github
/
haproxy-wi
mirror of https://github.com/Aidaho12/haproxy-wi
1
0
Fork 0
Code Issues Releases Wiki Activity

v7.2.1.0 

https://roxy-wi.org/changelog#7_2_1
pull/375/head
Aidaho 2024-03-03 10:11:48 +03:00
parent c0d667547f
commit d1a81f937b
73 changed files with 4580 additions and 4622 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/api.py
View File

@ -5,7 +5,7 @@ import os
from bottle import route, run, hook, response, request, error
import api_funct
import app.modules.db.sql as sql
import app.modules.db.user as user_sql
import app.modules.roxywi.common as roxywi_common
_error_auth = '403 Auth before'
@ -106,7 +106,7 @@ def get_servers():
data = {}
try:
token = request.headers.get('token')
login, group_id, role_id = sql.get_username_groupid_from_api_token(token)
login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
servers = roxywi_common.get_dick_permit(username=login, group_id=group_id, token=token)
for s in servers:

76
api/api_funct.py
View File

@ -6,6 +6,11 @@ from bottle import request
sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/'))
import app.modules.db.sql as sql
import app.modules.db.cred as cred_sql
import app.modules.db.user as user_sql
import app.modules.db.group as group_sql
import app.modules.db.server as server_sql
import app.modules.db.ha_cluster as ha_sql
import app.modules.server.ssh as ssh_mod
import app.modules.server.server as server_mod
import app.modules.config.section as section_mod
@ -45,11 +50,11 @@ def get_token():
return f'error getting credentials: {e}'
try:
group_name = login_pass['group']
group_id = sql.get_group_id_by_name(group_name)
group_id = group_sql.get_group_id_by_name(group_name)
except Exception as e:
return f'error getting group: {e}'
try:
users = sql.select_users(user=login)
users = user_sql.select_users(user=login)
password = roxy_wi_tools.Tools.get_hash(password_from_user)
except Exception as e:
return f'error one more: {e}'
@ -60,8 +65,8 @@ def get_token():
if login in user.username and password == user.password:
import uuid
user_token = str(uuid.uuid4())
role_id = sql.get_role_id(user.user_id, group_id)
sql.write_api_token(user_token, group_id, role_id, user.username)
role_id = user_sql.get_role_id(user.user_id, group_id)
user_sql.write_api_token(user_token, group_id, role_id, user.username)
return user_token
else:
return False
@ -82,11 +87,11 @@ def check_login(required_service=0) -> bool:
return False
token = request.headers.get('token')
if sql.get_api_token(token):
if user_sql.get_api_token(token):
if required_service != 0:
user_id = sql.get_user_id_by_api_token(token)
user_id = user_sql.get_user_id_by_api_token(token)
try:
user_services = sql.select_user_services(user_id)
user_services = user_sql.select_user_services(user_id)
except Exception:
return False
@ -114,9 +119,9 @@ def return_dict_from_out(server_id, out):
def check_permit_to_server(server_id, service='haproxy'):
servers = sql.select_servers(id_hostname=server_id)
servers = server_sql.select_servers(id_hostname=server_id)
token = request.headers.get('token')
login, group_id, role_id = sql.get_username_groupid_from_api_token(token)
login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
try:
for s in servers:
@ -179,10 +184,7 @@ def get_status(server_id, service):
out = server_mod.subprocess_execute(cmd)
data = return_dict_from_out(server_id, out[0])
elif service == 'nginx':
cmd = [
"/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active' "
"|awk '{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l"
]
cmd = "/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active'|awk '{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l"
try:
out = server_mod.ssh_command(s[2], cmd)
out1 = out.split()
@ -224,9 +226,9 @@ def get_status(server_id, service):
def get_all_statuses():
data = {}
try:
servers = sql.select_servers()
servers = server_sql.select_servers()
token = request.headers.get('token')
login, group_id, role_id = sql.get_username_groupid_from_api_token(token)
login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
sock_port = sql.get_setting('haproxy_sock_port')
for _s in servers:
@ -256,7 +258,7 @@ def actions(server_id, action, service):
for s in servers:
if service == 'apache':
service = service_common.get_correct_apache_service_name(server_ip=s[2])
cmd = ["sudo systemctl %s %s" % (action, service)]
cmd = "sudo systemctl %s %s" % (action, service)
error = server_mod.ssh_command(s[2], cmd)
done = error if error else 'done'
data = {'server_id': s[0], 'ip': s[2], 'action': action, 'hostname': s[1], 'status': done}
@ -273,7 +275,7 @@ def runtime(server_id):
action = json_loads['command']
haproxy_sock = sql.get_setting('haproxy_sock')
servers = check_permit_to_server(server_id)
cmd = ['echo "%s" |sudo socat stdio %s' % (action, haproxy_sock)]
cmd = 'echo "%s" |sudo socat stdio %s' % (action, haproxy_sock)
for s in servers:
out = server_mod.ssh_command(s[2], cmd)
@ -364,7 +366,7 @@ def edit_section(server_id, delete=0):
token = request.headers.get('token')
servers = check_permit_to_server(server_id)
hap_configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
login, group_id, role_id = sql.get_username_groupid_from_api_token(token)
login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
if save == '':
save = 'save'
@ -426,7 +428,7 @@ def upload_config(server_id, **kwargs):
body = request.body.getvalue().decode('utf-8')
save = request.headers.get('action')
token = request.headers.get('token')
login, group_id, role_id = sql.get_username_groupid_from_api_token(token)
login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
nginx = ''
apache = ''
@ -497,7 +499,7 @@ def add_to_config(server_id):
save = request.headers.get('action')
hap_configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir')
token = request.headers.get('token')
login, group_id, role_id = sql.get_username_groupid_from_api_token(token)
login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
@ -721,8 +723,8 @@ def generate_acl(**kwargs):
def user_list():
data = {}
token = request.headers.get('token')
login, group_id, role_id = sql.get_username_groupid_from_api_token(token)
users = sql.select_users(by_group_id=group_id)
login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
users = user_sql.select_users(by_group_id=group_id)
for user in users:
data[user.user_id] = {
'login': user.username,
@ -744,7 +746,7 @@ def create_user():
password = json_loads['password']
role = json_loads['role']
token = request.headers.get('token')
login, group_id, role_id = sql.get_username_groupid_from_api_token(token)
login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
if roxywi_user.create_user(name, email, password, role, 1, group_id, role_id=role_id, token=token):
data = {'status': 'done'}
@ -757,8 +759,8 @@ def create_user():
def ssh_list():
data = {}
token = request.headers.get('token')
login, group_id, role_id = sql.get_username_groupid_from_api_token(token)
sshs = sql.select_ssh(group=group_id)
login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
sshs = cred_sql.select_ssh(group=group_id)
for ssh in sshs:
data[ssh.id] = {
'name': ssh.name,
@ -777,13 +779,13 @@ def create_ssh():
username = json_loads['username']
password = json_loads['password']
token = request.headers.get('token')
login, group_id, role_id = sql.get_username_groupid_from_api_token(token)
if ssh_mod.create_ssh_cread_api(name, enable, group_id, username, password):
login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
try:
ssh_mod.create_ssh_cread_api(name, enable, group_id, username, password)
data = {'status': 'done'}
return dict(data)
else:
data = {'status': 'error: check all fields'}
return dict(data)
except Exception as e:
data = {'status': f'error: {e}'}
return dict(data)
def upload_ssh_key():
@ -793,7 +795,7 @@ def upload_ssh_key():
key = json_loads['key']
passphrase = json_loads['passphrase']
token = request.headers.get('token')
login, group_id, role_id = sql.get_username_groupid_from_api_token(token)
login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
groups = sql.select_groups(id=group_id)
for group in groups:
user_group = group.name
@ -817,7 +819,7 @@ def create_server():
cred_id = json_loads['cred_id']
desc = json_loads['description']
token = request.headers.get('token')
login, group_id, role_id = sql.get_username_groupid_from_api_token(token)
login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
try:
if server_mod.create_server(hostname, ip, group_id, virt, 1, master_id, cred_id, port, desc, 0, 0, 0, 0, role_id=role_id, token=token):
@ -831,8 +833,8 @@ def create_server():
def cluster_list():
token = request.headers.get('token')
login, group_id, role_id = sql.get_username_groupid_from_api_token(token)
clusters = sql.select_clusters(group_id)
login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
clusters = ha_sql.select_clusters(group_id)
data = {}
for cluster in clusters:
data.setdefault(cluster.id, cluster.name)
@ -844,7 +846,7 @@ def create_ha_cluster():
token = request.headers.get('token')
body = request.body.getvalue().decode('utf-8')
json_loads = json.loads(body)
login, group_id, role_id = sql.get_username_groupid_from_api_token(token)
login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
data = {'status': dict()}
try:
@ -886,7 +888,7 @@ def update_cluster():
token = request.headers.get('token')
body = request.body.getvalue().decode('utf-8')
json_loads = json.loads(body)
login, group_id, role_id = sql.get_username_groupid_from_api_token(token)
login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
data = {'status': dict()}
try:

4
app/create_db.py
View File

@ -4,6 +4,10 @@ import distro
from modules.db.db_model import *
conn = connect()
migrator = connect(get_migrator=1)
def default_values():
if distro.id() == 'ubuntu':
apache_dir = 'apache2'

11
app/jobs.py
View File

@ -6,6 +6,9 @@ import distro
from app import scheduler
import app.modules.db.sql as sql
import app.modules.db.user as user_sql
import app.modules.db.roxy as roxy_sql
import app.modules.db.history as history_sql
import app.modules.roxywi.roxy as roxy
import app.modules.tools.common as tools_common
import app.modules.roxy_wi_tools as roxy_wi_tools
@ -24,10 +27,10 @@ def update_user_status():
def check_new_version():
app = scheduler.app
with app.app_context():
tools = sql.get_roxy_tools()
tools = roxy_sql.get_roxy_tools()
for tool in tools:
ver = roxy.check_new_version(tool)
sql.update_tool_new_version(tool, ver)
roxy_sql.update_tool_new_version(tool, ver)
@scheduler.task('interval', id='update_cur_tool_versions', days=1, misfire_grace_time=None)
@ -41,14 +44,14 @@ def update_cur_tool_versions():
def delete_old_uuid():
app = scheduler.app
with app.app_context():
sql.delete_old_uuid()
user_sql.delete_old_uuid()
@scheduler.task('interval', id='delete_action_history_for_period', minutes=70, misfire_grace_time=None)
def delete_action_history_for_period():
app = scheduler.app
with app.app_context():
sql.delete_action_history_for_period()
history_sql.delete_action_history_for_period()
@scheduler.task('interval', id='delete_old_logs', hours=1, misfire_grace_time=None)

8
app/login.py
View File

@ -2,7 +2,7 @@ from flask import render_template, request, redirect, url_for, make_response
from flask_login import login_required, logout_user, current_user, login_url
from app import app, login_manager, cache
import app.modules.db.sql as sql
import app.modules.db.user as user_sql
import app.modules.roxywi.common as roxywi_common
import app.modules.roxywi.auth as roxywi_auth
import app.modules.roxywi.roxy as roxy
@ -20,7 +20,7 @@ def check_login():
except Exception:
return redirect(login_url('login_page', next_url=request.url))
if not sql.is_user_active(user_params['user_id']):
if not user_sql.is_user_active(user_params['user_id']):
return redirect(login_url('login_page', next_url=request.url))
try:
@ -35,7 +35,7 @@ def load_user(user_id):
user_obj = cache.get(user)
if user_obj is None:
query = sql.get_user_id(user_id)
query = user_sql.get_user_id(user_id)
cache.set(user, query, timeout=360)
return query
@ -61,7 +61,7 @@ def login_page():
password = request.form.get('pass')
if login and password:
users = sql.select_users(user=login)
users = user_sql.select_users(user=login)
for user in users:
if user.activeuser == 0:

21
app/modules/common/common.py
View File

@ -131,3 +131,24 @@ def is_tool(name):
is_tool_installed = which(name)
return True if is_tool_installed is not None else False
def wrap_line(content: str, css_class: str="line") -> str:
"""
Wraps the provided content into a div HTML element with the given CSS class.
"""
return f'<div class="{css_class}">{content}</div>'
def highlight_word(line: str, word: str) -> str:
"""
Highlights the word in the line by making it bold and colored red.
"""
return line.replace(word, f'<span style="color: red; font-weight: bold;">{word}</span>')
def sanitize_input_word(word: str) -> str:
"""
Sanitizes the input word by removing certain characters.
"""
return re.sub(r'[?|$|!|^|*|\]|\[|,| |]', r'', word)

