From c48f9f8fc601c3b2652234b35110b2df9ce2ad81 Mon Sep 17 00:00:00 2001 From: Pavel Loginov Date: Thu, 17 Nov 2022 10:34:58 +0300 Subject: [PATCH] v6.3.0.0 Changelog: https://roxy-wi.org/changelog#6_3_0 --- api/api.py | 7 +- api/api_funct.py | 101 +- app/add.py | 35 +- app/add_nginx.py | 26 +- app/config.py | 63 +- app/create_db.py | 4 +- app/funct.py | 2005 ------------------ app/ha.py | 33 +- app/hapservers.py | 282 +-- app/history.py | 61 +- app/login.py | 20 +- app/logs.py | 31 +- app/metrics.py | 41 +- app/modules/alerting/__init__.py | 1 + app/modules/alerting/alerting.py | 175 ++ app/modules/common/__init__.py | 1 + app/modules/common/common.py | 64 + app/modules/config/__init__.py | 1 + app/modules/config/config.py | 374 ++++ app/modules/config/runtime.py | 220 ++ app/modules/config/section.py | 96 + app/modules/db/__init__.py | 1 + app/modules/{ => db}/db_model.py | 0 app/{ => modules/db}/sql.py | 169 +- app/modules/roxy_wi_tools.py | 2 +- app/modules/roxywi/__init__.py | 1 + app/modules/roxywi/auth.py | 56 + app/modules/roxywi/common.py | 276 +++ app/modules/roxywi/logs.py | 150 ++ app/modules/roxywi/roxy.py | 181 ++ app/modules/server/__init__.py | 1 + app/modules/server/server.py | 345 +++ app/modules/{ => server}/ssh_connection.py | 0 app/modules/service/__init__.py | 1 + app/modules/service/common.py | 115 + app/modules/service/exporter_installation.py | 105 + app/modules/service/installation.py | 394 ++++ app/nettools.py | 28 +- app/options.py | 1337 +++++------- app/overview.py | 68 +- app/portscanner.py | 77 +- app/provisioning.py | 31 +- app/runtimeapi.py | 15 +- app/sections.py | 50 +- app/servers.py | 37 +- app/smon.py | 36 +- app/statsview.py | 20 +- app/users.py | 47 +- app/versions.py | 42 +- app/viewlogs.py | 24 +- app/waf.py | 59 +- 51 files changed, 3786 insertions(+), 3523 deletions(-) delete mode 100644 app/funct.py create mode 100644 app/modules/alerting/__init__.py create mode 100644 app/modules/alerting/alerting.py create mode 100644 app/modules/common/__init__.py create mode 100644 app/modules/common/common.py create mode 100644 app/modules/config/__init__.py create mode 100644 app/modules/config/config.py create mode 100644 app/modules/config/runtime.py create mode 100644 app/modules/config/section.py create mode 100644 app/modules/db/__init__.py rename app/modules/{ => db}/db_model.py (100%) rename app/{ => modules/db}/sql.py (97%) create mode 100644 app/modules/roxywi/__init__.py create mode 100644 app/modules/roxywi/auth.py create mode 100644 app/modules/roxywi/common.py create mode 100644 app/modules/roxywi/logs.py create mode 100644 app/modules/roxywi/roxy.py create mode 100644 app/modules/server/__init__.py create mode 100644 app/modules/server/server.py rename app/modules/{ => server}/ssh_connection.py (100%) create mode 100644 app/modules/service/__init__.py create mode 100644 app/modules/service/common.py create mode 100644 app/modules/service/exporter_installation.py create mode 100644 app/modules/service/installation.py diff --git a/api/api.py b/api/api.py index 454d792c..5d2b4745 100644 --- a/api/api.py +++ b/api/api.py @@ -11,7 +11,8 @@ sys.path.append(os.path.dirname(os.path.abspath(__file__))) os.chdir(os.path.dirname(os.path.abspath(__file__))) sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app/')) -import sql +import modules.db.sql as sql +import modules.config.config as config_mod _error_auth = '403 Auth before' _allow_origin = '*' @@ -101,7 +102,7 @@ def get_servers(): try: token = request.headers.get('token') login, group_id = sql.get_username_groupid_from_api_token(token) - servers = sql.get_dick_permit(username=login, group_id=group_id, token=token) + servers = funct.get_dick_permit(username=login, group_id=group_id, token=token) for s in servers: data[s[0]] = { @@ -225,7 +226,7 @@ def service_config_show(server_id, service): if not check_login(required_service=required_service): return dict(error=_error_auth) config_path = request.headers.get('config-file') - return api_funct.get_config(server_id, service=service, config_path=config_path) + return api_config_mod.get_config((server_id, service=service, config_path=config_path) @route('///config', method=['POST']) diff --git a/api/api_funct.py b/api/api_funct.py index fc9debf2..19037f90 100644 --- a/api/api_funct.py +++ b/api/api_funct.py @@ -4,25 +4,30 @@ import json from bottle import request sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app/')) -import sql -import funct +import modules.db.sql as sql +import modules.common.common as common +import modules.server.server as server_mod +import modules.config.section as section_mod +import modules.config.config as config_mod import modules.roxy_wi_tools as roxy_wi_tools +import modules.roxywi.logs as roxywi_logs +import modules.service.common as service_common get_config_var = roxy_wi_tools.GetConfigVar() def get_token(): try: - user_status, user_plan = funct.return_user_status() + user_subscription = roxywi_common.return_user_status() except Exception as e: - funct.logging('API', f'Cannot get a user plan: {e}', roxywi=1) - return False + user_subscription = roxywi_common.return_unsubscribed_user_status() + common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) - if user_status == 0: - funct.logging('API', 'You are not subscribed. Please subscribe to have access to this feature.', roxywi=1) + if user_subscription['user_status'] == 0: + common.logging('API', 'You are not subscribed. Please subscribe to have access to this feature.', roxywi=1) return False - elif user_plan == 'user': - funct.logging('API', 'This feature is not available for your plan.', roxywi=1) + elif user_subscription['user_plan'] == 'user': + common.logging('API', 'This feature is not available for your plan.', roxywi=1) return False try: @@ -57,16 +62,16 @@ def get_token(): def check_login(required_service=0) -> bool: try: - user_status, user_plan = funct.return_user_status() + user_subscription = roxywi_common.return_user_status() except Exception as e: - funct.logging('API', f'Cannot get a user plan: {e}', roxywi=1) - return False + user_subscription = roxywi_common.return_unsubscribed_user_status() + common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) - if user_status == 0: - funct.logging('API', 'You are not subscribed. Please subscribe to have access to this feature.', roxywi=1) + if user_subscription['user_status'] == 0: + common.logging('API', 'You are not subscribed. Please subscribe to have access to this feature.', roxywi=1) return False - elif user_plan == 'user': - funct.logging('API', 'This feature is not available for your plan.', roxywi=1) + elif user_subscription['user_plan'] == 'user': + common.logging('API', 'This feature is not available for your plan.', roxywi=1) return False token = request.headers.get('token') @@ -159,7 +164,7 @@ def get_status(server_id, service): for s in servers: if service == 'haproxy': cmd = 'echo "show info" |nc %s %s -w 1|grep -e "Ver\|CurrConns\|Maxco\|MB\|Uptime:"' % (s[2], sql.get_setting('haproxy_sock_port')) - out = funct.subprocess_execute(cmd) + out = server_mod.subprocess_execute(cmd) data = return_dict_from_out(server_id, out[0]) elif service == 'nginx': cmd = [ @@ -167,7 +172,7 @@ def get_status(server_id, service): "|awk '{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l" ] try: - out = funct.ssh_command(s[2], cmd) + out = server_mod.ssh_command(s[2], cmd) out1 = out.split() json_for_sending = {server_id: {"Version": out1[0].split('/')[1], "Uptime": out1[2], "Process": out1[3]}} data = json_for_sending @@ -182,7 +187,7 @@ def get_status(server_id, service): (apache_stats_user, apache_stats_password, s[2], apache_stats_port, apache_stats_page) servers_with_status = list() try: - out = funct.subprocess_execute(cmd) + out = server_mod.subprocess_execute(cmd) if out != '': for k in out: servers_with_status.append(k) @@ -218,7 +223,7 @@ def get_all_statuses(): for s in servers: cmd = 'echo "show info" |nc %s %s -w 1|grep -e "Ver\|CurrConns\|Maxco\|MB\|Uptime:"' % (s[2], sock_port) data[s[2]] = {} - out = funct.subprocess_execute(cmd) + out = server_mod.subprocess_execute(cmd) data[s[2]] = return_dict_from_out(s[1], out[0]) except Exception: data = {"error": "Cannot find the server"} @@ -238,9 +243,9 @@ def actions(server_id, action, service): for s in servers: if service == 'apache': - service = funct.get_correct_apache_service_name(server_ip=s[2]) + service = service_common.get_correct_apache_service_name(server_ip=s[2]) cmd = ["sudo systemctl %s %s" % (action, service)] - error = funct.ssh_command(s[2], cmd) + error = server_mod.ssh_command(s[2], cmd) done = error if error else 'done' data = {'server_id': s[0], 'ip': s[2], 'action': action, 'hostname': s[1], 'status': done} @@ -261,7 +266,7 @@ def runtime(server_id): cmd = ['echo "%s" |sudo socat stdio %s' % (action, haproxy_sock)] for s in servers: - out = funct.ssh_command(s[2], cmd) + out = server_mod.ssh_command(s[2], cmd) data = {server_id: {}} sep_data = out.split('\r\n') @@ -299,7 +304,7 @@ def get_config(server_id, **kwargs): for s in servers: cfg = '/tmp/' + s[2] + '.cfg' - funct.get_config(s[2], cfg, service=service, config_file_name=kwargs.get('config_path')) + config_mod.get_config(s[2], cfg, service=service, config_file_name=kwargs.get('config_path')) os.system("sed -i 's/\\n/\n/g' " + cfg) try: conf = open(cfg, "r") @@ -324,8 +329,8 @@ def get_section(server_id): for s in servers: cfg = '/tmp/' + s[2] + '.cfg' - funct.get_config(s[2], cfg) - start_line, end_line, config_read = funct.get_section_from_config(cfg, section_name) + config_mod.get_config(s[2], cfg) + start_line, end_line, config_read = section_mod.get_section_from_config(cfg, section_name) data = {server_id: {section_name: {'start_line': start_line, 'end_line': end_line, 'config_read': config_read}}} return dict(section=data) @@ -351,9 +356,9 @@ def edit_section(server_id): ip = s[2] cfg = f'/tmp/{ip}.cfg' - out = funct.get_config(ip, cfg) - start_line, end_line, config_read = funct.get_section_from_config(cfg, section_name) - returned_config = funct.rewrite_section(start_line, end_line, cfg, body) + out = config_mod.get_config(ip, cfg) + start_line, end_line, config_read = section_mod.get_section_from_config(cfg, section_name) + returned_config = funct.section_mod(start_line, end_line, cfg, body) time_zone = sql.get_setting('time_zone') get_date = roxy_wi_tools.GetDate(time_zone) cur_date = get_date.return_date('config') @@ -366,9 +371,9 @@ def edit_section(server_id): conf.write(returned_config) return_mess = 'section has been updated' os.system(f"/bin/cp {cfg} {cfg_for_save}") - out = funct.master_slave_upload_and_restart(ip, cfg, save, login=login) - funct.logging('localhost', f" section {section_name} has been edited via API", login=login) - funct.logging( + out = config_mod.master_slave_upload_and_restart(ip, cfg, save, login=login) + common.logging('localhost', f" section {section_name} has been edited via API", login=login) + common.logging( ip, f'Section {section_name} has been edited via API', roxywi=1, login=login, keep_history=1, service='haproxy' ) @@ -435,14 +440,14 @@ def upload_config(server_id, **kwargs): os.system("/bin/cp %s %s" % (cfg, cfg_for_save)) if kwargs.get('service') == 'nginx': - out = funct.master_slave_upload_and_restart(ip, cfg, save, login=login, nginx=nginx, config_file_name=kwargs.get('config_path')) + out = config_mod.master_slave_upload_and_restart(ip, cfg, save, login=login, nginx=nginx, config_file_name=kwargs.get('config_path')) elif kwargs.get('service') == 'apache': - out = funct.master_slave_upload_and_restart(ip, cfg, save, login=login, apache=apache, config_file_name=kwargs.get('config_path')) + out = config_mod.master_slave_upload_and_restart(ip, cfg, save, login=login, apache=apache, config_file_name=kwargs.get('config_path')) else: - out = funct.master_slave_upload_and_restart(ip, cfg, save, login=login) + out = config_mod.master_slave_upload_and_restart(ip, cfg, save, login=login) - funct.logging('localhost', " config has been uploaded via API", login=login) - funct.logging( + common.logging('localhost', " config has been uploaded via API", login=login) + common.logging( ip, 'Config has been uploaded via API', roxywi=1, login=login, keep_history=1, service=service_name ) @@ -482,14 +487,14 @@ def add_to_config(server_id): cfg = f'/tmp/{ip}.cfg' cur_date = get_date.return_date('config') cfg_for_save = f'{hap_configs_dir}{ip}-{cur_date}.cfg' - out = funct.get_config(ip, cfg) + out = config_mod.get_config(ip, cfg) try: with open(cfg, "a") as conf: conf.write('\n' + body + '\n') return_mess = 'section has been added to the config' os.system(f"/bin/cp {cfg} {cfg_for_save}") - funct.logging('localhost', " section has been added via REST API", login=login) + common.logging('localhost', " section has been added via REST API", login=login) out = funct.upload_and_restart(ip, cfg, just_save=save) if out: @@ -538,7 +543,7 @@ def show_log(server_id): data[server_id] = {"error": "Cannot find the server"} return dict(error=data) - out = funct.show_roxy_log(ip, rows=rows, waf=str(waf), grep=grep, hour=str(hour), minut=str(minute), hour1=str(hour1), minut1=str(minute1), html=0) + out = roxywi_logs.show_roxy_log(ip, rows=rows, waf=str(waf), grep=grep, hour=str(hour), minut=str(minute), hour1=str(hour1), minut1=str(minute1), html=0) data = {server_id: out} return dict(log=data) @@ -559,14 +564,14 @@ def add_acl(server_id): server_ip = s[2] try: - out = funct.get_config(server_ip, cfg) - start_line, end_line, config_read = funct.get_section_from_config(cfg, section_name) + out = config_mod.get_config(server_ip, cfg) + start_line, end_line, config_read = section_mod.get_section_from_config(cfg, section_name) except Exception as e: status = "Cannot read section: " + str(e) try: config_read += acl - config = funct.rewrite_section(start_line, end_line, cfg, config_read) + config = funct.section_mod(start_line, end_line, cfg, config_read) try: with open(cfg, "w") as conf: conf.write(config) @@ -576,7 +581,7 @@ def add_acl(server_id): status = str(e) try: - out = funct.master_slave_upload_and_restart(server_ip, cfg, just_save=save) + out = config_mod.master_slave_upload_and_restart(server_ip, cfg, just_save=save) if out != '': status = out else: @@ -602,8 +607,8 @@ def del_acl(server_id): cfg = '/tmp/' + s[2] + '.cfg' server_ip = s[2] try: - out = funct.get_config(server_ip, cfg) - start_line, end_line, config_read = funct.get_section_from_config(cfg, section_name) + out = config_mod.get_config(server_ip, cfg) + start_line, end_line, config_read = section_mod.get_section_from_config(cfg, section_name) except Exception as e: status = str(e) @@ -617,7 +622,7 @@ def del_acl(server_id): status = 'Cannot delete ACL: ' + str(e) try: - config = funct.rewrite_section(start_line, end_line, cfg, config_new_read) + config = funct.section_mod(start_line, end_line, cfg, config_new_read) try: with open(cfg, "w") as conf: conf.write(config) @@ -627,7 +632,7 @@ def del_acl(server_id): status = 'Cannot delete ACL: ' + str(e) try: - out = funct.master_slave_upload_and_restart(server_ip, cfg, just_save=save) + out = config_mod.master_slave_upload_and_restart(server_ip, cfg, just_save=save) if out != '': status = out else: diff --git a/app/add.py b/app/add.py index 2d15ef43..47aad8e2 100644 --- a/app/add.py +++ b/app/add.py @@ -6,27 +6,32 @@ import http.cookies from jinja2 import Environment, FileSystemLoader -import funct -import sql +import modules.db.sql as sql +import modules.common.common as common +import modules.config.config as config_mod import modules.roxy_wi_tools as roxy_wi_tools +import modules.roxywi.common as roxywi_common +import modules.roxywi.auth as roxywi_auth +time_zone = sql.get_setting('time_zone') +get_date = roxy_wi_tools.GetDate(time_zone) get_config_var = roxy_wi_tools.GetConfigVar() env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('add.html') -form = funct.form +form = common.form serv = form.getvalue('serv') print('Content-type: text/html\n') -user, user_id, role, token, servers, user_services = funct.get_users_params(haproxy=1) +user_params = roxywi_common.get_users_params(haproxy=1) try: - funct.check_login(user_id, token, service=1) + roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1) except Exception as e: print(f'error {e}') sys.exit() -funct.page_for_admin(level=3) +roxywi_auth.page_for_admin(level=3) if all(v is None for v in [ form.getvalue('mode'), form.getvalue('new_userlist'), @@ -53,13 +58,13 @@ if all(v is None for v in [ if not os.path.exists(black_dir): os.makedirs(black_dir) - white_lists = funct.get_files(folder=white_dir, file_format="lst") - black_lists = funct.get_files(folder=black_dir, file_format="lst") + white_lists = roxywi_common.get_files(folder=white_dir, file_format="lst") + black_lists = roxywi_common.get_files(folder=black_dir, file_format="lst") template = template.render( - title="Add: ", role=role, user=user, selects=servers, add=form.getvalue('add'), conf_add=form.getvalue('conf'), + title="Add: ", role=user_params['role'], user=user_params['user'], selects=user_params['servers'], add=form.getvalue('add'), conf_add=form.getvalue('conf'), group=user_group, options=sql.select_options(), saved_servers=sql.select_saved_servers(), white_lists=white_lists, - black_lists=black_lists, user_services=user_services, token=token + black_lists=black_lists, user_services=user_params['user_services'], token=user_params['token'] ) print(template) @@ -382,21 +387,21 @@ if form.getvalue('generateconfig') is None and serv is not None: server_name = serv try: - funct.check_is_server_in_group(serv) + roxywi_common.check_is_server_in_group(serv) if config_add: hap_configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir') - cfg = hap_configs_dir + serv + "-" + funct.get_data('config') + ".cfg" + cfg = hap_configs_dir + serv + "-" + get_date.return_date('config') + ".cfg" - funct.get_config(serv, cfg) + config_mod.get_config(serv, cfg) try: with open(cfg, "a") as conf: conf.write(config_add) except IOError: print("error: Can't read import config file") - funct.logging(serv, "add.py add new %s" % name) + roxywi_common.logging(serv, "add.py add new %s" % name) - output = funct.master_slave_upload_and_restart(serv, cfg, just_save="save") + output = config_mod.master_slave_upload_and_restart(serv, cfg, just_save="save") if output: print(output) else: diff --git a/app/add_nginx.py b/app/add_nginx.py index 2dafd077..774092db 100755 --- a/app/add_nginx.py +++ b/app/add_nginx.py @@ -4,32 +4,34 @@ import sys from jinja2 import Environment, FileSystemLoader -import funct -import sql +import modules.db.sql as sql +import modules.common.common as common import modules.roxy_wi_tools as roxy_wi_tools +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common get_config_var = roxy_wi_tools.GetConfigVar() -form = funct.form +form = common.form serv = form.getvalue('serv') print('Content-type: text/html\n') -user, user_id, role, token, servers, user_services = funct.get_users_params(service='nginx') +user_params = roxywi_common.get_users_params(service='nginx') try: - funct.check_login(user_id, token, service=2) + roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=2) except Exception as e: print(f'error {e}') sys.exit() -funct.page_for_admin(level=3) +roxywi_auth.page_for_admin(level=3) if all(v is None for v in [form.getvalue('upstream'), form.getvalue('generateconfig')]): env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('add_nginx.html') template = template.render( - title="Add: ", role=role, user=user, selects=servers, add=form.getvalue('add'), conf_add=form.getvalue('conf'), - user_services=user_services, token=token + title="Add: ", role=user_params['role'], user=user_params['user'], selects=user_params['servers'], add=form.getvalue('add'), conf_add=form.getvalue('conf'), + user_services=user_params['user_services'], token=user_params['token'] ) print(template) elif form.getvalue('upstream') is not None: @@ -78,13 +80,13 @@ if form.getvalue('generateconfig') is None and serv is not None: server_name = serv try: - funct.check_is_server_in_group(serv) + roxywi_common.check_is_server_in_group(serv) if config_add: sub_folder = 'conf.d' if 'upstream' in config_name else 'sites-enabled' service_configs_dir = get_config_var.get_config_var('configs', 'nginx_save_configs_dir') cfg = f'{service_configs_dir}{serv}-{config_name}.conf' - nginx_dir = funct.return_nice_path(sql.get_setting('nginx_dir')) + nginx_dir = comon.return_nice_path(sql.get_setting('nginx_dir')) config_file_name = f'{nginx_dir}{sub_folder}/{config_name}.conf' @@ -94,9 +96,9 @@ if form.getvalue('generateconfig') is None and serv is not None: except IOError: print("error: Cannot save a new config") - funct.logging(serv, "add_nginx.py add new %s" % config_name) + roxywi_common.logging(serv, "add_nginx.py add new %s" % config_name) - output = funct.master_slave_upload_and_restart(serv, cfg, just_save="save", nginx=1, config_file_name=config_file_name) + output = config_mod.master_slave_upload_and_restart(serv, cfg, just_save="save", nginx=1, config_file_name=config_file_name) if output: print(output) diff --git a/app/config.py b/app/config.py index f61f851c..bc8510be 100644 --- a/app/config.py +++ b/app/config.py @@ -4,28 +4,35 @@ import sys from jinja2 import Environment, FileSystemLoader -import funct -import sql +import modules.db.sql as sql +import modules.config.config as config_mod import modules.roxy_wi_tools as roxy_wi_tools +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common +import modules.common.common as common +time_zone = sql.get_setting('time_zone') +get_date = roxy_wi_tools.GetDate(time_zone) get_config_var = roxy_wi_tools.GetConfigVar() env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('config.html') print('Content-type: text/html\n') -form = funct.form -serv = funct.is_ip_or_dns(form.getvalue('serv')) +form = common.form +serv = common.is_ip_or_dns(form.getvalue('serv')) try: - service = funct.checkAjaxInput(form.getvalue('service')) + service = common.checkAjaxInput(form.getvalue('service')) except Exception: print('') is_serv_protected = False + try: config_file_name = form.getvalue('config_file_name').replace('92', '/') except Exception: config_file_name = '' + config_read = "" cfg = "" stderr = "" @@ -33,16 +40,16 @@ error = "" aftersave = "" is_restart = '' -user, user_id, role, token, servers, user_services = funct.get_users_params() +user_params = roxywi_common.get_users_params(service='nginx') if service in ('haproxy', 'nginx', 'keepalived', 'apache'): service_desc = sql.select_service(service) - if funct.check_login(user_id, token, service=service_desc.service_id): + if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id): title = f"Working with {service_desc.service} configuration files" action = f"config.py?service={service_desc.slug}" configs_dir = get_config_var.get_config_var('configs', 'kp_save_configs_dir') file_format = 'conf' - servers = sql.get_dick_permit(service=service_desc.slug) + servers = roxywi_common.get_dick_permit(service=service_desc.slug) if service in ('haproxy', 'nginx', 'apache'): configs_dir = get_config_var.get_config_var('configs', f'{service_desc.service}_save_configs_dir') @@ -57,38 +64,38 @@ else: if serv is not None: if service == 'nginx' or service == 'apache': conf_file_name_short = config_file_name.split('/')[-1] - cfg = configs_dir + serv + "-" + conf_file_name_short + "-" + funct.get_data('config') + "." + file_format + cfg = f"{configs_dir}{serv}-{conf_file_name_short}-{get_date.return_date('config')}.{file_format}" else: - cfg = configs_dir + serv + "-" + funct.get_data('config') + "." + file_format + cfg = f"{configs_dir}{serv}-{get_date.return_date('config')}.{file_format}" if serv is not None and form.getvalue('open') is not None and form.getvalue('new_config') is None: - funct.check_is_server_in_group(serv) + roxywi_common.check_is_server_in_group(serv) is_serv_protected = sql.is_serv_protected(serv) server_id = sql.select_server_id_by_ip(serv) is_restart = sql.select_service_setting(server_id, service, 'restart') if service == 'keepalived': - error = funct.get_config(serv, cfg, keepalived=1) + error = config_mod.get_config(serv, cfg, keepalived=1) try: - funct.logging(serv, " Keepalived config has been opened for ") + roxywi_roxywi_common.logging(serv, " Keepalived config has been opened for ") except Exception: pass elif service == 'nginx': - error = funct.get_config(serv, cfg, nginx=1, config_file_name=config_file_name) + error = config_mod.get_config(serv, cfg, nginx=1, config_file_name=config_file_name) try: - funct.logging(serv, " NGINX config has been opened ") + roxywi_roxywi_common.logging(serv, " NGINX config has been opened ") except Exception: pass elif service == 'apache': - error = funct.get_config(serv, cfg, apache=1, config_file_name=config_file_name) + error = config_mod.get_config(serv, cfg, apache=1, config_file_name=config_file_name) try: - funct.logging(serv, " Apache config has been opened ") + roxywi_roxywi_common.logging(serv, " Apache config has been opened ") except Exception: pass else: - error = funct.get_config(serv, cfg) + error = config_mod.get_config(serv, cfg) try: - funct.logging(serv, " HAProxy config has been opened ") + roxywi_roxywi_common.logging(serv, " HAProxy config has been opened ") except Exception: pass @@ -105,8 +112,7 @@ if form.getvalue('new_config') is not None: config_read = ' ' if serv is not None and form.getvalue('config') is not None: - import sys - funct.check_is_server_in_group(serv) + roxywi_common.check_is_server_in_group(serv) config = form.getvalue('config') oldcfg = form.getvalue('oldconfig') @@ -119,15 +125,15 @@ if serv is not None and form.getvalue('config') is not None: print("error: Cannot read imported config file") if service == 'keepalived': - stderr = funct.upload_and_restart(serv, cfg, just_save=save, keepalived=1, oldcfg=oldcfg) + stderr = config_mod.upload_and_restart(serv, cfg, just_save=save, keepalived=1, oldcfg=oldcfg) elif service == 'nginx': - stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save=save, nginx=1, oldcfg=oldcfg, config_file_name=config_file_name) + stderr = config_mod.master_slave_upload_and_restart(serv, cfg, just_save=save, nginx=1, oldcfg=oldcfg, config_file_name=config_file_name) elif service == 'apache': - stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save=save, apache=1, oldcfg=oldcfg, config_file_name=config_file_name) + stderr = config_mod.master_slave_upload_and_restart(serv, cfg, just_save=save, apache=1, oldcfg=oldcfg, config_file_name=config_file_name) else: - stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save=save, oldcfg=oldcfg) + stderr = config_mod.master_slave_upload_and_restart(serv, cfg, just_save=save, oldcfg=oldcfg) - funct.diff_config(oldcfg, cfg) + config_mod.diff_config(oldcfg, cfg) try: os.system("/bin/rm -f " + configs_dir + "*.old") @@ -140,8 +146,9 @@ if serv is not None and form.getvalue('config') is not None: sys.exit() template = template.render( - h2=1, title=title, role=role, action=action, user=user, select_id="serv", serv=serv, aftersave=aftersave, + h2=1, title=title, role=user_params['role'], action=action, user=user_params['user'], select_id="serv", serv=serv, aftersave=aftersave, config=config_read, cfg=cfg, selects=servers, stderr=stderr, error=error, service=service, is_restart=is_restart, - user_services=user_services, config_file_name=config_file_name, is_serv_protected=is_serv_protected, token=token + user_services=user_params['user_services'], config_file_name=config_file_name, is_serv_protected=is_serv_protected, + token=user_params['token'] ) print(template) diff --git a/app/create_db.py b/app/create_db.py index 638c31d5..9e341f38 100644 --- a/app/create_db.py +++ b/app/create_db.py @@ -1,7 +1,7 @@ #!/usr/bin/env python3 import distro -from modules.db_model import * +from modules.db.db_model import * def default_values(): @@ -966,7 +966,7 @@ def update_db_v_6_2_1(): def update_ver(): try: - Version.update(version='6.2.3.0').execute() + Version.update(version='6.3.0.0').execute() except Exception: print('Cannot update version') diff --git a/app/funct.py b/app/funct.py deleted file mode 100644 index 7e4251d1..00000000 --- a/app/funct.py +++ /dev/null @@ -1,2005 +0,0 @@ -# -*- coding: utf-8 -*- -import cgi -import os -import re -import json -import http.cookies - -import distro - -import sql -import modules.roxy_wi_tools as roxy_wi_tools - -time_zone = sql.get_setting('time_zone') -get_date = roxy_wi_tools.GetDate(time_zone) -get_config_var = roxy_wi_tools.GetConfigVar() - - -def is_ip_or_dns(server_from_request: str) -> str: - ip_regex = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" - dns_regex = "^(?!-)[A-Za-z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Za-z]{2,6}$" - try: - server_from_request = server_from_request.strip() - except Exception: - pass - try: - if server_from_request in ( - 'roxy-wi-checker', 'roxy-wi-keep_alive', 'roxy-wi-keep-alive', 'roxy-wi-metrics', - 'roxy-wi-portscanner', 'roxy-wi-smon', 'roxy-wi-socket', 'roxy-wi-prometheus-exporter', - 'prometheus', 'fail2ban', 'all', 'grafana-server', 'rabbitmq-server' - ): - return server_from_request - if re.match(ip_regex, server_from_request): - return server_from_request - else: - if re.match(dns_regex, server_from_request): - return server_from_request - else: - return '' - except Exception: - return '' - - -form = cgi.FieldStorage() -serv = is_ip_or_dns(form.getvalue('serv')) - - -def checkAjaxInput(ajax_input: str): - pattern = re.compile('[&;|$`]') - if pattern.search(ajax_input): - print('error: nice try') - return - else: - from shlex import quote - return quote(ajax_input.rstrip()) - - -def get_user_group(**kwargs) -> str: - user_group = '' - - try: - cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) - user_group_id = cookie.get('group') - user_group_id1 = user_group_id.value - groups = sql.select_groups(id=user_group_id1) - for g in groups: - if g.group_id == int(user_group_id1): - if kwargs.get('id'): - user_group = g.group_id - else: - user_group = g.name - except Exception: - check_user_group() - - return user_group - - -def logging(server_ip: str, action: str, **kwargs) -> None: - login = '' - cur_date = get_date.return_date('logs') - cur_date_in_log = get_date.return_date('date_in_log') - log_path = get_config_var.get_config_var('main', 'log_path') - - if not os.path.exists(log_path): - os.makedirs(log_path) - - try: - user_group = get_user_group() - except Exception: - user_group = '' - - try: - ip = cgi.escape(os.environ["REMOTE_ADDR"]) - except Exception: - ip = '' - - try: - cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) - user_uuid = cookie.get('uuid') - login = sql.get_user_name_by_uuid(user_uuid.value) - except Exception: - login_name = kwargs.get('login') - try: - if len(login_name) > 1: - login = kwargs.get('login') - except Exception: - login = '' - - try: - if distro.id() == 'ubuntu': - os.system('sudo chown www-data:www-data -R ' + log_path) - else: - os.system('sudo chown apache:apache -R ' + log_path) - except Exception: - pass - - if kwargs.get('roxywi') == 1: - if kwargs.get('login'): - mess = f"{cur_date_in_log} from {ip} user: {login}, group: {user_group}, {action} on: {server_ip}\n" - if kwargs.get('keep_history'): - try: - keep_action_history(kwargs.get('service'), action, server_ip, login, ip) - except Exception as e: - print(str(e)) - else: - mess = f"{cur_date_in_log} {action} from {ip}\n" - log_file = f"{log_path}/roxy-wi-{cur_date}.log" - elif kwargs.get('provisioning') == 1: - mess = f"{cur_date_in_log} from {ip} user: {login}, group: {user_group}, {action}\n" - log_file = f"{log_path}/provisioning-{cur_date}.log" - else: - mess = f"{cur_date_in_log} from {ip} user: {login}, group: {user_group}, {action} on: {server_ip}\n" - log_file = f"{log_path}/config_edit-{cur_date}.log" - - if kwargs.get('keep_history'): - keep_action_history(kwargs.get('service'), action, server_ip, login, ip) - - try: - with open(log_file, 'a') as log: - log.write(mess) - except IOError as e: - print(f'
Cannot write log. Please check log_path in config {e}
') - - -def keep_action_history(service: str, action: str, server_ip: str, login: str, user_ip: str): - try: - server_id = sql.select_server_id_by_ip(server_ip=server_ip) - if login != '': - user_id = sql.get_user_id_by_username(login) - else: - user_id = 0 - if user_ip == '': - user_ip = 'localhost' - - sql.insert_action_history(service, action, server_id, user_id, user_ip) - except Exception as e: - logging('Roxy-WI server', f'Cannot save a history: {e}', roxywi=1) - - -def telegram_send_mess(mess, **kwargs): - import telebot - from telebot import apihelper - token_bot = '' - channel_name = '' - - if kwargs.get('telegram_channel_id') == 0: - return - - if kwargs.get('telegram_channel_id'): - telegrams = sql.get_telegram_by_id(kwargs.get('telegram_channel_id')) - else: - telegrams = sql.get_telegram_by_ip(kwargs.get('ip')) - - proxy = sql.get_setting('proxy') - - for telegram in telegrams: - token_bot = telegram.token - channel_name = telegram.chanel_name - - if token_bot == '' or channel_name == '': - mess = " Can't send message. Add Telegram channel before use alerting at this servers group" - logging('Roxy-WI server', mess, roxywi=1) - - if proxy is not None and proxy != '' and proxy != 'None': - apihelper.proxy = {'https': proxy} - try: - bot = telebot.TeleBot(token=token_bot) - bot.send_message(chat_id=channel_name, text=mess) - except Exception as e: - logging('Roxy-WI server', str(e), roxywi=1) - - -def slack_send_mess(mess, **kwargs): - from slack_sdk import WebClient - from slack_sdk.errors import SlackApiError - slack_token = '' - channel_name = '' - - if kwargs.get('slack_channel_id') == 0: - return - - if kwargs.get('slack_channel_id'): - slacks = sql.get_slack_by_id(kwargs.get('slack_channel_id')) - else: - slacks = sql.get_slack_by_ip(kwargs.get('ip')) - - proxy = sql.get_setting('proxy') - - for slack in slacks: - slack_token = slack.token - channel_name = slack.chanel_name - - if proxy is not None and proxy != '' and proxy != 'None': - proxies = dict(https=proxy, http=proxy) - client = WebClient(token=slack_token, proxies=proxies) - else: - client = WebClient(token=slack_token) - - try: - client.chat_postMessage(channel='#' + channel_name, text=mess) - except SlackApiError as e: - logging('Roxy-WI server', str(e), roxywi=1) - - -def check_login(user_uuid, token, **kwargs): - if user_uuid is None: - print('') - - ref = os.environ.get("REQUEST_URI") - - try: - sql.delete_old_uuid() - except Exception as e: - raise Exception(f'error: cannot connect to DB {e}') - - if user_uuid is not None: - if sql.get_user_name_by_uuid(user_uuid.value) is None: - print(f'') - return False - if kwargs.get('service'): - required_service = str(kwargs.get('service')) - user_id = sql.get_user_id_by_uuid(user_uuid.value) - user_services = sql.select_user_services(user_id) - if required_service in user_services: - return True - else: - print('') - return False - - sql.update_last_act_user(user_uuid.value, token) - else: - print(f'') - return False - - -def get_user_id(**kwargs): - if kwargs.get('login'): - return sql.get_user_id_by_username(kwargs.get('login')) - - cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) - user_uuid = cookie.get('uuid') - - if user_uuid is not None: - user_id = sql.get_user_id_by_uuid(user_uuid.value) - - return user_id - - -def is_admin(level=1): - cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) - user_id = cookie.get('uuid') - try: - role = sql.get_user_role_by_uuid(user_id.value) - except Exception: - role = 4 - pass - - try: - return True if role <= level else False - except Exception: - return False - - -def page_for_admin(level=1) -> None: - if not is_admin(level=level): - print('') - return - - -def return_ssh_keys_path(server_ip: str, **kwargs) -> dict: - lib_path = get_config_var.get_config_var('main', 'lib_path') - ssh_settings = {} - - if kwargs.get('id'): - sshs = sql.select_ssh(id=kwargs.get('id')) - else: - sshs = sql.select_ssh(serv=server_ip) - - for ssh in sshs: - ssh_settings.setdefault('enabled', ssh.enable) - ssh_settings.setdefault('user', ssh.username) - ssh_settings.setdefault('password', ssh.password) - ssh_key = f'{lib_path}/keys/{ssh.name}.pem' if ssh.enable == 1 else '' - ssh_settings.setdefault('key', ssh_key) - - ssh_port = [str(server[10]) for server in sql.select_servers(server=server_ip)] - ssh_settings.setdefault('port', ssh_port[0]) - - return ssh_settings - - -def ssh_connect(server_ip): - from modules import ssh_connection - - ssh_settings = return_ssh_keys_path(server_ip) - - ssh = ssh_connection.SshConnection(server_ip, ssh_settings['port'], ssh_settings['user'], - ssh_settings['password'], ssh_settings['enabled'], ssh_settings['key']) - - return ssh - - -def get_config(server_ip, cfg, **kwargs): - config_path = '' - - if kwargs.get("keepalived") or kwargs.get("service") == 'keepalived': - config_path = sql.get_setting('keepalived_config_path') - elif ( - kwargs.get("nginx") or kwargs.get("service") == 'nginx' - or kwargs.get("apache") or kwargs.get("service") == 'apache' - ): - config_path = kwargs.get('config_file_name') - elif kwargs.get("waf") or kwargs.get("service") == 'waf': - if kwargs.get("waf") == 'haproxy': - config_path = sql.get_setting('haproxy_dir') + '/waf/rules/' + kwargs.get("waf_rule_file") - elif kwargs.get("waf") == 'nginx': - config_path = sql.get_setting('nginx_dir') + '/waf/rules/' + kwargs.get("waf_rule_file") - else: - config_path = sql.get_setting('haproxy_config_path') - - try: - with ssh_connect(server_ip) as ssh: - ssh.get_sftp(config_path, cfg) - except Exception as e: - logging('Roxy-WI server', f'error: cannot get config: {e}', roxywi=1) - - -def diff_config(oldcfg, cfg, **kwargs): - cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) - log_path = get_config_var.get_config_var('main', 'log_path') - user_group = get_user_group() - diff = "" - date = get_date.return_date('date_in_log') - log_date = get_date.return_date('logs') - cmd = "/bin/diff -ub %s %s" % (oldcfg, cfg) - - try: - user_uuid = cookie.get('uuid') - login = sql.get_user_name_by_uuid(user_uuid.value) - except Exception: - login = '' - - output, stderr = subprocess_execute(cmd) - - if kwargs.get('return_diff'): - for line in output: - diff += line + "\n" - return diff - else: - for line in output: - diff += f"{date} user: {login}, group: {user_group} {line}\n" - - log_file = f"{log_path}/config_edit-{log_date}" - try: - with open(log_file, 'a') as log: - log.write(diff) - except IOError: - print(f'
Can\'t read write change to log. {stderr}
') - pass - - -def get_remote_sections(server_ip: str, service: str) -> str: - remote_dir = service + '_dir' - config_dir = sql.get_setting(remote_dir) - config_dir = return_nice_path(config_dir) - section_name = 'server_name' - - if service == 'apache': - section_name = 'ServerName' - - commands = [f"sudo grep {section_name} {config_dir}*/*.conf -R |grep -v '${{}}\|#'|awk '{{print $1, $3}}'"] - - backends = ssh_command(server_ip, commands) - - return backends - - -def get_sections(config, **kwargs): - return_config = list() - with open(config, 'r') as f: - for line in f: - if kwargs.get('service') == 'keepalived': - ip_pattern = re.compile('\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}') - find_ip = re.findall(ip_pattern, line) - if find_ip: - return_config.append(find_ip[0]) - else: - if line.startswith(( - 'global', 'listen', 'frontend', 'backend', 'cache', 'defaults', '#HideBlockStart', - '#HideBlockEnd', 'peers', 'resolvers', 'userlist', 'http-errors' - )): - line = line.strip() - return_config.append(line) - - return return_config - - -def get_section_from_config(config, section): - record = False - start_line = "" - end_line = "" - return_config = "" - with open(config, 'r') as f: - for index, line in enumerate(f): - if line.startswith(section + '\n'): - start_line = index - return_config += line - record = True - continue - if record: - if line.startswith(( - 'global', 'listen', 'frontend', 'backend', 'cache', 'defaults', '#HideBlockStart', - '#HideBlockEnd', 'peers', 'resolvers', 'userlist', 'http-errors' - )): - record = False - end_line = index - end_line = end_line - 1 - else: - return_config += line - - if end_line == "": - f = open(config, "r") - line_list = f.readlines() - end_line = len(line_list) - - return start_line, end_line, return_config - - -def rewrite_section(start_line, end_line, config, section): - record = False - start_line = int(start_line) - end_line = int(end_line) - return_config = "" - with open(config, 'r') as f: - for index, line in enumerate(f): - index = int(index) - if index == start_line: - record = True - return_config += section - return_config += "\n" - continue - if index == end_line: - record = False - continue - if record: - continue - - return_config += line - - return return_config - - -def get_userlists(config): - return_config = '' - with open(config, 'r') as f: - for line in f: - if line.startswith('userlist'): - line = line.strip() - return_config += line + ',' - - return return_config - - -def get_backends_from_config(server_ip, backends=''): - config_date = get_date.return_date('config') - configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir') - format_cfg = 'cfg' - - try: - cfg = configs_dir + get_files(configs_dir, format_cfg)[0] - except Exception as e: - logging('Roxy-WI server', str(e), roxywi=1) - try: - cfg = f'{configs_dir}{server_ip}-{config_date}.{format_cfg}' - except Exception: - logging('Roxy-WI server', ' Cannot generate cfg path', roxywi=1) - return - try: - get_config(server_ip, cfg) - except Exception: - logging('Roxy-WI server', ' Cannot download config', roxywi=1) - print('error: Cannot get backends') - return - - with open(cfg, 'r') as f: - for line in f: - if backends == 'frontend': - if (line.startswith('listen') or line.startswith('frontend')) and 'stats' not in line: - line = line.strip() - print(line.split(' ')[1], end="
