
'grafana-server': 'Grafana service',
'fail2ban': 'Fail2ban service',
'rabbitmq-server': 'Message broker service'
}
for s, v in services_name.items():
if is_in_docker:
cmd = f"sudo supervisorctl status {s}|awk '{{print $2}}'"
else:
cmd = f"systemctl is-active {s}"
status, stderr = server_mod.subprocess_execute(cmd)
if s != 'roxy-wi-keep_alive':
service_name = s.split('_')[0]
if s == 'grafana-server':
service_name = 'grafana'
elif s == 'roxy-wi-keep_alive' and distro.id() == 'ubuntu':
service_name = 'roxy-wi-keep-alive'
else:
service_name = s
if service_name == 'prometheus':
cmd = "prometheus --version 2>&1 |grep prometheus|awk '{print $3}'"
else:
if distro.id() == 'ubuntu':
cmd = f"apt list --installed 2>&1 |grep {service_name}|awk '{{print $2}}'|sed 's/-/./'"
else:
cmd = f"rpm -q {service_name}|awk -F\"{service_name}\" '{{print $2}}' |awk -F\".noa\" '{{print $1}}' |sed 's/-//1' |sed 's/-/./'"
service_ver, stderr = server_mod.subprocess_execute(cmd)
try:
if service_ver[0] == 'command' or service_ver[0] == 'prometheus:':
service_ver[0] = ''
except Exception:
pass
try:
services.append([s, status, v, service_ver[0]])
except Exception:
services.append([s, status, v, ''])
return services
def check_new_version(service):
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.retry import Retry
current_ver = check_ver()
proxy = sql.get_setting('proxy')
res = ''

4
app/modules/tools/checker.py
View File

@ -1,13 +1,13 @@
from flask import render_template, redirect, url_for
import modules.db.sql as sql
import modules.roxywi.roxy as roxywi_mod
import modules.tools.common as tools_common
import modules.roxywi.common as roxywi_common
def load_checker() -> None:
groups = sql.select_groups()
services = roxywi_mod.get_services_status()
services = tools_common.get_services_status()
keepalived_settings = ''
haproxy_settings = ''
apache_settings = ''

100
app/modules/tools/common.py Normal file
View File

@ -0,0 +1,100 @@
import distro
import modules.db.sql as sql
import modules.roxywi.roxy as roxywi_mod
import modules.server.server as server_mod
import modules.roxywi.common as roxywi_common
def get_services_status():
services = []
is_in_docker = roxywi_mod.is_docker()
services_name = {
'roxy-wi-checker': '',
'roxy-wi-keep_alive': '',
'roxy-wi-metrics': '',
'roxy-wi-portscanner': '',
'roxy-wi-smon': '',
'roxy-wi-socket': '',
'roxy-wi-prometheus-exporter': 'Prometheus exporter',
'prometheus': 'Prometheus service',
'grafana-server': 'Grafana service',
'fail2ban': 'Fail2ban service',
'rabbitmq-server': 'Message broker service'
}
for s, v in services_name.items():
if is_in_docker:
cmd = f"sudo supervisorctl status {s}|awk '{{print $2}}'"
else:
cmd = f"systemctl is-active {s}"
status, stderr = server_mod.subprocess_execute(cmd)
if s != 'roxy-wi-keep_alive':
service_name = s.split('_')[0]
if s == 'grafana-server':
service_name = 'grafana'
elif s == 'roxy-wi-keep_alive' and distro.id() == 'ubuntu':
service_name = 'roxy-wi-keep-alive'
else:
service_name = s
if service_name == 'prometheus':
cmd = "prometheus --version 2>&1 |grep prometheus|awk '{print $3}'"
else:
if distro.id() == 'ubuntu':
cmd = f"apt list --installed 2>&1 |grep {service_name}|awk '{{print $2}}'|sed 's/-/./'"
else:
cmd = f"rpm -q {service_name}|awk -F\"{service_name}\" '{{print $2}}' |awk -F\".noa\" '{{print $1}}' |sed 's/-//1' |sed 's/-/./'"
service_ver, stderr = server_mod.subprocess_execute(cmd)
try:
if service_ver[0] == 'command' or service_ver[0] == 'prometheus:':
service_ver[0] = ''
except Exception:
pass
try:
services.append([s, status, v, service_ver[0]])
except Exception:
services.append([s, status, v, ''])
return services
def update_roxy_wi(service: str) -> str:
restart_service = ''
services = ['roxy-wi-checker',
'roxy-wi',
'roxy-wi-keep_alive',
'roxy-wi-smon',
'roxy-wi-metrics',
'roxy-wi-portscanner',
'roxy-wi-socket',
'roxy-wi-prometheus-exporter']
if service not in services:
raise Exception(f'error: {service} is not part of Roxy-WI')
if distro.id() == 'ubuntu':
try:
if service == 'roxy-wi-keep_alive':
service = 'roxy-wi-keep-alive'
except Exception:
pass
if service != 'roxy-wi':
restart_service = f'&& sudo systemctl restart {service}'
cmd = f'sudo -S apt-get update && sudo apt-get install {service} {restart_service}'
else:
if service != 'roxy-wi':
restart_service = f'&& sudo systemctl restart {service}'
cmd = f'sudo -S yum -y install {service} {restart_service}'
output, stderr = server_mod.subprocess_execute(cmd)
if stderr != '':
return str(stderr)
else:
return str(output)

18
app/routes/add/routes.py
View File

@ -1,20 +1,16 @@
import os
import sys
from flask import render_template, request, jsonify, redirect, url_for
from flask_login import login_required
from app.routes.add import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.config.add as add_mod
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.roxy_wi_tools as roxy_wi_tools
import modules.server.server as server_mod
import app.modules.db.sql as sql
import app.modules.config.add as add_mod
import app.modules.common.common as common
import app.modules.roxywi.auth as roxywi_auth
import app.modules.roxywi.common as roxywi_common
import app.modules.roxy_wi_tools as roxy_wi_tools
import app.modules.server.server as server_mod
get_config = roxy_wi_tools.GetConfigVar()
time_zone = sql.get_setting('time_zone')

23
app/routes/admin/routes.py
View File

@ -1,5 +1,4 @@
import os
import sys
import pytz
import distro
@ -7,15 +6,13 @@ from flask import render_template, request, redirect, url_for
from flask_login import login_required
from app.routes.admin import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.roxy as roxy
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.server.server as server_mod
import app.modules.db.sql as sql
import app.modules.common.common as common
import app.modules.roxywi.roxy as roxy
import app.modules.roxywi.auth as roxywi_auth
import app.modules.roxywi.common as roxywi_common
import app.modules.server.server as server_mod
import app.modules.tools.common as tools_common
@bp.before_request
@ -66,7 +63,7 @@ def show_tools():
roxywi_auth.page_for_admin()
lang = roxywi_common.get_user_lang_for_flask()
try:
services = roxy.get_services_status()
services = tools_common.get_services_status()
except Exception as e:
return str(e)
@ -78,7 +75,7 @@ def update_tools(service):
roxywi_auth.page_for_admin()
try:
return roxy.update_roxy_wi(service)
return tools_common.update_roxy_wi(service)
except Exception as e:
return f'error: {e}'
@ -103,7 +100,7 @@ def update_roxywi():
portscanner_ver = roxy.check_new_version('portscanner')
socket_ver = roxy.check_new_version('socket')
prometheus_exp_ver = roxy.check_new_version('prometheus-exporter')
services = roxy.get_services_status()
services = tools_common.get_services_status()
lang = roxywi_common.get_user_lang_for_flask()
return render_template(