105
app/modules/config/add.py
View File

@ -3,6 +3,8 @@ import os
from flask import render_template, request
import app.modules.db.sql as sql
import app.modules.db.add as add_sql
import app.modules.db.server as server_sql
import app.modules.server.ssh as ssh_mod
import app.modules.common.common as common
import app.modules.config.config as config_mod
@ -10,7 +12,7 @@ import app.modules.config.common as config_common
import app.modules.server.server as server_mod
import app.modules.roxywi.common as roxywi_common
import app.modules.service.common as service_common
import modules.roxy_wi_tools as roxy_wi_tools
import app.modules.roxy_wi_tools as roxy_wi_tools
get_config = roxy_wi_tools.GetConfigVar()
@ -202,7 +204,7 @@ def save_bwlist(list_name: str, list_con: str, color: str, group: str, server_ip
if server_ip != 'all':
servers.append(server_ip)
masters = sql.is_master(server_ip)
masters = server_sql.is_master(server_ip)
for master in masters:
if master[0] is not None:
servers.append(master[0])
@ -212,8 +214,8 @@ def save_bwlist(list_name: str, list_con: str, color: str, group: str, server_ip
servers.append(s[2])
for serv in servers:
server_mod.ssh_command(serv, [f"sudo mkdir {path}"])
server_mod.ssh_command(serv, [f"sudo chown $(whoami) {path}"])
server_mod.ssh_command(serv, f"sudo mkdir {path}")
server_mod.ssh_command(serv, f"sudo chown $(whoami) {path}")
try:
config_mod.upload(serv, f'{path}/{list_name}', list_path)
except Exception as e:
@ -225,13 +227,13 @@ def save_bwlist(list_name: str, list_con: str, color: str, group: str, server_ip
except Exception:
pass
server_id = sql.select_server_id_by_ip(server_ip=serv)
server_id = server_sql.select_server_id_by_ip(server_ip=serv)
haproxy_service_name = service_common.get_correct_service_name('haproxy', server_id)
if action == 'restart':
server_mod.ssh_command(serv, [f"sudo systemctl restart {haproxy_service_name}"])
server_mod.ssh_command(serv, f"sudo systemctl restart {haproxy_service_name}")
elif action == 'reload':
server_mod.ssh_command(serv, [f"sudo systemctl reload {haproxy_service_name}"])
server_mod.ssh_command(serv, f"sudo systemctl reload {haproxy_service_name}")
return output
@ -251,7 +253,7 @@ def delete_bwlist(list_name: str, color: str, group: str, server_ip: str) -> str
if server_ip != 'all':
servers.append(server_ip)
masters = sql.is_master(server_ip)
masters = server_sql.is_master(server_ip)
for master in masters:
if master[0] is not None:
servers.append(master[0])
@ -261,16 +263,13 @@ def delete_bwlist(list_name: str, color: str, group: str, server_ip: str) -> str
servers.append(s[2])
for serv in servers:
error = server_mod.ssh_command(serv, [f"sudo rm {path}/{list_name}"], return_err=1)
try:
server_mod.ssh_command(serv, f"sudo rm {path}/{list_name}")
except Exception as e:
return f'error: Deleting fail: {e} , '
if error:
return f'error: Deleting fail: {error} , '
else:
output += f'success: the {color} list has been deleted on {serv} , '
try:
roxywi_common.logging(serv, f'has been deleted the {color} list {list_name}', roxywi=1, login=1)
except Exception:
pass
output += f'success: the {color} list has been deleted on {serv} , '
roxywi_common.logging(serv, f'has been deleted the {color} list {list_name}', roxywi=1, login=1)
return output
@ -326,7 +325,7 @@ def save_map(map_name: str, list_con: str, group: str, server_ip: str, action: s
if server_ip != 'all':
servers.append(server_ip)
masters = sql.is_master(server_ip)
masters = server_sql.is_master(server_ip)
for master in masters:
if master[0] is not None:
servers.append(master[0])
@ -336,8 +335,8 @@ def save_map(map_name: str, list_con: str, group: str, server_ip: str, action: s
servers.append(s[2])
for serv in servers:
server_mod.ssh_command(serv, [f"sudo mkdir {path}"])
server_mod.ssh_command(serv, [f"sudo chown $(whoami) {path}"])
server_mod.ssh_command(serv, f"sudo mkdir {path}")
server_mod.ssh_command(serv, f"sudo chown $(whoami) {path}")
try:
config_mod.upload(serv, f'{path}/{map_name}', map_path)
except Exception as e:
@ -348,13 +347,13 @@ def save_map(map_name: str, list_con: str, group: str, server_ip: str, action: s
except Exception:
pass
server_id = sql.select_server_id_by_ip(server_ip=serv)
server_id = server_sql.select_server_id_by_ip(server_ip=serv)
haproxy_service_name = service_common.get_correct_service_name('haproxy', server_id)
if action == 'restart':
server_mod.ssh_command(serv, [f"sudo systemctl restart {haproxy_service_name}"])
server_mod.ssh_command(serv, f"sudo systemctl restart {haproxy_service_name}")
elif action == 'reload':
server_mod.ssh_command(serv, [f"sudo systemctl reload {haproxy_service_name}"])
server_mod.ssh_command(serv, f"sudo systemctl reload {haproxy_service_name}")
output += f'success: Edited {map_name} map was uploaded to {serv} , '
@ -376,7 +375,7 @@ def delete_map(map_name: str, group: str, server_ip: str) -> str:
if server_ip != 'all':
servers.append(server_ip)
masters = sql.is_master(server_ip)
masters = server_sql.is_master(server_ip)
for master in masters:
if master[0] is not None:
servers.append(master[0])
@ -386,27 +385,24 @@ def delete_map(map_name: str, group: str, server_ip: str) -> str:
servers.append(s[2])
for serv in servers:
error = server_mod.ssh_command(serv, [f"sudo rm {path}/{map_name}"], return_err=1)
try:
server_mod.ssh_command(serv, f"sudo rm {path}/{map_name}")
except Exception as e:
return f'error: Deleting fail: {e} , '
if error:
return f'error: Deleting fail: {error} , '
else:
try:
roxywi_common.logging(serv, f'has been deleted the {map_name} map', roxywi=1, login=1)
except Exception:
pass
output += f'success: the {map_name} map has been deleted on {serv} , '
roxywi_common.logging(serv, f'has been deleted the {map_name} map', roxywi=1, login=1)
output += f'success: the {map_name} map has been deleted on {serv} , '
return output
def create_saved_option(option: str, group: int) -> str:
if sql.insert_new_option(option, group):
return render_template('ajax/new_option.html', options=sql.select_options(option=option))
if add_sql.insert_new_option(option, group):
return render_template('ajax/new_option.html', options=add_sql.select_options(option=option))
def get_saved_option(group: str, term: str) -> dict:
options = sql.select_options(group=group, term=term)
options = add_sql.select_options(group=group, term=term)
a = {}
v = 0
@ -419,7 +415,7 @@ def get_saved_option(group: str, term: str) -> dict:
def update_saved_option(option, option_id) -> bool:
try:
sql.update_options(option, option_id)
add_sql.update_options(option, option_id)
except Exception as e:
raise Exception(e)
else:
@ -427,12 +423,12 @@ def update_saved_option(option, option_id) -> bool:
def create_saved_server(server: str, group: str, desc: str) -> str:
if sql.insert_new_savedserver(server, desc, group):
return render_template('ajax/new_saved_servers.html', server=sql.select_saved_servers(server=server))
if add_sql.insert_new_saved_server(server, desc, group):
return render_template('ajax/new_saved_servers.html', server=add_sql.select_saved_servers(server=server))
def get_saved_servers(group: str, term: str) -> dict:
servers = sql.select_saved_servers(group=group, term=term)
servers = add_sql.select_saved_servers(group=group, term=term)
a = {}
v = 0
for i in servers:
@ -487,39 +483,39 @@ def get_le_cert(server_ip: str, lets_domain: str, lets_email: str) -> str:
def get_ssl_cert(server_ip: str, cert_id: int) -> str:
cert_path = sql.get_setting('cert_path')
commands = [f"openssl x509 -in {cert_path}/{cert_id} -text"]
command = f"openssl x509 -in {cert_path}/{cert_id} -text"
try:
return server_mod.ssh_command(server_ip, commands)
return server_mod.ssh_command(server_ip, command)
except Exception as e:
return f'error: Cannot connect to the server {e.args[0]}'
def get_ssl_raw_cert(server_ip: str, cert_id: int) -> str:
cert_path = sql.get_setting('cert_path')
commands = [f"cat {cert_path}/{cert_id}"]
command = f"cat {cert_path}/{cert_id}"
try:
return server_mod.ssh_command(server_ip, commands)
return server_mod.ssh_command(server_ip, command)
except Exception as e:
return f'error: Cannot connect to the server {e.args[0]}'
def get_ssl_certs(server_ip: str) -> str:
cert_path = sql.get_setting('cert_path')
commands = [f"sudo ls -1t {cert_path} |grep -E 'pem|crt|key'"]
command = f"sudo ls -1t {cert_path} |grep -E 'pem|crt|key'"
try:
return server_mod.ssh_command(server_ip, commands)
return server_mod.ssh_command(server_ip, command)
except Exception as e:
return f'error: Cannot connect to the server: {e.args[0]}'
def del_ssl_cert(server_ip: str, cert_id: str) -> str:
cert_path = sql.get_setting('cert_path')
commands = [f"sudo rm -f {cert_path}/{cert_id}"]
command = f"sudo rm -f {cert_path}/{cert_id}"
try:
return server_mod.ssh_command(server_ip, commands)
return server_mod.ssh_command(server_ip, command)
except Exception as e:
return f'error: Cannot delete the certificate {e.args[0]}'
@ -541,19 +537,16 @@ def upload_ssl_cert(server_ip: str, ssl_name: str, ssl_cont: str) -> str:
except IOError as e:
return f'error: Cannot save the SSL key file: {e}'
masters = sql.is_master(server_ip)
masters = server_sql.is_master(server_ip)
for master in masters:
if master[0] is not None:
error = config_mod.upload(master[0], f'{cert_path}/{name}', path_to_file)
if not error:
slave_output += f'success: the SSL file has been uploaded to {master[0]} into: {cert_path}/{name} \n'
config_mod.upload(master[0], f'{cert_path}/{name}', path_to_file)
slave_output += f'success: the SSL file has been uploaded to {master[0]} into: {cert_path}/{name} \n'
try:
error = config_mod.upload(server_ip, f'{cert_path}/{name}', path_to_file)
config_mod.upload(server_ip, f'{cert_path}/{name}', path_to_file)
except Exception as e:
roxywi_common.logging('Roxy-WI server', str(e), roxywi=1)
return f'error: cannot upload SSL cert: {e}'
roxywi_common.logging(server_ip, f"add#ssl uploaded a new SSL cert {name}", roxywi=1, login=1)
if not error:
return f'success: the SSL file has been uploaded to {server_ip} into: {cert_path}/{name} \n {slave_output}'
return f'success: the SSL file has been uploaded to {server_ip} into: {cert_path}/{name} \n {slave_output}'

97
app/modules/config/config.py
View File

@ -1,16 +1,19 @@
import os
import re
from pathlib import Path
from typing import Any
from flask import render_template, request
import app.modules.db.sql as sql
import app.modules.db.user as user_sql
import app.modules.db.server as server_sql
import app.modules.db.config as config_sql
import app.modules.db.service as service_sql
import app.modules.server.ssh as mod_ssh
import app.modules.server.server as server_mod
import app.modules.common.common as common
import app.modules.roxywi.common as roxywi_common
import modules.roxy_wi_tools as roxy_wi_tools
import app.modules.roxy_wi_tools as roxy_wi_tools
import app.modules.service.common as service_common
import app.modules.service.action as service_action
import app.modules.config.common as config_common
@ -31,7 +34,7 @@ def _replace_config_path_to_correct(config_path: str) -> str:
try:
return config_path.replace('92', '/')
except Exception as e:
roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'error: Cannot sanitize config file: {e}', roxywi=1)
roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'Cannot sanitize config file', roxywi=1)
def get_config(server_ip, cfg, service='haproxy', **kwargs):
@ -77,7 +80,7 @@ def get_config(server_ip, cfg, service='haproxy', **kwargs):
with mod_ssh.ssh_connect(server_ip) as ssh:
ssh.get_sftp(config_path, cfg)
except Exception as e:
roxywi_common.handle_exceptions(e, 'Roxy-WI server', 'error: Cannot get config', roxywi=1)
roxywi_common.handle_exceptions(e, 'Roxy-WI server', 'Cannot get config', roxywi=1)
def upload(server_ip: str, path: str, file: str) -> None:
@ -93,10 +96,10 @@ def upload(server_ip: str, path: str, file: str) -> None:
with mod_ssh.ssh_connect(server_ip) as ssh:
ssh.put_sftp(file, path)
except Exception as e:
roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'error: Cannot upload {file} to {path} to server: {server_ip}: {e}', roxywi=1)
roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'Cannot upload {file} to {path} to server: {server_ip}', roxywi=1)
def _generate_command(service: str, server_id: int, just_save: str, config_path: str, tmp_file: str, cfg: str, server_ip: str) -> list:
def _generate_command(service: str, server_id: int, just_save: str, config_path: str, tmp_file: str, cfg: str, server_ip: str) -> str:
"""
:param service: The name of the service.
:param server_id: The ID of the server.
@ -110,7 +113,7 @@ def _generate_command(service: str, server_id: int, just_save: str, config_path:
This method generates a list of commands based on the given parameters.
"""
container_name = sql.get_setting(f'{service}_container_name')
is_dockerized = sql.select_service_setting(server_id, service, 'dockerized')
is_dockerized = service_sql.select_service_setting(server_id, service, 'dockerized')
reload_or_restart_command = f' && {service_action.get_action_command(service, just_save, server_id)}'
move_config = f" sudo mv -f {tmp_file} {config_path}"
command_for_docker = f'sudo docker exec -it {container_name}'
@ -128,24 +131,23 @@ def _generate_command(service: str, server_id: int, just_save: str, config_path:
raise Exception(f'error: Cannot generate command: {e}')
if just_save == 'test':
return [f"{check_config} && sudo rm -f {tmp_file}"]
return f"{check_config} && sudo rm -f {tmp_file}"
elif just_save == 'save':
reload_or_restart_command = ''
else:
if service_common.is_not_allowed_to_restart(server_id, service, just_save):
raise Exception(f'error: This server is not allowed to be restarted')
if service in ('keepalived', 'waf'):
commands = [f'{move_config} {reload_or_restart_command}']
if service == 'waf':
commands = f'{move_config} {reload_or_restart_command}'
elif service in ('nginx', 'apache'):
commands = [f'{move_config} && {check_config} {reload_or_restart_command}']
commands = f'{move_config} && {check_config} {reload_or_restart_command}'
else:
commands = [f'{check_config} && {move_config} {reload_or_restart_command}']
commands = f'{check_config} && {move_config} {reload_or_restart_command}'
if service in ('haproxy', 'nginx'):
if sql.return_firewall(server_ip):
commands[0] += _open_port_firewalld(cfg, server_ip, service)
if server_sql.return_firewall(server_ip):
commands += _open_port_firewalld(cfg, server_ip, service)
return commands
@ -185,7 +187,7 @@ def _create_config_version(server_id: int, server_ip: str, service: str, config_
try:
user_id = roxywi_common.get_user_id(login=login)
sql.insert_config_version(server_id, user_id, service, cfg, config_path, diff)
config_sql.insert_config_version(server_id, user_id, service, cfg, config_path, diff)
except Exception as e:
roxywi_common.logging('Roxy-WI server', f'error: Cannot insert config version: {e}', roxywi=1)
@ -204,7 +206,7 @@ def upload_and_restart(server_ip: str, cfg: str, just_save: str, service: str, *
file_format = config_common.get_file_format(service)
config_path = kwargs.get('config_file_name')
config_date = get_date.return_date('config')
server_id = sql.select_server_id_by_ip(server_ip=server_ip)
server_id = server_sql.select_server_id_by_ip(server_ip=server_ip)
if config_path and config_path != 'undefined':
config_path = _replace_config_path_to_correct(kwargs.get('config_file_name'))
@ -220,12 +222,12 @@ def upload_and_restart(server_ip: str, cfg: str, just_save: str, service: str, *
try:
os.system(f"dos2unix -q {cfg}")
except OSError as e:
roxywi_common.handle_exceptions(e, 'Roxy-WI server', 'error: There is no dos2unix')
roxywi_common.handle_exceptions(e, 'Roxy-WI server', 'There is no dos2unix')
try:
upload(server_ip, tmp_file, cfg)
except Exception as e:
roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'error: Cannot upload config: {e}', roxywi=1)
roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'Cannot upload config', login=login)
try:
if just_save != 'test':
@ -240,12 +242,12 @@ def upload_and_restart(server_ip: str, cfg: str, just_save: str, service: str, *
try:
commands = _generate_command(service, server_id, just_save, config_path, tmp_file, cfg, server_ip)
except Exception as e:
return f'{e}'
return f'error: {e}'
try:
error = server_mod.ssh_command(server_ip, commands)
except Exception as e:
roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'{e}', roxywi=1)
roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'Cannot {just_save} {service}', roxywi=1)
try:
if just_save in ('reload', 'restart'):
@ -272,11 +274,11 @@ def master_slave_upload_and_restart(server_ip: str, cfg: str, just_save: str, se
"""
slave_output = ''
masters = sql.is_master(server_ip)
masters = server_sql.is_master(server_ip)
config_file_name = kwargs.get('config_file_name')
old_cfg = kwargs.get('oldcfg')
waf = kwargs.get('waf')
server_name = sql.get_hostname_by_server_ip(server_ip)
server_name = server_sql.get_hostname_by_server_ip(server_ip)
if kwargs.get('login'):
login = kwargs.get('login')
@ -354,8 +356,8 @@ def _open_port_firewalld(cfg: str, server_ip: str, service: str) -> str:
except Exception:
pass
firewalld_commands += 'sudo firewall-cmd --reload -q'
roxywi_common.logging(server_ip, f' Next ports have been opened: {ports}')
firewalld_commands += ' sudo firewall-cmd --reload -q'
roxywi_common.logging(server_ip, f'Next ports have been opened: {ports}')
return firewalld_commands
@ -386,7 +388,7 @@ def diff_config(old_cfg, cfg, **kwargs):
try:
user_uuid = request.cookies.get('uuid')
login = sql.get_user_name_by_uuid(user_uuid)
login = user_sql.get_user_name_by_uuid(user_uuid)
except Exception:
login = ''
@ -400,20 +402,6 @@ def diff_config(old_cfg, cfg, **kwargs):
roxywi_common.logging('Roxy-WI server', f'error: Cannot write a diff config to the log file: {e}, {stderr}', login=login, roxywi=1)
def _sanitize_input_word(word: str) -> str:
"""
Sanitizes the input word by removing certain characters.
"""
return re.sub(r'[?|$|!|^|*|\]|\[|,| |]', r'', word)
def _highlight_word(line: str, word: str) -> str:
"""
Highlights the word in the line by making it bold and colored red.
"""
return line.replace(word, f'<span style="color: red; font-weight: bold;">{word}</span>')
def _classify_line(line: str) -> str:
"""
Classifies the line as 'line' or 'line3' based on if it contains '--'.
@ -421,13 +409,6 @@ def _classify_line(line: str) -> str:
return "line" if '--' in line else "line3"
def _wrap_line(content: str, css_class: str="line") -> str:
"""
Wraps the provided content into a div HTML element with the given CSS class.
"""
return f'<div class="{css_class}">{content}</div>'
def show_finding_in_config(stdout: str, **kwargs) -> str:
"""
:param stdout: The stdout of a command execution.
@ -440,18 +421,18 @@ def show_finding_in_config(stdout: str, **kwargs) -> str:
*.
The formatted output string is returned.
"""
css_class_divider = _wrap_line("--")
css_class_divider = common.wrap_line("--")
output = css_class_divider
word_to_find = kwargs.get('grep')
if word_to_find:
word_to_find = _sanitize_input_word(word_to_find)
word_to_find = common.sanitize_input_word(word_to_find)
for line in stdout:
if word_to_find:
line = _highlight_word(line, word_to_find)
line = common.highlight_word(line, word_to_find)
line_class = _classify_line(line)
output += _wrap_line(line, line_class)
output += common.wrap_line(line, line_class)
output += css_class_divider
return output
@ -504,7 +485,7 @@ def show_config(server_ip: str, service: str, config_file_name: str, configver:
user_uuid = request.cookies.get('uuid')
group_id = int(request.cookies.get('group'))
configs_dir = config_common.get_config_dir(service)
server_id = sql.select_server_id_by_ip(server_ip)
server_id = server_sql.select_server_id_by_ip(server_ip)
try:
config_file_name = config_file_name.replace('/', '92')
@ -536,13 +517,13 @@ def show_config(server_ip: str, service: str, config_file_name: str, configver:
'conf': conf,
'serv': server_ip,
'configver': configver,
'role': sql.get_user_role_by_uuid(user_uuid, group_id),
'role': user_sql.get_user_role_by_uuid(user_uuid, group_id),
'service': service,
'config_file_name': config_file_name,
'is_serv_protected': sql.is_serv_protected(server_ip),
'is_restart': sql.select_service_setting(server_id, service, 'restart'),
'is_serv_protected': server_sql.is_serv_protected(server_ip),
'is_restart': service_sql.select_service_setting(server_id, service, 'restart'),
'lang': roxywi_common.get_user_lang_for_flask(),
'hostname': sql.get_hostname_by_server_ip(server_ip)
'hostname': server_sql.get_hostname_by_server_ip(server_ip)
}
return render_template('ajax/config_show.html', **kwargs)
@ -586,8 +567,8 @@ def list_of_versions(server_ip: str, service: str, configver: str, for_delver: i
:param for_delver: The delete version to use.
:return: The rendered HTML template with the list of versions.
"""
users = sql.select_users()
configs = sql.select_config_version(server_ip, service)
users = user_sql.select_users()
configs = config_sql.select_config_version(server_ip, service)
lang = roxywi_common.get_user_lang_for_flask()
action = f'/app/config/versions/{service}/{server_ip}'
config_dir = config_common.get_config_dir(service)

