mirror of https://github.com/Aidaho12/haproxy-wi
v8.1.0.1: Refactor SSH and WAF modules for improved logic and readability
Refactored SSH credential handling to better support shared credentials and improve code readability. Simplified WAF mode changes by switching from hostname to server ID, enhancing reliability. Updated various templates and functions to align with these changes.pull/399/head
Aidaho
parent
aa4016d40c
commit
96f9f71a2b
|
|
@ -680,7 +680,7 @@ def update_db_v_8_1_0_3():
|
|||
|
||||
def update_ver():
|
||||
try:
|
||||
Version.update(version='8.1.0').execute()
|
||||
Version.update(version='8.1.0.1').execute()
|
||||
except Exception:
|
||||
print('Cannot update version')
|
||||
|
||||
|
|
|
|||
|
|
@ -6,7 +6,8 @@ from app.modules.roxywi.exception import RoxywiResourceNotFound
|
|||
def select_ssh(**kwargs):
|
||||
if kwargs.get("group") and kwargs.get("cred_id") and kwargs.get("not_shared"):
|
||||
query = Cred.select().where(
|
||||
((Cred.id == kwargs.get('cred_id')) & (Cred.group_id == kwargs.get('group')))
|
||||
((Cred.id == kwargs.get('cred_id')) & (Cred.group_id == kwargs.get('group'))) |
|
||||
((Cred.id == kwargs.get('cred_id')) & (Cred.shared == 1))
|
||||
)
|
||||
elif kwargs.get("group") and kwargs.get("cred_id"):
|
||||
query = Cred.select().where(
|
||||
|
|
|
|||
|
|
@ -53,15 +53,6 @@ def get_server_by_ip(server_ip: str) -> Server:
|
|||
return out_error(e)
|
||||
|
||||
|
||||
def select_server_by_name(name):
|
||||
try:
|
||||
ip = Server.get(Server.hostname == name)
|
||||
except Exception as e:
|
||||
return out_error(e)
|
||||
else:
|
||||
return ip.ip
|
||||
|
||||
|
||||
def insert_system_info(
|
||||
server_id: int, os_info: str, sys_info: dict, cpu: dict, ram: dict, network: dict, disks: dict
|
||||
):
|
||||
|
|
|
|||
|
|
@ -252,34 +252,28 @@ def select_waf_rules(serv, service):
|
|||
& (WafRules.service == service)
|
||||
)
|
||||
try:
|
||||
query_res = query.execute()
|
||||
return query.execute()
|
||||
except Exception as e:
|
||||
out_error(e)
|
||||
else:
|
||||
return query_res
|
||||
|
||||
|
||||
def delete_waf_rules(serv):
|
||||
query = WafRules.delete().where(WafRules.serv == serv)
|
||||
try:
|
||||
query.execute()
|
||||
WafRules.delete().where(WafRules.serv == serv).execute()
|
||||
except Exception as e:
|
||||
out_error(e)
|
||||
|
||||
|
||||
def select_waf_rule_by_id(rule_id):
|
||||
try:
|
||||
query = WafRules.get(WafRules.id == rule_id)
|
||||
return WafRules.get(WafRules.id == rule_id).rule_file
|
||||
except Exception as e:
|
||||
out_error(e)
|
||||
else:
|
||||
return query.rule_file
|
||||
|
||||
|
||||
def update_enable_waf_rules(rule_id, serv, en):
|
||||
query = WafRules.update(en=en).where((WafRules.id == rule_id) & (WafRules.serv == serv))
|
||||
try:
|
||||
query.execute()
|
||||
WafRules.update(en=en).where((WafRules.id == rule_id) & (WafRules.serv == serv)).execute()
|
||||
except Exception as e:
|
||||
out_error(e)
|
||||
|
||||
|
|
@ -300,20 +294,13 @@ def insert_new_waf_rule(rule_name: str, rule_file: str, rule_description: str, s
