Improved security
pull/19/head v1.10
Aidaho12 2018-04-05 09:34:17 +06:00
parent fa842b05fc
commit 6be408a2b3
9 changed files with 75 additions and 41 deletions

View File

@ -18,7 +18,9 @@ A simple web interface(user-frendly web GUI) for managing Haproxy servers. Leave
12. Telegram notification
# Install
Can be used as a service, or via fastaci apache + fastCGI(recommend, because it works faster), how to use the service:
Can be used as a service, or via fastaci apache + fastCGI(recommend, because it works faster).
How to use the service:
For install just dowload archive and untar somewhere:
```
@ -29,12 +31,15 @@ $ cd /opt/haproxy-wi
$ chmod +x install.sh
$ sudo ./install.sh
```
Edit listserv.py, add your HAproxy servers.
For Apache just do virtualhost with cgi-bin.
![alt text](image/7.jpeg "Overview page")
# Settings
Edit haproxy-webintarface.config with your env
Edit $HOME_HAPROXY-WI/cgi-bin/listserv.py, add your HAproxy servers.
Edit $HOME_HAPROXY-WI/cgi-bin/haproxy-webintarface.config with your env
Copy ssh key on all HAproxy servers
@ -47,7 +52,7 @@ For Runtime API enable state file on HAproxt servers and need install socat on a
```
![alt text](image/4.jpeg "View logs page")
# Start and auto start
# Start and autostart if service
```
systemctl enable haproxy-wi.service
systemctl start haproxy-wi.service

View File

@ -18,6 +18,7 @@ funct.check_login()
path_config = "haproxy-webintarface.config"
config = configparser.ConfigParser()
config.read(path_config)
funct.page_for_admin(level = 1)
haproxy_configs_server = config.get('configs', 'haproxy_configs_server')
hap_configs_dir = config.get('configs', 'haproxy_save_configs_dir')
@ -242,7 +243,7 @@ print('</select>'
'</tr>'
'<tr>'
'<td class="addButton">')
funct.mode_admin("Add Listen")
funct.get_button("Add Listen")
print('</td>'
'</tr>'
'</form>'
@ -325,7 +326,7 @@ print('</select>'
'</tr>'
'<tr>'
'<td class="addButton">')
funct.mode_admin("Add Frontend")
funct.get_button("Add Frontend")
print('</td>'
'</tr>'
'</form></table>'
@ -438,7 +439,7 @@ print('</select>'
'</tr>'
'<tr>'
'<td class="addButton">')
funct.mode_admin("Add Backend")
funct.get_button("Add Backend")
print('</td>'
'</tr>'
'</form></div></table>'

View File

@ -18,6 +18,7 @@ servNew = form.getvalue('serNew')
funct.head("Edit HAproxy config")
funct.check_config()
funct.check_login()
funct.page_for_admin(level = 1)
path_config = "haproxy-webintarface.config"
config = configparser.ConfigParser()
@ -46,7 +47,7 @@ if form.getvalue('serv') is not None and form.getvalue('open') is not None :
print('<input type="hidden" value="%s.old" name="oldconfig">' % cfg)
print('<textarea name="config" rows="35" cols="100">%s</textarea>' % conf.read())
print('<p>')
funct.mode_admin("Save and restart")
funct.get_button("Save and restart")
print('</p></form>')
conf.close

View File

@ -18,6 +18,7 @@ configver = form.getvalue('configver')
funct.head("Old Versions HAproxy config")
funct.check_config()
funct.check_login()
funct.page_for_admin(level = 1)
path_config = "haproxy-webintarface.config"
config = configparser.ConfigParser()
@ -67,7 +68,7 @@ if serv is not None and form.getvalue('open') is not None:
print('<a name="conf"></a></center>')
funct.show_config(configver)
print('<center><p>')
funct.mode_admin("Upload and restart")
funct.get_button("Upload and restart")
print('</p></form></center>')

View File

@ -18,6 +18,8 @@ config.read(path_config)
hap_configs_dir = config.get('configs', 'haproxy_save_configs_dir')
funct.page_for_admin(level = 2)
funct.chooseServer("delver.py#conf", "Delete Versions HAproxy config", "n")
if serv is not None and form.getvalue('open') is not None:
@ -40,7 +42,7 @@ if serv is not None and form.getvalue('open') is not None:
print('<input type="hidden" value="open" name="open">')
print('<input type="hidden" value="del" name="del">')
print('<p>')
funct.mode_admin("Delete", level="admin")
funct.get_button("Delete")
print('</p></form>')
Select = form.getvalue('del')

View File

@ -81,17 +81,18 @@ print('</select></td>'
'<td style="width: 30%;">'
'<select required name="servaction">'
'<option disabled selected>Choose action</option>')
print('<option value="disable" %s>Disable</option>' % selected1)
print('<option value="enable" %s>Enable</option>' % selected2)
print('<option value="set" %s>Set</option>' % selected3)
if funct.is_admin():
print('<option value="disable" %s>Disable</option>' % selected1)
print('<option value="enable" %s>Enable</option>' % selected2)
print('<option value="set" %s>Set</option>' % selected3)
print('<option value="show" %s>Show</option>' % selected4)
print('</select></td>')
print('<td><input type="text" name="servbackend" size=35 title="Frontend, backend/server, show: info, pools or help" required class="form-control" value="%s" %s>' % (backend, autofocus))
print('</td><td>'
'<input type="checkbox" name="save" title="Save changes after restart">'
'<input type="checkbox" name="save" title="Save changes after restart">'
'</td><td>')
funct.mode_admin("Enter")
funct.get_button("Enter")
print('</td></form>'
'</tr></table>')