") - - -def get_all_stick_table(): - hap_sock_p = sql.get_setting('haproxy_sock_port') - cmd = 'echo "show table"|nc %s %s |awk \'{print $3}\' | tr -d \'\n\' | tr -d \'[:space:]\'' % (serv, hap_sock_p) - output, stderr = subprocess_execute(cmd) - return output[0] - - -def get_stick_table(table): - hap_sock_p = sql.get_setting('haproxy_sock_port') - cmd = 'echo "show table %s"|nc %s %s |awk -F"#" \'{print $2}\' |head -1 | tr -d \'\n\'' % (table, serv, hap_sock_p) - output, stderr = subprocess_execute(cmd) - tables_head = [] - for i in output[0].split(','): - i = i.split(':')[1] - tables_head.append(i) - - cmd = 'echo "show table %s"|nc %s %s |grep -v "#"' % (table, serv, hap_sock_p) - output, stderr = subprocess_execute(cmd) - - return tables_head, output - - -def show_installation_output(error, output, service): - if error and "WARNING" not in error: - logging('Roxy-WI server', error, roxywi=1) - print('error: ' + error) - return False - else: - for line in output: - if any(s in line for s in ("Traceback", "FAILED", "error", "ERROR", "UNREACHABLE")): - try: - print(line) - break - except Exception: - print(output) - break - else: - print(f'success: {service} has been installed') - logging('Roxy-WI server', error, roxywi=1, keep_history=1, service=service) - return True - - -def install_haproxy(server_ip, **kwargs): - script = "install_haproxy.sh" - hap_sock_p = str(sql.get_setting('haproxy_sock_port')) - stats_port = str(sql.get_setting('stats_port')) - server_state_file = sql.get_setting('server_state_file') - stats_user = sql.get_setting('stats_user') - stats_password = sql.get_setting('stats_password') - proxy = sql.get_setting('proxy') - haproxy_dir = sql.get_setting('haproxy_dir') - container_name = sql.get_setting('haproxy_container_name') - haproxy_ver = kwargs.get('hapver') - server_for_installing = kwargs.get('server') - docker = kwargs.get('docker') - proxy_serv = '' - ssh_settings = return_ssh_keys_path(server_ip) - - os.system(f"cp scripts/{script} .") - - if haproxy_ver is None: - haproxy_ver = '2.6.0-1' - - if proxy is not None and proxy != '' and proxy != 'None': - proxy_serv = proxy - - syn_flood_protect = '1' if kwargs.get('syn_flood') == "1" else '' - - commands = [ - f"chmod +x {script} && ./{script} PROXY={proxy_serv} SOCK_PORT={hap_sock_p} STAT_PORT={stats_port} " - f"STAT_FILE={server_state_file} DOCKER={docker} SSH_PORT={ssh_settings['port']} STATS_USER={stats_user} " - f"CONT_NAME={container_name} HAP_DIR={haproxy_dir} STATS_PASS='{stats_password}' HAPVER={haproxy_ver} " - f"SYN_FLOOD={syn_flood_protect} HOST={server_ip} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' " - f"KEY={ssh_settings['key']}" - ] - - output, error = subprocess_execute(commands[0]) - if server_for_installing: - service = server_for_installing + ' HAProxy' - else: - service = ' HAProxy' - - if show_installation_output(error, output, service): - sql.update_haproxy(server_ip) - - if docker == '1': - server_id = sql.select_server_id_by_ip(server_ip) - sql.insert_or_update_service_setting(server_id, 'haproxy', 'dockerized', '1') - sql.insert_or_update_service_setting(server_id, 'haproxy', 'restart', '1') - - os.remove(script) - - -def waf_install(server_ip): - script = "waf.sh" - proxy = sql.get_setting('proxy') - haproxy_dir = sql.get_setting('haproxy_dir') - ver = check_haproxy_version(server_ip) - service = ' WAF' - proxy_serv = '' - ssh_settings = return_ssh_keys_path(server_ip) - - os.system(f"cp scripts/{script} .") - - if proxy is not None and proxy != '' and proxy != 'None': - proxy_serv = proxy - - commands = [ - f"chmod +x {script} && ./{script} PROXY={proxy_serv} HAPROXY_PATH={haproxy_dir} VERSION='{ver}' " - f"SSH_PORT={ssh_settings['port']} HOST={server_ip} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' " - f"KEY={ssh_settings['key']}" - ] - - output, error = subprocess_execute(commands[0]) - - if show_installation_output(error, output, service): - sql.insert_waf_metrics_enable(server_ip, "0") - sql.insert_waf_rules(server_ip) - - os.remove(script) - - -def waf_nginx_install(server_ip): - script = "waf_nginx.sh" - proxy = sql.get_setting('proxy') - nginx_dir = sql.get_setting('nginx_dir') - service = ' WAF' - proxy_serv = '' - ssh_settings = return_ssh_keys_path(server_ip) - - os.system(f"cp scripts/{script} .") - - if proxy is not None and proxy != '' and proxy != 'None': - proxy_serv = proxy - - commands = [ - f"chmod +x {script} && ./{script} PROXY={proxy_serv} NGINX_PATH={nginx_dir} SSH_PORT={ssh_settings['port']} " - f"HOST={server_ip} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" - ] - - output, error = subprocess_execute(commands[0]) - - if show_installation_output(error, output, service): - sql.insert_nginx_waf_rules(server_ip) - sql.insert_waf_nginx_server(server_ip) - - os.remove(script) - - -def install_nginx(server_ip, **kwargs): - script = "install_nginx.sh" - stats_user = sql.get_setting('nginx_stats_user') - stats_password = sql.get_setting('nginx_stats_password') - stats_port = str(sql.get_setting('nginx_stats_port')) - stats_page = sql.get_setting('nginx_stats_page') - config_path = sql.get_setting('nginx_config_path') - nginx_dir = sql.get_setting('nginx_dir') - server_for_installing = kwargs.get('server') - proxy = sql.get_setting('proxy') - docker = kwargs.get('docker') - container_name = sql.get_setting('nginx_container_name') - proxy_serv = '' - ssh_settings = return_ssh_keys_path(server_ip) - - os.system(f"cp scripts/{script} .") - - if proxy is not None and proxy != '' and proxy != 'None': - proxy_serv = proxy - - syn_flood_protect = '1' if form.getvalue('syn_flood') == "1" else '' - - commands = [ - f"chmod +x {script} && ./{script} PROXY={proxy_serv} STATS_USER={stats_user} STATS_PASS='{stats_password}' " - f"SSH_PORT={ssh_settings['port']} CONFIG_PATH={config_path} CONT_NAME={container_name} STAT_PORT={stats_port} " - f"STAT_PAGE={stats_page} SYN_FLOOD={syn_flood_protect} DOCKER={docker} nginx_dir={nginx_dir} HOST={server_ip} " - f"USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" - ] - - output, error = subprocess_execute(commands[0]) - if server_for_installing: - service = server_for_installing + ' Nginx' - else: - service = ' Nginx' - if show_installation_output(error, output, service): - sql.update_nginx(server_ip) - - if docker == '1': - server_id = sql.select_server_id_by_ip(server_ip) - sql.insert_or_update_service_setting(server_id, 'nginx', 'dockerized', '1') - sql.insert_or_update_service_setting(server_id, 'nginx', 'restart', '1') - - os.remove(script) - - -def update_roxy_wi(service): - restart_service = '' - - if distro.id() == 'ubuntu': - try: - if service == 'roxy-wi-keep_alive': - service = 'roxy-wi-keep-alive' - except Exception: - pass - - if service != 'roxy-wi': - restart_service = f'&& sudo systemctl restart {service}' - - cmd = f'sudo -S apt-get update && sudo apt-get install {service} {restart_service}' - else: - if service != 'roxy-wi': - restart_service = f'&& sudo systemctl restart {service}' - cmd = f'sudo -S yum -y install {service} {restart_service}' - - output, stderr = subprocess_execute(cmd) - print(output) - print(stderr) - - -def check_haproxy_version(server_ip): - hap_sock_p = sql.get_setting('haproxy_sock_port') - ver = "" - cmd = f"echo 'show info' |nc {server_ip} {hap_sock_p} |grep Version |awk '{{print $2}}'" - output, stderr = subprocess_execute(cmd) - for line in output: - ver = line - - return ver - - -def upload(server_ip, path, file, **kwargs): - full_path = path + file - if kwargs.get('dir') == "fullpath": - full_path = path - - try: - with ssh_connect(server_ip) as ssh: - ssh.put_sftp(file, full_path) - except Exception as e: - error = str(e.args) - logging('Roxy-WI server', error, roxywi=1) - print(f' Cannot upload {file} to {full_path} to server: {server_ip} error: {error}') - return error - - -def upload_and_restart(server_ip: str, cfg: str, **kwargs): - error = '' - service_name = '' - container_name = '' - reload_or_restart_command = '' - file_format = 'conf' - config_path = kwargs.get('config_file_name') - config_date = get_date.return_date('config') - server_id = sql.select_server_id_by_ip(server_ip=server_ip) - - if kwargs.get("nginx"): - service = 'nginx' - elif kwargs.get("apache"): - service = 'apache' - elif kwargs.get("keepalived"): - service = 'keepalived' - config_path = sql.get_setting('keepalived_config_path') - file_format = 'cfg' - elif kwargs.get('waf'): - service = 'waf' - else: - service = 'haproxy' - config_path = sql.get_setting('haproxy_config_path') - file_format = 'cfg' - - tmp_file = f"{sql.get_setting('tmp_config_path')}/{config_date}.{file_format}" - is_dockerized = sql.select_service_setting(server_id, service, 'dockerized') - - if is_dockerized == '1': - service_cont_name = f'{service}_container_name' - container_name = sql.get_setting(service_cont_name) - reload_command = f" && sudo docker kill -s HUP {container_name}" - restart_command = f" && sudo docker restart {container_name}" - else: - service_name = service - if service == 'haproxy': - haproxy_enterprise = sql.select_service_setting(server_id, 'haproxy', 'haproxy_enterprise') - if haproxy_enterprise == '1': - service_name = "hapee-2.0-lb" - if service == 'apache': - service_name = get_correct_apache_service_name(server_ip, 0) - - reload_command = f" && sudo systemctl reload {service_name}" - restart_command = f" && sudo systemctl restart {service_name}" - - if kwargs.get("just_save") == 'save': - action = 'save' - elif kwargs.get("just_save") == 'test': - action = 'test' - elif kwargs.get("just_save") == 'reload': - action = 'reload' - reload_or_restart_command = reload_command - else: - is_not_allowed_to_restart(server_id, service) - action = 'restart' - reload_or_restart_command = restart_command - - if kwargs.get('login'): - login = kwargs.get('login') - else: - login = 1 - - try: - os.system(f"dos2unix {cfg}") - except OSError: - return 'error: there is no dos2unix' - - if service == "keepalived": - move_config = f"sudo mv -f {tmp_file} {config_path}" - if action == "save": - commands = [move_config] - else: - commands = [move_config + reload_or_restart_command] - elif service == "nginx": - if is_dockerized == '1': - check_config = f"sudo docker exec -it exec {container_name} nginx -t " - else: - check_config = "sudo nginx -t " - check_and_move = f"sudo mv -f {tmp_file} {config_path} && {check_config}" - if action == "test": - commands = [f"{check_config} && sudo rm -f {tmp_file}"] - elif action == "save": - commands = [check_and_move] - else: - commands = [check_and_move + reload_or_restart_command] - if sql.return_firewall(server_ip): - commands[0] += open_port_firewalld(cfg, server_ip=server_ip, service='nginx') - elif service == "apache": - if is_dockerized == '1': - check_config = f"sudo docker exec -it exec {container_name} sudo apachectl configtest " - else: - check_config = "sudo apachectl configtest " - check_and_move = f"sudo mv -f {tmp_file} {config_path} && {check_config}" - if action == "test": - commands = [f"{check_config} && sudo rm -f {tmp_file}"] - elif action == "save": - commands = [check_and_move] - else: - commands = [check_and_move + reload_or_restart_command] - # if sql.return_firewall(server_ip): - # commands[0] += open_port_firewalld(cfg, server_ip=server_ip, service='apache') - elif service == 'waf': - check_and_move = f"sudo mv -f {tmp_file} {config_path}" - if action == "save": - commands = [check_and_move] - else: - commands = [check_and_move + reload_or_restart_command] - else: - if is_dockerized == '1': - check_config = f"sudo docker exec -it {container_name} haproxy -c -f {tmp_file}" - else: - check_config = f"sudo {service_name} -c -f {tmp_file}" - move_config = f" && sudo mv -f {tmp_file} {config_path}" - - if action == "test": - commands = [f"{check_config} && sudo rm -f {tmp_file}"] - elif action == "save": - commands = [check_config + move_config] - else: - commands = [check_config + move_config + reload_or_restart_command] - if sql.return_firewall(server_ip): - commands[0] += open_port_firewalld(cfg, server_ip=server_ip) - - try: - upload(server_ip, tmp_file, cfg, dir='fullpath') - try: - if action != 'test': - logging(server_ip, 'A new config file has been uploaded', login=login, keep_history=1, service=service) - except Exception as e: - logging('Roxy-WI server', str(e), roxywi=1) - - # If master then save version of config in a new way - if not kwargs.get('slave') and service != 'waf': - from pathlib import Path - - diff = '' - try: - old_cfg = kwargs.get('oldcfg') - path = Path(old_cfg) - except Exception: - old_cfg = '' - path = Path(old_cfg) - - if not path.is_file(): - old_cfg = f'{tmp_file}.old' - try: - get_config(server_ip, old_cfg, service=service, config_file_name=config_path) - except Exception: - logging('Roxy-WI server', 'Cannot download config for diff', roxywi=1) - try: - diff = diff_config(old_cfg, cfg, return_diff=1) - except Exception as e: - logging('Roxy-WI server', str(e), roxywi=1) - - try: - user_id = get_user_id(login=kwargs.get('login')) - sql.insert_config_version(server_id, user_id, service, cfg, config_path, diff) - except Exception as e: - logging('Roxy-WI server', str(e), roxywi=1) - except Exception as e: - logging('Roxy-WI server', str(e), roxywi=1) - return error - - try: - error = ssh_command(server_ip, commands) - try: - if action == 'reload' or action == 'restart': - logging(server_ip, f'Service has been {action}ed', login=login, keep_history=1, service=service) - except Exception as e: - logging('Roxy-WI server', str(e), roxywi=1) - except Exception as e: - logging('Roxy-WI server', str(e), roxywi=1) - return e - - if error.strip() != 'haproxy' and error.strip() != 'nginx': - return error.strip() - - -def master_slave_upload_and_restart(server_ip, cfg, just_save, **kwargs): - slave_output = '' - - try: - server_name = sql.get_hostname_by_server_ip(server_ip) - except Exception: - server_name = serv - - if kwargs.get('login'): - login = kwargs.get('login') - else: - login = '' - - is_master = [masters[0] for masters in sql.is_master(server_ip)] - if is_master[0] is not None: - slv_output = upload_and_restart( - is_master[0], cfg, just_save=just_save, nginx=kwargs.get('nginx'), waf=kwargs.get('waf'), - apache=kwargs.get('apache'), config_file_name=kwargs.get('config_file_name'), slave=1 - ) - slave_output += f'
slave_server:\n{slv_output}' - - output = upload_and_restart( - server_ip, cfg, just_save=just_save, nginx=kwargs.get('nginx'), waf=kwargs.get('waf'), - apache=kwargs.get('apache'), config_file_name=kwargs.get('config_file_name'), - oldcfg=kwargs.get('oldcfg'), login=login - ) - - output = server_name + ':\n' + output - - output = output + slave_output - return output - - -def open_port_firewalld(cfg, server_ip, **kwargs): - try: - conf = open(cfg, "r") - except IOError: - print('
Cannot read exported config file
') - return - - firewalld_commands = ' &&' - ports = '' - - for line in conf: - if kwargs.get('service') == 'nginx': - if "listen " in line and '#' not in line: - try: - listen = ' '.join(line.split()) - listen = listen.split(" ")[1] - listen = listen.split(";")[0] - try: - listen = int(listen) - ports += str(listen) + ' ' - firewalld_commands += f' sudo firewall-cmd --zone=public --add-port={listen}/tcp --permanent -q &&' - except Exception: - pass - except Exception: - pass - else: - if "bind" in line: - try: - bind = line.split(":") - bind[1] = bind[1].strip(' ') - bind = bind[1].split("ssl") - bind = bind[0].strip(' \t\n\r') - try: - bind = int(bind) - firewalld_commands += f' sudo firewall-cmd --zone=public --add-port={bind}/tcp --permanent -q &&' - ports += str(bind) + ' ' - except Exception: - pass - except Exception: - pass - - firewalld_commands += 'sudo firewall-cmd --reload -q' - logging(server_ip, f' Next ports have been opened: {ports}') - return firewalld_commands - - -def check_haproxy_config(server_ip): - server_id = sql.select_server_id_by_ip(server_ip=server_ip) - is_dockerized = sql.select_service_setting(server_id, 'haproxy', 'dockerized') - config_path = sql.get_setting('haproxy_config_path') - - if is_dockerized == '1': - container_name = sql.get_setting('haproxy_container_name') - commands = [f"sudo docker exec -it {container_name} haproxy -q -c -f {config_path}"] - else: - commands = [f"haproxy -q -c -f {config_path}"] - - with ssh_connect(server_ip) as ssh: - for command in commands: - stdin, stdout, stderr = ssh.run_command(command) - if not stderr.read(): - return True - else: - return False - - -def check_nginx_config(server_ip): - commands = [f"nginx -q -t -p {sql.get_setting('nginx_dir')}"] - - with ssh_connect(server_ip) as ssh: - for command in commands: - stdin, stdout, stderr = ssh.run_command(command) - if not stderr.read(): - return True - else: - return False - - -def show_log(stdout, **kwargs): - i = 0 - out = '' - grep = '' - - if kwargs.get('grep'): - grep = kwargs.get('grep') - grep = re.sub(r'[?|$|.|!|^|*|\]|\[|,| |]', r'', grep) - for line in stdout: - i = i + 1 - if kwargs.get('grep'): - line = line.replace(grep, f'{grep}') - line_class = "line3" if i % 2 == 0 else "line" - out += f'
{line}
' - - return out - - -def show_finding_in_config(stdout: str, **kwargs) -> str: - grep = '' - out = '
--
' - - if kwargs.get('grep'): - grep = kwargs.get('grep') - grep = re.sub(r'[?|$|!|^|*|\]|\[|,| |]', r'', grep) - - for line in stdout: - if kwargs.get('grep'): - line = line.replace(grep, f'{grep}') - line_class = "line" if '--' in line else "line3" - out += f'
{line}
' - - out += '
--
' - - return out - - -def show_roxy_log( - serv, rows='10', waf='0', grep=None, hour='00', - minut='00', hour1='24', minut1='00', service='haproxy', **kwargs -) -> str: - exgrep = form.getvalue('exgrep') - log_file = form.getvalue('file') - date = checkAjaxInput(hour) + ':' + checkAjaxInput(minut) - date1 = checkAjaxInput(hour1) + ':' + checkAjaxInput(minut1) - rows = checkAjaxInput(rows) - waf = checkAjaxInput(waf) - cmd = '' - awk_column = 3 - - if grep is not None: - grep_act = '|egrep "%s"' % checkAjaxInput(grep) - else: - grep_act = '' - - if exgrep is not None: - exgrep_act = '|egrep -v "%s"' % checkAjaxInput(exgrep) - else: - exgrep_act = '' - - log_file = checkAjaxInput(log_file) if log_file is not None else log_file - - if service in ('nginx', 'haproxy', 'apache', 'keepalived'): - syslog_server_enable = sql.get_setting('syslog_server_enable') - if syslog_server_enable is None or syslog_server_enable == 0: - if service == 'nginx': - local_path_logs = sql.get_setting('nginx_path_logs') - commands = ["sudo cat %s/%s |tail -%s %s %s" % (local_path_logs, log_file, rows, grep_act, exgrep_act)] - elif service == 'apache': - local_path_logs = sql.get_setting('apache_path_logs') - commands = [ - "sudo cat %s/%s| awk -F\"/|:\" '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act) - ] - elif service == 'keepalived': - local_path_logs = sql.get_setting('keepalived_path_logs') - commands = [ - "sudo cat %s/%s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % ( - local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act) - ] - else: - local_path_logs = sql.get_setting('haproxy_path_logs') - commands = ["sudo cat %s/%s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act)] - syslog_server = serv - else: - commands = ["sudo cat /var/log/%s/syslog.log | sed '/ %s:00/,/ %s:00/! d' |tail -%s %s %s %s" % (serv, date, date1, rows, grep_act, grep, exgrep_act)] - syslog_server = sql.get_setting('syslog_server') - - if waf == "1": - local_path_logs = '/var/log/waf.log' - commands = ["sudo cat %s |tail -%s %s %s" % (local_path_logs, rows, grep_act, exgrep_act)] - if kwargs.get('html') == 0: - a = ssh_command(syslog_server, commands) - return show_log(a, html=0, grep=grep) - else: - return ssh_command(syslog_server, commands, show_log='1', grep=grep) - elif service == 'apache_internal': - apache_log_path = sql.get_setting('apache_log_path') - - if serv == 'roxy-wi.access.log': - cmd = 'sudo cat {}| awk -F"/|:" \'$3>"{}:00" && $3<"{}:00"\' |tail -{} {} {}'.format(apache_log_path + "/" + serv, date, date1, rows, grep_act, exgrep_act) - elif serv == 'roxy-wi.error.log': - cmd = "sudo cat {}| awk '$4>\"{}:00\" && $4<\"{}:00\"' |tail -{} {} {}".format(apache_log_path + "/" + serv, date, date1, rows, grep_act, exgrep_act) - elif serv == 'fail2ban.log': - cmd = 'sudo cat {}| awk -F"/|:" \'$3>"{}:00" && $3<"{}:00\' |tail -{} {} {}'.format("/var/log/" + serv, date, date1, rows, grep_act, exgrep_act) - - output, stderr = subprocess_execute(cmd) - - return show_log(output, grep=grep) - elif service == 'internal': - log_path = get_config_var.get_config_var('main', 'log_path') - logs_files = get_files(log_path, "log") - user_group = get_user_group() - user_grep = '' - - if user_group != '' and user_group != 'Default': - user_grep = f"|grep 'group: {user_group}'" - - for key, value in logs_files: - if int(serv) == key: - serv = value - break - else: - return 'Haha' - - if serv == 'backup.log': - awk_column = 2 - - cmd = f"cat {log_path}/{serv}| awk '${awk_column}>\"{date}:00\" && ${awk_column}<\"{date1}:00\"' {user_grep} {grep_act} {exgrep_act} |tail -{rows}" - - output, stderr = subprocess_execute(cmd) - - return show_log(output, grep=grep) - - -def roxy_wi_log(**kwargs) -> list: - log_path = get_config_var.get_config_var('main', 'log_path') - - if kwargs.get('log_id'): - selects = get_files(log_path, "log") - for key, value in selects: - log_file = f"{kwargs.get('file')}.log" - if log_file == value: - return key - else: - user_group_id = get_user_group(id=1) - if user_group_id != 1: - user_group = get_user_group() - group_grep = f'|grep "group: {user_group}"' - else: - group_grep = '' - cmd = f"find {log_path}/roxy-wi-* -type f -exec stat --format '%Y :%y %n' '{{}}' \; | sort -nr | cut -d: -f2- " \ - f"| head -1 |awk '{{print $4}}' |xargs tail {group_grep}|sort -r" - try: - output, stderr = subprocess_execute(cmd) - return output - except Exception: - return [''] - - -def show_ip(stdout): - for line in stdout: - if "Permission denied" in line: - print(f'error: {line}') - else: - print(line) - - -def server_status(stdout): - proc_count = "" - - for line in stdout: - if "Ncat: " not in line: - for k in line: - try: - proc_count = k.split(":")[1] - except Exception: - proc_count = 1 - else: - proc_count = 0 - return proc_count - - -def ssh_command(server_ip: str, commands: list, **kwargs): - if server_ip == '': - return 'error: IP cannot be empty' - with ssh_connect(server_ip) as ssh: - for command in commands: - try: - stdin, stdout, stderr = ssh.run_command(command) - except Exception as e: - logging('Roxy-WI server', f' Something wrong with SSH connection. Probably sudo with password {e}', roxywi=1) - return str(e) - - try: - if kwargs.get('raw'): - return stdout.readlines() - if kwargs.get("ip") == "1": - show_ip(stdout) - elif kwargs.get("show_log") == "1": - return show_log(stdout, grep=kwargs.get("grep")) - elif kwargs.get('return_err') == 1: - return stderr.read().decode(encoding='UTF-8') - else: - return stdout.read().decode(encoding='UTF-8') - except Exception as e: - logging('Roxy-WI server', f' Something wrong with SSH connection. Probably sudo with password {e}', roxywi=1) - - for line in stderr.readlines(): - if line: - print(f'error: {line}') - logging('Roxy-WI server', f' {line}', roxywi=1) - - -def subprocess_execute(cmd): - import subprocess - p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True, universal_newlines=True) - stdout, stderr = p.communicate() - output = stdout.splitlines() - - return output, stderr - - -def show_backends(server_ip, **kwargs): - hap_sock_p = sql.get_setting('haproxy_sock_port') - cmd = f'echo "show backend" |nc {server_ip} {hap_sock_p}' - output, stderr = subprocess_execute(cmd) - if stderr: - logging('Roxy-WI server', ' ' + stderr, roxywi=1) - if kwargs.get('ret'): - ret = list() - else: - ret = "" - for line in output: - if any(s in line for s in ('#', 'stats', 'MASTER', '<')): - continue - if len(line) > 1: - back = json.dumps(line).split("\"") - if kwargs.get('ret'): - ret.append(back[1]) - else: - print(back[1], end="
") - - if kwargs.get('ret'): - return ret - - -def get_files(folder=None, file_format='cfg') -> list: - import glob - if folder is None: - folder = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir') - if file_format == 'log': - file = [] - else: - file = set() - return_files = set() - i = 0 - for files in sorted(glob.glob(os.path.join(folder, f'*.{file_format}*'))): - if file_format == 'log': - try: - file += [(i, files.split('/')[4])] - except Exception as e: - print(e) - else: - file.add(files.split('/')[-1]) - i += 1 - files = file - if file_format == 'cfg' or file_format == 'conf': - for file in files: - ip = file.split("-") - if serv == ip[0]: - return_files.add(file) - return sorted(return_files, reverse=True) - else: - return file - - -def get_remote_files(server_ip: str, config_dir: str, file_format: str): - config_dir = return_nice_path(config_dir) - if file_format == 'conf': - commands = [f'sudo ls {config_dir}*/*.{file_format}'] - else: - commands = [f'sudo ls {config_dir}|grep {file_format}$'] - config_files = ssh_command(server_ip, commands) - - return config_files - - -def return_nice_path(return_path: str) -> str: - if ( - 'nginx' not in return_path - and 'haproxy' not in return_path - and 'apache2' not in return_path - and 'httpd' not in return_path - and 'keepalived' not in return_path - ): - return 'error: The path must contain the name of the service. Check it in Roxy-WI settings' - - if return_path[-1] != '/': - return_path += '/' - - return return_path - - -def get_key(item): - return item[0] - - -def check_ver(): - return sql.get_ver() - - -def check_new_version(service): - import requests - from requests.adapters import HTTPAdapter - from requests.packages.urllib3.util.retry import Retry - - current_ver = check_ver() - proxy = sql.get_setting('proxy') - res = '' - user_name = sql.select_user_name() - retry_strategy = Retry( - total=3, - status_forcelist=[429, 500, 502, 503, 504], - method_whitelist=["HEAD", "GET", "OPTIONS"] - ) - adapter = HTTPAdapter(max_retries=retry_strategy) - roxy_wi_get_plan = requests.Session() - roxy_wi_get_plan.mount("https://", adapter) - - try: - if proxy is not None and proxy != '' and proxy != 'None': - proxy_dict = {"https": proxy, "http": proxy} - response = requests.get(f'https://roxy-wi.org/version/get/{service}', timeout=1, proxies=proxy_dict) - if service == 'roxy-wi': - requests.get(f'https://roxy-wi.org/version/send/{current_ver}', timeout=1, proxies=proxy_dict) - roxy_wi_get_plan = requests.get(f'https://roxy-wi.org/user-name/{user_name}', timeout=1, proxies=proxy_dict) - else: - response = requests.get(f'https://roxy-wi.org/version/get/{service}', timeout=1) - if service == 'roxy-wi': - requests.get(f'https://roxy-wi.org/version/send/{current_ver}', timeout=1) - roxy_wi_get_plan = requests.get(f'https://roxy-wi.org/user-name/{user_name}', timeout=1) - - res = response.content.decode(encoding='UTF-8') - if service == 'roxy-wi': - try: - status = roxy_wi_get_plan.content.decode(encoding='UTF-8') - status = status.split(' ') - sql.update_user_status(status[0], status[1].strip(), status[2].strip()) - except Exception: - pass - except requests.exceptions.RequestException as e: - logging('Roxy-WI server', f' {e}', roxywi=1) - - return res - - -def versions(): - try: - current_ver = check_ver() - current_ver_without_dots = current_ver.split('.') - current_ver_without_dots = ''.join(current_ver_without_dots) - current_ver_without_dots = current_ver_without_dots.replace('\n', '') - if len(current_ver_without_dots) == 2: - current_ver_without_dots += '00' - if len(current_ver_without_dots) == 3: - current_ver_without_dots += '0' - current_ver_without_dots = int(current_ver_without_dots) - except Exception: - current_ver = "Sorry cannot get current version" - current_ver_without_dots = 0 - - try: - new_ver = check_new_version('roxy-wi') - new_ver_without_dots = new_ver.split('.') - new_ver_without_dots = ''.join(new_ver_without_dots) - new_ver_without_dots = new_ver_without_dots.replace('\n', '') - if len(new_ver_without_dots) == 2: - new_ver_without_dots += '00' - if len(new_ver_without_dots) == 3: - new_ver_without_dots += '0' - new_ver_without_dots = int(new_ver_without_dots) - except Exception as e: - new_ver = "Cannot get a new version" - new_ver_without_dots = 0 - logging('Roxy-WI server', f' {e}', roxywi=1) - - return current_ver, new_ver, current_ver_without_dots, new_ver_without_dots - - -def get_users_params(**kwargs): - cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) - - try: - user_uuid = cookie.get('uuid') - user = sql.get_user_name_by_uuid(user_uuid.value) - except Exception: - print('') - return - try: - role = sql.get_user_role_by_uuid(user_uuid.value) - except Exception: - print('') - return - try: - user_id = sql.get_user_id_by_uuid(user_uuid.value) - user_services = sql.select_user_services(user_id) - token = sql.get_token(user_uuid.value) - except Exception: - print('') - return - - if kwargs.get('virt') and kwargs.get('haproxy'): - servers = sql.get_dick_permit(virt=1, haproxy=1) - elif kwargs.get('virt'): - servers = sql.get_dick_permit(virt=1) - elif kwargs.get('disable'): - servers = sql.get_dick_permit(disable=0) - elif kwargs.get('haproxy'): - servers = sql.get_dick_permit(haproxy=1) - elif kwargs.get('service'): - servers = sql.get_dick_permit(service=kwargs.get('service')) - else: - servers = sql.get_dick_permit() - - return user, user_uuid, role, token, servers, user_services - - -def check_user_group(**kwargs): - if kwargs.get('token') is not None: - return True - - if kwargs.get('user_uuid'): - group_id = kwargs.get('user_group_id') - user_uuid = kwargs.get('user_uuid') - user_id = sql.get_user_id_by_uuid(user_uuid) - else: - cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) - user_uuid = cookie.get('uuid') - group = cookie.get('group') - group_id = group.value - user_id = sql.get_user_id_by_uuid(user_uuid.value) - - if sql.check_user_group(user_id, group_id): - return True - else: - logging('Roxy-WI server', ' has tried to actions in not his group ', roxywi=1, login=1) - try: - ref = os.environ.get("REQUEST_URI").split('&')[0] - except Exception: - ref = os.environ.get("REQUEST_URI") - ref = checkAjaxInput(ref) - print(f'') - return - - -def check_is_server_in_group(server_ip: str) -> bool: - group_id = get_user_group(id=1) - servers = sql.select_servers(server=server_ip) - for s in servers: - if (s[2] == server_ip and int(s[3]) == int(group_id)) or group_id == 1: - return True - else: - logging('Roxy-WI server', ' has tried to actions in not his group server ', roxywi=1, login=1) - try: - ref = os.environ.get("REQUEST_URI").split('&')[0] - except Exception: - ref = os.environ.get("REQUEST_URI") - ref = checkAjaxInput(ref) - print(f'') - return False - - -def check_service(server_ip, service_name): - server_ip = is_ip_or_dns(server_ip) - commands = ["systemctl is-active " + service_name] - return ssh_command(server_ip, commands) - - -def get_service_version(server_ip: str, service_name: str) -> str: - server_ip = is_ip_or_dns(server_ip) - if service_name == 'haproxy_exporter': - commands = ["/opt/prometheus/exporters/haproxy_exporter --version 2>&1 |head -1|awk '{print $3}'"] - elif service_name == 'nginx_exporter': - commands = ["/opt/prometheus/exporters/nginx_exporter 2>&1 |head -1 |awk -F\"=\" '{print $2}'|awk '{print $1}'"] - elif service_name == 'node_exporter': - commands = ["node_exporter --version 2>&1 |head -1|awk '{print $3}'"] - elif service_name == 'apache_exporter': - commands = ["/opt/prometheus/exporters/apache_exporter --version 2>&1 |head -1|awk '{print $3}'"] - - ver = ssh_command(server_ip, commands) - - if ver != '': - return ver - else: - return 'no' - - -def get_services_status(): - services = [] - is_in_docker = is_docker() - services_name = { - 'roxy-wi-checker': 'Checker is designed for monitoring HAProxy, NGINX, Apache and Keepalived services as well as HAProxy backends and maxconn', - 'roxy-wi-keep_alive': ' The Auto Start service allows to restart the HAProxy, NGINX, Apache and Keepalived services if they are down', - 'roxy-wi-metrics': 'Collects number of connections for HAProxy, NGINX, Apache and HAProxy WAF services', - 'roxy-wi-portscanner': 'Probes and saves a server or host for open ports', - 'roxy-wi-smon': 'SMON stands for Simple MONitoring', - 'roxy-wi-socket': 'Socket is a service for sending alerts and notifications', - 'roxy-wi-prometheus-exporter': 'Prometheus exporter', - 'prometheus': 'Prometheus service', - 'grafana-server': 'Grafana service', - 'fail2ban': 'Fail2ban service', - 'rabbitmq-server': 'Message broker service' - } - for s, v in services_name.items(): - if is_in_docker: - cmd = f"sudo supervisorctl status {s}|awk '{{print $2}}'" - else: - cmd = f"systemctl is-active {s}" - - status, stderr = subprocess_execute(cmd) - - if s != 'roxy-wi-keep_alive': - service_name = s.split('_')[0] - if s == 'grafana-server': - service_name = 'grafana' - elif s == 'roxy-wi-keep_alive' and distro.id() == 'ubuntu': - service_name = 'roxy-wi-keep-alive' - else: - service_name = s - - if service_name == 'prometheus': - cmd = "prometheus --version 2>&1 |grep prometheus|awk '{print $3}'" - else: - if distro.id() == 'ubuntu': - cmd = f"apt list --installed 2>&1 |grep {service_name}|awk '{{print $2}}'|sed 's/-/./'" - else: - cmd = f"rpm -q {service_name}|awk -F\"{service_name}\" '{{print $2}}' |awk -F\".noa\" '{{print $1}}' |sed 's/-//1' |sed 's/-/./'" - service_ver, stderr = subprocess_execute(cmd) - - try: - if service_ver[0] == 'command' or service_ver[0] == 'prometheus:': - service_ver[0] = '' - except Exception: - pass - - try: - services.append([s, status, v, service_ver[0]]) - except Exception: - services.append([s, status, v, '']) - - return services - - -def is_file_exists(server_ip: str, file: str) -> bool: - cmd = [f'[ -f {file} ] && echo yes || echo no'] - - out = ssh_command(server_ip, cmd) - return True if 'yes' in out else False - - -def is_service_active(server_ip: str, service_name: str) -> bool: - cmd = [f'systemctl is-active {service_name}'] - - out = ssh_command(server_ip, cmd) - out = out.strip() - return True if 'active' == out else False - - -def get_system_info(server_ip: str) -> str: - server_ip = is_ip_or_dns(server_ip) - if server_ip == '': - return 'error: IP cannot be empty' - - server_id = sql.select_server_id_by_ip(server_ip) - - command = ["sudo lshw -quiet -json"] - try: - sys_info_returned = ssh_command(server_ip, command) - except Exception as e: - raise e - command = ['sudo hostnamectl |grep "Operating System"|awk -F":" \'{print $2}\''] - try: - os_info = ssh_command(server_ip, command) - except Exception as e: - raise e - os_info = os_info.strip() - system_info = json.loads(sys_info_returned) - - sys_info = {'hostname': system_info['id'], 'family': ''} - cpu = {'cpu_model': '', 'cpu_core': 0, 'cpu_thread': 0, 'hz': 0} - network = {} - ram = {'slots': 0, 'size': 0} - disks = {} - - try: - sys_info['family'] = system_info['configuration']['family'] - except Exception: - pass - - for i in system_info['children']: - if i['class'] == 'network': - try: - ip = i['configuration']['ip'] - except Exception: - ip = '' - network[i['logicalname']] = { - 'description': i['description'], - 'mac': i['serial'], - 'ip': ip - } - for k, j in i.items(): - if isinstance(j, list): - for b in j: - try: - if b['class'] == 'processor': - cpu['cpu_model'] = b['product'] - cpu['cpu_core'] += 1 - cpu['hz'] = round(int(b['capacity']) / 1000000) - try: - cpu['cpu_thread'] += int(b['configuration']['threads']) - except Exception: - cpu['cpu_thread'] = 1 - except Exception: - pass - - try: - if b['id'] == 'memory': - ram['size'] = round(b['size'] / 1073741824) - for memory in b['children']: - ram['slots'] += 1 - except Exception: - pass - - try: - if b['class'] == 'storage': - for p, pval in b.items(): - if isinstance(pval, list): - for disks_info in pval: - for volume_info in disks_info['children']: - if isinstance(volume_info['logicalname'], list): - volume_name = volume_info['logicalname'][0] - mount_point = volume_info['logicalname'][1] - size = round(volume_info['capacity'] / 1073741824) - size = str(size) + 'Gb' - fs = volume_info['configuration']['mount.fstype'] - state = volume_info['configuration']['state'] - disks[volume_name] = { - 'mount_point': mount_point, - 'size': size, - 'fs': fs, - 'state': state - } - except Exception: - pass - - try: - if b['class'] == 'bridge': - if 'children' in b: - for s in b['children']: - if s['class'] == 'network': - if 'children' in s: - for net in s['children']: - network[net['logicalname']] = { - 'description': net['description'], - 'mac': net['serial'] - } - if s['class'] == 'storage': - for p, pval in s.items(): - if isinstance(pval, list): - for disks_info in pval: - if 'children' in disks_info: - for volume_info in disks_info['children']: - if isinstance(volume_info['logicalname'], dict): - volume_name = volume_info['logicalname'][0] - mount_point = volume_info['logicalname'][1] - size = round(volume_info['size'] / 1073741824) - size = str(size) + 'Gb' - fs = volume_info['configuration']['mount.fstype'] - state = volume_info['configuration']['state'] - disks[volume_name] = { - 'mount_point': mount_point, - 'size': size, - 'fs': fs, - 'state': state - } - for z, n in s.items(): - if isinstance(n, list): - for y in n: - if y['class'] == 'network': - try: - for q in y['children']: - try: - ip = q['configuration']['ip'] - except Exception: - ip = '' - network[q['logicalname']] = { - 'description': q['description'], - 'mac': q['serial'], - 'ip': ip} - except Exception: - try: - network[y['logicalname']] = { - 'description': y['description'], - 'mac': y['serial'], - 'ip': y['configuration']['ip']} - except Exception: - pass - if y['class'] == 'disk': - try: - for q in y['children']: - try: - if isinstance(q['logicalname'], list): - volume_name = q['logicalname'][0] - mount_point = q['logicalname'][1] - size = round(q['capacity'] / 1073741824) - size = str(size) + 'Gb' - fs = q['configuration']['mount.fstype'] - state = q['configuration']['state'] - disks[volume_name] = { - 'mount_point': mount_point, - 'size': size, - 'fs': fs, - 'state': state - } - except Exception as e: - print(e) - except Exception: - pass - if y['class'] == 'storage' or y['class'] == 'generic': - try: - for q in y['children']: - for o in q['children']: - try: - volume_name = o['logicalname'] - mount_point = '' - size = round(o['size'] / 1073741824) - size = str(size) + 'Gb' - fs = '' - state = '' - disks[volume_name] = { - 'mount_point': mount_point, - 'size': size, - 'fs': fs, - 'state': state - } - except Exception: - pass - for w in o['children']: - try: - if isinstance(w['logicalname'], list): - volume_name = w['logicalname'][0] - mount_point = w['logicalname'][1] - try: - size = round(w['size'] / 1073741824) - size = str(size) + 'Gb' - except Exception: - size = '' - fs = w['configuration']['mount.fstype'] - state = w['configuration']['state'] - disks[volume_name] = { - 'mount_point': mount_point, - 'size': size, - 'fs': fs, - 'state': state - } - except Exception: - pass - except Exception: - pass - try: - for q, qval in y.items(): - if isinstance(qval, list): - for o in qval: - for w in o['children']: - if isinstance(w['logicalname'], list): - volume_name = w['logicalname'][0] - mount_point = w['logicalname'][1] - size = round(w['size'] / 1073741824) - size = str(size) + 'Gb' - fs = w['configuration']['mount.fstype'] - state = w['configuration']['state'] - disks[volume_name] = { - 'mount_point': mount_point, - 'size': size, - 'fs': fs, - 'state': state - } - except Exception: - pass - except Exception: - pass - - try: - sql.insert_system_info(server_id, os_info, sys_info, cpu, ram, network, disks) - except Exception as e: - raise e - - -def string_to_dict(dict_string) -> dict: - from ast import literal_eval - return literal_eval(dict_string) - - -def send_message_to_rabbit(message: str, **kwargs) -> None: - import pika - rabbit_user = sql.get_setting('rabbitmq_user') - rabbit_password = sql.get_setting('rabbitmq_password') - rabbit_host = sql.get_setting('rabbitmq_host') - rabbit_port = sql.get_setting('rabbitmq_port') - rabbit_vhost = sql.get_setting('rabbitmq_vhost') - if kwargs.get('rabbit_queue'): - rabbit_queue = kwargs.get('rabbit_queue') - else: - rabbit_queue = sql.get_setting('rabbitmq_queue') - - credentials = pika.PlainCredentials(rabbit_user, rabbit_password) - parameters = pika.ConnectionParameters( - rabbit_host, - rabbit_port, - rabbit_vhost, - credentials - ) - - connection = pika.BlockingConnection(parameters) - channel = connection.channel() - channel.queue_declare(queue=rabbit_queue) - channel.basic_publish(exchange='', routing_key=rabbit_queue, body=message) - - connection.close() - - -def is_restarted(server_ip: str, action: str) -> None: - cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) - user_uuid = cookie.get('uuid') - user_role = sql.get_user_role_by_uuid(user_uuid.value) - - if sql.is_serv_protected(server_ip) and int(user_role) > 2: - print(f'error: This server is protected. You cannot {action} it') - return - - -def is_not_allowed_to_restart(server_id: int, service: str) -> None: - is_restart = sql.select_service_setting(server_id, service, 'restart') - - if int(is_restart) == 1: - print('warning: this service is not allowed to be restarted') - return - - -def return_user_status(): - user_status = sql.select_user_status() - user_plan = sql.select_user_plan() - - return user_status, user_plan - - -def get_correct_apache_service_name(server_ip=None, server_id=0) -> str: - if server_id is None: - server_id = sql.select_server_id_by_ip(server_ip) - - try: - os_info = sql.select_os_info(server_id) - except Exception: - return 'error: cannot get server info' - - if "CentOS" in os_info or "Redhat" in os_info: - return 'httpd' - else: - return 'apache2' - - -def is_docker() -> bool: - path = "/proc/self/cgroup" - if not os.path.isfile(path): - return False - with open(path) as f: - for line in f: - if re.match("\d+:[\w=]+:/docker(-[ce]e)?/\w+", line): - return True - return False - - -def send_email(email_to: str, subject: str, message: str) -> None: - from smtplib import SMTP - - try: - from email.MIMEText import MIMEText - except Exception: - from email.mime.text import MIMEText - - mail_ssl = sql.get_setting('mail_ssl') - mail_from = sql.get_setting('mail_from') - mail_smtp_host = sql.get_setting('mail_smtp_host') - mail_smtp_port = sql.get_setting('mail_smtp_port') - mail_smtp_user = sql.get_setting('mail_smtp_user') - mail_smtp_password = sql.get_setting('mail_smtp_password') - - msg = MIMEText(message) - msg['Subject'] = 'Roxy-WI: ' + subject - msg['From'] = 'Roxy-WI <' + mail_from + '>' - msg['To'] = email_to - - try: - smtp_obj = SMTP(mail_smtp_host, mail_smtp_port) - if mail_ssl: - smtp_obj.starttls() - smtp_obj.login(mail_smtp_user, mail_smtp_password) - smtp_obj.send_message(msg) - logging('Roxy-WI server', f'An email has been sent to {email_to}', roxywi=1) - except Exception as e: - logging('Roxy-WI server', f'error: unable to send email: {e}', roxywi=1) - - -def send_email_to_server_group(subject: str, mes: str, group_id: int) -> None: - try: - users_email = sql.select_users_emails_by_group_id(group_id) - - for user_email in users_email: - send_email(user_email.email, subject, mes) - except Exception as e: - logging('Roxy-WI server', f'error: unable to send email: {e}', roxywi=1) - - -def alert_routing( - server_ip: str, service_id: int, group_id: int, level: str, mes: str, alert_type: str -) -> None: - subject: str = level + ': ' + mes - server_id: int = sql.select_server_id_by_ip(server_ip) - checker_settings = sql.select_checker_settings_for_server(service_id, server_id) - - try: - json_for_sending = {"user_group": group_id, "message": subject} - send_message_to_rabbit(json.dumps(json_for_sending)) - except Exception as e: - logging('Roxy-WI server', 'error: unable to send message: ' + str(e), roxywi=1) - - for setting in checker_settings: - if alert_type == 'service' and setting.service_alert: - telegram_send_mess(mes, telegram_channel_id=setting.telegram_id) - slack_send_mess(mes, slack_channel_id=setting.slack_id) - - if setting.email: - send_email_to_server_group(subject, mes, group_id) - - if alert_type == 'backend' and setting.backend_alert: - telegram_send_mess(mes, telegram_channel_id=setting.telegram_id) - slack_send_mess(mes, slack_channel_id=setting.slack_id) - - if setting.email: - send_email_to_server_group(subject, mes, group_id) - - if alert_type == 'maxconn' and setting.maxconn_alert: - telegram_send_mess(mes, telegram_channel_id=setting.telegram_id) - slack_send_mess(mes, slack_channel_id=setting.slack_id) - - if setting.email: - send_email_to_server_group(subject, mes, group_id) - - -def get_data(log_type, **kwargs): - return get_date.return_date(log_type, **kwargs) diff --git a/app/ha.py b/app/ha.py index 291791e2..ba7e1ced 100644 --- a/app/ha.py +++ b/app/ha.py @@ -1,38 +1,39 @@ #!/usr/bin/env python3 import sys -import funct +import modules.common.common as common +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common + from jinja2 import Environment, FileSystemLoader env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('ha.html') +title="Create and configure HA cluster" print('Content-type: text/html\n') -form = funct.form +form = common.form serv = form.getvalue('serv') -try: - user, user_id, role, token, servers, user_services = funct.get_users_params() -except Exception: - pass +user_params = roxywi_common.get_users_params(service='keepalived') try: - funct.check_login(user_id, token, service=3) + roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=3) except Exception as e: print(f'error {e}') sys.exit() -funct.page_for_admin(level=2) +roxywi_auth.page_for_admin(level=2) try: - user_status, user_plan = funct.return_user_status() + user_subscription = roxywi_common.return_user_status() except Exception as e: - user_status, user_plan = 0, 0 - funct.