18
app/routes/checker/routes.py
View File

@ -1,19 +1,13 @@
import os
import sys
from flask import render_template, request, redirect, url_for
from flask_login import login_required
from app.routes.checker import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.common as roxywi_common
import modules.tools.alerting as alerting
import modules.tools.checker as checker_mod
import modules.tools.smon as smon_mod
import app.modules.db.sql as sql
import app.modules.common.common as common
import app.modules.roxywi.common as roxywi_common
import app.modules.tools.alerting as alerting
import app.modules.tools.checker as checker_mod
import app.modules.tools.smon as smon_mod
@bp.before_request

22
app/routes/config/routes.py
View File

@ -1,22 +1,18 @@
import os
import sys
from flask import render_template, request, redirect, url_for
from flask_login import login_required
from app.routes.config import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.config.config as config_mod
import modules.config.section as section_mod
import modules.service.haproxy as service_haproxy
import modules.server.server as server_mod
import app.modules.db.sql as sql
import app.modules.common.common as common
import app.modules.roxy_wi_tools as roxy_wi_tools
import app.modules.roxywi.auth as roxywi_auth
import app.modules.roxywi.common as roxywi_common
import app.modules.config.config as config_mod
import app.modules.config.section as section_mod
import app.modules.service.haproxy as service_haproxy
import app.modules.server.server as server_mod
get_config = roxy_wi_tools.GetConfigVar()
time_zone = sql.get_setting('time_zone')

22
app/routes/install/routes.py
View File

@ -1,21 +1,15 @@
import os
import sys
from flask import render_template, request, redirect, url_for
from flask_login import login_required
from app.routes.install import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.server.server as server_mod
import modules.service.common as service_common
import modules.service.installation as service_mod
import modules.service.exporter_installation as exp_installation
import app.modules.db.sql as sql
import app.modules.common.common as common
import app.modules.roxywi.auth as roxywi_auth
import app.modules.roxywi.common as roxywi_common
import app.modules.server.server as server_mod
import app.modules.service.common as service_common
import app.modules.service.installation as service_mod
import app.modules.service.exporter_installation as exp_installation
@bp.before_request

5
app/routes/logs/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from flask import Blueprint
bp = Blueprint('logs', __name__)
from app.routes.logs import routes

157
app/routes/logs/routes.py Normal file
View File

@ -0,0 +1,157 @@
from flask import render_template, request, redirect, url_for
from flask_login import login_required
from app.routes.logs import bp
import app.modules.db.sql as sql
import app.modules.common.common as common
import app.modules.roxywi.auth as roxywi_auth
import app.modules.roxywi.logs as roxy_logs
import app.modules.roxywi.common as roxywi_common
import app.modules.server.server as server_mod
import app.modules.roxy_wi_tools as roxy_wi_tools
get_config = roxy_wi_tools.GetConfigVar()
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
pass
@bp.route('/internal')
def logs_internal():
log_type = request.args.get('type')
if log_type == '2':
roxywi_auth.page_for_admin(level=2)
else:
roxywi_auth.page_for_admin()
try:
user_params = roxywi_common.get_users_params(virt=1, haproxy=1)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
time_storage = sql.get_setting('log_time_storage')
log_path = get_config.get_config_var('main', 'log_path')
selects = roxywi_common.get_files(log_path, file_format="log")
try:
time_storage_hours = time_storage * 24
for dirpath, dirnames, filenames in os.walk(log_path):
for file in filenames:
curpath = os.path.join(dirpath, file)
file_modified = datetime.datetime.fromtimestamp(os.path.getmtime(curpath))
if datetime.datetime.now() - file_modified > datetime.timedelta(hours=time_storage_hours):
os.remove(curpath)
except Exception:
pass
if log_type is None:
selects.append(['fail2ban.log', 'fail2ban.log'])
selects.append(['roxy-wi.error.log', 'error.log'])
selects.append(['roxy-wi.access.log', 'access.log'])
return render_template('logs_internal.html', h2=1, autorefresh=1, role=user_params['role'], user=user,
user_services=user_params['user_services'], token=user_params['token'],
lang=user_params['lang'], selects=selects, serv='viewlogs'
)
@bp.route('/<service>', defaults={'waf': None})
@bp.route('/<service>/<waf>')
def logs(service, waf):
serv = request.args.get('serv')
rows = request.args.get('rows')
grep = request.args.get('grep')
exgrep = request.args.get('exgrep')
hour = request.args.get('hour')
minute = request.args.get('minute')
hour1 = request.args.get('hour1')
minute1 = request.args.get('minute1')
log_file = request.args.get('file')
if rows is None: rows=10
if grep is None: grep=''
try:
user_params = roxywi_common.get_users_params(virt=1, haproxy=1)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
if service in ('haproxy', 'nginx', 'keepalived', 'apache') and not waf:
service_desc = sql.select_service(service)
service_name = service_desc.service
is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id)
if is_redirect != 'ok':
return redirect(url_for(f'{is_redirect}'))
servers = roxywi_common.get_dick_permit(service=service_desc.slug)
elif waf:
service_name = 'WAF'
is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1)
if is_redirect != 'ok':
return redirect(url_for(f'{is_redirect}'))
servers = roxywi_common.get_dick_permit(haproxy=1)
else:
return redirect(url_for('index'))
return render_template(
'logs.html', autorefresh=1, role=user_params['role'], user=user, select_id='serv', rows=rows,
remote_file=log_file, selects=servers, waf=waf, service=service, user_services=user_params['user_services'],
token=user_params['token'], lang=user_params['lang'], service_name=service_name, grep=grep, serv=serv
)
@bp.route('/<service>/<serv>', methods=['GET', 'POST'])
def show_remote_log_files(service, serv):
service = common.checkAjaxInput(service)
serv = common.checkAjaxInput(serv)
log_path = sql.get_setting(f'{service}_path_logs')
return_files = server_mod.get_remote_files(serv, log_path, 'log')
if 'error: ' in return_files:
return return_files
lang = roxywi_common.get_user_lang_for_flask()
return render_template(
'ajax/show_log_files.html', serv=serv, return_files=return_files, path_dir=log_path, lang=lang
)
@bp.route('/<service>/<serv>/<rows>', defaults={'waf': '0'}, methods=['GET', 'POST'])
@bp.route('/<service>/waf/<serv>/<rows>', defaults={'waf': '1'}, methods=['GET', 'POST'])
def show_logs(service, serv, rows, waf):
if request.method == 'GET':
grep = request.args.get('grep')
exgrep = request.args.get('exgrep')
hour = request.args.get('hour')
minute = request.args.get('minute')
hour1 = request.args.get('hour1')
minute1 = request.args.get('minute1')
log_file = request.args.get('file')
else:
grep = request.form.get('grep')
exgrep = request.form.get('exgrep')
hour = request.form.get('hour')
minute = request.form.get('minute')
hour1 = request.form.get('hour1')
minute1 = request.form.get('minute1')
log_file = request.form.get('file')
if roxywi_common.check_user_group_for_flask():
try:
out = roxy_logs.show_roxy_log(serv=serv, rows=rows, waf=waf, grep=grep, exgrep=exgrep, hour=hour, minute=minute,
hour1=hour1, minute1=minute1, service=service, log_file=log_file)
except Exception as e:
return str(e)
else:
return out