15
app/modules/config/runtime.py
View File

@ -3,12 +3,13 @@ import json
from flask import render_template
import app.modules.db.sql as sql
import app.modules.db.server as server_sql
import app.modules.config.config as config_mod
import app.modules.config.common as config_common
import app.modules.config.section as section_mod
import app.modules.server.server as server_mod
import app.modules.roxywi.common as roxywi_common
import modules.roxy_wi_tools as roxy_wi_tools
import app.modules.roxy_wi_tools as roxy_wi_tools
get_config_var = roxy_wi_tools.GetConfigVar()
@ -121,7 +122,7 @@ def change_ip_and_port(serv, backend_backend, backend_server, backend_ip, backen
lines = ''
sock_port = sql.get_setting('haproxy_sock_port')
masters = sql.is_master(serv)
masters = server_sql.is_master(serv)
for master in masters:
if master[0] is not None:
@ -209,7 +210,7 @@ def add_server(
stderr = ''
check_cfg = ''
check = int(check)
masters = sql.is_master(server_ip)
masters = server_sql.is_master(server_ip)
for master in masters:
if master[0] is not None:
@ -263,7 +264,7 @@ def add_server(
def delete_server(server_ip: str, backend: str, server: str) -> str:
lines = ''
stderr = ''
masters = sql.is_master(server_ip)
masters = server_sql.is_master(server_ip)
for master in masters:
if master[0] is not None:
@ -302,7 +303,7 @@ def change_maxconn_global(serv: str, maxconn: int) -> str:
return 'error: Maxconn must be integer and not 0'
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
masters = sql.is_master(serv)
masters = server_sql.is_master(serv)
for master in masters:
if master[0] is not None:
@ -334,7 +335,7 @@ def change_maxconn_frontend(serv, maxconn, frontend) -> str:
return 'error: Maxconn must be integer and not 0'
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
masters = sql.is_master(serv)
masters = server_sql.is_master(serv)
for master in masters:
if master[0] is not None:
@ -367,7 +368,7 @@ def change_maxconn_backend(serv, backend, backend_server, maxconn) -> str:
haproxy_sock_port = sql.get_setting('haproxy_sock_port')
masters = sql.is_master(serv)
masters = server_sql.is_master(serv)
for master in masters:
if master[0] is not None:
cmd = f'echo "set maxconn server {backend}/{backend_server} {maxconn}" |nc {master[0]} {haproxy_sock_port}'

2
app/modules/config/section.py
View File

@ -132,7 +132,7 @@ def get_remote_sections(server_ip: str, service: str) -> str:
if service == 'apache':
section_name = 'ServerName'
commands = [f"sudo grep {section_name} {config_dir}*/*.conf -R |grep -v '${{}}\|#'|awk '{{print $1, $3}}'"]
commands = f"sudo grep {section_name} {config_dir}*/*.conf -R |grep -v '${{}}\|#'|awk '{{print $1, $3}}'"
backends = server_mod.ssh_command(server_ip, commands)

96
app/modules/db/add.py Normal file
View File

@ -0,0 +1,96 @@
from app.modules.db.db_model import SavedServer, Option
from app.modules.db.common import out_error
def update_saved_server(server, description, saved_id):
query_update = SavedServer.update(server=server, description=description).where(SavedServer.id == saved_id)
try:
query_update.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def delete_saved_server(saved_id):
query = SavedServer.delete().where(SavedServer.id == saved_id)
try:
query.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def delete_option(option_id):
try:
Option.delete().where(Option.id == option_id).execute()
except Exception as e:
out_error(e)
return False
else:
return True
def insert_new_saved_server(server, description, group):
try:
SavedServer.insert(server=server, description=description, groups=group).execute()
except Exception as e:
out_error(e)
return False
else:
return True
def insert_new_option(saved_option, group):
try:
Option.insert(options=saved_option, groups=group).execute()
except Exception as e:
out_error(e)
return False
else:
return True
def select_options(**kwargs):
if kwargs.get('option'):
query = Option.select().where(Option.options == kwargs.get('option'))
elif kwargs.get('group'):
query = Option.select(Option.options).where(
(Option.groups == kwargs.get('group')) & (Option.options.startswith(kwargs.get('term'))))
else:
query = Option.select()
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def update_options(option, option_id):
try:
Option.update(options=option).where(Option.id == option_id).execute()
except Exception as e:
out_error(e)
return False
else:
return True
def select_saved_servers(**kwargs):
if kwargs.get('server'):
query = SavedServer.select().where(SavedServer.server == kwargs.get('server'))
elif kwargs.get('group'):
query = SavedServer.select(SavedServer.server, SavedServer.description).where(
(SavedServer.groups == kwargs.get('group')) & (SavedServer.server.startswith(kwargs.get('term'))))
else:
query = SavedServer.select()
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res

158
app/modules/db/backup.py Normal file
View File

@ -0,0 +1,158 @@
from app.modules.db.db_model import Backup, S3Backup, GitSetting
from app.modules.db.common import out_error
def insert_backup_job(server, rserver, rpath, backup_type, time, cred, description):
try:
Backup.insert(
server=server, rhost=rserver, rpath=rpath, backup_type=backup_type, time=time,
cred=cred, description=description
).execute()
except Exception as e:
out_error(e)
return False
else:
return True
def insert_s3_backup_job(server, s3_server, bucket, secret_key, access_key, time, description):
try:
S3Backup.insert(
server=server, s3_server=s3_server, bucket=bucket, secret_key=secret_key, access_key=access_key, time=time,
description=description
).execute()
except Exception as e:
out_error(e)
return False
else:
return True
def update_backup(server, rserver, rpath, backup_type, time, cred, description, backup_id):
backup_update = Backup.update(
server=server, rhost=rserver, rpath=rpath, backup_type=backup_type, time=time,
cred=cred, description=description
).where(Backup.id == backup_id)
try:
backup_update.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def delete_backups(backup_id: int) -> bool:
query = Backup.delete().where(Backup.id == backup_id)
try:
query.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def delete_s3_backups(backup_id: int) -> bool:
query = S3Backup.delete().where(S3Backup.id == backup_id)
try:
query.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def insert_new_git(server_id, service_id, repo, branch, period, cred, description):
try:
GitSetting.insert(
server_id=server_id, service_id=service_id, repo=repo, branch=branch, period=period,
cred_id=cred, description=description
).execute()
except Exception as e:
out_error(e)
return False
else:
return True
def delete_git(git_id):
query = GitSetting.delete().where(GitSetting.id == git_id)
try:
query.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def select_gits(**kwargs):
if kwargs.get("server_id") is not None and kwargs.get("service_id") is not None:
query = GitSetting.select().where(
(GitSetting.server_id == kwargs.get("server_id")) & (GitSetting.service_id == kwargs.get("service_id")))
else:
query = GitSetting.select().order_by(GitSetting.id)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_backups(**kwargs):
if kwargs.get("server") is not None and kwargs.get("rserver") is not None:
query = Backup.select().where((Backup.server == kwargs.get("server")) & (Backup.rhost == kwargs.get("rserver")))
else:
query = Backup.select().order_by(Backup.id)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_s3_backups(**kwargs):
if kwargs.get("server") is not None and kwargs.get("bucket") is not None:
query = S3Backup.select().where(
(S3Backup.server == kwargs.get("server")) &
(S3Backup.s3_server == kwargs.get("s3_server")) &
(S3Backup.bucket == kwargs.get("bucket"))
)
else:
query = S3Backup.select().order_by(S3Backup.id)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def check_exists_backup(server: str) -> bool:
try:
backup = Backup.get(Backup.server == server)
except Exception:
pass
else:
if backup.id is not None:
return True
else:
return False
def check_exists_s3_backup(server: str) -> bool:
try:
backup = S3Backup.get(S3Backup.server == server)
except Exception:
pass
else:
if backup.id is not None:
return True
else:
return False

210
app/modules/db/channel.py Normal file
View File

@ -0,0 +1,210 @@
from app.modules.db.db_model import Telegram, Slack, PD, Server
from app.modules.db.common import out_error
def get_user_telegram_by_group(group):
try:
return Telegram.select().where(Telegram.groups == group).execute()
except Exception as e:
out_error(e)
def get_telegram_by_ip(ip):
try:
return Telegram.select().join(Server, on=(Server.groups == Telegram.groups)).where(Server.ip == ip).execute()
except Exception as e:
out_error(e)
def get_telegram_by_id(telegram_id):
try:
return Telegram.select().where(Telegram.id == telegram_id).execute()
except Exception as e:
out_error(e)
def get_user_slack_by_group(group):
try:
return Slack.select().where(Slack.groups == group).execute()
except Exception as e:
out_error(e)
def get_slack_by_ip(ip):
try:
return Slack.select().join(Server, on=(Server.groups == Slack.groups)).where(Server.ip == ip).execute()
except Exception as e:
out_error(e)
def get_slack_by_id(slack_id):
try:
return Slack.select().where(Slack.id == slack_id).execute()
except Exception as e:
out_error(e)
def get_user_pd_by_group(group):
try:
return PD.select().where(PD.groups == group).execute()
except Exception as e:
out_error(e)
def get_user_pd_by_group(group):
try:
return PD.select().where(PD.groups == group).execute()
except Exception as e:
out_error(e)
def get_pd_by_ip(ip):
query = PD.select().join(Server, on=(Server.groups == PD.groups)).where(Server.ip == ip)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def get_pd_by_id(pd_id):
try:
return PD.select().where(PD.id == pd_id).execute()
except Exception as e:
out_error(e)
def delete_telegram(telegram_id):
query = Telegram.delete().where(Telegram.id == telegram_id)
try:
query.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def select_telegram(**kwargs):
if kwargs.get('token'):
query = Telegram.select().where(Telegram.token == kwargs.get('token'))
elif kwargs.get('id'):
query = Telegram.select().where(Telegram.id == kwargs.get('id'))
else:
query = Telegram.select()
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def insert_new_telegram(token, channel, group):
try:
Telegram.insert(token=token, chanel_name=channel, groups=group).execute()
except Exception as e:
out_error(e)
return False
else:
return True
def update_telegram(token, channel, group, telegram_id):
telegram_update = Telegram.update(token=token, chanel_name=channel, groups=group).where(Telegram.id == telegram_id)
try:
telegram_update.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def delete_slack(slack_id):
query = Slack.delete().where(Slack.id == slack_id)
try:
query.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def select_slack(**kwargs):
if kwargs.get('token'):
query = Slack.select().where(Slack.token == kwargs.get('token'))
elif kwargs.get('id'):
query = Slack.select().where(Slack.id == kwargs.get('id'))
else:
query = Slack.select()
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def insert_new_slack(token, chanel, group):
try:
Slack.insert(token=token, chanel_name=chanel, groups=group).execute()
except Exception as e:
out_error(e)
return False
else:
return True
def update_slack(token, chanel, group, slack_id):
try:
return Slack.update(token=token, chanel_name=chanel, groups=group).where(Slack.id == slack_id).execute()
except Exception as e:
out_error(e)
def delete_pd(pd_id):
try:
PD.delete().where(PD.id == pd_id).execute()
except Exception as e:
out_error(e)
return False
else:
return True
def select_pd(**kwargs):
if kwargs.get('token'):
query = PD.select().where(PD.token == kwargs.get('token'))
elif kwargs.get('id'):
query = PD.select().where(PD.id == kwargs.get('id'))
else:
query = PD.select()
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def insert_new_pd(token, chanel, group):
try:
PD.insert(token=token, chanel_name=chanel, groups=group).execute()
except Exception as e:
out_error(e)
return False
else:
return True
def update_pd(token, chanel, group, pd_id):
try:
PD.update(token=token, chanel_name=chanel, groups=group).where(PD.id == pd_id).execute()
except Exception as e:
out_error(e)
return False
else:
return True

210
app/modules/db/checker.py Normal file
View File

@ -0,0 +1,210 @@
from app.modules.db.db_model import CheckerSetting, Server, ServiceStatus
from app.modules.db.common import out_error
def select_checker_settings(service_id: int):
query = CheckerSetting.select().where(CheckerSetting.service_id == service_id)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
return
else:
return query_res
def select_checker_settings_for_server(service_id: int, server_id: int):
query = CheckerSetting.select().where(
(CheckerSetting.service_id == service_id)
& (CheckerSetting.server_id == server_id)
)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
return
else:
return query_res
def insert_new_checker_setting_for_server(server_ip: str) -> None:
server_id = ()
try:
server_id = Server.get(Server.ip == server_ip).server_id
except Exception as e:
out_error(e)
for service_id in range(1, 5):
CheckerSetting.insert(
server_id=server_id, service_id=service_id
).on_conflict_ignore().execute()
def update_haproxy_checker_settings(
email: int, telegram_id: int, slack_id: int, pd_id: int, service_alert: int, backend_alert: int,
maxconn_alert: int, setting_id: int
) -> bool:
settings_update = CheckerSetting.update(
email=email, telegram_id=telegram_id, slack_id=slack_id, pd_id=pd_id, service_alert=service_alert,
backend_alert=backend_alert, maxconn_alert=maxconn_alert
).where(CheckerSetting.id == setting_id)
try:
settings_update.execute()
except Exception:
return False
else:
return True
def update_keepalived_checker_settings(
email: int, telegram_id: int, slack_id: int, pd_id: int, service_alert: int, backend_alert: int,
setting_id: int
) -> bool:
settings_update = CheckerSetting.update(
email=email, telegram_id=telegram_id, slack_id=slack_id, pd_id=pd_id,
service_alert=service_alert, backend_alert=backend_alert
).where(CheckerSetting.id == setting_id)
try:
settings_update.execute()
except Exception:
return False
else:
return True
def update_service_checker_settings(
email: int, telegram_id: int, slack_id: int, pd_id: int, service_alert: int, setting_id: int
) -> bool:
settings_update = CheckerSetting.update(
email=email, telegram_id=telegram_id, slack_id=slack_id, pd_id=pd_id, service_alert=service_alert
).where(CheckerSetting.id == setting_id)
try:
settings_update.execute()
except Exception:
return False
else:
return True
def select_checker_service_status(server_id: int, service_id: int, service_check: str) -> int:
try:
service_check_status = ServiceStatus.get(
(ServiceStatus.server_id == server_id)
& (ServiceStatus.service_id == service_id)
& (ServiceStatus.service_check == service_check)
).status
except Exception as e:
return out_error(e)
else:
return service_check_status
def select_checker_services_status() -> tuple:
try:
services_check_status = ServiceStatus.select().execute()
except Exception as e:
return out_error(e)
else:
return services_check_status
def inset_or_update_service_status(server_id: int, service_id: int, service_check: str, status: int) -> None:
query = ServiceStatus.insert(
server_id=server_id, service_id=service_id, service_check=service_check, status=status
).on_conflict('replace')
try:
query.execute()
except Exception as e:
out_error(e)
def select_alert(**kwargs):
if kwargs.get("group") is not None:
query = Server.select(Server.ip).where(
(Server.alert == 1) & (Server.enable == 1) & (Server.groups == kwargs.get('group'))
)
else:
query = Server.select(Server.ip).where((Server.alert == 1) & (Server.enable == 1))
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_all_alerts(**kwargs):
if kwargs.get("group") is not None:
query = Server.select(Server.ip).where(
((Server.alert == 1) | (Server.nginx_alert == 1)) & (Server.enable == 1) & (Server.groups == kwargs.get('group'))
)
else:
query = Server.select(Server.ip).where(((Server.alert == 1) | (Server.nginx_alert == 1)) & (Server.enable == 1))
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_nginx_alert(**kwargs):
if kwargs.get("group") is not None:
query = Server.select(Server.ip).where(
(Server.nginx_alert == 1)
& (Server.enable == 1)
& (Server.groups == kwargs.get('group'))
& (Server.nginx == 1)
)
else:
query = Server.select(Server.ip).where(
(Server.nginx_alert == 1)
& (Server.enable == 1)
& (Server.nginx == 1)
)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_apache_alert(**kwargs):
if kwargs.get("group") is not None:
query = Server.select(Server.ip).where(
(Server.apache_alert == 1)
& (Server.enable == 1)
& (Server.groups == kwargs.get('group'))
& (Server.apache == 1)
)
else:
query = Server.select(Server.ip).where((Server.apache_alert == 1) & (Server.enable == 1) & (Server.apache == 1))
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_keepalived_alert(**kwargs):
if kwargs.get("group") is not None:
query = Server.select(Server.ip).where(
(Server.keepalived_alert == 1)
& (Server.enable == 1)
& (Server.groups == kwargs.get('group'))
& (Server.keepalived == 1)
)
else:
query = Server.select(Server.ip).where(
(Server.keepalived_alert == 1)
& (Server.enable == 1)
& (Server.keepalived == 1)
)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res

