v6.1.1.0

Change log: https://roxy-wi.org/changelog.py#6_1_1
2022-07-08 20:43:13 +03:00 · 2022-07-08 20:43:13 +03:00 · 82666df1e6
parent 1fbcce83c0
commit 82666df1e6
1 changed files with 52 additions and 188 deletions
--- a/app/options.py
+++ b/app/options.py
@ -61,10 +61,7 @@ if form.getvalue('checkSshConnect') is not None and serv is not None:
        print(e)
 if form.getvalue('getcert') is not None and serv is not None:
-    cert_id = form.getvalue('getcert')
+    cert_id = funct.checkAjaxInput(form.getvalue('getcert'))
    if funct.checkAjaxInput(cert_id):
        print('error: Nice try')
        sys.exit()
    cert_path = sql.get_setting('cert_path')
    commands = ["openssl x509 -in " + cert_path + "/" + cert_id + " -text"]
@ -74,10 +71,8 @@ if form.getvalue('getcert') is not None and serv is not None:
        print('error: Cannot connect to the server ' + e.args[0])
 if form.getvalue('delcert') is not None and serv is not None:
-    if funct.checkAjaxInput(cert_id):
+    cert_id = form.getvalue('delcert')
-        print('error: Nice try')
+    cert_id = funct.checkAjaxInput(cert_id)
        sys.exit()
    cert_path = sql.get_setting('cert_path')
    commands = ["sudo rm -f " + cert_path + "/" + cert_id]
    try:
@ -96,10 +91,7 @@ if serv and form.getvalue('ssl_cert'):
    if form.getvalue('ssl_name') is None:
        print('error: Please enter a desired name')
    else:
-        name = form.getvalue('ssl_name')
+        name = funct.checkAjaxInput(form.getvalue('ssl_name'))
        if funct.checkAjaxInput(name):
            print('error: Nice try')
            sys.exit()
    try:
        with open(name, "w") as ssl_cert:
@ -132,10 +124,7 @@ if form.getvalue('ip_select') is not None:
 if form.getvalue('ipbackend') is not None and form.getvalue('backend_server') is None:
    haproxy_sock_port = int(sql.get_setting('haproxy_sock_port'))
-    backend = form.getvalue('ipbackend')
+    backend = funct.checkAjaxInput(form.getvalue('ipbackend'))
    if funct.checkAjaxInput(backend):
        print('error: Nice try')
        sys.exit()
    cmd = 'echo "show servers state"|nc %s %s |grep "%s" |awk \'{print $4}\'' % (serv, haproxy_sock_port, backend)
    output, stderr = funct.subprocess_execute(cmd)
    for i in output:
@ -146,23 +135,18 @@ if form.getvalue('ipbackend') is not None and form.getvalue('backend_server') is
 if form.getvalue('ipbackend') is not None and form.getvalue('backend_server') is not None:
    haproxy_sock_port = int(sql.get_setting('haproxy_sock_port'))
-    backend = form.getvalue('ipbackend')
+    backend = funct.checkAjaxInput(form.getvalue('ipbackend'))
-    backend_server = form.getvalue('backend_server')
+    backend_server = funct.checkAjaxInput(form.getvalue('backend_server'))
    if funct.checkAjaxInput(backend) or funct.checkAjaxInput(backend_server):
        print('error: Nice try')
        sys.exit()
    cmd = 'echo "show servers state"|nc %s %s |grep "%s" |grep "%s" |awk \'{print $5":"$19}\' |head -1' % (serv, haproxy_sock_port, backend, backend_server)
    output, stderr = funct.subprocess_execute(cmd)
    print(output[0])
 if form.getvalue('backend_ip') is not None:
-    backend_backend = form.getvalue('backend_backend')
+    backend_backend = funct.checkAjaxInput(form.getvalue('backend_backend'))
-    backend_server = form.getvalue('backend_server')
+    backend_server = funct.checkAjaxInput(form.getvalue('backend_server'))
-    backend_ip = form.getvalue('backend_ip')
+    backend_ip = funct.checkAjaxInput(form.getvalue('backend_ip'))
-    backend_port = form.getvalue('backend_port')
+    backend_port = funct.checkAjaxInput(form.getvalue('backend_port'))
