Improved security
pull/19/head v1.10
Aidaho12 2018-04-05 09:34:17 +06:00
parent fa842b05fc
commit 6be408a2b3
9 changed files with 75 additions and 41 deletions

View File

@ -18,7 +18,9 @@ A simple web interface(user-frendly web GUI) for managing Haproxy servers. Leave
12. Telegram notification 12. Telegram notification
# Install # Install
Can be used as a service, or via fastaci apache + fastCGI(recommend, because it works faster), how to use the service: Can be used as a service, or via fastaci apache + fastCGI(recommend, because it works faster).
How to use the service:
For install just dowload archive and untar somewhere: For install just dowload archive and untar somewhere:
``` ```
@ -29,12 +31,15 @@ $ cd /opt/haproxy-wi
$ chmod +x install.sh $ chmod +x install.sh
$ sudo ./install.sh $ sudo ./install.sh
``` ```
Edit listserv.py, add your HAproxy servers.
For Apache just do virtualhost with cgi-bin.
![alt text](image/7.jpeg "Overview page") ![alt text](image/7.jpeg "Overview page")
# Settings # Settings
Edit haproxy-webintarface.config with your env Edit $HOME_HAPROXY-WI/cgi-bin/listserv.py, add your HAproxy servers.
Edit $HOME_HAPROXY-WI/cgi-bin/haproxy-webintarface.config with your env
Copy ssh key on all HAproxy servers Copy ssh key on all HAproxy servers
@ -47,7 +52,7 @@ For Runtime API enable state file on HAproxt servers and need install socat on a
``` ```
![alt text](image/4.jpeg "View logs page") ![alt text](image/4.jpeg "View logs page")
# Start and auto start # Start and autostart if service
``` ```
systemctl enable haproxy-wi.service systemctl enable haproxy-wi.service
systemctl start haproxy-wi.service systemctl start haproxy-wi.service

View File

@ -18,6 +18,7 @@ funct.check_login()
path_config = "haproxy-webintarface.config" path_config = "haproxy-webintarface.config"
config = configparser.ConfigParser() config = configparser.ConfigParser()
config.read(path_config) config.read(path_config)
funct.page_for_admin(level = 1)
haproxy_configs_server = config.get('configs', 'haproxy_configs_server') haproxy_configs_server = config.get('configs', 'haproxy_configs_server')
hap_configs_dir = config.get('configs', 'haproxy_save_configs_dir') hap_configs_dir = config.get('configs', 'haproxy_save_configs_dir')
@ -242,7 +243,7 @@ print('</select>'
'</tr>' '</tr>'
'<tr>' '<tr>'
'<td class="addButton">') '<td class="addButton">')
funct.mode_admin("Add Listen") funct.get_button("Add Listen")
print('</td>' print('</td>'
'</tr>' '</tr>'
'</form>' '</form>'
@ -325,7 +326,7 @@ print('</select>'
'</tr>' '</tr>'
'<tr>' '<tr>'
'<td class="addButton">') '<td class="addButton">')
funct.mode_admin("Add Frontend") funct.get_button("Add Frontend")
print('</td>' print('</td>'
'</tr>' '</tr>'
'</form></table>' '</form></table>'
@ -438,7 +439,7 @@ print('</select>'
'</tr>' '</tr>'
'<tr>' '<tr>'
'<td class="addButton">') '<td class="addButton">')
funct.mode_admin("Add Backend") funct.get_button("Add Backend")
print('</td>' print('</td>'
'</tr>' '</tr>'
'</form></div></table>' '</form></div></table>'

View File

@ -18,6 +18,7 @@ servNew = form.getvalue('serNew')
funct.head("Edit HAproxy config") funct.head("Edit HAproxy config")
funct.check_config() funct.check_config()
funct.check_login() funct.check_login()
funct.page_for_admin(level = 1)
path_config = "haproxy-webintarface.config" path_config = "haproxy-webintarface.config"
config = configparser.ConfigParser() config = configparser.ConfigParser()
@ -46,7 +47,7 @@ if form.getvalue('serv') is not None and form.getvalue('open') is not None :
print('<input type="hidden" value="%s.old" name="oldconfig">' % cfg) print('<input type="hidden" value="%s.old" name="oldconfig">' % cfg)
print('<textarea name="config" rows="35" cols="100">%s</textarea>' % conf.read()) print('<textarea name="config" rows="35" cols="100">%s</textarea>' % conf.read())
print('<p>') print('<p>')
funct.mode_admin("Save and restart") funct.get_button("Save and restart")
print('</p></form>') print('</p></form>')
conf.close conf.close

