diff --git a/app/create_db.py b/app/create_db.py index 0a2de27c..94cabd1b 100644 --- a/app/create_db.py +++ b/app/create_db.py @@ -680,7 +680,7 @@ def update_db_v_8_1_0_3(): def update_ver(): try: - Version.update(version='8.1.0').execute() + Version.update(version='8.1.0.1').execute() except Exception: print('Cannot update version') diff --git a/app/modules/db/cred.py b/app/modules/db/cred.py index 6cea6bdc..36542bc0 100644 --- a/app/modules/db/cred.py +++ b/app/modules/db/cred.py @@ -6,7 +6,8 @@ from app.modules.roxywi.exception import RoxywiResourceNotFound def select_ssh(**kwargs): if kwargs.get("group") and kwargs.get("cred_id") and kwargs.get("not_shared"): query = Cred.select().where( - ((Cred.id == kwargs.get('cred_id')) & (Cred.group_id == kwargs.get('group'))) + ((Cred.id == kwargs.get('cred_id')) & (Cred.group_id == kwargs.get('group'))) | + ((Cred.id == kwargs.get('cred_id')) & (Cred.shared == 1)) ) elif kwargs.get("group") and kwargs.get("cred_id"): query = Cred.select().where( diff --git a/app/modules/db/server.py b/app/modules/db/server.py index b24abbf0..a2b036b2 100644 --- a/app/modules/db/server.py +++ b/app/modules/db/server.py @@ -53,15 +53,6 @@ def get_server_by_ip(server_ip: str) -> Server: return out_error(e) -def select_server_by_name(name): - try: - ip = Server.get(Server.hostname == name) - except Exception as e: - return out_error(e) - else: - return ip.ip - - def insert_system_info( server_id: int, os_info: str, sys_info: dict, cpu: dict, ram: dict, network: dict, disks: dict ): diff --git a/app/modules/db/waf.py b/app/modules/db/waf.py index d33c9154..a8368fc9 100644 --- a/app/modules/db/waf.py +++ b/app/modules/db/waf.py @@ -252,34 +252,28 @@ def select_waf_rules(serv, service): & (WafRules.service == service) ) try: - query_res = query.execute() + return query.execute() except Exception as e: out_error(e) - else: - return query_res def delete_waf_rules(serv): - query = WafRules.delete().where(WafRules.serv == serv) try: - query.execute() + WafRules.delete().where(WafRules.serv == serv).execute() except Exception as e: out_error(e) def select_waf_rule_by_id(rule_id): try: - query = WafRules.get(WafRules.id == rule_id) + return WafRules.get(WafRules.id == rule_id).rule_file except Exception as e: out_error(e) - else: - return query.rule_file def update_enable_waf_rules(rule_id, serv, en): - query = WafRules.update(en=en).where((WafRules.id == rule_id) & (WafRules.serv == serv)) try: - query.execute() + WafRules.update(en=en).where((WafRules.id == rule_id) & (WafRules.serv == serv)).execute() except Exception as e: out_error(e) @@ -300,20 +294,13 @@ def insert_new_waf_rule(rule_name: str, rule_file: str, rule_description: str, s def delete_waf_server(server_id): - query = Waf.delete().where(Waf.server_id == server_id) try: - query.execute() + Waf.delete().where(Waf.server_id == server_id).execute() except Exception as e: out_error(e) -def update_waf_metrics_enable(name, enable): - server_id = 0 - try: - server_id = Server.get(Server.hostname == name).server_id - except Exception as e: - out_error(e) - +def update_waf_metrics_enable(server_id, enable): try: Waf.update(metrics=enable).where(Waf.server_id == server_id).execute() except Exception as e: diff --git a/app/modules/roxywi/waf.py b/app/modules/roxywi/waf.py index 86f6afde..e002e549 100644 --- a/app/modules/roxywi/waf.py +++ b/app/modules/roxywi/waf.py @@ -52,15 +52,16 @@ def waf_overview(serv: str, waf_service: str, claims: dict) -> str: waf_process, waf_mode, metrics_en, - waf_len) + waf_len, + server[0]) else: server_status = (server[1], server[2], waf_process, waf_mode, metrics_en, - waf_len) - + waf_len, + server[0]) returned_servers.append(server_status) lang = roxywi_common.get_user_lang_for_flask() @@ -69,8 +70,8 @@ def waf_overview(serv: str, waf_service: str, claims: dict) -> str: return render_template('ajax/overviewWaf.html', service_status=servers_sorted, role=role, waf_service=waf_service, lang=lang) -def change_waf_mode(waf_mode: str, server_hostname: str, service: str): - serv = server_sql.select_server_by_name(server_hostname) +def change_waf_mode(waf_mode: str, server_id: int, service: str): + serv = server_sql.get_server_by_id(server_id) if service == 'haproxy': config_dir = sql.get_setting('haproxy_dir') @@ -80,11 +81,11 @@ def change_waf_mode(waf_mode: str, server_hostname: str, service: str): commands = f"sudo sed -i 's/^SecRuleEngine.*/SecRuleEngine {waf_mode}/' {config_dir}/waf/modsecurity.conf" try: - server_mod.ssh_command(serv, commands) + server_mod.ssh_command(serv.ip, commands) except Exception as e: return str(e) - roxywi_common.logging(serv, f'Has been changed WAF mod to {waf_mode}', roxywi=1, login=1) + roxywi_common.logging(serv.hostname, f'Has been changed WAF mod to {waf_mode}', roxywi=1, login=1) def switch_waf_rule(serv: str, enable: int, rule_id: int): diff --git a/app/modules/server/ssh.py b/app/modules/server/ssh.py index e41deca1..7719b86c 100644 --- a/app/modules/server/ssh.py +++ b/app/modules/server/ssh.py @@ -11,6 +11,7 @@ import app.modules.db.group as group_sql import app.modules.db.server as server_sql import app.modules.common.common as common from app.modules.server import ssh_connection +from app.modules.db.db_model import Cred import app.modules.roxywi.common as roxywi_common import app.modules.roxy_wi_tools as roxy_wi_tools from app.modules.roxywi.class_models import IdResponse, IdDataResponse, CredRequest @@ -212,10 +213,20 @@ def get_creds(group_id: int = None, cred_id: int = None, not_shared: bool = Fals creds = cred_sql.select_ssh() for cred in creds: - cred_dict = model_to_dict(cred) + if cred.shared and group_id != cred.group_id: + cred_dict = model_to_dict(cred, exclude={Cred.password, Cred.passphrase}) + else: + cred_dict = model_to_dict(cred) + if cred_dict['password']: + try: + cred_dict['password'] = decrypt_password(cred_dict['password']) + except Exception: + pass + if cred_dict['passphrase']: + cred_dict['passphrase'] = decrypt_password(cred_dict['passphrase']) cred_dict['name'] = cred_dict['name'].replace("'", "") - if cred.key_enabled == 1: + if cred.key_enabled == 1 and group_id == cred.group_id: ssh_key_file = _return_correct_ssh_file(cred) if os.path.isfile(ssh_key_file): with open(ssh_key_file, 'rb') as key: @@ -224,13 +235,6 @@ def get_creds(group_id: int = None, cred_id: int = None, not_shared: bool = Fals cred_dict['private_key'] = '' else: cred_dict['private_key'] = '' - if cred_dict['password']: - try: - cred_dict['password'] = decrypt_password(cred_dict['password']) - except Exception: - pass - if cred_dict['passphrase']: - cred_dict['passphrase'] = decrypt_password(cred_dict['passphrase']) json_data.append(cred_dict) return json_data diff --git a/app/routes/waf/routes.py b/app/routes/waf/routes.py index 921cddbb..51c75b52 100644 --- a/app/routes/waf/routes.py +++ b/app/routes/waf/routes.py @@ -194,19 +194,13 @@ def create_rule(service, server_ip): return