38
app/modules/db/common.py
View File

@ -2,10 +2,6 @@ import os
import sys
import traceback
from flask import request
from app.modules.db.db_model import Setting
def out_error(error):
error = str(error)
@ -15,37 +11,3 @@ def out_error(error):
function_name = stk[0][2]
error = f'{error} in function: {function_name} in file: {file_name}'
raise Exception(f'error: {error}')
def get_setting(param, **kwargs):
user_group_id = ''
try:
user_group_id = request.cookies.get('group')
except Exception:
pass
if user_group_id == '' or user_group_id is None or param == 'proxy':
user_group_id = 1
if kwargs.get('all'):
query = Setting.select().where(Setting.group == user_group_id).order_by(Setting.section.desc())
else:
query = Setting.select().where((Setting.param == param) & (Setting.group == user_group_id))
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
if kwargs.get('all'):
return query_res
else:
for setting in query_res:
if param in (
'nginx_stats_port', 'session_ttl', 'token_ttl', 'haproxy_stats_port', 'haproxy_sock_port', 'ldap_type',
'ldap_port', 'ldap_enable', 'log_time_storage', 'syslog_server_enable', 'checker_check_interval', 'port_scan_interval',
'smon_keep_history_range', 'checker_keep_history_range', 'portscanner_keep_history_range', 'checker_maxconn_threshold',
'apache_stats_port', 'smon_ssl_expire_warning_alert', 'smon_ssl_expire_critical_alert', 'action_keep_history_range'
):
return int(setting.value)
else:
return setting.value

65
app/modules/db/config.py Normal file
View File

@ -0,0 +1,65 @@
from app.modules.db.db_model import ConfigVersion
from app.modules.db.sql import get_setting
from app.modules.db.server import select_server_id_by_ip
from app.modules.db.common import out_error
import app.modules.roxy_wi_tools as roxy_wi_tools
def insert_config_version(server_id: int, user_id: int, service: str, local_path: str, remote_path: str, diff: str):
time_zone = get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
cur_date = get_date.return_date('regular')
try:
ConfigVersion.insert(
server_id=server_id,
user_id=user_id,
service=service,
local_path=local_path,
remote_path=remote_path,
diff=diff,
date=cur_date
).execute()
except Exception as e:
out_error(e)
def select_config_version(server_ip: str, service: str) -> str:
server_id = select_server_id_by_ip(server_ip)
query = ConfigVersion.select().where(
(ConfigVersion.server_id == server_id)
& (ConfigVersion.service == service)
)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def delete_config_version(service: str, local_path: str):
query_res = ConfigVersion.delete().where(
(ConfigVersion.service == service)
& (ConfigVersion.local_path == local_path)
)
try:
query_res.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def select_remote_path_from_version(server_ip: str, service: str, local_path: str):
server_id = select_server_id_by_ip(server_ip)
try:
query_res = ConfigVersion.get(
(ConfigVersion.server_id == server_id)
& (ConfigVersion.service == service)
& (ConfigVersion.local_path == local_path)
).remote_path
except Exception as e:
out_error(e)
else:
return query_res

59
app/modules/db/cred.py Normal file
View File

@ -0,0 +1,59 @@
from app.modules.db.db_model import Cred, Server
from app.modules.db.common import out_error
def select_ssh(**kwargs):
if kwargs.get("name") is not None:
query = Cred.select().where(Cred.name == kwargs.get('name'))
elif kwargs.get("id") is not None:
query = Cred.select().where(Cred.id == kwargs.get('id'))
elif kwargs.get("serv") is not None:
query = Cred.select().join(Server, on=(Cred.id == Server.cred)).where(Server.ip == kwargs.get('serv'))
elif kwargs.get("group") is not None:
query = Cred.select().where(Cred.groups == kwargs.get("group"))
else:
query = Cred.select()
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def insert_new_ssh(name, enable, group, username, password):
if password is None:
password = 'None'
try:
Cred.insert(name=name, enable=enable, groups=group, username=username, password=password).execute()
except Exception as e:
out_error(e)
def delete_ssh(ssh_id):
query = Cred.delete().where(Cred.id == ssh_id)
try:
query.execute()
except Exception as e:
out_error(e)
else:
return True
def update_ssh(cred_id, name, enable, group, username, password):
if password is None:
password = 'None'
cred_update = Cred.update(name=name, enable=enable, groups=group, username=username, password=password).where(
Cred.id == cred_id)
try:
cred_update.execute()
except Exception as e:
out_error(e)
def update_ssh_passphrase(name: str, passphrase: str):
try:
Cred.update(passphrase=passphrase).where(Cred.name == name).execute()
except Exception as e:
out_error(e)

40
app/modules/db/db_model.py
View File

@ -1,30 +1,39 @@
from peewee import *
from playhouse.migrate import *
from datetime import datetime
from flask_login import UserMixin
from playhouse.shortcuts import ReconnectMixin
import modules.roxy_wi_tools as roxy_wi_tools
get_config = roxy_wi_tools.GetConfigVar()
mysql_enable = get_config.get_config_var('mysql', 'enable')
if mysql_enable == '1':
mysql_user = get_config.get_config_var('mysql', 'mysql_user')
mysql_password = get_config.get_config_var('mysql', 'mysql_password')
mysql_db = get_config.get_config_var('mysql', 'mysql_db')
mysql_host = get_config.get_config_var('mysql', 'mysql_host')
mysql_port = get_config.get_config_var('mysql', 'mysql_port')
conn = MySQLDatabase(mysql_db, user=mysql_user, password=mysql_password, host=mysql_host, port=int(mysql_port))
migrator = MySQLMigrator(conn)
else:
db = "/var/lib/roxy-wi/roxy-wi.db"
conn = SqliteDatabase(db, pragmas={'timeout': 1000, 'foreign_keys': 1})
migrator = SqliteMigrator(conn)
class ReconnectMySQLDatabase(ReconnectMixin, MySQLDatabase):
pass
def connect(get_migrator=None):
if mysql_enable == '1':
mysql_user = get_config.get_config_var('mysql', 'mysql_user')
mysql_password = get_config.get_config_var('mysql', 'mysql_password')
mysql_db = get_config.get_config_var('mysql', 'mysql_db')
mysql_host = get_config.get_config_var('mysql', 'mysql_host')
mysql_port = get_config.get_config_var('mysql', 'mysql_port')
conn = ReconnectMySQLDatabase(mysql_db, user=mysql_user, password=mysql_password, host=mysql_host, port=int(mysql_port))
migrator = MySQLMigrator(conn)
else:
db = "/var/lib/roxy-wi/roxy-wi.db"
conn = SqliteDatabase(db, pragmas={'timeout': 1000, 'foreign_keys': 1})
migrator = SqliteMigrator(conn)
if get_migrator:
return migrator
else:
return conn
class BaseModel(Model):
class Meta:
database = conn
database = connect()
class User(BaseModel, UserMixin):
@ -738,6 +747,7 @@ class HaClusterService(BaseModel):
def create_tables():
conn = connect()
with conn:
conn.create_tables(
[User, Server, Role, Telegram, Slack, UUID, Token, ApiToken, Groups, UserGroups, ConfigVersion, Setting,

141
app/modules/db/group.py Normal file
View File

@ -0,0 +1,141 @@
from app.modules.db.db_model import Groups, Setting, UserGroups
from app.modules.db.common import out_error
def select_groups(**kwargs):
if kwargs.get("group") is not None:
query = Groups.select().where(Groups.name == kwargs.get('group'))
elif kwargs.get("id") is not None:
query = Groups.select().where(Groups.group_id == kwargs.get('id'))
else:
query = Groups.select().order_by(Groups.group_id)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def add_group(name, description):
try:
last_insert = Groups.insert(name=name, description=description)
last_insert_id = last_insert.execute()
except Exception as e:
out_error(e)
return False
else:
add_setting_for_new_group(last_insert_id)
return True
def add_setting_for_new_group(group_id):
group_id = str(group_id)
data_source = [
{'param': 'time_zone', 'value': 'UTC', 'section': 'main', 'desc': 'Time Zone', 'group': group_id},
{'param': 'proxy', 'value': '', 'section': 'main', 'desc': 'IP address and port of the proxy server . Use proto://ip:port', 'group': group_id},
{'param': 'session_ttl', 'value': '5', 'section': 'main', 'desc': 'TTL for a user session (in days)', 'group': group_id},
{'param': 'token_ttl', 'value': '5', 'section': 'main', 'desc': 'TTL for a user token (in days)', 'group': group_id},
{'param': 'tmp_config_path', 'value': '/tmp/', 'section': 'main', 'desc': 'Path to the temporary directory.', 'group': group_id},
{'param': 'cert_path', 'value': '/etc/ssl/certs/', 'section': 'main', 'desc': 'Path to SSL dir', 'group': group_id},
{'param': 'haproxy_path_logs', 'value': '/var/log/haproxy/', 'section': 'haproxy', 'desc': 'The default local path for saving logs', 'group': group_id},
{'param': 'syslog_server_enable', 'value': '0', 'section': 'logs', 'desc': 'Enable getting logs from a syslog server; (0 - no, 1 - yes)', 'group': group_id},
{'param': 'syslog_server', 'value': '', 'section': 'logs', 'desc': 'IP address of the syslog_server', 'group': group_id},
{'param': 'haproxy_stats_user', 'value': 'admin', 'section': 'haproxy', 'desc': 'Username for accessing HAProxy stats page', 'group': group_id},
{'param': 'haproxy_stats_password', 'value': 'password', 'section': 'haproxy', 'desc': 'Password for accessing HAProxy stats page', 'group': group_id},
{'param': 'haproxy_stats_port', 'value': '8085', 'section': 'haproxy', 'desc': 'Port for HAProxy stats page', 'group': group_id},
{'param': 'haproxy_stats_page', 'value': 'stats', 'section': 'haproxy', 'desc': 'URI for HAProxy stats page', 'group': group_id},
{'param': 'haproxy_dir', 'value': '/etc/haproxy', 'section': 'haproxy', 'desc': 'Path to the HAProxy directory', 'group': group_id},
{'param': 'haproxy_config_path', 'value': '/etc/haproxy/haproxy.cfg', 'section': 'haproxy', 'desc': 'Path to the HAProxy configuration file', 'group': group_id},
{'param': 'server_state_file', 'value': '/etc/haproxy/haproxy.state', 'section': 'haproxy', 'desc': 'Path to the HAProxy state file', 'group': group_id},
{'param': 'haproxy_sock', 'value': '/var/run/haproxy.sock', 'section': 'haproxy', 'desc': 'Path to the HAProxy sock file', 'group': group_id},
{'param': 'haproxy_sock_port', 'value': '1999', 'section': 'haproxy', 'desc': 'Socket port for HAProxy', 'group': group_id},
{'param': 'haproxy_container_name', 'value': 'haproxy', 'section': 'haproxy', 'desc': 'Docker container name for HAProxy service', 'group': group_id},
{'param': 'maxmind_key', 'value': '', 'section': 'main', 'desc': 'License key for downloading GeoIP DB. You can create it on maxmind.com', 'group': group_id},
{'param': 'nginx_path_logs', 'value': '/var/log/nginx/', 'section': 'nginx', 'desc': 'NGINX error log', 'group': group_id},
{'param': 'nginx_stats_user', 'value': 'admin', 'section': 'nginx', 'desc': 'Username for accessing NGINX stats page', 'group': group_id},
{'param': 'nginx_stats_password', 'value': 'password', 'section': 'nginx', 'desc': 'Password for accessing NGINX stats page', 'group': group_id},
{'param': 'nginx_stats_port', 'value': '8086', 'section': 'nginx', 'desc': 'Stats port for web page NGINX', 'group': group_id},
{'param': 'nginx_stats_page', 'value': 'stats', 'section': 'nginx', 'desc': 'URI Stats for web page NGINX', 'group': group_id},
{'param': 'nginx_dir', 'value': '/etc/nginx/', 'section': 'nginx', 'desc': 'Path to the NGINX directory with config files', 'group': group_id},
{'param': 'nginx_config_path', 'value': '/etc/nginx/nginx.conf', 'section': 'nginx', 'desc': 'Path to the main NGINX configuration file', 'group': group_id},
{'param': 'nginx_container_name', 'value': 'nginx', 'section': 'nginx', 'desc': 'Docker container name for NGINX service', 'group': group_id},
{'param': 'ldap_enable', 'value': '0', 'section': 'ldap', 'desc': 'Enable LDAP', 'group': group_id},
{'param': 'ldap_server', 'value': '', 'section': 'ldap', 'desc': 'IP address of the LDAP server', 'group': group_id},
{'param': 'ldap_port', 'value': '389', 'section': 'ldap', 'desc': 'LDAP port (port 389 or 636 is used by default)', 'group': group_id},
{'param': 'ldap_user', 'value': '', 'section': 'ldap', 'desc': 'LDAP username. Format: user@domain.com', 'group': group_id},
{'param': 'ldap_password', 'value': '', 'section': 'ldap', 'desc': 'LDAP password', 'group': group_id},
{'param': 'ldap_base', 'value': '', 'section': 'ldap', 'desc': 'Base domain. Example: dc=domain, dc=com', 'group': group_id},
{'param': 'ldap_domain', 'value': '', 'section': 'ldap', 'desc': 'LDAP domain for logging in', 'group': group_id},
{'param': 'ldap_class_search', 'value': 'user', 'section': 'ldap', 'desc': 'Class for searching the user', 'group': group_id},
{'param': 'ldap_user_attribute', 'value': 'sAMAccountName', 'section': 'ldap', 'desc': 'Attribute to search users by', 'group': group_id},
{'param': 'ldap_search_field', 'value': 'mail', 'section': 'ldap', 'desc': 'User\'s email address', 'group': group_id},
{'param': 'ldap_type', 'value': '0', 'section': 'ldap', 'desc': 'Use LDAPS', 'group': group_id},
{'param': 'apache_path_logs', 'value': '/var/log/httpd/', 'section': 'apache', 'desc': 'The path for Apache logs', 'group': group_id},
{'param': 'apache_stats_user', 'value': 'admin', 'section': 'apache', 'desc': 'Username for accessing Apache stats page', 'group': group_id},
{'param': 'apache_stats_password', 'value': 'password', 'section': 'apache', 'desc': 'Password for Apache stats webpage', 'group': group_id},
{'param': 'apache_stats_port', 'value': '8087', 'section': 'apache', 'desc': 'Stats port for webpage Apache', 'group': group_id},
{'param': 'apache_stats_page', 'value': 'stats', 'section': 'apache', 'desc': 'URI Stats for webpage Apache', 'group': group_id},
{'param': 'apache_dir', 'value': '/etc/httpd/', 'section': 'apache', 'desc': 'Path to the Apache directory with config files', 'group': group_id},
{'param': 'apache_config_path', 'value': '/etc/httpd/conf/httpd.conf', 'section': 'apache', 'desc': 'Path to the main Apache configuration file', 'group': group_id},
{'param': 'apache_container_name', 'value': 'apache', 'section': 'apache', 'desc': 'Docker container name for Apache service', 'group': group_id},
{'param': 'keepalived_config_path', 'value': '/etc/keepalived/keepalived.conf', 'section': 'keepalived', 'desc': 'Path to the main Keepalived configuration file', 'group': group_id},
{'param': 'keepalived_path_logs', 'value': '/var/log/keepalived/', 'section': 'keepalived', 'desc': 'The path for Keepalived logs', 'group': group_id},
]
try:
Setting.insert_many(data_source).execute()
except Exception as e:
out_error(e)
def delete_group(group_id):
try:
Groups.delete().where(Groups.group_id == group_id).execute()
UserGroups.delete().where(UserGroups.user_group_id == group_id).execute()
except Exception as e:
out_error(e)
return False
else:
delete_group_settings(group_id)
return True
def delete_group_settings(group_id):
try:
group_for_delete = Setting.delete().where(Setting.group == group_id)
group_for_delete.execute()
except Exception as e:
out_error(e)
else:
return True
def update_group(name, descript, group_id):
try:
group_update = Groups.update(name=name, description=descript).where(Groups.group_id == group_id)
group_update.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def get_group_name_by_id(group_id):
try:
group_name = Groups.get(Groups.group_id == group_id)
except Exception as e:
out_error(e)
else:
return group_name.name
def get_group_id_by_name(group_name):
try:
group_id = Groups.get(Groups.name == group_name)
except Exception as e:
out_error(e)
else:
return group_id.group_id