|
|||
|
||||
|
||||
def delete_waf_server(server_id):
|
||||
query = Waf.delete().where(Waf.server_id == server_id)
|
||||
try:
|
||||
query.execute()
|
||||
Waf.delete().where(Waf.server_id == server_id).execute()
|
||||
except Exception as e:
|
||||
out_error(e)
|
||||
|
||||
|
||||
def update_waf_metrics_enable(name, enable):
|
||||
server_id = 0
|
||||
try:
|
||||
server_id = Server.get(Server.hostname == name).server_id
|
||||
except Exception as e:
|
||||
out_error(e)
|
||||
|
||||
def update_waf_metrics_enable(server_id, enable):
|
||||
try:
|
||||
Waf.update(metrics=enable).where(Waf.server_id == server_id).execute()
|
||||
except Exception as e:
|
||||
|
|
|
|||
|
|
@ -52,15 +52,16 @@ def waf_overview(serv: str, waf_service: str, claims: dict) -> str:
|
|||
waf_process,
|
||||
waf_mode,
|
||||
metrics_en,
|
||||
waf_len)
|
||||
waf_len,
|
||||
server[0])
|
||||
else:
|
||||
server_status = (server[1],
|
||||
server[2],
|
||||
waf_process,
|
||||
waf_mode,
|
||||
metrics_en,
|
||||
waf_len)
|
||||
|
||||
waf_len,
|
||||
server[0])
|
||||
returned_servers.append(server_status)
|
||||
|
||||
lang = roxywi_common.get_user_lang_for_flask()
|
||||
|
|
@ -69,8 +70,8 @@ def waf_overview(serv: str, waf_service: str, claims: dict) -> str:
|
|||
return render_template('ajax/overviewWaf.html', service_status=servers_sorted, role=role, waf_service=waf_service, lang=lang)
|
||||
|
||||
|
||||
def change_waf_mode(waf_mode: str, server_hostname: str, service: str):
|
||||
serv = server_sql.select_server_by_name(server_hostname)
|
||||
def change_waf_mode(waf_mode: str, server_id: int, service: str):
|
||||
serv = server_sql.get_server_by_id(server_id)
|
||||
|
||||
if service == 'haproxy':
|
||||
config_dir = sql.get_setting('haproxy_dir')
|
||||
|
|
@ -80,11 +81,11 @@ def change_waf_mode(waf_mode: str, server_hostname: str, service: str):
|
|||
commands = f"sudo sed -i 's/^SecRuleEngine.*/SecRuleEngine {waf_mode}/' {config_dir}/waf/modsecurity.conf"
|
||||
|
||||
try:
|
||||
server_mod.ssh_command(serv, commands)
|
||||
server_mod.ssh_command(serv.ip, commands)
|
||||
except Exception as e:
|
||||
return str(e)
|
||||
|
||||
roxywi_common.logging(serv, f'Has been changed WAF mod to {waf_mode}', roxywi=1, login=1)
|
||||
roxywi_common.logging(serv.hostname, f'Has been changed WAF mod to {waf_mode}', roxywi=1, login=1)
|
||||
|
||||
|
||||
def switch_waf_rule(serv: str, enable: int, rule_id: int):
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ import app.modules.db.group as group_sql
|
|||
import app.modules.db.server as server_sql
|
||||
import app.modules.common.common as common
|
||||
from app.modules.server import ssh_connection
|
||||
from app.modules.db.db_model import Cred
|
||||
import app.modules.roxywi.common as roxywi_common
|
||||
import app.modules.roxy_wi_tools as roxy_wi_tools
|
||||
from app.modules.roxywi.class_models import IdResponse, IdDataResponse, CredRequest
|
||||
|
|
@ -212,10 +213,20 @@ def get_creds(group_id: int = None, cred_id: int = None, not_shared: bool = Fals