-    if any((funct.checkAjaxInput(backend_backend), funct.checkAjaxInput(backend_server), funct.checkAjaxInput(backend_ip), funct.checkAjaxInput(backend_port))):
+
        print('error: Nice try')
        sys.exit()
    if form.getvalue('backend_ip') is None:
        print('error: Backend IP must be IP and not 0')
        sys.exit()
@ -211,19 +195,13 @@ if form.getvalue('backend_ip') is not None:
        stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save='save')
 if form.getvalue('maxconn_select') is not None:
-    serv = form.getvalue('maxconn_select')
+    serv = funct.checkAjaxInput(form.getvalue('maxconn_select'))
    if funct.checkAjaxInput(serv):
        print('error: Nice try')
        sys.exit()
    funct.get_backends_from_config(serv, backends='frontend')
 if form.getvalue('maxconn_frontend') is not None:
-    frontend = form.getvalue('maxconn_frontend')
+    frontend = funct.checkAjaxInput(form.getvalue('maxconn_frontend'))
-    maxconn = form.getvalue('maxconn_int')
+    maxconn = funct.checkAjaxInput(form.getvalue('maxconn_int'))
    if funct.checkAjaxInput(frontend) or funct.checkAjaxInput(maxconn):
        print('error: Nice try')
        sys.exit()
    if form.getvalue('maxconn_int') is None:
        print('error: Maxconn must be integer and not 0')
        sys.exit()
@ -297,12 +275,8 @@ if form.getvalue('table_select') is not None:
 if form.getvalue('ip_for_delete') is not None:
    haproxy_sock_port = sql.get_setting('haproxy_sock_port')
-    ip = form.getvalue('ip_for_delete')
+    ip = funct.checkAjaxInput(form.getvalue('ip_for_delete'))
-    table = form.getvalue('table_for_delete')
+    table = funct.checkAjaxInput(form.getvalue('table_for_delete'))
    if funct.checkAjaxInput(ip) or funct.checkAjaxInput(table):
        print('error: Nice try')
        sys.exit()
    cmd = 'echo "clear table %s key %s" |nc %s %s' % (table, ip, serv, haproxy_sock_port)
    output, stderr = funct.subprocess_execute(cmd)
@ -311,11 +285,7 @@ if form.getvalue('ip_for_delete') is not None:
 if form.getvalue('table_for_clear') is not None:
    haproxy_sock_port = sql.get_setting('haproxy_sock_port')
-    table = form.getvalue('table_for_clear')
+    table = funct.checkAjaxInput(form.getvalue('table_for_clear'))
    if funct.checkAjaxInput(table):
        print('error: Nice try')
        sys.exit()
    cmd = 'echo "clear table %s " |nc %s %s' % (table, serv, haproxy_sock_port)
    output, stderr = funct.subprocess_execute(cmd)
@ -334,12 +304,8 @@ if form.getvalue('list_select_id') is not None:
    env = Environment(loader=FileSystemLoader('templates/'), autoescape=True,
                      extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'], trim_blocks=True, lstrip_blocks=True)
    template = env.get_template('ajax/list.html')
-    list_id = form.getvalue('list_select_id')
+    list_id = funct.checkAjaxInput(form.getvalue('list_select_id'))
-    list_name = form.getvalue('list_select_name')
+    list_name = funct.checkAjaxInput(form.getvalue('list_select_name'))
    if funct.checkAjaxInput(list_id) or funct.checkAjaxInput(list_name):
        print('error: Nice try')
        sys.exit()
    haproxy_sock_port = sql.get_setting('haproxy_sock_port')
    cmd = 'echo "show acl #%s"|nc %s %s' % (list_id, serv, haproxy_sock_port)
@ -351,17 +317,12 @@ if form.getvalue('list_select_id') is not None:
 if form.getvalue('list_id_for_delete') is not None:
    haproxy_sock_port = sql.get_setting('haproxy_sock_port')
    lists_path = sql.get_setting('lists_path')
-    lib_path = funct.get_config_var('main', 'lib_path')
+    lib_path = funct.checkAjaxInput(funct.get_config_var('main', 'lib_path'))