279
app/modules/db/ha_cluster.py Normal file
View File

@ -0,0 +1,279 @@
from app.modules.db.db_model import connect, HaCluster, HaClusterVirt, HaClusterVip, HaClusterService, HaClusterSlave, Server, HaClusterRouter
from app.modules.db.common import out_error
def select_clusters(group_id: int):
try:
return HaCluster.select().where(HaCluster.group_id == group_id).execute()
except Exception as e:
out_error(e)
def create_cluster(name: str, syn_flood: int, group_id: int, desc: str) -> int:
try:
last_id = HaCluster.insert(
name=name, syn_flood=syn_flood, group_id=group_id, desc=desc
).execute()
return last_id
except Exception as e:
out_error(e)
def select_cluster(cluster_id: int):
try:
return HaCluster.select().where(HaCluster.id == cluster_id).execute()
except Exception as e:
out_error(e)
def select_cluster_name(cluster_id: int) -> str:
try:
return HaCluster.get(HaCluster.id == cluster_id).name
except Exception as e:
out_error(e)
def select_clusters_virts():
try:
return HaClusterVirt.select().execute()
except Exception as e:
out_error(e)
def select_cluster_vips(cluster_id: int) -> object:
try:
return HaClusterVip.select().where(HaClusterVip.cluster_id == cluster_id).execute()
except Exception as e:
out_error(e)
def select_clusters_vip(cluster_id: int, router_id: int):
try:
return HaClusterVip.get((HaClusterVip.cluster_id == cluster_id) & (HaClusterVip.router_id == router_id)).vip
except Exception as e:
out_error(e)
def select_clusters_vip_return_master(cluster_id: int, router_id: int):
try:
return HaClusterVip.get((HaClusterVip.cluster_id == cluster_id) & (HaClusterVip.router_id == router_id)).return_master
except Exception as e:
out_error(e)
def select_clusters_vip_id(cluster_id: int, router_id):
try:
return HaClusterVip.get((HaClusterVip.cluster_id == cluster_id) & (HaClusterVip.router_id == router_id)).id
except Exception as e:
out_error(e)
def delete_cluster_services(cluster_id: int):
try:
return HaClusterService.delete().where(HaClusterService.cluster_id == cluster_id).execute()
except Exception as e:
out_error(e)
def insert_cluster_services(cluster_id: int, service_id: int):
try:
return HaClusterService.insert(cluster_id=cluster_id, service_id=service_id).execute()
except Exception as e:
out_error(e)
def select_cluster_master_slaves(cluster_id: int, group_id: int, router_id: int):
conn = connect()
cursor = conn.cursor()
sql = f"select * from servers left join ha_cluster_slaves on (servers.id = ha_cluster_slaves.server_id) " \
f"where servers.groups = {group_id} and ha_cluster_slaves.cluster_id = {cluster_id} and ha_cluster_slaves.router_id = {router_id};"
try:
cursor.execute(sql)
except Exception as e:
out_error(e)
else:
return cursor.fetchall()
def select_cluster_slaves(cluster_id: int, router_id: int):
conn = connect()
cursor = conn.cursor()
sql = f"select * from servers left join ha_cluster_slaves on (servers.id = ha_cluster_slaves.server_id) " \
f"where ha_cluster_slaves.cluster_id = {cluster_id} and ha_cluster_slaves.router_id = {router_id};"
try:
cursor.execute(sql)
except Exception as e:
out_error(e)
else:
return cursor.fetchall()
def select_cluster_slaves_for_inv(router_id: int):
try:
return HaClusterSlave.select().where(HaClusterSlave.router_id == router_id).execute()
except Exception as e:
out_error(e)
def delete_ha_cluster_delete_slave(server_id: int) -> None:
try:
HaClusterSlave.delete().where(HaClusterSlave.server_id == server_id).execute()
except Exception as e:
out_error(e)
def delete_master_from_slave(server_id: int) -> None:
try:
Server.update(master=0).where(Server.server_id == server_id).execute()
except Exception as e:
out_error(e)
def select_ha_cluster_not_masters_not_slaves(group_id: int):
"""
Method for selecting HA clusters excluding masters and slaves.
:param group_id: The ID of the group.
:return: The query result.
"""
try:
query = Server.select().where(
(Server.type_ip == 0) &
(Server.server_id.not_in(HaClusterSlave.select(HaClusterSlave.server_id))) &
(Server.groups == group_id)
)
return query.execute()
except Exception as e:
out_error(e)
def get_router_id(cluster_id: int, default_router=0) -> int:
"""
:param cluster_id: The ID of the cluster to get the router ID from.
:param default_router: The default router ID to retrieve. Default value is 0.
:return: The ID of the router associated with the given cluster ID and default router ID.
"""
try:
return HaClusterRouter.get((HaClusterRouter.cluster_id == cluster_id) & (HaClusterRouter.default == default_router)).id
except Exception as e:
out_error(e)
def create_ha_router(cluster_id: int) -> int:
"""
Create HA Router
This method is used to create a HA (High Availability) router for a given cluster.
:param cluster_id: The ID of the cluster for which the HA router needs to be created.
:return: The ID of the created HA router.
:rtype: int
:raises Exception: If an error occurs while creating the HA router.
"""
try:
last_id = HaClusterRouter.insert(cluster_id=cluster_id).execute()
return last_id
except Exception as e:
out_error(e)
def delete_ha_router(router_id: int) -> int:
try:
last_id = HaClusterRouter.delete().where(HaClusterRouter.id == router_id).execute()
return last_id
except Exception as e:
out_error(e)
def insert_or_update_slave(cluster_id: int, server_id: int, eth: str, master: int, router_id) -> None:
try:
HaClusterSlave.insert(cluster_id=cluster_id, server_id=server_id, eth=eth, master=master, router_id=router_id).on_conflict('replace').execute()
except Exception as e:
out_error(e)
def update_slave(cluster_id: int, server_id: int, eth: str, master: int, router_id) -> None:
try:
HaClusterSlave.update(
cluster_id=cluster_id, server_id=server_id, eth=eth, master=master, router_id=router_id
).where((HaClusterSlave.server_id == server_id) & (HaClusterSlave.router_id == router_id)).execute()
except Exception as e:
out_error(e)
def update_cluster(cluster_id: int, name: str, desc: str, syn_flood: int) -> None:
try:
HaCluster.update(name=name, desc=desc, syn_flood=syn_flood).where(HaCluster.id == cluster_id).execute()
except Exception as e:
out_error(e)
def update_ha_cluster_vip(cluster_id: int, router_id: int, vip: str, return_master: int) -> None:
try:
HaClusterVip.update(vip=vip, return_master=return_master).where((HaClusterVip.cluster_id == cluster_id) & (HaClusterVip.router_id == router_id)).execute()
except Exception as e:
out_error(e)
def update_ha_virt_ip(vip_id: int, vip: str) -> None:
try:
Server.update(ip=vip).where(Server.server_id == HaClusterVirt.get(HaClusterVirt.vip_id == vip_id).virt_id).execute()
except Exception as e:
out_error(e)
def delete_ha_virt(vip_id: int) -> None:
try:
Server.delete().where(Server.server_id == HaClusterVirt.get(HaClusterVirt.vip_id == vip_id).virt_id).execute()
except Exception:
pass
def check_ha_virt(vip_id: int) -> bool:
try:
HaClusterVirt.get(HaClusterVirt.vip_id == vip_id).virt_id
except Exception:
return False
return True
def select_ha_cluster_name_and_slaves() -> object:
try:
return HaCluster.select(HaCluster.id, HaCluster.name, HaClusterSlave.server_id).join(HaClusterSlave).execute()
except Exception as e:
out_error(e)
def select_cluster_services(cluster_id: int):
try:
return HaClusterService.select().where(HaClusterService.cluster_id == cluster_id).execute()
except Exception as e:
out_error(e)
def update_server_master(master, slave):
try:
master_id = Server.get(Server.ip == master).server_id
except Exception as e:
out_error(e)
update_master_server_by_slave_ip(master_id, slave)
def update_master_server_by_slave_ip(master_id: int, slave_ip: str) -> None:
try:
Server.update(master=master_id).where(Server.ip == slave_ip).execute()
except Exception as e:
out_error(e)
def get_cred_id_by_server_ip(server_ip):
try:
cred = Server.get(Server.ip == server_ip)
except Exception as e:
return out_error(e)
else:
return cred.cred

92
app/modules/db/history.py Normal file
View File

@ -0,0 +1,92 @@
from app.modules.db.db_model import connect, ActionHistory, Alerts
from app.modules.db.sql import get_setting
from app.modules.db.common import out_error
import app.modules.roxy_wi_tools as roxy_wi_tools
def alerts_history(service, user_group, **kwargs):
conn = connect()
cursor = conn.cursor()
and_host = ''
if kwargs.get('host'):
and_host = "and ip = '{}'".format(kwargs.get('host'))
if user_group == 1:
sql_user_group = ""
else:
sql_user_group = "and user_group = '{}'".format(user_group)
sql = (
f"select message, level, ip, port, date "
f"from alerts "
f"where service = '{service}' {sql_user_group} {and_host} "
f"order by date desc; "
)
try:
cursor.execute(sql)
except Exception as e:
out_error(e)
else:
conn.close()
return cursor.fetchall()
def insert_alerts(user_group, level, ip, port, message, service):
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
cur_date = get_date.return_date('regular')
try:
Alerts.insert(
user_group=user_group, message=message, level=level, ip=ip, port=port, service=service,
date=cur_date
).execute()
except Exception as e:
out_error(e)
def delete_alert_history(keep_interval: int, service: str):
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
cur_date = get_date.return_date('regular', timedelta_minus=keep_interval)
query = Alerts.delete().where(
(Alerts.date < cur_date) & (Alerts.service == service)
)
try:
query.execute()
except Exception as e:
out_error(e)
def insert_action_history(service: str, action: str, server_id: int, user_id: int, user_ip: str, server_ip: str, hostname: str):
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
cur_date = get_date.return_date('regular')
try:
ActionHistory.insert(
service=service,
action=action,
server_id=server_id,
user_id=user_id,
ip=user_ip,
date=cur_date,
server_ip=server_ip,
hostname=hostname
).execute()
except Exception as e:
out_error(e)
def delete_action_history(server_id: int):
query = ActionHistory.delete().where(ActionHistory.server_id == server_id)
try:
query.execute()
except Exception as e:
out_error(e)
def delete_action_history_for_period():
time_period = get_setting('action_keep_history_range')
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
cur_date = get_date.return_date('regular', timedelta_minus=time_period)
query = ActionHistory.delete().where(ActionHistory.date < cur_date)
try:
query.execute()
except Exception as e:
out_error(e)

62
app/modules/db/keep_alive.py Normal file
View File

@ -0,0 +1,62 @@
from app.modules.db.db_model import KeepaliveRestart, Server
from app.modules.db.common import out_error
def select_keep_alive():
query = Server.select(Server.ip, Server.groups, Server.server_id).where(Server.active == 1)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_nginx_keep_alive():
query = Server.select(Server.ip, Server.groups, Server.server_id).where(Server.nginx_active == 1)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_apache_keep_alive():
query = Server.select(Server.ip, Server.groups, Server.server_id).where(Server.apache_active == 1)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_keepalived_keep_alive():
query = Server.select(Server.ip, Server.port, Server.groups, Server.server_id).where(Server.keepalived_active == 1)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_update_keep_alive_restart(server_id: int, service: str) -> int:
try:
restarted = KeepaliveRestart.get(
(KeepaliveRestart.server_id == server_id) &
(KeepaliveRestart.service == service)
).restarted
except Exception as e:
out_error(e)
else:
return restarted or 0
def update_keep_alive_restart(server_id: int, service: str, restarted: int) -> None:
query = KeepaliveRestart.insert(server_id=server_id, service=service, restarted=restarted).on_conflict('replace')
try:
query.execute()
except Exception as e:
out_error(e)