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) + user_subscription = roxywi_common.return_unsubscribed_user_status() + roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) - -output_from_parsed_template = template.render( - h2=1, title="Create and configure HA cluster", role=role, user=user, serv=serv, selects=servers, - user_services=user_services, user_status=user_status, user_plan=user_plan, token=token +parsed_template = template.render( + h2=1, title=title, role=user_params['role'], user=user_params['user'], serv=serv, selects=user_params['servers'], + user_services=user_params['user_services'], user_status=user_subscription['user_status'], + user_plan=user_subscription['user_plan'], token=user_params['token'] ) -print(output_from_parsed_template) +print(parsed_template) diff --git a/app/hapservers.py b/app/hapservers.py index f3fc204d..68328cdc 100644 --- a/app/hapservers.py +++ b/app/hapservers.py @@ -3,184 +3,188 @@ import sys import distro -import funct -import sql +import modules.db.sql as sql +import modules.common.common as common +import modules.server.server as server_mod +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common from jinja2 import Environment, FileSystemLoader +import modules.roxywi.common as roxywi_common env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('hapservers.html') print('Content-type: text/html\n') -user, user_id, role, token, servers, user_services = funct.get_users_params() +user_params = roxywi_common.get_users_params() services = [] servers: object -form = funct.form -serv = funct.is_ip_or_dns(form.getvalue('serv')) -service = funct.checkAjaxInput(form.getvalue('service')) +form = common.form +serv = common.is_ip_or_dns(form.getvalue('serv')) +service = common.checkAjaxInput(form.getvalue('service')) autorefresh = 0 servers_waf = () title = '' cmd = "ps ax |grep -e 'keep_alive.py' |grep -v grep |wc -l" -keep_alive, stderr = funct.subprocess_execute(cmd) +keep_alive, stderr = server_mod.subprocess_execute(cmd) is_restart = '' service_desc = '' restart_settings = '' if service in ('haproxy', 'nginx', 'keepalived', 'apache'): - service_desc = sql.select_service(service) - if funct.check_login(user_id, token, service=service_desc.service_id): - title = f'{service_desc.service} servers overview' - if serv: - if funct.check_is_server_in_group(serv): - servers = sql.select_servers(server=serv) - autorefresh = 1 - server_id = sql.select_server_id_by_ip(serv) - docker_settings = sql.select_docker_service_settings(server_id, service_desc.slug) - restart_settings = sql.select_restart_service_settings(server_id, service_desc.slug) - else: - servers = sql.get_dick_permit(virt=1, service=service_desc.slug) - docker_settings = sql.select_docker_services_settings(service_desc.slug) - restart_settings = sql.select_restart_services_settings(service_desc.slug) + service_desc = sql.select_service(service) + if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id): + title = f'{service_desc.service} servers overview' + if serv: + if roxywi_common.check_is_server_in_group(serv): + servers = sql.select_servers(server=serv) + autorefresh = 1 + server_id = sql.select_server_id_by_ip(serv) + docker_settings = sql.select_docker_service_settings(server_id, service_desc.slug) + restart_settings = sql.select_restart_service_settings(server_id, service_desc.slug) + else: + servers = roxywi_common.get_dick_permit(virt=1, service=service_desc.slug) + docker_settings = sql.select_docker_services_settings(service_desc.slug) + restart_settings = sql.select_restart_services_settings(service_desc.slug) else: - print('') - sys.exit() + print('') + sys.exit() services_name = {'roxy-wi-checker': 'Master backends checker service', - 'roxy-wi-keep_alive': 'Auto start service', - 'roxy-wi-metrics': 'Master metrics service'} + 'roxy-wi-keep_alive': 'Auto start service', + 'roxy-wi-metrics': 'Master metrics service'} for s, v in services_name.items(): - if distro.id() == 'ubuntu': - if s == 'roxy-wi-keep_alive': - s = 'roxy-wi-keep-alive' - cmd = "apt list --installed 2>&1 |grep " + s - else: - cmd = "rpm --query " + s + "-* |awk -F\"" + s + "\" '{print $2}' |awk -F\".noa\" '{print $1}' |sed 's/-//1' |sed 's/-/./'" - service_ver, stderr = funct.subprocess_execute(cmd) - try: - services.append([s, service_ver[0]]) - except Exception: - services.append([s, '']) + if distro.id() == 'ubuntu': + if s == 'roxy-wi-keep_alive': + s = 'roxy-wi-keep-alive' + cmd = "apt list --installed 2>&1 |grep " + s + else: + cmd = "rpm --query " + s + "-* |awk -F\"" + s + "\" '{print $2}' |awk -F\".noa\" '{print $1}' |sed 's/-//1' |sed 's/-/./'" + service_ver, stderr = server_mod.subprocess_execute(cmd) + try: + services.append([s, service_ver[0]]) + except Exception: + services.append([s, '']) haproxy_sock_port = sql.get_setting('haproxy_sock_port') servers_with_status1 = [] out1 = '' if len(servers) == 1: - serv = servers[0][2] + serv = servers[0][2] for s in servers: - servers_with_status = list() - servers_with_status.append(s[0]) - servers_with_status.append(s[1]) - servers_with_status.append(s[2]) - servers_with_status.append(s[11]) - if service == 'nginx': - h = (['', ''],) - cmd = [ - "/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active' |awk " - "'{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l"] - for service_set in docker_settings: - if service_set.server_id == s[0] and service_set.setting == 'dockerized' and service_set.value == '1': - container_name = sql.get_setting('nginx_container_name') - cmd = [ - "docker exec -it " + container_name + " /usr/sbin/nginx -v 2>&1|awk '{print $3}' && " - "docker ps -a -f name=" + container_name + " --format '{{.Status}}'|tail -1 && ps ax |grep nginx:" - "|grep -v grep |wc -l" - ] - try: - out = funct.ssh_command(s[2], cmd) - h = () - out1 = [] - for k in out.split(): - out1.append(k) - h = (out1,) - servers_with_status.append(h) - servers_with_status.append(h) - servers_with_status.append(s[17]) - except Exception: - servers_with_status.append(h) - servers_with_status.append(h) - servers_with_status.append(s[17]) - elif service == 'keepalived': - h = (['', ''],) - cmd = [ - "/usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}' && systemctl status keepalived |" - "grep -e 'Active' |awk '{print $2, $9$10$11$12$13}' && ps ax |grep keepalived|grep -v grep |wc -l" - ] - try: - out = funct.ssh_command(s[2], cmd) - out1 = [] - for k in out.split(): - out1.append(k) - h = (out1,) - servers_with_status.append(h) - servers_with_status.append(h) - servers_with_status.append(s[22]) - except Exception: - servers_with_status.append(h) - servers_with_status.append(h) - servers_with_status.append(s[22]) - elif service == 'apache': - h = (['', ''],) - apache_stats_user = sql.get_setting('apache_stats_user') - apache_stats_password = sql.get_setting('apache_stats_password') - apache_stats_port = sql.get_setting('apache_stats_port') - apache_stats_page = sql.get_setting('apache_stats_page') - cmd = "curl -s -u %s:%s http://%s:%s/%s?auto |grep 'ServerVersion\|Processes\|ServerUptime:'" % ( - apache_stats_user, apache_stats_password, s[2], apache_stats_port, apache_stats_page - ) - try: - out = funct.subprocess_execute(cmd) - if out != '': - for k in out: - servers_with_status.append(k) - servers_with_status.append(s[22]) - except Exception: - servers_with_status.append(h) - servers_with_status.append(h) - servers_with_status.append(s[22]) - else: - cmd = 'echo "show info" |nc %s %s -w 1 -v|grep -e "Ver\|Uptime:\|Process_num"' % (s[2], haproxy_sock_port) - out = funct.subprocess_execute(cmd) - for k in out: - if "Connection refused" not in k: - out1 = out - else: - out1 = False - servers_with_status.append(out1) + servers_with_status = list() + servers_with_status.append(s[0]) + servers_with_status.append(s[1]) + servers_with_status.append(s[2]) + servers_with_status.append(s[11]) + if service == 'nginx': + h = (['', ''],) + cmd = [ + "/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active' |awk " + "'{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l"] + for service_set in docker_settings: + if service_set.server_id == s[0] and service_set.setting == 'dockerized' and service_set.value == '1': + container_name = sql.get_setting('nginx_container_name') + cmd = [ + "docker exec -it " + container_name + " /usr/sbin/nginx -v 2>&1|awk '{print $3}' && " + "docker ps -a -f name=" + container_name + " --format '{{.Status}}'|tail -1 && ps ax |grep nginx:" + "|grep -v grep |wc -l" + ] + try: + out = server_mod.ssh_command(s[2], cmd) + h = () + out1 = [] + for k in out.split(): + out1.append(k) + h = (out1,) + servers_with_status.append(h) + servers_with_status.append(h) + servers_with_status.append(s[17]) + except Exception: + servers_with_status.append(h) + servers_with_status.append(h) + servers_with_status.append(s[17]) + elif service == 'keepalived': + h = (['', ''],) + cmd = [ + "/usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}' && systemctl status keepalived |" + "grep -e 'Active' |awk '{print $2, $9$10$11$12$13}' && ps ax |grep keepalived|grep -v grep |wc -l" + ] + try: + out = server_mod.ssh_command(s[2], cmd) + out1 = [] + for k in out.split(): + out1.append(k) + h = (out1,) + servers_with_status.append(h) + servers_with_status.append(h) + servers_with_status.append(s[22]) + except Exception: + servers_with_status.append(h) + servers_with_status.append(h) + servers_with_status.append(s[22]) + elif service == 'apache': + h = (['', ''],) + apache_stats_user = sql.get_setting('apache_stats_user') + apache_stats_password = sql.get_setting('apache_stats_password') + apache_stats_port = sql.get_setting('apache_stats_port') + apache_stats_page = sql.get_setting('apache_stats_page') + cmd = "curl -s -u %s:%s http://%s:%s/%s?auto |grep 'ServerVersion\|Processes\|ServerUptime:'" % ( + apache_stats_user, apache_stats_password, s[2], apache_stats_port, apache_stats_page + ) + try: + out = server_mod.subprocess_execute(cmd) + if out != '': + for k in out: + servers_with_status.append(k) + servers_with_status.append(s[22]) + except Exception: + servers_with_status.append(h) + servers_with_status.append(h) + servers_with_status.append(s[22]) + else: + cmd = 'echo "show info" |nc %s %s -w 1 -v|grep -e "Ver\|Uptime:\|Process_num"' % (s[2], haproxy_sock_port) + out = server_mod.subprocess_execute(cmd) + for k in out: + if "Connection refused" not in k: + out1 = out + else: + out1 = False + servers_with_status.append(out1) - servers_with_status.append(s[12]) + servers_with_status.append(s[12]) - servers_with_status.append(sql.is_master(s[2])) - servers_with_status.append(sql.select_servers(server=s[2])) + servers_with_status.append(sql.is_master(s[2])) + servers_with_status.append(sql.select_servers(server=s[2])) - is_keepalived = sql.select_keepalived(s[2]) + is_keepalived = sql.select_keepalived(s[2]) - if is_keepalived: - try: - cmd = ['sudo kill -USR1 `cat /var/run/keepalived.pid` && sudo grep State /tmp/keepalived.data -m 1 |' - 'awk -F"=" \'{print $2}\'|tr -d \'[:space:]\' && sudo rm -f /tmp/keepalived.data'] - out = funct.ssh_command(s[2], cmd) - out1 = ('1', out) - servers_with_status.append(out1) - except Exception as e: - servers_with_status.append(str(e)) - else: - servers_with_status.append('') + if is_keepalived: + try: + cmd = ['sudo kill -USR1 `cat /var/run/keepalived.pid` && sudo grep State /tmp/keepalived.data -m 1 |' + 'awk -F"=" \'{print $2}\'|tr -d \'[:space:]\' && sudo rm -f /tmp/keepalived.data'] + out = server_mod.ssh_command(s[2], cmd) + out1 = ('1', out) + servers_with_status.append(out1) + except Exception as e: + servers_with_status.append(str(e)) + else: + servers_with_status.append('') - servers_with_status1.append(servers_with_status) + servers_with_status1.append(servers_with_status) try: - user_status, user_plan = funct.return_user_status() + user_subscription = roxywi_common.return_user_status() except Exception as e: - user_status, user_plan = 0, 0 - funct.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) + user_subscription = roxywi_common.return_unsubscribed_user_status() + roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) template = template.render( - h2=1, autorefresh=autorefresh, title=title, role=role, user=user, servers=servers_with_status1, - keep_alive=''.join(keep_alive), serv=serv, service=service, services=services, user_services=user_services, - docker_settings=docker_settings, user_status=user_status, user_plan=user_plan, servers_waf=servers_waf, - restart_settings=restart_settings, service_desc=service_desc, token=token + h2=1, autorefresh=autorefresh, title=title, role=user_params['role'], user=user_params['user'], servers=servers_with_status1, + keep_alive=''.join(keep_alive), serv=serv, service=service, services=services, user_services=user_params['user_services'], + docker_settings=docker_settings, user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], + servers_waf=servers_waf, restart_settings=restart_settings, service_desc=service_desc, token=user_params['token'] ) print(template) diff --git a/app/history.py b/app/history.py index 1b8a308d..e21c5c77 100644 --- a/app/history.py +++ b/app/history.py @@ -1,6 +1,9 @@ #!/usr/bin/env python3 -import funct -import sql +import modules.db.sql as sql +import modules.common.common as common +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common + from jinja2 import Environment, FileSystemLoader env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) @@ -8,48 +11,44 @@ template = env.get_template('history.html') print('Content-type: text/html\n') -try: - user, user_id, role, token, servers, user_services \ - = funct.get_users_params() - services = [] -except Exception: - pass +user_params = roxywi_common.get_users_params(service='keepalived') -form = funct.form -serv = funct.is_ip_or_dns(form.getvalue('serv')) +form = common.form +serv = common.is_ip_or_dns(form.getvalue('serv')) service = form.getvalue('service') user_id_history = form.getvalue('user_id') if service in ('haproxy', 'nginx', 'keepalived', 'apache'): - service_desc = sql.select_service(service) - if funct.check_login(user_id, token, service=service_desc.service_id): - title = f'{service_desc.service} service history' - server_id = sql.select_server_id_by_ip(serv) - history = sql.select_action_history_by_server_id_and_service( - server_id, - service_desc.service - ) + service_desc = sql.select_service(service) + if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id): + title = f'{service_desc.service} service history' + server_id = sql.select_server_id_by_ip(serv) + history = sql.select_action_history_by_server_id_and_service( + server_id, + service_desc.service + ) elif service == 'server': - if serv: - title = f'{serv} history' - if funct.check_is_server_in_group(serv): - server_id = sql.select_server_id_by_ip(serv) - history = sql.select_action_history_by_server_id(server_id) + if serv: + title = f'{serv} history' + if roxywi_common.check_is_server_in_group(serv): + server_id = sql.select_server_id_by_ip(serv) + history = sql.select_action_history_by_server_id(server_id) elif service == 'user': - if user_id_history: - title = 'User history' - history = sql.select_action_history_by_user_id(user_id_history) + if user_id_history: + title = 'User history' + history = sql.select_action_history_by_user_id(user_id_history) users = sql.select_users() try: - user_status, user_plan = funct.return_user_status() + user_subscription = roxywi_common.return_user_status() except Exception as e: - user_status, user_plan = 0, 0 - funct.logging('Roxy-WI server', 'Cannot get a user plan: ' + str(e), roxywi=1) + user_subscription = roxywi_common.return_unsubscribed_user_status() + roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) rendered_template = template.render( - h2=1, autorefresh=0, title=title, role=role, user=user, users=users, serv=serv, service=service, - history=history, user_services=user_services, token=token, user_status=user_status, user_plan=user_plan + h2=1, autorefresh=0, title=title, role=user_params['role'], user=user_params['user'], users=users, serv=serv, + service=service, history=history, user_services=user_params['user_services'], token=user_params['token'], + user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'] ) print(rendered_template) diff --git a/app/login.py b/app/login.py index a7c0c5cf..c5544202 100644 --- a/app/login.py +++ b/app/login.py @@ -8,14 +8,16 @@ import datetime import uuid import distro -import sql -import funct +import modules.db.sql as sql +import modules.common.common as common +import modules.server.server as server_mod import modules.roxy_wi_tools as roxy_wi_tools +import modules.roxywi.common as roxywi_common from jinja2 import Environment, FileSystemLoader env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('login.html') -form = funct.form +form = common.form cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) user_id = cookie.get('uuid') @@ -75,7 +77,7 @@ def send_cookie(login): try: user_name = sql.get_user_name_by_uuid(user_uuid) - funct.logging('Roxy-WI server', f' user: {user_name}, group: {user_group} login', roxywi=1) + roxywi_roxywi_common.logging('Roxy-WI server', f' user: {user_name}, group: {user_group} login', roxywi=1) except Exception: pass print("Content-type: text/html\n") @@ -85,14 +87,14 @@ def send_cookie(login): if distro.id() == 'ubuntu': if os.path.exists('/etc/apt/auth.conf.d/roxy-wi.conf'): cmd = "grep login /etc/apt/auth.conf.d/roxy-wi.conf |awk '{print $2}'" - get_user_name, stderr = funct.subprocess_execute(cmd) + get_user_name, stderr = server_mod.subprocess_execute(cmd) user_name = get_user_name[0] else: user_name = 'git' else: if os.path.exists('/etc/yum.repos.d/roxy-wi.repo'): cmd = "grep base /etc/yum.repos.d/roxy-wi.repo |awk -F\":\" '{print $2}'|awk -F\"/\" '{print $3}'" - get_user_name, stderr = funct.subprocess_execute(cmd) + get_user_name, stderr = server_mod.subprocess_execute(cmd) user_name = get_user_name[0] else: user_name = 'git' @@ -101,7 +103,7 @@ def send_cookie(login): else: sql.insert_user_name(user_name) except Exception as e: - funct.logging('Cannot update subscription: ', str(e), roxywi=1) + roxywi_roxywi_common.logging('Cannot update subscription: ', str(e), roxywi=1) sys.exit() @@ -115,9 +117,9 @@ def ban(): c["ban"]["Secure"] = "True" c["ban"]["expires"] = expires.strftime("%a, %d %b %Y %H:%M:%S GMT") try: - funct.logging('Roxy-WI server', f'{login} failed log in', roxywi=1, login=1) + roxywi_roxywi_common.logging('Roxy-WI server', f'{login} failed log in', roxywi=1, login=1) except Exception: - funct.logging('Roxy-WI server', ' Failed log in. Wrong username', roxywi=1) + roxywi_roxywi_common.logging('Roxy-WI server', ' Failed log in. Wrong username', roxywi=1) print(c.output()) print("Content-type: text/html\n") print('ban') diff --git a/app/logs.py b/app/logs.py index 2091b6af..e1389ff4 100644 --- a/app/logs.py +++ b/app/logs.py @@ -1,16 +1,16 @@ #!/usr/bin/env python3 -import funct -import sql +import modules.db.sql as sql +import modules.common.common as common +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common + from jinja2 import Environment, FileSystemLoader env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('logs.html') -form = funct.form +form = common.form print('Content-type: text/html\n') -try: - user, user_id, role, token, servers, user_services = funct.get_users_params() -except Exception: - pass +user_params = roxywi_common.get_users_params() if form.getvalue('grep') is None: grep = "" @@ -32,24 +32,25 @@ hour1 = form.getvalue('hour1') minut = form.getvalue('minut') minut1 = form.getvalue('minut1') waf = form.getvalue('waf') -service = funct.checkAjaxInput(form.getvalue('service')) +service = common.checkAjaxInput(form.getvalue('service')) remote_file = form.getvalue('file') if service in ('haproxy', 'nginx', 'keepalived', 'apache'): service_desc = sql.select_service(service) - if funct.check_login(user_id, token, service=service_desc.service_id): + if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id): title = f"{service_desc.service}`s logs" - servers = sql.get_dick_permit(service=service_desc.slug) + servers = roxywi_common.get_dick_permit(service=service_desc.slug) elif waf == '1': - if funct.check_login(service=1): + if roxywi_auth.check_login(service=1): title = "WAF logs" - servers = sql.get_dick_permit(haproxy=1) + servers = roxywi_common.get_dick_permit(haproxy=1) else: print('') template = template.render( - h2=1, autorefresh=1, title=title, role=role, user=user, select_id="serv", selects=servers, - serv=form.getvalue('serv'), rows=rows, grep=grep, exgrep=exgrep, hour=hour, hour1=hour1, minut=minut, - minut1=minut1, waf=waf, service=service, user_services=user_services, token=token, remote_file=remote_file + h2=1, autorefresh=1, title=title, role=user_params['role'], user=user_params['user'], select_id="serv", + selects=servers, serv=form.getvalue('serv'), rows=rows, grep=grep, exgrep=exgrep, hour=hour, hour1=hour1, + minut=minut, minut1=minut1, waf=waf, service=service, user_services=user_params['user_services'], + token=user_params['token'], remote_file=remote_file ) print(template) diff --git a/app/metrics.py b/app/metrics.py index f1406c4c..5efcb680 100644 --- a/app/metrics.py +++ b/app/metrics.py @@ -1,25 +1,31 @@ #!/usr/bin/env python3 import distro -import funct -import sql +import modules.db.sql as sql +import modules.common.common as common +import modules.server.server as server_mod +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common + from jinja2 import Environment, FileSystemLoader env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('metrics.html') -form = funct.form +form = common.form service = form.getvalue('service') title = 'Metrics service' print('Content-type: text/html\n') -user, user_id, role, token, servers, user_services = funct.get_users_params() +user_params = roxywi_common.get_users_params() + +roxywi_common.check_user_group() try: if distro.id() == 'ubuntu': cmd = "apt list --installed 2>&1 |grep roxy-wi-metrics" else: cmd = "rpm -q roxy-wi-metrics-* |awk -F\"metrics\" '{print $2}' |awk -F\".noa\" '{print $1}' |sed 's/-//1' |sed 's/-/./'" - service_ver, stderr = funct.subprocess_execute(cmd) + service_ver, stderr = server_mod.subprocess_execute(cmd) services = '0' if not stderr: @@ -27,31 +33,32 @@ try: servers = '' else: if service == 'nginx': - if funct.check_login(user_id, token, service=2): + if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=2): title = "NGINX`s metrics" - servers = sql.select_nginx_servers_metrics_for_master() + user_params['servers'] = sql.select_nginx_servers_metrics_for_master() elif service == 'apache': - if funct.check_login(user_id, token, service=4): + if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=4): title = "Apache`s metrics" - servers = sql.select_apache_servers_metrics_for_master() + user_params['servers'] = sql.select_apache_servers_metrics_for_master() else: - if funct.check_login(user_id, token, service=1): + if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1): title = "HAProxy`s metrics" - servers = sql.select_servers_metrics() + group_id = roxywi_common.get_user_group(id=1) + user_params['servers'] = sql.select_servers_metrics(group_id) service = 'haproxy' services = '1' except Exception: pass try: - user_status, user_plan = funct.return_user_status() + user_subscription = roxywi_common.return_user_status() except Exception as e: - user_status, user_plan = 0, 0 - funct.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) - + user_subscription = roxywi_common.return_unsubscribed_user_status() + roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) template = template.render( - h2=1, title=title, autorefresh=1, role=role, user=user, servers=servers, services=services, - user_services=user_services, service=service, user_status=user_status, user_plan=user_plan, token=token + h2=1, title=title, autorefresh=1, role=user_params['role'], user=user_params['user'], servers=user_params['servers'], + services=services, user_services=user_params['user_services'], service=service, user_status=user_subscription['user_status'], + user_plan=user_subscription['user_plan'], token=user_params['token'] ) print(template) diff --git a/app/modules/alerting/__init__.py b/app/modules/alerting/__init__.py new file mode 100644 index 00000000..ec8976af --- /dev/null +++ b/app/modules/alerting/__init__.py @@ -0,0 +1 @@ +NAME = 'roxy-wi-alerting-module' diff --git a/app/modules/alerting/alerting.py b/app/modules/alerting/alerting.py new file mode 100644 index 00000000..835005f7 --- /dev/null +++ b/app/modules/alerting/alerting.py @@ -0,0 +1,175 @@ +import json + +import pika + +import modules.db.sql as sql +import modules.roxywi.common as roxywi_common + + +def send_message_to_rabbit(message: str, **kwargs) -> None: + rabbit_user = sql.get_setting('rabbitmq_user') + rabbit_password = sql.get_setting('rabbitmq_password') + rabbit_host = sql.get_setting('rabbitmq_host') + rabbit_port = sql.get_setting('rabbitmq_port') + rabbit_vhost = sql.get_setting('rabbitmq_vhost') + if kwargs.get('rabbit_queue'): + rabbit_queue = kwargs.get('rabbit_queue') + else: + rabbit_queue = sql.get_setting('rabbitmq_queue') + + credentials = pika.PlainCredentials(rabbit_user, rabbit_password) + parameters = pika.ConnectionParameters( + rabbit_host, + rabbit_port, + rabbit_vhost, + credentials + ) + + connection = pika.BlockingConnection(parameters) + channel = connection.channel() + channel.queue_declare(queue=rabbit_queue) + channel.basic_publish(exchange='', routing_key=rabbit_queue, body=message) + + connection.close() + + +def alert_routing( + server_ip: str, service_id: int, group_id: int, level: str, mes: str, alert_type: str +) -> None: + subject: str = level + ': ' + mes + server_id: int = sql.select_server_id_by_ip(server_ip) + checker_settings = sql.select_checker_settings_for_server(service_id, server_id) + + try: + json_for_sending = {"user_group": group_id, "message": subject} + send_message_to_rabbit(json.dumps(json_for_sending)) + except Exception as e: + roxywi_common.logging('Roxy-WI server', 'error: unable to send message: ' + str(e), roxywi=1) + + for setting in checker_settings: + if alert_type == 'service' and setting.service_alert: + telegram_send_mess(mes, telegram_channel_id=setting.telegram_id) + slack_send_mess(mes, slack_channel_id=setting.slack_id) + + if setting.email: + send_email_to_server_group(subject, mes, group_id) + + if alert_type == 'backend' and setting.backend_alert: + telegram_send_mess(mes, telegram_channel_id=setting.telegram_id) + slack_send_mess(mes, slack_channel_id=setting.slack_id) + + if setting.email: + send_email_to_server_group(subject, mes, group_id) + + if alert_type == 'maxconn' and setting.maxconn_alert: + telegram_send_mess(mes, telegram_channel_id=setting.telegram_id) + slack_send_mess(mes, slack_channel_id=setting.slack_id) + + if setting.email: + send_email_to_server_group(subject, mes, group_id) + + +def send_email_to_server_group(subject: str, mes: str, group_id: int) -> None: + try: + users_email = sql.select_users_emails_by_group_id(group_id) + + for user_email in users_email: + send_email(user_email.email, subject, mes) + except Exception as e: + roxywi_common.logging('Roxy-WI server', f'error: unable to send email: {e}', roxywi=1) + + +def send_email(email_to: str, subject: str, message: str) -> None: + from smtplib import SMTP + + try: + from email.MIMEText import MIMEText + except Exception: + from email.mime.text import MIMEText + + mail_ssl = sql.get_setting('mail_ssl') + mail_from = sql.get_setting('mail_from') + mail_smtp_host = sql.get_setting('mail_smtp_host') + mail_smtp_port = sql.get_setting('mail_smtp_port') + mail_smtp_user = sql.get_setting('mail_smtp_user') + mail_smtp_password = sql.get_setting('mail_smtp_password') + + msg = MIMEText(message) + msg['Subject'] = 'Roxy-WI: ' + subject + msg['From'] = 'Roxy-WI <' + mail_from + '>' + msg['To'] = email_to + + try: + smtp_obj = SMTP(mail_smtp_host, mail_smtp_port) + if mail_ssl: + smtp_obj.starttls() + smtp_obj.login(mail_smtp_user, mail_smtp_password) + smtp_obj.send_message(msg) + roxywi_common.logging('Roxy-WI server', f'An email has been sent to {email_to}', roxywi=1) + except Exception as e: + roxywi_common.logging('Roxy-WI server', f'error: unable to send email: {e}', roxywi=1) + + +def telegram_send_mess(mess, **kwargs): + import telebot + from telebot import apihelper + token_bot = '' + channel_name = '' + + if kwargs.get('telegram_channel_id') == 0: + return + + if kwargs.get('telegram_channel_id'): + telegrams = sql.get_telegram_by_id(kwargs.get('telegram_channel_id')) + else: + telegrams = sql.get_telegram_by_ip(kwargs.get('ip')) + + proxy = sql.get_setting('proxy') + + for telegram in telegrams: + token_bot = telegram.token + channel_name = telegram.chanel_name + + if token_bot == '' or channel_name == '': + mess = " Can't send message. Add Telegram channel before use alerting at this servers group" + roxywi_common.logging('Roxy-WI server', mess, roxywi=1) + + if proxy is not None and proxy != '' and proxy != 'None': + apihelper.proxy = {'https': proxy} + try: + bot = telebot.TeleBot(token=token_bot) + bot.send_message(chat_id=channel_name, text=mess) + except Exception as e: + roxywi_common.logging('Roxy-WI server', str(e), roxywi=1) + + +def slack_send_mess(mess, **kwargs): + from slack_sdk import WebClient + from slack_sdk.errors import SlackApiError + slack_token = '' + channel_name = '' + + if kwargs.get('slack_channel_id') == 0: + return + + if kwargs.get('slack_channel_id'): + slacks = sql.get_slack_by_id(kwargs.get('slack_channel_id')) + else: + slacks = sql.get_slack_by_ip(kwargs.get('ip')) + + proxy = sql.get_setting('proxy') + + for slack in slacks: + slack_token = slack.token + channel_name = slack.chanel_name + + if proxy is not None and proxy != '' and proxy != 'None': + proxies = dict(https=proxy, http=proxy) + client = WebClient(token=slack_token, proxies=proxies) + else: + client = WebClient(token=slack_token) + + try: + client.chat_postMessage(channel='#' + channel_name, text=mess) + except SlackApiError as e: + roxywi_common.logging('Roxy-WI server', str(e), roxywi=1) diff --git a/app/modules/common/__init__.py b/app/modules/common/__init__.py new file mode 100644 index 00000000..b64c655f --- /dev/null +++ b/app/modules/common/__init__.py @@ -0,0 +1 @@ +NAME = 'roxy-wi-common-modules' diff --git a/app/modules/common/common.py b/app/modules/common/common.py new file mode 100644 index 00000000..c475f8c1 --- /dev/null +++ b/app/modules/common/common.py @@ -0,0 +1,64 @@ +import re +import cgi + +form = cgi.FieldStorage() + + +def is_ip_or_dns(server_from_request: str) -> str: + ip_regex = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$" + dns_regex = "^(?!-)[A-Za-z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Za-z]{2,6}$" + try: + server_from_request = server_from_request.strip() + except Exception: + pass + try: + if server_from_request in ( + 'roxy-wi-checker', 'roxy-wi-keep_alive', 'roxy-wi-keep-alive', 'roxy-wi-metrics', + 'roxy-wi-portscanner', 'roxy-wi-smon', 'roxy-wi-socket', 'roxy-wi-prometheus-exporter', + 'prometheus', 'fail2ban', 'all', 'grafana-server', 'rabbitmq-server' + ): + return server_from_request + if re.match(ip_regex, server_from_request): + return server_from_request + else: + if re.match(dns_regex, server_from_request): + return server_from_request + else: + return '' + except Exception: + return '' + + +def checkAjaxInput(ajax_input: str): + pattern = re.compile('[&;|$`]') + if pattern.search(ajax_input): + print('error: nice try') + return + else: + from shlex import quote + return quote(ajax_input.rstrip()) + + +def return_nice_path(return_path: str) -> str: + if ( + 'nginx' not in return_path + and 'haproxy' not in return_path + and 'apache2' not in return_path + and 'httpd' not in return_path + and 'keepalived' not in return_path + ): + return 'error: The path must contain the name of the service. Check it in Roxy-WI settings' + + if return_path[-1] != '/': + return_path += '/' + + return return_path + + +def string_to_dict(dict_string) -> dict: + from ast import literal_eval + return literal_eval(dict_string) + + +def get_key(item): + return item[0] diff --git a/app/modules/config/__init__.py b/app/modules/config/__init__.py new file mode 100644 index 00000000..d24398b5 --- /dev/null +++ b/app/modules/config/__init__.py @@ -0,0 +1 @@ +NAME = 'roxy-wi-config-module' diff --git a/app/modules/config/config.py b/app/modules/config/config.py new file mode 100644 index 00000000..16387b39 --- /dev/null +++ b/app/modules/config/config.py @@ -0,0 +1,374 @@ +import os +import http.cookies + +import modules.db.sql as sql +import modules.common.common as common +import modules.server.server as server_mod +import modules.roxywi.common as roxywi_common +import modules.roxy_wi_tools as roxy_wi_tools +from modules.service.common import is_not_allowed_to_restart + +time_zone = sql.get_setting('time_zone') +get_date = roxy_wi_tools.GetDate(time_zone) +get_config_var = roxy_wi_tools.GetConfigVar() + + +def get_config(server_ip, cfg, **kwargs): + config_path = '' + + if kwargs.get("keepalived") or kwargs.get("service") == 'keepalived': + config_path = sql.get_setting('keepalived_config_path') + elif ( + kwargs.get("nginx") or kwargs.get("service") == 'nginx' + or kwargs.get("apache") or kwargs.get("service") == 'apache' + ): + config_path = kwargs.get('config_file_name') + elif kwargs.get("waf") or kwargs.get("service") == 'waf': + if kwargs.get("waf") == 'haproxy': + config_path = f'{sql.get_setting("haproxy_dir")}/waf/rules/{kwargs.get("waf_rule_file")}' + elif kwargs.get("waf") == 'nginx': + config_path = f'{sql.get_setting("nginx_dir")}/waf/rules/{kwargs.get("waf_rule_file")}' + else: + config_path = sql.get_setting('haproxy_config_path') + + try: + with server_mod.ssh_connect(server_ip) as ssh: + ssh.get_sftp(config_path, cfg) + except Exception as e: + roxywi_common.logging('Roxy-WI server', f'error: cannot get config: {e}', roxywi=1) + + +def upload(server_ip, path, file, **kwargs): + full_path = path + file + if kwargs.get('dir') == "fullpath": + full_path = path + + try: + with server_mod.ssh_connect(server_ip) as ssh: + ssh.put_sftp(file, full_path) + except Exception as e: + error = str(e.args) + roxywi_common.logging('Roxy-WI server', error, roxywi=1) + print(f' Cannot upload {file} to {full_path} to server: {server_ip} error: {error}') + return error + + +def upload_and_restart(server_ip: str, cfg: str, **kwargs): + error = '' + service_name = '' + container_name = '' + reload_or_restart_command = '' + file_format = 'conf' + config_path = kwargs.get('config_file_name') + config_date = get_date.return_date('config') + server_id = sql.select_server_id_by_ip(server_ip=server_ip) + + if kwargs.get("nginx"): + service = 'nginx' + elif kwargs.get("apache"): + service = 'apache' + elif kwargs.get("keepalived"): + service = 'keepalived' + config_path = sql.get_setting('keepalived_config_path') + file_format = 'cfg' + elif kwargs.get('waf'): + service = 'waf' + else: + service = 'haproxy' + config_path = sql.get_setting('haproxy_config_path') + file_format = 'cfg' + + tmp_file = f"{sql.get_setting('tmp_config_path')}/{config_date}.{file_format}" + is_dockerized = sql.select_service_setting(server_id, service, 'dockerized') + + if is_dockerized == '1': + service_cont_name = f'{service}_container_name' + container_name = sql.get_setting(service_cont_name) + reload_command = f" && sudo docker kill -s HUP {container_name}" + restart_command = f" && sudo docker restart {container_name}" + else: + service_name = service + if service == 'haproxy': + haproxy_enterprise = sql.select_service_setting(server_id, 'haproxy', 'haproxy_enterprise') + if haproxy_enterprise == '1': + service_name = "hapee-2.0-lb" + if service == 'apache': + service_name = get_correct_apache_service_name(server_ip, 0) + + reload_command = f" && sudo systemctl reload {service_name}" + restart_command = f" && sudo systemctl restart {service_name}" + + if kwargs.get("just_save") == 'save': + action = 'save' + elif kwargs.get("just_save") == 'test': + action = 'test' + elif kwargs.get("just_save") == 'reload': + action = 'reload' + reload_or_restart_command = reload_command + else: + is_not_allowed_to_restart(server_id, service) + action = 'restart' + reload_or_restart_command = restart_command + + if kwargs.get('login'): + login = kwargs.get('login') + else: + login = 1 + + try: + os.system(f"dos2unix {cfg}") + except OSError: + return 'error: there is no dos2unix' + + if service == "keepalived": + move_config = f"sudo mv -f {tmp_file} {config_path}" + if action == "save": + commands = [move_config] + else: + commands = [move_config + reload_or_restart_command] + elif service == "nginx": + if is_dockerized == '1': + check_config = f"sudo docker exec -it exec {container_name} nginx -t " + else: + check_config = "sudo nginx -t " + check_and_move = f"sudo mv -f {tmp_file} {config_path} && {check_config}" + if action == "test": + commands = [f"{check_config} && sudo rm -f {tmp_file}"] + elif action == "save": + commands = [check_and_move] + else: + commands = [check_and_move + reload_or_restart_command] + if sql.return_firewall(server_ip): + commands[0] += open_port_firewalld(cfg, server_ip=server_ip, service='nginx') + elif service == "apache": + if is_dockerized == '1': + check_config = f"sudo docker exec -it exec {container_name} sudo apachectl configtest " + else: + check_config = "sudo apachectl configtest " + check_and_move = f"sudo mv -f {tmp_file} {config_path} && {check_config}" + if action == "test": + commands = [f"{check_config} && sudo rm -f {tmp_file}"] + elif action == "save": + commands = [check_and_move] + else: + commands = [check_and_move + reload_or_restart_command] + # if sql.return_firewall(server_ip): + # commands[0] += open_port_firewalld(cfg, server_ip=server_ip, service='apache') + elif service == 'waf': + check_and_move = f"sudo mv -f {tmp_file} {config_path}" + if action == "save": + commands = [check_and_move] + else: + commands = [check_and_move + reload_or_restart_command] + else: + if is_dockerized == '1': + check_config = f"sudo docker exec -it {container_name} haproxy -c -f {tmp_file}" + else: + check_config = f"sudo {service_name} -c -f {tmp_file}" + move_config = f" && sudo mv -f {tmp_file} {config_path}" + + if action == "test": + commands = [f"{check_config} && sudo rm -f {tmp_file}"] + elif action == "save": + commands = [check_config + move_config] + else: + commands = [check_config + move_config + reload_or_restart_command] + if sql.return_firewall(server_ip): + commands[0] += open_port_firewalld(cfg, server_ip=server_ip) + + try: + upload(server_ip, tmp_file, cfg, dir='fullpath') + try: + if action != 'test': + roxywi_common.logging(server_ip, 'A new config file has been uploaded', login=login, keep_history=1, service=service) + except Exception as e: + roxywi_common.logging('Roxy-WI server', str(e), roxywi=1) + + # If master then save version of config in a new way + if not kwargs.get('slave') and service != 'waf': + from pathlib import Path + + diff = '' + try: + old_cfg = kwargs.get('oldcfg') + path = Path(old_cfg) + except Exception: + old_cfg = '' + path = Path(old_cfg) + + if not path.is_file(): + old_cfg = f'{tmp_file}.old' + try: + get_config(server_ip, old_cfg, service=service, config_file_name=config_path) + except Exception: + roxywi_common.logging('Roxy-WI server', 'Cannot download config for diff', roxywi=1) + try: + diff = diff_config(old_cfg, cfg, return_diff=1) + except Exception as e: + roxywi_common.logging('Roxy-WI server', str(e), roxywi=1) + + try: + user_id = roxywi_common.get_user_id(login=kwargs.get('login')) + sql.insert_config_version(server_id, user_id, service, cfg, config_path, diff) + except Exception as e: + roxywi_common.logging('Roxy-WI server', str(e), roxywi=1) + except Exception as e: + roxywi_common.logging('Roxy-WI server', str(e), roxywi=1) + return error + + try: + error = server_mod.ssh_command(server_ip, commands) + try: + if action == 'reload' or action == 'restart': + roxywi_common.logging(server_ip, f'Service has been {action}ed', login=login, keep_history=1, service=service) + except Exception as e: + roxywi_common.logging('Roxy-WI server', str(e), roxywi=1) + except Exception as e: + roxywi_common.logging('Roxy-WI server', str(e), roxywi=1) + return e + + if error.strip() != 'haproxy' and error.strip() != 'nginx': + return error.strip() + + +def master_slave_upload_and_restart(server_ip, cfg, just_save, **kwargs): + slave_output = '' + + try: + server_name = sql.get_hostname_by_server_ip(server_ip) + except Exception: + server_name = server_ip + + if kwargs.get('login'): + login = kwargs.get('login') + else: + login = '' + + is_master = [masters[0] for masters in sql.is_master(server_ip)] + if is_master[0] is not None: + slv_output = upload_and_restart( + is_master[0], cfg, just_save=just_save, nginx=kwargs.get('nginx'), waf=kwargs.get('waf'), + apache=kwargs.get('apache'), config_file_name=kwargs.get('config_file_name'), slave=1 + ) + slave_output += f'
slave_server:\n{slv_output}' + + output = upload_and_restart( + server_ip, cfg, just_save=just_save, nginx=kwargs.get('nginx'), waf=kwargs.get('waf'), + apache=kwargs.get('apache'), config_file_name=kwargs.get('config_file_name'), + oldcfg=kwargs.get('oldcfg'), login=login + ) + + output = server_name + ':\n' + output + + output = output + slave_output + return output + + +def open_port_firewalld(cfg, server_ip, **kwargs): + try: + conf = open(cfg, "r") + except IOError: + print('
Cannot read exported config file
') + return + + firewalld_commands = ' &&' + ports = '' + + for line in conf: + if kwargs.get('service') == 'nginx': + if "listen " in line and '#' not in line: + try: + listen = ' '.join(line.split()) + listen = listen.split(" ")[1] + listen = listen.split(";")[0] + try: + listen = int(listen) + ports += str(listen) + ' ' + firewalld_commands += f' sudo firewall-cmd --zone=public --add-port={listen}/tcp --permanent -q &&' + except Exception: + pass + except Exception: + pass + else: + if "bind" in line: + try: + bind = line.split(":") + bind[1] = bind[1].strip(' ') + bind = bind[1].split("ssl") + bind = bind[0].strip(' \t\n\r') + try: + bind = int(bind) + firewalld_commands += f' sudo firewall-cmd --zone=public --add-port={bind}/tcp --permanent -q &&' + ports += str(bind) + ' ' + except Exception: + pass + except Exception: + pass + + firewalld_commands += 'sudo firewall-cmd --reload -q' + roxywi_common.logging(server_ip, f' Next ports have been opened: {ports}') + return firewalld_commands + + +def diff_config(oldcfg, cfg, **kwargs): + cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) + log_path = get_config_var.get_config_var('main', 'log_path') + user_group = roxywi_common.get_user_group() + diff = "" + date = get_date.return_date('date_in_log') + log_date = get_date.return_date('logs') + cmd = "/bin/diff -ub %s %s" % (oldcfg, cfg) + + try: + user_uuid = cookie.get('uuid') + login = sql.get_user_name_by_uuid(user_uuid.value) + except Exception: + login = '' + + output, stderr = server_mod.subprocess_execute(cmd) + + if kwargs.get('return_diff'): + for line in output: + diff += line + "\n" + return diff + else: + for line in output: + diff += f"{date} user: {login}, group: {user_group} {line}\n" + + log_file = f"{log_path}/config_edit-{log_date}" + try: + with open(log_file, 'a') as log: + log.write(diff) + except IOError: + print(f'
Can\'t read write change to log. {stderr}
') + pass + + +def show_finding_in_config(stdout: str, **kwargs) -> str: + grep = '' + out = '
--
' + + if kwargs.get('grep'): + grep = kwargs.get('grep') + grep = re.sub(r'[?|$|!|^|*|\]|\[|,| |]', r'', grep) + + for line in stdout: + if kwargs.get('grep'): + line = line.replace(grep, f'{grep}') + line_class = "line" if '--' in line else "line3" + out += f'
{line}
' + + out += '
--
' + + return out + + +def get_userlists(config): + return_config = '' + with open(config, 'r') as f: + for line in f: + if line.startswith('userlist'): + line = line.strip() + return_config += line + ',' + + return return_config diff --git a/app/modules/config/runtime.py b/app/modules/config/runtime.py new file mode 100644 index 00000000..6afb5934 --- /dev/null +++ b/app/modules/config/runtime.py @@ -0,0 +1,220 @@ +import json + +import modules.db.sql as sql +import modules.common.common as common +import modules.config.config as config_mod +import modules.server.server as server_mod +import modules.roxywi.common as roxywi_common +import modules.roxy_wi_tools as roxy_wi_tools + +form = common.form +serv = form.getvalue('serv') +time_zone = sql.get_setting('time_zone') +get_date = roxy_wi_tools.GetDate(time_zone) +get_config_var = roxy_wi_tools.GetConfigVar() + + +def get_all_stick_table(): + hap_sock_p = sql.get_setting('haproxy_sock_port') + cmd = 'echo "show table"|nc %s %s |awk \'{print $3}\' | tr -d \'\n\' | tr -d \'[:space:]\'' % (serv, hap_sock_p) + output, stderr = server_mod.subprocess_execute(cmd) + return output[0] + + +def get_stick_table(table): + hap_sock_p = sql.get_setting('haproxy_sock_port') + cmd = 'echo "show table %s"|nc %s %s |awk -F"#" \'{print $2}\' |head -1 | tr -d \'\n\'' % (table, serv, hap_sock_p) + output, stderr = server_mod.subprocess_execute(cmd) + tables_head = [] + for i in output[0].split(','): + i = i.split(':')[1] + tables_head.append(i) + + cmd = 'echo "show table %s"|nc %s %s |grep -v "#"' % (table, serv, hap_sock_p) + output, stderr = server_mod.subprocess_execute(cmd) + + return tables_head, output + + +def show_backends(server_ip, **kwargs): + hap_sock_p = sql.get_setting('haproxy_sock_port') + cmd = f'echo "show backend" |nc {server_ip} {hap_sock_p}' + output, stderr = server_mod.subprocess_execute(cmd) + if stderr: + roxywi_common.logging('Roxy-WI server', ' ' + stderr, roxywi=1) + if kwargs.get('ret'): + ret = list() + else: + ret = "" + for line in output: + if any(s in line for s in ('#', 'stats', 'MASTER', '<')): + continue + if len(line) > 1: + back = json.dumps(line).split("\"") + if kwargs.get('ret'): + ret.append(back[1]) + else: + print(back[1], end="
") + + if kwargs.get('ret'): + return ret + + +def get_backends_from_config(server_ip: str, backends='') -> None: + config_date = get_date.return_date('config') + configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir') + format_cfg = 'cfg' + + try: + cfg = configs_dir + roxywi_comon.get_files(configs_dir, format_cfg)[0] + except Exception as e: + roxywi_common.logging('Roxy-WI server', str(e), roxywi=1) + try: + cfg = f'{configs_dir}{server_ip}-{config_date}.{format_cfg}' + except Exception: + roxywi_common.logging('Roxy-WI server', ' Cannot generate cfg path', roxywi=1) + return + try: + config_mod.get_config(server_ip, cfg) + except Exception: + roxywi_common.logging('Roxy-WI server', ' Cannot download config', roxywi=1) + print('error: Cannot get backends') + return + + with open(cfg, 'r') as f: + for line in f: + if backends == 'frontend': + if (line.startswith('listen') or line.startswith('frontend')) and 'stats' not in line: + line = line.strip() + print(line.split(' ')[1], end="