-    ip_id = form.getvalue('list_ip_id_for_delete')
+    ip_id = funct.checkAjaxInput(form.getvalue('list_ip_id_for_delete'))
-    ip = form.getvalue('list_ip_for_delete')
+    ip = funct.checkAjaxInput(form.getvalue('list_ip_for_delete'))
-    list_id = form.getvalue('list_id_for_delete')
+    list_id = funct.checkAjaxInput(form.getvalue('list_id_for_delete'))
-    list_name = form.getvalue('list_name')
+    list_name = funct.checkAjaxInput(form.getvalue('list_name'))
-    user_group = funct.get_user_group(id=1)
+    user_group = funct.checkAjaxInput(funct.get_user_group(id=1))
    if any((funct.checkAjaxInput(ip_id), funct.checkAjaxInput(ip), funct.checkAjaxInput(list_id), funct.checkAjaxInput(list_name))):
        print('error: Nice try')
        sys.exit()
    cmd = "sed -i 's!%s$!!' %s/%s/%s/%s" % (ip, lib_path, lists_path, user_group, list_name)
    cmd1 = "sed -i '/^$/d' %s/%s/%s/%s" % (lib_path, lists_path, user_group, list_name)
    output, stderr = funct.subprocess_execute(cmd)
@ -392,14 +353,9 @@ if form.getvalue('list_ip_for_add') is not None:
    ip = form.getvalue('list_ip_for_add')
    ip = ip.strip()
    ip = funct.is_ip_or_dns(ip)
-    list_id = form.getvalue('list_id_for_add')
+    list_id = funct.checkAjaxInput(form.getvalue('list_id_for_add'))
-    list_name = form.getvalue('list_name')
+    list_name = funct.checkAjaxInput(form.getvalue('list_name'))
-    user_group = funct.get_user_group(id=1)
+    user_group = funct.checkAjaxInput(funct.get_user_group(id=1))
    if any((funct.checkAjaxInput(lists_path), funct.checkAjaxInput(list_id), funct.checkAjaxInput(list_name))):
        print('error: Nice try')
        sys.exit()
    cmd = 'echo "add acl #%s %s" |nc %s %s' % (list_id, ip, serv, haproxy_sock_port)
    output, stderr = funct.subprocess_execute(cmd)
    if output[0]:
@ -423,15 +379,7 @@ if form.getvalue('sessions_select') is not None:
    env = Environment(loader=FileSystemLoader('templates'), autoescape=True,
                      extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'], trim_blocks=True, lstrip_blocks=True)
-    serv = form.getvalue('sessions_select')
+    serv = funct.checkAjaxInput(form.getvalue('sessions_select'))
    if funct.checkAjaxInput(serv):
        print('error: Nice try')
        sys.exit()
    if funct.checkAjaxInput(serv):
        print('error: Nice try')
        sys.exit()
    haproxy_sock_port = sql.get_setting('haproxy_sock_port')
@ -444,16 +392,11 @@ if form.getvalue('sessions_select') is not None:
    print(template)
 if form.getvalue('sessions_select_show') is not None:
-    serv = form.getvalue('sessions_select_show')
+    serv = funct.checkAjaxInput(form.getvalue('sessions_select_show'))
-    sess_id = form.getvalue('sessions_select_id')
+    sess_id = funct.checkAjaxInput(form.getvalue('sessions_select_id'))
    if funct.checkAjaxInput(serv) or funct.checkAjaxInput(sess_id):
        print('error: Nice try')
        sys.exit()
    haproxy_sock_port = sql.get_setting('haproxy_sock_port')
    cmd = 'echo "show sess %s" |nc %s %s' % (sess_id, serv, haproxy_sock_port)
    output, stderr = funct.subprocess_execute(cmd)
    if stderr:
@ -464,16 +407,7 @@ if form.getvalue('sessions_select_show') is not None:
 if form.getvalue('session_delete_id') is not None:
    haproxy_sock_port = sql.get_setting('haproxy_sock_port')
-    sess_id = form.getvalue('session_delete_id')
+    sess_id = funct.checkAjaxInput(form.getvalue('session_delete_id'))
    if funct.checkAjaxInput(sess_id):
        print('error: Nice try')
        sys.exit()
    if funct.checkAjaxInput(sess_id):
        print('error: Nice try')
        sys.exit()