View File

@ -62,7 +62,7 @@ def check_login(**kwargs):
role = cookie.get('role')
ref = os.environ.get("SCRIPT_NAME")
if kwargs.get("admins_area") == "1" and role.value != "admin":
if kwargs.get("admins_area") == "1" and role.value != "2":
print('<meta http-equiv="refresh" content="0; url=/">')
if login is None:
@ -77,31 +77,45 @@ def show_login_links():
else:
print('<li><a href=/cgi-bin/login.py?logout=logout title="Logout, user name: %s">Logout</a></li>' % login.value)
def is_admin():
def is_admin(**kwargs):
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
role = cookie.get('role')
role = cookie.get('role')
level = kwargs.get("level")
if role is None:
role = 0
else:
role = int(role.value)
if level is None:
level = 2
try:
if role.value == "admin":
if level <= role:
return True
else:
return False
except:
return False
pass
def mode_admin(button, **kwargs):
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
role = cookie.get('role')
level = kwargs.get("level")
if level is None:
level = "editor"
def page_for_admin(**kwargs):
give_level = kwargs.get("level")
if give_level is None:
give_level = 1
if not is_admin(level = give_level):
print('<center><h3 style="color: red">How did you get here?! O_o You do not have need permissions</h>')
print('<meta http-equiv="refresh" content="10; url=/">')
import sys
sys.exit()
if role.value == "admin" and level == "admin":
print('<button type="submit" class="btn btn-default">%s</button>' % button)
elif role.value == "admin" or role.value == "editor" and level == "editor":
print('<button type="submit" class="btn btn-default">%s</button>' % button)
def get_button(button, **kwargs):
value = kwargs.get("value")
if value is None:
value = ""
print('<button type="submit" value="%s" name="%s" class="btn btn-default">%s</button>' % (value, value, button))
def head(title):
print('Content-type: text/html\n')
@ -155,20 +169,22 @@ def links():
'<li><a href="#">Configs</a>'
'<ul>'
'<li><a href=/cgi-bin/configshow.py title="Show Config">Show</a></li> '
'<li><a href=/cgi-bin/diff.py title="Compare Configs">Compare</a></li>'
'<li><a href=/cgi-bin/add.py#listner title="Add single listen">Add listen</a></li>'
'<li><a href=/cgi-bin/diff.py title="Compare Configs">Compare</a></li>')
if is_admin(level = 1):
print('<li><a href=/cgi-bin/add.py#listner title="Add single listen">Add listen</a></li>'
'<li><a href=/cgi-bin/add.py#frontend title="Add single frontend">Add frontend</a></li>'
'<li><a href=/cgi-bin/add.py#backend title="Add single backend">Add backend</a></li>'
'<li><a href=/cgi-bin/config.py title="Edit Config">Edit</a> </li>'
'</ul>'
'</li>'
'<li><a href="#">Versions</a>'
'<li><a href=/cgi-bin/config.py title="Edit Config">Edit</a> </li>')
print('</ul></li>')
if is_admin(level = 1):
print('<li><a href="#">Versions</a>'
'<ul>'
'<li><a href=/cgi-bin/configver.py title="Upload old versions configs">Upload</a></li>')
if is_admin():
print('<li><a href=/cgi-bin/delver.py title="Delete old versions configs">Delete</a></li>')
print('</ul>'
'</li>')
if is_admin(level = 1):
print('</ul>'
'</li>')
show_login_links()
print('</ul>'
'</nav>')
@ -450,7 +466,8 @@ def chooseServer(formName, title, note):
choose_only_select(serv, servNew=servNew)
print('</select>')
print('<button type="submit" value="open" name="open" class="btn btn-default">Open</button></p></form>')
get_button("Open", value="open")
print('</p></form>')
if note == "y":
print('<p><b>Note:</b> If you reconfigure First server, second will reconfigured automatically</p>')

View File

@ -52,11 +52,17 @@ if login is not None and password is not None:
for f in open(USERS, 'r'):
users = json.loads(f)
if login in users['login'] and password == users['password']:
if users['role'] == "admin":
role = 2
elif users['role'] == "editor":
role = 1
else:
role = 0
c = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
c["login"] = login
c["login"]["path"] = "/cgi-bin/"
c["login"]["expires"] = "Wed May 18 03:33:20 2033"
c["role"] = users['role']
c["role"] = role
c["role"]["path"] = "/cgi-bin/"
c["role"]["expires"] = "Wed May 18 03:33:20 2033"
c["group"] = users['group']

View File

@ -24,7 +24,7 @@
<a href="cgi-bin/configver.py" title="Upload old config">Upload old config</a> <br />
<a href="cgi-bin/delver.py" title="Upload old config">Delete old config</a> <br />
<div class="copyright">
HAproxy Web Interface v1.9.1
HAproxy Web Interface v1.10
</div>
</div>
</body>