") + + +def change_ip_and_port(): + backend_backend = common.checkAjaxInput(form.getvalue('backend_backend')) + backend_server = common.checkAjaxInput(form.getvalue('backend_server')) + backend_ip = common.checkAjaxInput(form.getvalue('backend_ip')) + backend_port = common.checkAjaxInput(form.getvalue('backend_port')) + + if form.getvalue('backend_ip') is None: + print('error: Backend IP must be IP and not 0') + sys.exit() + + if form.getvalue('backend_port') is None: + print('error: The backend port must be integer and not 0') + sys.exit() + + haproxy_sock_port = sql.get_setting('haproxy_sock_port') + + MASTERS = sql.is_master(serv) + for master in MASTERS: + if master[0] is not None: + cmd = 'echo "set server %s/%s addr %s port %s check-port %s" |nc %s %s' % ( + backend_backend, backend_server, backend_ip, backend_port, backend_port, master[0], haproxy_sock_port) + output, stderr = server_mod.subprocess_execute(cmd) + print(output[0]) + roxywi_common.logging( + master[0], 'IP address and port have been changed. On: {}/{} to {}:{}'.format( + backend_backend, backend_server, backend_ip, backend_port + ), + login=1, keep_history=1, service='haproxy' + ) + + cmd = 'echo "set server %s/%s addr %s port %s check-port %s" |nc %s %s' % ( + backend_backend, backend_server, backend_ip, backend_port, backend_port, serv, haproxy_sock_port) + roxywi_common.logging( + serv, + 'IP address and port have been changed. On: {}/{} to {}:{}'.format(backend_backend, backend_server, backend_ip, + backend_port), + login=1, keep_history=1, service='haproxy' + ) + output, stderr = server_mod.subprocess_execute(cmd) + + if stderr != '': + print('error: ' + stderr[0]) + else: + print(output[0]) + configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir') + cfg = configs_dir + serv + "-" + get_date.return_date('config') + ".cfg" + + config_mod.get_config(serv, cfg) + cmd = 'string=`grep %s %s -n -A25 |grep "server %s" |head -1|awk -F"-" \'{print $1}\'` ' \ + '&& sed -Ei "$( echo $string)s/((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5]):[0-9]+/%s:%s/g" %s' % \ + (backend_backend, cfg, backend_server, backend_ip, backend_port, cfg) + server_mod.subprocess_execute(cmd) + config_mod.master_slave_upload_and_restart(serv, cfg, just_save='save') + + +def change_maxconn(): + frontend = common.checkAjaxInput(form.getvalue('maxconn_frontend')) + maxconn = common.checkAjaxInput(form.getvalue('maxconn_int')) + + if form.getvalue('maxconn_int') is None: + print('error: Maxconn must be integer and not 0') + sys.exit() + + haproxy_sock_port = sql.get_setting('haproxy_sock_port') + + MASTERS = sql.is_master(serv) + for master in MASTERS: + if master[0] is not None: + if frontend == 'global': + cmd = 'echo "set maxconn %s %s" |nc %s %s' % (frontend, maxconn, master[0], haproxy_sock_port) + else: + cmd = 'echo "set maxconn frontend %s %s" |nc %s %s' % (frontend, maxconn, master[0], haproxy_sock_port) + output, stderr = server_mod.subprocess_execute(cmd) + roxywi_common.logging(master[0], 'Maxconn has been changed. On: {} to {}'.format(frontend, maxconn), login=1, + keep_history=1, + service='haproxy') + + if frontend == 'global': + cmd = 'echo "set maxconn %s %s" |nc %s %s' % (frontend, maxconn, serv, haproxy_sock_port) + else: + cmd = 'echo "set maxconn frontend %s %s" |nc %s %s' % (frontend, maxconn, serv, haproxy_sock_port) + print(cmd) + roxywi_common.logging(serv, 'Maxconn has been changed. On: {} to {}'.format(frontend, maxconn), login=1, + keep_history=1, + service='haproxy') + output, stderr = server_mod.subprocess_execute(cmd) + + if stderr != '': + print(stderr[0]) + elif output[0] == '': + configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir') + cfg = configs_dir + serv + "-" + get_date.return_date('config') + ".cfg" + + config_mod.get_config(serv, cfg) + cmd = 'string=`grep %s %s -n -A5 |grep maxcon -n |awk -F":" \'{print $2}\'|awk -F"-" \'{print $1}\'` ' \ + '&& sed -Ei "$( echo $string)s/[0-9]+/%s/g" %s' % (frontend, cfg, maxconn, cfg) + server_mod.subprocess_execute(cmd) + config_mod.master_slave_upload_and_restart(serv, cfg, just_save='save') + print('success: Maxconn for %s has been set to %s ' % (frontend, maxconn)) + else: + print('error: ' + output[0]) + + +def table_select(): + from jinja2 import Environment, FileSystemLoader + env = Environment(loader=FileSystemLoader('templates'), autoescape=True, + extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'], trim_blocks=True, lstrip_blocks=True) + table = form.getvalue('table_select') + + if table == 'All': + template = env.get_template('ajax/stick_tables.html') + tables = get_all_stick_table() + table = [] + for t in tables.split(','): + if t != '': + table_id = [] + tables_head = [] + tables_head1, table1 = get_stick_table(t) + table_id.append(tables_head1) + table_id.append(table1) + table.append(table_id) + + template = template.render(table=table) + else: + template = env.get_template('ajax/stick_table.html') + tables_head, table = get_stick_table(table) + template = template.render(tables_head=tables_head, table=table) + + print(template) diff --git a/app/modules/config/section.py b/app/modules/config/section.py new file mode 100644 index 00000000..c068a216 --- /dev/null +++ b/app/modules/config/section.py @@ -0,0 +1,96 @@ +import re + +import modules.db.sql as sql +import modules.server.server as server_mod +from modules.common.common import return_nice_path + + +def get_sections(config, **kwargs): + return_config = list() + with open(config, 'r') as f: + for line in f: + if kwargs.get('service') == 'keepalived': + ip_pattern = re.compile('\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}') + find_ip = re.findall(ip_pattern, line) + if find_ip: + return_config.append(find_ip[0]) + else: + if line.startswith(( + 'global', 'listen', 'frontend', 'backend', 'cache', 'defaults', '#HideBlockStart', + '#HideBlockEnd', 'peers', 'resolvers', 'userlist', 'http-errors' + )): + line = line.strip() + return_config.append(line) + + return return_config + + +def get_section_from_config(config, section): + record = False + start_line = "" + end_line = "" + return_config = "" + with open(config, 'r') as f: + for index, line in enumerate(f): + if line.startswith(section + '\n'): + start_line = index + return_config += line + record = True + continue + if record: + if line.startswith(( + 'global', 'listen', 'frontend', 'backend', 'cache', 'defaults', '#HideBlockStart', + '#HideBlockEnd', 'peers', 'resolvers', 'userlist', 'http-errors' + )): + record = False + end_line = index + end_line = end_line - 1 + else: + return_config += line + + if end_line == "": + f = open(config, "r") + line_list = f.readlines() + end_line = len(line_list) + + return start_line, end_line, return_config + + +def rewrite_section(start_line, end_line, config, section): + record = False + start_line = int(start_line) + end_line = int(end_line) + return_config = "" + with open(config, 'r') as f: + for index, line in enumerate(f): + index = int(index) + if index == start_line: + record = True + return_config += section + return_config += "\n" + continue + if index == end_line: + record = False + continue + if record: + continue + + return_config += line + + return return_config + + +def get_remote_sections(server_ip: str, service: str) -> str: + remote_dir = service + '_dir' + config_dir = sql.get_setting(remote_dir) + config_dir = return_nice_path(config_dir) + section_name = 'server_name' + + if service == 'apache': + section_name = 'ServerName' + + commands = [f"sudo grep {section_name} {config_dir}*/*.conf -R |grep -v '${{}}\|#'|awk '{{print $1, $3}}'"] + + backends = server_mod.ssh_command(server_ip, commands) + + return backends diff --git a/app/modules/db/__init__.py b/app/modules/db/__init__.py new file mode 100644 index 00000000..5b9d526d --- /dev/null +++ b/app/modules/db/__init__.py @@ -0,0 +1 @@ +NAME = 'roxy-wi-db-module' diff --git a/app/modules/db_model.py b/app/modules/db/db_model.py similarity index 100% rename from app/modules/db_model.py rename to app/modules/db/db_model.py diff --git a/app/sql.py b/app/modules/db/sql.py similarity index 97% rename from app/sql.py rename to app/modules/db/sql.py index ac8fe09b..fbc0bdaa 100755 --- a/app/sql.py +++ b/app/modules/db/sql.py @@ -4,16 +4,27 @@ import traceback import sys import os -from modules.db_model import * +from modules.db.db_model import * import modules.roxy_wi_tools as roxy_wi_tools def get_setting(param, **kwargs): - import funct + import http.cookies + + user_group = '' try: - user_group = funct.get_user_group(id=1) + cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) + user_group_id = cookie.get('group') + user_group_id1 = user_group_id.value + groups = sql.select_groups(id=user_group_id1) + for g in groups: + if g.group_id == int(user_group_id1): + if kwargs.get('id'): + user_group = g.group_id + else: + user_group = g.name except Exception: - user_group = '' + pass if user_group == '' or param == 'lists_path' or param == 'ssl_local_path': user_group = 1 @@ -837,9 +848,6 @@ def get_slack_by_id(slack_id): def get_dick_permit(**kwargs): - import os - import funct - if kwargs.get('username'): grp = kwargs.get('group_id') else: @@ -851,10 +859,6 @@ def get_dick_permit(**kwargs): except Exception: print('') return - if kwargs.get('token'): - token = kwargs.get('token') - else: - token = '' only_group = kwargs.get('only_group') disable = 'enable = 1' @@ -881,45 +885,35 @@ def get_dick_permit(**kwargs): if kwargs.get('apache') or kwargs.get('service') == 'apache': apache = "and apache = 1" - if funct.check_user_group(token=token): - cursor = conn.cursor() - try: - if mysql_enable == '1': - if grp == '1' and not only_group: - sql = """ select * from `servers` where {} {} {} {} {} {} {} order by `pos` asc""".format( - disable, type_ip, nginx, haproxy, keepalived, apache, ip - ) - else: - sql = """ select * from `servers` where `groups` = {group} and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by `pos` asc - """.format( - group=grp, disable=disable, type_ip=type_ip, ip=ip, haproxy=haproxy, nginx=nginx, - keepalived=keepalived, apache=apache - ) + cursor = conn.cursor() + try: + if mysql_enable == '1': + if grp == '1' and not only_group: + sql = """ select * from `servers` where {} {} {} {} {} {} {} order by `pos` asc""".format( + disable, type_ip, nginx, haproxy, keepalived, apache, ip + ) else: - if grp == '1' and not only_group: - sql = """ select * from servers where {} {} {} {} {} {} {} order by pos""".format( - disable, type_ip, nginx, haproxy, keepalived, apache, ip - ) - else: - sql = """ select * from servers where groups = '{group}' and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by pos - """.format( - group=grp, disable=disable, type_ip=type_ip, ip=ip, haproxy=haproxy, nginx=nginx, - keepalived=keepalived, apache=apache - ) - - except Exception as e: - print(str(e)) - print('') - try: - cursor.execute(sql) - except Exception as e: - # out_error(e) - pass + sql = """ select * from `servers` where `groups` = {group} and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by `pos` asc + """.format( + group=grp, disable=disable, type_ip=type_ip, ip=ip, haproxy=haproxy, nginx=nginx, keepalived=keepalived, apache=apache + ) else: - return cursor.fetchall() + if grp == '1' and not only_group: + sql = """ select * from servers where {} {} {} {} {} {} {} order by pos""".format(disable, type_ip, nginx, haproxy, keepalived, apache, ip) + else: + sql = """ select * from servers where groups = '{group}' and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by pos + """.format(group=grp, disable=disable, type_ip=type_ip, ip=ip, haproxy=haproxy, nginx=nginx, keepalived=keepalived, apache=apache) + except Exception as e: + print(str(e)) + print('') + try: + cursor.execute(sql) + except Exception as e: + # out_error(e) + pass else: - print('Atata!') + return cursor.fetchall() def is_master(ip, **kwargs): @@ -1768,33 +1762,27 @@ def select_apache_servers_metrics_for_master(): return query_res -def select_servers_metrics(): - import funct - group_id = funct.get_user_group(id=1) - if funct.check_user_group(): - if group_id == 1: - query = Server.select(Server.ip).where((Server.enable == 1) & (Server.metrics == 1)) - else: - query = Server.select(Server.ip).where( - (Server.enable == 1) & (Server.groups == group_id) & (Server.metrics == 1)) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res +def select_servers_metrics(group_id): + if group_id == 1: + query = Server.select(Server.ip).where((Server.enable == 1) & (Server.metrics == 1)) + else: + query = Server.select(Server.ip).where( + (Server.enable == 1) & (Server.groups == group_id) & (Server.metrics == 1)) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res -def select_table_metrics(): - import funct +def select_table_metrics(group_id): cursor = conn.cursor() - group_id = funct.get_user_group(id=1) - if funct.check_user_group(): - if group_id == 1: - groups = "" - else: - groups = "and servers.groups = '{group}' ".format(group=group_id) + if group_id == 1: + groups = "" + else: + groups = "and servers.groups = '{group}' ".format(group=group_id) if mysql_enable == '1': sql = """ select ip.ip, hostname, avg_sess_1h, avg_sess_24h, avg_sess_3d, max_sess_1h, max_sess_24h, max_sess_3d, @@ -1994,19 +1982,16 @@ def select_table_metrics(): return cursor.fetchall() -def select_service_table_metrics(service): - import funct +def select_service_table_metrics(service: str, group_id: int): cursor = conn.cursor() - group_id = funct.get_user_group(id=1) if service in ('nginx', 'apache'): metrics_table = f'{service}_metrics' - if funct.check_user_group(): - if group_id == 1: - groups = "" - else: - groups = "and servers.groups = '{group}' ".format(group=group_id) + if group_id == 1: + groups = "" + else: + groups = "and servers.groups = '{group}' ".format(group=group_id) if mysql_enable == '1': sql = """ select ip.ip, hostname, avg_cur_1h, avg_cur_24h, avg_cur_3d, max_con_1h, max_con_24h, max_con_3d from @@ -2120,18 +2105,14 @@ def select_service_table_metrics(service): return cursor.fetchall() -def update_setting(param, val): - import funct - user_group = funct.get_user_group(id=1) - - if funct.check_user_group(): - query = Setting.update(value=val).where((Setting.param == param) & (Setting.group == user_group)) - try: - query.execute() - return True - except Exception as e: - out_error(e) - return False +def update_setting(param: str, val: str, user_group: int) -> bool: + query = Setting.update(value=val).where((Setting.param == param) & (Setting.group == user_group)) + try: + query.execute() + return True + except Exception as e: + out_error(e) + return False def get_ver(): @@ -2416,10 +2397,7 @@ def insert_smon(server, port, enable, proto, uri, body, group, desc, telegram, s def select_smon(user_group, **kwargs): - import funct - cursor = conn.cursor() - funct.check_user_group() if user_group == 1: user_group = '' @@ -2465,10 +2443,6 @@ def select_smon_by_id(last_id): def delete_smon(smon_id, user_group): - import funct - - funct.check_user_group() - query = SMON.delete().where((SMON.id == smon_id) & (SMON.user_group == user_group)) try: query.execute() @@ -2480,9 +2454,6 @@ def delete_smon(smon_id, user_group): def update_smon(smon_id, ip, port, body, telegram, slack, group, desc, en): - import funct - - funct.check_user_group() query = (SMON.update( ip=ip, port=port, body=body, telegram_channel_id=telegram, slack_channel_id=slack, group=group, desc=desc, en=en ).where(SMON.id == smon_id)) diff --git a/app/modules/roxy_wi_tools.py b/app/modules/roxy_wi_tools.py index 03d24064..540ee359 100644 --- a/app/modules/roxy_wi_tools.py +++ b/app/modules/roxy_wi_tools.py @@ -63,4 +63,4 @@ class Tools: import hashlib h = hashlib.md5(need_hashed.encode('utf-8')) p = h.hexdigest() - return p \ No newline at end of file + return p diff --git a/app/modules/roxywi/__init__.py b/app/modules/roxywi/__init__.py new file mode 100644 index 00000000..e8e534e1 --- /dev/null +++ b/app/modules/roxywi/__init__.py @@ -0,0 +1 @@ +NAME = 'roxy-wi-service-modules' diff --git a/app/modules/roxywi/auth.py b/app/modules/roxywi/auth.py new file mode 100644 index 00000000..512c9adc --- /dev/null +++ b/app/modules/roxywi/auth.py @@ -0,0 +1,56 @@ +import os +import http.cookies + +import modules.db.sql as sql + + +def check_login(user_uuid, token, **kwargs): + if user_uuid is None: + print('') + + ref = os.environ.get("REQUEST_URI") + + try: + sql.delete_old_uuid() + except Exception as e: + raise Exception(f'error: cannot connect to DB {e}') + + if user_uuid is not None: + if sql.get_user_name_by_uuid(user_uuid.value) is None: + print(f'') + return False + if kwargs.get('service'): + required_service = str(kwargs.get('service')) + user_id = sql.get_user_id_by_uuid(user_uuid.value) + user_services = sql.select_user_services(user_id) + if required_service in user_services: + return True + else: + print('') + return False + + sql.update_last_act_user(user_uuid.value, token) + else: + print(f'') + return False + + +def is_admin(level=1): + cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) + user_id = cookie.get('uuid') + try: + role = sql.get_user_role_by_uuid(user_id.value) + except Exception: + role = 4 + pass + + try: + return True if role <= level else False + except Exception: + return False + + +def page_for_admin(level=1) -> None: + if not is_admin(level=level): + print('') + return diff --git a/app/modules/roxywi/common.py b/app/modules/roxywi/common.py new file mode 100644 index 00000000..6a426719 --- /dev/null +++ b/app/modules/roxywi/common.py @@ -0,0 +1,276 @@ +import os +import glob +import http.cookies + +import distro + +import modules.db.sql as sql +import modules.common.common as common +import modules.roxy_wi_tools as roxy_wi_tools + +time_zone = sql.get_setting('time_zone') +get_date = roxy_wi_tools.GetDate(time_zone) +get_config_var = roxy_wi_tools.GetConfigVar() +form = common.form +serv = common.is_ip_or_dns(form.getvalue('serv')) + +def get_user_group(**kwargs) -> str: + user_group = '' + + try: + cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) + user_group_id = cookie.get('group') + user_group_id1 = user_group_id.value + groups = sql.select_groups(id=user_group_id1) + for g in groups: + if g.group_id == int(user_group_id1): + if kwargs.get('id'): + user_group = g.group_id + else: + user_group = g.name + except Exception: + check_user_group() + + return user_group + + +def check_user_group(**kwargs): + if kwargs.get('token') is not None: + return True + + if kwargs.get('user_uuid'): + group_id = kwargs.get('user_group_id') + user_uuid = kwargs.get('user_uuid') + user_id = sql.get_user_id_by_uuid(user_uuid) + else: + cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) + user_uuid = cookie.get('uuid') + group = cookie.get('group') + group_id = group.value + user_id = sql.get_user_id_by_uuid(user_uuid.value) + + if sql.check_user_group(user_id, group_id): + return True + else: + logging('Roxy-WI server', ' has tried to actions in not his group ', roxywi=1, login=1) + try: + ref = os.environ.get("REQUEST_URI").split('&')[0] + except Exception: + ref = os.environ.get("REQUEST_URI") + ref = common.checkAjaxInput(ref) + print(f'') + return False + + +def get_user_id(**kwargs): + if kwargs.get('login'): + return sql.get_user_id_by_username(kwargs.get('login')) + + cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) + user_uuid = cookie.get('uuid') + + if user_uuid is not None: + user_id = sql.get_user_id_by_uuid(user_uuid.value) + + return user_id + + +def check_is_server_in_group(server_ip: str) -> bool: + group_id = get_user_group(id=1) + servers = sql.select_servers(server=server_ip) + for s in servers: + if (s[2] == server_ip and int(s[3]) == int(group_id)) or group_id == 1: + return True + else: + logging('Roxy-WI server', ' has tried to actions in not his group server ', roxywi=1, login=1) + try: + ref = os.environ.get("REQUEST_URI").split('&')[0] + except Exception: + ref = os.environ.get("REQUEST_URI") + ref = common.checkAjaxInput(ref) + print(f'') + return False + + +def get_files(folder=None, file_format='cfg') -> list: + if folder is None: + folder = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir') + if file_format == 'log': + file = [] + else: + file = set() + return_files = set() + i = 0 + for files in sorted(glob.glob(os.path.join(folder, f'*.{file_format}*'))): + if file_format == 'log': + try: + file += [(i, files.split('/')[4])] + except Exception as e: + print(e) + else: + file.add(files.split('/')[-1]) + i += 1 + files = file + if file_format == 'cfg' or file_format == 'conf': + for file in files: + ip = file.split("-") + if serv == ip[0]: + return_files.add(file) + return sorted(return_files, reverse=True) + else: + return file + + +def logging(server_ip: str, action: str, **kwargs) -> None: + login = '' + cur_date = get_date.return_date('logs') + cur_date_in_log = get_date.return_date('date_in_log') + log_path = get_config_var.get_config_var('main', 'log_path') + + if not os.path.exists(log_path): + os.makedirs(log_path) + + try: + user_group = get_user_group() + except Exception: + user_group = '' + + try: + ip = cgi.escape(os.environ["REMOTE_ADDR"]) + except Exception: + ip = '' + + try: + cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) + user_uuid = cookie.get('uuid') + login = sql.get_user_name_by_uuid(user_uuid.value) + except Exception: + login_name = kwargs.get('login') + try: + if len(login_name) > 1: + login = kwargs.get('login') + except Exception: + login = '' + + try: + if distro.id() == 'ubuntu': + os.system('sudo chown www-data:www-data -R ' + log_path) + else: + os.system('sudo chown apache:apache -R ' + log_path) + except Exception: + pass + + if kwargs.get('roxywi') == 1: + if kwargs.get('login'): + mess = f"{cur_date_in_log} from {ip} user: {login}, group: {user_group}, {action} on: {server_ip}\n" + if kwargs.get('keep_history'): + try: + keep_action_history(kwargs.get('service'), action, server_ip, login, ip) + except Exception as e: + print(str(e)) + else: + mess = f"{cur_date_in_log} {action} from {ip}\n" + log_file = f"{log_path}/roxy-wi-{cur_date}.log" + elif kwargs.get('provisioning') == 1: + mess = f"{cur_date_in_log} from {ip} user: {login}, group: {user_group}, {action}\n" + log_file = f"{log_path}/provisioning-{cur_date}.log" + else: + mess = f"{cur_date_in_log} from {ip} user: {login}, group: {user_group}, {action} on: {server_ip}\n" + log_file = f"{log_path}/config_edit-{cur_date}.log" + + if kwargs.get('keep_history'): + keep_action_history(kwargs.get('service'), action, server_ip, login, ip) + + try: + with open(log_file, 'a') as log: + log.write(mess) + except IOError as e: + print(f'
Cannot write log. Please check log_path in config {e}
') + + +def keep_action_history(service: str, action: str, server_ip: str, login: str, user_ip: str): + try: + server_id = sql.select_server_id_by_ip(server_ip=server_ip) + if login != '': + user_id = sql.get_user_id_by_username(login) + else: + user_id = 0 + if user_ip == '': + user_ip = 'localhost' + + sql.insert_action_history(service, action, server_id, user_id, user_ip) + except Exception as e: + logging('Roxy-WI server', f'Cannot save a history: {e}', roxywi=1) + + +def get_dick_permit(**kwargs): + if kwargs.get('token'): + token = kwargs.get('token') + else: + token = '' + + if check_user_group(token=token): + return sql.get_dick_permit(**kwargs) + else: + print('Atata!') + + +def get_users_params(**kwargs): + cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) + + try: + user_uuid = cookie.get('uuid') + user = sql.get_user_name_by_uuid(user_uuid.value) + except Exception: + print('') + return + try: + role = sql.get_user_role_by_uuid(user_uuid.value) + except Exception: + print('') + return + try: + user_id = sql.get_user_id_by_uuid(user_uuid.value) + user_services = sql.select_user_services(user_id) + token = sql.get_token(user_uuid.value) + except Exception: + print('') + return + + if kwargs.get('virt') and kwargs.get('haproxy'): + servers = get_dick_permit(virt=1, haproxy=1) + elif kwargs.get('virt'): + servers = get_dick_permit(virt=1) + elif kwargs.get('disable'): + servers = get_dick_permit(disable=0) + elif kwargs.get('haproxy'): + servers = get_dick_permit(haproxy=1) + elif kwargs.get('service'): + servers = get_dick_permit(service=kwargs.get('service')) + else: + servers = get_dick_permit() + + user_params = { + 'user': user, + 'user_uuid': user_uuid, + 'role': role, + 'token': token, + 'servers': servers, + 'user_services': user_services + } + + return user_params + + +def return_user_status() -> dict: + user_subscription = {} + user_subscription.setdefault('user_status', sql.select_user_status()) + user_subscription.setdefault('user_plan', sql.select_user_plan()) + + return user_subscription + + +def return_unsubscribed_user_status() -> dict: + user_subscription = {'user_status': 0, 'user_plan': 0} + + return user_subscription diff --git a/app/modules/roxywi/logs.py b/app/modules/roxywi/logs.py new file mode 100644 index 00000000..65fcbcf2 --- /dev/null +++ b/app/modules/roxywi/logs.py @@ -0,0 +1,150 @@ +import re + +import modules.db.sql as sql +import modules.server.server as server_mod +from modules.common.common import checkAjaxInput +from modules.common.common import form +import modules.roxy_wi_tools as roxy_wi_tools +import modules.roxywi.common as roxywi_common + +get_config_var = roxy_wi_tools.GetConfigVar() + + +def roxy_wi_log(**kwargs) -> list: + log_path = get_config_var.get_config_var('main', 'log_path') + + if kwargs.get('log_id'): + selects = roxywi_common.get_files(log_path, "log") + for key, value in selects: + log_file = f"{kwargs.get('file')}.log" + if log_file == value: + return key + else: + user_group_id = roxywi_common.get_user_group(id=1) + if user_group_id != 1: + user_group = roxywi_common.get_user_group() + group_grep = f'|grep "group: {user_group}"' + else: + group_grep = '' + cmd = f"find {log_path}/roxy-wi-* -type f -exec stat --format '%Y :%y %n' '{{}}' \; | sort -nr | cut -d: -f2- " \ + f"| head -1 |awk '{{print $4}}' |xargs tail {group_grep}|sort -r" + try: + output, stderr = server_mod.subprocess_execute(cmd) + return output + except Exception: + return [''] + + +def show_log(stdout, **kwargs): + i = 0 + out = '' + grep = '' + + if kwargs.get('grep'): + grep = kwargs.get('grep') + grep = re.sub(r'[?|$|.|!|^|*|\]|\[|,| |]', r'', grep) + for line in stdout: + i = i + 1 + if kwargs.get('grep'): + line = line.replace(grep, f'{grep}') + line_class = "line3" if i % 2 == 0 else "line" + out += f'
{line}
' + + return out + + +def show_roxy_log( + serv, rows='10', waf='0', grep=None, hour='00', + minut='00', hour1='24', minut1='00', service='haproxy', **kwargs +) -> str: + exgrep = form.getvalue('exgrep') + log_file = form.getvalue('file') + date = checkAjaxInput(hour) + ':' + checkAjaxInput(minut) + date1 = checkAjaxInput(hour1) + ':' + checkAjaxInput(minut1) + rows = checkAjaxInput(rows) + waf = checkAjaxInput(waf) + cmd = '' + awk_column = 3 + + if grep is not None: + grep_act = '|egrep "%s"' % checkAjaxInput(grep) + else: + grep_act = '' + + if exgrep is not None: + exgrep_act = '|egrep -v "%s"' % checkAjaxInput(exgrep) + else: + exgrep_act = '' + + log_file = checkAjaxInput(log_file) if log_file is not None else log_file + + if service in ('nginx', 'haproxy', 'apache', 'keepalived'): + syslog_server_enable = sql.get_setting('syslog_server_enable') + if syslog_server_enable is None or syslog_server_enable == 0: + if service == 'nginx': + local_path_logs = sql.get_setting('nginx_path_logs') + commands = ["sudo cat %s/%s |tail -%s %s %s" % (local_path_logs, log_file, rows, grep_act, exgrep_act)] + elif service == 'apache': + local_path_logs = sql.get_setting('apache_path_logs') + commands = [ + "sudo cat %s/%s| awk -F\"/|:\" '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act) + ] + elif service == 'keepalived': + local_path_logs = sql.get_setting('keepalived_path_logs') + commands = [ + "sudo cat %s/%s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % ( + local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act) + ] + else: + local_path_logs = sql.get_setting('haproxy_path_logs') + commands = ["sudo cat %s/%s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act)] + syslog_server = serv + else: + commands = ["sudo cat /var/log/%s/syslog.log | sed '/ %s:00/,/ %s:00/! d' |tail -%s %s %s %s" % (serv, date, date1, rows, grep_act, grep, exgrep_act)] + syslog_server = sql.get_setting('syslog_server') + + if waf == "1": + local_path_logs = '/var/log/waf.log' + commands = ["sudo cat %s |tail -%s %s %s" % (local_path_logs, rows, grep_act, exgrep_act)] + if kwargs.get('html') == 0: + a = server_mod.ssh_command(syslog_server, commands) + return show_log(a, html=0, grep=grep) + else: + return server_mod.ssh_command(syslog_server, commands, show_log='1', grep=grep) + elif service == 'apache_internal': + apache_log_path = sql.get_setting('apache_log_path') + + if serv == 'roxy-wi.access.log': + cmd = 'sudo cat {}| awk -F"/|:" \'$3>"{}:00" && $3<"{}:00"\' |tail -{} {} {}'.format(apache_log_path + "/" + serv, date, date1, rows, grep_act, exgrep_act) + elif serv == 'roxy-wi.error.log': + cmd = "sudo cat {}| awk '$4>\"{}:00\" && $4<\"{}:00\"' |tail -{} {} {}".format(apache_log_path + "/" + serv, date, date1, rows, grep_act, exgrep_act) + elif serv == 'fail2ban.log': + cmd = 'sudo cat {}| awk -F"/|:" \'$3>"{}:00" && $3<"{}:00\' |tail -{} {} {}'.format("/var/log/" + serv, date, date1, rows, grep_act, exgrep_act) + + output, stderr = server_mod.subprocess_execute(cmd) + + return show_log(output, grep=grep) + elif service == 'internal': + log_path = get_config_var.get_config_var('main', 'log_path') + logs_files = roxywi_common.get_files(log_path, "log") + user_group = roxywi_common.get_user_group() + user_grep = '' + + if user_group != '' and user_group != 'Default': + user_grep = f"|grep 'group: {user_group}'" + + for key, value in logs_files: + if int(serv) == key: + serv = value + break + else: + return 'Haha' + + if serv == 'backup.log': + awk_column = 2 + + cmd = f"cat {log_path}/{serv}| awk '${awk_column}>\"{date}:00\" && ${awk_column}<\"{date1}:00\"' {user_grep} {grep_act} {exgrep_act} |tail -{rows}" + + output, stderr = server_mod.subprocess_execute(cmd) + + return show_log(output, grep=grep) diff --git a/app/modules/roxywi/roxy.py b/app/modules/roxywi/roxy.py new file mode 100644 index 00000000..23c9ff26 --- /dev/null +++ b/app/modules/roxywi/roxy.py @@ -0,0 +1,181 @@ +import os +import re + +import distro + +import modules.db.sql as sql +import modules.server.server as server_mod +import modules.roxywi.common as roxywi_common + + +def is_docker() -> bool: + path = "/proc/self/cgroup" + if not os.path.isfile(path): + return False + with open(path) as f: + for line in f: + if re.match("\d+:[\w=]+:/docker(-[ce]e)?/\w+", line): + return True + return False + + +def update_roxy_wi(service): + restart_service = '' + + if distro.id() == 'ubuntu': + try: + if service == 'roxy-wi-keep_alive': + service = 'roxy-wi-keep-alive' + except Exception: + pass + + if service != 'roxy-wi': + restart_service = f'&& sudo systemctl restart {service}' + + cmd = f'sudo -S apt-get update && sudo apt-get install {service} {restart_service}' + else: + if service != 'roxy-wi': + restart_service = f'&& sudo systemctl restart {service}' + cmd = f'sudo -S yum -y install {service} {restart_service}' + + output, stderr = server_mod.subprocess_execute(cmd) + print(output) + print(stderr) + + +def check_ver(): + return sql.get_ver() + + +def versions(): + try: + current_ver = check_ver() + current_ver_without_dots = current_ver.split('.') + current_ver_without_dots = ''.join(current_ver_without_dots) + current_ver_without_dots = current_ver_without_dots.replace('\n', '') + if len(current_ver_without_dots) == 2: + current_ver_without_dots += '00' + if len(current_ver_without_dots) == 3: + current_ver_without_dots += '0' + current_ver_without_dots = int(current_ver_without_dots) + except Exception: + current_ver = "Sorry cannot get current version" + current_ver_without_dots = 0 + + try: + new_ver = check_new_version('roxy-wi') + new_ver_without_dots = new_ver.split('.') + new_ver_without_dots = ''.join(new_ver_without_dots) + new_ver_without_dots = new_ver_without_dots.replace('\n', '') + if len(new_ver_without_dots) == 2: + new_ver_without_dots += '00' + if len(new_ver_without_dots) == 3: + new_ver_without_dots += '0' + new_ver_without_dots = int(new_ver_without_dots) + except Exception as e: + new_ver = "Cannot get a new version" + new_ver_without_dots = 0 + roxywi_common.logging('Roxy-WI server', f' {e}', roxywi=1) + + return current_ver, new_ver, current_ver_without_dots, new_ver_without_dots + + +def get_services_status(): + services = [] + is_in_docker = is_docker() + services_name = { + 'roxy-wi-checker': 'Checker is designed for monitoring HAProxy, NGINX, Apache and Keepalived services as well as HAProxy backends and maxconn', + 'roxy-wi-keep_alive': ' The Auto Start service allows to restart the HAProxy, NGINX, Apache and Keepalived services if they are down', + 'roxy-wi-metrics': 'Collects number of connections for HAProxy, NGINX, Apache and HAProxy WAF services', + 'roxy-wi-portscanner': 'Probes and saves a server or host for open ports', + 'roxy-wi-smon': 'SMON stands for Simple MONitoring', + 'roxy-wi-socket': 'Socket is a service for sending alerts and notifications', + 'roxy-wi-prometheus-exporter': 'Prometheus exporter', + 'prometheus': 'Prometheus service', + 'grafana-server': 'Grafana service', + 'fail2ban': 'Fail2ban service', + 'rabbitmq-server': 'Message broker service' + } + for s, v in services_name.items(): + if is_in_docker: + cmd = f"sudo supervisorctl status {s}|awk '{{print $2}}'" + else: + cmd = f"systemctl is-active {s}" + + status, stderr = server_mod.subprocess_execute(cmd) + + if s != 'roxy-wi-keep_alive': + service_name = s.split('_')[0] + if s == 'grafana-server': + service_name = 'grafana' + elif s == 'roxy-wi-keep_alive' and distro.id() == 'ubuntu': + service_name = 'roxy-wi-keep-alive' + else: + service_name = s + + if service_name == 'prometheus': + cmd = "prometheus --version 2>&1 |grep prometheus|awk '{print $3}'" + else: + if distro.id() == 'ubuntu': + cmd = f"apt list --installed 2>&1 |grep {service_name}|awk '{{print $2}}'|sed 's/-/./'" + else: + cmd = f"rpm -q {service_name}|awk -F\"{service_name}\" '{{print $2}}' |awk -F\".noa\" '{{print $1}}' |sed 's/-//1' |sed 's/-/./'" + service_ver, stderr = server_mod.subprocess_execute(cmd) + + try: + if service_ver[0] == 'command' or service_ver[0] == 'prometheus:': + service_ver[0] = '' + except Exception: + pass + + try: + services.append([s, status, v, service_ver[0]]) + except Exception: + services.append([s, status, v, '']) + + return services + + +def check_new_version(service): + import requests + from requests.adapters import HTTPAdapter + from requests.packages.urllib3.util.retry import Retry + + current_ver = check_ver() + proxy = sql.get_setting('proxy') + res = '' + user_name = sql.select_user_name() + retry_strategy = Retry( + total=3, + status_forcelist=[429, 500, 502, 503, 504], + method_whitelist=["HEAD", "GET", "OPTIONS"] + ) + adapter = HTTPAdapter(max_retries=retry_strategy) + roxy_wi_get_plan = requests.Session() + roxy_wi_get_plan.mount("https://", adapter) + + try: + if proxy is not None and proxy != '' and proxy != 'None': + proxy_dict = {"https": proxy, "http": proxy} + response = requests.get(f'https://roxy-wi.org/version/get/{service}', timeout=1, proxies=proxy_dict) + if service == 'roxy-wi': + requests.get(f'https://roxy-wi.org/version/send/{current_ver}', timeout=1, proxies=proxy_dict) + roxy_wi_get_plan = requests.get(f'https://roxy-wi.org/user-name/{user_name}', timeout=1, proxies=proxy_dict) + else: + response = requests.get(f'https://roxy-wi.org/version/get/{service}', timeout=1) + if service == 'roxy-wi': + requests.get(f'https://roxy-wi.org/version/send/{current_ver}', timeout=1) + roxy_wi_get_plan = requests.get(f'https://roxy-wi.org/user-name/{user_name}', timeout=1) + + res = response.content.decode(encoding='UTF-8') + if service == 'roxy-wi': + try: + status = roxy_wi_get_plan.content.decode(encoding='UTF-8') + status = status.split(' ') + sql.update_user_status(status[0], status[1].strip(), status[2].strip()) + except Exception: + pass + except requests.exceptions.RequestException as e: + roxywi_common.logging('Roxy-WI server', f' {e}', roxywi=1) + + return res diff --git a/app/modules/server/__init__.py b/app/modules/server/__init__.py new file mode 100644 index 00000000..37e2fc10 --- /dev/null +++ b/app/modules/server/__init__.py @@ -0,0 +1 @@ +NAME = 'roxy-wi-server-modules' diff --git a/app/modules/server/server.py b/app/modules/server/server.py new file mode 100644 index 00000000..ce4ad88b --- /dev/null +++ b/app/modules/server/server.py @@ -0,0 +1,345 @@ +import json + +import modules.db.sql as sql +import modules.common.common as common +import modules.roxywi.common as roxywi_common +from modules.server import ssh_connection +import modules.roxy_wi_tools as roxy_wi_tools + +get_config_var = roxy_wi_tools.GetConfigVar() + + +def return_ssh_keys_path(server_ip: str, **kwargs) -> dict: + lib_path = get_config_var.get_config_var('main', 'lib_path') + ssh_settings = {} + + if kwargs.get('id'): + sshs = sql.select_ssh(id=kwargs.get('id')) + else: + sshs = sql.select_ssh(serv=server_ip) + + for ssh in sshs: + ssh_settings.setdefault('enabled', ssh.enable) + ssh_settings.setdefault('user', ssh.username) + ssh_settings.setdefault('password', ssh.password) + ssh_key = f'{lib_path}/keys/{ssh.name}.pem' if ssh.enable == 1 else '' + ssh_settings.setdefault('key', ssh_key) + + ssh_port = [str(server[10]) for server in sql.select_servers(server=server_ip)] + ssh_settings.setdefault('port', ssh_port[0]) + + return ssh_settings + + +def ssh_connect(server_ip): + ssh_settings = return_ssh_keys_path(server_ip) + ssh = ssh_connection.SshConnection(server_ip, ssh_settings['port'], ssh_settings['user'], + ssh_settings['password'], ssh_settings['enabled'], ssh_settings['key']) + + return ssh + + +def ssh_command(server_ip: str, commands: list, **kwargs): + if server_ip == '': + return 'error: IP cannot be empty' + with ssh_connect(server_ip) as ssh: + for command in commands: + try: + stdin, stdout, stderr = ssh.run_command(command) + except Exception as e: + roxywi_common.logging('Roxy-WI server', f' Something wrong with SSH connection. Probably sudo with password {e}', roxywi=1) + return str(e) + + try: + if kwargs.get('raw'): + return stdout.readlines() + if kwargs.get("ip") == "1": + show_ip(stdout) + elif kwargs.get("show_log") == "1": + import modules.roxywi.logs as roxywi_logs + + return roxywi_logs.show_log(stdout, grep=kwargs.get("grep")) + elif kwargs.get('return_err') == 1: + return stderr.read().decode(encoding='UTF-8') + else: + return stdout.read().decode(encoding='UTF-8') + except Exception as e: + roxywi_common.logging('Roxy-WI server', f' Something wrong with SSH connection. Probably sudo with password {e}', roxywi=1) + + for line in stderr.readlines(): + if line: + print(f'error: {line}') + roxywi_common.logging('Roxy-WI server', f' {line}', roxywi=1) + + +def subprocess_execute(cmd): + import subprocess + p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True, universal_newlines=True) + stdout, stderr = p.communicate() + output = stdout.splitlines() + + return output, stderr + + +def is_file_exists(server_ip: str, file: str) -> bool: + cmd = [f'[ -f {file} ] && echo yes || echo no'] + + out = ssh_command(server_ip, cmd) + return True if 'yes' in out else False + + +def is_service_active(server_ip: str, service_name: str) -> bool: + cmd = [f'systemctl is-active {service_name}'] + + out = ssh_command(server_ip, cmd) + out = out.strip() + return True if 'active' == out else False + + +def get_remote_files(server_ip: str, config_dir: str, file_format: str): + config_dir = common.return_nice_path(config_dir) + if file_format == 'conf': + commands = [f'sudo ls {config_dir}*/*.{file_format}'] + else: + commands = [f'sudo ls {config_dir}|grep {file_format}$'] + config_files = ssh_command(server_ip, commands) + + return config_files + + +def show_ip(stdout): + for line in stdout: + if "Permission denied" in line: + print(f'error: {line}') + else: + print(line) + + +def get_system_info(server_ip: str) -> str: + server_ip = common.is_ip_or_dns(server_ip) + if server_ip == '': + return 'error: IP cannot be empty' + + server_id = sql.select_server_id_by_ip(server_ip) + + command = ["sudo lshw -quiet -json"] + try: + sys_info_returned = ssh_command(server_ip, command) + except Exception as e: + raise e + command = ['sudo hostnamectl |grep "Operating System"|awk -F":" \'{print $2}\''] + try: + os_info = ssh_command(server_ip, command) + except Exception as e: + raise e + os_info = os_info.strip() + system_info = json.loads(sys_info_returned) + + sys_info = {'hostname': system_info['id'], 'family': ''} + cpu = {'cpu_model': '', 'cpu_core': 0, 'cpu_thread': 0, 'hz': 0} + network = {} + ram = {'slots': 0, 'size': 0} + disks = {} + + try: + sys_info['family'] = system_info['configuration']['family'] + except Exception: + pass + + for i in system_info['children']: + if i['class'] == 'network': + try: + ip = i['configuration']['ip'] + except Exception: + ip = '' + network[i['logicalname']] = { + 'description': i['description'], + 'mac': i['serial'], + 'ip': ip + } + for k, j in i.items(): + if isinstance(j, list): + for b in j: + try: + if b['class'] == 'processor': + cpu['cpu_model'] = b['product'] + cpu['cpu_core'] += 1 + cpu['hz'] = round(int(b['capacity']) / 1000000) + try: + cpu['cpu_thread'] += int(b['configuration']['threads']) + except Exception: + cpu['cpu_thread'] = 1 + except Exception: + pass + + try: + if b['id'] == 'memory': + ram['size'] = round(b['size'] / 1073741824) + for memory in b['children']: + ram['slots'] += 1 + except Exception: + pass + + try: + if b['class'] == 'storage': + for p, pval in b.items(): + if isinstance(pval, list): + for disks_info in pval: + for volume_info in disks_info['children']: + if isinstance(volume_info['logicalname'], list): + volume_name = volume_info['logicalname'][0] + mount_point = volume_info['logicalname'][1] + size = round(volume_info['capacity'] / 1073741824) + size = str(size) + 'Gb' + fs = volume_info['configuration']['mount.fstype'] + state = volume_info['configuration']['state'] + disks[volume_name] = { + 'mount_point': mount_point, + 'size': size, + 'fs': fs, + 'state': state + } + except Exception: + pass + + try: + if b['class'] == 'bridge': + if 'children' in b: + for s in b['children']: + if s['class'] == 'network': + if 'children' in s: + for net in s['children']: + network[net['logicalname']] = { + 'description': net['description'], + 'mac': net['serial'] + } + if s['class'] == 'storage': + for p, pval in s.items(): + if isinstance(pval, list): + for disks_info in pval: + if 'children' in disks_info: + for volume_info in disks_info['children']: + if isinstance(volume_info['logicalname'], dict): + volume_name = volume_info['logicalname'][0] + mount_point = volume_info['logicalname'][1] + size = round(volume_info['size'] / 1073741824) + size = str(size) + 'Gb' + fs = volume_info['configuration']['mount.fstype'] + state = volume_info['configuration']['state'] + disks[volume_name] = { + 'mount_point': mount_point, + 'size': size, + 'fs': fs, + 'state': state + } + for z, n in s.items(): + if isinstance(n, list): + for y in n: + if y['class'] == 'network': + try: + for q in y['children']: + try: + ip = q['configuration']['ip'] + except Exception: + ip = '' + network[q['logicalname']] = { + 'description': q['description'], + 'mac': q['serial'], + 'ip': ip} + except Exception: + try: + network[y['logicalname']] = { + 'description': y['description'], + 'mac': y['serial'], + 'ip': y['configuration']['ip']} + except Exception: + pass + if y['class'] == 'disk': + try: + for q in y['children']: + try: + if isinstance(q['logicalname'], list): + volume_name = q['logicalname'][0] + mount_point = q['logicalname'][1] + size = round(q['capacity'] / 1073741824) + size = str(size) + 'Gb' + fs = q['configuration']['mount.fstype'] + state = q['configuration']['state'] + disks[volume_name] = { + 'mount_point': mount_point, + 'size': size, + 'fs': fs, + 'state': state + } + except Exception as e: + print(e) + except Exception: + pass + if y['class'] == 'storage' or y['class'] == 'generic': + try: + for q in y['children']: + for o in q['children']: + try: + volume_name = o['logicalname'] + mount_point = '' + size = round(o['size'] / 1073741824) + size = str(size) + 'Gb' + fs = '' + state = '' + disks[volume_name] = { + 'mount_point': mount_point, + 'size': size, + 'fs': fs, + 'state': state + } + except Exception: + pass + for w in o['children']: + try: + if isinstance(w['logicalname'], list): + volume_name = w['logicalname'][0] + mount_point = w['logicalname'][1] + try: + size = round(w['size'] / 1073741824) + size = str(size) + 'Gb' + except Exception: + size = '' + fs = w['configuration']['mount.fstype'] + state = w['configuration']['state'] + disks[volume_name] = { + 'mount_point': mount_point, + 'size': size, + 'fs': fs, + 'state': state + } + except Exception: + pass + except Exception: + pass + try: + for q, qval in y.items(): + if isinstance(qval, list): + for o in qval: + for w in o['children']: + if isinstance(w['logicalname'], list): + volume_name = w['logicalname'][0] + mount_point = w['logicalname'][1] + size = round(w['size'] / 1073741824) + size = str(size) + 'Gb' + fs = w['configuration']['mount.fstype'] + state = w['configuration']['state'] + disks[volume_name] = { + 'mount_point': mount_point, + 'size': size, + 'fs': fs, + 'state': state + } + except Exception: + pass + except Exception: + pass + + try: + sql.insert_system_info(server_id, os_info, sys_info, cpu, ram, network, disks) + except Exception as e: + raise e diff --git a/app/modules/ssh_connection.py b/app/modules/server/ssh_connection.py similarity index 100% rename from app/modules/ssh_connection.py rename to app/modules/server/ssh_connection.py diff --git a/app/modules/service/__init__.py b/app/modules/service/__init__.py new file mode 100644 index 00000000..e8e534e1 --- /dev/null +++ b/app/modules/service/__init__.py @@ -0,0 +1 @@ +NAME = 'roxy-wi-service-modules' diff --git a/app/modules/service/common.py b/app/modules/service/common.py new file mode 100644 index 00000000..b64f771f --- /dev/null +++ b/app/modules/service/common.py @@ -0,0 +1,115 @@ +import os + +import modules.db.sql as sql +import modules.common.common as common +import modules.server.server as server_mod + + +def check_haproxy_version(server_ip): + hap_sock_p = sql.get_setting('haproxy_sock_port') + ver = "" + cmd = f"echo 'show info' |nc {server_ip} {hap_sock_p} |grep Version |awk '{{print $2}}'" + output, stderr = roxywi_common.logging(cmd) + for line in output: + ver = line + + return ver + + +def is_restarted(server_ip: str, action: str) -> None: + cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) + user_uuid = cookie.get('uuid') + user_role = sql.get_user_role_by_uuid(user_uuid.value) + + if sql.is_serv_protected(server_ip) and int(user_role) > 2: + print(f'error: This server is protected. You cannot {action} it') + return + + +def is_not_allowed_to_restart(server_id: int, service: str) -> None: + is_restart = sql.select_service_setting(server_id, service, 'restart') + + if int(is_restart) == 1: + print('warning: this service is not allowed to be restarted') + return + + +def get_exp_version(server_ip: str, service_name: str) -> str: + server_ip = common.is_ip_or_dns(server_ip) + if service_name == 'haproxy_exporter': + commands = ["/opt/prometheus/exporters/haproxy_exporter --version 2>&1 |head -1|awk '{print $3}'"] + elif service_name == 'nginx_exporter': + commands = ["/opt/prometheus/exporters/nginx_exporter 2>&1 |head -1 |awk -F\"=\" '{print $2}'|awk '{print $1}'"] + elif service_name == 'node_exporter': + commands = ["node_exporter --version 2>&1 |head -1|awk '{print $3}'"] + elif service_name == 'apache_exporter': + commands = ["/opt/prometheus/exporters/apache_exporter --version 2>&1 |head -1|awk '{print $3}'"] + + ver = server_mod.ssh_command(server_ip, commands) + + if ver != '': + return ver + else: + return 'no' + + +def get_correct_apache_service_name(server_ip=None, server_id=0) -> str: + if server_id is None: + server_id = sql.select_server_id_by_ip(server_ip) + + try: + os_info = sql.select_os_info(server_id) + except Exception: + return 'error: cannot get server info' + + if "CentOS" in os_info or "Redhat" in os_info: + return 'httpd' + else: + return 'apache2' + + +def server_status(stdout): + proc_count = "" + + for line in stdout: + if "Ncat: " not in line: + for k in line: + try: + proc_count = k.split(":")[1] + except