612
app/modules/db/metric.py Normal file
View File

@ -0,0 +1,612 @@
from app.modules.db.db_model import connect, mysql_enable, Metrics, MetricsHttpStatus, Server, NginxMetrics, ApacheMetrics, WafMetrics
from app.modules.db.sql import get_setting
from app.modules.db.common import out_error
import app.modules.roxy_wi_tools as roxy_wi_tools
def insert_metrics(serv, curr_con, cur_ssl_con, sess_rate, max_sess_rate):
time_zone = get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
cur_date = get_date.return_date('regular')
try:
Metrics.insert(
serv=serv, curr_con=curr_con, cur_ssl_con=cur_ssl_con, sess_rate=sess_rate, max_sess_rate=max_sess_rate,
date=cur_date
).execute()
except Exception as e:
out_error(e)
else:
conn = connect()
if type(conn) is not str:
if not conn.is_closed():
conn.close()
def insert_metrics_http(serv, http_2xx, http_3xx, http_4xx, http_5xx):
time_zone = get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
cur_date = get_date.return_date('regular')
try:
MetricsHttpStatus.insert(
serv=serv, ok_ans=http_2xx, redir_ans=http_3xx, not_found_ans=http_4xx, err_ans=http_5xx,
date=cur_date
).execute()
except Exception as e:
out_error(e)
else:
conn = connect()
if type(conn) is not str:
if not conn.is_closed():
conn.close()
def insert_nginx_metrics(serv, connection):
time_zone = get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
cur_date = get_date.return_date('regular')
try:
NginxMetrics.insert(serv=serv, conn=connection, date=cur_date).execute()
except Exception as e:
out_error(e)
else:
conn = connect()
if type(conn) is not str:
if not conn.is_closed():
conn.close()
def insert_apache_metrics(serv, connection):
time_zone = get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
cur_date = get_date.return_date('regular')
try:
ApacheMetrics.insert(serv=serv, conn=connection, date=cur_date).execute()
except Exception as e:
out_error(e)
else:
conn = connect()
if type(conn) is not str:
if not conn.is_closed():
conn.close()
def insert_waf_metrics(serv, connection):
time_zone = get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
cur_date = get_date.return_date('regular')
try:
WafMetrics.insert(serv=serv, conn=connection, date=cur_date).execute()
except Exception as e:
out_error(e)
finally:
conn = connect()
if type(conn) is not str:
if not conn.is_closed():
conn.close()
def delete_waf_metrics():
time_zone = get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
cur_date = get_date.return_date('regular', timedelta_minus=3)
query = WafMetrics.delete().where(WafMetrics.date < cur_date)
try:
query.execute()
except Exception as e:
out_error(e)
finally:
conn = connect()
if type(conn) is not str:
if not conn.is_closed():
conn.close()
def delete_metrics():
time_zone = get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
cur_date = get_date.return_date('regular', timedelta_minus=3)
query = Metrics.delete().where(Metrics.date < cur_date)
try:
query.execute()
except Exception as e:
out_error(e)
finally:
conn = connect()
if type(conn) is not str:
if not conn.is_closed():
conn.close()
def delete_http_metrics():
time_zone = get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
cur_date = get_date.return_date('regular', timedelta_minus=3)
query = MetricsHttpStatus.delete().where(MetricsHttpStatus.date < cur_date)
try:
query.execute()
except Exception as e:
out_error(e)
finally:
conn = connect()
if type(conn) is not str:
if not conn.is_closed():
conn.close()
def delete_nginx_metrics():
time_zone = get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
cur_date = get_date.return_date('regular', timedelta_minus=3)
query = NginxMetrics.delete().where(NginxMetrics.date < cur_date)
try:
query.execute()
except Exception as e:
out_error(e)
finally:
conn = connect()
if type(conn) is not str:
if not conn.is_closed():
conn.close()
def delete_apache_metrics():
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
cur_date = get_date.return_date('regular', timedelta_minus=3)
query = ApacheMetrics.delete().where(ApacheMetrics.date < cur_date)
try:
query.execute()
except Exception as e:
out_error(e)
finally:
conn = connect()
if type(conn) is not str:
if not conn.is_closed():
conn.close()
def select_metrics(serv, service, **kwargs):
conn = connect()
cursor = conn.cursor()
if service in ('nginx', 'apache', 'waf'):
metrics_table = '{}_metrics'.format(service)
elif service == 'http_metrics':
metrics_table = 'metrics_http_status'
else:
metrics_table = 'metrics'
if mysql_enable == '1':
if kwargs.get('time_range') == '60':
date_from = "and date > now() - INTERVAL 60 minute group by `date` div 100"
elif kwargs.get('time_range') == '180':
date_from = "and date > now() - INTERVAL 180 minute group by `date` div 200"
elif kwargs.get('time_range') == '360':
date_from = "and date > now() - INTERVAL 360 minute group by `date` div 300"
elif kwargs.get('time_range') == '720':
date_from = "and date > now() - INTERVAL 720 minute group by `date` div 500"
else:
date_from = "and date > now() - INTERVAL 30 minute"
sql = """ select * from {metrics_table} where serv = '{serv}' {date_from} order by `date` asc """.format(
metrics_table=metrics_table, serv=serv, date_from=date_from
)
else:
if kwargs.get('time_range') == '60':
date_from = "and date > datetime('now', '-60 minutes', 'localtime') and rowid % 2 = 0"
elif kwargs.get('time_range') == '180':
date_from = "and date > datetime('now', '-180 minutes', 'localtime') and rowid % 5 = 0"
elif kwargs.get('time_range') == '360':
date_from = "and date > datetime('now', '-360 minutes', 'localtime') and rowid % 7 = 0"
elif kwargs.get('time_range') == '720':
date_from = "and date > datetime('now', '-720 minutes', 'localtime') and rowid % 9 = 0"
else:
date_from = "and date > datetime('now', '-30 minutes', 'localtime')"
sql = """ select * from (select * from {metrics_table} where serv = '{serv}' {date_from} order by `date`) order by `date` """.format(
metrics_table=metrics_table, serv=serv, date_from=date_from)
try:
cursor.execute(sql)
except Exception as e:
out_error(e)
else:
return cursor.fetchall()
def select_servers_metrics_for_master(**kwargs):
if kwargs.get('group') != 1:
query = Server.select(Server.ip).where(
((Server.metrics == 1) | (Server.nginx_metrics == 1) | (Server.apache_metrics == 1))
& (Server.groups == kwargs.get('group'))
)
else:
query = Server.select(Server.ip).where(
(Server.metrics == 1)
| (Server.nginx_metrics == 1)
| (Server.apache_metrics == 1)
)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_haproxy_servers_metrics_for_master():
query = Server.select(Server.ip).where(Server.metrics == 1)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_nginx_servers_metrics_for_master():
query = Server.select(Server.ip).where((Server.nginx_metrics == 1) & (Server.nginx == 1))
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_apache_servers_metrics_for_master():
query = Server.select(Server.ip).where(
(Server.apache_metrics == 1)
& (Server.apache == 1)
)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_servers_metrics(group_id):
if group_id == 1:
query = Server.select(Server.ip).where((Server.enable == 1) & (Server.metrics == 1))
else:
query = Server.select(Server.ip).where(
(Server.enable == 1) & (Server.groups == group_id) & (Server.metrics == 1))
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_table_metrics(group_id):
conn = connect()
cursor = conn.cursor()
if group_id == 1:
groups = ""
else:
groups = "and servers.groups = '{group}' ".format(group=group_id)
if mysql_enable == '1':
sql = """
select ip.ip, hostname, avg_sess_1h, avg_sess_24h, avg_sess_3d, max_sess_1h, max_sess_24h, max_sess_3d,
avg_cur_1h, avg_cur_24h, avg_cur_3d, max_con_1h, max_con_24h, max_con_3d from
(select servers.ip from servers where metrics = 1 ) as ip,
(select servers.ip, servers.hostname as hostname from servers left join metrics as metr on servers.ip = metr.serv where servers.metrics = 1 %s) as hostname,
(select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_1h from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(), INTERVAL -1 HOUR)
group by servers.ip) as avg_sess_1h,
(select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_24h from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR)
group by servers.ip) as avg_sess_24h,
(select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_3d from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(), INTERVAL -3 DAY)
group by servers.ip ) as avg_sess_3d,
(select servers.ip,max(metr.sess_rate) as max_sess_1h from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -1 HOUR)
group by servers.ip) as max_sess_1h,
(select servers.ip,max(metr.sess_rate) as max_sess_24h from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR)
group by servers.ip) as max_sess_24h,
(select servers.ip,max(metr.sess_rate) as max_sess_3d from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -3 DAY)
group by servers.ip ) as max_sess_3d,
(select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_1h from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -1 HOUR)
group by servers.ip) as avg_cur_1h,
(select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_24h from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR)
group by servers.ip) as avg_cur_24h,
(select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_3d from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -3 DAY)
group by servers.ip ) as avg_cur_3d,
(select servers.ip,max(metr.curr_con) as max_con_1h from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -1 HOUR)
group by servers.ip) as max_con_1h,
(select servers.ip,max(metr.curr_con) as max_con_24h from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR)
group by servers.ip) as max_con_24h,
(select servers.ip,max(metr.curr_con) as max_con_3d from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -3 DAY)
group by servers.ip ) as max_con_3d
where ip.ip=hostname.ip
and ip.ip=avg_sess_1h.ip
and ip.ip=avg_sess_24h.ip
and ip.ip=avg_sess_3d.ip
and ip.ip=max_sess_1h.ip
and ip.ip=max_sess_24h.ip
and ip.ip=max_sess_3d.ip
and ip.ip=avg_cur_1h.ip
and ip.ip=avg_cur_24h.ip
and ip.ip=avg_cur_3d.ip
and ip.ip=max_con_1h.ip
and ip.ip=max_con_24h.ip
and ip.ip=max_con_3d.ip
group by hostname.ip """ % groups
else:
sql = """
select ip.ip, hostname, avg_sess_1h, avg_sess_24h, avg_sess_3d, max_sess_1h, max_sess_24h, max_sess_3d, avg_cur_1h,
avg_cur_24h, avg_cur_3d, max_con_1h, max_con_24h, max_con_3d from
(select servers.ip from servers where metrics = 1 ) as ip,
(select servers.ip, servers.hostname as hostname from servers left join metrics as metr on servers.ip = metr.serv where servers.metrics = 1 %s) as hostname,
(select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_1h from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime')
group by servers.ip) as avg_sess_1h,
(select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_24h from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime')
group by servers.ip) as avg_sess_24h,
(select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_3d from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime')
group by servers.ip ) as avg_sess_3d,
(select servers.ip,max(metr.sess_rate) as max_sess_1h from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime')
group by servers.ip) as max_sess_1h,
(select servers.ip,max(metr.sess_rate) as max_sess_24h from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime')
group by servers.ip) as max_sess_24h,
(select servers.ip,max(metr.sess_rate) as max_sess_3d from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime')
group by servers.ip ) as max_sess_3d,
(select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_1h from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime')
group by servers.ip) as avg_cur_1h,
(select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_24h from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime')
group by servers.ip) as avg_cur_24h,
(select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_3d from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime')
group by servers.ip ) as avg_cur_3d,
(select servers.ip,max(metr.curr_con) as max_con_1h from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime')
group by servers.ip) as max_con_1h,
(select servers.ip,max(metr.curr_con) as max_con_24h from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime')
group by servers.ip) as max_con_24h,
(select servers.ip,max(metr.curr_con) as max_con_3d from servers
left join metrics as metr on metr.serv = servers.ip
where servers.metrics = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime')
group by servers.ip ) as max_con_3d
where ip.ip=hostname.ip
and ip.ip=avg_sess_1h.ip
and ip.ip=avg_sess_24h.ip
and ip.ip=avg_sess_3d.ip
and ip.ip=max_sess_1h.ip
and ip.ip=max_sess_24h.ip
and ip.ip=max_sess_3d.ip
and ip.ip=avg_cur_1h.ip
and ip.ip=avg_cur_24h.ip
and ip.ip=avg_cur_3d.ip
and ip.ip=max_con_1h.ip
and ip.ip=max_con_24h.ip
and ip.ip=max_con_3d.ip
group by hostname.ip """ % groups
try:
cursor.execute(sql)
except Exception as e:
out_error(e)
else:
return cursor.fetchall()
def select_service_table_metrics(service: str, group_id: int):
conn = connect()
cursor = conn.cursor()
if service in ('nginx', 'apache'):
metrics_table = f'{service}_metrics'
if group_id == 1:
groups = ""
else:
groups = f"and servers.groups = '{group_id}' "
if mysql_enable == '1':
sql = """
select ip.ip, hostname, avg_cur_1h, avg_cur_24h, avg_cur_3d, max_con_1h, max_con_24h, max_con_3d from
(select servers.ip from servers where {metrics} = 1 ) as ip,
(select servers.ip, servers.hostname as hostname from servers left join {metrics} as metr on servers.ip = metr.serv where servers.{metrics} = 1 {groups}) as hostname,
(select servers.ip,round(avg(metr.conn), 1) as avg_cur_1h from servers
left join {metrics} as metr on metr.serv = servers.ip
where servers.{metrics} = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -1 HOUR)
group by servers.ip) as avg_cur_1h,
(select servers.ip,round(avg(metr.conn), 1) as avg_cur_24h from servers
left join {metrics} as metr on metr.serv = servers.ip
where servers.{metrics} = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR)
group by servers.ip) as avg_cur_24h,
(select servers.ip,round(avg(metr.conn), 1) as avg_cur_3d from servers
left join {metrics} as metr on metr.serv = servers.ip
where servers.{metrics} = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -3 DAY)
group by servers.ip ) as avg_cur_3d,
(select servers.ip,max(metr.conn) as max_con_1h from servers
left join {metrics} as metr on metr.serv = servers.ip
where servers.{metrics} = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -1 HOUR)
group by servers.ip) as max_con_1h,
(select servers.ip,max(metr.conn) as max_con_24h from servers
left join {metrics} as metr on metr.serv = servers.ip
where servers.{metrics} = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR)
group by servers.ip) as max_con_24h,
(select servers.ip,max(metr.conn) as max_con_3d from servers
left join {metrics} as metr on metr.serv = servers.ip
where servers.{metrics} = 1 and
metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -3 DAY)
group by servers.ip ) as max_con_3d
where ip.ip=hostname.ip
and ip.ip=avg_cur_1h.ip
and ip.ip=avg_cur_24h.ip
and ip.ip=avg_cur_3d.ip
and ip.ip=max_con_1h.ip
and ip.ip=max_con_24h.ip
and ip.ip=max_con_3d.ip
group by hostname.ip """.format(metrics=metrics_table, groups=groups)
else:
sql = """
select ip.ip, hostname, avg_cur_1h, avg_cur_24h, avg_cur_3d, max_con_1h, max_con_24h, max_con_3d from
(select servers.ip from servers where {metrics} = 1 ) as ip,
(select servers.ip, servers.hostname as hostname from servers left join {metrics} as metr on servers.ip = metr.serv where servers.{metrics} = 1 {groups}) as hostname,
(select servers.ip,round(avg(metr.conn), 1) as avg_cur_1h from servers
left join {metrics} as metr on metr.serv = servers.ip
where servers.{metrics} = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime')
group by servers.ip) as avg_cur_1h,
(select servers.ip,round(avg(metr.conn), 1) as avg_cur_24h from servers
left join {metrics} as metr on metr.serv = servers.ip
where servers.{metrics} = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime')
group by servers.ip) as avg_cur_24h,
(select servers.ip,round(avg(metr.conn), 1) as avg_cur_3d from servers
left join {metrics} as metr on metr.serv = servers.ip
where servers.{metrics} = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime')
group by servers.ip ) as avg_cur_3d,
(select servers.ip,max(metr.conn) as max_con_1h from servers
left join {metrics} as metr on metr.serv = servers.ip
where servers.{metrics} = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime')
group by servers.ip) as max_con_1h,
(select servers.ip,max(metr.conn) as max_con_24h from servers
left join {metrics} as metr on metr.serv = servers.ip
where servers.{metrics} = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime')
group by servers.ip) as max_con_24h,
(select servers.ip,max(metr.conn) as max_con_3d from servers
left join {metrics} as metr on metr.serv = servers.ip
where servers.{metrics} = 1 and
metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime')
group by servers.ip ) as max_con_3d
where ip.ip=hostname.ip
and ip.ip=avg_cur_1h.ip
and ip.ip=avg_cur_24h.ip
and ip.ip=avg_cur_3d.ip
and ip.ip=max_con_1h.ip
and ip.ip=max_con_24h.ip
and ip.ip=max_con_3d.ip
group by hostname.ip """.format(metrics=metrics_table, groups=groups)
try:
cursor.execute(sql)
except Exception as e:
out_error(e)
else:
return cursor.fetchall()

150
app/modules/db/portscanner.py Normal file
View File

@ -0,0 +1,150 @@
from app.modules.db.db_model import connect, fn, PortScannerPorts, PortScannerSettings, PortScannerHistory
from app.modules.db.sql import get_setting
from app.modules.db.common import out_error
import app.modules.roxy_wi_tools as roxy_wi_tools
def delete_port_scanner_settings(server_id):
query = PortScannerSettings.delete().where(PortScannerSettings.server_id == server_id)
try:
query.execute()
except Exception as e:
out_error(e)
def select_port_scanner_settings(user_group):
if user_group != 1:
query = PortScannerSettings.select().where(PortScannerSettings.user_group_id == str(user_group))
else:
query = PortScannerSettings.select()
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_port_scanner_settings_for_service():
query = PortScannerSettings.select()
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def insert_port_scanner_port(serv, user_group_id, port, service_name):
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
cur_date = get_date.return_date('regular')
try:
PortScannerPorts.insert(
serv=serv, port=port, user_group_id=user_group_id, service_name=service_name,
date=cur_date
).execute()
except Exception as e:
out_error(e)
def select_ports(serv):
conn = connect()
cursor = conn.cursor()
sql = """select port from port_scanner_ports where serv = '%s' """ % serv
try:
cursor.execute(sql)
except Exception as e:
out_error(e)
else:
conn.close()
return cursor.fetchall()
def select_port_name(serv, port):
query = PortScannerPorts.select(PortScannerPorts.service_name).where(
(PortScannerPorts.serv == serv) & (PortScannerPorts.port == port))
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
for port in query_res:
return port.service_name
def delete_ports(serv):
query = PortScannerPorts.delete().where(PortScannerPorts.serv == serv)
try:
query.execute()
except Exception as e:
out_error(e)
def insert_port_scanner_history(serv, port, port_status, service_name):
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
cur_date = get_date.return_date('regular')
try:
PortScannerHistory.insert(
serv=serv, port=port, status=port_status, service_name=service_name, date=cur_date
).execute()
except Exception as e:
out_error(e)
def insert_port_scanner_settings(server_id, user_group_id, enabled, notify, history):
try:
PortScannerSettings.insert(
server_id=server_id, user_group_id=user_group_id, enabled=enabled, notify=notify, history=history
).execute()
return True
except Exception:
return False
def update_port_scanner_settings(server_id, user_group_id, enabled, notify, history):
query = PortScannerSettings.update(
user_group_id=user_group_id, enabled=enabled, notify=notify, history=history
).where(PortScannerSettings.server_id == server_id)
try:
query.execute()
except Exception as e:
out_error(e)
def select_count_opened_ports(serv):
query = PortScannerPorts.select(
PortScannerPorts.date, fn.Count(PortScannerPorts.port).alias('count')
).where(PortScannerPorts.serv == serv)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
port = list()
for ports in query_res:
port.append([ports.count, ports.date])
return port
def delete_portscanner_history(keep_interval: int):
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
cur_date = get_date.return_date('regular', timedelta_minus=keep_interval)
query = PortScannerHistory.delete().where(
PortScannerHistory.date < cur_date)
try:
query.execute()
except Exception as e:
out_error(e)
def select_port_scanner_history(serv):
query = PortScannerHistory.select().where(PortScannerHistory.serv == serv)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res