5
app/routes/main/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from flask import Blueprint
bp = Blueprint('main', __name__)
from app.routes.main import routes

353
app/routes/main/routes.py Normal file
View File

@ -0,0 +1,353 @@
import os
import sys
import uuid
import pytz
import distro
from flask import render_template, request, redirect, url_for, flash, make_response
from flask_login import login_user, login_required, logout_user, current_user
from datetime import datetime, timedelta
from app import login_manager, cache
from app.routes.main import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
from modules.db.db_model import *
import modules.common.common as common
import modules.server.server as server_mod
import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.roxy as roxy
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.nettools as nettools
import modules.roxywi.common as roxywi_common
import modules.service.common as service_common
import modules.service.haproxy as service_haproxy
@bp.before_request
@cache.memoize(50)
def check_login():
user_params = roxywi_common.get_users_params()
if user_params is None:
make_response(redirect(url_for('login_page')))
try:
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'])
except Exception:
make_response(redirect(url_for('login_page')))
@bp.errorhandler(404)
def page_not_found(e):
return render_template('404.html'), 404
@bp.errorhandler(500)
def page_not_found(e):
return render_template('500.html', e=e), 500
@login_manager.user_loader
def load_user(user_id):
user = f'user_{user_id}'
user_obj = cache.get(user)
if user_obj is None:
query = User.get(User.user_id == user_id)
cache.set(user, query, timeout=360)
return query
return user_obj
@bp.after_request
def redirect_to_login(response):
if response.status_code == 401:
return redirect(url_for('login_page') + '?next=' + request.url)
return response
@bp.route('/login', methods=['GET', 'POST'])
def login_page():
next_url = request.args.get('next') or request.form.get('next')
login = request.form.get('login')
password = request.form.get('pass')
role = 5
user1 = ''
if next_url is None:
next_url = ''
try:
groups = sql.select_groups(id=user_groups)
for g in groups:
if g[0] == int(user_groups):
user_group = g[1]
except Exception:
user_group = ''
try:
if distro.id() == 'ubuntu':
if os.path.exists('/etc/apt/auth.conf.d/roxy-wi.conf'):
cmd = "grep login /etc/apt/auth.conf.d/roxy-wi.conf |awk '{print $2}'"
get_user_name, stderr = server_mod.subprocess_execute(cmd)
user_name = get_user_name[0]
else:
user_name = 'git'
else:
if os.path.exists('/etc/yum.repos.d/roxy-wi.repo'):
cmd = "grep base /etc/yum.repos.d/roxy-wi.repo |awk -F\":\" '{print $2}'|awk -F\"/\" '{print $3}'"
get_user_name, stderr = server_mod.subprocess_execute(cmd)
user_name = get_user_name[0]
else:
user_name = 'git'
if sql.select_user_name():
sql.update_user_name(user_name)
else:
sql.insert_user_name(user_name)
except Exception as e:
roxywi_common.logging('Cannot update subscription: ', str(e), roxywi=1)
try:
session_ttl = int(sql.get_setting('session_ttl'))
except Exception:
session_ttl = 5
expires = datetime.utcnow() + timedelta(days=session_ttl)
if login and password:
users = sql.select_users(user=login)
for user in users:
if user.activeuser == 0:
flash('Your login is disabled', 'alert alert-danger wrong-login')
if user.ldap_user == 1:
if login in user.username:
if check_in_ldap(login, password):
login_user(user)
resp = make_response(next_url or url_for('index'))
resp.set_cookie('uuid', user_uuid, secure=True, expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT"))
resp.set_cookie('group', str(user.groups), secure=True, expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT"))
else:
passwordHashed = roxy_wi_tools.Tools.get_hash(password)
if login in user.username and passwordHashed == user.password:
user_uuid = str(uuid.uuid4())
user_token = str(uuid.uuid4())
sql.write_user_uuid(login, user_uuid)
sql.write_user_token(login, user_token)
role = int(user.role)
user1 = user.username
login_user(user)
resp = make_response(next_url or url_for('index'))
try:
resp.set_cookie('uuid', user_uuid, secure=True, expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT"))
resp.set_cookie('group', str(user.groups), secure=True, expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT"))
except Exception as e:
print(e)
try:
user_name = sql.get_user_name_by_uuid(user_uuid)
roxywi_common.logging('Roxy-WI server', f' user: {user_name}, group: {user_group} login', roxywi=1)
except Exception:
pass
return resp
else:
flash('Login or password is not correct', 'alert alert-danger wrong-login')
else:
return 'ban', 200
else:
flash('Login or password is not correct', 'alert alert-danger wrong-login')
try:
lang = roxywi_common.get_user_lang_for_flask()
except Exception:
lang = 'en'
return render_template('login.html', role=role, user=user1, lang=lang)
@bp.route('/logout', methods=['GET', 'POST'])
@login_required
def logout():
user = f'user_{current_user.id}'
cache.delete(user)
logout_user()
resp = make_response(redirect(url_for('index')))
resp.delete_cookie('uuid')
resp.delete_cookie('group')
return resp
@bp.route('/stats/<service>/', defaults={'serv': None})
@bp.route('/stats/<service>/<serv>')
@login_required
def stats(service, serv):
try:
user_params = roxywi_common.get_users_params(virt=1, haproxy=1)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
try:
if serv is None:
first_serv = user_params['servers']
for i in first_serv:
serv = i[2]
break
except Exception:
pass
if service in ('haproxy', 'nginx', 'apache'):
service_desc = sql.select_service(service)
is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id)
if is_redirect != 'ok':
return redirect(url_for(f'{is_redirect}'))
servers = roxywi_common.get_dick_permit(service=service_desc.slug)
else:
return redirect(url_for('index'))
return render_template(
'statsview.html', h2=1, autorefresh=1, role=user_params['role'], user=user, selects=servers, serv=serv,
service=service, user_services=user_params['user_services'], token=user_params['token'],
select_id="serv", lang=user_params['lang'], service_desc=service_desc
)
@bp.route('/stats/view/<service>/<server_ip>')
@login_required
def show_stats(service, server_ip):
server_ip = common.is_ip_or_dns(server_ip)
if service in ('nginx', 'apache'):
return service_common.get_stat_page(server_ip, service)
else:
return service_haproxy.stat_page_action(server_ip)
@bp.route('/nettools')
@login_required
def nettools():
try:
user_params = roxywi_common.get_users_params(virt=1)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
return render_template(
'nettools.html', autorefresh=0, role=user_params['role'], user=user, servers=user_params['servers'],
user_services=user_params['user_services'], token=user_params['token'], lang=user_params['lang']
)
@bp.post('/nettols/<check>')
@login_required
def nettols_check(check):
server_from = common.checkAjaxInput(request.form.get('server_from'))
server_to = common.is_ip_or_dns(request.form.get('server_to'))
action = common.checkAjaxInput(request.form.get('nettools_action'))
port_to = common.checkAjaxInput(request.form.get('nettools_telnet_port_to'))
dns_name = common.checkAjaxInput(request.form.get('nettools_nslookup_name'))
dns_name = common.is_ip_or_dns(dns_name)
record_type = common.checkAjaxInput(request.form.get('nettools_nslookup_record_type'))
if check == 'icmp':
return nettools.ping_from_server(server_from, server_to, action)
elif check == 'tcp':
return nettools.telnet_from_server(server_from, server_to, port_to)
elif check == 'dns':
return nettools.nslookup_from_server(server_from, dns_name, record_type)
else:
return 'error: Wrong check'
@bp.route('/history/<service>/<server_ip>')
@login_required
def service_history(service, server_ip):
users = sql.select_users()
server_ip = common.checkAjaxInput(server_ip)
user_subscription = roxywi_common.return_user_subscription()
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
service_desc = sql.select_service(service)
if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id):
server_id = sql.select_server_id_by_ip(server_ip)
history = sql.select_action_history_by_server_id_and_service(server_id, service_desc.service)
elif service == 'server':
if roxywi_common.check_is_server_in_group(server_ip):
server_id = sql.select_server_id_by_ip(server_ip)
history = sql.select_action_history_by_server_id(server_id)
elif service == 'user':
history = sql.select_action_history_by_user_id(server_ip)
try:
sql.delete_action_history_for_period()
except Exception as e:
print(e)
return render_template(
'history.html', h2=1, role=user_params['role'], user=user, users=users, serv=server_ip, service=service,
history=history, user_services=user_params['user_services'], token=user_params['token'],
user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], lang=user_params['lang']
)
@bp.route('/servers')
@login_required
def servers():
roxywi_auth.page_for_admin(level=2)
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
ldap_enable = sql.get_setting('ldap_enable')
user_group = roxywi_common.get_user_group(id=1)
settings = sql.get_setting('', all=1)
services = sql.select_services()
gits = sql.select_gits()
servers = roxywi_common.get_dick_permit(virt=1, disable=0, only_group=1)
masters = sql.select_servers(get_master_servers=1, uuid=user_params['user_uuid'])
is_needed_tool = common.is_tool('ansible')
user_roles = sql.select_user_roles_by_group(user_group)
backups = sql.select_backups()
s3_backups = sql.select_s3_backups()
user_subscription = roxywi_common.return_user_subscription()
if user_params['lang'] == 'ru':
title = 'Сервера: '
else:
title = "Servers: "
return render_template(
'servers.html',
h2=1, title=title, role=user_params['role'], user=user, users=sql.select_users(group=user_group),
groups=sql.select_groups(), servers=servers, roles=sql.select_roles(), sshs=sql.select_ssh(group=user_group),
masters=masters, group=user_group, services=services, timezones=pytz.all_timezones, guide_me=1,
token=user_params['token'], settings=settings, backups=backups, s3_backups=s3_backups, page="servers.py",
user_services=user_params['user_services'], ldap_enable=ldap_enable,
user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], gits=gits,
is_needed_tool=is_needed_tool, lang=user_params['lang'], user_roles=user_roles
)
@bp.route('/internal/show_version')
@cache.cached()
def show_roxywi_version():
return render_template('ajax/check_version.html', versions=roxy.versions())

