diff --git a/app/login.py b/app/login.py new file mode 100644 index 00000000..f028f431 --- /dev/null +++ b/app/login.py @@ -0,0 +1,172 @@ +import os +import sys +import uuid + +import distro +from datetime import datetime, timedelta +from flask import render_template, request, redirect, url_for, flash, make_response +from flask_login import login_user, login_required, logout_user, current_user + +from app import app, login_manager, cache + +sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app')) + +import modules.db.sql as sql +from modules.db.db_model import * +import modules.server.server as server_mod +import modules.roxywi.common as roxywi_common +import modules.roxywi.auth as roxywi_auth + + +@app.before_request +def check_login(): + if request.endpoint not in ('login_page', 'static', 'main.show_roxywi_version'): + try: + user_params = roxywi_common.get_users_params() + except Exception: + return redirect(url_for('login_page')) + + if user_params is None: + make_response(redirect(url_for('login_page'))) + + try: + roxywi_auth.check_login(user_params['user_uuid'], user_params['token']) + except Exception: + make_response(redirect(url_for('login_page'))) + + +@login_manager.user_loader +def load_user(user_id): + user = f'user_{user_id}' + user_obj = cache.get(user) + + if user_obj is None: + query = User.get(User.user_id == user_id) + cache.set(user, query, timeout=360) + return query + + return user_obj + + +@app.after_request +def redirect_to_login(response): + if response.status_code == 401: + return redirect(url_for('login_page') + '?next=' + request.url) + + return response + + +@app.route('/login', methods=['GET', 'POST']) +def login_page(): + next_url = request.args.get('next') or request.form.get('next') + login = request.form.get('login') + password = request.form.get('pass') + role = 5 + user1 = '' + + if next_url is None: + next_url = '' + + try: + groups = sql.select_groups(id=user_groups) + for g in groups: + if g[0] == int(user_groups): + user_group = g[1] + except Exception: + user_group = '' + + try: + if distro.id() == 'ubuntu': + if os.path.exists('/etc/apt/auth.conf.d/roxy-wi.conf'): + cmd = "grep login /etc/apt/auth.conf.d/roxy-wi.conf |awk '{print $2}'" + get_user_name, stderr = server_mod.subprocess_execute(cmd) + user_name = get_user_name[0] + else: + user_name = 'git' + else: + if os.path.exists('/etc/yum.repos.d/roxy-wi.repo'): + cmd = "grep base /etc/yum.repos.d/roxy-wi.repo |awk -F\":\" '{print $2}'|awk -F\"/\" '{print $3}'" + get_user_name, stderr = server_mod.subprocess_execute(cmd) + user_name = get_user_name[0] + else: + user_name = 'git' + if sql.select_user_name(): + sql.update_user_name(user_name) + else: + sql.insert_user_name(user_name) + except Exception as e: + roxywi_common.logging('Cannot update subscription: ', str(e), roxywi=1) + + try: + session_ttl = int(sql.get_setting('session_ttl')) + except Exception: + session_ttl = 5 + + expires = datetime.utcnow() + timedelta(days=session_ttl) + + if login and password: + users = sql.select_users(user=login) + + for user in users: + if user.activeuser == 0: + flash('Your login is disabled', 'alert alert-danger wrong-login') + if user.ldap_user == 1: + if login in user.username: + print(str(user.groups)) + if roxywi_auth.check_in_ldap(login, password): + login_user(user) + resp = make_response(next_url or url_for('overview.index')) + resp.set_cookie('uuid', user_uuid, secure=True, expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT")) + resp.set_cookie('group', str(user.groups), secure=True, expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT")) + else: + passwordHashed = roxy_wi_tools.Tools.get_hash(password) + if login in user.username and passwordHashed == user.password: + user_uuid = str(uuid.uuid4()) + user_token = str(uuid.uuid4()) + sql.write_user_uuid(login, user_uuid) + sql.write_user_token(login, user_token) + role = int(user.role) + user1 = user.username + + login_user(user) + resp = make_response(next_url or url_for('overview.index')) + try: + resp.set_cookie('uuid', user_uuid, secure=True, expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT")) + resp.set_cookie('group', str(user.groups), secure=True, expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT")) + except Exception as e: + print(e) + + try: + user_name = sql.get_user_name_by_uuid(user_uuid) + roxywi_common.logging('Roxy-WI server', f' user: {user_name}, group: {user_group} login', roxywi=1) + except Exception: + pass + + return resp + + else: + flash('Login or password is not correct', 'alert alert-danger wrong-login') + else: + return 'ban', 200 + else: + flash('Login or password is not correct', 'alert alert-danger wrong-login') + + try: + lang = roxywi_common.get_user_lang_for_flask() + except Exception: + lang = 'en' + + return render_template('login.html', role=role, user=user1, lang=lang) + + +@app.route('/logout', methods=['GET', 'POST']) +@login_required +def logout(): + user = f'user_{current_user.id}' + cache.delete(user) + logout_user() + resp = make_response(redirect(url_for('login_page'))) + resp.delete_cookie('uuid') + resp.delete_cookie('group') + + return resp diff --git a/app/routes/main/routes.py b/app/routes/main/routes.py index 2e89a21c..41d54721 100644 --- a/app/routes/main/routes.py +++ b/app/routes/main/routes.py @@ -1,23 +1,16 @@ import os import sys -import uuid - import pytz -import distro -from flask import render_template, request, redirect, url_for, flash, make_response -from flask_login import login_user, login_required, logout_user, current_user -from datetime import datetime, timedelta -from app import login_manager, cache -from app.routes.main import bp +from flask import render_template, request, redirect, url_for, make_response +from flask_login import login_required sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app')) +from app import cache +from app.routes.main import bp import modules.db.sql as sql -from modules.db.db_model import * import modules.common.common as common -import modules.server.server as server_mod -import modules.roxy_wi_tools as roxy_wi_tools import modules.roxywi.roxy as roxy import modules.roxywi.auth as roxywi_auth import modules.roxywi.nettools as nettools @@ -26,19 +19,6 @@ import modules.service.common as service_common import modules.service.haproxy as service_haproxy -@bp.before_request -@cache.memoize(50) -def check_login(): - user_params = roxywi_common.get_users_params() - if user_params is None: - make_response(redirect(url_for('login_page'))) - - try: - roxywi_auth.check_login(user_params['user_uuid'], user_params['token']) - except Exception: - make_response(redirect(url_for('login_page'))) - - @bp.errorhandler(404) def page_not_found(e): return render_template('404.html'), 404 @@ -49,142 +29,6 @@ def page_not_found(e): return render_template('500.html', e=e), 500 -@login_manager.user_loader -def load_user(user_id): - user = f'user_{user_id}' - user_obj = cache.get(user) - - if user_obj is None: - query = User.get(User.user_id == user_id) - cache.set(user, query, timeout=360) - return query - - return user_obj - - -@bp.after_request -def redirect_to_login(response): - if response.status_code == 401: - return redirect(url_for('login_page') + '?next=' + request.url) - - return response - - -@bp.route('/login', methods=['GET', 'POST']) -def login_page(): - next_url = request.args.get('next') or request.form.get('next') - login = request.form.get('login') - password = request.form.get('pass') - role = 5 - user1 = '' - - if next_url is None: - next_url = '' - - try: - groups = sql.select_groups(id=user_groups) - for g in groups: - if g[0] == int(user_groups): - user_group = g[1] - except Exception: - user_group = '' - - try: - if distro.id() == 'ubuntu': - if