    cmd = 'echo "shutdown session %s" |nc %s %s' % (sess_id, serv, haproxy_sock_port)
    output, stderr = funct.subprocess_execute(cmd)
    if output[0] != '':
@ -597,15 +531,7 @@ if form.getvalue('action_apache') is not None and serv is not None:
    print("success: Apache has been %s" % action)
 if form.getvalue('action_service') is not None:
-    action = form.getvalue('action_service')
+    action = funct.checkAjaxInput(form.getvalue('action_service'))
    if funct.checkAjaxInput(action):
        print('error: Nice try')
        sys.exit()
    if funct.checkAjaxInput(action):
        print('error: Nice try')
        sys.exit()
    if action not in ('start', 'stop', 'restart'):
        print('error: wrong action')
@ -1233,12 +1159,8 @@ if serv is not None and act == "showMap":
 if form.getvalue('servaction') is not None:
    server_state_file = sql.get_setting('server_state_file')
    haproxy_sock = sql.get_setting('haproxy_sock')
-    enable = form.getvalue('servaction')
+    enable = funct.checkAjaxInput(form.getvalue('servaction'))
-    backend = form.getvalue('servbackend')
+    backend = funct.checkAjaxInput(form.getvalue('servbackend'))
    if funct.checkAjaxInput(enable) or funct.checkAjaxInput(backend):
        print('error: Nice try')
        sys.exit()
    cmd = 'echo "{} {}" |sudo socat stdio {}'.format(enable, backend, haproxy_sock)
@ -1281,12 +1203,8 @@ if act == "showCompareConfigs":
 if serv is not None and form.getvalue('right') is not None:
    from jinja2 import Environment, FileSystemLoader
-    left = form.getvalue('left')
+    left = funct.checkAjaxInput(form.getvalue('left'))
-    right = form.getvalue('right')
+    right = funct.checkAjaxInput(form.getvalue('right'))
    if funct.checkAjaxInput(left) or funct.checkAjaxInput(right):
        print('error: Nice try')
        sys.exit()
    if form.getvalue('service') == 'nginx':
        configs_dir = funct.get_config_var('configs', 'nginx_save_configs_dir')
@ -2554,15 +2472,7 @@ if form.getvalue('new_ssh'):
 if form.getvalue('sshdel') is not None:
    lib_path = funct.get_config_var('main', 'lib_path')
-    sshdel = form.getvalue('sshdel')
+    sshdel = funct.checkAjaxInput(form.getvalue('sshdel'))
    if funct.checkAjaxInput(sshdel):
        print('error: Nice try')
        sys.exit()
    if funct.checkAjaxInput(sshdel):
        print('error: Nice try')
        sys.exit()
    for sshs in sql.select_ssh(id=sshdel):
        ssh_enable = sshs.enable
@ -2612,11 +2522,7 @@ if form.getvalue('ssh_cert'):
    import paramiko
    user_group = funct.get_user_group()
-    name = form.getvalue('name')
+    name = funct.checkAjaxInput(form.getvalue('name'))
    if funct.checkAjaxInput(name):
        print('error: Nice try')
        sys.exit()
    try:
        key = paramiko.pkey.load_private_key(form.getvalue('ssh_cert'))
@ -2913,11 +2819,7 @@ if form.getvalue('updateSmonIp') is not None:
        funct.logging('SMON', ' Has been update the server ' + ip + ' to SMON ', haproxywi=1, login=1)
 if form.getvalue('showBytes') is not None:
-    serv = form.getvalue('showBytes')
+    serv = funct.checkAjaxInput(form.getvalue('showBytes'))
    if funct.checkAjaxInput(serv):
        print('error: Nice try')
        sys.exit()
    port = sql.get_setting('haproxy_sock_port')
    bin_bout = []
@ -2970,12 +2872,8 @@ if form.getvalue('nginxConnections'):
        print('error: cannot connect to Nginx stat page')
 if form.getvalue('waf_rule_id'):
-    enable = form.getvalue('waf_en')
+    enable = funct.checkAjaxInput(form.getvalue('waf_en'))
-    rule_id = form.getvalue('waf_rule_id')
+    rule_id = funct.checkAjaxInput(form.getvalue('waf_rule_id'))