18
app/routes/metric/routes.py
View File

@ -1,20 +1,14 @@
import os
import sys
import distro
from flask import render_template, request, jsonify, redirect, url_for
from flask_login import login_required
from app.routes.metric import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
import modules.roxywi.metrics as metric
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import app.modules.db.sql as sql
import app.modules.common.common as common
import app.modules.server.server as server_mod
import app.modules.roxywi.metrics as metric
import app.modules.roxywi.auth as roxywi_auth
import app.modules.roxywi.common as roxywi_common
@bp.before_request

5
app/routes/overview/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from flask import Blueprint
bp = Blueprint('overview', __name__)
from app.routes.overview import routes

55
app/routes/overview/routes.py Normal file
View File

@ -0,0 +1,55 @@
from flask import render_template, request, redirect, url_for
from flask_login import login_required
from app import cache
from app.routes.overview import bp
import app.modules.db.sql as sql
from app.modules.db.db_model import *
import app.modules.roxywi.logs as roxy_logs
import app.modules.roxywi.common as roxywi_common
import app.modules.roxywi.overview as roxy_overview
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
pass
@bp.route('/')
@bp.route('/overview')
def index():
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
groups = sql.select_groups()
return render_template(
'ovw.html', h2=1, autorefresh=1, role=user_params['role'], user=user, groups=groups,
roles=sql.select_roles(), servers=user_params['servers'], user_services=user_params['user_services'],
roxy_wi_log=roxy_logs.roxy_wi_log(), token=user_params['token'], guide_me=1, lang=user_params['lang']
)
@bp.route('/overview/services')
def show_services_overview():
return roxy_overview.show_services_overview()
@bp.route('/overview/server/<server_ip>')
def overview_server(server_ip):
return roxy_overview.show_overview(server_ip)
@bp.route('/overview/users')
def overview_users():
return roxy_overview.user_owv()
@bp.route('/overview/sub')
@cache.cached()
def overview_sub():
return roxy_overview.show_sub_ovw()

5
app/routes/portscanner/__init__.py Normal file
View File

@ -0,0 +1,5 @@
from flask import Blueprint
bp = Blueprint('portscanner', __name__)
from app.routes.portscanner import routes