os.path.exists('/etc/apt/auth.conf.d/roxy-wi.conf'): - cmd = "grep login /etc/apt/auth.conf.d/roxy-wi.conf |awk '{print $2}'" - get_user_name, stderr = server_mod.subprocess_execute(cmd) - user_name = get_user_name[0] - else: - user_name = 'git' - else: - if os.path.exists('/etc/yum.repos.d/roxy-wi.repo'): - cmd = "grep base /etc/yum.repos.d/roxy-wi.repo |awk -F\":\" '{print $2}'|awk -F\"/\" '{print $3}'" - get_user_name, stderr = server_mod.subprocess_execute(cmd) - user_name = get_user_name[0] - else: - user_name = 'git' - if sql.select_user_name(): - sql.update_user_name(user_name) - else: - sql.insert_user_name(user_name) - except Exception as e: - roxywi_common.logging('Cannot update subscription: ', str(e), roxywi=1) - - try: - session_ttl = int(sql.get_setting('session_ttl')) - except Exception: - session_ttl = 5 - - expires = datetime.utcnow() + timedelta(days=session_ttl) - - if login and password: - users = sql.select_users(user=login) - - for user in users: - if user.activeuser == 0: - flash('Your login is disabled', 'alert alert-danger wrong-login') - if user.ldap_user == 1: - if login in user.username: - if check_in_ldap(login, password): - login_user(user) - resp = make_response(next_url or url_for('index')) - resp.set_cookie('uuid', user_uuid, secure=True, expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT")) - resp.set_cookie('group', str(user.groups), secure=True, expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT")) - else: - passwordHashed = roxy_wi_tools.Tools.get_hash(password) - if login in user.username and passwordHashed == user.password: - user_uuid = str(uuid.uuid4()) - user_token = str(uuid.uuid4()) - sql.write_user_uuid(login, user_uuid) - sql.write_user_token(login, user_token) - role = int(user.role) - user1 = user.username - - login_user(user) - resp = make_response(next_url or url_for('index')) - try: - resp.set_cookie('uuid', user_uuid, secure=True, expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT")) - resp.set_cookie('group', str(user.groups), secure=True, expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT")) - except Exception as e: - print(e) - - try: - user_name = sql.get_user_name_by_uuid(user_uuid) - roxywi_common.logging('Roxy-WI server', f' user: {user_name}, group: {user_group} login', roxywi=1) - except Exception: - pass - - return resp - - else: - flash('Login or password is not correct', 'alert alert-danger wrong-login') - else: - return 'ban', 200 - else: - flash('Login or password is not correct', 'alert alert-danger wrong-login') - - try: - lang = roxywi_common.get_user_lang_for_flask() - except Exception: - lang = 'en' - - return render_template('login.html', role=role, user=user1, lang=lang) - - -@bp.route('/logout', methods=['GET', 'POST']) -@login_required -def logout(): - user = f'user_{current_user.id}' - cache.delete(user) - logout_user() - resp = make_response(redirect(url_for('index'))) - resp.delete_cookie('uuid') - resp.delete_cookie('group') - - return resp - - @bp.route('/stats//', defaults={'serv': None}) @bp.route('/stats//') @login_required @@ -213,7 +57,7 @@ def stats(service, serv): servers = roxywi_common.get_dick_permit(service=service_desc.slug) else: - return redirect(url_for('index')) + return redirect(url_for('overview.index')) return render_template( 'statsview.html', h2=1, autorefresh=1, role=user_params['role'], user=user, selects=servers, serv=serv, diff --git a/roxy-wi.cfg b/roxy-wi.cfg index 0b292736..3a4bdc92 100644 --- a/roxy-wi.cfg +++ b/roxy-wi.cfg @@ -7,7 +7,7 @@ lib_path = /var/lib/roxy-wi [configs] # Folders for configs haproxy_save_configs_dir = ${main:lib_path}/configs/hap_config/ -kp_save_configs_dir = ${main:lib_path}/configs/kp_config/ +keepalived_save_configs_dir = ${main:lib_path}/configs/kp_config/ nginx_save_configs_dir = ${main:lib_path}/configs/nginx_config/ apache_save_configs_dir = ${main:lib_path}/configs/apache_config/