From 82666df1e60c45dd6aa533b01a392f015d32f755 Mon Sep 17 00:00:00 2001 From: Pavel Loginov Date: Fri, 8 Jul 2022 20:43:13 +0300 Subject: [PATCH] v6.1.1.0 Change log: https://roxy-wi.org/changelog.py#6_1_1 --- app/options.py | 240 +++++++++++-------------------------------------- 1 file changed, 52 insertions(+), 188 deletions(-) diff --git a/app/options.py b/app/options.py index 51527568..728a4cf7 100644 --- a/app/options.py +++ b/app/options.py @@ -61,10 +61,7 @@ if form.getvalue('checkSshConnect') is not None and serv is not None: print(e) if form.getvalue('getcert') is not None and serv is not None: - cert_id = form.getvalue('getcert') - if funct.checkAjaxInput(cert_id): - print('error: Nice try') - sys.exit() + cert_id = funct.checkAjaxInput(form.getvalue('getcert')) cert_path = sql.get_setting('cert_path') commands = ["openssl x509 -in " + cert_path + "/" + cert_id + " -text"] @@ -74,10 +71,8 @@ if form.getvalue('getcert') is not None and serv is not None: print('error: Cannot connect to the server ' + e.args[0]) if form.getvalue('delcert') is not None and serv is not None: - if funct.checkAjaxInput(cert_id): - print('error: Nice try') - sys.exit() - + cert_id = form.getvalue('delcert') + cert_id = funct.checkAjaxInput(cert_id) cert_path = sql.get_setting('cert_path') commands = ["sudo rm -f " + cert_path + "/" + cert_id] try: @@ -96,10 +91,7 @@ if serv and form.getvalue('ssl_cert'): if form.getvalue('ssl_name') is None: print('error: Please enter a desired name') else: - name = form.getvalue('ssl_name') - if funct.checkAjaxInput(name): - print('error: Nice try') - sys.exit() + name = funct.checkAjaxInput(form.getvalue('ssl_name')) try: with open(name, "w") as ssl_cert: @@ -132,10 +124,7 @@ if form.getvalue('ip_select') is not None: if form.getvalue('ipbackend') is not None and form.getvalue('backend_server') is None: haproxy_sock_port = int(sql.get_setting('haproxy_sock_port')) - backend = form.getvalue('ipbackend') - if funct.checkAjaxInput(backend): - print('error: Nice try') - sys.exit() + backend = funct.checkAjaxInput(form.getvalue('ipbackend')) cmd = 'echo "show servers state"|nc %s %s |grep "%s" |awk \'{print $4}\'' % (serv, haproxy_sock_port, backend) output, stderr = funct.subprocess_execute(cmd) for i in output: @@ -146,23 +135,18 @@ if form.getvalue('ipbackend') is not None and form.getvalue('backend_server') is if form.getvalue('ipbackend') is not None and form.getvalue('backend_server') is not None: haproxy_sock_port = int(sql.get_setting('haproxy_sock_port')) - backend = form.getvalue('ipbackend') - backend_server = form.getvalue('backend_server') - if funct.checkAjaxInput(backend) or funct.checkAjaxInput(backend_server): - print('error: Nice try') - sys.exit() + backend = funct.checkAjaxInput(form.getvalue('ipbackend')) + backend_server = funct.checkAjaxInput(form.getvalue('backend_server')) cmd = 'echo "show servers state"|nc %s %s |grep "%s" |grep "%s" |awk \'{print $5":"$19}\' |head -1' % (serv, haproxy_sock_port, backend, backend_server) output, stderr = funct.subprocess_execute(cmd) print(output[0]) if form.getvalue('backend_ip') is not None: - backend_backend = form.getvalue('backend_backend') - backend_server = form.getvalue('backend_server') - backend_ip = form.getvalue('backend_ip') - backend_port = form.getvalue('backend_port') - if any((funct.checkAjaxInput(backend_backend), funct.checkAjaxInput(backend_server), funct.checkAjaxInput(backend_ip), funct.checkAjaxInput(backend_port))): - print('error: Nice try') - sys.exit() + backend_backend = funct.checkAjaxInput(form.getvalue('backend_backend')) + backend_server = funct.checkAjaxInput(form.getvalue('backend_server')) + backend_ip = funct.checkAjaxInput(form.getvalue('backend_ip')) + backend_port = funct.checkAjaxInput(form.getvalue('backend_port')) + if form.getvalue('backend_ip') is None: print('error: Backend IP must be IP and not 0') sys.exit() @@ -211,19 +195,13 @@ if form.getvalue('backend_ip') is not None: stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save='save') if form.getvalue('maxconn_select') is not None: - serv = form.getvalue('maxconn_select') - if funct.checkAjaxInput(serv): - print('error: Nice try') - sys.exit() + serv = funct.checkAjaxInput(form.getvalue('maxconn_select')) funct.get_backends_from_config(serv, backends='frontend') if form.getvalue('maxconn_frontend') is not None: - frontend = form.getvalue('maxconn_frontend') - maxconn = form.getvalue('maxconn_int') + frontend = funct.checkAjaxInput(form.getvalue('maxconn_frontend')) + maxconn = funct.checkAjaxInput(form.getvalue('maxconn_int')) - if funct.checkAjaxInput(frontend) or funct.checkAjaxInput(maxconn): - print('error: Nice try') - sys.exit() if form.getvalue('maxconn_int') is None: print('error: Maxconn must be integer and not 0') sys.exit() @@ -297,12 +275,8 @@ if form.getvalue('table_select') is not None: if form.getvalue('ip_for_delete') is not None: haproxy_sock_port = sql.get_setting('haproxy_sock_port') - ip = form.getvalue('ip_for_delete') - table = form.getvalue('table_for_delete') - - if funct.checkAjaxInput(ip) or funct.checkAjaxInput(table): - print('error: Nice try') - sys.exit() + ip = funct.checkAjaxInput(form.getvalue('ip_for_delete')) + table = funct.checkAjaxInput(form.getvalue('table_for_delete')) cmd = 'echo "clear table %s key %s" |nc %s %s' % (table, ip, serv, haproxy_sock_port) output, stderr = funct.subprocess_execute(cmd) @@ -311,11 +285,7 @@ if form.getvalue('ip_for_delete') is not None: if form.getvalue('table_for_clear') is not None: haproxy_sock_port = sql.get_setting('haproxy_sock_port') - table = form.getvalue('table_for_clear') - - if funct.checkAjaxInput(table): - print('error: Nice try') - sys.exit() + table = funct.checkAjaxInput(form.getvalue('table_for_clear')) cmd = 'echo "clear table %s " |nc %s %s' % (table, serv, haproxy_sock_port) output, stderr = funct.subprocess_execute(cmd) @@ -334,12 +304,8 @@ if form.getvalue('list_select_id') is not None: env = Environment(loader=FileSystemLoader('templates/'), autoescape=True, extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'], trim_blocks=True, lstrip_blocks=True) template = env.get_template('ajax/list.html') - list_id = form.getvalue('list_select_id') - list_name = form.getvalue('list_select_name') - - if funct.checkAjaxInput(list_id) or funct.checkAjaxInput(list_name): - print('error: Nice try') - sys.exit() + list_id = funct.checkAjaxInput(form.getvalue('list_select_id')) + list_name = funct.checkAjaxInput(form.getvalue('list_select_name')) haproxy_sock_port = sql.get_setting('haproxy_sock_port') cmd = 'echo "show acl #%s"|nc %s %s' % (list_id, serv, haproxy_sock_port) @@ -351,17 +317,12 @@ if form.getvalue('list_select_id') is not None: if form.getvalue('list_id_for_delete') is not None: haproxy_sock_port = sql.get_setting('haproxy_sock_port') lists_path = sql.get_setting('lists_path') - lib_path = funct.get_config_var('main', 'lib_path') - ip_id = form.getvalue('list_ip_id_for_delete') - ip = form.getvalue('list_ip_for_delete') - list_id = form.getvalue('list_id_for_delete') - list_name = form.getvalue('list_name') - user_group = funct.get_user_group(id=1) - - if any((funct.checkAjaxInput(ip_id), funct.checkAjaxInput(ip), funct.checkAjaxInput(list_id), funct.checkAjaxInput(list_name))): - print('error: Nice try') - sys.exit() - + lib_path = funct.checkAjaxInput(funct.get_config_var('main', 'lib_path')) + ip_id = funct.checkAjaxInput(form.getvalue('list_ip_id_for_delete')) + ip = funct.checkAjaxInput(form.getvalue('list_ip_for_delete')) + list_id = funct.checkAjaxInput(form.getvalue('list_id_for_delete')) + list_name = funct.checkAjaxInput(form.getvalue('list_name')) + user_group = funct.checkAjaxInput(funct.get_user_group(id=1)) cmd = "sed -i 's!%s$!!' %s/%s/%s/%s" % (ip, lib_path, lists_path, user_group, list_name) cmd1 = "sed -i '/^$/d' %s/%s/%s/%s" % (lib_path, lists_path, user_group, list_name) output, stderr = funct.subprocess_execute(cmd) @@ -392,14 +353,9 @@ if form.getvalue('list_ip_for_add') is not None: ip = form.getvalue('list_ip_for_add') ip = ip.strip() ip = funct.is_ip_or_dns(ip) - list_id = form.getvalue('list_id_for_add') - list_name = form.getvalue('list_name') - user_group = funct.get_user_group(id=1) - - if any((funct.checkAjaxInput(lists_path), funct.checkAjaxInput(list_id), funct.checkAjaxInput(list_name))): - print('error: Nice try') - sys.exit() - + list_id = funct.checkAjaxInput(form.getvalue('list_id_for_add')) + list_name = funct.checkAjaxInput(form.getvalue('list_name')) + user_group = funct.checkAjaxInput(funct.get_user_group(id=1)) cmd = 'echo "add acl #%s %s" |nc %s %s' % (list_id, ip, serv, haproxy_sock_port) output, stderr = funct.subprocess_execute(cmd) if output[0]: @@ -423,15 +379,7 @@ if form.getvalue('sessions_select') is not None: env = Environment(loader=FileSystemLoader('templates'), autoescape=True, extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'], trim_blocks=True, lstrip_blocks=True) - serv = form.getvalue('sessions_select') - - if funct.checkAjaxInput(serv): - print('error: Nice try') - sys.exit() - - if funct.checkAjaxInput(serv): - print('error: Nice try') - sys.exit() + serv = funct.checkAjaxInput(form.getvalue('sessions_select')) haproxy_sock_port = sql.get_setting('haproxy_sock_port') @@ -444,16 +392,11 @@ if form.getvalue('sessions_select') is not None: print(template) if form.getvalue('sessions_select_show') is not None: - serv = form.getvalue('sessions_select_show') - sess_id = form.getvalue('sessions_select_id') - - if funct.checkAjaxInput(serv) or funct.checkAjaxInput(sess_id): - print('error: Nice try') - sys.exit() - + serv = funct.checkAjaxInput(form.getvalue('sessions_select_show')) + sess_id = funct.checkAjaxInput(form.getvalue('sessions_select_id')) haproxy_sock_port = sql.get_setting('haproxy_sock_port') - cmd = 'echo "show sess %s" |nc %s %s' % (sess_id, serv, haproxy_sock_port) + output, stderr = funct.subprocess_execute(cmd) if stderr: @@ -464,16 +407,7 @@ if form.getvalue('sessions_select_show') is not None: if form.getvalue('session_delete_id') is not None: haproxy_sock_port = sql.get_setting('haproxy_sock_port') - sess_id = form.getvalue('session_delete_id') - - if funct.checkAjaxInput(sess_id): - print('error: Nice try') - sys.exit() - - if funct.checkAjaxInput(sess_id): - print('error: Nice