|
|||
creds = cred_sql.select_ssh()
|
||||
|
||||
for cred in creds:
|
||||
if cred.shared and group_id != cred.group_id:
|
||||
cred_dict = model_to_dict(cred, exclude={Cred.password, Cred.passphrase})
|
||||
else:
|
||||
cred_dict = model_to_dict(cred)
|
||||
if cred_dict['password']:
|
||||
try:
|
||||
cred_dict['password'] = decrypt_password(cred_dict['password'])
|
||||
except Exception:
|
||||
pass
|
||||
if cred_dict['passphrase']:
|
||||
cred_dict['passphrase'] = decrypt_password(cred_dict['passphrase'])
|
||||
cred_dict['name'] = cred_dict['name'].replace("'", "")
|
||||
|
||||
if cred.key_enabled == 1:
|
||||
if cred.key_enabled == 1 and group_id == cred.group_id:
|
||||
ssh_key_file = _return_correct_ssh_file(cred)
|
||||
if os.path.isfile(ssh_key_file):
|
||||
with open(ssh_key_file, 'rb') as key:
|
||||
|
|
@ -224,13 +235,6 @@ def get_creds(group_id: int = None, cred_id: int = None, not_shared: bool = Fals
|
|||
cred_dict['private_key'] = ''
|
||||
else:
|
||||
cred_dict['private_key'] = ''
|
||||
if cred_dict['password']:
|
||||
try:
|
||||
cred_dict['password'] = decrypt_password(cred_dict['password'])
|
||||
except Exception:
|
||||
pass
|
||||
if cred_dict['passphrase']:
|
||||
cred_dict['passphrase'] = decrypt_password(cred_dict['passphrase'])
|
||||
json_data.append(cred_dict)
|
||||
return json_data
|
||||
|
||||
|
|
|
|||
|
|
@ -194,19 +194,13 @@ def create_rule(service, server_ip):
|
|||
return roxywi_common.handle_json_exceptions(e, 'Cannot create WAF rule', server_ip,)
|
||||
|
||||
|
||||
@bp.route('/<service>/mode/<server_name>/<waf_mode>')
|
||||
def change_waf_mode(service, server_name, waf_mode):
|
||||
if service not in ('haproxy', 'nginx'):
|
||||
return roxywi_common.handle_json_exceptions('Wrong service', '', server_name)
|
||||
|
||||
server_name = common.checkAjaxInput(server_name)
|
||||
waf_mode = common.checkAjaxInput(waf_mode)
|
||||
|
||||
@bp.route('/<any(haproxy, nginx):service>/mode/<int:server_id>/<any(On, Off, DetectionOnly):waf_mode>')
|
||||
def change_waf_mode(service, server_id, waf_mode):
|
||||
try:
|
||||
roxy_waf.change_waf_mode(waf_mode, server_name, service)
|
||||
return jsonify({'status': 'updated'})
|
||||
roxy_waf.change_waf_mode(waf_mode, server_id, service)
|
||||
return jsonify({'status': 'Ok'})
|
||||
except Exception as e:
|
||||
return roxywi_common.handle_json_exceptions(e, 'Cannot change WAF mode', server_name)
|
||||
return roxywi_common.handle_json_exceptions(e, 'Cannot change WAF mode', server_id)
|
||||
|
||||
|
||||
@bp.route('/overview/<service>/<server_ip>')
|
||||
|
|
@ -223,11 +217,10 @@ def overview_waf(service, server_ip):
|
|||
return roxy_waf.waf_overview(server_ip, service, claims)
|
||||
|
||||
|
||||
@bp.route('/metric/enable/<int:enable>/<server_name>')
|
||||
def enable_metric(enable, server_name):
|
||||
server_name = common.checkAjaxInput(server_name)
|
||||
@bp.route('/metric/enable/<int:enable>/<int:server_id>')
|
||||
def enable_metric(enable, server_id):
|
||||
try:
|
||||
waf_sql.update_waf_metrics_enable(server_name, enable)
|
||||
waf_sql.update_waf_metrics_enable(server_id, enable)
|
||||
return jsonify({'status': 'updated'})
|
||||
except Exception as e:
|
||||
return roxywi_common.handle_json_exceptions(e, 'Cannot enable WAF metrics', server_name)
|
||||
return roxywi_common.handle_json_exceptions(e, 'Cannot enable WAF metrics', server_id)
|
||||
|
|
|
|||
|
|
@ -33,9 +33,9 @@ function metrics_waf(name) {
|
|||
if ($('#' + name).is(':checked')) {
|
||||
enable = '1';
|
||||
}
|
||||
name = name.split('metrics')[1]
|
||||
let server_id = name.split('-')[1]
|
||||
$.ajax({
|
||||
url: "/waf/metric/enable/" + enable + "/" + name,
|
||||
url: "/waf/metric/enable/" + enable + "/" + server_id,
|
||||
contentType: "application/json; charset=utf-8",
|
||||
success: function (data) {
|
||||
if (data.status === 'failed') {
|
||||
|
|
@ -70,7 +70,7 @@ function installWaf(ip1) {
|
|||
});
|
||||
}
|
||||
function changeWafMode(id) {
|
||||
let waf_mode = $('#' + id + ' option:selected').val();
|
||||
let waf_mode = $('#' + id).val();
|
||||
let server_hostname = id.split('_')[0];
|
||||
let service = cur_url[0];
|
||||
$.ajax({
|
||||
|
|
|
|||
|
|
@ -21,7 +21,6 @@
|
|||
<span class="serverNone server-status" title="WAF {{lang.words.is}} {{lang.words.not}} {{lang.words.installed}}"></span> <span title="WAF {{lang.words.is}} {{lang.words.not}} {{lang.words.installed}}">{{ service.0 }}</span>
|
||||
{% endif %}
|
||||
</td>
|
||||
{{service.3}}
|
||||
{% if service.3 == "On" or service.3 == "Off" or service.3 == "DetectionOnly" %}
|
||||
<td>
|
||||
{% if role <= 2 %}
|
||||
|
|
@ -44,7 +43,7 @@
|
|||
</td>
|
||||
<td>
|
||||
{% if role <= 2 %}
|
||||
<select class="waf_mode" id="{{ service.0 }}_select">
|
||||
<select class="waf_mode" id="{{ service.6 }}_select">
|
||||
{% for waf_mode in waf_modes %}
|
||||
{% if service.3 == waf_mode %}
|
||||
<option value={{waf_mode}} selected="selected">{{waf_mode}}</option>
|
||||
|
|
@ -60,9 +59,9 @@
|
|||
{% if waf_service == 'haproxy' %}
|
||||
<td class="ajaxwafstatus">
|
||||
{% if service.4|int() == 1 %}
|
||||
<label for="metrics{{ service.0 }}"></label><input type="checkbox" id="metrics{{ service.0 }}" checked />
|
||||
<label for="metrics-{{ service.6 }}"></label><input type="checkbox" id="metrics-{{ service.6 }}" checked />
|
||||
{% else %}
|
||||
<label for="metrics{{ service.0 }}"></label><input type="checkbox" id="metrics{{ service.0 }}" />
|
||||
<label for="metrics-{{ service.6 }}"></label><input type="checkbox" id="metrics-{{ service.6 }}" />
|
||||
{% endif %}
|
||||
</td>
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -155,7 +155,7 @@
|
|||
{% if servers_all|length == 0 %}
|
||||
{% include 'include/getstarted.html' %}
|
||||
{% else %}
|
||||
<table class="overview">
|
||||
<table class="overview" id="waf_servers_table">
|
||||
<tr class="overviewHead">
|
||||
<td class="padding10 first-collumn">{{lang.words.server|title()}}</td>
|
||||
<td>{{lang.words.actions|title()}}</td>
|
||||
|
|
|
|||
Loading…
Reference in New Issue