roxywi_common.handle_json_exceptions(e, 'Cannot create WAF rule', server_ip,) -@bp.route('//mode//') -def change_waf_mode(service, server_name, waf_mode): - if service not in ('haproxy', 'nginx'): - return roxywi_common.handle_json_exceptions('Wrong service', '', server_name) - - server_name = common.checkAjaxInput(server_name) - waf_mode = common.checkAjaxInput(waf_mode) - +@bp.route('//mode//') +def change_waf_mode(service, server_id, waf_mode): try: - roxy_waf.change_waf_mode(waf_mode, server_name, service) - return jsonify({'status': 'updated'}) + roxy_waf.change_waf_mode(waf_mode, server_id, service) + return jsonify({'status': 'Ok'}) except Exception as e: - return roxywi_common.handle_json_exceptions(e, 'Cannot change WAF mode', server_name) + return roxywi_common.handle_json_exceptions(e, 'Cannot change WAF mode', server_id) @bp.route('/overview//') @@ -223,11 +217,10 @@ def overview_waf(service, server_ip): return roxy_waf.waf_overview(server_ip, service, claims) -@bp.route('/metric/enable//') -def enable_metric(enable, server_name): - server_name = common.checkAjaxInput(server_name) +@bp.route('/metric/enable//') +def enable_metric(enable, server_id): try: - waf_sql.update_waf_metrics_enable(server_name, enable) + waf_sql.update_waf_metrics_enable(server_id, enable) return jsonify({'status': 'updated'}) except Exception as e: - return roxywi_common.handle_json_exceptions(e, 'Cannot enable WAF metrics', server_name) + return roxywi_common.handle_json_exceptions(e, 'Cannot enable WAF metrics', server_id) diff --git a/app/static/js/waf.js b/app/static/js/waf.js index 7d18379d..74455c96 100644 --- a/app/static/js/waf.js +++ b/app/static/js/waf.js @@ -33,9 +33,9 @@ function metrics_waf(name) { if ($('#' + name).is(':checked')) { enable = '1'; } - name = name.split('metrics')[1] + let server_id = name.split('-')[1] $.ajax({ - url: "/waf/metric/enable/" + enable + "/" + name, + url: "/waf/metric/enable/" + enable + "/" + server_id, contentType: "application/json; charset=utf-8", success: function (data) { if (data.status === 'failed') { @@ -70,7 +70,7 @@ function installWaf(ip1) { }); } function changeWafMode(id) { - let waf_mode = $('#' + id + ' option:selected').val(); + let waf_mode = $('#' + id).val(); let server_hostname = id.split('_')[0]; let service = cur_url[0]; $.ajax({ diff --git a/app/templates/ajax/overviewWaf.html b/app/templates/ajax/overviewWaf.html index ac4961fd..e2d581f9 100644 --- a/app/templates/ajax/overviewWaf.html +++ b/app/templates/ajax/overviewWaf.html @@ -21,7 +21,6 @@ {{ service.0 }} {% endif %} -{{service.3}} {% if service.3 == "On" or service.3 == "Off" or service.3 == "DetectionOnly" %} {% if role <= 2 %} @@ -44,7 +43,7 @@ {% if role <= 2 %} - {% for waf_mode in waf_modes %} {% if service.3 == waf_mode %} @@ -60,9 +59,9 @@ {% if waf_service == 'haproxy' %} {% if service.4|int() == 1 %} - + {% else %} - + {% endif %} {% endif %} @@ -94,7 +93,7 @@ $( ".waf_mode" ).on('selectmenuchange',function() { var id = $(this).attr('id'); changeWafMode(id) - }); + }); $( ".ajaxwafstatus input" ).change(function() { var id = $(this).attr('id'); metrics_waf(id); diff --git a/app/templates/waf.html b/app/templates/waf.html index c0c9711c..ad57c567 100644 --- a/app/templates/waf.html +++ b/app/templates/waf.html @@ -155,7 +155,7 @@ {% if servers_all|length == 0 %} {% include 'include/getstarted.html' %} {% else %} - +
{{lang.words.server|title()}} {{lang.words.actions|title()}}