Exception: + proc_count = 1 + else: + proc_count = 0 + return proc_count + + +def check_haproxy_config(server_ip): + server_id = sql.select_server_id_by_ip(server_ip=server_ip) + is_dockerized = sql.select_service_setting(server_id, 'haproxy', 'dockerized') + config_path = sql.get_setting('haproxy_config_path') + + if is_dockerized == '1': + container_name = sql.get_setting('haproxy_container_name') + commands = [f"sudo docker exec -it {container_name} haproxy -q -c -f {config_path}"] + else: + commands = [f"haproxy -q -c -f {config_path}"] + + with server_mod.ssh_connect(server_ip) as ssh: + for command in commands: + stdin, stdout, stderr = ssh.run_command(command) + if not stderr.read(): + return True + else: + return False + + +def check_nginx_config(server_ip): + commands = [f"nginx -q -t -p {sql.get_setting('nginx_dir')}"] + + with server_mod.ssh_connect(server_ip) as ssh: + for command in commands: + stdin, stdout, stderr = ssh.run_command(command) + if not stderr.read(): + return True + else: + return False diff --git a/app/modules/service/exporter_installation.py b/app/modules/service/exporter_installation.py new file mode 100644 index 00000000..cc66e242 --- /dev/null +++ b/app/modules/service/exporter_installation.py @@ -0,0 +1,105 @@ +import os + +import modules.db.sql as sql +import modules.common.common as common +import modules.server.server as server_mod +import modules.roxywi.common as roxywi_common +import modules.service.common as service_common +from modules.service.installation import show_installation_output +from modules.server.server import return_ssh_keys_path + +form = common.form + +def haproxy_exp_installation(): + serv = form.getvalue('haproxy_exp_install') + ver = form.getvalue('exporter_v') + ext_prom = form.getvalue('ext_prom') + script = "install_haproxy_exporter.sh" + stats_port = sql.get_setting('stats_port') + server_state_file = sql.get_setting('server_state_file') + stats_user = sql.get_setting('stats_user') + stats_password = sql.get_setting('stats_password') + stat_page = sql.get_setting('stats_page') + proxy = sql.get_setting('proxy') + ssh_settings = return_ssh_keys_path(serv) + + os.system(f"cp scripts/{script} .") + + if proxy is not None and proxy != '' and proxy != 'None': + proxy_serv = proxy + else: + proxy_serv = '' + + commands = [ + f"chmod +x {script} && ./{script} PROXY={proxy_serv} STAT_PORT={stats_port} STAT_FILE={server_state_file}" + f" SSH_PORT={ssh_settings['port']} STAT_PAGE={stat_page} VER={ver} EXP_PROM={ext_prom} STATS_USER={stats_user}" + f" STATS_PASS='{stats_password}' HOST={serv} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" + ] + + output, error = server_mod.subprocess_execute(commands[0]) + + show_installation_output(error, output, 'HAProxy exporter') + + os.remove(script) + + +def nginx_apache_exp_installation(): + if form.getvalue('nginx_exp_install'): + service = 'nginx' + elif form.getvalue('apache_exp_install'): + service = 'apache' + + serv = common.is_ip_or_dns(form.getvalue('serv')) + ver = common.checkAjaxInput(form.getvalue('exporter_v')) + ext_prom = common.checkAjaxInput(form.getvalue('ext_prom')) + script = f"install_{service}_exporter.sh" + stats_user = sql.get_setting(f'{service}_stats_user') + stats_password = sql.get_setting(f'{service}_stats_password') + stats_port = sql.get_setting(f'{service}_stats_port') + stats_page = sql.get_setting(f'{service}_stats_page') + proxy = sql.get_setting('proxy') + proxy_serv = '' + ssh_settings = return_ssh_keys_path(serv) + + os.system(f"cp scripts/{script} .") + + if proxy is not None and proxy != '' and proxy != 'None': + proxy_serv = proxy + + commands = [ + f"chmod +x {script} && ./{script} PROXY={proxy_serv} STAT_PORT={stats_port} SSH_PORT={ssh_settings['port']} STAT_PAGE={stats_page}" + f" STATS_USER={stats_user} STATS_PASS='{stats_password}' HOST={serv} VER={ver} EXP_PROM={ext_prom} USER={ssh_settings['user']} " + f" PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" + ] + + output, error = server_mod.subprocess_execute(commands[0]) + + show_installation_output(error, output, f'{service.title()} exporter') + + os.remove(script) + + +def node_exp_installation(): + serv = common.is_ip_or_dns(form.getvalue('node_exp_install')) + ver = common.checkAjaxInput(form.getvalue('exporter_v')) + ext_prom = common.checkAjaxInput(form.getvalue('ext_prom')) + script = "install_node_exporter.sh" + proxy = sql.get_setting('proxy') + proxy_serv = '' + ssh_settings = return_ssh_keys_path(serv) + + os.system(f"cp scripts/{script} .") + + if proxy is not None and proxy != '' and proxy != 'None': + proxy_serv = proxy + + commands = [ + f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} VER={ver} EXP_PROM={ext_prom} " + f"HOST={serv} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" + ] + + output, error = server_mod.subprocess_execute(commands[0]) + + show_installation_output(error, output, 'Node exporter') + + os.remove(script) diff --git a/app/modules/service/installation.py b/app/modules/service/installation.py new file mode 100644 index 00000000..518b93b5 --- /dev/null +++ b/app/modules/service/installation.py @@ -0,0 +1,394 @@ +import os + +import modules.db.sql as sql +import modules.service.common as service_common +import modules.common.common as common +import modules.server.server as server_mod +import modules.roxywi.common as roxywi_common +from modules.server.server import return_ssh_keys_path + +form = common.form + +def show_installation_output(error: str, output: str, service: str) -> bool: + if error and "WARNING" not in error: + roxywi_common.logging('Roxy-WI server', error, roxywi=1) + print('error: ' + error) + return False + else: + for line in output: + if any(s in line for s in ("Traceback", "FAILED", "error", "ERROR", "UNREACHABLE")): + try: + print(line) + break + except Exception: + print(output) + break + else: + print(f'success: {service} has been installed') + roxywi_common.logging('Roxy-WI server', error, roxywi=1, keep_history=1, service=service) + return True + + +def install_haproxy(server_ip: str, **kwargs): + script = "install_haproxy.sh" + hap_sock_p = str(sql.get_setting('haproxy_sock_port')) + stats_port = str(sql.get_setting('stats_port')) + server_state_file = sql.get_setting('server_state_file') + stats_user = sql.get_setting('stats_user') + stats_password = sql.get_setting('stats_password') + proxy = sql.get_setting('proxy') + haproxy_dir = sql.get_setting('haproxy_dir') + container_name = sql.get_setting('haproxy_container_name') + haproxy_ver = kwargs.get('hapver') + server_for_installing = kwargs.get('server') + docker = kwargs.get('docker') + proxy_serv = '' + ssh_settings = return_ssh_keys_path(server_ip) + + os.system(f"cp scripts/{script} .") + + if haproxy_ver is None: + haproxy_ver = '2.6.0-1' + + if proxy is not None and proxy != '' and proxy != 'None': + proxy_serv = proxy + + syn_flood_protect = '1' if kwargs.get('syn_flood') == "1" else '' + + commands = [ + f"chmod +x {script} && ./{script} PROXY={proxy_serv} SOCK_PORT={hap_sock_p} STAT_PORT={stats_port} " + f"STAT_FILE={server_state_file} DOCKER={docker} SSH_PORT={ssh_settings['port']} STATS_USER={stats_user} " + f"CONT_NAME={container_name} HAP_DIR={haproxy_dir} STATS_PASS='{stats_password}' HAPVER={haproxy_ver} " + f"SYN_FLOOD={syn_flood_protect} HOST={server_ip} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' " + f"KEY={ssh_settings['key']}" + ] + + output, error = server_mod.subprocess_execute(commands[0]) + if server_for_installing: + service = server_for_installing + ' HAProxy' + else: + service = ' HAProxy' + + if show_installation_output(error, output, service): + sql.update_haproxy(server_ip) + + if docker == '1': + server_id = sql.select_server_id_by_ip(server_ip) + sql.insert_or_update_service_setting(server_id, 'haproxy', 'dockerized', '1') + sql.insert_or_update_service_setting(server_id, 'haproxy', 'restart', '1') + + os.remove(script) + + +def waf_install(server_ip: str): + script = "waf.sh" + proxy = sql.get_setting('proxy') + haproxy_dir = sql.get_setting('haproxy_dir') + ver = service_common.check_haproxy_version(server_ip) + service = ' WAF' + proxy_serv = '' + ssh_settings = return_ssh_keys_path(server_ip) + + os.system(f"cp scripts/{script} .") + + if proxy is not None and proxy != '' and proxy != 'None': + proxy_serv = proxy + + commands = [ + f"chmod +x {script} && ./{script} PROXY={proxy_serv} HAPROXY_PATH={haproxy_dir} VERSION='{ver}' " + f"SSH_PORT={ssh_settings['port']} HOST={server_ip} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' " + f"KEY={ssh_settings['key']}" + ] + + output, error = server_mod.subprocess_execute(commands[0]) + + if show_installation_output(error, output, service): + sql.insert_waf_metrics_enable(server_ip, "0") + sql.insert_waf_rules(server_ip) + + os.remove(script) + + +def waf_nginx_install(server_ip: str): + script = "waf_nginx.sh" + proxy = sql.get_setting('proxy') + nginx_dir = sql.get_setting('nginx_dir') + service = ' WAF' + proxy_serv = '' + ssh_settings = return_ssh_keys_path(server_ip) + + os.system(f"cp scripts/{script} .") + + if proxy is not None and proxy != '' and proxy != 'None': + proxy_serv = proxy + + commands = [ + f"chmod +x {script} && ./{script} PROXY={proxy_serv} NGINX_PATH={nginx_dir} SSH_PORT={ssh_settings['port']} " + f"HOST={server_ip} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" + ] + + output, error = server_mod.subprocess_execute(commands[0]) + + if show_installation_output(error, output, service): + sql.insert_nginx_waf_rules(server_ip) + sql.insert_waf_nginx_server(server_ip) + + os.remove(script) + + +def install_nginx(server_ip: str, **kwargs): + script = "install_nginx.sh" + stats_user = sql.get_setting('nginx_stats_user') + stats_password = sql.get_setting('nginx_stats_password') + stats_port = str(sql.get_setting('nginx_stats_port')) + stats_page = sql.get_setting('nginx_stats_page') + config_path = sql.get_setting('nginx_config_path') + nginx_dir = sql.get_setting('nginx_dir') + server_for_installing = kwargs.get('server') + proxy = sql.get_setting('proxy') + docker = kwargs.get('docker') + container_name = sql.get_setting('nginx_container_name') + proxy_serv = '' + ssh_settings = return_ssh_keys_path(server_ip) + + os.system(f"cp scripts/{script} .") + + if proxy is not None and proxy != '' and proxy != 'None': + proxy_serv = proxy + + syn_flood_protect = '1' if form.getvalue('syn_flood') == "1" else '' + + commands = [ + f"chmod +x {script} && ./{script} PROXY={proxy_serv} STATS_USER={stats_user} STATS_PASS='{stats_password}' " + f"SSH_PORT={ssh_settings['port']} CONFIG_PATH={config_path} CONT_NAME={container_name} STAT_PORT={stats_port} " + f"STAT_PAGE={stats_page} SYN_FLOOD={syn_flood_protect} DOCKER={docker} nginx_dir={nginx_dir} HOST={server_ip} " + f"USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" + ] + + output, error = server_mod.subprocess_execute(commands[0]) + if server_for_installing: + service = server_for_installing + ' Nginx' + else: + service = ' Nginx' + if show_installation_output(error, output, service): + sql.update_nginx(server_ip) + + if docker == '1': + server_id = sql.select_server_id_by_ip(server_ip) + sql.insert_or_update_service_setting(server_id, 'nginx', 'dockerized', '1') + sql.insert_or_update_service_setting(server_id, 'nginx', 'restart', '1') + + os.remove(script) + + +def geoip_installation(): + serv = common.is_ip_or_dns(form.getvalue('geoip_install')) + geoip_update = common.checkAjaxInput(form.getvalue('geoip_update')) + service = form.getvalue('geoip_service') + proxy = sql.get_setting('proxy') + maxmind_key = sql.get_setting('maxmind_key') + proxy_serv = '' + ssh_settings = return_ssh_keys_path(serv) + + if service in ('haproxy', 'nginx'): + service_dir = common.return_nice_path(sql.get_setting(f'{service}_dir')) + script = f'install_{service}_geoip.sh' + else: + print('warning: select a server and service first') + return + + if proxy is not None and proxy != '' and proxy != 'None': + proxy_serv = proxy + + os.system(f"cp scripts/{script} .") + + commands = [ + f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} UPDATE={geoip_update} " + f"maxmind_key={maxmind_key} service_dir={service_dir} HOST={serv} USER={ssh_settings['user']} " + f"PASS={ssh_settings['password']} KEY={ssh_settings['key']}" + ] + + output, error = server_mod.subprocess_execute(commands[0]) + + show_installation_output(error, output, 'GeoLite2 Database') + + os.remove(script) + + +def grafana_install(): + script = "install_grafana.sh" + proxy = sql.get_setting('proxy') + proxy_serv = '' + host = os.environ.get('HTTP_HOST', '') + + os.system(f"cp scripts/{script} .") + + if proxy is not None and proxy != '' and proxy != 'None': + proxy_serv = proxy + + cmd = f"chmod +x {script} && ./{script} PROXY={proxy_serv}" + output, error = server_mod.subprocess_execute(cmd) + + if error: + roxywi_common.logging('Roxy-WI server', error, roxywi=1) + print( + f'success: Grafana and Prometheus servers were installed. You can find Grafana on http://{host}:3000
') + else: + for line in output: + if any(s in line for s in ("Traceback", "FAILED")): + try: + print(line) + break + except Exception: + print(output) + break + else: + print( + f'success: Grafana and Prometheus servers were installed. You can find Grafana on http://{host}:3000
') + + os.remove(script) + + +def keepalived_master_install(): + master = form.getvalue('master') + eth = form.getvalue('interface') + eth_slave = form.getvalue('slave_interface') + vrrp_ip = form.getvalue('vrrpip') + syn_flood = form.getvalue('syn_flood') + virt_server = form.getvalue('virt_server') + return_to_master = form.getvalue('return_to_master') + haproxy = form.getvalue('hap') + nginx = form.getvalue('nginx') + router_id = form.getvalue('router_id') + script = "install_keepalived.sh" + proxy = sql.get_setting('proxy') + keepalived_path_logs = sql.get_setting('keepalived_path_logs') + proxy_serv = '' + ssh_settings = return_ssh_keys_path(master) + + if proxy is not None and proxy != '' and proxy != 'None': + proxy_serv = proxy + + os.system(f"cp scripts/{script} .") + + commands = [ + f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} router_id={router_id} " + f"ETH={eth} IP={vrrp_ip} MASTER=MASTER ETH_SLAVE={eth_slave} keepalived_path_logs={keepalived_path_logs} " + f"RETURN_TO_MASTER={return_to_master} SYN_FLOOD={syn_flood} HOST={master} HAPROXY={haproxy} NGINX={nginx} " + f"USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" + ] + + output, error = server_mod.subprocess_execute(commands[0]) + + if show_installation_output(error, output, 'master Keepalived'): + sql.update_keepalived(master) + + if virt_server != '0': + group_id = sql.get_group_id_by_server_ip(master) + cred_id = sql.get_cred_id_by_server_ip(master) + hostname = sql.get_hostname_by_server_ip(master) + firewall = 1 if server_mod.is_service_active(master, 'firewalld') else 0 + sql.add_server( + hostname + '-VIP', IP, group_id, '1', '1', '0', cred_id, ssh_settings['port'], f'VRRP IP for {master}', + haproxy, nginx, '0', firewall + ) + os.remove(script) + + +def keepalived_slave_install(): + master = form.getvalue('master_slave') + slave = form.getvalue('slave') + eth = form.getvalue('interface') + eth_slave = form.getvalue('slave_interface') + vrrp_ip = form.getvalue('vrrpip') + syn_flood = form.getvalue('syn_flood') + haproxy = form.getvalue('hap') + nginx = form.getvalue('nginx') + router_id = form.getvalue('router_id') + script = "install_keepalived.sh" + proxy = sql.get_setting('proxy') + keepalived_path_logs = sql.get_setting('keepalived_path_logs') + proxy_serv = '' + ssh_settings = return_ssh_keys_path(slave) + + if proxy is not None and proxy != '' and proxy != 'None': + proxy_serv = proxy + + os.system(f"cp scripts/{script} .") + + commands = [ + f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} router_id={router_id} ETH={eth} " + f"IP={vrrp_ip} MASTER=BACKUP ETH_SLAVE={eth_slave} SYN_FLOOD={syn_flood} keepalived_path_logs={keepalived_path_logs} HAPROXY={haproxy} " + f"NGINX={nginx} HOST={slave} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" + ] + + output, error = server_mod.subprocess_execute(commands[0]) + + show_installation_output(error, output, 'slave Keepalived') + + os.remove(script) + sql.update_server_master(master, slave) + sql.update_keepalived(slave) + + +def keepalived_masteradd(): + master = form.getvalue('masteradd') + eth = form.getvalue('interfaceadd') + slave_eth = form.getvalue('slave_interfaceadd') + vrrp_ip = form.getvalue('vrrpipadd') + router_id = form.getvalue('router_id') + kp = form.getvalue('kp') + return_to_master = form.getvalue('return_to_master') + script = "install_keepalived.sh" + proxy = sql.get_setting('proxy') + keepalived_path_logs = sql.get_setting('keepalived_path_logs') + proxy_serv = '' + ssh_settings = return_ssh_keys_path(master) + + if proxy is not None and proxy != '' and proxy != 'None': + proxy_serv = proxy + + os.system(f"cp scripts/{script} .") + + commands = [ + f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} ETH={eth} SLAVE_ETH={slave_eth} " + f"keepalived_path_logs={keepalived_path_logs} RETURN_TO_MASTER={return_to_master} IP={vrrp_ip} MASTER=MASTER " + f"RESTART={kp} ADD_VRRP=1 HOST={master} router_id={router_id} USER={ssh_settings['user']} " + f"PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" + ] + + output, error = server_mod.subprocess_execute(commands[0]) + + show_installation_output(error, output, 'master VRRP address') + os.remove(script) + + +def keepalived_slaveadd(): + slave = form.getvalue('slaveadd') + eth = form.getvalue('interfaceadd') + slave_eth = form.getvalue('slave_interfaceadd') + vrrp_ip = form.getvalue('vrrpipadd') + router_id = form.getvalue('router_id') + kp = form.getvalue('kp') + script = "install_keepalived.sh" + proxy = sql.get_setting('proxy') + keepalived_path_logs = sql.get_setting('keepalived_path_logs') + proxy_serv = '' + ssh_settings = return_ssh_keys_path(slave) + + if proxy is not None and proxy != '' and proxy != 'None': + proxy_serv = proxy + + os.system(f"cp scripts/{script} .") + + commands = [ + f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} ETH={eth} SLAVE_ETH={slave_eth} " + f"keepalived_path_logs={keepalived_path_logs} IP={vrrp_ip} MASTER=BACKUP RESTART={kp} ADD_VRRP=1 HOST={slave} " + f"router_id={router_id} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" + ] + + output, error = server_mod.subprocess_execute(commands[0]) + + show_installation_output(error, output, 'slave VRRP address') + + os.remove(script) diff --git a/app/nettools.py b/app/nettools.py index b432353c..9e63b1f0 100644 --- a/app/nettools.py +++ b/app/nettools.py @@ -1,32 +1,32 @@ #!/usr/bin/env python3 import sys -import funct +import modules.common.common as common +import modules.roxywi.roxy as roxywi_mod +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common + from jinja2 import Environment, FileSystemLoader env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('nettools.html') -form = funct.form +form = common.form print('Content-type: text/html\n') -try: - user, user_id, role, token, servers, user_services \ - = funct.get_users_params(virt=1) -except Exception: - pass +user_params = roxywi_common.get_users_params(virt=1) try: - funct.check_login(user_id, token) + roxywi_auth.check_login(user_params['user_uuid'], user_params['token']) except Exception as e: print(f'error {e}') sys.exit() output_from_parsed_template = template.render(h2=1, autorefresh=0, title="Network tools", - role=role, - user=user, - servers=servers, - versions=funct.versions(), - user_services=user_services, - token=token) + role=user_params['role'], + user=user_params['user'], + servers=user_params['servers'], + versions=roxywi_mod.versions(), + user_services=user_params['user_services'], + token=user_params['token']) print(output_from_parsed_template) diff --git a/app/options.py b/app/options.py index 53c29c5e..819f714a 100644 --- a/app/options.py +++ b/app/options.py @@ -9,14 +9,22 @@ from uuid import UUID import requests from jinja2 import Environment, FileSystemLoader -import funct -import sql +import modules.db.sql as sql +import modules.common.common as common +import modules.config.config as config_mod +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common import modules.roxy_wi_tools as roxy_wi_tools +import modules.server.server as server_mod +import modules.service.common as service_common +import modules.service.installation as service_mod get_config = roxy_wi_tools.GetConfigVar() +time_zone = sql.get_setting('time_zone') +get_date = roxy_wi_tools.GetDate(time_zone) -form = funct.form -serv = funct.is_ip_or_dns(form.getvalue('serv')) +form = common.form +serv = common.is_ip_or_dns(form.getvalue('serv')) act = form.getvalue("act") token = form.getvalue("token") @@ -36,7 +44,7 @@ else: print('Content-type: text/html\n') if act == "checkrestart": - servers = sql.get_dick_permit(ip=serv) + servers = roxywi_common.get_dick_permit(ip=serv) for server in servers: if server != "": print("ok") @@ -60,33 +68,33 @@ if form.getvalue('getcerts') is not None and serv is not None: cert_path = sql.get_setting('cert_path') commands = [f"sudo ls -1t {cert_path} |grep -E 'pem|crt|key'"] try: - funct.ssh_command(serv, commands, ip="1") + server_mod.ssh_command(serv, commands, ip="1") except Exception as e: print(f'error: Cannot connect to the server: {e.args[0]}') if form.getvalue('checkSshConnect') is not None and serv is not None: try: - print(funct.ssh_command(serv, ["ls -1t"])) + print(server_mod.ssh_command(serv, ["ls -1t"])) except Exception as e: print(e) if form.getvalue('getcert') is not None and serv is not None: - cert_id = funct.checkAjaxInput(form.getvalue('getcert')) + cert_id = common.checkAjaxInput(form.getvalue('getcert')) cert_path = sql.get_setting('cert_path') commands = [f"openssl x509 -in {cert_path}/{cert_id} -text"] try: - funct.ssh_command(serv, commands, ip="1") + server_mod.ssh_command(serv, commands, ip="1") except Exception as e: print(f'error: Cannot connect to the server {e.args[0]}') if form.getvalue('delcert') is not None and serv is not None: cert_id = form.getvalue('delcert') - cert_id = funct.checkAjaxInput(cert_id) + cert_id = common.checkAjaxInput(cert_id) cert_path = sql.get_setting('cert_path') commands = [f"sudo rm -f {cert_path}/{cert_id}"] try: - funct.ssh_command(serv, commands, ip="1") + server_mod.ssh_command(serv, commands, ip="1") except Exception as e: print(f'error: Cannot delete the certificate {e.args[0]}') @@ -101,7 +109,7 @@ if serv and form.getvalue('ssl_cert'): if form.getvalue('ssl_name') is None: print('error: Please enter a desired name') else: - name = funct.checkAjaxInput(form.getvalue('ssl_name')) + name = common.checkAjaxInput(form.getvalue('ssl_name')) try: with open(name, "w") as ssl_cert: @@ -112,31 +120,33 @@ if serv and form.getvalue('ssl_cert'): MASTERS = sql.is_master(serv) for master in MASTERS: if master[0] is not None: - funct.upload(master[0], cert_path, name) + config_mod.upload(master[0], cert_path, name) print('success: the SSL file has been uploaded to %s into: %s%s
' % (master[0], cert_path, '/' + name)) try: - error = funct.upload(serv, cert_path, name) + error = config_mod.upload(serv, cert_path, name) print('success: the SSL file has been uploaded to %s into: %s%s' % (serv, cert_path, '/' + name)) except Exception as e: - funct.logging('Roxy-WI server', e.args[0], roxywi=1) + roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1) try: os.rename(name, cert_local_dir) except OSError as e: - funct.logging('Roxy-WI server', e.args[0], roxywi=1) + roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1) - funct.logging(serv, "add.py#ssl uploaded a new SSL cert %s" % name, roxywi=1, login=1) + roxywi_common.logging(serv, "add.py#ssl uploaded a new SSL cert %s" % name, roxywi=1, login=1) if form.getvalue('backend') is not None: - funct.show_backends(serv) + import modules.config.runtime as runtime + runtime.show_backends(serv) if form.getvalue('ip_select') is not None: - funct.show_backends(serv) + import modules.config.runtime as runtime + runtime.show_backends(serv) if form.getvalue('ipbackend') is not None and form.getvalue('backend_server') is None: haproxy_sock_port = int(sql.get_setting('haproxy_sock_port')) - backend = funct.checkAjaxInput(form.getvalue('ipbackend')) + backend = common.checkAjaxInput(form.getvalue('ipbackend')) cmd = 'echo "show servers state"|nc %s %s |grep "%s" |awk \'{print $4}\'' % (serv, haproxy_sock_port, backend) - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) for i in output: if i == ' ': continue @@ -145,180 +155,72 @@ if form.getvalue('ipbackend') is not None and form.getvalue('backend_server') is if form.getvalue('ipbackend') is not None and form.getvalue('backend_server') is not None: haproxy_sock_port = int(sql.get_setting('haproxy_sock_port')) - backend = funct.checkAjaxInput(form.getvalue('ipbackend')) - backend_server = funct.checkAjaxInput(form.getvalue('backend_server')) + backend = common.checkAjaxInput(form.getvalue('ipbackend')) + backend_server = common.checkAjaxInput(form.getvalue('backend_server')) cmd = 'echo "show servers state"|nc %s %s |grep "%s" |grep "%s" |awk \'{print $5":"$19}\' |head -1' % ( serv, haproxy_sock_port, backend, backend_server) - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) print(output[0]) if form.getvalue('backend_ip') is not None: - backend_backend = funct.checkAjaxInput(form.getvalue('backend_backend')) - backend_server = funct.checkAjaxInput(form.getvalue('backend_server')) - backend_ip = funct.checkAjaxInput(form.getvalue('backend_ip')) - backend_port = funct.checkAjaxInput(form.getvalue('backend_port')) + import modules.config.runtime as runtime - if form.getvalue('backend_ip') is None: - print('error: Backend IP must be IP and not 0') - sys.exit() - - if form.getvalue('backend_port') is None: - print('error: The backend port must be integer and not 0') - sys.exit() - - haproxy_sock_port = sql.get_setting('haproxy_sock_port') - - MASTERS = sql.is_master(serv) - for master in MASTERS: - if master[0] is not None: - cmd = 'echo "set server %s/%s addr %s port %s check-port %s" |nc %s %s' % ( - backend_backend, backend_server, backend_ip, backend_port, backend_port, master[0], haproxy_sock_port) - output, stderr = funct.subprocess_execute(cmd) - print(output[0]) - funct.logging( - master[0], 'IP address and port have been changed. On: {}/{} to {}:{}'.format( - backend_backend, backend_server, backend_ip, backend_port - ), - login=1, keep_history=1, service='haproxy' - ) - - cmd = 'echo "set server %s/%s addr %s port %s check-port %s" |nc %s %s' % ( - backend_backend, backend_server, backend_ip, backend_port, backend_port, serv, haproxy_sock_port) - funct.logging( - serv, - 'IP address and port have been changed. On: {}/{} to {}:{}'.format(backend_backend, backend_server, backend_ip, - backend_port), - login=1, keep_history=1, service='haproxy' - ) - output, stderr = funct.subprocess_execute(cmd) - - if stderr != '': - print('error: ' + stderr[0]) - else: - print(output[0]) - configs_dir = get_config.get_config_var('configs', 'haproxy_save_configs_dir') - cfg = configs_dir + serv + "-" + funct.get_data('config') + ".cfg" - - error = funct.get_config(serv, cfg) - cmd = 'string=`grep %s %s -n -A25 |grep "server %s" |head -1|awk -F"-" \'{print $1}\'` ' \ - '&& sed -Ei "$( echo $string)s/((1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5]):[0-9]+/%s:%s/g" %s' % \ - (backend_backend, cfg, backend_server, backend_ip, backend_port, cfg) - output, stderr = funct.subprocess_execute(cmd) - stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save='save') + runtime.change_ip_and_port() if form.getvalue('maxconn_select') is not None: - serv = funct.checkAjaxInput(form.getvalue('maxconn_select')) - funct.get_backends_from_config(serv, backends='frontend') + import modules.config.runtime as runtime + serv = common.checkAjaxInput(form.getvalue('maxconn_select')) + runtime.get_backends_from_config(serv, backends='frontend') if form.getvalue('maxconn_frontend') is not None: - frontend = funct.checkAjaxInput(form.getvalue('maxconn_frontend')) - maxconn = funct.checkAjaxInput(form.getvalue('maxconn_int')) + import modules.config.runtime as runtime - if form.getvalue('maxconn_int') is None: - print('error: Maxconn must be integer and not 0') - sys.exit() - - haproxy_sock_port = sql.get_setting('haproxy_sock_port') - - MASTERS = sql.is_master(serv) - for master in MASTERS: - if master[0] is not None: - if frontend == 'global': - cmd = 'echo "set maxconn %s %s" |nc %s %s' % (frontend, maxconn, master[0], haproxy_sock_port) - else: - cmd = 'echo "set maxconn frontend %s %s" |nc %s %s' % (frontend, maxconn, master[0], haproxy_sock_port) - output, stderr = funct.subprocess_execute(cmd) - funct.logging(master[0], 'Maxconn has been changed. On: {} to {}'.format(frontend, maxconn), login=1, - keep_history=1, - service='haproxy') - - if frontend == 'global': - cmd = 'echo "set maxconn %s %s" |nc %s %s' % (frontend, maxconn, serv, haproxy_sock_port) - else: - cmd = 'echo "set maxconn frontend %s %s" |nc %s %s' % (frontend, maxconn, serv, haproxy_sock_port) - funct.logging(serv, 'Maxconn has been changed. On: {} to {}'.format(frontend, maxconn), login=1, keep_history=1, - service='haproxy') - output, stderr = funct.subprocess_execute(cmd) - - if stderr != '': - print(stderr[0]) - elif output[0] == '': - configs_dir = get_config.get_config_var('configs', 'haproxy_save_configs_dir') - cfg = configs_dir + serv + "-" + funct.get_data('config') + ".cfg" - - error = funct.get_config(serv, cfg) - cmd = 'string=`grep %s %s -n -A5 |grep maxcon -n |awk -F":" \'{print $2}\'|awk -F"-" \'{print $1}\'` ' \ - '&& sed -Ei "$( echo $string)s/[0-9]+/%s/g" %s' % (frontend, cfg, maxconn, cfg) - output, stderr = funct.subprocess_execute(cmd) - stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save='save') - print('success: Maxconn for %s has been set to %s ' % (frontend, maxconn)) - else: - print('error: ' + output[0]) + runtime.change_maxconn() if form.getvalue('table_serv_select') is not None: - print(funct.get_all_stick_table()) + import modules.config.runtime as runtime + print(runtime.get_all_stick_table()) if form.getvalue('table_select') is not None: - env = Environment(loader=FileSystemLoader('templates'), autoescape=True, - extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'], trim_blocks=True, lstrip_blocks=True) - table = form.getvalue('table_select') + import modules.config.runtime as runtime - if table == 'All': - template = env.get_template('ajax/stick_tables.html') - tables = funct.get_all_stick_table() - table = [] - for t in tables.split(','): - if t != '': - table_id = [] - tables_head = [] - tables_head1, table1 = funct.get_stick_table(t) - table_id.append(tables_head1) - table_id.append(table1) - table.append(table_id) - - template = template.render(table=table) - else: - template = env.get_template('ajax/stick_table.html') - tables_head, table = funct.get_stick_table(table) - template = template.render(tables_head=tables_head, table=table) - - print(template) + runtime.table_select() if form.getvalue('ip_for_delete') is not None: haproxy_sock_port = sql.get_setting('haproxy_sock_port') - ip = funct.checkAjaxInput(form.getvalue('ip_for_delete')) - table = funct.checkAjaxInput(form.getvalue('table_for_delete')) + ip = common.checkAjaxInput(form.getvalue('ip_for_delete')) + table = common.checkAjaxInput(form.getvalue('table_for_delete')) cmd = 'echo "clear table %s key %s" |nc %s %s' % (table, ip, serv, haproxy_sock_port) - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr[0] != '': print('error: ' + stderr[0]) if form.getvalue('table_for_clear') is not None: haproxy_sock_port = sql.get_setting('haproxy_sock_port') - table = funct.checkAjaxInput(form.getvalue('table_for_clear')) + table = common.checkAjaxInput(form.getvalue('table_for_clear')) cmd = 'echo "clear table %s " |nc %s %s' % (table, serv, haproxy_sock_port) - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr[0] != '': print('error: ' + stderr[0]) if form.getvalue('list_serv_select') is not None: haproxy_sock_port = sql.get_setting('haproxy_sock_port') cmd = f'echo "show acl"|nc {serv} {haproxy_sock_port} |grep "loaded from" |awk \'{{print $1,$2}}\'' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) print(output) if form.getvalue('list_select_id') is not None: env = Environment(loader=FileSystemLoader('templates/'), autoescape=True, extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'], trim_blocks=True, lstrip_blocks=True) template = env.get_template('ajax/list.html') - list_id = funct.checkAjaxInput(form.getvalue('list_select_id')) - list_name = funct.checkAjaxInput(form.getvalue('list_select_name')) + list_id = common.checkAjaxInput(form.getvalue('list_select_id')) + list_name = common.checkAjaxInput(form.getvalue('list_select_name')) haproxy_sock_port = sql.get_setting('haproxy_sock_port') cmd = f'echo "show acl #{list_id}"|nc {serv} {haproxy_sock_port}' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) template = template.render(list=output, list_id=list_id, list_name=list_name) print(template) @@ -327,15 +229,15 @@ if form.getvalue('list_id_for_delete') is not None: haproxy_sock_port = sql.get_setting('haproxy_sock_port') lists_path = sql.get_setting('lists_path') lib_path = get_config.get_config_var('main', 'lib_path') - ip_id = funct.checkAjaxInput(form.getvalue('list_ip_id_for_delete')) - ip = funct.is_ip_or_dns(form.getvalue('list_ip_for_delete')) - list_id = funct.checkAjaxInput(form.getvalue('list_id_for_delete')) - list_name = funct.checkAjaxInput(form.getvalue('list_name')) - user_group = funct.get_user_group(id=1) + ip_id = common.checkAjaxInput(form.getvalue('list_ip_id_for_delete')) + ip = common.is_ip_or_dns(form.getvalue('list_ip_for_delete')) + list_id = common.checkAjaxInput(form.getvalue('list_id_for_delete')) + list_name = common.checkAjaxInput(form.getvalue('list_name')) + user_group = roxywi_common.get_user_group(id=1) cmd = f"sed -i 's!{ip}$!!' {lib_path}/{lists_path}/{user_group}/{list_name}" cmd1 = f"sed -i '/^$/d' {lib_path}/{lists_path}/{user_group}/{list_name}" - output, stderr = funct.subprocess_execute(cmd) - output1, stderr1 = funct.subprocess_execute(cmd1) + output, stderr = server_mod.subprocess_execute(cmd) + output1, stderr1 = server_mod.subprocess_execute(cmd1) if output: print(f'error: {output}') if stderr: @@ -346,13 +248,13 @@ if form.getvalue('list_id_for_delete') is not None: print(f'error: {stderr}') cmd = f'echo "del acl #{list_id} #{ip_id}" |nc {serv} {haproxy_sock_port}' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if output[0] != '': print(f'error: {output[0]}') if stderr != '': print(f'error: {stderr[0]}') - funct.logging(serv, f'{ip_id} has been delete from list {list_id}', login=1, keep_history=1, + roxywi_common.logging(serv, f'{ip_id} has been delete from list {list_id}', login=1, keep_history=1, service='haproxy') if form.getvalue('list_ip_for_add') is not None: @@ -361,12 +263,12 @@ if form.getvalue('list_ip_for_add') is not None: lib_path = get_config.get_config_var('main', 'lib_path') ip = form.getvalue('list_ip_for_add') ip = ip.strip() - ip = funct.is_ip_or_dns(ip) - list_id = funct.checkAjaxInput(form.getvalue('list_id_for_add')) - list_name = funct.checkAjaxInput(form.getvalue('list_name')) - user_group = funct.get_user_group(id=1) + ip = common.is_ip_or_dns(ip) + list_id = common.checkAjaxInput(form.getvalue('list_id_for_add')) + list_name = common.checkAjaxInput(form.getvalue('list_name')) + user_group = roxywi_common.get_user_group(id=1) cmd = f'echo "add acl #{list_id} {ip}" |nc {serv} {haproxy_sock_port}' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if output[0]: print(f'error: {output[0]}') if stderr: @@ -374,24 +276,24 @@ if form.getvalue('list_ip_for_add') is not None: if 'is not a valid IPv4 or IPv6 address' not in output[0]: cmd = f'echo "{ip}" >> {lib_path}/{lists_path}/{user_group}/{list_name}' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if output: print(f'error: {output}') if stderr: print(f'error: {stderr}') - funct.logging(serv, f'{ip} has been added to list {list_id}', login=1, keep_history=1, + roxywi_common.logging(serv, f'{ip} has been added to list {list_id}', login=1, keep_history=1, service='haproxy') if form.getvalue('sessions_select') is not None: env = Environment(loader=FileSystemLoader('templates'), autoescape=True, extensions=['jinja2.ext.loopcontrols', 'jinja2.ext.do'], trim_blocks=True, lstrip_blocks=True) - serv = funct.checkAjaxInput(form.getvalue('sessions_select')) + serv = common.checkAjaxInput(form.getvalue('sessions_select')) haproxy_sock_port = sql.get_setting('haproxy_sock_port') cmd = f'echo "show sess" |nc {serv} {haproxy_sock_port}' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) template = env.get_template('ajax/sessions_table.html') template = template.render(sessions=output) @@ -399,12 +301,12 @@ if form.getvalue('sessions_select') is not None: print(template) if form.getvalue('sessions_select_show') is not None: - serv = funct.checkAjaxInput(form.getvalue('sessions_select_show')) - sess_id = funct.checkAjaxInput(form.getvalue('sessions_select_id')) + serv = common.checkAjaxInput(form.getvalue('sessions_select_show')) + sess_id = common.checkAjaxInput(form.getvalue('sessions_select_id')) haproxy_sock_port = sql.get_setting('haproxy_sock_port') cmd = 'echo "show sess %s" |nc %s %s' % (sess_id, serv, haproxy_sock_port) - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr: print('error: ' + stderr[0]) @@ -414,9 +316,9 @@ if form.getvalue('sessions_select_show') is not None: if form.getvalue('session_delete_id') is not None: haproxy_sock_port = sql.get_setting('haproxy_sock_port') - sess_id = funct.checkAjaxInput(form.getvalue('session_delete_id')) + sess_id = common.checkAjaxInput(form.getvalue('session_delete_id')) cmd = 'echo "shutdown session %s" |nc %s %s' % (sess_id, serv, haproxy_sock_port) - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if output[0] != '': print('error: ' + output[0]) if stderr[0] != '': @@ -429,11 +331,11 @@ if form.getvalue("change_pos") is not None: if form.getvalue('show_ip') is not None and serv is not None: commands = ["sudo ip a |grep inet |egrep -v '::1' |awk '{ print $2 }' |awk -F'/' '{ print $1 }'"] - funct.ssh_command(serv, commands, ip="1") + server_mod.ssh_command(serv, commands, ip="1") if form.getvalue('showif'): commands = ["sudo ip link|grep 'UP' |grep -v 'lo'| awk '{print $2}' |awk -F':' '{print $1}'"] - funct.ssh_command(serv, commands, ip="1") + server_mod.ssh_command(serv, commands, ip="1") if form.getvalue('action_hap') is not None and serv is not None: action = form.getvalue('action_hap') @@ -443,13 +345,13 @@ if form.getvalue('action_hap') is not None and serv is not None: print('error: wrong action') sys.exit() - funct.is_restarted(serv, action) + service_common.is_restarted(serv, action) - if funct.check_haproxy_config(serv): + if service_common.check_haproxy_config(serv): server_id = sql.select_server_id_by_ip(server_ip=serv) if action == 'restart': - funct.is_not_allowed_to_restart(server_id, 'haproxy') + service_common.is_not_allowed_to_restart(server_id, 'haproxy') is_docker = sql.select_service_setting(server_id, 'haproxy', 'dockerized') @@ -462,8 +364,8 @@ if form.getvalue('action_hap') is not None and serv is not None: haproxy_service_name = "hapee-2.0-lb" commands = [f"sudo systemctl {action} {haproxy_service_name}"] - funct.ssh_command(serv, commands) - funct.logging(serv, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, + server_mod.ssh_command(serv, commands) + roxywi_common.logging(serv, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service='haproxy') print(f"success: HAProxy has been {action}") else: @@ -476,13 +378,13 @@ if form.getvalue('action_nginx') is not None and serv is not None: print('error: wrong action') sys.exit() - funct.is_restarted(serv, action) + service_common.is_restarted(serv, action) - if funct.check_nginx_config(serv): + if service_common.check_nginx_config(serv): server_id = sql.select_server_id_by_ip(server_ip=serv) if action == 'restart': - funct.is_not_allowed_to_restart(server_id, 'nginx') + service_common.is_not_allowed_to_restart(server_id, 'nginx') is_docker = sql.select_service_setting(server_id, 'nginx', 'dockerized') if is_docker == '1': @@ -490,8 +392,8 @@ if form.getvalue('action_nginx') is not None and serv is not None: commands = ["sudo docker %s %s" % (action, container_name)] else: commands = ["sudo systemctl %s nginx" % action] - funct.ssh_command(serv, commands) - funct.logging(serv, 'Service has been ' + action + 'ed', roxywi=1, login=1, keep_history=1, service='nginx') + server_mod.ssh_command(serv, commands) + roxywi_common.logging(serv, 'Service has been ' + action + 'ed', roxywi=1, login=1, keep_history=1, service='nginx') print("success: Nginx has been %s" % action) else: print("error: Bad config, check please") @@ -503,11 +405,11 @@ if form.getvalue('action_keepalived') is not None and serv is not None: print('error: wrong action') sys.exit() - funct.is_restarted(serv, action) + service_common.is_restarted(serv, action) commands = ["sudo systemctl %s keepalived" % action] - funct.ssh_command(serv, commands) - funct.logging(serv, 'Service has been ' + action + 'ed', roxywi=1, login=1, keep_history=1, service='keepalived') + server_mod.ssh_command(serv, commands) + roxywi_common.logging(serv, 'Service has been ' + action + 'ed', roxywi=1, login=1, keep_history=1, service='keepalived') print("success: Keepalived has been %s" % action) if form.getvalue('action_waf') is not None and serv is not None: @@ -518,32 +420,32 @@ if form.getvalue('action_waf') is not None and serv is not None: print('error: wrong action') sys.exit() - funct.is_restarted(serv, action) + service_common.is_restarted(serv, action) - funct.logging(serv, 'HAProxy WAF service has been ' + action + 'ed', roxywi=1, login=1, keep_history=1, + roxywi_common.logging(serv, 'HAProxy WAF service has been ' + action + 'ed', roxywi=1, login=1, keep_history=1, service='haproxy') commands = ["sudo systemctl %s waf" % action] - funct.ssh_command(serv, commands) + server_mod.ssh_command(serv, commands) if form.getvalue('action_waf_nginx') is not None and serv is not None: serv = form.getvalue('serv') action = form.getvalue('action_waf_nginx') - config_dir = funct.return_nice_path(sql.get_setting('nginx_dir')) + config_dir = common.return_nice_path(sql.get_setting('nginx_dir')) if action not in ('start', 'stop'): print('error: wrong action') sys.exit() - funct.is_restarted(serv, action) + service_common.is_restarted(serv, action) waf_new_state = 'on' if action == 'start' else 'off' waf_old_state = 'off' if action == 'start' else 'on' - funct.logging(serv, 'NGINX WAF service has been ' + action + 'ed', roxywi=1, login=1, keep_history=1, + roxywi_common.logging(serv, 'NGINX WAF service has been ' + action + 'ed', roxywi=1, login=1, keep_history=1, service='nginx') commands = [f"sudo sed -i 's/modsecurity {waf_old_state}/modsecurity {waf_new_state}/g' {config_dir}nginx.conf" f" && sudo systemctl reload nginx"] - funct.ssh_command(serv, commands) + server_mod.ssh_command(serv, commands) if form.getvalue('action_apache') is not None and serv is not None: action = form.getvalue('action_apache') @@ -552,33 +454,34 @@ if form.getvalue('action_apache') is not None and serv is not None: print('error: wrong action') sys.exit() - funct.is_restarted(serv, action) + service_common.is_restarted(serv, action) server_id = sql.select_server_id_by_ip(serv) if action == 'restart': - funct.is_not_allowed_to_restart(server_id, 'apache') + service_common.is_not_allowed_to_restart(server_id, 'apache') is_docker = sql.select_service_setting(server_id, 'apache', 'dockerized') if is_docker == '1': container_name = sql.get_setting('apache_container_name') commands = ["sudo docker %s %s" % (action, container_name)] else: - service_apache_name = funct.get_correct_apache_service_name(None, server_id) + service_apache_name = service_common.get_correct_apache_service_name(None, server_id) commands = ["sudo systemctl %s %s" % (action, service_apache_name)] - funct.ssh_command(serv, commands) - funct.logging(serv, 'Service has been ' + action + 'ed', roxywi=1, login=1, keep_history=1, service='apache') + server_mod.ssh_command(serv, commands) + roxywi_common.logging(serv, 'Service has been ' + action + 'ed', roxywi=1, login=1, keep_history=1, service='apache') print("success: Apache has been %s" % action) if form.getvalue('action_service') is not None: - action = funct.checkAjaxInput(form.getvalue('action_service')) + import modules.roxywi.roxy as roxy + action = common.checkAjaxInput(form.getvalue('action_service')) if action not in ('start', 'stop', 'restart'): print('error: wrong action') sys.exit() - is_in_docker = funct.is_docker() + is_in_docker = roxy.is_docker() if action == 'stop': cmd = "sudo systemctl disable %s --now" % serv elif action == "start": @@ -597,10 +500,12 @@ if form.getvalue('action_service') is not None: sys.exit() if is_in_docker: cmd = "sudo supervisorctl " + action + " " + serv - output, stderr = funct.subprocess_execute(cmd) - funct.logging('Roxy-WI server', ' The service ' + serv + ' has been ' + action + 'ed', roxywi=1, login=1) + output, stderr = server_mod.subprocess_execute(cmd) + roxywi_common.logging('Roxy-WI server', ' The service ' + serv + ' has been ' + action + 'ed', roxywi=1, login=1) if act == "overviewHapserverBackends": + import modules.config.section as section_mod + env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True) template = env.get_template('haproxyservers_backends.html') service = form.getvalue('service') @@ -615,28 +520,28 @@ if act == "overviewHapserverBackends": if service != 'nginx' and service != 'apache': try: - sections = funct.get_sections(configs_dir + funct.get_files(configs_dir, format_file)[0], service=service) + sections = section_mod.get_sections(configs_dir + roxywi_common.get_files(configs_dir, format_file)[0], service=service) except Exception as e: - funct.logging('Roxy-WI server', str(e), roxywi=1) + roxywi_common.logging('Roxy-WI server', str(e), roxywi=1) try: - cfg = configs_dir + serv + "-" + funct.get_data('config') + '.' + format_file + cfg = configs_dir + serv + "-" + get_date.return_date('config') + '.' + format_file except Exception as e: - funct.logging('Roxy-WI server', ' Cannot generate a cfg path ' + str(e), roxywi=1) + roxywi_common.logging('Roxy-WI server', ' Cannot generate a cfg path ' + str(e), roxywi=1) try: if service == 'keepalived': - error = funct.get_config(serv, cfg, keepalived=1) + error = config_mod.get_config(serv, cfg, keepalived=1) else: - error = funct.get_config(serv, cfg) + error = config_mod.get_config(serv, cfg) except Exception as e: - funct.logging('Roxy-WI server', ' Cannot download a config ' + str(e), roxywi=1) + roxywi_common.logging('Roxy-WI server', ' Cannot download a config ' + str(e), roxywi=1) try: - sections = funct.get_sections(cfg, service=service) + sections = section_mod.get_sections(cfg, service=service) except Exception as e: - funct.logging('Roxy-WI server', ' Cannot get sections from config file ' + str(e), roxywi=1) + roxywi_common.logging('Roxy-WI server', ' Cannot get sections from config file ' + str(e), roxywi=1) sections = 'Cannot get backends' else: - sections = funct.get_remote_sections(serv, service) + sections = section_mod.get_remote_sections(serv, service) template = template.render(backends=sections, serv=serv, service=service) print(template) @@ -646,21 +551,21 @@ if form.getvalue('show_userlists'): format_file = 'cfg' try: - sections = funct.get_userlists(configs_dir + funct.get_files(configs_dir, format_file)[0]) + sections = config_mod.get_userlists(configs_dir + roxywi_common.get_files(configs_dir, format_file)[0]) except Exception as e: - funct.logging('Roxy-WI server', str(e), roxywi=1) + roxywi_common.logging('Roxy-WI server', str(e), roxywi=1) try: - cfg = f'{configs_dir}{serv}-{funct.get_data("config")}.