108
app/routes/portscanner/routes.py Normal file
View File

@ -0,0 +1,108 @@
from flask import render_template, request
from flask_login import login_required
from app.routes.portscanner import bp
import app.modules.db.sql as sql
import app.modules.common.common as common
import app.modules.server.server as server_mod
import app.modules.roxywi.common as roxywi_common
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
pass
@bp.route('')
def portscanner():
try:
user_params = roxywi_common.get_users_params(virt=1)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
user_group = roxywi_common.get_user_group(id=1)
port_scanner_settings = sql.select_port_scanner_settings(user_group)
if not port_scanner_settings:
port_scanner_settings = ''
count_ports = ''
else:
count_ports = list()
for s in user_params['servers']:
count_ports_from_sql = sql.select_count_opened_ports(s[2])
i = (s[2], count_ports_from_sql)
count_ports.append(i)
cmd = "systemctl is-active roxy-wi-portscanner"
port_scanner, port_scanner_stderr = server_mod.subprocess_execute(cmd)
user_subscription = roxywi_common.return_user_subscription()
return render_template(
'portscanner.html', h2=1, autorefresh=0, role=user_params['role'], user=user, servers=user_params['servers'],
port_scanner_settings=port_scanner_settings, count_ports=count_ports, port_scanner=''.join(port_scanner),
port_scanner_stderr=port_scanner_stderr, user_services=user_params['user_services'], user_status=user_subscription['user_status'],
user_plan=user_subscription['user_plan'], token=user_params['token'], lang=user_params['lang']
)
@bp.route('/history/<server_ip>')
def portscanner_history(server_ip):
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
history = sql.select_port_scanner_history(server_ip)
user_subscription = roxywi_common.return_user_subscription()
return render_template(
'include/port_scan_history.html', h2=1, autorefresh=0, role=user_params['role'], user=user, history=history,
servers=user_params['servers'], user_services=user_params['user_services'], token=user_params['token'],
user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], lang=user_params['lang']
)
@bp.post('/settings')
def change_settings_portscanner():
server_id = common.checkAjaxInput(request.form.get('server_id'))
enabled = common.checkAjaxInput(request.form.get('enabled'))
notify = common.checkAjaxInput(request.form.get('notify'))
history = common.checkAjaxInput(request.form.get('history'))
user_group_id = [server[3] for server in sql.select_servers(id=server_id)]
try:
if sql.insert_port_scanner_settings(server_id, user_group_id[0], enabled, notify, history):
return 'ok'
else:
if sql.update_port_scanner_settings(server_id, user_group_id[0], enabled, notify, history):
return 'ok'
except Exception as e:
return f'error: Cannot save settings: {e}'
else:
return 'ok'
@bp.route('/scan/<int:server_id>')
def scan_port(server_id):
server = sql.select_servers(id=server_id)
ip = ''
for s in server:
ip = s[2]
cmd = f"sudo nmap -sS {ip} |grep -E '^[[:digit:]]'|sed 's/ */ /g'"
cmd1 = f"sudo nmap -sS {ip} |head -5|tail -2"
stdout, stderr = server_mod.subprocess_execute(cmd)
stdout1, stderr1 = server_mod.subprocess_execute(cmd1)
if stderr != '':
return f'error: {stderr}'
else:
lang = roxywi_common.get_user_lang_for_flask()
return render_template('ajax/scan_ports.html', ports=stdout, info=stdout1, lang=lang)

14
app/routes/runtime/routes.py
View File

@ -1,17 +1,11 @@
import os
import sys
from flask import render_template, request, redirect, url_for
from flask_login import login_required
from app.routes.runtime import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.common.common as common
import modules.roxywi.common as roxywi_common
import modules.config.runtime as runtime
import modules.service.haproxy as service_haproxy
import app.modules.common.common as common
import app.modules.roxywi.common as roxywi_common
import app.modules.config.runtime as runtime
import app.modules.service.haproxy as service_haproxy
@bp.before_request

175
app/routes/server/routes.py
View File

@ -1,5 +1,3 @@
import os
import sys
import json
import distro
@ -7,20 +5,16 @@ from flask import render_template, request
from flask_login import login_required
from app.routes.server import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.roxy as roxy
import modules.roxywi.group as group_mod
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.roxy_wi_tools as roxy_wi_tools
import modules.server.ssh as ssh_mod
import modules.server.server as server_mod
import modules.tools.smon as smon_mod
import modules.service.backup as backup_mod
import app.modules.db.sql as sql
import app.modules.common.common as common
import app.modules.roxywi.group as group_mod
import app.modules.roxywi.auth as roxywi_auth
import app.modules.roxywi.common as roxywi_common
import app.modules.roxy_wi_tools as roxy_wi_tools
import app.modules.server.ssh as ssh_mod
import app.modules.server.server as server_mod
import app.modules.tools.smon as smon_mod
import app.modules.service.backup as backup_mod
get_config = roxy_wi_tools.GetConfigVar()
time_zone = sql.get_setting('time_zone')
@ -235,155 +229,6 @@ def update_system_info(server_ip, server_id):
return server_mod.update_system_info(server_ip, server_id)
@bp.route('/tools')
def show_tools():
roxywi_auth.page_for_admin()
lang = roxywi_common.get_user_lang_for_flask()
try:
services = roxy.get_services_status()
except Exception as e:
return str(e)
return render_template('ajax/load_services.html', services=services, lang=lang)
@bp.route('/tools/update/<service>')
def update_tools(service):
roxywi_auth.page_for_admin()
try:
return roxy.update_roxy_wi(service)
except Exception as e:
return f'error: {e}'
@bp.route('/tools/action/<service>/<action>')
def action_tools(service, action):
roxywi_auth.page_for_admin()
if action not in ('start', 'stop', 'restart'):
return 'error: wrong action'
return roxy.action_service(action, service)
@bp.route('/update')
def update_roxywi():
roxywi_auth.page_for_admin()
versions = roxy.versions()
checker_ver = roxy.check_new_version('checker')
smon_ver = roxy.check_new_version('smon')
metrics_ver = roxy.check_new_version('metrics')
keep_ver = roxy.check_new_version('keep_alive')
portscanner_ver = roxy.check_new_version('portscanner')
socket_ver = roxy.check_new_version('socket')
prometheus_exp_ver = roxy.check_new_version('prometheus-exporter')
services = roxy.get_services_status()
lang = roxywi_common.get_user_lang_for_flask()
return render_template(
'ajax/load_updateroxywi.html', services=services, versions=versions, checker_ver=checker_ver, smon_ver=smon_ver,
metrics_ver=metrics_ver, portscanner_ver=portscanner_ver, socket_ver=socket_ver, prometheus_exp_ver=prometheus_exp_ver,
keep_ver=keep_ver, lang=lang
)
@bp.route('/openvpn')
def load_openvpn():
roxywi_auth.page_for_admin()
openvpn_configs = ''
openvpn_sess = ''
openvpn = ''
if distro.id() == 'ubuntu':
stdout, stderr = server_mod.subprocess_execute("apt show openvpn3 2>&1|grep E:")
elif distro.id() == 'centos' or distro.id() == 'rhel':
stdout, stderr = server_mod.subprocess_execute("rpm --query openvpn3-client")
if (
(stdout[0] != 'package openvpn3-client is not installed' and stderr != '/bin/sh: rpm: command not found')
and stdout[0] != 'E: No packages found'
):
cmd = "sudo openvpn3 configs-list |grep -E 'ovpn|(^|[^0-9])[0-9]{4}($|[^0-9])' |grep -v net|awk -F\" \" '{print $1}'|awk 'ORS=NR%2?\" \":\"\\n\"'"
openvpn_configs, stderr = server_mod.subprocess_execute(cmd)
cmd = "sudo openvpn3 sessions-list|grep -E 'Config|Status'|awk -F\":\" '{print $2}'|awk 'ORS=NR%2?\" \":\"\\n\"'| sed 's/^ //g'"
openvpn_sess, stderr = server_mod.subprocess_execute(cmd)
openvpn = stdout[0]
return render_template('ajax/load_openvpn.html', openvpn=openvpn, openvpn_sess=openvpn_sess, openvpn_configs=openvpn_configs)
@bp.post('/openvpn/upload')
def upload_openvpn():
name = common.checkAjaxInput(request.form.get('ovpnname'))
ovpn_file = f"{os.path.dirname('/tmp/')}/{name}.ovpn"
try:
with open(ovpn_file, "w") as conf:
conf.write(request.form.get('uploadovpn'))
except IOError as e:
error = f'error: Cannot save ovpn file {e}'
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
return error
try:
cmd = 'sudo openvpn3 config-import --config %s --persistent' % ovpn_file
server_mod.subprocess_execute(cmd)
except IOError as e:
error = f'error: Cannot import OpenVPN file: {e}'
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
return error
try:
cmd = 'sudo cp %s /etc/openvpn3/%s.conf' % (ovpn_file, name)
server_mod.subprocess_execute(cmd)
except IOError as e:
error = f'error: Cannot save OpenVPN file: {e}'
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
return error
roxywi_common.logging("Roxy-WI server", f" has been uploaded a new ovpn file {ovpn_file}", roxywi=1, login=1)
return 'success: ovpn file has been saved </div>'
@bp.post('/openvpn/delete')
def delete_openvpn():
openvpndel = common.checkAjaxInput(request.form.get('openvpndel'))
cmd = f'sudo openvpn3 config-remove --config /tmp/{openvpndel}.ovpn --force'
try:
server_mod.subprocess_execute(cmd)
roxywi_common.logging(openvpndel, ' has deleted the ovpn file ', roxywi=1, login=1)
except IOError as e:
error = f'error: Cannot delete OpenVPN file: {e}'
roxywi_common.logging('Roxy-WI server', error, roxywi=1)
return error
else:
return 'ok'
@bp.route('/openvpn/action/<action>/<openvpn>')
def action_openvpn(action, openvpn):
openvpn = common.checkAjaxInput(openvpn)
if action == 'start':
cmd = f'sudo openvpn3 session-start --config /tmp/{openvpn}.ovpn'
elif action == 'restart':
cmd = f'sudo openvpn3 session-manage --config /tmp/{openvpn}.ovpn --restart'
elif action == 'disconnect':
cmd = f'sudo openvpn3 session-manage --config /tmp/{openvpn}.ovpn --disconnect'
else:
return 'error: wrong action'
try:
server_mod.subprocess_execute(cmd)
roxywi_common.logging(openvpn, f' The ovpn session has been {action}ed ', roxywi=1, login=1)
return f"success: The {openvpn} has been {action}ed"
except IOError as e:
roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1)
return f'error: Cannot {action} OpenVPN: {e}'
@bp.route('/services/<int:server_id>', methods=['GET', 'POST'])
def show_server_services(server_id):
roxywi_auth.page_for_admin(level=2)

21
app/routes/service/routes.py
View File

@ -1,5 +1,3 @@
import os
import sys
from functools import wraps
import distro
@ -8,17 +6,14 @@ from flask_login import login_required
from app import cache
from app.routes.service import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
import modules.service.action as service_action
import modules.service.common as service_common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.roxywi.overview as roxy_overview
import app.modules.db.sql as sql
import app.modules.common.common as common
import app.modules.server.server as server_mod
import app.modules.service.action as service_action
import app.modules.service.common as service_common
import app.modules.roxywi.auth as roxywi_auth
import app.modules.roxywi.common as roxywi_common
import app.modules.roxywi.overview as roxy_overview
def check_services(fn):

16
app/routes/smon/routes.py
View File

@ -1,20 +1,14 @@
import os
import sys
from pytz import timezone
from flask import render_template, request, redirect, url_for, jsonify
from flask_login import login_required
from datetime import datetime
from app.routes.smon import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.tools.smon as smon_mod
import app.modules.db.sql as sql
import app.modules.common.common as common
import app.modules.roxywi.auth as roxywi_auth
import app.modules.roxywi.common as roxywi_common
import app.modules.tools.smon as smon_mod
@bp.before_request

15
app/routes/user/routes.py
View File

@ -1,19 +1,14 @@
import os
import sys
import json
from flask import render_template, request
from flask_login import login_required
from app.routes.user import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.user as roxywi_user
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import app.modules.db.sql as sql
import app.modules.common.common as common
import app.modules.roxywi.user as roxywi_user
import app.modules.roxywi.auth as roxywi_auth
import app.modules.roxywi.common as roxywi_common
@bp.before_request

20
app/routes/waf/routes.py
View File

@ -1,20 +1,14 @@
import os
import sys
from flask import render_template, request
from flask_login import login_required
from app.routes.waf import bp
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
import modules.common.common as common
import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.waf as roxy_waf
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
import modules.config.config as config_mod
import app.modules.db.sql as sql
import app.modules.common.common as common
import app.modules.roxy_wi_tools as roxy_wi_tools
import app.modules.roxywi.waf as roxy_waf
import app.modules.roxywi.auth as roxywi_auth
import app.modules.roxywi.common as roxywi_common
import app.modules.config.config as config_mod
get_config = roxy_wi_tools.GetConfigVar()
time_zone = sql.get_setting('time_zone')

4
app/templates/ajax/load_services.html
View File

@ -42,7 +42,7 @@
<td class="padding10 first-collumn">
{% if 'is not installed' in s.3 or not s.3 %}
{% if s.0 in ('prometheus', 'grafana-server') %}
<a class="ui-button ui-widget ui-corner-all" onclick="openTab(10)" title="{{lang.words.install|title()}} {{service_name}}">{{lang.words.install|title()}}</a>
<a href="/app/install#monitoring" class="ui-button ui-widget ui-corner-all" title="{{lang.words.install|title()}} {{service_name}}">{{lang.words.install|title()}}</a>
{% elif s.0 in ('rabbitmq-server', 'fail2ban') %}
<a class="ui-button ui-widget ui-corner-all" href="https://roxy-wi.org/services/{{s.0.split('-')[0]}}" title="{{lang.words.install|title()}} {{services_name[s.0]['name']}}" target="_blank">{{lang.words.install|title()}}</a>
{% else %}
@ -66,7 +66,7 @@
{% endif %}
</td>
<td colspan="2">
{{ services_name[s.0]['desc'] }}
{{ services_name[s.0]['desc'] | safe }}
</td>
</tr>
{% endfor %}

2
app/templates/ajax/load_updateroxywi.html
View File

@ -120,7 +120,7 @@
{% endif %}
</td>
<td colspan="2">
{{services_name[s.0]['desc']}}
{{services_name[s.0]['desc']|safe}}
</td>
</tr>
{% endif %}

1
app/templates/base.html
View File

@ -38,7 +38,6 @@
<link rel="icon" type="image/png" sizes="32x32" href="{{ url_for('static', filename='images/favicon/favicon-32x32.png') }}">
<link rel="icon" type="image/png" sizes="96x96" href="{{ url_for('static', filename='images/favicon/favicon-96x96.png') }}">
<link rel="icon" type="image/png" sizes="16x16" href="{{ url_for('static', filename='images/favicon/favicon-16x16.png') }}">
<link rel="manifest" href="{{ url_for('static', filename='images/favicon/manifest.json') }}">
<meta name="msapplication-TileColor" content="#ffffff">
<meta name="msapplication-TileImage" content="{{ url_for('static', filename='images/favicon/ms-icon-144x144.png') }}">
<meta name="theme-color" content="#ffffff">