try') - sys.exit() - + sess_id = funct.checkAjaxInput(form.getvalue('session_delete_id')) cmd = 'echo "shutdown session %s" |nc %s %s' % (sess_id, serv, haproxy_sock_port) output, stderr = funct.subprocess_execute(cmd) if output[0] != '': @@ -597,15 +531,7 @@ if form.getvalue('action_apache') is not None and serv is not None: print("success: Apache has been %s" % action) if form.getvalue('action_service') is not None: - action = form.getvalue('action_service') - - if funct.checkAjaxInput(action): - print('error: Nice try') - sys.exit() - - if funct.checkAjaxInput(action): - print('error: Nice try') - sys.exit() + action = funct.checkAjaxInput(form.getvalue('action_service')) if action not in ('start', 'stop', 'restart'): print('error: wrong action') @@ -1233,12 +1159,8 @@ if serv is not None and act == "showMap": if form.getvalue('servaction') is not None: server_state_file = sql.get_setting('server_state_file') haproxy_sock = sql.get_setting('haproxy_sock') - enable = form.getvalue('servaction') - backend = form.getvalue('servbackend') - - if funct.checkAjaxInput(enable) or funct.checkAjaxInput(backend): - print('error: Nice try') - sys.exit() + enable = funct.checkAjaxInput(form.getvalue('servaction')) + backend = funct.checkAjaxInput(form.getvalue('servbackend')) cmd = 'echo "{} {}" |sudo socat stdio {}'.format(enable, backend, haproxy_sock) @@ -1281,12 +1203,8 @@ if act == "showCompareConfigs": if serv is not None and form.getvalue('right') is not None: from jinja2 import Environment, FileSystemLoader - left = form.getvalue('left') - right = form.getvalue('right') - - if funct.checkAjaxInput(left) or funct.checkAjaxInput(right): - print('error: Nice try') - sys.exit() + left = funct.checkAjaxInput(form.getvalue('left')) + right = funct.checkAjaxInput(form.getvalue('right')) if form.getvalue('service') == 'nginx': configs_dir = funct.get_config_var('configs', 'nginx_save_configs_dir') @@ -2554,15 +2472,7 @@ if form.getvalue('new_ssh'): if form.getvalue('sshdel') is not None: lib_path = funct.get_config_var('main', 'lib_path') - sshdel = form.getvalue('sshdel') - - if funct.checkAjaxInput(sshdel): - print('error: Nice try') - sys.exit() - - if funct.checkAjaxInput(sshdel): - print('error: Nice try') - sys.exit() + sshdel = funct.checkAjaxInput(form.getvalue('sshdel')) for sshs in sql.select_ssh(id=sshdel): ssh_enable = sshs.enable @@ -2612,11 +2522,7 @@ if form.getvalue('ssh_cert'): import paramiko user_group = funct.get_user_group() - name = form.getvalue('name') - - if funct.checkAjaxInput(name): - print('error: Nice try') - sys.exit() + name = funct.checkAjaxInput(form.getvalue('name')) try: key = paramiko.pkey.load_private_key(form.getvalue('ssh_cert')) @@ -2913,11 +2819,7 @@ if form.getvalue('updateSmonIp') is not None: funct.logging('SMON', ' Has been update the server ' + ip + ' to SMON ', haproxywi=1, login=1) if form.getvalue('showBytes') is not None: - serv = form.getvalue('showBytes') - - if funct.checkAjaxInput(serv): - print('error: Nice try') - sys.exit() + serv = funct.checkAjaxInput(form.getvalue('showBytes')) port = sql.get_setting('haproxy_sock_port') bin_bout = [] @@ -2970,12 +2872,8 @@ if form.getvalue('nginxConnections'): print('error: cannot connect to Nginx stat page') if form.getvalue('waf_rule_id'): - enable = form.getvalue('waf_en') - rule_id = form.getvalue('waf_rule_id') - - if funct.checkAjaxInput(enable) or funct.checkAjaxInput(rule_id): - print('error: Nice