Pavel Loginov 2021-03-29 23:54:08 +06:00
parent 236f25113b
commit 8550b15b22
3 changed files with 161 additions and 14 deletions

View File

@ -138,6 +138,28 @@ def create_table(**kwargs):
CREATE TABLE IF NOT EXISTS `waf` (`server_id` INTEGER UNIQUE, metrics INTEGER);
CREATE TABLE IF NOT EXISTS `waf_metrics` (`serv` varchar(64), conn INTEGER, `date` DATETIME default '0000-00-00 00:00:00');
CREATE TABLE IF NOT EXISTS user_groups(user_id INTEGER NOT NULL, user_group_id INTEGER NOT NULL, UNIQUE(user_id,user_group_id));
CREATE TABLE IF NOT EXISTS port_scanner_settings (
server_id INTEGER NOT NULL,
user_group_id INTEGER NOT NULL,
enabled INTEGER NOT NULL,
notify INTEGER NOT NULL,
history INTEGER NOT NULL,
UNIQUE(server_id)
);
CREATE TABLE IF NOT EXISTS port_scanner_ports (
`serv` varchar(64),
user_group_id INTEGER NOT NULL,
port INTEGER NOT NULL,
service_name varchar(64),
`date` DATETIME default '0000-00-00 00:00:00'
);
CREATE TABLE IF NOT EXISTS port_scanner_history (
`serv` varchar(64),
port INTEGER NOT NULL,
status varchar(64),
service_name varchar(64),
`date` DATETIME default '0000-00-00 00:00:00'
);
CREATE TABLE IF NOT EXISTS providers_creds (
`id` INTEGER NOT NULL,
`name` VARCHAR ( 64 ),
@ -173,7 +195,15 @@ def create_table(**kwargs):
`last_error` VARCHAR ( 256 ),
`delete_on_termination` INTEGER,
PRIMARY KEY(`id`)
);
);
CREATE TABLE api_tokens (
`token` varchar(64),
`user_name` varchar(64),
`user_group_id` INTEGER NOT NULL,
`user_role` INTEGER NOT NULL,
`create_date` DATETIME default '0000-00-00 00:00:00',
`expire_date` DATETIME default '0000-00-00 00:00:00'
);
"""
try:
cur.executescript(sql)
@ -1012,6 +1042,7 @@ def update_db_v_5(**kwargs):
cur.close()
con.close()
def update_db_v_51(**kwargs):
con, cur = get_cur()
sql = """CREATE TABLE IF NOT EXISTS provisioned_servers (
@ -1073,6 +1104,51 @@ def update_db_v_5_0_1(**kwargs):
con.close()
def update_db_v_5_1_0(**kwargs):
con, cur = get_cur()
sql = """
INSERT INTO settings (param, value, section, `desc`) values('port_scan_interval', '5', 'monitoring', 'Port scanner check interval, in minutes');
"""
try:
cur.execute(sql)
con.commit()
except sqltool.Error as e:
if kwargs.get('silent') != 1:
if e.args[0] == 'columns param, group are not unique' or e == " 1060 (42S21): columns param, group are not unique ":
print('Updating... DB has been updated to version 5.1.0')
else:
print("An error occurred:", e)
else:
print("Updating... DB has been updated to version 5.1.0")
cur.close()
con.close()
def update_db_v_5_1_0_1(**kwargs):
con, cur = get_cur()
sql = """CREATE TABLE api_tokens (
`token` varchar(64),
`user_name` varchar(64),
`user_group_id` INTEGER NOT NULL,
`user_role` INTEGER NOT NULL,
`create_date` DATETIME default '0000-00-00 00:00:00',
`expire_date` DATETIME default '0000-00-00 00:00:00'
); """
try:
cur.execute(sql)
con.commit()
except sqltool.Error as e:
if kwargs.get('silent') != 1:
if e.args[0] == 'duplicate column name: version' or e == "1060 (42S21): Duplicate column name 'version' ":
print('Updating... DB has been updated to version 5.1.0')
else:
print("Updating... DB has been updated to version 5.1.0")
cur.close()
con.close()
def update_ver():
con, cur = get_cur()
sql = """update version set version = '5.0.2.0'; """
@ -1112,6 +1188,8 @@ def update_all():
update_db_v_5()
update_db_v_51()
update_db_v_5_0_1()
update_db_v_5_1_0()
update_db_v_5_1_0_1()
update_ver()
@ -1142,6 +1220,8 @@ def update_all_silent():
update_db_v_5(silent=1)
update_db_v_51(silent=1)
update_db_v_5_0_1(silent=1)
update_db_v_5_1_0(silent=1)
update_db_v_5_1_0_1(silent=1)
update_ver()