4
app/templates/include/errors.html
View File

@ -1,4 +1,4 @@
<div class="alert alert-danger alert-one-row" style="margin-bottom: 10px;">
{{stderr}}
{{error}}
{{stderr|safe}}
{{error|safe}}
</div>

463
app/views.py
View File

@ -1,463 +0,0 @@
import os
import sys
import uuid
import pytz
import distro
from flask import render_template, request, redirect, url_for, flash, make_response
from flask_login import login_user, login_required, logout_user, current_user
from datetime import datetime, timedelta
from app import app, login_manager, cache
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
import modules.db.sql as sql
from modules.db.db_model import *
import modules.common.common as common
import modules.server.server as server_mod
import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.logs as roxy_logs
import modules.roxywi.roxy as roxywi
import modules.roxywi.auth as roxywi_auth
import modules.roxywi.common as roxywi_common
get_config = roxy_wi_tools.GetConfigVar()
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
@app.before_request
@cache.memoize(50)
def check_login():
user_params = roxywi_common.get_users_params()
if user_params is None:
make_response(redirect(url_for('login_page')))
try:
roxywi_auth.check_login(user_params['user_uuid'], user_params['token'])
except Exception:
make_response(redirect(url_for('login_page')))
@app.errorhandler(404)
def page_not_found(e):
return render_template('404.html'), 404
@app.errorhandler(500)
def page_not_found(e):
return render_template('500.html', e=e), 500
@login_manager.user_loader
def load_user(user_id):
user = f'user_{user_id}'
user_obj = cache.get(user)
if user_obj is None:
query = User.get(User.user_id == user_id)
cache.set(user, query, timeout=360)
return query
return user_obj
@app.after_request
def redirect_to_login(response):
if response.status_code == 401:
return redirect(url_for('login_page') + '?next=' + request.url)
return response
@app.route('/login', methods=['GET', 'POST'])
def login_page():
next_url = request.args.get('next') or request.form.get('next')
login = request.form.get('login')
password = request.form.get('pass')
role = 5
user1 = ''
if next_url is None:
next_url = ''
try:
groups = sql.select_groups(id=user_groups)
for g in groups:
if g[0] == int(user_groups):
user_group = g[1]
except Exception:
user_group = ''
try:
if distro.id() == 'ubuntu':
if os.path.exists('/etc/apt/auth.conf.d/roxy-wi.conf'):
cmd = "grep login /etc/apt/auth.conf.d/roxy-wi.conf |awk '{print $2}'"
get_user_name, stderr = server_mod.subprocess_execute(cmd)
user_name = get_user_name[0]
else:
user_name = 'git'
else:
if os.path.exists('/etc/yum.repos.d/roxy-wi.repo'):
cmd = "grep base /etc/yum.repos.d/roxy-wi.repo |awk -F\":\" '{print $2}'|awk -F\"/\" '{print $3}'"
get_user_name, stderr = server_mod.subprocess_execute(cmd)
user_name = get_user_name[0]
else:
user_name = 'git'
if sql.select_user_name():
sql.update_user_name(user_name)
else:
sql.insert_user_name(user_name)
except Exception as e:
roxywi_common.logging('Cannot update subscription: ', str(e), roxywi=1)
try:
session_ttl = int(sql.get_setting('session_ttl'))
except Exception:
session_ttl = 5
expires = datetime.utcnow() + timedelta(days=session_ttl)
if login and password:
users = sql.select_users(user=login)
for user in users:
if user.activeuser == 0:
flash('Your login is disabled', 'alert alert-danger wrong-login')
if user.ldap_user == 1:
if login in user.username:
if check_in_ldap(login, password):
login_user(user)
resp = make_response(next_url or url_for('index'))
resp.set_cookie('uuid', user_uuid, secure=True, expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT"))
resp.set_cookie('group', str(user.groups), secure=True, expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT"))
else:
passwordHashed = roxy_wi_tools.Tools.get_hash(password)
if login in user.username and passwordHashed == user.password:
user_uuid = str(uuid.uuid4())
user_token = str(uuid.uuid4())
sql.write_user_uuid(login, user_uuid)
sql.write_user_token(login, user_token)
role = int(user.role)
user1 = user.username
login_user(user)
resp = make_response(next_url or url_for('index'))
try:
resp.set_cookie('uuid', user_uuid, secure=True, expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT"))
resp.set_cookie('group', str(user.groups), secure=True, expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT"))
except Exception as e:
print(e)
try:
user_name = sql.get_user_name_by_uuid(user_uuid)
roxywi_common.logging('Roxy-WI server', f' user: {user_name}, group: {user_group} login', roxywi=1)
except Exception:
pass
return resp
else:
flash('Login or password is not correct', 'alert alert-danger wrong-login')
else:
return 'ban', 200
else:
flash('Login or password is not correct', 'alert alert-danger wrong-login')
try:
lang = roxywi_common.get_user_lang_for_flask()
except Exception:
lang = 'en'
return render_template('login.html', role=role, user=user1, lang=lang)
@app.route('/logout', methods=['GET', 'POST'])
@login_required
def logout():
user = f'user_{current_user.id}'
cache.delete(user)
logout_user()
resp = make_response(redirect(url_for('index')))
resp.delete_cookie('uuid')
resp.delete_cookie('group')
return resp
@app.route('/')
@app.route('/overview')
@login_required
def index():
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
groups = sql.select_groups()
return render_template(
'ovw.html', h2=1, autorefresh=1, role=user_params['role'], user=user, groups=groups,
roles=sql.select_roles(), servers=user_params['servers'], user_services=user_params['user_services'],
roxy_wi_log=roxy_logs.roxy_wi_log(), token=user_params['token'], guide_me=1, lang=user_params['lang']
)
@app.route('/stats/<service>/', defaults={'serv': None})
@app.route('/stats/<service>/<serv>')
@login_required
def stats(service, serv):
try:
user_params = roxywi_common.get_users_params(virt=1, haproxy=1)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
try:
if serv is None:
first_serv = user_params['servers']
for i in first_serv:
serv = i[2]
break
except Exception:
pass
if service in ('haproxy', 'nginx', 'apache'):
service_desc = sql.select_service(service)
is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id)
if is_redirect != 'ok':
return redirect(url_for(f'{is_redirect}'))
servers = roxywi_common.get_dick_permit(service=service_desc.slug)
else:
return redirect(url_for('index'))
return render_template(
'statsview.html', h2=1, autorefresh=1, role=user_params['role'], user=user, selects=servers, serv=serv,
service=service, user_services=user_params['user_services'], token=user_params['token'],
select_id="serv", lang=user_params['lang'], service_desc=service_desc
)
@app.route('/logs/internal')
@login_required
def logs_internal():
log_type = request.args.get('type')
if log_type == '2':
roxywi_auth.page_for_admin(level=2)
else:
roxywi_auth.page_for_admin()
try:
user_params = roxywi_common.get_users_params(virt=1, haproxy=1)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
time_storage = sql.get_setting('log_time_storage')