{format_file}' + cfg = f'{configs_dir}{serv}-{get_date.return_date("config")}.{format_file}' except Exception as e: - funct.logging('Roxy-WI server', f' Cannot generate a cfg path {e}', roxywi=1) + roxywi_common.logging('Roxy-WI server', f' Cannot generate a cfg path {e}', roxywi=1) try: - error = funct.get_config(serv, cfg) + error = config_mod.get_config(serv, cfg) except Exception as e: - funct.logging('Roxy-WI server', f' Cannot download a config {e}', roxywi=1) + roxywi_common.logging('Roxy-WI server', f' Cannot download a config {e}', roxywi=1) try: - sections = funct.get_userlists(cfg) + sections = config_mod.get_userlists(cfg) except Exception as e: - funct.logging('Roxy-WI server', f' Cannot get Userlists from the config file {e}', roxywi=1) + roxywi_common.logging('Roxy-WI server', f' Cannot get Userlists from the config file {e}', roxywi=1) sections = 'error: Cannot get Userlists' print(sections) @@ -674,7 +579,7 @@ if act == "overviewHapservers": config_path = sql.get_setting('haproxy_config_path') commands = ["ls -l %s |awk '{ print $6\" \"$7\" \"$8}'" % config_path] try: - print(funct.ssh_command(serv, commands)) + print(server_mod.ssh_command(serv, commands)) except Exception as e: print(f'error: Cannot get last date {e} for server {serv}') @@ -704,20 +609,20 @@ if act == "overview": if haproxy: cmd = f'echo "show info" |nc {serv2} {sql.get_setting("haproxy_sock_port")} -w 1|grep -e "Process_num"' - haproxy_process = funct.server_status(funct.subprocess_execute(cmd)) + haproxy_process = service_common.server_status(server_mod.subprocess_execute(cmd)) if nginx: nginx_cmd = f'echo "something" |nc {serv2} {sql.get_setting("nginx_stats_port")} -w 1' - nginx_process = funct.server_status(funct.subprocess_execute(nginx_cmd)) + nginx_process = service_common.server_status(server_mod.subprocess_execute(nginx_cmd)) if apache: apache_cmd = f'echo "something" |nc {serv2} {sql.get_setting("apache_stats_port")} -w 1' - apache_process = funct.server_status(funct.subprocess_execute(apache_cmd)) + apache_process = service_common.server_status(server_mod.subprocess_execute(apache_cmd)) if keepalived: command = ["ps ax |grep keepalived|grep -v grep|wc -l|tr -d '\n'"] try: - keepalived_process = funct.ssh_command(serv2, command) + keepalived_process = server_mod.ssh_command(serv2, command) except Exception as e: print(f'{e} for server {serv2}') sys.exit() @@ -725,7 +630,7 @@ if act == "overview": if waf_len >= 1: command = ["ps ax |grep waf/bin/modsecurity |grep -v grep |wc -l"] try: - waf_process = funct.ssh_command(serv2, command) + waf_process = server_mod.ssh_command(serv2, command) except Exception as e: print(f'{e} for server {serv2}') sys.exit() @@ -758,7 +663,7 @@ if act == "overview": for i, future in enumerate(asyncio.as_completed(futures)): result = await future servers.append(result) - servers_sorted = sorted(servers, key=funct.get_key) + servers_sorted = sorted(servers, key=common.get_key) template = template.render(service_status=servers_sorted, role=sql.get_user_role_by_uuid(user_uuid.value)) print(template) @@ -809,11 +714,11 @@ if act == "overviewwaf": command = ["ps ax |grep waf/bin/modsecurity |grep -v grep |wc -l"] elif waf_service == 'nginx': command = [ - f"grep 'modsecurity on' {funct.return_nice_path(config_path)}* --exclude-dir=waf -Rs |wc -l"] + f"grep 'modsecurity on' {common.return_nice_path(config_path)}* --exclude-dir=waf -Rs |wc -l"] commands1 = [ f"grep SecRuleEngine {config_path}/waf/modsecurity.conf |grep -v '#' |awk '{{print $2}}'"] - waf_process = funct.ssh_command(server[2], command) - waf_mode = funct.ssh_command(server[2], commands1).strip() + waf_process = server_mod.ssh_command(server[2], command) + waf_mode = server_mod.ssh_command(server[2], commands1).strip() server_status = (server[1], server[2], @@ -831,7 +736,7 @@ if act == "overviewwaf": returned_servers.append(server_status) - servers_sorted = sorted(returned_servers, key=funct.get_key) + servers_sorted = sorted(returned_servers, key=common.get_key) template = template.render(service_status=servers_sorted, role=sql.get_user_role_by_uuid(user_id.value), waf_service=waf_service) print(template) @@ -843,7 +748,7 @@ if act == "overviewServers": if service == 'haproxy': cmd = 'echo "show info" |nc %s %s -w 1|grep -e "node\|Nbproc\|Maxco\|MB\|Nbthread"' % ( serv2, sql.get_setting('haproxy_sock_port')) - out = funct.subprocess_execute(cmd) + out = server_mod.subprocess_execute(cmd) return_out = "" for k in out: @@ -873,7 +778,7 @@ if act == "overviewServers": for i, future in enumerate(asyncio.as_completed(futures)): result = await future servers.append(result) - servers_sorted = sorted(servers, key=funct.get_key) + servers_sorted = sorted(servers, key=common.get_key) template = template.render(service_status=servers_sorted, role=role, id=kwargs.get('id'), service_page=service) print(template) @@ -958,6 +863,8 @@ if serv is not None and act == "stats": print(data.decode('utf-8')) if serv is not None and form.getvalue('show_log') is not None: + import modules.roxywi.logs as roxywi_logs + rows = form.getvalue('show_log') waf = form.getvalue('waf') grep = form.getvalue('grep') @@ -966,22 +873,26 @@ if serv is not None and form.getvalue('show_log') is not None: hour1 = form.getvalue('hour1') minut1 = form.getvalue('minut1') service = form.getvalue('service') - out = funct.show_roxy_log(serv, rows=rows, waf=waf, grep=grep, hour=hour, minut=minut, hour1=hour1, + out = roxywi_logs.show_roxy_log(serv, rows=rows, waf=waf, grep=grep, hour=hour, minut=minut, hour1=hour1, minut1=minut1, service=service) print(out) if serv is not None and form.getvalue('rows1') is not None: + import modules.roxywi.logs as roxywi_logs + rows = form.getvalue('rows1') grep = form.getvalue('grep') hour = form.getvalue('hour') minut = form.getvalue('minut') hour1 = form.getvalue('hour1') minut1 = form.getvalue('minut1') - out = funct.show_roxy_log(serv, rows=rows, waf='0', grep=grep, hour=hour, minut=minut, hour1=hour1, + out = roxywi_logs.show_roxy_log(serv, rows=rows, waf='0', grep=grep, hour=hour, minut=minut, hour1=hour1, minut1=minut1, service='apache_internal') print(out) if form.getvalue('viewlogs') is not None: + import modules.roxywi.logs as roxywi_logs + viewlog = form.getvalue('viewlogs') rows = form.getvalue('rows') grep = form.getvalue('grep') @@ -989,8 +900,8 @@ if form.getvalue('viewlogs') is not None: minut = form.getvalue('minut') hour1 = form.getvalue('hour1') minut1 = form.getvalue('minut1') - if funct.check_user_group(): - out = funct.show_roxy_log(serv=viewlog, rows=rows, waf='0', grep=grep, hour=hour, minut=minut, hour1=hour1, + if roxywi_common.check_user_group(): + out = roxywi_logs.show_roxy_log(serv=viewlog, rows=rows, waf='0', grep=grep, hour=hour, minut=minut, hour1=hour1, minut1=minut1, service='internal') print(out) @@ -1004,12 +915,12 @@ if serv is not None and act == "showMap": stats_port = sql.get_setting('stats_port') haproxy_config_path = sql.get_setting('haproxy_config_path') hap_configs_dir = get_config.get_config_var('configs', 'haproxy_save_configs_dir') - date = funct.get_data('config') + date = get_date.return_date('config') cfg = f'{hap_configs_dir}{serv}-{date}.cfg' print(f'

Map from {serv}

') - error = funct.get_config(serv, cfg) + error = config_mod.get_config(serv, cfg) if error: print(error) try: @@ -1209,8 +1120,8 @@ if serv is not None and act == "showMap": if form.getvalue('servaction') is not None: server_state_file = sql.get_setting('server_state_file') haproxy_sock = sql.get_setting('haproxy_sock') - enable = funct.checkAjaxInput(form.getvalue('servaction')) - backend = funct.checkAjaxInput(form.getvalue('servbackend')) + enable = common.checkAjaxInput(form.getvalue('servaction')) + backend = common.checkAjaxInput(form.getvalue('servbackend')) cmd = f'echo "{enable} {backend}" |sudo socat stdio {haproxy_sock}' @@ -1221,15 +1132,15 @@ if form.getvalue('servaction') is not None: command = [cmd] if enable != "show": - funct.logging(serv, f'Has been {enable}ed {backend}', login=1, keep_history=1, service='haproxy') + roxywi_common.logging(serv, f'Has been {enable}ed {backend}', login=1, keep_history=1, service='haproxy') print( f'

You {enable} {backend} on HAProxy {serv}. Look it or Edit something else


') - print(funct.ssh_command(serv, command, show_log="1")) + print(server_mod.ssh_command(serv, command, show_log="1")) action = f'runtimeapi.py {enable} {backend}' - funct.logging(serv, action) + roxywi_common.logging(serv, action) if act == "showCompareConfigs": env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) @@ -1239,20 +1150,20 @@ if act == "showCompareConfigs": service = form.getvalue('service') if service == 'nginx': - return_files = funct.get_files(get_config.get_config_var('configs', 'nginx_save_configs_dir'), 'conf') + return_files = roxywi_common.get_files(get_config.get_config_var('configs', 'nginx_save_configs_dir'), 'conf') elif service == 'apache': - return_files = funct.get_files(get_config.get_config_var('configs', 'apache_save_configs_dir'), 'conf') + return_files = roxywi_common.get_files(get_config.get_config_var('configs', 'apache_save_configs_dir'), 'conf') elif service == 'keepalived': - return_files = funct.get_files(get_config.get_config_var('configs', 'kp_save_configs_dir'), 'conf') + return_files = roxywi_common.get_files(get_config.get_config_var('configs', 'kp_save_configs_dir'), 'conf') else: - return_files = funct.get_files() + return_files = roxywi_common.get_files() template = template.render(serv=serv, right=right, left=left, return_files=return_files) print(template) if serv is not None and form.getvalue('right') is not None: - left = funct.checkAjaxInput(form.getvalue('left')) - right = funct.checkAjaxInput(form.getvalue('right')) + left = common.checkAjaxInput(form.getvalue('left')) + right = common.checkAjaxInput(form.getvalue('right')) if form.getvalue('service') == 'nginx': configs_dir = get_config.get_config_var('configs', 'nginx_save_configs_dir') @@ -1268,7 +1179,7 @@ if serv is not None and form.getvalue('right') is not None: extensions=["jinja2.ext.loopcontrols", "jinja2.ext.do"]) template = env.get_template('ajax/compare.html') - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) template = template.render(stdout=output) print(template) @@ -1298,15 +1209,15 @@ if serv is not None and act == "configShow": cfg = '.cfg' if form.getvalue('configver') is None: - cfg = configs_dir + serv + "-" + funct.get_data('config') + cfg + cfg = configs_dir + serv + "-" + get_date.return_date('config') + cfg if service == 'nginx': - funct.get_config(serv, cfg, nginx=1, config_file_name=form.getvalue('config_file_name')) + config_mod.get_config(serv, cfg, nginx=1, config_file_name=form.getvalue('config_file_name')) elif service == 'apache': - funct.get_config(serv, cfg, apache=1, config_file_name=form.getvalue('config_file_name')) + config_mod.get_config(serv, cfg, apache=1, config_file_name=form.getvalue('config_file_name')) elif service == 'keepalived': - funct.get_config(serv, cfg, keepalived=1) + config_mod.get_config(serv, cfg, keepalived=1) else: - funct.get_config(serv, cfg) + config_mod.get_config(serv, cfg) else: cfg = configs_dir + form.getvalue('configver') try: @@ -1336,6 +1247,8 @@ if serv is not None and act == "configShow": os.remove(cfg) if act == 'configShowFiles': + import modules.server.server as server_mod + service = form.getvalue('service') config_dir = get_config.get_config_var('configs', f'{service}_save_configs_dir') @@ -1344,7 +1257,7 @@ if act == 'configShowFiles': config_file_name = form.getvalue('config_file_name').replace('92', '/') except Exception: config_file_name = '' - return_files = funct.get_remote_files(serv, service_config_dir, 'conf') + return_files = server_mod.get_remote_files(serv, service_config_dir, 'conf') if 'error: ' in return_files: print(return_files) sys.exit() @@ -1356,9 +1269,11 @@ if act == 'configShowFiles': print(template) if act == 'showRemoteLogFiles': + import modules.server.server as server_mod + service = form.getvalue('service') log_path = sql.get_setting(f'{service}_path_logs') - return_files = funct.get_remote_files(serv, log_path, 'log') + return_files = server_mod.get_remote_files(serv, log_path, 'log') if 'error: ' in return_files: print(return_files) sys.exit() @@ -1369,148 +1284,16 @@ if act == 'showRemoteLogFiles': print(template) if form.getvalue('master'): - master = form.getvalue('master') - slave = form.getvalue('slave') - ETH = form.getvalue('interface') - ETH_SLAVE = form.getvalue('slave_interface') - IP = form.getvalue('vrrpip') - syn_flood = form.getvalue('syn_flood') - virt_server = form.getvalue('virt_server') - return_to_master = form.getvalue('return_to_master') - haproxy = form.getvalue('hap') - nginx = form.getvalue('nginx') - router_id = form.getvalue('router_id') - script = "install_keepalived.sh" - proxy = sql.get_setting('proxy') - keepalived_path_logs = sql.get_setting('keepalived_path_logs') - proxy_serv = '' - ssh_settings = funct.return_ssh_keys_path(master) - - if proxy is not None and proxy != '' and proxy != 'None': - proxy_serv = proxy - - os.system(f"cp scripts/{script} .") - - commands = [ - f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} router_id={router_id} " - f"ETH={ETH} IP={IP} MASTER=MASTER ETH_SLAVE={ETH_SLAVE} keepalived_path_logs={keepalived_path_logs} " - f"RETURN_TO_MASTER={return_to_master} SYN_FLOOD={syn_flood} HOST={master} HAPROXY={haproxy} NGINX={nginx} " - f"USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" - ] - - output, error = funct.subprocess_execute(commands[0]) - - if funct.show_installation_output(error, output, 'master Keepalived'): - sql.update_keepalived(master) - - if virt_server != '0': - group_id = sql.get_group_id_by_server_ip(master) - cred_id = sql.get_cred_id_by_server_ip(master) - hostname = sql.get_hostname_by_server_ip(master) - firewall = 1 if funct.is_service_active(master, 'firewalld') else 0 - sql.add_server( - hostname + '-VIP', IP, group_id, '1', '1', '0', cred_id, ssh_settings['port'], f'VRRP IP for {master}', - haproxy, nginx, '0', firewall - ) - os.remove(script) + service_mod.keepalived_master_install() if form.getvalue('master_slave'): - master = form.getvalue('master_slave') - slave = form.getvalue('slave') - ETH = form.getvalue('interface') - ETH_SLAVE = form.getvalue('slave_interface') - IP = form.getvalue('vrrpip') - syn_flood = form.getvalue('syn_flood') - haproxy = form.getvalue('hap') - nginx = form.getvalue('nginx') - router_id = form.getvalue('router_id') - script = "install_keepalived.sh" - proxy = sql.get_setting('proxy') - keepalived_path_logs = sql.get_setting('keepalived_path_logs') - proxy_serv = '' - ssh_settings = funct.return_ssh_keys_path(slave) - - if proxy is not None and proxy != '' and proxy != 'None': - proxy_serv = proxy - - os.system(f"cp scripts/{script} .") - - commands = [ - f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} router_id={router_id} ETH={ETH} " - f"IP={IP} MASTER=BACKUP ETH_SLAVE={ETH_SLAVE} keepalived_path_logs={keepalived_path_logs} HAPROXY={haproxy} " - f"NGINX={nginx} HOST={slave} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" - ] - - output, error = funct.subprocess_execute(commands[0]) - - funct.show_installation_output(error, output, 'slave Keepalived') - - os.remove(script) - sql.update_server_master(master, slave) - sql.update_keepalived(slave) + service_mod.keepalived_slave_install() if form.getvalue('masteradd'): - master = form.getvalue('masteradd') - slave = form.getvalue('slaveadd') - ETH = form.getvalue('interfaceadd') - SLAVE_ETH = form.getvalue('slave_interfaceadd') - IP = form.getvalue('vrrpipadd') - router_id = form.getvalue('router_id') - kp = form.getvalue('kp') - return_to_master = form.getvalue('return_to_master') - script = "install_keepalived.sh" - proxy = sql.get_setting('proxy') - keepalived_path_logs = sql.get_setting('keepalived_path_logs') - proxy_serv = '' - ssh_settings = funct.return_ssh_keys_path(master) - - if proxy is not None and proxy != '' and proxy != 'None': - proxy_serv = proxy - - os.system(f"cp scripts/{script} .") - - commands = [ - f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} ETH={ETH} SLAVE_ETH={SLAVE_ETH} " - f"keepalived_path_logs={keepalived_path_logs} RETURN_TO_MASTER={return_to_master} IP={IP} MASTER=MASTER " - f"RESTART={kp} ADD_VRRP=1 HOST={master} router_id={router_id} USER={ssh_settings['user']} " - f"PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" - ] - - output, error = funct.subprocess_execute(commands[0]) - - funct.show_installation_output(error, output, 'master VRRP address') - os.remove(script) + service_mod.keepalived_masteradd() if form.getvalue('masteradd_slave'): - master = form.getvalue('masteradd_slave') - slave = form.getvalue('slaveadd') - ETH = form.getvalue('interfaceadd') - SLAVE_ETH = form.getvalue('slave_interfaceadd') - IP = form.getvalue('vrrpipadd') - router_id = form.getvalue('router_id') - kp = form.getvalue('kp') - script = "install_keepalived.sh" - proxy = sql.get_setting('proxy') - keepalived_path_logs = sql.get_setting('keepalived_path_logs') - proxy_serv = '' - ssh_settings = funct.return_ssh_keys_path(slave) - - if proxy is not None and proxy != '' and proxy != 'None': - proxy_serv = proxy - - os.system(f"cp scripts/{script} .") - - commands = [ - f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} ETH={ETH} SLAVE_ETH={SLAVE_ETH} " - f"keepalived_path_logs={keepalived_path_logs} IP={IP} MASTER=BACKUP RESTART={kp} ADD_VRRP=1 HOST={slave} " - f"router_id={router_id} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" - ] - - output, error = funct.subprocess_execute(commands[0]) - - funct.show_installation_output(error, output, 'slave VRRP address') - - os.remove(script) + service_mod.keepalived_slaveadd() if form.getvalue('master_slave_hap'): master = form.getvalue('master_slave_hap') @@ -1519,9 +1302,9 @@ if form.getvalue('master_slave_hap'): docker = form.getvalue('docker') if server == 'master': - funct.install_haproxy(master, server=server, docker=docker) + service_mod.install_haproxy(master, server=server, docker=docker) elif server == 'slave': - funct.install_haproxy(slave, server=server, docker=docker) + service_mod.install_haproxy(slave, server=server, docker=docker) if form.getvalue('master_slave_nginx'): master = form.getvalue('master_slave_nginx') @@ -1530,136 +1313,27 @@ if form.getvalue('master_slave_nginx'): docker = form.getvalue('docker') if server == 'master': - funct.install_nginx(master, server=server, docker=docker) + service_mod.install_nginx(master, server=server, docker=docker) elif server == 'slave': - funct.install_nginx(slave, server=server, docker=docker) + service_mod.install_nginx(slave, server=server, docker=docker) if form.getvalue('install_grafana'): - script = "install_grafana.sh" - proxy = sql.get_setting('proxy') - proxy_serv = '' - host = os.environ.get('HTTP_HOST', '') - - os.system(f"cp scripts/{script} .") - - if proxy is not None and proxy != '' and proxy != 'None': - proxy_serv = proxy - - commands = [f"chmod +x {script} && ./{script} PROXY={proxy_serv}"] - - output, error = funct.subprocess_execute(commands[0]) - - if error: - funct.logging('Roxy-WI server', error, roxywi=1) - - print( - f'success: Grafana and Prometheus servers were installed. You can find Grafana on http://{host}:3000
') - else: - for line in output: - if any(s in line for s in ("Traceback", "FAILED")): - try: - print(line) - break - except Exception: - print(output) - break - else: - print( - f'success: Grafana and Prometheus servers were installed. You can find Grafana on http://{host}:3000
') - - os.remove(script) + service_mod.grafana_install() if form.getvalue('haproxy_exp_install'): - serv = form.getvalue('haproxy_exp_install') - ver = form.getvalue('exporter_v') - ext_prom = form.getvalue('ext_prom') - script = "install_haproxy_exporter.sh" - stats_port = sql.get_setting('stats_port') - server_state_file = sql.get_setting('server_state_file') - stats_user = sql.get_setting('stats_user') - stats_password = sql.get_setting('stats_password') - stat_page = sql.get_setting('stats_page') - proxy = sql.get_setting('proxy') - ssh_settings = funct.return_ssh_keys_path(serv) + import modules.service.exporter.installation as exp_installation - os.system(f"cp scripts/{script} .") - - if proxy is not None and proxy != '' and proxy != 'None': - proxy_serv = proxy - else: - proxy_serv = '' - - commands = [ - f"chmod +x {script} && ./{script} PROXY={proxy_serv} STAT_PORT={stats_port} STAT_FILE={server_state_file}" - f" SSH_PORT={ssh_settings['port']} STAT_PAGE={stat_page} VER={ver} EXP_PROM={ext_prom} STATS_USER={stats_user}" - f" STATS_PASS='{stats_password}' HOST={serv} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" - ] - - output, error = funct.subprocess_execute(commands[0]) - - funct.show_installation_output(error, output, 'HAProxy exporter') - - os.remove(script) + exp_installtion.haproxy_exp_installation() if form.getvalue('nginx_exp_install') or form.getvalue('apache_exp_install'): - if form.getvalue('nginx_exp_install'): - service = 'nginx' - elif form.getvalue('apache_exp_install'): - service = 'apache' + import modules.service.exporter.installation as exp_installation - serv = funct.is_ip_or_dns(form.getvalue('serv')) - ver = funct.checkAjaxInput(form.getvalue('exporter_v')) - ext_prom = funct.checkAjaxInput(form.getvalue('ext_prom')) - script = f"install_{service}_exporter.sh" - stats_user = sql.get_setting(f'{service}_stats_user') - stats_password = sql.get_setting(f'{service}_stats_password') - stats_port = sql.get_setting(f'{service}_stats_port') - stats_page = sql.get_setting(f'{service}_stats_page') - proxy = sql.get_setting('proxy') - proxy_serv = '' - ssh_settings = funct.return_ssh_keys_path(serv) - - os.system(f"cp scripts/{script} .") - - if proxy is not None and proxy != '' and proxy != 'None': - proxy_serv = proxy - - commands = [ - f"chmod +x {script} && ./{script} PROXY={proxy_serv} STAT_PORT={stats_port} SSH_PORT={ssh_settings['port']} STAT_PAGE={stats_page}" - f" STATS_USER={stats_user} STATS_PASS='{stats_password}' HOST={serv} VER={ver} EXP_PROM={ext_prom} USER={ssh_settings['user']} " - f" PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" - ] - - output, error = funct.subprocess_execute(commands[0]) - - funct.show_installation_output(error, output, f'{service.title()} exporter') - - os.remove(script) + exp_installation.nginx_apache_exp_installation() if form.getvalue('node_exp_install'): - serv = funct.is_ip_or_dns(form.getvalue('node_exp_install')) - ver = funct.checkAjaxInput(form.getvalue('exporter_v')) - ext_prom = funct.checkAjaxInput(form.getvalue('ext_prom')) - script = "install_node_exporter.sh" - proxy = sql.get_setting('proxy') - proxy_serv = '' - ssh_settings = funct.return_ssh_keys_path(serv) + import modules.service.exporter.installation as exp_installation - os.system(f"cp scripts/{script} .") - - if proxy is not None and proxy != '' and proxy != 'None': - proxy_serv = proxy - - commands = [ - f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} VER={ver} EXP_PROM={ext_prom} " - f"HOST={serv} USER={ssh_settings['user']} PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" - ] - - output, error = funct.subprocess_execute(commands[0]) - - funct.show_installation_output(error, output, 'Node exporter') - - os.remove(script) + exp_installation.node_exp_installation() if form.getvalue('backup') or form.getvalue('deljob') or form.getvalue('backupupdate'): serv = form.getvalue('server') @@ -1672,7 +1346,7 @@ if form.getvalue('backup') or form.getvalue('deljob') or form.getvalue('backupup update = form.getvalue('backupupdate') description = form.getvalue('description') script = 'backup.sh' - ssh_settings = funct.return_ssh_keys_path('localhost', id=int(cred)) + ssh_settings = server_mod.return_ssh_keys_path('localhost', id=int(cred)) if deljob: time = '' @@ -1693,7 +1367,7 @@ if form.getvalue('backup') or form.getvalue('deljob') or form.getvalue('backupup f"TIME={time} RPATH={rpath} DELJOB={deljob} USER={ssh_settings['user']} KEY={ssh_settings['key']}" ] - output, error = funct.subprocess_execute(commands[0]) + output, error = server_mod.subprocess_execute(commands[0]) for line in output: if any(s in line for s in ("Traceback", "FAILED")): @@ -1713,18 +1387,18 @@ if form.getvalue('backup') or form.getvalue('deljob') or form.getvalue('backupup ) print(template) print('success: Backup job has been created') - funct.logging('backup ', ' a new backup job for server ' + serv + ' has been created', roxywi=1, + roxywi_common.logging('backup ', ' a new backup job for server ' + serv + ' has been created', roxywi=1, login=1) else: print('error: Cannot add the job into DB') elif deljob: sql.delete_backups(deljob) print('Ok') - funct.logging('backup ', ' a backup job for server ' + serv + ' has been deleted', roxywi=1, login=1) + roxywi_common.logging('backup ', ' a backup job for server ' + serv + ' has been deleted', roxywi=1, login=1) elif update: sql.update_backup(serv, rserver, rpath, backup_type, time, cred, description, update) print('Ok') - funct.logging('backup ', ' a backup job for server ' + serv + ' has been updated', roxywi=1, login=1) + roxywi_common.logging('backup ', ' a backup job for server ' + serv + ' has been updated', roxywi=1, login=1) os.remove(script) @@ -1738,7 +1412,7 @@ if form.getvalue('git_backup'): cred = form.getvalue('cred') deljob = form.getvalue('git_deljob') description = form.getvalue('description') - servers = sql.get_dick_permit() + servers = roxywi_common.get_dick_permit() proxy = sql.get_setting('proxy') services = sql.select_services() server_ip = sql.select_server_ip_by_id(server_id) @@ -1746,7 +1420,7 @@ if form.getvalue('git_backup'): service_config_dir = sql.get_setting(service_name + '_dir') script = 'git_backup.sh' proxy_serv = '' - ssh_settings = funct.return_ssh_keys_path('localhost', id=int(cred)) + ssh_settings = server_mod.return_ssh_keys_path('localhost', id=int(cred)) os.system(f"cp scripts/{script} .") @@ -1764,7 +1438,7 @@ if form.getvalue('git_backup'): f"PROXY={proxy_serv} USER={ssh_settings['user']} KEY={ssh_settings['key']}" ] - output, error = funct.subprocess_execute(commands[0]) + output, error = server_mod.subprocess_execute(commands[0]) for line in output: if any(s in line for s in ("Traceback", "FAILED")): @@ -1788,7 +1462,7 @@ if form.getvalue('git_backup'): template = template.render(gits=gits, sshs=sshs, servers=servers, services=services, new_add=1) print(template) print('success: Git job has been created') - funct.logging( + roxywi_common.logging( server_ip, ' A new git job has been created', roxywi=1, login=1, keep_history=1, service=service_name ) @@ -1798,20 +1472,25 @@ if form.getvalue('git_backup'): os.remove(script) if form.getvalue('install_nginx'): - funct.install_nginx(form.getvalue('install_nginx'), docker=form.getvalue('docker')) + service_mod.install_nginx(form.getvalue('install_nginx'), docker=form.getvalue('docker')) if form.getvalue('haproxyaddserv'): - funct.install_haproxy(form.getvalue('haproxyaddserv'), syn_flood=form.getvalue('syn_flood'), + service_mod.install_haproxy(form.getvalue('haproxyaddserv'), syn_flood=form.getvalue('syn_flood'), hapver=form.getvalue('hapver'), docker=form.getvalue('docker')) if form.getvalue('installwaf'): service = form.getvalue('service') if service == 'haproxy': - funct.waf_install(form.getvalue('installwaf')) + service_mod.waf_install(form.getvalue('installwaf')) else: - funct.waf_nginx_install(form.getvalue('installwaf')) + service_mod.waf_nginx_install(form.getvalue('installwaf')) + +if form.getvalue('geoip_install'): + service_mod.geoip_installation() if form.getvalue('update_roxy_wi'): + import modules.roxywi.roxy as roxy + service = form.getvalue('service') services = ['roxy-wi-checker', 'roxy-wi', @@ -1824,17 +1503,19 @@ if form.getvalue('update_roxy_wi'): if service not in services: print(f'error: {service} is not part of Roxy-WI') sys.exit() - funct.update_roxy_wi(service) + roxy.update_roxy_wi(service) if form.getvalue('metrics_waf'): sql.update_waf_metrics_enable(form.getvalue('metrics_waf'), form.getvalue('enable')) if form.getvalue('table_metrics'): service = form.getvalue('service') + roxywi_common.check_user_group() + group_id = roxywi_common.get_user_group(id=1) if service in ('nginx', 'apache'): - metrics = sql.select_service_table_metrics(service) + metrics = sql.select_service_table_metrics(service, group_id) else: - metrics = sql.select_table_metrics() + metrics = sql.select_table_metrics(group_id) env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True) template = env.get_template('table_metrics.html') @@ -1859,7 +1540,7 @@ if form.getvalue('metrics_hapwi_ram'): rams += str(round(rams_list.available / 1048576, 2)) + ' ' else: commands = ["free -m |grep Mem |awk '{print $2,$3,$4,$5,$6,$7}'"] - metric, error = funct.subprocess_execute(commands[0]) + metric, error = server_mod.subprocess_execute(commands[0]) for i in metric: rams = i @@ -1888,7 +1569,7 @@ if form.getvalue('metrics_hapwi_cpu'): else: commands = [ "top -b -n 1 |grep Cpu |awk -F':' '{print $2}'|awk -F' ' 'BEGIN{ORS=\" \";} { for (i=1;i<=NF;i+=2) print $i}'"] - metric, error = funct.subprocess_execute(commands[0]) + metric, error = server_mod.subprocess_execute(commands[0]) for i in metric: cpus = i @@ -1993,7 +1674,9 @@ if any((form.getvalue('new_nginx_metrics'), form.getvalue('new_apache_metrics'), print(json.dumps(metrics)) if form.getvalue('get_hap_v'): - output = funct.check_haproxy_version(serv) + import modules.service.common as service_common + + output = service_common.check_haproxy_version(serv) print(output) if form.getvalue('get_nginx_v'): @@ -2005,20 +1688,20 @@ if form.getvalue('get_nginx_v'): cmd = [f"docker exec -it {container_name} /usr/sbin/nginx -v 2>&1|awk '{{print $3}}'"] else: cmd = ['sudo /usr/sbin/nginx -v'] - print(funct.ssh_command(serv, cmd)) + print(server_mod.ssh_command(serv, cmd)) if form.getvalue('get_keepalived_v'): cmd = ["sudo /usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}'"] - print(funct.ssh_command(serv, cmd)) + print(server_mod.ssh_command(serv, cmd)) if form.getvalue('get_exporter_v'): - print(funct.get_service_version(serv, form.getvalue('get_exporter_v'))) + print(service_common.get_exp_version(serv, form.getvalue('get_exporter_v'))) if form.getvalue('bwlists'): lib_path = get_config.get_config_var('main', 'lib_path') - color = funct.checkAjaxInput(form.getvalue('color')) - group = funct.checkAjaxInput(form.getvalue('group')) - bwlists = funct.checkAjaxInput(form.getvalue('bwlists')) + color = common.checkAjaxInput(form.getvalue('color')) + group = common.checkAjaxInput(form.getvalue('group')) + bwlists = common.checkAjaxInput(form.getvalue('bwlists')) list_path = f"{lib_path}/{sql.get_setting('lists_path')}/{group}/{color}/{bwlists}" try: @@ -2030,7 +1713,7 @@ if form.getvalue('bwlists'): print(f"error: Cannot read {color} list") if form.getvalue('bwlists_create'): - color = funct.checkAjaxInput(form.getvalue('color')) + color = common.checkAjaxInput(form.getvalue('color')) lib_path = get_config.get_config_var('main', 'lib_path') list_name = f"{form.getvalue('bwlists_create').split('.')[0]}.lst" list_path = f"{lib_path}/{sql.get_setting('lists_path')}/{form.getvalue('group')}/{color}/{list_name}" @@ -2038,16 +1721,16 @@ if form.getvalue('bwlists_create'): open(list_path, 'a').close() print('success: ') try: - funct.logging(serv, f'A new list {color} {list_name} has been created', roxywi=1, login=1) + roxywi_common.logging(serv, f'A new list {color} {list_name} has been created', roxywi=1, login=1) except Exception: pass except IOError as e: print(f'error: Cannot create a new {color} list. {e}, ') if form.getvalue('bwlists_save'): - color = funct.checkAjaxInput(form.getvalue('color')) - group = funct.checkAjaxInput(form.getvalue('group')) - bwlists_save = funct.checkAjaxInput(form.getvalue('bwlists_save')) + color = common.checkAjaxInput(form.getvalue('color')) + group = common.checkAjaxInput(form.getvalue('group')) + bwlists_save = common.checkAjaxInput(form.getvalue('bwlists_save')) lib_path = get_config.get_config_var('main', 'lib_path') list_path = f"{lib_path}/{sql.get_setting('lists_path')}/{group}/{color}/{bwlists_save}" try: @@ -2067,21 +1750,21 @@ if form.getvalue('bwlists_save'): if master[0] is not None: servers.append(master[0]) else: - server = sql.get_dick_permit() + server = roxywi_common.get_dick_permit() for s in server: servers.append(s[2]) for serv in servers: - funct.ssh_command(serv, [f"sudo mkdir {path}"]) - funct.ssh_command(serv, [f"sudo chown $(whoami) {path}"]) - error = funct.upload(serv, path + "/" + bwlists_save, list_path, dir='fullpath') + server_mod.ssh_command(serv, [f"sudo mkdir {path}"]) + server_mod.ssh_command(serv, [f"sudo chown $(whoami) {path}"]) + error = config_mod.upload(serv, path + "/" + bwlists_save, list_path, dir='fullpath') if error: print('error: Upload fail: %s , ' % error) else: print('success: Edited ' + color + ' list was uploaded to ' + serv + ' , ') try: - funct.logging(serv, f'Has been edited the {color} list {bwlists_save}', roxywi=1, login=1) + roxywi_common.logging(serv, f'Has been edited the {color} list {bwlists_save}', roxywi=1, login=1) except Exception: pass @@ -2093,9 +1776,9 @@ if form.getvalue('bwlists_save'): haproxy_service_name = "haproxy" if form.getvalue('bwlists_restart') == 'restart': - funct.ssh_command(serv, [f"sudo systemctl restart {haproxy_service_name}"]) + server_mod.ssh_command(serv, [f"sudo systemctl restart {haproxy_service_name}"]) elif form.getvalue('bwlists_restart') == 'reload': - funct.ssh_command(serv, [f"sudo systemctl reload {haproxy_service_name}"]) + server_mod.ssh_command(serv, [f"sudo systemctl reload {haproxy_service_name}"]) if form.getvalue('bwlists_delete'): color = form.getvalue('color') @@ -2119,28 +1802,28 @@ if form.getvalue('bwlists_delete'): if master[0] is not None: servers.append(master[0]) else: - server = sql.get_dick_permit() + server = roxywi_common.get_dick_permit() for s in server: servers.append(s[2]) for serv in servers: - error = funct.ssh_command(serv, ["sudo rm " + path + "/" + bwlists_delete], return_err=1) + error = server_mod.ssh_command(serv, ["sudo rm " + path + "/" + bwlists_delete], return_err=1) if error: print('error: Deleting fail: %s , ' % error) else: print('success: the ' + color + ' list has been deleted on ' + serv + ' , ') try: - funct.logging(serv, 'has been deleted the ' + color + ' list ' + bwlists_delete, roxywi=1, login=1) + roxywi_common.logging(serv, 'has been deleted the ' + color + ' list ' + bwlists_delete, roxywi=1, login=1) except Exception: pass if form.getvalue('get_lists'): lib_path = get_config.get_config_var('main', 'lib_path') - group = funct.checkAjaxInput(form.getvalue('group')) - color = funct.checkAjaxInput(form.getvalue('color')) + group = common.checkAjaxInput(form.getvalue('group')) + color = common.checkAjaxInput(form.getvalue('color')) list_path = f"{lib_path}/{sql.get_setting('lists_path')}/{group}/{color}" - lists = funct.get_files(list_path, "lst") + lists = roxywi_common.get_files(list_path, "lst") for line in lists: print(line) @@ -2182,9 +1865,9 @@ if form.getvalue('get_ldap_email'): ldap_bind.unbind() if form.getvalue('change_waf_mode'): - waf_mode = funct.checkAjaxInput(form.getvalue('change_waf_mode')) + waf_mode = common.checkAjaxInput(form.getvalue('change_waf_mode')) server_hostname = form.getvalue('server_hostname') - service = funct.checkAjaxInput(form.getvalue('service')) + service = common.checkAjaxInput(form.getvalue('service')) serv = sql.select_server_by_name(server_hostname) if service == 'haproxy': @@ -2193,8 +1876,8 @@ if form.getvalue('change_waf_mode'): config_dir = sql.get_setting('nginx_dir') commands = [f"sudo sed -i 's/^SecRuleEngine.*/SecRuleEngine {waf_mode}/' {config_dir}/waf/modsecurity.conf"] - funct.ssh_command(serv, commands) - funct.logging(serv, f'Has been changed WAF mod to {waf_mode}', roxywi=1, login=1) + server_mod.ssh_command(serv, commands) + roxywi_common.logging(serv, f'Has been changed WAF mod to {waf_mode}', roxywi=1, login=1) error_mess = 'error: All fields must be completed' @@ -2208,8 +1891,8 @@ if form.getvalue('newuser') is not None: group = form.getvalue('newgroupuser') role_id = sql.get_role_id_by_name(role) - if funct.check_user_group(): - if funct.is_admin(level=role_id): + if roxywi_common.check_user_group(): + if roxywi_auth.is_admin(level=role_id): try: sql.add_user(new_user, email, password, role, activeuser, group) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) @@ -2221,13 +1904,13 @@ if form.getvalue('newuser') is not None: roles=sql.select_roles(), adding=1) print(template) - funct.logging(f'a new user {new_user}', ' has been created ', roxywi=1, login=1) + roxywi_common.logging(f'a new user {new_user}', ' has been created ', roxywi=1, login=1) except Exception as e: print(e) - funct.logging('Cannot create a new user', e, roxywi=1, login=1) + roxywi_common.logging('Cannot create a new user', e, roxywi=1, login=1) else: print('error: dalsdm') - funct.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1) + roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1) if form.getvalue('userdel') is not None: userdel = form.getvalue('userdel') @@ -2237,7 +1920,7 @@ if form.getvalue('userdel') is not None: username = u.username if sql.delete_user(userdel): sql.delete_user_groups(userdel) - funct.logging(username, ' has been deleted user ', roxywi=1, login=1) + roxywi_common.logging(username, ' has been deleted user ', roxywi=1, login=1) print("Ok") if form.getvalue('updateuser') is not None: @@ -2249,12 +1932,12 @@ if form.getvalue('updateuser') is not None: group = form.getvalue('usergroup') role_id = sql.get_role_id_by_name(role) - if funct.check_user_group(): - if funct.is_admin(level=role_id): + if roxywi_common.check_user_group(): + if roxywi_auth.is_admin(level=role_id): sql.update_user(new_user, email, role, user_id, activeuser) - funct.logging(new_user, ' has been updated user ', roxywi=1, login=1) + roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1) else: - funct.