try') - sys.exit() + enable = funct.checkAjaxInput(form.getvalue('waf_en')) + rule_id = funct.checkAjaxInput(form.getvalue('waf_rule_id')) haproxy_path = sql.get_setting('haproxy_dir') rule_file = sql.select_waf_rule_by_id(rule_id) @@ -3051,15 +2949,7 @@ if form.getvalue('lets_domain'): os.system("rm -f %s" % script) if form.getvalue('uploadovpn'): - name = form.getvalue('ovpnname') - - if funct.checkAjaxInput(name): - print('error: Nice try') - sys.exit() - - if funct.checkAjaxInput(name): - print('error: Nice try') - sys.exit() + name = funct.checkAjaxInput(form.getvalue('ovpnname')) ovpn_file = os.path.dirname('/tmp/') + "/" + name + '.ovpn' @@ -3087,11 +2977,7 @@ if form.getvalue('uploadovpn'): funct.logging("localhost", " has been uploaded a new ovpn file %s" % ovpn_file, haproxywi=1, login=1) if form.getvalue('openvpndel') is not None: - openvpndel = form.getvalue('openvpndel') - - if funct.checkAjaxInput(openvpndel): - print('error: Nice try') - sys.exit() + openvpndel = funct.checkAjaxInput(form.getvalue('openvpndel')) cmd = 'sudo openvpn3 config-remove --config /tmp/%s.ovpn --force' % openvpndel try: @@ -3103,12 +2989,8 @@ if form.getvalue('openvpndel') is not None: funct.logging('localhost', e.args[0], haproxywi=1) if form.getvalue('actionvpn') is not None: - openvpn = form.getvalue('openvpnprofile') - action = form.getvalue('actionvpn') - - if funct.checkAjaxInput(openvpn) or funct.checkAjaxInput(action): - print('error: Nice try') - sys.exit() + openvpn = funct.checkAjaxInput(form.getvalue('openvpnprofile')) + action = funct.checkAjaxInput(form.getvalue('actionvpn')) if action == 'start': cmd = 'sudo openvpn3 session-start --config /tmp/%s.ovpn' % openvpn @@ -3125,12 +3007,7 @@ if form.getvalue('actionvpn') is not None: funct.logging('localhost', e.args[0], haproxywi=1) if form.getvalue('scan_ports') is not None: - serv_id = form.getvalue('scan_ports') - - if funct.checkAjaxInput(serv_id): - print('error: Nice try') - sys.exit() - + serv_id = funct.checkAjaxInput(form.getvalue('scan_ports')) server = sql.select_servers(id=serv_id) ip = '' @@ -3154,11 +3031,7 @@ if form.getvalue('scan_ports') is not None: print(template) if form.getvalue('viewFirewallRules') is not None: - serv = form.getvalue('viewFirewallRules') - - if funct.checkAjaxInput(serv): - print('error: Nice try') - sys.exit() + serv = funct.checkAjaxInput(form.getvalue('viewFirewallRules')) cmd = ["sudo iptables -L INPUT -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"] cmd1 = ["sudo iptables -L IN_public_allow -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"] @@ -3186,11 +3059,6 @@ if form.getvalue('viewFirewallRules') is not None: if form.getvalue('geoipserv') is not None: serv = form.getvalue('geoipserv') - - if funct.checkAjaxInput(serv): - print('error: Nice try') - sys.exit() - haproxy_dir = sql.get_setting('haproxy_dir') cmd = ["ls " + haproxy_dir + "/geoip/"] @@ -4531,12 +4399,8 @@ if act == 'check_service': user_uuid = cookie.get('uuid') user_id = sql.get_user_id_by_uuid(user_uuid.value) user_services = sql.select_user_services(user_id) - server_id = form.getvalue('server_id') - service = form.getvalue('service') - - if funct.checkAjaxInput(server_id) or funct.checkAjaxInput(service): - print('error: Nice try') - sys.exit() + server_id = funct.checkAjaxInput(form.getvalue('server_id')) + service = funct.checkAjaxInput(form.getvalue('service')) if '1' in user_services: if service == 'haproxy':