View File

@ -16,7 +16,7 @@ def get_app_dir():
def get_config_var(sec, var):
from configparser import ConfigParser, ExtendedInterpolation
try:
path_config = "haproxy-wi.cfg"
path_config = "/var/www/haproxy-wi/app/haproxy-wi.cfg"
config = ConfigParser(interpolation=ExtendedInterpolation())
config.read(path_config)
except Exception:
@ -63,7 +63,7 @@ def get_user_group(**kwargs):
else:
user_group = g[1]
except Exception:
user_group = ''
check_user_group()
return user_group
@ -72,8 +72,11 @@ def logging(serv, action, **kwargs):
import sql
import http.cookies
log_path = get_config_var('main', 'log_path')
user_group = get_user_group()
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
try:
user_group = get_user_group()
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
except:
user_group = ''
if not os.path.exists(log_path):
os.makedirs(log_path)
@ -140,7 +143,7 @@ def telegram_send_mess(mess, **kwargs):
channel_name = telegram[2]
if token_bot == '' or channel_name == '':
mess = " Fatal: Can't send message. Add Telegram channel before use alerting at this servers group"
mess = " error: Can't send message. Add Telegram channel before use alerting at this servers group"
print(mess)
logging('localhost', mess, haproxywi=1)
sys.exit()
@ -1177,7 +1180,10 @@ def get_users_params(**kwargs):
return user, user_id, role, token, servers
def check_user_group():
def check_user_group(**kwargs):
if kwargs.get('token') is not None:
return True
import http.cookies
import os
import sql
@ -1218,9 +1224,10 @@ def get_services_status():
services_name = {'checker_haproxy': 'Checker backends master service',
'keep_alive': 'Auto start service',
'metrics_haproxy': 'Metrics master service',
'portscanner': 'Port scanner service',
'smon': 'Simple monitoring network ports',
'prometheus': 'Prometheus service',
'grafana-server': 'Grafana service',
'smon': 'Simple monitoring network ports',
'fail2ban': 'Fail2ban service'}
for s, v in services_name.items():
cmd = "systemctl status %s |grep Act |awk '{print $2}'" % s

View File

@ -525,6 +525,21 @@ def get_group_name_by_id(group_id):
con.close()
def get_group_id_by_name(group_name):
con, cur = get_cur()
sql = """select id from groups where name = '%s' """ % group_name
try:
cur.execute(sql)
except sqltool.Error as e:
return funct.out_error(e)
else:
for group_id in cur.fetchone():
return group_id
cur.close()
con.close()
def select_server_by_name(name):
con, cur = get_cur()
sql = """select ip from servers where hostname='%s' """ % name
@ -620,6 +635,52 @@ def write_user_token(login, user_token):
con.close()
def write_api_token(user_token, group_id, user_role, user_name):
con, cur = get_cur()
token_ttl = get_setting('token_ttl')
if mysql_enable == '1':
sql = """ insert into api_tokens (token, user_name, user_group_id, user_role, create_date, expire_date) values('%s', '%s', '%s', '%s', now(), now()+ INTERVAL %s day) """ % (user_token, user_name, group_id, user_role, token_ttl)
else:
sql = """ insert into api_tokens (token, user_name, user_group_id, user_role, create_date, expire_date) values('%s', '%s', '%s', '%s', datetime('now'), datetime('now', '+%s days')) """ % (user_token, user_name, group_id, user_role, token_ttl)
try:
cur.execute(sql)
con.commit()
except sqltool.Error as e:
return str(e)
con.rollback()
cur.close()
con.close()
def get_api_token(token):
con, cur = get_cur()
sql = """ select token from api_tokens where token = '%s' """ % token
try:
cur.execute(sql)
except sqltool.Error as e:
return str(e)
else:
for user_token in cur.fetchall():
return True if token == user_token[0] else False
cur.close()
con.close()
def get_username_groupid_from_api_token(token):
con, cur = get_cur()
sql = """ select user_name, user_group_id from api_tokens where token = '%s' """ % token
try:
cur.execute(sql)
except sqltool.Error as e:
return str(e)
else:
for u in cur.fetchall():
return u[0], u[1]
cur.close()
con.close()
def get_token(uuid):
con, cur = get_cur()
sql = """ select token.token from token left join uuid as uuid on uuid.user_id = token.user_id where uuid.uuid = '%s' """ % uuid
@ -784,14 +845,14 @@ def get_dick_permit(**kwargs):
import http.cookies
import os
if kwargs.get('username'):
user = kwargs.get('username')
grp = '1'
# user = kwargs.get('username')
grp = kwargs.get('group_id')
else:
cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE"))
user_id = cookie.get('uuid')
# user_id = cookie.get('uuid')
group = cookie.get('group')
grp = group.value
user = get_user_id_by_uuid(user_id.value)
# user = get_user_id_by_uuid(user_id.value)
if kwargs.get('token'):
token = kwargs.get('token')
else:
@ -818,7 +879,7 @@ def get_dick_permit(**kwargs):
if kwargs.get('keepalived'):
nginx = "and keepalived = 1"
if funct.check_user_group():
if funct.check_user_group(token=token):
con, cur = get_cur()
if grp == '1' and not only_group:
sql = """ select * from servers where enable = 1 %s %s %s %s order by pos""" % (disable, type_ip, nginx, ip)
@ -2442,7 +2503,6 @@ def insert_port_scanner_settings(server_id, user_group_id, enabled, notify, hist
con.commit()
return True
except sqltool.Error as e:
funct.out_error(e)
con.rollback()
return False
finally: