From 6aaeeef565f03e39e850205e95b646176a64d1c4 Mon Sep 17 00:00:00 2001 From: Aidaho Date: Tue, 3 Oct 2023 22:56:34 +0300 Subject: [PATCH] v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 --- app/.htaccess | 2 -- app/login.py | 2 +- app/modules/config/config.py | 6 +++--- app/modules/db/sql.py | 19 ++++++++++++++----- app/modules/roxywi/auth.py | 2 +- app/modules/roxywi/user.py | 21 ++++++++++++++++----- app/routes/config/routes.py | 26 +++++++++++++++++++++++--- app/routes/main/routes.py | 2 +- app/routes/metric/routes.py | 27 +++++++++++++++------------ app/routes/service/routes.py | 11 +++++------ app/routes/smon/routes.py | 4 ++-- app/routes/user/routes.py | 3 ++- app/routes/waf/routes.py | 2 +- app/templates/ajax/overviewWaf.html | 2 +- app/templates/base.html | 8 ++++---- inc/css/style-6.3.9.css | 14 +++++++------- inc/script.js | 17 +++++++---------- 17 files changed, 103 insertions(+), 65 deletions(-) delete mode 100644 app/.htaccess diff --git a/app/.htaccess b/app/.htaccess deleted file mode 100644 index 60013d4e..00000000 --- a/app/.htaccess +++ /dev/null @@ -1,2 +0,0 @@ -ErrorDocument 404 /app/templates/404.html -ErrorDocument 500 /app/templates/500.html \ No newline at end of file diff --git a/app/login.py b/app/login.py index 363bbd7f..5b85dd01 100644 --- a/app/login.py +++ b/app/login.py @@ -1,4 +1,4 @@ -from flask import render_template, request, redirect, url_for, flash, make_response +from flask import render_template, request, redirect, url_for, make_response from flask_login import login_required, logout_user, current_user from app import app, login_manager, cache diff --git a/app/modules/config/config.py b/app/modules/config/config.py index 99ffb0bf..4cc970eb 100644 --- a/app/modules/config/config.py +++ b/app/modules/config/config.py @@ -109,7 +109,7 @@ def upload_and_restart(server_ip: str, cfg: str, just_save: str, service: str, * try: service_common.is_not_allowed_to_restart(server_id, service) except Exception as e: - return str(e) + return f'error: Cannot check is this service allowed to be restarted: {e}' action = 'restart' reload_or_restart_command = restart_command @@ -262,13 +262,13 @@ def master_slave_upload_and_restart(server_ip, cfg, just_save, service, **kwargs ) slave_output += f'
slave_server:\n{slv_output}' except Exception as e: - return f'{e}' + return f'error: {e}' try: output = upload_and_restart( server_ip, cfg, just_save, service, waf=waf, config_file_name=config_file_name, oldcfg=oldcfg, login=login ) except Exception as e: - return f'{e}' + return f'error: {e}' output = server_name + ':\n' + output output = output + slave_output diff --git a/app/modules/db/sql.py b/app/modules/db/sql.py index d61968ef..ca25a37d 100755 --- a/app/modules/db/sql.py +++ b/app/modules/db/sql.py @@ -136,6 +136,17 @@ def update_user_current_groups(groups, user_uuid): return True +def update_user_current_groups_by_id(groups, user_id): + try: + user_update = User.update(groups=groups).where(User.user_id == user_id) + user_update.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + def update_user_password(password, user_id): try: hashed_pass = roxy_wi_tools.Tools.get_hash(password) @@ -751,11 +762,9 @@ def get_user_name_by_uuid(uuid): def get_user_id(user_id: int) -> int: try: - query = User.get(User.user_id == user_id) + return User.get(User.user_id == user_id) except Exception as e: out_error(e) - else: - return query def get_user_id_by_uuid(uuid): @@ -3452,7 +3461,7 @@ def select_restart_services_settings(service: str) -> str: return query_res -def select_service_setting(server_id: int, service: str, setting: str) -> str: +def select_service_setting(server_id: int, service: str, setting: str) -> int: try: result = ServiceSetting.get( (ServiceSetting.server_id == server_id) @@ -3460,7 +3469,7 @@ def select_service_setting(server_id: int, service: str, setting: str) -> str: & (ServiceSetting.setting == setting) ).value except Exception: - pass + return 0 else: return result diff --git a/app/modules/roxywi/auth.py