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1) + roxywi_common.logging(new_user, ' tried to privilege escalation', roxywi=1, login=1) if form.getvalue('updatepassowrd') is not None: password = form.getvalue('updatepassowrd') @@ -2268,13 +1951,15 @@ if form.getvalue('updatepassowrd') is not None: for u in user: username = u.username sql.update_user_password(password, user_id) - funct.logging('user ' + username, ' has changed password ', roxywi=1, login=1) + roxywi_common.logging('user ' + username, ' has changed password ', roxywi=1, login=1) print("Ok") if form.getvalue('newserver') is not None: + import modules.server.server as server_mod + hostname = form.getvalue('servername') ip = form.getvalue('newip') - ip = funct.is_ip_or_dns(ip) + ip = common.is_ip_or_dns(ip) group = form.getvalue('newservergroup') scan_server = form.getvalue('scan_server') typeip = form.getvalue('typeip') @@ -2304,42 +1989,42 @@ if form.getvalue('newserver') is not None: apache_config_path = sql.get_setting('apache_config_path') keepalived_config_path = sql.get_setting('keepalived_config_path') - if funct.is_file_exists(ip, nginx_config_path): + if server_mod.is_file_exists(ip, nginx_config_path): sql.update_nginx(ip) - if funct.is_file_exists(ip, haproxy_config_path): + if server_mod.is_file_exists(ip, haproxy_config_path): sql.update_haproxy(ip) - if funct.is_file_exists(ip, keepalived_config_path): + if server_mod.is_file_exists(ip, keepalived_config_path): sql.update_keepalived(ip) - if funct.is_file_exists(ip, apache_config_path): + if server_mod.is_file_exists(ip, apache_config_path): sql.update_apache(ip) - if funct.is_file_exists(ip, haproxy_dir + '/waf/bin/modsecurity'): + if server_mod.is_file_exists(ip, haproxy_dir + '/waf/bin/modsecurity'): sql.insert_waf_metrics_enable(ip, "0") sql.insert_waf_rules(ip) - if funct.is_service_active(ip, 'firewalld'): + if server_mod.is_service_active(ip, 'firewalld'): sql.update_firewall(ip) except Exception as e: - funct.logging('Cannot scan a new server ' + hostname, str(e), roxywi=1) + roxywi_common.logging('Cannot scan a new server ' + hostname, str(e), roxywi=1) try: sql.insert_new_checker_setting_for_server(ip) except Exception as e: - funct.logging('Cannot insert Checker settings for ' + hostname, str(e), roxywi=1) + roxywi_common.logging('Cannot insert Checker settings for ' + hostname, str(e), roxywi=1) try: - funct.get_system_info(ip) + server_mod.get_system_info(ip) except Exception as e: - funct.logging('Cannot get information from ' + hostname, str(e), roxywi=1, login=1) + roxywi_common.logging('Cannot get information from ' + hostname, str(e), roxywi=1, login=1) try: - user_status, user_plan = funct.return_user_status() + user_subscription = roxywi_common.return_user_status() except Exception as e: - user_status, user_plan = 0, 0 - funct.logging('Roxy-WI server', 'Cannot get a user plan: ' + str(e), roxywi=1) + user_subscription = roxywi_common.return_unsubscribed_user_status() + roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('ajax/new_server.html') @@ -2349,11 +2034,11 @@ if form.getvalue('newserver') is not None: masters=sql.select_servers(get_master_servers=1), sshs=sql.select_ssh(group=group), page=page, - user_status=user_status, - user_plan=user_plan, + user_status=user_subscription['user_status'], + user_plan=user_subscription['user_plan'], adding=1) print(template) - funct.logging(ip, f'A new server {hostname} has been created', roxywi=1, login=1, + roxywi_common.logging(ip, f'A new server {hostname} has been created', roxywi=1, login=1, keep_history=1, service='server') except Exception as e: print(e) @@ -2367,7 +2052,7 @@ if form.getvalue('updatehapwiserver') is not None: service = form.getvalue('service_name') sql.update_hapwi_server(hapwi_id, alert, metrics, active, service) server_ip = sql.select_server_ip_by_id(hapwi_id) - funct.logging(server_ip, 'The server ' + name + ' has been updated ', roxywi=1, login=1, keep_history=1, + roxywi_common.logging(server_ip, 'The server ' + name + ' has been updated ', roxywi=1, login=1, keep_history=1, service=service) if form.getvalue('updateserver') is not None: @@ -2391,9 +2076,9 @@ if form.getvalue('updateserver') is not None: else: sql.update_server(name, group, typeip, enable, master, serv_id, cred, port, desc, haproxy, nginx, apache, firewall, protected) - funct.logging('the server ' + name, ' has been updated ', roxywi=1, login=1) + roxywi_common.logging('the server ' + name, ' has been updated ', roxywi=1, login=1) server_ip = sql.select_server_ip_by_id(serv_id) - funct.logging(server_ip, 'The server ' + name + ' has been update', roxywi=1, login=1, + roxywi_common.logging(server_ip, 'The server ' + name + ' has been update', roxywi=1, login=1, keep_history=1, service='server') if form.getvalue('serverdel') is not None: @@ -2414,7 +2099,7 @@ if form.getvalue('serverdel') is not None: sql.delete_system_info(server_id) sql.delete_service_settings(server_id) print("Ok") - funct.logging(server_ip, 'The server ' + hostname + ' has been deleted', roxywi=1, login=1) + roxywi_common.logging(server_ip, 'The server ' + hostname + ' has been deleted', roxywi=1, login=1) if form.getvalue('newgroup') is not None: newgroup = form.getvalue('groupname') @@ -2428,7 +2113,7 @@ if form.getvalue('newgroup') is not None: output_from_parsed_template = template.render(groups=sql.select_groups(group=newgroup)) print(output_from_parsed_template) - funct.logging('Roxy-WI server', 'A new group ' + newgroup + ' has been created', roxywi=1, login=1) + roxywi_common.logging('Roxy-WI server', 'A new group ' + newgroup + ' has been created', roxywi=1, login=1) if form.getvalue('groupdel') is not None: groupdel = form.getvalue('groupdel') @@ -2437,7 +2122,7 @@ if form.getvalue('groupdel') is not None: groupname = g.name if sql.delete_group(groupdel): print("Ok") - funct.logging('Roxy-WI server', 'The ' + groupname + ' has been deleted', roxywi=1, login=1) + roxywi_common.logging('Roxy-WI server', 'The ' + groupname + ' has been deleted', roxywi=1, login=1) if form.getvalue('updategroup') is not None: name = form.getvalue('updategroup') @@ -2448,12 +2133,12 @@ if form.getvalue('updategroup') is not None: else: try: sql.update_group(name, descript, group_id) - funct.logging('Roxy-WI server', 'The ' + name + ' has been updated', roxywi=1, login=1) + roxywi_common.logging('Roxy-WI server', 'The ' + name + ' has been updated', roxywi=1, login=1) except Exception as e: print('error: ' + str(e)) if form.getvalue('new_ssh'): - user_group = funct.get_user_group() + user_group = roxywi_common.get_user_group() name = form.getvalue('new_ssh') name = name + '_' + user_group enable = form.getvalue('ssh_enable') @@ -2472,11 +2157,11 @@ if form.getvalue('new_ssh'): output_from_parsed_template = template.render(groups=sql.select_groups(), sshs=sql.select_ssh(name=name), page=page) print(output_from_parsed_template) - funct.logging('Roxy-WI server', 'A new SSH credentials ' + name + ' has created', roxywi=1, login=1) + roxywi_common.logging('Roxy-WI server', 'A new SSH credentials ' + name + ' has created', roxywi=1, login=1) if form.getvalue('sshdel') is not None: lib_path = get_config.get_config_var('main', 'lib_path') - sshdel = funct.checkAjaxInput(form.getvalue('sshdel')) + sshdel = common.checkAjaxInput(form.getvalue('sshdel')) name = '' ssh_enable = 0 ssh_key_name = '' @@ -2489,12 +2174,12 @@ if form.getvalue('sshdel') is not None: if ssh_enable == 1: cmd = f'rm -f {ssh_key_name}' try: - funct.subprocess_execute(cmd) + server_mod.subprocess_execute(cmd) except Exception: pass if sql.delete_ssh(sshdel): print("Ok") - funct.logging('Roxy-WI server', f'The SSH credentials {name} has deleted', roxywi=1, login=1) + roxywi_common.logging('Roxy-WI server', f'The SSH credentials {name} has deleted', roxywi=1, login=1) if form.getvalue('updatessh'): ssh_id = form.getvalue('id') @@ -2519,18 +2204,18 @@ if form.getvalue('updatessh'): cmd = f'mv {ssh_key_name} {new_ssh_key_name}' cmd1 = f'chmod 600 {new_ssh_key_name}' try: - funct.subprocess_execute(cmd) - funct.subprocess_execute(cmd1) + server_mod.subprocess_execute(cmd) + server_mod.subprocess_execute(cmd1) except Exception: pass sql.update_ssh(ssh_id, name, enable, group, username, password) - funct.logging('Roxy-WI server', f'The SSH credentials {name} has been updated ', roxywi=1, login=1) + roxywi_common.logging('Roxy-WI server', f'The SSH credentials {name} has been updated ', roxywi=1, login=1) if form.getvalue('ssh_cert'): import paramiko - user_group = funct.get_user_group() - name = funct.checkAjaxInput(form.getvalue('name')) + user_group = roxywi_common.get_user_group() + name = common.checkAjaxInput(form.getvalue('name')) try: key = paramiko.pkey.load_private_key(form.getvalue('ssh_cert')) @@ -2566,11 +2251,11 @@ if form.getvalue('ssh_cert'): try: cmd = f'chmod 600 {ssh_keys}' - funct.subprocess_execute(cmd) + server_mod.subprocess_execute(cmd) except IOError as e: - funct.logging('Roxy-WI server', e.args[0], roxywi=1) + roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1) - funct.logging("Roxy-WI server", f"A new SSH cert has been uploaded {ssh_keys}", roxywi=1, login=1) + roxywi_common.logging("Roxy-WI server", f"A new SSH cert has been uploaded {ssh_keys}", roxywi=1, login=1) if form.getvalue('newtelegram'): token = form.getvalue('newtelegram') @@ -2588,7 +2273,7 @@ if form.getvalue('newtelegram'): output_from_parsed_template = template.render(groups=sql.select_groups(), telegrams=sql.select_telegram(token=token), page=page) print(output_from_parsed_template) - funct.logging('Roxy-WI server', f'A new Telegram channel {channel} has been created ', roxywi=1, login=1) + roxywi_common.logging('Roxy-WI server', f'A new Telegram channel {channel} has been created ', roxywi=1, login=1) if form.getvalue('newslack'): token = form.getvalue('newslack') @@ -2606,7 +2291,7 @@ if form.getvalue('newslack'): output_from_parsed_template = template.render(groups=sql.select_groups(), slacks=sql.select_slack(token=token), page=page) print(output_from_parsed_template) - funct.logging('Roxy-WI server', 'A new Slack channel ' + channel + ' has been created ', roxywi=1, login=1) + roxywi_common.logging('Roxy-WI server', 'A new Slack channel ' + channel + ' has been created ', roxywi=1, login=1) if form.getvalue('telegramdel') is not None: telegramdel = form.getvalue('telegramdel') @@ -2616,7 +2301,7 @@ if form.getvalue('telegramdel') is not None: telegram_name = t.token if sql.delete_telegram(telegramdel): print("Ok") - funct.logging('Roxy-WI server', 'The Telegram channel ' + telegram_name + ' has been deleted ', roxywi=1, login=1) + roxywi_common.logging('Roxy-WI server', 'The Telegram channel ' + telegram_name + ' has been deleted ', roxywi=1, login=1) if form.getvalue('slackdel') is not None: slackdel = form.getvalue('slackdel') @@ -2626,7 +2311,7 @@ if form.getvalue('slackdel') is not None: slack_name = t.chanel_name if sql.delete_slack(slackdel): print("Ok") - funct.logging('Roxy-WI server', 'The Slack channel ' + slack_name + ' has been deleted ', roxywi=1, login=1) + roxywi_common.logging('Roxy-WI server', 'The Slack channel ' + slack_name + ' has been deleted ', roxywi=1, login=1) if form.getvalue('updatetoken') is not None: token = form.getvalue('updatetoken') @@ -2637,7 +2322,7 @@ if form.getvalue('updatetoken') is not None: print(error_mess) else: sql.update_telegram(token, channel, group, user_id) - funct.logging('group ' + group, 'The Telegram token has been updated for channel: ' + channel, roxywi=1, + roxywi_common.logging('group ' + group, 'The Telegram token has been updated for channel: ' + channel, roxywi=1, login=1) if form.getvalue('update_slack_token') is not None: @@ -2649,14 +2334,15 @@ if form.getvalue('update_slack_token') is not None: print(error_mess) else: sql.update_slack(token, channel, group, user_id) - funct.logging('group ' + group, 'The Slack token has been updated for channel: ' + channel, roxywi=1, + roxywi_common.logging('group ' + group, 'The Slack token has been updated for channel: ' + channel, roxywi=1, login=1) if form.getvalue('updatesettings') is not None: settings = form.getvalue('updatesettings') val = form.getvalue('val') - if sql.update_setting(settings, val): - funct.logging('Roxy-WI server', 'The ' + settings + ' setting has been changed to: ' + str(val), roxywi=1, + user_group = roxywi_common.get_user_group(id=1) + if sql.update_setting(settings, val, user_group): + roxywi_common.logging('Roxy-WI server', f'The {settings} setting has been changed to: {val}', roxywi=1, login=1) print("Ok") @@ -2698,7 +2384,7 @@ if form.getvalue('changeUserGroupId') is not None: except Exception as e: print(e) - funct.logging('Roxy-WI server', 'Groups has been updated for user: ' + user, roxywi=1, login=1) + roxywi_common.logging('Roxy-WI server', 'Groups has been updated for user: ' + user, roxywi=1, login=1) if form.getvalue('changeUserServicesId') is not None: user_id = form.getvalue('changeUserServicesId') @@ -2707,7 +2393,7 @@ if form.getvalue('changeUserServicesId') is not None: try: if sql.update_user_services(services=services, user_id=user_id): - funct.logging('Roxy-WI server', 'Access to the services has been updated for user: ' + user, roxywi=1, login=1) + roxywi_common.logging('Roxy-WI server', 'Access to the services has been updated for user: ' + user, roxywi=1, login=1) except Exception as e: print(e) @@ -2735,7 +2421,7 @@ if form.getvalue('getcurrentusergroup') is not None: print(template) if form.getvalue('newsmon') is not None: - user_group = funct.get_user_group(id=1) + user_group = roxywi_common.get_user_group(id=1) server = form.getvalue('newsmon') port = form.getvalue('newsmonport') enable = form.getvalue('newsmonenable') @@ -2771,22 +2457,22 @@ if form.getvalue('newsmon') is not None: telegrams=sql.get_user_telegram_by_group(user_group), slacks=sql.get_user_slack_by_group(user_group)) print(template) - funct.logging('SMON', ' Has been add a new server ' + server + ' to SMON ', roxywi=1, login=1) + roxywi_common.logging('SMON', ' Has been add a new server ' + server + ' to SMON ', roxywi=1, login=1) if form.getvalue('smondel') is not None: - user_group = funct.get_user_group(id=1) + user_group = roxywi_common.get_user_group(id=1) smon_id = form.getvalue('smondel') - if funct.check_user_group(): + if roxywi_common.check_user_group(): try: if sql.delete_smon(smon_id, user_group): print('Ok') - funct.logging('SMON', ' Has been delete server from SMON ', roxywi=1, login=1) + roxywi_common.logging('SMON', ' Has been delete server from SMON ', roxywi=1, login=1) except Exception as e: print(e) if form.getvalue('showsmon') is not None: - user_group = funct.get_user_group(id=1) + user_group = roxywi_common.get_user_group(id=1) sort = form.getvalue('sort') env = Environment(loader=FileSystemLoader('templates'), autoescape=True) template = env.get_template('ajax/smon_dashboard.html') @@ -2820,33 +2506,34 @@ if form.getvalue('updateSmonIp') is not None: print('SMON error: Cannot be HTTP with 443 port') sys.exit() + roxywi_common.check_user_group() try: if sql.update_smon(smon_id, ip, port, body, telegram, slack, group, desc, en): print("Ok") - funct.logging('SMON', ' Has been update the server ' + ip + ' to SMON ', roxywi=1, login=1) + roxywi_common.logging('SMON', ' Has been update the server ' + ip + ' to SMON ', roxywi=1, login=1) except Exception as e: print(e) if form.getvalue('showBytes') is not None: - serv = funct.checkAjaxInput(form.getvalue('showBytes')) + serv = common.checkAjaxInput(form.getvalue('showBytes')) port = sql.get_setting('haproxy_sock_port') bin_bout = [] cmd = "echo 'show stat' |nc {} {} |cut -d ',' -f 1-2,9|grep -E '[0-9]'|awk -F',' '{{sum+=$3;}}END{{print sum;}}'".format( serv, port) - bit_in, stderr = funct.subprocess_execute(cmd) + bit_in, stderr = server_mod.subprocess_execute(cmd) bin_bout.append(bit_in[0]) cmd = "echo 'show stat' |nc {} {} |cut -d ',' -f 1-2,10|grep -E '[0-9]'|awk -F',' '{{sum+=$3;}}END{{print sum;}}'".format( serv, port) - bout, stderr1 = funct.subprocess_execute(cmd) + bout, stderr1 = server_mod.subprocess_execute(cmd) bin_bout.append(bout[0]) cmd = "echo 'show stat' |nc {} {} |cut -d ',' -f 1-2,5|grep -E '[0-9]'|awk -F',' '{{sum+=$3;}}END{{print sum;}}'".format( serv, port) - cin, stderr2 = funct.subprocess_execute(cmd) + cin, stderr2 = server_mod.subprocess_execute(cmd) bin_bout.append(cin[0]) cmd = "echo 'show stat' |nc {} {} |cut -d ',' -f 1-2,8|grep -E '[0-9]'|awk -F',' '{{sum+=$3;}}END{{print sum;}}'".format( serv, port) - cout, stderr3 = funct.subprocess_execute(cmd) + cout, stderr3 = server_mod.subprocess_execute(cmd) bin_bout.append(cout[0]) env = Environment(loader=FileSystemLoader('templates'), autoescape=True) template = env.get_template('ajax/bin_bout.html') @@ -2854,7 +2541,7 @@ if form.getvalue('showBytes') is not None: print(template) if form.getvalue('nginxConnections'): - serv = funct.is_ip_or_dns(form.getvalue('nginxConnections')) + serv = common.is_ip_or_dns(form.getvalue('nginxConnections')) port = sql.get_setting('nginx_stats_port') user = sql.get_setting('nginx_stats_user') password = sql.get_setting('nginx_stats_password') @@ -2879,7 +2566,7 @@ if form.getvalue('nginxConnections'): print('error: cannot connect to NGINX stat page') if form.getvalue('apachekBytes'): - serv = funct.is_ip_or_dns(form.getvalue('apachekBytes')) + serv = common.is_ip_or_dns(form.getvalue('apachekBytes')) port = sql.get_setting('apache_stats_port') user = sql.get_setting('apache_stats_user') password = sql.get_setting('apache_stats_password') @@ -2902,8 +2589,8 @@ if form.getvalue('apachekBytes'): print('error: cannot connect to Apache stat page') if form.getvalue('waf_rule_id'): - enable = funct.checkAjaxInput(form.getvalue('waf_en')) - rule_id = funct.checkAjaxInput(form.getvalue('waf_rule_id')) + enable = common.checkAjaxInput(form.getvalue('waf_en')) + rule_id = common.checkAjaxInput(form.getvalue('waf_rule_id')) haproxy_path = sql.get_setting('haproxy_dir') rule_file = sql.select_waf_rule_by_id(rule_id) @@ -2919,12 +2606,12 @@ if form.getvalue('waf_rule_id'): en_for_log = 'enable' try: - funct.logging('WAF', ' Has been ' + en_for_log + ' WAF rule: ' + rule_file + ' for the server ' + serv, + roxywi_common.logging('WAF', ' Has been ' + en_for_log + ' WAF rule: ' + rule_file + ' for the server ' + serv, roxywi=1, login=1) except Exception: pass - print(funct.ssh_command(serv, cmd)) + print(server_mod.ssh_command(serv, cmd)) sql.update_enable_waf_rules(rule_id, serv, enable) if form.getvalue('new_waf_rule'): @@ -2936,19 +2623,19 @@ if form.getvalue('new_waf_rule'): waf_path = '' if service == 'haproxy': - waf_path = funct.return_nice_path(sql.get_setting('haproxy_dir')) + waf_path = common.return_nice_path(sql.get_setting('haproxy_dir')) elif service == 'nginx': - waf_path = funct.return_nice_path(sql.get_setting('nginx_dir')) + waf_path = common.return_nice_path(sql.get_setting('nginx_dir')) conf_file_path = waf_path + 'waf/modsecurity.conf' rule_file_path = waf_path + 'waf/rules/' + rule_file cmd = [f"sudo echo Include {rule_file_path} >> {conf_file_path} && sudo touch {rule_file_path}"] - print(funct.ssh_command(serv, cmd)) + print(server_mod.ssh_command(serv, cmd)) print(sql.insert_new_waf_rule(new_waf_rule, rule_file, new_rule_desc, service, serv)) try: - funct.logging('WAF', ' A new rule has been created ' + rule_file + ' on the server ' + serv, + roxywi_common.logging('WAF', ' A new rule has been created ' + rule_file + ' on the server ' + serv, roxywi=1, login=1) except Exception: pass @@ -2962,7 +2649,7 @@ if form.getvalue('lets_domain'): haproxy_dir = sql.get_setting('haproxy_dir') script = "letsencrypt.sh" proxy_serv = '' - ssh_settings = funct.return_ssh_keys_path(serv) + ssh_settings = server_mod.return_ssh_keys_path(serv) os.system(f"cp scripts/{script} .") @@ -2975,10 +2662,10 @@ if form.getvalue('lets_domain'): f"PASS='{ssh_settings['password']}' KEY={ssh_settings['key']}" ] - output, error = funct.subprocess_execute(commands[0]) + output, error = server_mod.subprocess_execute(commands[0]) if error: - funct.logging('Roxy-WI server', error, roxywi=1) + roxywi_common.logging('Roxy-WI server', error, roxywi=1) print(error) else: for line in output: @@ -2997,7 +2684,7 @@ if form.getvalue('lets_domain'): os.remove(script) if form.getvalue('uploadovpn'): - name = funct.checkAjaxInput(form.getvalue('ovpnname')) + name = common.checkAjaxInput(form.getvalue('ovpnname')) ovpn_file = os.path.dirname('/tmp/') + "/" + name + '.ovpn' @@ -3012,33 +2699,33 @@ if form.getvalue('uploadovpn'): try: cmd = 'sudo openvpn3 config-import --config %s --persistent' % ovpn_file - funct.subprocess_execute(cmd) + server_mod.subprocess_execute(cmd) except IOError as e: - funct.logging('Roxy-WI server', e.args[0], roxywi=1) + roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1) try: cmd = 'sudo cp %s /etc/openvpn3/%s.conf' % (ovpn_file, name) - funct.subprocess_execute(cmd) + server_mod.subprocess_execute(cmd) except IOError as e: - funct.logging('Roxy-WI server', e.args[0], roxywi=1) + roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1) - funct.logging("Roxy-WI server", " has been uploaded a new ovpn file %s" % ovpn_file, roxywi=1, login=1) + roxywi_common.logging("Roxy-WI server", " has been uploaded a new ovpn file %s" % ovpn_file, roxywi=1, login=1) if form.getvalue('openvpndel') is not None: - openvpndel = funct.checkAjaxInput(form.getvalue('openvpndel')) + openvpndel = common.checkAjaxInput(form.getvalue('openvpndel')) cmd = 'sudo openvpn3 config-remove --config /tmp/%s.ovpn --force' % openvpndel try: - funct.subprocess_execute(cmd) + server_mod.subprocess_execute(cmd) print("Ok") - funct.logging(openvpndel, ' has deleted the ovpn file ', roxywi=1, login=1) + roxywi_common.logging(openvpndel, ' has deleted the ovpn file ', roxywi=1, login=1) except IOError as e: print(e.args[0]) - funct.logging('Roxy-WI server', e.args[0], roxywi=1) + roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1) if form.getvalue('actionvpn') is not None: - openvpn = funct.checkAjaxInput(form.getvalue('openvpnprofile')) - action = funct.checkAjaxInput(form.getvalue('actionvpn')) + openvpn = common.checkAjaxInput(form.getvalue('openvpnprofile')) + action = common.checkAjaxInput(form.getvalue('actionvpn')) if action == 'start': cmd = 'sudo openvpn3 session-start --config /tmp/%s.ovpn' % openvpn @@ -3047,15 +2734,15 @@ if form.getvalue('actionvpn') is not None: elif action == 'disconnect': cmd = 'sudo openvpn3 session-manage --config /tmp/%s.ovpn --disconnect' % openvpn try: - funct.subprocess_execute(cmd) + server_mod.subprocess_execute(cmd) print("success: The " + openvpn + " has been " + action + "ed") - funct.logging(openvpn, ' has ' + action + ' the ovpn session ', roxywi=1, login=1) + roxywi_common.logging(openvpn, ' has ' + action + ' the ovpn session ', roxywi=1, login=1) except IOError as e: print(e.args[0]) - funct.logging('Roxy-WI server', e.args[0], roxywi=1) + roxywi_common.logging('Roxy-WI server', e.args[0], roxywi=1) if form.getvalue('scan_ports') is not None: - serv_id = funct.checkAjaxInput(form.getvalue('scan_ports')) + serv_id = common.checkAjaxInput(form.getvalue('scan_ports')) server = sql.select_servers(id=serv_id) ip = '' @@ -3065,8 +2752,8 @@ if form.getvalue('scan_ports') is not None: cmd = "sudo nmap -sS %s |grep -E '^[[:digit:]]'|sed 's/ */ /g'" % ip cmd1 = "sudo nmap -sS %s |head -5|tail -2" % ip - stdout, stderr = funct.subprocess_execute(cmd) - stdout1, stderr1 = funct.subprocess_execute(cmd1) + stdout, stderr = server_mod.subprocess_execute(cmd) + stdout1, stderr1 = server_mod.subprocess_execute(cmd1) if stderr != '': print(stderr) @@ -3077,13 +2764,13 @@ if form.getvalue('scan_ports') is not None: print(template) if form.getvalue('viewFirewallRules') is not None: - serv = funct.checkAjaxInput(form.getvalue('viewFirewallRules')) + serv = common.checkAjaxInput(form.getvalue('viewFirewallRules')) cmd = ["sudo iptables -L INPUT -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"] cmd1 = ["sudo iptables -L IN_public_allow -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"] cmd2 = ["sudo iptables -L OUTPUT -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"] - input_chain = funct.ssh_command(serv, cmd, raw=1) + input_chain = server_mod.ssh_command(serv, cmd, raw=1) input_chain2 = [] for each_line in input_chain: @@ -3093,8 +2780,8 @@ if form.getvalue('viewFirewallRules') is not None: print(input_chain) sys.exit() - IN_public_allow = funct.ssh_command(serv, cmd1, raw=1) - output_chain = funct.ssh_command(serv, cmd2, raw=1) + IN_public_allow = server_mod.ssh_command(serv, cmd1, raw=1) + output_chain = server_mod.ssh_command(serv, cmd2, raw=1) env = Environment(loader=FileSystemLoader('templates')) template = env.get_template('ajax/firewall_rules.html') template = template.render(input=input_chain2, IN_public_allow=IN_public_allow, output=output_chain) @@ -3104,50 +2791,17 @@ if form.getvalue('geoipserv') is not None: serv = form.getvalue('geoipserv') service = form.getvalue('geoip_service') if service in ('haproxy', 'nginx'): - service_dir = funct.return_nice_path(sql.get_setting(f'{service}_dir')) + service_dir = common.return_nice_path(sql.get_setting(f'{service}_dir')) cmd = ["ls " + service_dir + "geoip/"] - print(funct.ssh_command(serv, cmd)) + print(server_mod.ssh_command(serv, cmd)) else: print('warning: select a server and service first') -if form.getvalue('geoip_install'): - serv = funct.is_ip_or_dns(form.getvalue('geoip_install')) - geoip_update = funct.checkAjaxInput(form.getvalue('geoip_update')) - service = form.getvalue('geoip_service') - proxy = sql.get_setting('proxy') - maxmind_key = sql.get_setting('maxmind_key') - proxy_serv = '' - ssh_settings = funct.return_ssh_keys_path(serv) - - if service in ('haproxy', 'nginx'): - service_dir = funct.return_nice_path(sql.get_setting(f'{service}_dir')) - script = f'install_{service}_geoip.sh' - else: - print('warning: select a server and service first') - sys.exit() - - if proxy is not None and proxy != '' and proxy != 'None': - proxy_serv = proxy - - os.system(f"cp scripts/{script} .") - - commands = [ - f"chmod +x {script} && ./{script} PROXY={proxy_serv} SSH_PORT={ssh_settings['port']} UPDATE={geoip_update} " - f"maxmind_key={maxmind_key} service_dir={service_dir} HOST={serv} USER={ssh_settings['user']} " - f"PASS={ssh_settings['password']} KEY={ssh_settings['key']}" - ] - - output, error = funct.subprocess_execute(commands[0]) - - funct.show_installation_output(error, output, 'GeoLite2 Database') - - os.remove(script) - if form.getvalue('nettools_icmp_server_from'): server_from = form.getvalue('nettools_icmp_server_from') server_to = form.getvalue('nettools_icmp_server_to') - server_to = funct.is_ip_or_dns(server_to) + server_to = common.is_ip_or_dns(server_to) action = form.getvalue('nettools_action') stderr = '' action_for_sending = '' @@ -3164,10 +2818,10 @@ if form.getvalue('nettools_icmp_server_from'): action_for_sending = action_for_sending + server_to if server_from == 'localhost': - output, stderr = funct.subprocess_execute(action_for_sending) + output, stderr = server_mod.subprocess_execute(action_for_sending) else: action_for_sending = [action_for_sending] - output = funct.ssh_command(server_from, action_for_sending, raw=1) + output = server_mod.ssh_command(server_from, action_for_sending, raw=1) if stderr != '': print(f'error: {stderr}') @@ -3190,7 +2844,7 @@ if form.getvalue('nettools_icmp_server_from'): if form.getvalue('nettools_telnet_server_from'): server_from = form.getvalue('nettools_telnet_server_from') server_to = form.getvalue('nettools_telnet_server_to') - server_to = funct.is_ip_or_dns(server_to) + server_to = common.is_ip_or_dns(server_to) port_to = form.getvalue('nettools_telnet_port_to') stderr = '' @@ -3200,10 +2854,10 @@ if form.getvalue('nettools_telnet_server_from'): if server_from == 'localhost': action_for_sending = f'echo "exit"|nc {server_to} {port_to} -t -w 1s' - output, stderr = funct.subprocess_execute(action_for_sending) + output, stderr = server_mod.subprocess_execute(action_for_sending) else: action_for_sending = [f'echo "exit"|nc {server_to} {port_to} -t -w 1s'] - output = funct.ssh_command(server_from, action_for_sending, raw=1) + output = server_mod.ssh_command(server_from, action_for_sending, raw=1) if stderr != '': print(f'error: {stderr[5:]}') @@ -3224,7 +2878,7 @@ if form.getvalue('nettools_telnet_server_from'): if form.getvalue('nettools_nslookup_server_from'): server_from = form.getvalue('nettools_nslookup_server_from') dns_name = form.getvalue('nettools_nslookup_name') - dns_name = funct.is_ip_or_dns(dns_name) + dns_name = common.is_ip_or_dns(dns_name) record_type = form.getvalue('nettools_nslookup_record_type') stderr = '' @@ -3235,10 +2889,10 @@ if form.getvalue('nettools_nslookup_server_from'): action_for_sending = f'dig {dns_name} {record_type} |grep -e "SERVER\|{dns_name}"' if server_from == 'localhost': - output, stderr = funct.subprocess_execute(action_for_sending) + output, stderr = server_mod.subprocess_execute(action_for_sending) else: action_for_sending = [action_for_sending] - output = funct.ssh_command(server_from, action_for_sending, raw=1) + output = server_mod.ssh_command(server_from, action_for_sending, raw=1) if stderr != '': print('error: ' + stderr[5:-1]) @@ -3270,25 +2924,26 @@ if form.getvalue('portscanner_history_server_id'): user_group_id = [server[3] for server in sql.select_servers(id=server_id)] try: - if sql.insert_port_scanner_settings(server_id, user_group_id, enabled, notify, history): + if sql.insert_port_scanner_settings(server_id, user_group_id[0], enabled, notify, history): print('ok') else: - if sql.update_port_scanner_settings(server_id, user_group_id, enabled, notify, history): + if sql.update_port_scanner_settings(server_id, user_group_id[0], enabled, notify, history): print('ok') except Exception as e: print(e) if form.getvalue('show_versions'): + import modules.roxywi.roxy as roxy env = Environment(loader=FileSystemLoader('templates')) template = env.get_template('ajax/check_version.html') - template = template.render(versions=funct.versions()) + template = template.render(versions=roxy.versions()) print(template) if form.getvalue('get_group_name_by_id'): print(sql.get_group_name_by_id(form.getvalue('get_group_name_by_id'))) if any((form.getvalue('do_new_name'), form.getvalue('aws_new_name'), form.getvalue('gcore_new_name'))): - funct.check_user_group() + roxywi_common.check_user_group() is_add = False if form.getvalue('do_new_name'): provider_name = form.getvalue('do_new_name') @@ -3335,18 +2990,18 @@ if any((form.getvalue('do_new_name'), form.getvalue('aws_new_name'), form.getval print(template) if form.getvalue('providerdel'): - funct.check_user_group() + roxywi_common.check_user_group() try: if sql.delete_provider(form.getvalue('providerdel')): print('Ok') - funct.logging('Roxy-WI server', 'Provider has been deleted', provisioning=1) + roxywi_common.logging('Roxy-WI server', 'Provider has been deleted', provisioning=1) except Exception as e: print(e) if form.getvalue('awsinit') or form.getvalue('doinit') or form.getvalue('gcoreinitserver'): - funct.check_user_group() + roxywi_common.check_user_group() cmd = 'cd scripts/terraform/ && sudo terraform init -upgrade -no-color' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr != '': print('error: ' + stderr) else: @@ -3394,7 +3049,7 @@ if form.getvalue('awsvars') or form.getvalue('awseditvars'): f'AWS_ACCESS_KEY={aws_key} AWS_SECRET_KEY={aws_secret} firewall={firewall} public_ip={public_ip} ' \ f'ssh_name={ssh_name} delete_on_termination={delete_on_termination} volume_type={volume_type} cloud=aws"' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr != '': print('error: ' + stderr) else: @@ -3436,7 +3091,7 @@ if form.getvalue('dovars') or form.getvalue('doeditvars'): f'group={group} size={size} os={oss} floating_ip={floating_ip} ssh_ids={ssh_ids} server_name={dovars} ' \ f'token={token} backup={backup} monitoring={monitoring} privet_net={privet_net} firewall={firewall} ' \ f'floating_ip={floating_ip} ssh_name={ssh_name} cloud=do"' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr != '': print(f'error: {stderr}') else: @@ -3452,7 +3107,7 @@ if form.getvalue('dovalidate') or form.getvalue('doeditvalidate'): group = form.getvalue('do_edit_group') cmd = f'cd scripts/terraform/ && sudo terraform plan -no-color -input=false -target=module.do_module -var-file vars/{workspace}_{group}_do.tfvars' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr != '': print(f'error: {stderr}') else: @@ -3474,7 +3129,7 @@ if form.getvalue('doworkspace'): firewall = form.getvalue('do_create_firewall') cmd = 'cd scripts/terraform/ && sudo terraform workspace new ' + workspace + '_' + group + '_do' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr != '': stderr = stderr.strip() @@ -3489,7 +3144,7 @@ if form.getvalue('doworkspace'): region, size, privet_net, floating_ip, ssh_ids, ssh_name, workspace, oss, firewall, monitoring, backup, provider, group, 'Creating' ): - user, user_id, role, token, servers, user_services = funct.get_users_params() + user_params = roxywi_common.get_users_params() new_server = sql.select_provisioned_servers(new=workspace, group=group, type='do') params = sql.select_provisioning_params() @@ -3497,7 +3152,7 @@ if form.getvalue('doworkspace'): template = env.get_template('ajax/provisioning/provisioned_servers.html') template = template.render( servers=new_server, groups=sql.select_groups(), user_group=group, - providers=sql.select_providers(group), role=role, adding=1, params=params + providers=sql.select_providers(group), role=user_params['role'], adding=1, params=params ) print(template) @@ -3523,7 +3178,7 @@ if form.getvalue('doeditworkspace'): ): cmd = 'cd scripts/terraform/ && sudo terraform workspace select ' + workspace + '_' + group + '_do' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr != '': stderr = stderr.strip() @@ -3548,7 +3203,7 @@ if form.getvalue('awsvalidate') or form.getvalue('awseditvalidate'): group = form.getvalue('aws_edit_group') cmd = f'cd scripts/terraform/ && sudo terraform plan -no-color -input=false -target=module.aws_module -var-file vars/{workspace}_{group}_aws.tfvars' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr != '': print('error: ' + stderr) else: @@ -3570,7 +3225,7 @@ if form.getvalue('awsworkspace'): public_ip = form.getvalue('aws_create_public_ip') cmd = f'cd scripts/terraform/ && sudo terraform workspace new {workspace}_{group}_aws' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr != '': stderr = stderr.strip() @@ -3586,7 +3241,7 @@ if form.getvalue('awsworkspace'): region, size, public_ip, floating_ip, volume_size, ssh_name, workspace, oss, firewall, provider, group, 'Creating', delete_on_termination, volume_type ): - user, user_id, role, token, servers, user_services = funct.get_users_params() + user_params = roxywi_common.get_users_params() new_server = sql.select_provisioned_servers(new=workspace, group=group, type='aws') params = sql.select_provisioning_params() @@ -3594,7 +3249,7 @@ if form.getvalue('awsworkspace'): template = env.get_template('ajax/provisioning/provisioned_servers.html') template = template.render( servers=new_server, groups=sql.select_groups(), user_group=group, - providers=sql.select_providers(group), role=role, adding=1, params=params + providers=sql.select_providers(group), role=user_params['role'], adding=1, params=params ) print(template) except Exception as e: @@ -3624,7 +3279,7 @@ if form.getvalue('awseditworkspace'): try: cmd = f'cd scripts/terraform/ && sudo terraform workspace select {workspace}_{group}_aws' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) except Exception as e: print('error: ' + str(e)) @@ -3648,7 +3303,7 @@ if ( or form.getvalue('gcoreprovisining') or form.getvalue('gcoreeditgprovisining') ): - funct.check_user_group() + roxywi_common.check_user_group() if form.getvalue('awsprovisining'): workspace = form.getvalue('awsprovisining') @@ -3695,7 +3350,7 @@ if ( tfvars = f'{workspace}_{group}_{cloud}.tfvars' cmd = f'cd scripts/terraform/ && sudo terraform apply -auto-approve -no-color -input=false -target=module.{cloud}_module -var-file vars/{tfvars}' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr != '': stderr = stderr.strip() @@ -3708,13 +3363,13 @@ if ( else: if cloud == 'aws': cmd = 'cd scripts/terraform/ && sudo terraform state show module.aws_module.aws_eip.floating_ip[0]|grep -Eo "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr != '': cmd = 'cd scripts/terraform/ && sudo terraform state show module.' + cloud + '_module.' + state_name + '.hapwi|grep -Eo "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"' else: cmd = 'cd scripts/terraform/ && sudo terraform state show module.' + cloud + '_module.' + state_name + '.hapwi|grep -Eo "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}"' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) ips = '' for ip in output: ips += ip @@ -3731,17 +3386,17 @@ if ( if cloud == 'gcore': cmd = 'cd scripts/terraform/ && sudo terraform state show module.gcore_module.gcore_instance.hapwi|grep "name"|grep -v -e "_name\|name_" |head -1 |awk -F"\\\"" \'{print $2}\'' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) print(':' + output[0]) try: sql.update_provisioning_server_gcore_name(workspace, output[0], group, provider_id) except Exception as e: print(e) - funct.logging('Roxy-WI server', f'Server {workspace} has been {action}', provisioning=1) + roxywi_common.logging('Roxy-WI server', f'Server {workspace} has been {action}', provisioning=1) if form.getvalue('provisiningdestroyserver'): - funct.check_user_group() + roxywi_common.check_user_group() server_id = form.getvalue('provisiningdestroyserver') workspace = form.getvalue('servername') group = form.getvalue('group') @@ -3751,7 +3406,7 @@ if form.getvalue('provisiningdestroyserver'): tf_workspace = f'{workspace}_{group}_{cloud_type}' cmd = f'cd scripts/terraform/ && sudo terraform init -upgrade -no-color && sudo terraform workspace select {tf_workspace}' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr != '': stderr = stderr.strip() @@ -3763,16 +3418,16 @@ if form.getvalue('provisiningdestroyserver'): print('error: ' + stderr) else: cmd = f'cd scripts/terraform/ && sudo terraform destroy -auto-approve -no-color -target=module.{cloud_type}_module -var-file vars/{tf_workspace}.tfvars' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr != '': print(f'error: {stderr}') else: cmd = f'cd scripts/terraform/ && sudo terraform workspace select default && sudo terraform workspace delete -force {tf_workspace}' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) print('ok') - funct.logging('Roxy-WI server', 'Server has been destroyed', provisioning=1) + roxywi_common.logging('Roxy-WI server', 'Server has been destroyed', provisioning=1) try: sql.delete_provisioned_servers(server_id) except Exception as e: @@ -3821,7 +3476,7 @@ if form.getvalue('gcorevars') or form.getvalue('gcoreeditvars'): 'cloud=gcore"'.format(region, group, size, oss, network_name, volume_size, gcorevars, gcore_user, gcore_pass, firewall, network_type, ssh_name, delete_on_termination, project, volume_type) - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr != '': print(f'error: {stderr}') else: @@ -3836,7 +3491,7 @@ if form.getvalue('gcorevalidate') or form.getvalue('gcoreeditvalidate'): group = form.getvalue('gcore_edit_group') cmd = f'cd scripts/terraform/ && sudo terraform plan -no-color -input=false -target=module.gcore_module -var-file vars/{workspace}_{group}_gcore.tfvars' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr != '': print(f'error: {stderr}') else: @@ -3859,7 +3514,7 @@ if form.getvalue('gcoreworkspace'): network_name = form.getvalue('gcore_create_network_name') cmd = 'cd scripts/terraform/ && sudo terraform workspace new ' + workspace + '_' + group + '_gcore' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr != '': stderr = stderr.strip() @@ -3875,7 +3530,7 @@ if form.getvalue('gcoreworkspace'): project, region, size, network_type, network_name, volume_size, ssh_name, workspace, oss, firewall, provider, group, 'Creating', delete_on_termination, volume_type ): - user, user_id, role, token, servers, user_services = funct.get_users_params() + user_params = roxywi_common.get_users_params() new_server = sql.select_provisioned_servers(new=workspace, group=group, type='gcore') params = sql.select_provisioning_params() @@ -3885,7 +3540,7 @@ if form.getvalue('gcoreworkspace'): groups=sql.select_groups(), user_group=group, providers=sql.select_providers(group), - role=role, + role=user_params['role'], adding=1, params=params) print(template) @@ -3917,7 +3572,7 @@ if form.getvalue('gcoreeditworkspace'): try: cmd = 'cd scripts/terraform/ && sudo terraform workspace select ' + workspace + '_' + group + '_gcore' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) except Exception as e: print('error: ' + str(e)) @@ -3934,7 +3589,7 @@ if form.getvalue('gcoreeditworkspace'): print(e) if form.getvalue('editAwsServer'): - funct.check_user_group() + roxywi_common.check_user_group() server_id = form.getvalue('editAwsServer') user_group = form.getvalue('editAwsGroup') params = sql.select_provisioning_params() @@ -3946,7 +3601,7 @@ if form.getvalue('editAwsServer'): print(template) if form.getvalue('editGcoreServer'): - funct.check_user_group() + roxywi_common.check_user_group() server_id = form.getvalue('editGcoreServer') user_group = form.getvalue('editGcoreGroup') params = sql.select_provisioning_params() @@ -3958,7 +3613,7 @@ if form.getvalue('editGcoreServer'): print(template) if form.getvalue('editDoServer'): - funct.check_user_group() + roxywi_common.check_user_group() server_id = form.getvalue('editDoServer') user_group = form.getvalue('editDoGroup') params = sql.select_provisioning_params() @@ -3970,7 +3625,7 @@ if form.getvalue('editDoServer'): print(template) if form.getvalue('edit_do_provider'): - funct.check_user_group() + roxywi_common.check_user_group() provider_id = form.getvalue('edit_do_provider') new_name = form.getvalue('edit_do_provider_name') new_token = form.getvalue('edit_do_provider_token') @@ -3978,12 +3633,12 @@ if form.getvalue('edit_do_provider'): try: if sql.update_do_provider(new_name, new_token, provider_id): print('ok') - funct.logging('Roxy-WI server', f'Provider has been renamed. New name is {new_name}', provisioning=1) + roxywi_common.logging('Roxy-WI server', f'Provider has been renamed. New name is {new_name}', provisioning=1) except Exception as e: print(e) if form.getvalue('edit_gcore_provider'): - funct.check_user_group() + roxywi_common.check_user_group() provider_id = form.getvalue('edit_gcore_provider') new_name = form.getvalue('edit_gcore_provider_name') new_user = form.getvalue('edit_gcore_provider_user') @@ -3992,12 +3647,12 @@ if form.getvalue('edit_gcore_provider'): try: if sql.update_gcore_provider(new_name, new_user, new_pass, provider_id): print('ok') - funct.logging('Roxy-WI server', f'Provider has been renamed. New name is {new_name}', provisioning=1) + roxywi_common.logging('Roxy-WI server', f'Provider has been renamed. New name is {new_name}', provisioning=1) except Exception as e: print(e) if form.getvalue('edit_aws_provider'): - funct.check_user_group() + roxywi_common.check_user_group() provider_id = form.getvalue('edit_aws_provider') new_name = form.getvalue('edit_aws_provider_name') new_key = form.getvalue('edit_aws_provider_key') @@ -4006,15 +3661,17 @@ if form.getvalue('edit_aws_provider'): try: if sql.update_aws_provider(new_name, new_key, new_secret, provider_id): print('ok') - funct.logging('Roxy-WI server', f'Provider has been renamed. New name is {new_name}', provisioning=1) + roxywi_common.logging('Roxy-WI server', f'Provider has been renamed. New name is {new_name}', provisioning=1) except Exception as e: print(e) if form.getvalue('loadservices'): + from modules.roxywi.roxy import get_services_status + env = Environment(loader=FileSystemLoader('templates')) template = env.get_template('ajax/load_services.html') try: - services = funct.get_services_status() + services = get_services_status() except Exception as e: print(e) @@ -4022,37 +3679,40 @@ if form.getvalue('loadservices'): print(template) if form.getvalue('loadchecker'): + from modules.roxywi.roxy import get_services_status + env = Environment(loader=FileSystemLoader('templates'), autoescape=True) template = env.get_template('ajax/load_telegram.html') - services = funct.get_services_status() + services = get_services_status() groups = sql.select_groups() page = form.getvalue('page') try: - user_status, user_plan = funct.return_user_status() + user_subscription = roxywi_common.return_user_status() except Exception as e: - user_status, user_plan = 0, 0 - funct.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) - if user_status: + user_subscription = roxywi_common.return_unsubscribed_user_status() + roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) + + if user_subscription['user_status']: haproxy_settings = sql.select_checker_settings(1) nginx_settings = sql.select_checker_settings(2) keepalived_settings = sql.select_checker_settings(3) apache_settings = sql.select_checker_settings(4) if page == 'servers.py': - user_group = funct.get_user_group(id=1) + user_group = roxywi_common.get_user_group(id=1) telegrams = sql.get_user_telegram_by_group(user_group) slacks = sql.get_user_slack_by_group(user_group) - haproxy_servers = sql.get_dick_permit(haproxy=1, only_group=1) - nginx_servers = sql.get_dick_permit(nginx=1, only_group=1) - apache_servers = sql.get_dick_permit(apache=1, only_group=1) - keepalived_servers = sql.get_dick_permit(keepalived=1, only_group=1) + haproxy_servers = roxywi_common.get_dick_permit(haproxy=1, only_group=1) + nginx_servers = roxywi_common.get_dick_permit(nginx=1, only_group=1) + apache_servers = roxywi_common.get_dick_permit(apache=1, only_group=1) + keepalived_servers = roxywi_common.get_dick_permit(keepalived=1, only_group=1) else: telegrams = sql.select_telegram() slacks = sql.select_slack() - haproxy_servers = sql.get_dick_permit(haproxy=1) - nginx_servers = sql.get_dick_permit(nginx=1) - apache_servers = sql.get_dick_permit(apache=1) - keepalived_servers = sql.get_dick_permit(keepalived=1) + haproxy_servers = roxywi_common.get_dick_permit(haproxy=1) + nginx_servers = roxywi_common.get_dick_permit(nginx=1) + apache_servers = roxywi_common.get_dick_permit(apache=1) + keepalived_servers = roxywi_common.get_dick_permit(keepalived=1) else: telegrams = '' slacks = '' @@ -4075,18 +3735,20 @@ if form.getvalue('loadchecker'): print(template) if form.getvalue('load_update_hapwi'): + import modules.roxywi.roxy as roxy + env = Environment(loader=FileSystemLoader('templates')) template = env.get_template('ajax/load_updatehapwi.html') - versions = funct.versions() - checker_ver = funct.check_new_version('checker') - smon_ver = funct.check_new_version('smon') - metrics_ver = funct.check_new_version('metrics') - keep_ver = funct.check_new_version('keep_alive') - portscanner_ver = funct.check_new_version('portscanner') - socket_ver = funct.check_new_version('socket') - prometheus_exp_ver = funct.check_new_version('prometheus-exporter') - services = funct.get_services_status() + versions = roxy.versions() + checker_ver = roxy.check_new_version('checker') + smon_ver = roxy.check_new_version('smon') + metrics_ver = roxy.check_new_version('metrics') + keep_ver = roxy.check_new_version('keep_alive') + portscanner_ver = roxy.check_new_version('portscanner') + socket_ver = roxy.check_new_version('socket') + prometheus_exp_ver = roxy.check_new_version('prometheus-exporter') + services = roxy.get_services_status() template = template.render(services=services, versions=versions, @@ -4109,18 +3771,18 @@ if form.getvalue('loadopenvpn'): openvpn = '' if distro.id() == 'ubuntu': - stdout, stderr = funct.subprocess_execute("apt show openvpn3 2>&1|grep E:") + stdout, stderr = server_mod.subprocess_execute("apt show openvpn3 2>&1|grep E:") elif distro.id() == 'centos' or distro.id() == 'rhel': - stdout, stderr = funct.subprocess_execute("rpm --query openvpn3-client") + stdout, stderr = server_mod.subprocess_execute("rpm --query openvpn3-client") if ( (stdout[0] != 'package openvpn3-client is not installed' and stderr != '/bin/sh: rpm: command not found') and stdout[0] != 'E: No packages found' ): cmd = "sudo openvpn3 configs-list |grep -E 'ovpn|(^|[^0-9])[0-9]{4}($|[^0-9])' |grep -v net|awk -F\" \" '{print $1}'|awk 'ORS=NR%2?\" \":\"\\n\"'" - openvpn_configs, stderr = funct.subprocess_execute(cmd) + openvpn_configs, stderr = server_mod.subprocess_execute(cmd) cmd = "sudo openvpn3 sessions-list|grep -E 'Config|Status'|awk -F\":\" '{print $2}'|awk 'ORS=NR%2?