125
app/modules/db/roxy.py Normal file
View File

@ -0,0 +1,125 @@
from app.modules.db.db_model import UserName, RoxyTool, Version
from app.modules.db.common import out_error
def insert_user_name(user_name):
try:
UserName.insert(UserName=user_name).execute()
except Exception:
pass
def select_user_name():
try:
query_res = UserName.get().UserName
except Exception:
return False
else:
return query_res
def update_user_name(user_name):
user_update = UserName.update(UserName=user_name)
try:
user_update.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def update_user_status(status, plan, method):
user_update = UserName.update(Status=status, Method=method, Plan=plan)
try:
user_update.execute()
except Exception:
return False
else:
return True
def select_user_status():
try:
query_res = UserName.get().Status
except Exception:
return False
else:
return query_res
def select_user_plan():
try:
query_res = UserName.get().Plan
except Exception:
return False
else:
return query_res
def select_user_all():
try:
query_res = UserName.select()
except Exception:
return False
else:
return query_res
def get_roxy_tools():
query = RoxyTool.select()
try:
query_res = query.where(RoxyTool.is_roxy == 1).execute()
except Exception as e:
out_error(e)
else:
tools = []
for tool in query_res:
tools.append(tool.name)
return tools
def get_all_tools():
try:
query_res = RoxyTool.select().execute()
except Exception as e:
out_error(e)
else:
tools = {}
for tool in query_res:
tools.setdefault(tool.name, {'current_version': tool.current_version, 'new_version': tool.new_version, 'desc': tool.desc})
return tools
def update_tool_cur_version(tool_name: str, version: str):
try:
RoxyTool.update(current_version=version).where(RoxyTool.name == tool_name).execute()
except Exception as e:
out_error(e)
def update_tool_new_version(tool_name: str, version: str):
try:
RoxyTool.update(new_version=version).where(RoxyTool.name == tool_name).execute()
except Exception as e:
out_error(e)
def get_tool_cur_version(tool_name: str):
try:
query = RoxyTool.get(RoxyTool.name == tool_name).current_version
except Exception as e:
out_error(e)
else:
return query
def get_ver():
try:
ver = Version.get()
except Exception as e:
out_error(e)
else:
return ver.version

286
app/modules/db/server.py Normal file
View File

@ -0,0 +1,286 @@
from app.modules.db.db_model import mysql_enable, connect, Server, SystemInfo
from app.modules.db.common import out_error
def add_server(hostname, ip, group, typeip, enable, master, cred, port, desc, haproxy, nginx, apache, firewall):
try:
server_id = Server.insert(
hostname=hostname, ip=ip, groups=group, type_ip=typeip, enable=enable, master=master, cred=cred,
port=port, desc=desc, haproxy=haproxy, nginx=nginx, apache=apache, firewall_enable=firewall
).execute()
return server_id
except Exception as e:
out_error(e)
return False
def delete_server(server_id):
try:
server_for_delete = Server.delete().where(Server.server_id == server_id)
server_for_delete.execute()
except Exception as e:
out_error(e)
else:
return True
def update_server(hostname, group, typeip, enable, master, server_id, cred, port, desc, firewall, protected):
try:
server_update = Server.update(
hostname=hostname, groups=group, type_ip=typeip, enable=enable, master=master, cred=cred,
port=port, desc=desc, firewall_enable=firewall, protected=protected
).where(Server.server_id == server_id)
server_update.execute()
except Exception as e:
out_error(e)
def get_hostname_by_server_ip(server_ip):
try:
hostname = Server.get(Server.ip == server_ip)
except Exception as e:
return out_error(e)
else:
return hostname.hostname
def select_server_by_name(name):
try:
ip = Server.get(Server.hostname == name)
except Exception as e:
return out_error(e)
else:
return ip.ip
def insert_system_info(
server_id: int, os_info: str, sys_info: dict, cpu: dict, ram: dict, network: dict, disks: dict
):
try:
SystemInfo.insert(
server_id=server_id, os_info=os_info, sys_info=sys_info, cpu=cpu, ram=ram, network=network, disks=disks
).on_conflict('replace').execute()
except Exception as e:
out_error(e)
def delete_system_info(server_id: int):
try:
SystemInfo.delete().where(SystemInfo.server_id == server_id).execute()
except Exception as e:
out_error(e)
def select_one_system_info(server_id: int):
try:
return SystemInfo.select().where(SystemInfo.server_id == server_id).execute()
except Exception as e:
out_error(e)
def is_system_info(server_id):
try:
query_res = SystemInfo.get(SystemInfo.server_id == server_id).server_id
except Exception:
return True
else:
if query_res:
return True
else:
return False
def select_os_info(server_id):
try:
query_res = SystemInfo.get(SystemInfo.server_id == server_id).os_info
except Exception as e:
out_error(e)
return
else:
return query_res
def update_firewall(serv):
query = Server.update(firewall_enable=1).where(Server.ip == serv)
try:
query.execute()
return True
except Exception as e:
out_error(e)
return False
def return_firewall(serv):
try:
query_res = Server.get(Server.ip == serv).firewall_enable
except Exception:
return False
else:
return True if query_res == 1 else False
def update_server_pos(pos, server_id) -> str:
query = Server.update(pos=pos).where(Server.server_id == server_id)
try:
query.execute()
return 'ok'
except Exception as e:
out_error(e)
def is_serv_protected(serv):
try:
query_res = Server.get(Server.ip == serv)
except Exception:
return ""
else:
return True if query_res.protected else False
def select_server_ip_by_id(server_id: int) -> str:
try:
server_ip = Server.get(Server.server_id == server_id).ip
except Exception as e:
return out_error(e)
else:
return server_ip
def select_server_id_by_ip(server_ip):
try:
server_id = Server.get(Server.ip == server_ip).server_id
except Exception:
return None
else:
return server_id
def select_servers(**kwargs):
conn = connect()
cursor = conn.cursor()
if mysql_enable == '1':
sql = """select * from `servers` where `enable` = 1 ORDER BY servers.groups """
if kwargs.get("server") is not None:
sql = """select * from `servers` where `ip` = '{}' """.format(kwargs.get("server"))
if kwargs.get("full") is not None:
sql = """select * from `servers` ORDER BY hostname """
if kwargs.get("get_master_servers") is not None:
sql = """select id,hostname from `servers` where `master` = 0 and type_ip = 0 and enable = 1 ORDER BY servers.groups """
if kwargs.get("get_master_servers") is not None and kwargs.get('uuid') is not None:
sql = """ select servers.id, servers.hostname from `servers`
left join user as user on servers.groups = user.groups
left join uuid as uuid on user.id = uuid.user_id
where uuid.uuid = '{}' and servers.master = 0 and servers.type_ip = 0 and servers.enable = 1 ORDER BY servers.groups
""".format(kwargs.get('uuid'))
if kwargs.get("id"):
sql = """select * from `servers` where `id` = '{}' """.format(kwargs.get("id"))
if kwargs.get("hostname"):
sql = """select * from `servers` where `hostname` = '{}' """.format(kwargs.get("hostname"))
if kwargs.get("id_hostname"):
sql = """select * from `servers` where `hostname` ='{}' or id = '{}' or ip = '{}'""".format(
kwargs.get("id_hostname"), kwargs.get("id_hostname"), kwargs.get("id_hostname"))
if kwargs.get("server") and kwargs.get("keep_alive"):
sql = """select active from `servers` where `ip` = '{}' """.format(kwargs.get("server"))
else:
sql = """select * from servers where enable = '1' ORDER BY servers.groups """
if kwargs.get("server") is not None:
sql = """select * from servers where ip = '{}' """.format(kwargs.get("server"))
if kwargs.get("full") is not None:
sql = """select * from servers ORDER BY hostname """
if kwargs.get("get_master_servers") is not None:
sql = """select id,hostname from servers where master = 0 and type_ip = 0 and enable = 1 ORDER BY servers.groups """
if kwargs.get("get_master_servers") is not None and kwargs.get('uuid') is not None:
sql = """ select servers.id, servers.hostname from servers
left join user as user on servers.groups = user.groups
left join uuid as uuid on user.id = uuid.user_id
where uuid.uuid = '{}' and servers.master = 0 and servers.type_ip = 0 and servers.enable = 1 ORDER BY servers.groups
""".format(kwargs.get('uuid'))
if kwargs.get("id"):
sql = """select * from servers where id = '{}' """.format(kwargs.get("id"))
if kwargs.get("hostname"):
sql = """select * from servers where hostname = '{}' """.format(kwargs.get("hostname"))
if kwargs.get("id_hostname"):
sql = """select * from servers where hostname = '{}' or id = '{}' or ip = '{}'""".format(
kwargs.get("id_hostname"), kwargs.get("id_hostname"), kwargs.get("id_hostname"))
if kwargs.get("server") and kwargs.get("keep_alive"):
sql = """select active from servers where ip = '{}' """.format(kwargs.get("server"))
try:
cursor.execute(sql)
except Exception as e:
out_error(e)
else:
return cursor.fetchall()
def get_dick_permit(group_id, **kwargs):
only_group = kwargs.get('only_group')
disable = 'enable = 1'
haproxy = ''
nginx = ''
keepalived = ''
apache = ''
ip = ''
if kwargs.get('virt'):
type_ip = ""
else:
type_ip = "and type_ip = 0"
if kwargs.get('disable') == 0:
disable = '(enable = 1 or enable = 0)'
if kwargs.get('ip'):
ip = "and ip = '%s'" % kwargs.get('ip')
if kwargs.get('haproxy') or kwargs.get('service') == 'haproxy':
haproxy = "and haproxy = 1"
if kwargs.get('nginx') or kwargs.get('service') == 'nginx':
nginx = "and nginx = 1"
if kwargs.get('keepalived') or kwargs.get('service') == 'keepalived':
keepalived = "and keepalived = 1"
if kwargs.get('apache') or kwargs.get('service') == 'apache':
apache = "and apache = 1"
conn = connect()
cursor = conn.cursor()
try:
if mysql_enable == '1':
if group_id == '1' and not only_group:
sql = f" select * from `servers` where {disable} {type_ip} {nginx} {haproxy} {keepalived} {apache} {ip} order by `pos` asc"
else:
sql = f" select * from `servers` where `groups` = {group_id} and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by `pos` asc"
else:
if group_id == '1' and not only_group:
sql = f" select * from servers where {disable} {type_ip} {nginx} {haproxy} {keepalived} {apache} {ip} order by pos"
else:
sql = f" select * from servers where groups = '{group_id}' and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by pos"
except Exception as e:
raise Exception(f'error: {e}')
try:
cursor.execute(sql)
except Exception as e:
out_error(e)
else:
return cursor.fetchall()
def is_master(ip, **kwargs):
conn = connect()
cursor = conn.cursor()
if kwargs.get('master_slave'):
sql = """ select master.hostname, master.ip, slave.hostname, slave.ip
from servers as master
left join servers as slave on master.id = slave.master
where slave.master > 0 """
else:
sql = """ select slave.ip, slave.hostname from servers as master
left join servers as slave on master.id = slave.master
where master.ip = '%s' """ % ip
try:
cursor.execute(sql)
except Exception as e:
out_error(e)
else:
return cursor.fetchall()

266
app/modules/db/service.py Normal file
View File

@ -0,0 +1,266 @@
from app.modules.db.db_model import Server, Services, ServiceSetting
from app.modules.db.common import out_error
def update_hapwi_server(server_id, alert, metrics, active, service_name):
try:
if service_name == 'nginx':
update_hapwi = Server.update(
nginx_alert=alert, nginx_active=active, nginx_metrics=metrics
).where(Server.server_id == server_id)
elif service_name == 'keepalived':
update_hapwi = Server.update(keepalived_alert=alert, keepalived_active=active).where(
Server.server_id == server_id)
elif service_name == 'apache':
update_hapwi = Server.update(apache_alert=alert, apache_active=active, apache_metrics=metrics).where(
Server.server_id == server_id)
else:
update_hapwi = Server.update(alert=alert, metrics=metrics, active=active).where(
Server.server_id == server_id)
update_hapwi.execute()
except Exception as e:
out_error(e)
def update_server_services(server_id: int, haproxy: int, nginx: int, apache: int, keepalived: int) -> bool:
try:
server_update = Server.update(
haproxy=haproxy, nginx=nginx, apache=apache, keepalived=keepalived
).where(Server.server_id == server_id)
server_update.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def insert_or_update_service_setting(server_id, service, setting, value):
try:
ServiceSetting.insert(server_id=server_id, service=service, setting=setting, value=value).on_conflict(
'replace').execute()
except Exception as e:
out_error(e)
return False
else:
return True
def select_service_settings(server_id: int, service: str) -> str:
query = ServiceSetting.select().where((ServiceSetting.server_id == server_id) & (ServiceSetting.service == service))
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_docker_service_settings(server_id: int, service: str) -> str:
query = ServiceSetting.select().where(
(ServiceSetting.server_id == server_id)
& (ServiceSetting.service == service)
& (ServiceSetting.setting == 'dockerized')
)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_docker_services_settings(service: str) -> str:
query = ServiceSetting.select().where(
(ServiceSetting.service == service)
& (ServiceSetting.setting == 'dockerized')
)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_restart_service_settings(server_id: int, service: str) -> str:
query = ServiceSetting.select().where(
(ServiceSetting.server_id == server_id)
& (ServiceSetting.service == service)
& (ServiceSetting.setting == 'restart')
)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_restart_services_settings(service: str) -> str:
query = ServiceSetting.select().where(
(ServiceSetting.service == service)
& (ServiceSetting.setting == 'restart')
)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_service_setting(server_id: int, service: str, setting: str) -> str:
try:
result = ServiceSetting.get(
(ServiceSetting.server_id == server_id)
& (ServiceSetting.service == service)
& (ServiceSetting.setting == setting)
).value
except Exception:
return '0'
else:
return result
def delete_service_settings(server_id: int):
query = ServiceSetting.delete().where(ServiceSetting.server_id == server_id)
try:
query.execute()
except Exception as e:
out_error(e)
def select_service_name_by_id(service_id: int) -> str:
try:
service = Services.get(Services.service_id == service_id).service
except Exception as e:
return out_error(e)
else:
return service
def select_service_id_by_slug(service_slug: str) -> int:
try:
service = Services.get(Services.slug == service_slug).service_id
except Exception as e:
return out_error(e)
else:
return service
def select_services():
query = Services.select()
try:
query_res = query.execute()
except Exception as e:
out_error(e)
return
else:
return query_res
def select_service(slug: str) -> object:
try:
query_res = Services.get(Services.slug == slug)
except Exception as e:
out_error(e)
return 'there is no service'
else:
return query_res
def update_keepalived(serv):
query = Server.update(keepalived='1').where(Server.ip == serv)
try:
query.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def select_apache(serv):
try:
apache = Server.get(Server.ip == serv).apache
except Exception as e:
out_error(e)
else:
return apache
def update_apache(serv: str) -> bool:
query = Server.update(apache='1').where(Server.ip == serv)
try:
query.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def select_nginx(serv):
try:
query_res = Server.get(Server.ip == serv).nginx
except Exception as e:
out_error(e)
else:
return query_res
def update_nginx(serv: str) -> bool:
query = Server.update(nginx=1).where(Server.ip == serv)
try:
query.execute()
return True
except Exception as e:
out_error(e)
return False
def select_haproxy(serv):
try:
query_res = Server.get(Server.ip == serv).haproxy
except Exception as e:
out_error(e)
else:
return query_res
def update_haproxy(serv):
query = Server.update(haproxy=1).where(Server.ip == serv)
try:
query.execute()
return True
except Exception as e:
out_error(e)
return False
def select_keepalived(serv):
try:
keepalived = Server.get(Server.ip == serv).keepalived
except Exception as e:
out_error(e)
else:
return keepalived
def select_count_services(service: str) -> int:
try:
if service == 'haproxy':
query_res = Server.select().where(Server.haproxy == 1).count()
elif service == 'nginx':
query_res = Server.select().where(Server.nginx == 1).count()
elif service == 'keepalived':
query_res = Server.select().where(Server.keepalived == 1).count()
elif service == 'apache':
query_res = Server.select().where(Server.apache == 1).count()
else:
query_res = Server.select().where().count()
except Exception as e:
out_error(e)
else:
return query_res