View File

@ -18,6 +18,7 @@ configver = form.getvalue('configver')
funct.head("Old Versions HAproxy config") funct.head("Old Versions HAproxy config")
funct.check_config() funct.check_config()
funct.check_login() funct.check_login()
funct.page_for_admin(level = 1)
path_config = "haproxy-webintarface.config" path_config = "haproxy-webintarface.config"
config = configparser.ConfigParser() config = configparser.ConfigParser()
@ -67,7 +68,7 @@ if serv is not None and form.getvalue('open') is not None:
print('<a name="conf"></a></center>') print('<a name="conf"></a></center>')
funct.show_config(configver) funct.show_config(configver)
print('<center><p>') print('<center><p>')
funct.mode_admin("Upload and restart") funct.get_button("Upload and restart")
print('</p></form></center>') print('</p></form></center>')

View File

@ -18,6 +18,8 @@ config.read(path_config)
hap_configs_dir = config.get('configs', 'haproxy_save_configs_dir') hap_configs_dir = config.get('configs', 'haproxy_save_configs_dir')
funct.page_for_admin(level = 2)
funct.chooseServer("delver.py#conf", "Delete Versions HAproxy config", "n") funct.chooseServer("delver.py#conf", "Delete Versions HAproxy config", "n")
if serv is not None and form.getvalue('open') is not None: if serv is not None and form.getvalue('open') is not None:
@ -40,7 +42,7 @@ if serv is not None and form.getvalue('open') is not None:
print('<input type="hidden" value="open" name="open">') print('<input type="hidden" value="open" name="open">')
print('<input type="hidden" value="del" name="del">') print('<input type="hidden" value="del" name="del">')
print('<p>') print('<p>')
funct.mode_admin("Delete", level="admin") funct.get_button("Delete")
print('</p></form>') print('</p></form>')
Select = form.getvalue('del') Select = form.getvalue('del')

View File

@ -81,17 +81,18 @@ print('</select></td>'
'<td style="width: 30%;">' '<td style="width: 30%;">'
'<select required name="servaction">' '<select required name="servaction">'
'<option disabled selected>Choose action</option>') '<option disabled selected>Choose action</option>')
print('<option value="disable" %s>Disable</option>' % selected1) if funct.is_admin():
print('<option value="enable" %s>Enable</option>' % selected2) print('<option value="disable" %s>Disable</option>' % selected1)
print('<option value="set" %s>Set</option>' % selected3) print('<option value="enable" %s>Enable</option>' % selected2)
print('<option value="set" %s>Set</option>' % selected3)
print('<option value="show" %s>Show</option>' % selected4) print('<option value="show" %s>Show</option>' % selected4)
print('</select></td>') print('</select></td>')
print('<td><input type="text" name="servbackend" size=35 title="Frontend, backend/server, show: info, pools or help" required class="form-control" value="%s" %s>' % (backend, autofocus)) print('<td><input type="text" name="servbackend" size=35 title="Frontend, backend/server, show: info, pools or help" required class="form-control" value="%s" %s>' % (backend, autofocus))
print('</td><td>' print('</td><td>'
'<input type="checkbox" name="save" title="Save changes after restart">' '<input type="checkbox" name="save" title="Save changes after restart">'
'</td><td>') '</td><td>')
funct.mode_admin("Enter") funct.get_button("Enter")
print('</td></form>' print('</td></form>'
'</tr></table>') '</tr></table>')