log_path = get_config.get_config_var('main', 'log_path')
selects = roxywi_common.get_files(log_path, file_format="log")
try:
time_storage_hours = time_storage * 24
for dirpath, dirnames, filenames in os.walk(log_path):
for file in filenames:
curpath = os.path.join(dirpath, file)
file_modified = datetime.datetime.fromtimestamp(os.path.getmtime(curpath))
if datetime.datetime.now() - file_modified > datetime.timedelta(hours=time_storage_hours):
os.remove(curpath)
except Exception:
pass
if log_type is None:
selects.append(['fail2ban.log', 'fail2ban.log'])
selects.append(['roxy-wi.error.log', 'error.log'])
selects.append(['roxy-wi.access.log', 'access.log'])
return render_template(
'logs_internal.html',
h2=1, autorefresh=1, role=user_params['role'], user=user, user_services=user_params['user_services'],
token=user_params['token'], lang=user_params['lang'], selects=selects, serv='viewlogs'
)
@app.route('/logs/<service>', defaults={'waf': None})
@app.route('/logs/<service>/<waf>')
@login_required
def logs(service, waf):
serv = request.args.get('serv')
rows = request.args.get('rows')
grep = request.args.get('grep')
exgrep = request.args.get('exgrep')
hour = request.args.get('hour')
minute = request.args.get('minute')
hour1 = request.args.get('hour1')
minute1 = request.args.get('minute1')
log_file = request.args.get('file')
if rows is None: rows=10
if grep is None: grep=''
try:
user_params = roxywi_common.get_users_params(virt=1, haproxy=1)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
if service in ('haproxy', 'nginx', 'keepalived', 'apache') and not waf:
service_desc = sql.select_service(service)
service_name = service_desc.service
is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id)
if is_redirect != 'ok':
return redirect(url_for(f'{is_redirect}'))
servers = roxywi_common.get_dick_permit(service=service_desc.slug)
elif waf:
service_name = 'WAF'
is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1)
if is_redirect != 'ok':
return redirect(url_for(f'{is_redirect}'))
servers = roxywi_common.get_dick_permit(haproxy=1)
else:
return redirect(url_for('index'))
return render_template(
'logs.html',
h2=1, autorefresh=1, role=user_params['role'], user=user, select_id='serv', rows=rows, remote_file=log_file,
selects=servers, waf=waf, service=service, user_services=user_params['user_services'],
token=user_params['token'], lang=user_params['lang'], service_name=service_name, grep=grep, serv=serv
)
@app.route('/portscanner')
@login_required
def portscanner():
try:
user_params = roxywi_common.get_users_params(virt=1)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
user_group = roxywi_common.get_user_group(id=1)
port_scanner_settings = sql.select_port_scanner_settings(user_group)
if not port_scanner_settings:
port_scanner_settings = ''
count_ports = ''
else:
count_ports = list()
for s in user_params['servers']:
count_ports_from_sql = sql.select_count_opened_ports(s[2])
i = (s[2], count_ports_from_sql)
count_ports.append(i)
cmd = "systemctl is-active roxy-wi-portscanner"
port_scanner, port_scanner_stderr = server_mod.subprocess_execute(cmd)
user_subscription = roxywi_common.return_user_subscription()
return render_template(
'portscanner.html', h2=1, autorefresh=0, role=user_params['role'], user=user, servers=user_params['servers'],
port_scanner_settings=port_scanner_settings, count_ports=count_ports, port_scanner=''.join(port_scanner),
port_scanner_stderr=port_scanner_stderr, user_services=user_params['user_services'], user_status=user_subscription['user_status'],
user_plan=user_subscription['user_plan'], token=user_params['token'], lang=user_params['lang']
)
@app.route('/nettools')
@login_required
@cache.cached()
def nettools():
try:
user_params = roxywi_common.get_users_params(virt=1)
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
return render_template(
'nettools.html', h2=1, autorefresh=0, role=user_params['role'], user=user_params['user'], servers=user_params['servers'],
user_services=user_params['user_services'], token=user_params['token'], lang=user_params['lang']
)
@app.route('/history/<service>/<server_ip>')
@login_required
def service_history(service, server_ip):
users = sql.select_users()
server_ip = common.checkAjaxInput(server_ip)
user_subscription = roxywi_common.return_user_subscription()
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
if service in ('haproxy', 'nginx', 'keepalived', 'apache'):
service_desc = sql.select_service(service)
if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id):
server_id = sql.select_server_id_by_ip(server_ip)
history = sql.select_action_history_by_server_id_and_service(server_id, service_desc.service)
elif service == 'server':
if roxywi_common.check_is_server_in_group(server_ip):
server_id = sql.select_server_id_by_ip(server_ip)
history = sql.select_action_history_by_server_id(server_id)
elif service == 'user':
history = sql.select_action_history_by_user_id(server_ip)
try:
sql.delete_action_history_for_period()
except Exception as e:
print(e)
return render_template(
'history.html', h2=1, role=user_params['role'], user=user, users=users, serv=server_ip, service=service,
history=history, user_services=user_params['user_services'], token=user_params['token'],
user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], lang=user_params['lang']
)
@app.route('/servers')
@login_required
def servers():
roxywi_auth.page_for_admin(level=2)
try:
user_params = roxywi_common.get_users_params()
user = user_params['user']
except Exception:
return redirect(url_for('login_page'))
ldap_enable = sql.get_setting('ldap_enable')
user_group = roxywi_common.get_user_group(id=1)
settings = sql.get_setting('', all=1)
services = sql.select_services()
gits = sql.select_gits()
servers = roxywi_common.get_dick_permit(virt=1, disable=0, only_group=1)
masters = sql.select_servers(get_master_servers=1, uuid=user_params['user_uuid'])
is_needed_tool = common.is_tool('ansible')
user_roles = sql.select_user_roles_by_group(user_group)
backups = sql.select_backups()
s3_backups = sql.select_s3_backups()
user_subscription = roxywi_common.return_user_subscription()
if user_params['lang'] == 'ru':
title = 'Сервера: '
else:
title = "Servers: "
return render_template(
'servers.html',
h2=1, title=title, role=user_params['role'], user=user, users=sql.select_users(group=user_group),
groups=sql.select_groups(), servers=servers, roles=sql.select_roles(), sshs=sql.select_ssh(group=user_group),
masters=masters, group=user_group, services=services, timezones=pytz.all_timezones, guide_me=1,
token=user_params['token'], settings=settings, backups=backups, s3_backups=s3_backups, page="servers.py",
user_services=user_params['user_services'], ldap_enable=ldap_enable,
user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], gits=gits,
is_needed_tool=is_needed_tool, lang=user_params['lang'], user_roles=user_roles
)

2
inc/users.js
View File

@ -2554,7 +2554,7 @@ function loadServices() {
}
function loadupdatehapwi() {
$.ajax({
url: "/app/server/update",
url: "/app/admin/update",
// data: {
// token: $('#token').val()
// },