\" \":\"\\n\"'| sed 's/^ //g'" - openvpn_sess, stderr = funct.subprocess_execute(cmd) + openvpn_sess, stderr = server_mod.subprocess_execute(cmd) openvpn = stdout[0] template = template.render(openvpn=openvpn, @@ -4129,32 +3791,38 @@ if form.getvalue('loadopenvpn'): print(template) if form.getvalue('check_telegram'): + import modules.alerting.alerting as alerting + telegram_id = form.getvalue('check_telegram') mess = 'Test message from Roxy-WI' - funct.telegram_send_mess(mess, telegram_channel_id=telegram_id) + alerting.telegram_send_mess(mess, telegram_channel_id=telegram_id) if form.getvalue('check_slack'): + import modules.alerting.alerting as alerting + slack_id = form.getvalue('check_slack') mess = 'Test message from Roxy-WI' - funct.slack_send_mess(mess, slack_channel_id=slack_id) + alerting.slack_send_mess(mess, slack_channel_id=slack_id) if form.getvalue('check_rabbitmq_alert'): + import modules.alerting.alerting as alerting + try: cookie = http.cookies.SimpleCookie(os.environ.get("HTTP_COOKIE")) user_group_id = cookie.get('group') user_group_id1 = user_group_id.value except Exception as e: - error = str(e) - print(f'error: Cannot send a message {error}') + print(f'error: Cannot send a message {e}') try: json_for_sending = {"user_group": user_group_id1, "message": 'info: Test message'} - funct.send_message_to_rabbit(json.dumps(json_for_sending)) + alerting.send_message_to_rabbit(json.dumps(json_for_sending)) except Exception as e: - error = str(e) - print(f'error: Cannot send a message {error}') + print(f'error: Cannot send a message {e}') if form.getvalue('check_email_alert'): + import modules.alerting.alerting as alerting + subject = 'test message' message = 'Test message from Roxy-WI' @@ -4163,20 +3831,17 @@ if form.getvalue('check_email_alert'): user_uuid = cookie.get('uuid') user_uuid_value = user_uuid.value except Exception as e: - error = str(e) - print(f'error: Cannot send a message {error}') + print(f'error: Cannot send a message {e}') try: user_email = sql.select_user_email_by_uuid(user_uuid_value) except Exception as e: - error = str(e) - print(f'error: Cannot get a user email: {error}') + print(f'error: Cannot get a user email: {e}') try: - funct.send_email(user_email, subject, message) + alerting.send_email(user_email, subject, message) except Exception as e: - error = str(e) - print(f'error: Cannot send a message {error}') + print(f'error: Cannot send a message {e}') if form.getvalue('getoption'): group = form.getvalue('getoption') @@ -4265,11 +3930,11 @@ if form.getvalue('show_users_ovw') is not None: env = Environment(loader=FileSystemLoader('templates/ajax'), autoescape=True) template = env.get_template('/show_users_ovw.html') - user, user_id, role, token, servers, user_services = funct.get_users_params() + user_params = roxywi_common.get_users_params() users_groups = sql.select_user_groups_with_names(1, all=1) - user_group = funct.get_user_group(id=1) + user_group = roxywi_common.get_user_group(id=1) - if (role == 2 or role == 3) and int(user_group) != 1: + if (user_params['role'] == 2 or user_params['role'] == 3) and int(user_group) != 1: users = sql.select_users(group=user_group) else: users = sql.select_users() @@ -4302,62 +3967,62 @@ if form.getvalue('serverSettingsSave') is not None: if sql.insert_or_update_service_setting(server_id, service, 'haproxy_enterprise', haproxy_enterprise): print('Ok') if haproxy_enterprise == '1': - funct.logging(server_ip, 'Service has been flagged as an Enterprise version', roxywi=1, login=1, + roxywi_common.logging(server_ip, 'Service has been flagged as an Enterprise version', roxywi=1, login=1, keep_history=1, service=service) else: - funct.logging(server_ip, 'Service has been flagged as a community version', roxywi=1, login=1, + roxywi_common.logging(server_ip, 'Service has been flagged as a community version', roxywi=1, login=1, keep_history=1, service=service) if sql.insert_or_update_service_setting(server_id, service, 'dockerized', haproxy_dockerized): print('Ok') if haproxy_dockerized == '1': - funct.logging(server_ip, 'Service has been flagged as a dockerized', roxywi=1, login=1, + roxywi_common.logging(server_ip, 'Service has been flagged as a dockerized', roxywi=1, login=1, keep_history=1, service=service) else: - funct.logging(server_ip, 'Service has been flagged as a system service', roxywi=1, login=1, + roxywi_common.logging(server_ip, 'Service has been flagged as a system service', roxywi=1, login=1, keep_history=1, service=service) if sql.insert_or_update_service_setting(server_id, service, 'restart', haproxy_restart): print('Ok') if haproxy_restart == '1': - funct.logging(server_ip, 'Restart option is disabled for this service', roxywi=1, login=1, + roxywi_common.logging(server_ip, 'Restart option is disabled for this service', roxywi=1, login=1, keep_history=1, service=service) else: - funct.logging(server_ip, 'Restart option is disabled for this service', roxywi=1, login=1, + roxywi_common.logging(server_ip, 'Restart option is disabled for this service', roxywi=1, login=1, keep_history=1, service=service) if service == 'nginx': if sql.insert_or_update_service_setting(server_id, service, 'dockerized', nginx_dockerized): print('Ok') if nginx_dockerized: - funct.logging(server_ip, 'Service has been flagged as a dockerized', roxywi=1, login=1, + roxywi_common.logging(server_ip, 'Service has been flagged as a dockerized', roxywi=1, login=1, keep_history=1, service=service) else: - funct.logging(server_ip, 'Service has been flagged as a system service', roxywi=1, login=1, + roxywi_common.logging(server_ip, 'Service has been flagged as a system service', roxywi=1, login=1, keep_history=1, service=service) if sql.insert_or_update_service_setting(server_id, service, 'restart', nginx_restart): print('Ok') if nginx_restart == '1': - funct.logging(server_ip, 'Restart option is disabled for this service', roxywi=1, login=1, + roxywi_common.logging(server_ip, 'Restart option is disabled for this service', roxywi=1, login=1, keep_history=1, service=service) else: - funct.logging(server_ip, 'Restart option is disabled for this service', roxywi=1, login=1, + roxywi_common.logging(server_ip, 'Restart option is disabled for this service', roxywi=1, login=1, keep_history=1, service=service) if service == 'apache': if sql.insert_or_update_service_setting(server_id, service, 'dockerized', apache_dockerized): print('Ok') if apache_dockerized: - funct.logging(server_ip, 'Service has been flagged as a dockerized', roxywi=1, login=1, + roxywi_common.logging(server_ip, 'Service has been flagged as a dockerized', roxywi=1, login=1, keep_history=1, service=service) else: - funct.logging(server_ip, 'Service has been flagged as a system service', roxywi=1, login=1, + roxywi_common.logging(server_ip, 'Service has been flagged as a system service', roxywi=1, login=1, keep_history=1, service=service) if sql.insert_or_update_service_setting(server_id, service, 'restart', apache_restart): print('Ok') if apache_restart == '1': - funct.logging(server_ip, 'Restart option is disabled for this service', roxywi=1, login=1, + roxywi_common.logging(server_ip, 'Restart option is disabled for this service', roxywi=1, login=1, keep_history=1, service=service) else: - funct.logging(server_ip, 'Restart option is disabled for this service', roxywi=1, login=1, + roxywi_common.logging(server_ip, 'Restart option is disabled for this service', roxywi=1, login=1, keep_history=1, service=service) if act == 'showListOfVersion': @@ -4378,9 +4043,9 @@ if act == 'showListOfVersion': configs_dir = get_config.get_config_var('configs', 'kp_save_configs_dir') if service == 'haproxy': - files = funct.get_files() + files = roxywi_common.get_files() else: - files = funct.get_files(configs_dir, 'conf') + files = roxywi_common.get_files(configs_dir, 'conf') env = Environment(loader=FileSystemLoader('templates/'), autoescape=True, extensions=["jinja2.ext.loopcontrols", "jinja2.ext.do"]) @@ -4398,8 +4063,10 @@ if act == 'showListOfVersion': print(template) if act == 'getSystemInfo': + import modules.server.server as server_mod + server_ip = form.getvalue('server_ip') - server_ip = funct.is_ip_or_dns(server_ip) + server_ip = common.is_ip_or_dns(server_ip) server_id = form.getvalue('server_id') if server_ip == '': @@ -4408,11 +4075,11 @@ if act == 'getSystemInfo': env = Environment(loader=FileSystemLoader('templates/'), autoescape=True, extensions=["jinja2.ext.loopcontrols", "jinja2.ext.do"]) - env.globals['string_to_dict'] = funct.string_to_dict + env.globals['string_to_dict'] = common.string_to_dict template = env.get_template('ajax/show_system_info.html') if sql.is_system_info(server_id): try: - funct.get_system_info(server_ip) + server_mod.get_system_info(server_ip) system_info = sql.select_one_system_info(server_id) template = template.render(system_info=system_info, server_ip=server_ip, server_id=server_id) @@ -4426,8 +4093,10 @@ if act == 'getSystemInfo': print(template) if act == 'updateSystemInfo': + import modules.server.server as server_mod + server_ip = form.getvalue('server_ip') - server_ip = funct.is_ip_or_dns(server_ip) + server_ip = common.is_ip_or_dns(server_ip) server_id = form.getvalue('server_id') if server_ip == '': @@ -4438,10 +4107,10 @@ if act == 'updateSystemInfo': env = Environment(loader=FileSystemLoader('templates/'), autoescape=True, extensions=["jinja2.ext.loopcontrols", "jinja2.ext.do"]) - env.globals['string_to_dict'] = funct.string_to_dict + env.globals['string_to_dict'] = common.string_to_dict template = env.get_template('ajax/show_system_info.html') - if funct.get_system_info(server_ip): + if server_mod.get_system_info(server_ip): system_info = sql.select_one_system_info(server_id) template = template.render(system_info=system_info, server_ip=server_ip, server_id=server_id) @@ -4451,14 +4120,14 @@ if act == 'updateSystemInfo': if act == 'findInConfigs': server_ip = serv - server_ip = funct.is_ip_or_dns(server_ip) + server_ip = common.is_ip_or_dns(server_ip) finding_words = form.getvalue('words') service = form.getvalue('service') log_path = sql.get_setting(service + '_dir') - log_path = funct.return_nice_path(log_path) + log_path = common.return_nice_path(log_path) commands = [f'sudo grep "{finding_words}" {log_path}*/*.conf -C 2 -Rn'] - return_find = funct.ssh_command(server_ip, commands, raw=1) - return_find = funct.show_finding_in_config(return_find, grep=finding_words) + return_find = server_mod.ssh_command(server_ip, commands, raw=1) + return_find = config_mod.show_finding_in_config(return_find, grep=finding_words) if 'error: ' in return_find: print(return_find) @@ -4473,14 +4142,14 @@ if act == 'check_service': user_uuid = cookie.get('uuid') user_id = sql.get_user_id_by_uuid(user_uuid.value) user_services = sql.select_user_services(user_id) - server_id = funct.checkAjaxInput(form.getvalue('server_id')) - service = funct.checkAjaxInput(form.getvalue('service')) + server_id = common.checkAjaxInput(form.getvalue('server_id')) + service = common.checkAjaxInput(form.getvalue('service')) if '1' in user_services: if service == 'haproxy': haproxy_sock_port = sql.get_setting('haproxy_sock_port') cmd = 'echo "show info" |nc %s %s -w 1 -v|grep Name' % (serv, haproxy_sock_port) - out = funct.subprocess_execute(cmd) + out = server_mod.subprocess_execute(cmd) for k in out[0]: if "Name" in k: print('up') diff --git a/app/overview.py b/app/overview.py index a8e7d325..2f71562b 100644 --- a/app/overview.py +++ b/app/overview.py @@ -2,12 +2,16 @@ # -*- coding: utf-8 -*- import os import sys + import psutil - -import funct -import sql - from jinja2 import Environment, FileSystemLoader + +import modules.db.sql as sql +import modules.roxywi.logs as roxy_logs +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common +import modules.server.server as server_mod + env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('ovw.html') @@ -21,24 +25,20 @@ is_metrics_worker = 0 servers_group = [] host = os.environ.get('HTTP_HOST', '') -try: - user, user_id, role, token, servers, user_services = funct.get_users_params() -except Exception as e: - print(f'error {e}') - sys.exit() +user_params = roxywi_common.get_users_params() try: - funct.check_login(user_id, token) + roxywi_auth.check_login(user_params['user_uuid'], user_params['token']) except Exception as e: print(f'error {e}') sys.exit() try: groups = sql.select_groups() - user_group = funct.get_user_group(id=1) + user_group = roxywi_common.get_user_group(id=1) - if (role == 2 or role == 3) and int(user_group) != 1: - for s in servers: + if (user_params['role'] == 2 or user_params['role'] == 3) and int(user_group) != 1: + for s in user_params['servers']: servers_group.append(s[2]) is_checker_worker = len(sql.select_all_alerts(group=user_group)) @@ -70,21 +70,19 @@ try: pass cmd = "systemctl is-active roxy-wi-metrics" - metrics_master, stderr = funct.subprocess_execute(cmd) + metrics_master, stderr = server_mod.subprocess_execute(cmd) cmd = "systemctl is-active roxy-wi-checker" - checker_master, stderr = funct.subprocess_execute(cmd) + checker_master, stderr = server_mod.subprocess_execute(cmd) cmd = "systemctl is-active roxy-wi-keep_alive" - keep_alive, stderr = funct.subprocess_execute(cmd) + keep_alive, stderr = server_mod.subprocess_execute(cmd) cmd = "systemctl is-active roxy-wi-smon" - smon, stderr = funct.subprocess_execute(cmd) + smon, stderr = server_mod.subprocess_execute(cmd) cmd = "systemctl is-active roxy-wi-portscanner" - port_scanner, stderr = funct.subprocess_execute(cmd) + port_scanner, stderr = server_mod.subprocess_execute(cmd) cmd = "systemctl is-active roxy-wi-socket" - socket, stderr = funct.subprocess_execute(cmd) + socket, stderr = server_mod.subprocess_execute(cmd) -except Exception: - role = '' - user = '' +except Exception as e: groups = '' roles = '' metrics_master = '' @@ -92,21 +90,21 @@ except Exception: keep_alive = '' smon = '' socket = '' - servers = '' stderr = '' - token = '' + print(e) rendered_template = template.render( - h2=1, autorefresh=1, title="Overview", role=role, user=user, groups=groups, roles=sql.select_roles(), - metrics_master=''.join(metrics_master), metrics_worker=metrics_worker, checker_master=''.join(checker_master), - checker_worker=checker_worker, keep_alive=''.join(keep_alive), smon=''.join(smon), - port_scanner=''.join(port_scanner), grafana=grafana, socket=''.join(socket), - roxy_wi_log_id=funct.roxy_wi_log(log_id=1, file="roxy-wi-"), - metrics_log_id=funct.roxy_wi_log(log_id=1, file="metrics"), - checker_log_id=funct.roxy_wi_log(log_id=1, file="checker"), - keep_alive_log_id=funct.roxy_wi_log(log_id=1, file="keep_alive"), - socket_log_id=funct.roxy_wi_log(log_id=1, file="socket"), error=stderr, - roxy_wi_log=funct.roxy_wi_log(), servers=servers, is_checker_worker=is_checker_worker, - is_metrics_worker=is_metrics_worker, host=host, user_services=user_services, token=token + h2=1, autorefresh=1, title="Overview", role=user_params['role'], user=user_params['user'], groups=groups, + roles=sql.select_roles(), metrics_master=''.join(metrics_master), metrics_worker=metrics_worker, + checker_master=''.join(checker_master), checker_worker=checker_worker, keep_alive=''.join(keep_alive), + smon=''.join(smon), port_scanner=''.join(port_scanner), grafana=grafana, socket=''.join(socket), + roxy_wi_log_id=roxy_logs.roxy_wi_log(log_id=1, file="roxy-wi-"), + metrics_log_id=roxy_logs.roxy_wi_log(log_id=1, file="metrics"), + checker_log_id=roxy_logs.roxy_wi_log(log_id=1, file="checker"), + keep_alive_log_id=roxy_logs.roxy_wi_log(log_id=1, file="keep_alive"), + socket_log_id=roxy_logs.roxy_wi_log(log_id=1, file="socket"), error=stderr, + roxy_wi_log=roxy_logs.roxy_wi_log(), servers=user_params['servers'], is_checker_worker=is_checker_worker, + is_metrics_worker=is_metrics_worker, host=host, user_services=user_params['user_services'], + token=user_params['token'] ) print(rendered_template) diff --git a/app/portscanner.py b/app/portscanner.py index da757ac4..710df97e 100644 --- a/app/portscanner.py +++ b/app/portscanner.py @@ -1,63 +1,64 @@ #!/usr/bin/env python3 import sys -import funct -import sql from jinja2 import Environment, FileSystemLoader +import modules.db.sql as sql +import modules.common.common as common +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common +import modules.server.server as server_mod + env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('portscanner.html') -form = funct.form +form = common.form serv = form.getvalue('history') print('Content-type: text/html\n') -try: - user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1) -except Exception as e: - print(str(e)) +user_params = roxywi_common.get_users_params(virt=1) try: - funct.check_login(user_id, token) + roxywi_auth.check_login(user_params['user_uuid'], user_params['token']) except Exception as e: - print(f'error {e}') - sys.exit() + print(f'error {e}') + sys.exit() if serv: - title = 'Port scanner history for ' + serv - port_scanner_settings = sql.select_port_scanner_history(serv) - history = '1' - port_scanner = '' - port_scanner_stderr = '' - count_ports = '' + title = f'Port scanner history for {serv}' + port_scanner_settings = sql.select_port_scanner_history(serv) + history = '1' + port_scanner = '' + port_scanner_stderr = '' + count_ports = '' else: - history = '' - title = 'Port scanner dashboard' - user_group = funct.get_user_group(id=1) - port_scanner_settings = sql.select_port_scanner_settings(user_group) - if not port_scanner_settings: - port_scanner_settings = '' - count_ports = '' - else: - count_ports = list() - for s in servers: - count_ports_from_sql = sql.select_count_opened_ports(s[2]) - i = (s[2], count_ports_from_sql) - count_ports.append(i) + history = '' + title = 'Port scanner dashboard' + user_group = roxywi_common.get_user_group(id=1) + port_scanner_settings = sql.select_port_scanner_settings(user_group) + if not port_scanner_settings: + port_scanner_settings = '' + count_ports = '' + else: + count_ports = list() + for s in user_params['servers']: + count_ports_from_sql = sql.select_count_opened_ports(s[2]) + i = (s[2], count_ports_from_sql) + count_ports.append(i) - cmd = "systemctl is-active roxy-wi-portscanner" - port_scanner, port_scanner_stderr = funct.subprocess_execute(cmd) + cmd = "systemctl is-active roxy-wi-portscanner" + port_scanner, port_scanner_stderr = server_mod.subprocess_execute(cmd) try: - user_status, user_plan = funct.return_user_status() + user_subscription = roxywi_common.return_user_status() except Exception as e: - user_status, user_plan = 0, 0 - funct.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) - + user_subscription = roxywi_common.return_unsubscribed_user_status() + roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) rendered_template = template.render( - h2=1, autorefresh=0, title=title, role=role, user=user, servers=servers, port_scanner_settings=port_scanner_settings, - count_ports=count_ports, history=history, port_scanner=''.join(port_scanner), port_scanner_stderr=port_scanner_stderr, - user_services=user_services, user_status=user_status, user_plan=user_plan, token=token + h2=1, autorefresh=0, title=title, role=user_params['role'], user=user_params['user'], servers=user_params['servers'], + port_scanner_settings=port_scanner_settings, count_ports=count_ports, history=history, port_scanner=''.join(port_scanner), + port_scanner_stderr=port_scanner_stderr, user_services=user_params['user_services'], user_status=user_subscription['user_status'], + user_plan=user_subscription['user_plan'], token=user_params['token'] ) print(rendered_template) diff --git a/app/provisioning.py b/app/provisioning.py index b3f05587..5a8fb755 100644 --- a/app/provisioning.py +++ b/app/provisioning.py @@ -1,33 +1,38 @@ #!/usr/bin/env python3 import sys -import funct -import sql from jinja2 import Environment, FileSystemLoader + +import modules.db.sql as sql +import modules.common.common as common +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common +import modules.server.server as server_mod + env = Environment(extensions=["jinja2.ext.do"], loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('provisioning.html') -form = funct.form +form = common.form print('Content-type: text/html\n') -user, user_id, role, token, servers, user_services = funct.get_users_params() +user_params = roxywi_common.get_users_params() try: - funct.check_login(user_id, token) + roxywi_auth.check_login(user_params['user_uuid'], user_params['token']) except Exception as e: print(f'error {e}') sys.exit() -funct.page_for_admin(level=2) +roxywi_auth.page_for_admin(level=2) try: - if role == 1: + if user_params['role'] == 1: groups = sql.select_groups() else: - groups = funct.get_user_group(id=1) - user_group = funct.get_user_group(id=1) + groups = roxywi_common.get_user_group(id=1) + user_group = roxywi_common.get_user_group(id=1) cmd = 'which terraform' - output, stderr = funct.subprocess_execute(cmd) + output, stderr = server_mod.subprocess_execute(cmd) if stderr != '': is_terraform = False @@ -39,8 +44,8 @@ except Exception as e: print(str(e)) rendered_template = template.render( - title="Servers provisioning", role=role, user=user, groups=groups, user_group=user_group, - servers=sql.select_provisioned_servers(), providers=sql.select_providers(user_group), - is_terraform=is_terraform, user_services=user_services, token=token, params=params + title="Servers provisioning", role=user_params['role'], user=user_params['user'], groups=groups, + user_group=user_group, servers=sql.select_provisioned_servers(), providers=sql.select_providers(user_group), + is_terraform=is_terraform, user_services=user_params['user_services'], token=user_params['token'], params=params ) print(rendered_template) diff --git a/app/runtimeapi.py b/app/runtimeapi.py index 5c52fe91..31b83358 100644 --- a/app/runtimeapi.py +++ b/app/runtimeapi.py @@ -1,22 +1,25 @@ #!/usr/bin/env python3 import sys -import funct +import modules.common.common as common +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common + from jinja2 import Environment, FileSystemLoader env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('runtimeapi.html') print('Content-type: text/html\n') -user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1, haproxy=1) +user_params = roxywi_common.get_users_params(virt=1, haproxy=1) try: - funct.check_login(user_id, token, service=1) + roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1) except Exception as e: print(f'error {e}') sys.exit() -form = funct.form +form = common.form try: servbackend = form.getvalue('servbackend') @@ -27,7 +30,7 @@ except Exception: pass rendered_template = template.render( - h2=0, title="RunTime API", role=role, user=user, select_id="serv", selects=servers, token=token, - user_services=user_services, servbackend=servbackend + h2=0, title="RunTime API", role=user_params['role'], user=user_params['user'], select_id="serv", + selects=user_params['servers'], token=user_params['token'], user_services=user_params['user_services'], servbackend=servbackend ) print(rendered_template) diff --git a/app/sections.py b/app/sections.py index 0442b3fa..032375eb 100644 --- a/app/sections.py +++ b/app/sections.py @@ -4,28 +4,31 @@ import sys from jinja2 import Environment, FileSystemLoader -import sql -import funct +import modules.db.sql as sql +import modules.common.common as common +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common +import modules.config.section as section_mod +import modules.config.config as config_mod import modules.roxy_wi_tools as roxy_wi_tools +time_zone = sql.get_setting('time_zone') +get_date = roxy_wi_tools.GetDate(time_zone) get_config_var = roxy_wi_tools.GetConfigVar() env = Environment(loader=FileSystemLoader('templates/'), autoescape=True, extensions=['jinja2.ext.loopcontrols']) template = env.get_template('sections.html') print('Content-type: text/html\n') -try: - user, user_id, role, token, servers, user_services = funct.get_users_params() -except Exception: - pass +user_params = roxywi_common.get_users_params() try: - funct.check_login(user_id, token, service=1) + roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1) except Exception as e: print(f'error {e}') sys.exit() -form = funct.form +form = common.form serv = form.getvalue('serv') section = form.getvalue('section') is_serv_protected = sql.is_serv_protected(serv) @@ -43,26 +46,26 @@ is_restart = '' hap_configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir') if serv is not None and open is not None: - cfg = hap_configs_dir + serv + "-" + funct.get_data('config') + ".cfg" - error = funct.get_config(serv, cfg) - sections = funct.get_sections(cfg) + cfg = f"{hap_configs_dir}{serv}-{get_date.return_date('config')}.cfg" + error = config_mod.get_config(serv, cfg) + sections = section_mod.get_sections(cfg) if serv is not None and section is not None: try: - funct.logging(serv, "sections.py open config") + roxywi_common.logging(serv, "sections.py open config") except Exception: pass - start_line, end_line, config_read = funct.get_section_from_config(cfg, section) + start_line, end_line, config_read = section_mod.get_section_from_config(cfg, section) server_id = sql.select_server_id_by_ip(serv) is_restart = sql.select_service_setting(server_id, 'haproxy', 'restart') - os.system("/bin/mv %s %s.old" % (cfg, cfg)) + os.system(f"/bin/mv {cfg} {cfg}.old") if serv is not None and form.getvalue('config') is not None: try: - funct.logging(serv, "sections.py edited config") + roxywi_common.logging(serv, "sections.py edited config") except Exception: pass @@ -77,7 +80,7 @@ if serv is not None and form.getvalue('config') is not None: config = '' save = 'reload' - config = funct.rewrite_section(start_line, end_line, oldcfg, config) + config = section_mod.rewrite_section(start_line, end_line, oldcfg, config) try: with open(cfg, "w") as conf: @@ -85,21 +88,22 @@ if serv is not None and form.getvalue('config') is not None: except IOError: error = "Can't read import config file" - stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save=save, oldcfg=oldcfg) + stderr = config_mod.master_slave_upload_and_restart(serv, cfg, just_save=save, oldcfg=oldcfg) if "is valid" in stderr: warning = stderr stderr = '' - funct.diff_config(oldcfg, cfg) + config_mod.diff_config(oldcfg, cfg) - os.system("/bin/rm -f " + hap_configs_dir + "*.old") + os.system(f"/bin/rm -f {hap_configs_dir}*.old") rendered_template = template.render( - h2=1, title="Working with HAProxy config sections", role=role, action="sections.py", user=user, select_id="serv", - serv=serv, aftersave=aftersave, config=config_read, cfg=cfg, selects=servers, stderr=stderr, error=error, - start_line=start_line, end_line=end_line, section=section, sections=sections, is_serv_protected=is_serv_protected, - user_services=user_services, token=token, warning=warning, is_restart=is_restart + h2=1, title="Working with HAProxy config sections", role=user_params['role'], action="sections.py", user=user_params['user'], + select_id="serv", serv=serv, aftersave=aftersave, config=config_read, cfg=cfg, selects=user_params['servers'], + stderr=stderr, error=error, start_line=start_line, end_line=end_line, section=section, sections=sections, + is_serv_protected=is_serv_protected,user_services=user_params['user_services'], token=user_params['token'], + warning=warning, is_restart=is_restart ) print(rendered_template) diff --git a/app/servers.py b/app/servers.py index 516d5891..7d0f9773 100644 --- a/app/servers.py +++ b/app/servers.py @@ -3,45 +3,50 @@ import sys import pytz -import funct -import sql +import modules.db.sql as sql +import modules.common.common as common +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common + from jinja2 import Environment, FileSystemLoader env = Environment(extensions=["jinja2.ext.do"], loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('servers.html') -form = funct.form +form = common.form print('Content-type: text/html\n') -user, user_id, role, token, servers, user_services = funct.get_users_params() +user_params = roxywi_common.get_users_params() try: - funct.check_login(user_id, token) + roxywi_auth.check_login(user_params['user_uuid'], user_params['token']) except Exception as e: print(f'error {e}') sys.exit() -funct.page_for_admin(level=2) +roxywi_auth.page_for_admin(level=2) try: ldap_enable = sql.get_setting('ldap_enable') - user_group = funct.get_user_group(id=1) + user_group = roxywi_common.get_user_group(id=1) settings = sql.get_setting('', all=1) geoip_country_codes = sql.select_geoip_country_codes() services = sql.select_services() gits = sql.select_gits() + servers = roxywi_common.get_dick_permit(virt=1, disable=0, only_group=1) + masters = sql.select_servers(get_master_servers=1, uuid=user_params['user_uuid'].value) except Exception: pass try: - user_status, user_plan = funct.return_user_status() + user_subscription = roxywi_common.return_user_status() except Exception as e: - user_status, user_plan = 0, 0 - funct.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) + user_subscription = roxywi_common.return_unsubscribed_user_status() + roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) rendered_template = template.render( - title="Servers: ", role=role, user=user, users=sql.select_users(group=user_group), groups=sql.select_groups(), - servers=sql.get_dick_permit(virt=1, disable=0, only_group=1), roles=sql.select_roles(), - masters=sql.select_servers(get_master_servers=1, uuid=user_id.value), group=user_group, - sshs=sql.select_ssh(group=user_group), token=token, settings=settings, backups=sql.select_backups(), - page="servers.py", geoip_country_codes=geoip_country_codes, user_services=user_services, ldap_enable=ldap_enable, - user_status=user_status, user_plan=user_plan, gits=gits, services=services, timezones=pytz.all_timezones + title="Servers: ", role=user_params['role'], user=user_params['user'], users=sql.select_users(group=user_group), + groups=sql.select_groups(), servers=servers, roles=sql.select_roles(), sshs=sql.select_ssh(group=user_group), + masters=masters, group=user_group, services=services, timezones=pytz.all_timezones, + token=user_params['token'], settings=settings, backups=sql.select_backups(), page="servers.py", + geoip_country_codes=geoip_country_codes, user_services=user_params['user_services'], ldap_enable=ldap_enable, + user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], gits=gits, ) print(rendered_template) diff --git a/app/smon.py b/app/smon.py index f0953060..349ffe48 100644 --- a/app/smon.py +++ b/app/smon.py @@ -1,38 +1,44 @@ #!/usr/bin/env python3 import sys -import funct -import sql from jinja2 import Environment, FileSystemLoader + +import modules.db.sql as sql +import modules.common.common as common +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common +import modules.server.server as server_mod + env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('smon.html') print('Content-type: text/html\n') -user, user_id, role, token, servers, user_services = funct.get_users_params() +user_params = roxywi_common.get_users_params() try: - funct.check_login(user_id, token) + roxywi_auth.check_login(user_params['user_uuid'], user_params['token']) except Exception as e: print(f'error {e}') sys.exit() -form = funct.form +roxywi_common.check_user_group() +form = common.form action = form.getvalue('action') sort = form.getvalue('sort') autorefresh = 0 -user_group = funct.get_user_group(id=1) +user_group = roxywi_common.get_user_group(id=1) cmd = "systemctl is-active roxy-wi-smon" -smon_status, stderr = funct.subprocess_execute(cmd) +smon_status, stderr = server_mod.subprocess_execute(cmd) if action == 'add': smon = sql.select_smon(user_group, action='add') - funct.page_for_admin(level=3) + roxywi_auth.page_for_admin(level=3) title = "SMON Admin" elif action == 'history': if form.getvalue('host'): - needed_host = funct.is_ip_or_dns(form.getvalue('host')) + needed_host = common.is_ip_or_dns(form.getvalue('host')) smon = sql.alerts_history('SMON', user_group, host=needed_host) else: smon = sql.alerts_history('SMON', user_group) @@ -46,15 +52,15 @@ else: autorefresh = 1 try: - user_status, user_plan = funct.return_user_status() + user_subscription = roxywi_common.return_user_status() except Exception as e: - user_status, user_plan = 0, 0 - funct.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) + user_subscription = roxywi_common.return_unsubscribed_user_status() + roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) rendered_template = template.render( - h2=1, title=title, autorefresh=autorefresh, role=role, user=user, group=user_group, + h2=1, title=title, autorefresh=autorefresh, role=user_params['role'], user=user_params['user'], group=user_group, telegrams=sql.get_user_telegram_by_group(user_group), slacks=sql.get_user_slack_by_group(user_group), - smon=smon, smon_status=smon_status, smon_error=stderr, action=action, sort=sort, user_services=user_services, - user_status=user_status, user_plan=user_plan, token=token + smon=smon, smon_status=smon_status, smon_error=stderr, action=action, sort=sort, user_services=user_params['user_services'], + user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], token=user_params['token'] ) print(rendered_template) diff --git a/app/statsview.py b/app/statsview.py index 0189f430..a05a5033 100644 --- a/app/statsview.py +++ b/app/statsview.py @@ -1,14 +1,17 @@ #!/usr/bin/env python3 -import funct -import sql +import modules.db.sql as sql +import modules.common.common as common +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common + from jinja2 import Environment, FileSystemLoader env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('statsview.html') print('Content-type: text/html\n') -user, user_id, role, token, servers, user_services = funct.get_users_params(virt=1, haproxy=1) +user_params = roxywi_common.get_users_params(virt=1, haproxy=1) -form = funct.form +form = common.form serv = form.getvalue('serv') service = form.getvalue('service') @@ -23,14 +26,15 @@ except Exception: if service in ('haproxy', 'nginx', 'apache'): service_desc = sql.select_service(service) - if funct.check_login(user_id, token, service=service_desc.service_id): + if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id): title = f'{service_desc.service} stats page' - sql.get_dick_permit(service=service_desc.slug) + roxywi_common.get_dick_permit(service=service_desc.slug) else: print('') rendered_template = template.render( - h2=1, autorefresh=1, title=title, role=role, user=user, onclick="showStats()", select_id="serv", - selects=servers, serv=serv, service=service, user_services=user_services, token=token + h2=1, autorefresh=1, title=title, role=user_params['role'], user=user_params['user'], onclick="showStats()", + selects=user_params['servers'], serv=serv, service=service, user_services=user_params['user_services'], + token=user_params['token'], select_id="serv" ) print(rendered_template) diff --git a/app/users.py b/app/users.py index 740ee0d4..ee16c9f1 100644 --- a/app/users.py +++ b/app/users.py @@ -4,46 +4,47 @@ import sys import pytz -import funct -import sql +import modules.db.sql as sql +import modules.common.common as common +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common + from jinja2 import Environment, FileSystemLoader env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('admin.html') -form = funct.form +form = common.form print('Content-type: text/html\n') -user, user_id, role, token, servers, user_services = funct.get_users_params() +user_params = roxywi_common.get_users_params() try: - funct.check_login(user_id, token) + roxywi_auth.check_login(user_params['user_uuid'], user_params['token']) except Exception as e: print(f'error {e}') sys.exit() -funct.page_for_admin() +roxywi_auth.page_for_admin() + +users = sql.select_users() +settings = sql.get_setting('', all=1) +ldap_enable = sql.get_setting('ldap_enable') +services = sql.select_services() +gits = sql.select_gits() +masters = sql.select_servers(get_master_servers=1) try: - users = sql.select_users() - settings = sql.get_setting('', all=1) - ldap_enable = sql.get_setting('ldap_enable') - services = sql.select_services() - gits = sql.select_gits() -except Exception: - pass - -try: - user_status, user_plan = funct.return_user_status() + user_subscription = roxywi_common.return_user_status() except Exception as e: - user_status, user_plan = 0, 0 - funct.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) + user_subscription = roxywi_common.return_unsubscribed_user_status() + roxywi_common.logging('Roxy-WI server', f'Cannot get a user plan: {e}', roxywi=1) rendered_template = template.render( - title="Admin area: Manage users", role=role, user=user, users=users, groups=sql.select_groups(), - servers=sql.select_servers(full=1), roles=sql.select_roles(), masters=sql.select_servers(get_master_servers=1), - sshs=sql.select_ssh(), token=token, settings=settings, backups=sql.select_backups(), - page="users.py", user_services=user_services, ldap_enable=ldap_enable, user_status=user_status, - user_plan=user_plan, gits=gits, services=services, timezones=pytz.all_timezones + title="Admin area: Manage users", role=user_params['role'], user=user_params['user'], users=users, groups=sql.select_groups(), + servers=sql.select_servers(full=1), roles=sql.select_roles(), masters=masters, sshs=sql.select_ssh(), + settings=settings, backups=sql.select_backups(), services=services, timezones=pytz.all_timezones, + page="users.py", user_services=user_params['user_services'], ldap_enable=ldap_enable, gits=gits, + user_status=user_subscription['user_status'], user_plan=user_subscription['user_plan'], token=user_params['token'] ) print(rendered_template) diff --git a/app/versions.py b/app/versions.py index 50a1246d..b69abd4d 100644 --- a/app/versions.py +++ b/app/versions.py @@ -3,8 +3,11 @@ import os from jinja2 import Environment, FileSystemLoader -import funct -import sql +import modules.db.sql as sql +import modules.common.common as common +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common +import modules.config.config as config_mod import modules.roxy_wi_tools as roxy_wi_tools get_config_var = roxy_wi_tools.GetConfigVar() @@ -13,16 +16,13 @@ template = env.get_template('delver.html') print('Content-type: text/html\n') -try: - user, user_id, role, token, servers, user_services = funct.get_users_params(disable=1) -except Exception: - pass +user_params = roxywi_common.get_users_params(disable=1) -funct.page_for_admin(level=3) +roxywi_auth.page_for_admin(level=3) -form = funct.form -serv = funct.is_ip_or_dns(form.getvalue('serv')) -service = funct.checkAjaxInput(form.getvalue('service')) +form = common.form +serv = common.is_ip_or_dns(form.getvalue('serv')) +service = common.checkAjaxInput(form.getvalue('service')) Select = form.getvalue('del') configver = form.getvalue('configver') conf_format = 'cfg' @@ -36,9 +36,9 @@ if configver: if service in ('haproxy', 'nginx', 'keepalived', 'apache'): service_desc = sql.select_service(service) - if funct.check_login(user_id, token, service=service_desc.service_id): + if roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=service_desc.service_id): title = f"Working with versions {service_desc.service} configs" - servers = sql.get_dick_permit(service=service_desc.slug) + servers = roxywi_common.get_dick_permit(service=service_desc.slug) action = f'versions.py?service={service_desc.slug}' conf_format = 'conf' @@ -71,7 +71,7 @@ if serv is not None and form.getvalue('del') is not None: os.remove(os.path.join(configs_dir, form.getvalue(get))) try: file.add(form.getvalue(get) + "
") - funct.logging( + roxywi_common.logging( serv, "Version of config has been deleted: %s" % form.getvalue(get), login=1, keep_history=1, service=service ) except Exception: @@ -85,27 +85,27 @@ if serv is not None and form.getvalue('config') is not None: aftersave = 1 try: - funct.logging( + roxywi_common.logging( serv, "Version of config has been uploaded %s" % configver, login=1, keep_history=1, service=service ) except Exception: pass if service == 'keepalived': - stderr = funct.upload_and_restart(serv, configver, just_save=save, keepalived=1) + stderr = config_mod.upload_and_restart(serv, configver, just_save=save, keepalived=1) elif service == 'nginx': config_file_name = sql.select_remote_path_from_version(server_ip=serv, service=service, local_path=configver) - stderr = funct.master_slave_upload_and_restart(serv, configver, just_save=save, nginx=1, config_file_name=config_file_name) + stderr = config_mod.master_slave_upload_and_restart(serv, configver, just_save=save, nginx=1, config_file_name=config_file_name) elif service == 'apache': config_file_name = sql.select_remote_path_from_version(server_ip=serv, service=service, local_path=configver) - stderr = funct.master_slave_upload_and_restart(serv, configver, just_save=save, apache=1, config_file_name=config_file_name) + stderr = config_mod.master_slave_upload_and_restart(serv, configver, just_save=save, apache=1, config_file_name=config_file_name) else: - stderr = funct.master_slave_upload_and_restart(serv, configver, just_save=save) + stderr = config_mod.master_slave_upload_and_restart(serv, configver, just_save=save) rendered_template = template.render( - h2=1, title=title, role=role, user=user, select_id="serv", serv=serv, aftersave=aftersave, selects=servers, - stderr=stderr, open=form.getvalue('open'), Select=form.getvalue('del'), file=file, configver=configver, - service=service, user_services=user_services, action=action, token=token + h2=1, title=title, role=user_params['role'], user=user_params['user'], select_id="serv", serv=serv, aftersave=aftersave, + selects=user_params['servers'], stderr=stderr, open=form.getvalue('open'), Select=form.getvalue('del'), file=file, + configver=configver, service=service, user_services=user_params['user_services'], action=action, token=user_params['token'] ) print(rendered_template) diff --git a/app/viewlogs.py b/app/viewlogs.py index a9030b18..d09cc887 100644 --- a/app/viewlogs.py +++ b/app/viewlogs.py @@ -5,20 +5,22 @@ import datetime from jinja2 import Environment, FileSystemLoader -import funct -import sql +import modules.db.sql as sql +import modules.common.common as common +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common import modules.roxy_wi_tools as roxy_wi_tools get_config_var = roxy_wi_tools.GetConfigVar() env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('logs.html') -form = funct.form +form = common.form print('Content-type: text/html\n') -user, user_id, role, token, servers, user_services = funct.get_users_params() +user_params = roxywi_common.get_users_params() try: - funct.check_login(user_id, token) + roxywi_auth.check_login(user_params['user_uuid'], user_params['token']) except Exception as e: print(f'error {e}') sys.exit() @@ -46,10 +48,10 @@ minut = form.getvalue('minut') minut1 = form.getvalue('minut1') if form.getvalue('type') == '2': - funct.page_for_admin(level=2) + roxywi_auth.page_for_admin(level=2) page = 'for_editor' else: - funct.page_for_admin() + roxywi_auth.page_for_admin() page = '' log_path = get_config_var.get_config_var('main', 'log_path') @@ -66,15 +68,15 @@ try: except Exception: pass -selects = funct.get_files(log_path, file_format="log") +selects = roxywi_common.get_files(log_path, file_format="log") if form.getvalue('type') is None: selects.append(['fail2ban.log', 'fail2ban.log']) selects.append(['roxy-wi.error.log', 'error.log']) selects.append(['roxy-wi.access.log', 'access.log']) rendered_template = template.render( - h2=1, autorefresh=1, title="View internal logs", role=role, user=user, serv=serv, select_id="viewlogs", - selects=selects, rows=rows, grep=grep, exgrep=exgrep, hour=hour, hour1=hour1, minut=minut, - minut1=minut1, page=page, user_services=user_services, token=token + h2=1, autorefresh=1, title="View internal logs", role=user_params['role'], user=user_params['user'], serv=serv, + select_id="viewlogs", selects=selects, rows=rows, grep=grep, exgrep=exgrep, hour=hour, hour1=hour1, minut=minut, + minut1=minut1, page=page, user_services=user_params['user_services'], token=user_params['token'] ) print(rendered_template) diff --git a/app/waf.py b/app/waf.py index e690750a..19fc5397 100644 --- a/app/waf.py +++ b/app/waf.py @@ -2,20 +2,25 @@ import os import sys -import funct -import sql from jinja2 import Environment, FileSystemLoader + +import modules.db.sql as sql +import modules.common.common as common +import modules.roxywi.auth as roxywi_auth +import modules.roxywi.common as roxywi_common +import modules.config.config as config_mod +import modules.roxy_wi_tools as roxy_wi_tools + +time_zone = sql.get_setting('time_zone') +get_date = roxy_wi_tools.GetDate(time_zone) env = Environment(loader=FileSystemLoader('templates/'), autoescape=True) template = env.get_template('waf.html') print('Content-type: text/html\n') -try: - user, user_id, role, token, servers, user_services = funct.get_users_params(haproxy=1) -except Exception: - pass +user_params = roxywi_common.get_users_params(haproxy=1) -form = funct.form +form = common.form manage_rules = form.getvalue('manage_rules') waf_rule_id = form.getvalue('waf_rule_id') service = form.getvalue('service') @@ -29,32 +34,34 @@ rules = '' cfg = '' -funct.page_for_admin(level=2) - +roxywi_auth.page_for_admin(level=2) +print(service) if service == 'nginx': - funct.check_login(user_id, token, service=2) + roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=2) + servers = roxywi_common.get_dick_permit(nginx=1) else: - funct.check_login(user_id, token, service=1) + roxywi_auth.check_login(user_params['user_uuid'], user_params['token'], service=1) + servers = user_params['servers'] if manage_rules == '1': - serv = funct.is_ip_or_dns(form.getvalue('serv')) - funct.check_is_server_in_group(serv) + serv = common.is_ip_or_dns(form.getvalue('serv')) + roxywi_common.check_is_server_in_group(serv) title = "Manage rules - Web application firewall" rules = sql.select_waf_rules(serv, service) elif waf_rule_id and form.getvalue('config') is None: - serv = funct.is_ip_or_dns(form.getvalue('serv')) - funct.check_is_server_in_group(serv) + serv = common.is_ip_or_dns(form.getvalue('serv')) + roxywi_common.check_is_server_in_group(serv) title = 'Edit a WAF rule' waf_rule_file = sql.select_waf_rule_by_id(waf_rule_id) configs_dir = sql.get_setting('tmp_config_path') - cfg = configs_dir + serv + "-" + funct.get_data('config') + "-" + waf_rule_file - error = funct.get_config(serv, cfg, waf=service, waf_rule_file=waf_rule_file) + cfg = configs_dir + serv + "-" + get_date.return_date('config') + "-" + waf_rule_file + error = config_mod.get_config(serv, cfg, waf=service, waf_rule_file=waf_rule_file) if service == 'haproxy': config_path = sql.get_setting('haproxy_dir') elif service == 'nginx': config_path = sql.get_setting('nginx_dir') - config_file_name = funct.return_nice_path(config_path) + 'waf/rules/' + waf_rule_file + config_file_name = comon.return_nice_path(config_path) + 'waf/rules/' + waf_rule_file try: conf = open(cfg, "r") config_read = conf.read() @@ -63,14 +70,14 @@ elif waf_rule_id and form.getvalue('config') is None: print('Cannot read imported config file') else: title = "Web application firewall" - servers_waf = sql.select_waf_servers_metrics(user_id.value) + servers_waf = sql.select_waf_servers_metrics(user_params['user_uuid'].value) autorefresh = 1 if serv is not None and form.getvalue('config') is not None: - funct.check_is_server_in_group(serv) + roxywi_common.check_is_server_in_group(serv) configs_dir = sql.get_setting('tmp_config_path') - cfg = configs_dir + serv + "-" + funct.get_data('config') + cfg = configs_dir + serv + "-" + get_date.return_date('config') config_file_name = form.getvalue('config_file_name') config = form.getvalue('config') oldcfg = form.getvalue('oldconfig') @@ -82,9 +89,9 @@ if serv is not None and form.getvalue('config') is not None: except IOError: print("error: Cannot read imported config file") - stderr = funct.master_slave_upload_and_restart(serv, cfg, just_save=save, waf=1, oldcfg=oldcfg, config_file_name=config_file_name) + stderr = config_mod.master_slave_upload_and_restart(serv, cfg, just_save=save, waf=1, oldcfg=oldcfg, config_file_name=config_file_name) - funct.diff_config(oldcfg, cfg) + config_mod.diff_config(oldcfg, cfg) try: os.system("/bin/rm -f " + configs_dir + "*.old") @@ -97,9 +104,9 @@ if serv is not None and form.getvalue('config') is not None: sys.exit() rendered_template = template.render( - h2=1, title=title, autorefresh=autorefresh, role=role, user=user, serv=serv, servers=servers_waf, - servers_all=servers, manage_rules=manage_rules, rules=rules, user_services=user_services, - waf_rule_file=waf_rule_file, waf_rule_id=waf_rule_id, config=config_read, cfg=cfg, token=token, + h2=1, title=title, autorefresh=autorefresh, role=user_params['role'], user=user_params['user'], serv=serv, servers=servers_waf, + servers_all=servers, manage_rules=manage_rules, rules=rules, user_services=user_params['user_services'], + waf_rule_file=waf_rule_file, waf_rule_id=waf_rule_id, config=config_read, cfg=cfg, token=user_params['token'], config_file_name=config_file_name, service=service ) print(rendered_template)