View File

@ -62,7 +62,7 @@ def check_login(**kwargs):
role = cookie.get('role') role = cookie.get('role')
ref = os.environ.get("SCRIPT_NAME") ref = os.environ.get("SCRIPT_NAME")
if kwargs.get("admins_area") == "1" and role.value != "admin": if kwargs.get("admins_area") == "1" and role.value != "2":
print('<meta http-equiv="refresh" content="0; url=/">') print('<meta http-equiv="refresh" content="0; url=/">')
if login is None: if login is None:
@ -77,31 +77,45 @@ def show_login_links():
else: else:
print('<li><a href=/cgi-bin/login.py?logout=logout title="Logout, user name: %s">Logout</a></li>' % login.value) print('<li><a href=/cgi-bin/login.py?logout=logout title="Logout, user name: %s">Logout</a></li>' % login.value)
def is_admin(): def is_admin(**kwargs):
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
role = cookie.get('role') role = cookie.get('role')
level = kwargs.get("level")
if role is None:
role = 0
else:
role = int(role.value)
if level is None:
level = 2
try: try:
if role.value == "admin": if level <= role:
return True return True
else: else:
return False return False
except: except:
return False return False
pass pass
def mode_admin(button, **kwargs):
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
role = cookie.get('role')
level = kwargs.get("level")
if level is None: def page_for_admin(**kwargs):
level = "editor" give_level = kwargs.get("level")
if give_level is None:
give_level = 1
if not is_admin(level = give_level):
print('<center><h3 style="color: red">How did you get here?! O_o You do not have need permissions</h>')
print('<meta http-equiv="refresh" content="10; url=/">')
import sys
sys.exit()
if role.value == "admin" and level == "admin": def get_button(button, **kwargs):
print('<button type="submit" class="btn btn-default">%s</button>' % button) value = kwargs.get("value")
elif role.value == "admin" or role.value == "editor" and level == "editor": if value is None:
print('<button type="submit" class="btn btn-default">%s</button>' % button) value = ""
print('<button type="submit" value="%s" name="%s" class="btn btn-default">%s</button>' % (value, value, button))
def head(title): def head(title):
print('Content-type: text/html\n') print('Content-type: text/html\n')
@ -155,20 +169,22 @@ def links():
'<li><a href="#">Configs</a>' '<li><a href="#">Configs</a>'
'<ul>' '<ul>'
'<li><a href=/cgi-bin/configshow.py title="Show Config">Show</a></li> ' '<li><a href=/cgi-bin/configshow.py title="Show Config">Show</a></li> '
'<li><a href=/cgi-bin/diff.py title="Compare Configs">Compare</a></li>' '<li><a href=/cgi-bin/diff.py title="Compare Configs">Compare</a></li>')
'<li><a href=/cgi-bin/add.py#listner title="Add single listen">Add listen</a></li>' if is_admin(level = 1):
print('<li><a href=/cgi-bin/add.py#listner title="Add single listen">Add listen</a></li>'
'<li><a href=/cgi-bin/add.py#frontend title="Add single frontend">Add frontend</a></li>' '<li><a href=/cgi-bin/add.py#frontend title="Add single frontend">Add frontend</a></li>'
'<li><a href=/cgi-bin/add.py#backend title="Add single backend">Add backend</a></li>' '<li><a href=/cgi-bin/add.py#backend title="Add single backend">Add backend</a></li>'
'<li><a href=/cgi-bin/config.py title="Edit Config">Edit</a> </li>' '<li><a href=/cgi-bin/config.py title="Edit Config">Edit</a> </li>')
'</ul>' print('</ul></li>')
'</li>' if is_admin(level = 1):
'<li><a href="#">Versions</a>' print('<li><a href="#">Versions</a>'
'<ul>' '<ul>'
'<li><a href=/cgi-bin/configver.py title="Upload old versions configs">Upload</a></li>') '<li><a href=/cgi-bin/configver.py title="Upload old versions configs">Upload</a></li>')
if is_admin(): if is_admin():
print('<li><a href=/cgi-bin/delver.py title="Delete old versions configs">Delete</a></li>') print('<li><a href=/cgi-bin/delver.py title="Delete old versions configs">Delete</a></li>')
print('</ul>' if is_admin(level = 1):
'</li>') print('</ul>'
'</li>')
show_login_links() show_login_links()
print('</ul>' print('</ul>'
'</nav>') '</nav>')
@ -450,7 +466,8 @@ def chooseServer(formName, title, note):
choose_only_select(serv, servNew=servNew) choose_only_select(serv, servNew=servNew)
print('</select>') print('</select>')
print('<button type="submit" value="open" name="open" class="btn btn-default">Open</button></p></form>') get_button("Open", value="open")
print('</p></form>')
if note == "y": if note == "y":
print('<p><b>Note:</b> If you reconfigure First server, second will reconfigured automatically</p>') print('<p><b>Note:</b> If you reconfigure First server, second will reconfigured automatically</p>')

View File

@ -52,11 +52,17 @@ if login is not None and password is not None:
for f in open(USERS, 'r'): for f in open(USERS, 'r'):
users = json.loads(f) users = json.loads(f)
if login in users['login'] and password == users['password']: if login in users['login'] and password == users['password']:
if users['role'] == "admin":
role = 2
elif users['role'] == "editor":
role = 1
else:
role = 0
c = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) c = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
c["login"] = login c["login"] = login
c["login"]["path"] = "/cgi-bin/" c["login"]["path"] = "/cgi-bin/"
c["login"]["expires"] = "Wed May 18 03:33:20 2033" c["login"]["expires"] = "Wed May 18 03:33:20 2033"
c["role"] = users['role'] c["role"] = role
c["role"]["path"] = "/cgi-bin/" c["role"]["path"] = "/cgi-bin/"
c["role"]["expires"] = "Wed May 18 03:33:20 2033" c["role"]["expires"] = "Wed May 18 03:33:20 2033"
c["group"] = users['group'] c["group"] = users['group']

View File

@ -24,7 +24,7 @@
<a href="cgi-bin/configver.py" title="Upload old config">Upload old config</a> <br /> <a href="cgi-bin/configver.py" title="Upload old config">Upload old config</a> <br />
<a href="cgi-bin/delver.py" title="Upload old config">Delete old config</a> <br /> <a href="cgi-bin/delver.py" title="Upload old config">Delete old config</a> <br />
<div class="copyright"> <div class="copyright">
HAproxy Web Interface v1.9.1 HAproxy Web Interface v1.10
</div> </div>
</div> </div>
</body> </body>