b/app/modules/roxywi/auth.py index d1d1d5c5..2137502c 100644 --- a/app/modules/roxywi/auth.py +++ b/app/modules/roxywi/auth.py @@ -97,7 +97,7 @@ def check_in_ldap(user, password): if type(e.message) == dict and 'desc' in e.message: raise Exception(f'error: {e.message["desc"]}') else: - raise Exception (f'error: {e}') + raise Exception(f'error: {e}') else: return True diff --git a/app/modules/roxywi/user.py b/app/modules/roxywi/user.py index 9a013a45..3efb112e 100644 --- a/app/modules/roxywi/user.py +++ b/app/modules/roxywi/user.py @@ -1,6 +1,6 @@ import os -from flask import render_template +from flask import render_template, request, make_response import modules.db.sql as sql import modules.roxywi.common as roxywi_common @@ -119,7 +119,15 @@ def show_user_groups_and_roles(user_id: int, lang: str) -> None: return render_template('ajax/user_groups_and_roles.html', groups=groups, user_groups=user_groups, roles=roles, lang=lang) -def save_user_group_and_role(user: str, groups_and_roles: str) -> str: +def is_current_user(user_id: int, user_uuid: str) -> bool: + current_user_id = sql.get_user_id_by_uuid(user_uuid) + if current_user_id == user_id: + return True + return False + + +def save_user_group_and_role(user: str, groups_and_roles: str, user_uuid: str) -> str: + resp = make_response('ok') for k, v in groups_and_roles.items(): user_id = int(k) if not sql.delete_user_groups(user_id): @@ -127,14 +135,17 @@ def save_user_group_and_role(user: str, groups_and_roles: str) -> str: for k2, v2 in v.items(): group_id = int(k2) role_id = int(v2['role_id']) + if len(v) == 1: + sql.update_user_current_groups_by_id(group_id, user_id) + if is_current_user(user_id, user_uuid): + resp.set_cookie('group', str(group_id), secure=True) try: sql.update_user_role(user_id, group_id, role_id) except Exception as e: - print(e) - break + raise Exception(f'error: Cannot update groups: {e}') else: roxywi_common.logging('Roxy-WI server', f'Groups and roles have been updated for user: {user}', roxywi=1, login=1) - return 'ok' + return resp def get_ldap_email(username) -> str: diff --git a/app/routes/config/routes.py b/app/routes/config/routes.py index b619df42..ed31ade0 100644 --- a/app/routes/config/routes.py +++ b/app/routes/config/routes.py @@ -1,6 +1,7 @@ import os +from functools import wraps -from flask import render_template, request, redirect, url_for +from flask import render_template, request, redirect, url_for, abort from flask_login import login_required from app.routes.config import bp @@ -19,6 +20,16 @@ time_zone = sql.get_setting('time_zone') get_date = roxy_wi_tools.GetDate(time_zone) +def check_services(fn): + @wraps(fn) + def decorated_view(*args, **kwargs): + service = kwargs['service'] + if service not in ('haproxy', 'nginx', 'apache', 'keepalived'): + abort(400, 'bad service') + return fn(*args, **kwargs) + return decorated_view + + @bp.before_request @login_required def before_request(): @@ -27,6 +38,7 @@ def before_request(): @bp.route('//show', methods=['POST']) +@check_services def show_config(service): config_file_name = request.form.get('config_file_name') configver = request.form.get('configver') @@ -36,6 +48,7 @@ def show_config(service): @bp.route('//show-files', methods=['POST']) +@check_services def show_config_files(service): server_ip = request.form.get('serv') config_file_name = request.form.get('config_file_name') @@ -44,6 +57,7 @@ def show_config_files(service): @bp.route('//find-in-config', methods=['POST']) +@check_services def find_in_config(service): server_ip = common.is_ip_or_dns(request.form.get('serv')) finding_words = request.form.get('words') @@ -69,6 +83,7 @@ def find_in_config(service): @bp.route('///show-files', defaults={'edit': None, 'config_file_name': None, 'new': None}, methods=['GET', 'POST']) @bp.route('////', defaults={'new': None}, methods=['GET', 'POST']) @bp.route('/////', methods=['GET', 'POST']) +@check_services def config(service, serv, edit, config_file_name, new): config_read = "" cfg = "" @@ -134,6 +149,7 @@ def config(service, serv, edit, config_file_name, new): @bp.route('///save', methods=['POST']) +@check_services def save_config(service, server_ip): try: user_params = roxywi_common.get_users_params() @@ -143,8 +159,7 @@ def save_config(service, server_ip): roxywi_common.check_is_server_in_group(server_ip) service_desc = sql.select_service(service) - is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], - service=service_desc.service_id) + is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id) if is_redirect != 'ok': return redirect(url_for(f'{is_redirect}')) @@ -185,6 +200,7 @@ def save_config(service, server_ip): @bp.route('/versions/', defaults={'server_ip': None}, methods=['GET', 'POST']) @bp.route('/versions//', methods=['GET', 'POST']) +@check_services def versions(service, server_ip): roxywi_auth.page_for_admin(level=3) aftersave = '' @@ -237,6 +253,7 @@ def versions(service, server_ip): @bp.route('/version//list', methods=['POST']) +@check_services def list_of_version(service): server_ip = common.is_ip_or_dns(request.form.get('serv')) configver = common.checkAjaxInput(request.form.get('configver')) @@ -247,6 +264,7 @@ def list_of_version(service): @bp.route('/versions///', defaults={'save': None}, methods=['GET', 'POST']) @bp.route('/versions////save', defaults={'save': 1}, methods=['GET', 'POST']) +@check_services def show_version(service, server_ip, configver, save): roxywi_auth.page_for_admin(level=3) @@ -438,11 +456,13 @@ def show_compare_config(service, serv): @bp.route('/compare///files') +@check_services def show_configs_for_compare(service, server_ip): return config_mod.show_compare_config(server_ip, service) @bp.route('/compare///show', methods=['POST']) +@check_services def show_compare(service, server_ip): left = common.checkAjaxInput(request.form.get('left')) right = common.checkAjaxInput(request.form.get('right')) diff --git a/app/routes/main/routes.py b/app/routes/main/routes.py index acbd0266..8c36406c 100644 --- a/app/routes/main/routes.py +++ b/app/routes/main/routes.py @@ -144,7 +144,7 @@ def service_history(service, server_ip): print(e) return render_template( - 'history.html', h2=1, role=user_params['role'], user=user, users=users, serv=server_ip, service=service, + 'history.html', role=user_params['role'], user=user, users=users, serv=server_ip, service=service, history=history, user_services=user_params['user_services'], token=user_params['token'], user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], lang=user_params['lang'] ) diff --git a/app/routes/metric/routes.py b/app/routes/metric/routes.py index 9f0c03bc..46276494 100644 --- a/app/routes/metric/routes.py +++ b/app/routes/metric/routes.py @@ -28,6 +28,7 @@ def metrics(service): service_desc = sql.select_service(service) roxywi_common.check_user_group_for_flask() + servers = '' is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id) @@ -41,26 +42,28 @@ def metrics(service): cmd = "rpm -q roxy-wi-metrics-* |awk -F\"metrics\" '{print $2}' |awk -F\".noa\" '{print $1}' |sed 's/-//1' |sed 's/-/./'" service_ver, stderr = server_mod.subprocess_execute(cmd) services = '0' - if not stderr: - if service_ver[0] == ' is not installed' or service_ver == '': - servers = '' - else: - services = '1' - if service == 'nginx': - user_params['servers'] = sql.select_nginx_servers_metrics_for_master() - elif service == 'apache': - user_params['servers'] = sql.select_apache_servers_metrics_for_master() + if len(service_ver) > 0: + if service_ver[0] == ' is not installed': + servers = '' else: - group_id = roxywi_common.get_user_group(id=1) - user_params['servers'] = sql.select_servers_metrics(group_id) + services = '1' + if service == 'nginx': + servers = sql.select_nginx_servers_metrics_for_master() + elif service == 'apache': + servers = sql.select_apache_servers_metrics_for_master() + else: + group_id = roxywi_common.get_user_group(id=1) + servers = sql.select_servers_metrics(group_id) + else: + servers = '' except Exception as e: return f'error: on Metrics page: {e}', 500 user_subscription = roxywi_common.return_user_subscription() return render_template( - 'metrics.html', h2=1, autorefresh=1, role=user_params['role'], user=user, servers=user_params['servers'], + 'metrics.html', autorefresh=1, role=user_params['role'], user=user, servers=servers, services=services, user_services=user_params['user_services'], service=service, user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], token=user_params['token'], lang=user_params['lang'], service_desc=service_desc diff --git a/app/routes/service/routes.py b/app/routes/service/routes.py index 5bff293b..39677435 100644 --- a/app/routes/service/routes.py +++ b/app/routes/service/routes.py @@ -44,13 +44,14 @@ def services(service, serv): return redirect(url_for('login_page')) services = [] - servers: object + service_desc = sql.select_service(service) + servers = roxywi_common.get_dick_permit(virt=1, service=service_desc.slug) + if len(servers) == 1: + serv = servers[0][2] autorefresh = 0 waf_server = '' cmd = "ps ax |grep -e 'keep_alive.py' |grep -v grep |wc -l" keep_alive, stderr = server_mod.subprocess_execute(cmd) - - service_desc = sql.select_service(service) is_redirect = roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id) if is_redirect != 'ok': @@ -67,7 +68,7 @@ def services(service, serv): else: raise Exception('error: wrong group') else: - servers = roxywi_common.get_dick_permit(virt=1, service=service_desc.slug) + docker_settings = sql.select_docker_services_settings(service_desc.slug) restart_settings = sql.select_restart_services_settings(service_desc.slug) @@ -90,8 +91,6 @@ def services(service, serv): haproxy_sock_port = sql.get_setting('haproxy_sock_port') servers_with_status1 = [] out1 = '' - if len(servers) == 1: - serv = servers[0][2] for s in servers: servers_with_status = list() servers_with_status.append(s[0]) diff --git a/app/routes/smon/routes.py b/app/routes/smon/routes.py index 3332f8eb..695d4463 100644 --- a/app/routes/smon/routes.py +++ b/app/routes/smon/routes.py @@ -79,7 +79,7 @@ def smon_dashboard(dashboard_id, check_id): cert_day_diff = (ssl_expire_date - present).days return render_template( - 'include/smon/smon_history.html', h2=1, autorefresh=1, role=user_params['role'], user=user, smon=smon, + 'include/smon/smon_history.html', autorefresh=1, role=user_params['role'], user=user, smon=smon, lang=user_params['lang'], user_status=user_subscription['user_status'], check_interval=check_interval, user_plan=user_subscription['user_plan'], token=user_params['token'], uptime=uptime, avg_res_time=avg_res_time, user_services=user_params['user_services'], smon_name=smon_name, cert_day_diff=cert_day_diff, check_id=check_id, @@ -103,7 +103,7 @@ def smon_history(): return redirect(url_for('login_page')) return render_template( - 'smon/history.html', autorefresh=0, role=user_params['role'], user=user, smon=smon, lang=user_params['lang'], + 'smon/history.html', autorefresh=0, role=user_params['role'], user=user, smon=smon, lang=user_params['lang'], user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], token=user_params['token'], smon_status=smon_status, smon_error=stderr, user_services=user_params['user_services'] ) diff --git a/app/routes/user/routes.py b/app/routes/user/routes.py index 027829a8..75658479 100644 --- a/app/routes/user/routes.py +++ b/app/routes/user/routes.py @@ -138,8 +138,9 @@ def show_user_groups_and_roles(user_id): def change_user_groups_and_roles(): user = common.checkAjaxInput(request.form.get('changeUserGroupsUser')) groups_and_roles = json.loads(request.form.get('jsonDatas')) + user_uuid = request.cookies.get('uuid') - return roxywi_user.save_user_group_and_role(user, groups_and_roles) + return roxywi_user.save_user_group_and_role(user, groups_and_roles, user_uuid) @bp.route('/group/name/') diff --git a/app/routes/waf/routes.py b/app/routes/waf/routes.py index 6be3975c..a3ea9103 100644 --- a/app/routes/waf/routes.py +++ b/app/routes/waf/routes.py @@ -50,7 +50,7 @@ def