    if funct.checkAjaxInput(enable) or funct.checkAjaxInput(rule_id):
        print('error: Nice try')
        sys.exit()
    haproxy_path = sql.get_setting('haproxy_dir')
    rule_file = sql.select_waf_rule_by_id(rule_id)
@ -3051,15 +2949,7 @@ if form.getvalue('lets_domain'):
    os.system("rm -f %s" % script)
 if form.getvalue('uploadovpn'):
-    name = form.getvalue('ovpnname')
+    name = funct.checkAjaxInput(form.getvalue('ovpnname'))
    if funct.checkAjaxInput(name):
        print('error: Nice try')
        sys.exit()
    if funct.checkAjaxInput(name):
        print('error: Nice try')
        sys.exit()
    ovpn_file = os.path.dirname('/tmp/') + "/" + name + '.ovpn'
@ -3087,11 +2977,7 @@ if form.getvalue('uploadovpn'):
    funct.logging("localhost", " has been uploaded a new ovpn file %s" % ovpn_file, haproxywi=1, login=1)
 if form.getvalue('openvpndel') is not None:
-    openvpndel = form.getvalue('openvpndel')
+    openvpndel = funct.checkAjaxInput(form.getvalue('openvpndel'))
    if funct.checkAjaxInput(openvpndel):
        print('error: Nice try')
        sys.exit()
    cmd = 'sudo openvpn3 config-remove --config /tmp/%s.ovpn --force' % openvpndel
    try:
@ -3103,12 +2989,8 @@ if form.getvalue('openvpndel') is not None:
        funct.logging('localhost', e.args[0], haproxywi=1)
 if form.getvalue('actionvpn') is not None:
-    openvpn = form.getvalue('openvpnprofile')
+    openvpn = funct.checkAjaxInput(form.getvalue('openvpnprofile'))
-    action = form.getvalue('actionvpn')
+    action = funct.checkAjaxInput(form.getvalue('actionvpn'))
    if funct.checkAjaxInput(openvpn) or funct.checkAjaxInput(action):
        print('error: Nice try')
        sys.exit()
    if action == 'start':
        cmd = 'sudo openvpn3 session-start --config /tmp/%s.ovpn' % openvpn
@ -3125,12 +3007,7 @@ if form.getvalue('actionvpn') is not None:
        funct.logging('localhost', e.args[0], haproxywi=1)
 if form.getvalue('scan_ports') is not None:
-    serv_id = form.getvalue('scan_ports')
+    serv_id = funct.checkAjaxInput(form.getvalue('scan_ports'))
    if funct.checkAjaxInput(serv_id):
        print('error: Nice try')
        sys.exit()
    server = sql.select_servers(id=serv_id)
    ip = ''
@ -3154,11 +3031,7 @@ if form.getvalue('scan_ports') is not None:
        print(template)
 if form.getvalue('viewFirewallRules') is not None:
-    serv = form.getvalue('viewFirewallRules')
+    serv = funct.checkAjaxInput(form.getvalue('viewFirewallRules'))
    if funct.checkAjaxInput(serv):
        print('error: Nice try')
        sys.exit()
    cmd = ["sudo iptables -L INPUT -n --line-numbers|sed 's/  */ /g'|grep -v -E 'Chain|target'"]
    cmd1 = ["sudo iptables -L IN_public_allow -n --line-numbers|sed 's/  */ /g'|grep -v -E 'Chain|target'"]
@ -3186,11 +3059,6 @@ if form.getvalue('viewFirewallRules') is not None:
 if form.getvalue('geoipserv') is not None:
    serv = form.getvalue('geoipserv')
    if funct.checkAjaxInput(serv):
        print('error: Nice try')
        sys.exit()
    haproxy_dir = sql.get_setting('haproxy_dir')
    cmd = ["ls " + haproxy_dir + "/geoip/"]
@ -4531,12 +4399,8 @@ if act == 'check_service':
    user_uuid = cookie.get('uuid')
    user_id = sql.get_user_id_by_uuid(user_uuid.value)
    user_services = sql.select_user_services(user_id)
-    server_id = form.getvalue('server_id')
+    server_id = funct.checkAjaxInput(form.getvalue('server_id'))
-    service = form.getvalue('service')
+    service = funct.checkAjaxInput(form.getvalue('service'))
    if funct.checkAjaxInput(server_id) or funct.checkAjaxInput(service):
        print('error: Nice try')
        sys.exit()
    if '1' in user_services:
        if service == 'haproxy':