waf(service): autorefresh = 1 return render_template( - 'waf.html', title=title, autorefresh=autorefresh, role=user_params['role'], user=user_params['user'], serv=serv, + 'waf.html', title=title, autorefresh=autorefresh, role=user_params['role'], user=user_params['user'], serv=serv, servers=servers_waf, servers_all=servers, manage_rules=manage_rules, rules=rules, user_services=user_params['user_services'], waf_rule_file=waf_rule_file, waf_rule_id=waf_rule_id, config=config_read, cfg=cfg, token=user_params['token'], config_file_name=config_file_name, service=service, diff --git a/app/templates/ajax/overviewWaf.html b/app/templates/ajax/overviewWaf.html index c544c11f..fd319557 100644 --- a/app/templates/ajax/overviewWaf.html +++ b/app/templates/ajax/overviewWaf.html @@ -75,7 +75,7 @@ {% if waf_service == 'haproxy' %} {{lang.words.view|title()}} {% elif waf_service == 'nginx' %} - {{lang.words.view|title()}} + {{lang.words.view|title()}} {% endif %} diff --git a/app/templates/base.html b/app/templates/base.html index 694e4361..4e07064b 100644 --- a/app/templates/base.html +++ b/app/templates/base.html @@ -67,6 +67,7 @@ + {% if user %}
@@ -80,7 +81,6 @@ @@ -264,7 +263,7 @@
{% endif %} -
    +
      {% if role %} {% if role <= 2 %} {% endif %} {% endif %} + {% endif %} {% block content %}{% endblock %}
      diff --git a/inc/css/style-6.3.9.css b/inc/css/style-6.3.9.css index 3c9474d8..a95bb7f6 100644 --- a/inc/css/style-6.3.9.css +++ b/inc/css/style-6.3.9.css @@ -41,7 +41,7 @@ h3 { border-bottom: 1px solid #ddd; padding: 0.3em 0.3em 0.3em 13px; } -ul#browse_histroy { +ul#browse_history { padding-left: 12px; display: block; margin-top: 3px; @@ -51,29 +51,29 @@ ul#browse_histroy { padding-bottom: 5px; clear: both; } -ul#browse_histroy li { +ul#browse_history li { display: inline; } -ul#browse_histroy li:before { +ul#browse_history li:before { content: "/"; color: #767676; margin: 0 5px 0px 5px; } -ul#browse_histroy li+li:before { +ul#browse_history li+li:before { content: "->"; color: #767676; margin: 0 5px 0px 5px; } -#browse_histroy a { +#browse_history a { color: #767676; font-size: 11.1px; font-weight: bold; } -ul#browse_histroy li:first-child a { +ul#browse_history li:first-child a { font-size: 10.4px; color: #979393; } -ul#browse_histroy li:last-child a { +ul#browse_history li:last-child a { font-size: 11.8px; color: #7e7b7b; } diff --git a/inc/script.js b/inc/script.js index 3128d6e5..1fa5d266 100644 --- a/inc/script.js +++ b/inc/script.js @@ -211,7 +211,7 @@ function autoRefreshStyle(autoRefresh) { $('.auto-refresh-resume').css('display', 'none'); $('.auto-refresh-pause').css('margin-left', "-25px"); $('.auto-refresh-resume').css('margin-left', "-25px"); - $('#browse_histroy').css("border-bottom", "none"); + $('#browse_history').css("border-bottom", "none"); $('.auto-refresh img').remove(); } function setRefreshInterval(interval) { @@ -1206,6 +1206,7 @@ function listHistroy() { var history_link = ''; var title = [] var link_text = [] + var cur_path = window.location.pathname; for(let i = 0; i < browse_history.length; i++){ if (i == 0) { browse_history[0] = browse_history[1]; @@ -1214,28 +1215,24 @@ function listHistroy() { browse_history[1] = browse_history[2] } if (i == 2) { - if(cur_url[1] !== undefined) { - browse_history[2] = cur_url[0] + '/' + cur_url[1] - } else { - browse_history[2] = cur_url[0] - } + browse_history[2] = cur_path } $( function() { $('.menu li ul li').each(function () { var link1 = $(this).find('a').attr('href'); - if (browse_history[i] == link1) { + if (browse_history[i].replace(/\/$/, "") == link1) { title[i] = $(this).find('a').attr('title'); link_text[i] = $(this).find('a').text(); history_link = '
    • '+link_text[i]+'
      • ' - $('#browse_histroy').append(history_link); + $('#browse_history').append(history_link); } }); }); } localStorage.setItem('history', JSON.stringify(browse_history)); } -createHistroy() -listHistroy() +createHistroy(); +listHistroy(); function changeCurrentGroupF() { Cookies.remove('group');