4
app/modules/db/smon.py
View File

@ -3,8 +3,9 @@ import uuid
from peewee import fn
from app.modules.db.db_model import SmonAgent, Server, SMON, SmonTcpCheck, SmonHttpCheck, SmonDnsCheck, SmonPingCheck, SmonHistory, SmonStatusPageCheck, SmonStatusPage
from app.modules.db.sql import get_setting
from app.modules.db.common import out_error
from app.modules.common.common import get_date
import app.modules.roxy_wi_tools as roxy_wi_tools
def get_agents(group_id: int):
@ -186,6 +187,7 @@ def add_sec_to_state_time(time, smon_id):
def insert_smon_history(smon_id: int, resp_time: float, status: int, check_id: int, mes='') -> None:
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
cur_date = get_date.return_date('regular')
try:
SmonHistory.insert(smon_id=smon_id, response_time=resp_time, status=status, date=cur_date, check_id=check_id, mes=mes).execute()

3667
app/modules/db/sql.py
View File

File diff suppressed because it is too large Load Diff

431
app/modules/db/user.py Normal file
View File

@ -0,0 +1,431 @@
from peewee import Case, JOIN
from app.modules.db.db_model import User, UserGroups, Groups, UUID, Token, ApiToken
from app.modules.db.sql import get_setting
from app.modules.db.common import out_error
import app.modules.roxy_wi_tools as roxy_wi_tools
def add_user(user, email, password, role, activeuser, group):
if password != 'aduser':
try:
hashed_pass = roxy_wi_tools.Tools.get_hash(password)
last_id = User.insert(
username=user, email=email, password=hashed_pass, role=role, activeuser=activeuser, groups=group
).execute()
except Exception as e:
out_error(e)
else:
return last_id
else:
try:
last_id = User.insert(
username=user, email=email, role=role, ldap_user=1, activeuser=activeuser, groups=group
).execute()
except Exception as e:
out_error(e)
else:
return last_id
def update_user(user, email, role, user_id, active_user):
try:
User.update(username=user, email=email, role=role, activeuser=active_user).where(User.user_id == user_id).execute()
except Exception as e:
out_error(e)
def update_user_from_admin_area(user, email, user_id, active_user):
try:
User.update(username=user, email=email, activeuser=active_user).where(User.user_id == user_id).execute()
except Exception as e:
out_error(e)
def delete_user_groups(user_id):
group_for_delete = UserGroups.delete().where(UserGroups.user_id == user_id)
try:
group_for_delete.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def update_user_current_groups(groups, user_uuid):
user_id = get_user_id_by_uuid(user_uuid)
try:
user_update = User.update(groups=groups).where(User.user_id == user_id)
user_update.execute()
except Exception as e:
out_error(e)
return False
else:
return True
def update_user_current_groups_by_id(groups, user_id):
try:
user_update = User.update(groups=groups).where(User.user_id == user_id)
user_update.execute()
except Exception as e:
out_error(e)
def update_user_password(password, user_id):
try:
hashed_pass = roxy_wi_tools.Tools.get_hash(password)
user_update = User.update(password=hashed_pass).where(User.user_id == user_id)
user_update.execute()
except Exception as e:
out_error(e)
def delete_user(user_id):
try:
user_for_delete = User.delete().where(User.user_id == user_id)
user_for_delete.execute()
delete_user_groups(user_id)
except Exception as e:
out_error(e)
return False
else:
return True
def update_user_role(user_id: int, group_id: int, role_id: int) -> None:
try:
UserGroups.insert(user_id=user_id, user_group_id=group_id, user_role_id=role_id).on_conflict('replace').execute()
except Exception as e:
out_error(e)
def select_users(**kwargs):
if kwargs.get("user") is not None:
query = User.select().where(User.username == kwargs.get("user"))
elif kwargs.get("id") is not None:
query = User.select().where(User.user_id == kwargs.get("id"))
elif kwargs.get("group") is not None:
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
cur_date = get_date.return_date('regular', timedelta_minutes_minus=15)
query = (User.select(
User, UserGroups, Case(
0, [((User.last_login_date >= cur_date), 0)], 1
).alias('last_login')
).join(UserGroups, on=(User.user_id == UserGroups.user_id)).where(
UserGroups.user_group_id == kwargs.get("group")
))
elif kwargs.get('by_group_id'):
query = User.select().where(User.groups == kwargs.get("by_group_id"))
else:
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
cur_date = get_date.return_date('regular', timedelta_minutes_minus=15)
query = User.select(User, Case(0, [(
(User.last_login_date >= cur_date), 0)], 1).alias('last_login')).order_by(User.user_id)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def is_user_active(user_id: int) -> int:
try:
query = User.get(User.user_id == user_id).activeuser
except Exception as e:
out_error(e)
else:
return int(query)
def check_user_group(user_id, group_id):
try:
query_res = UserGroups.get((UserGroups.user_id == user_id) & (UserGroups.user_group_id == group_id))
except Exception:
return False
else:
if query_res.user_id != '':
return True
else:
return False
def select_user_groups_with_names(user_id, **kwargs):
if kwargs.get("all") is not None:
query = (UserGroups.select(
UserGroups.user_group_id, UserGroups.user_id, Groups.name, Groups.description
).join(Groups, on=(UserGroups.user_group_id == Groups.group_id)))
elif kwargs.get("user_not_in_group") is not None:
query = (Groups.select(
Groups.group_id, Groups.name
).join(UserGroups, on=(
(UserGroups.user_group_id == Groups.group_id) &
(UserGroups.user_id == user_id)
), join_type=JOIN.LEFT_OUTER).group_by(Groups.name).where(UserGroups.user_id.is_null(True)))
else:
query = (UserGroups.select(
UserGroups.user_group_id, UserGroups.user_role_id, Groups.name, Groups.group_id
).join(Groups, on=(UserGroups.user_group_id == Groups.group_id)).where(UserGroups.user_id == user_id))
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_user_roles_by_group(group_id: int):
try:
query_res = UserGroups.select().where(UserGroups.user_group_id == group_id).execute()
except Exception as e:
out_error(e)
else:
return query_res
def update_last_act_user(uuid: str, token: str, ip: str) -> None:
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
session_ttl = get_setting('session_ttl')
token_ttl = get_setting('token_ttl')
cur_date_session = get_date.return_date('regular', timedelta=session_ttl)
cur_date_token = get_date.return_date('regular', timedelta=token_ttl)
cur_date = get_date.return_date('regular')
user_id = get_user_id_by_uuid(uuid)
query = UUID.update(exp=cur_date_session).where(UUID.uuid == uuid)
query1 = Token.update(exp=cur_date_token).where(Token.token == token)
query2 = User.update(last_login_date=cur_date, last_login_ip=ip).where(User.user_id == user_id)
try:
query.execute()
query1.execute()
query2.execute()
except Exception as e:
out_error(e)
def get_user_name_by_uuid(uuid):
try:
query = User.select(User.username).join(UUID, on=(User.user_id == UUID.user_id)).where(UUID.uuid == uuid)
query_res = query.execute()
except Exception as e:
out_error(e)
else:
for user in query_res:
return user.username
def get_user_id_by_uuid(uuid):
try:
query = User.select(User.user_id).join(UUID, on=(User.user_id == UUID.user_id)).where(UUID.uuid == uuid)
query_res = query.execute()
except Exception as e:
out_error(e)
else:
for user in query_res:
return user.user_id
def get_user_id_by_username(username: str):
try:
query = User.get(User.username == username).user_id
except Exception as e:
out_error(e)
else:
return query
def get_user_role_by_uuid(uuid, group_id):
query = (
UserGroups.select(UserGroups.user_role_id).join(UUID, on=(UserGroups.user_id == UUID.user_id)
).where(
(UUID.uuid == uuid) &
(UserGroups.user_group_id == group_id)
)
)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
for user_id in query_res:
return int(user_id.user_role_id)
def write_user_uuid(login, user_uuid):
session_ttl = get_setting('session_ttl')
user_id = get_user_id_by_username(login)
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
cur_date = get_date.return_date('regular', timedelta=session_ttl)
try:
UUID.insert(user_id=user_id, uuid=user_uuid, exp=cur_date).execute()
except Exception as e:
out_error(e)
def write_user_token(login, user_token):
token_ttl = get_setting('token_ttl')
user_id = get_user_id_by_username(login)
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
cur_date = get_date.return_date('regular', timedelta=token_ttl)
try:
Token.insert(user_id=user_id, token=user_token, exp=cur_date).execute()
except Exception as e:
out_error(e)
def select_user_services(user_id):
try:
query_res = User.get(User.user_id == user_id).user_services
except Exception as e:
out_error(e)
else:
return query_res
def update_user_services(services, user_id):
try:
User.update(user_services=services).where(User.user_id == user_id).execute()
except Exception as e:
out_error(e)
return False
else:
return True
def get_super_admin_count() -> int:
query = UserGroups.select(UserGroups.user_id, UserGroups.user_role_id).distinct().where(UserGroups.user_role_id == 1).group_by(UserGroups.user_id)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
try:
return len(list(query_res))
except Exception as e:
raise Exception(f'error: {e}')
def select_users_emails_by_group_id(group_id: int):
query = User.select(User.email).where((User.groups == group_id) & (User.role != 'guest'))
try:
query_res = query.execute()
except Exception as e:
out_error(e)
return
else:
return query_res
def select_user_email_by_uuid(uuid: str) -> str:
user_id = get_user_id_by_uuid(uuid)
try:
query_res = User.get(User.user_id == user_id).email
except Exception as e:
out_error(e)
return ""
else:
return query_res
def is_user_super_admin(user_id: int) -> bool:
query = UserGroups.select().where(UserGroups.user_id == user_id)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
for i in query_res:
if i.user_role_id == 1:
return True
else:
return False
def get_api_token(token):
try:
user_token = ApiToken.get(ApiToken.token == token)
except Exception as e:
return str(e)
else:
return True if token == user_token.token else False
def get_user_id_by_api_token(token):
query = (User.select(User.user_id).join(ApiToken, on=(
ApiToken.user_name == User.username
)).where(ApiToken.token == token))
try:
query_res = query.execute()
except Exception as e:
return str(e)
for i in query_res:
return i.user_id
def write_api_token(user_token, group_id, user_role, user_name):
token_ttl = int(get_setting('token_ttl'))
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
cur_date = get_date.return_date('regular', timedelta=token_ttl)
cur_date_token_ttl = get_date.return_date('regular', timedelta=token_ttl)
try:
ApiToken.insert(
token=user_token, user_name=user_name, user_group_id=group_id, user_role=user_role,
create_date=cur_date, expire_date=cur_date_token_ttl).execute()
except Exception as e:
out_error(e)
def get_username_group_id_from_api_token(token):
try:
user_name = ApiToken.get(ApiToken.token == token)
except Exception as e:
return str(e)
else:
return user_name.user_name, user_name.user_group_id, user_name.user_role
def get_token(uuid):
query = Token.select().join(UUID, on=(Token.user_id == UUID.user_id)).where(UUID.uuid == uuid).limit(1)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
try:
for i in query_res:
return i.token
except Exception:
return ''
def delete_old_uuid():
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
cur_date = get_date.return_date('regular')
query = UUID.delete().where((UUID.exp < cur_date) | (UUID.exp.is_null(True)))
query1 = Token.delete().where((Token.exp < cur_date) | (Token.exp.is_null(True)))
try:
query.execute()
query1.execute()
except Exception as e:
out_error(e)
def get_role_id(user_id: int, group_id: int) -> int:
try:
role_id = UserGroups.get((UserGroups.user_id == user_id) & (UserGroups.user_group_id == group_id))
except Exception as e:
out_error(e)
else:
return int(role_id.user_role_id)
def get_user_id(user_id: int) -> int:
try:
return User.get(User.user_id == user_id)
except Exception as e:
out_error(e)

322
app/modules/db/waf.py Normal file
View File

@ -0,0 +1,322 @@
from app.modules.db.db_model import Waf, WafNginx, WafRules, Server
from app.modules.db.common import out_error
def select_waf_metrics_enable_server(ip):
query = Waf.select(Waf.metrics).join(Server, on=(Waf.server_id == Server.server_id)).where(Server.ip == ip)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
for en in query_res:
return en.metrics
def select_waf_servers(serv):
query = Server.select(Server.ip).join(Waf, on=(Waf.server_id == Server.server_id)).where(Server.ip == serv)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
for en in query_res:
return en.ip
def select_waf_nginx_servers(serv):
query = Server.select(Server.ip).join(WafNginx, on=(WafNginx.server_id == Server.server_id)).where(Server.ip == serv)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
for en in query_res:
return en.ip
def insert_waf_nginx_server(server_ip):
try:
server_id = Server.get(Server.ip == server_ip).server_id
WafNginx.insert(server_id=server_id).execute()
except Exception as e:
out_error(e)
def select_waf_servers_metrics_for_master():
query = Server.select(Server.ip).join(
Waf, on=(Waf.server_id == Server.server_id)
).where((Server.enable == 1) & Waf.metrics == 1)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def select_waf_servers_metrics(group_id):
if group_id == '1':
query = Waf.select(Server.ip).join(Server, on=(Waf.server_id == Server.server_id)).where(
(Server.enable == 1) & (Waf.metrics == 1)
)
else:
query = Waf.select(Server.ip).join(Server, on=(Waf.server_id == Server.server_id)).where(
(Server.enable == 1) & (Waf.metrics == 1) & (Server.groups == group_id)
)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def insert_waf_metrics_enable(serv, enable):
try:
server_id = Server.get(Server.ip == serv).server_id
Waf.insert(server_id=server_id, metrics=enable).execute()
except Exception as e:
out_error(e)
def insert_waf_rules(serv):
data_source = [
{'serv': serv, 'rule_name': 'Ignore static', 'rule_file': 'modsecurity_crs_10_ignore_static.conf',
'desc': 'This ruleset will skip all tests for media files, but will skip only the request body phase (phase 2) '
'for text files. To skip the outbound stage for text files, add file 47 (skip_outbound_checks) '
'to your configuration, in addition to this fileth/aws/login'},
{'serv': serv, 'rule_name': 'Brute force protection', 'rule_file': 'modsecurity_crs_11_brute_force.conf',
'desc': 'Anti-Automation Rule for specific Pages (Brute Force Protection) This is a rate-limiting rule set and '
'does not directly correlate whether the authentication attempt was successful or not'},
{'serv': serv, 'rule_name': 'DOS Protections', 'rule_file': 'modsecurity_crs_11_dos_protection.conf',
'desc': 'Enforce an existing IP address block and log only 1-time/minute. We do not want to get flooded by alerts '
'during an attack or scan so we are only triggering an alert once/minute. You can adjust how often you '
'want to receive status alerts by changing the expirevar setting below'},
{'serv': serv, 'rule_name': 'XML enabler', 'rule_file': 'modsecurity_crs_13_xml_enabler.conf',
'desc': 'The rules in this file will trigger the XML parser upon an XML request'},
{'serv': serv, 'rule_name': 'Protocol violations', 'rule_file': 'modsecurity_crs_20_protocol_violations.conf',
'desc': 'Some protocol violations are common in application layer attacks. Validating HTTP requests eliminates a '
'large number of application layer attacks. The purpose of this rules file is to enforce HTTP RFC requirements '
'that state how the client is supposed to interact with the server. http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html'},
{'serv': serv, 'rule_name': 'Protocol anomalies', 'rule_file': 'modsecurity_crs_21_protocol_anomalies.conf',
'desc': 'Some common HTTP usage patterns are indicative of attacks but may also be used by non-browsers for '
'legitimate uses. Do not accept requests without common headers. All normal web browsers include Host, '
'User-Agent and Accept headers. Implies either an attacker or a legitimate automation client'},
{'serv': serv, 'rule_name': 'Detect CC#', 'rule_file': 'modsecurity_crs_25_cc_known.conf',
'desc': 'Detect CC# in input, log transaction and sanitize'},
{'serv': serv, 'rule_name': 'CC traker', 'rule_file': 'modsecurity_crs_25_cc_track_pan.conf',
'desc': 'Credit Card Track 1 and 2 and PAN Leakage Checks'},
{'serv': serv, 'rule_name': 'HTTP policy', 'rule_file': 'modsecurity_crs_30_http_policy.conf',
'desc': 'HTTP policy enforcement The HTTP policy enforcement rule set sets limitations on the use of HTTP by '
'clients. Few applications require the breadth and depth of the HTTP protocol. On the other hand many '
'attacks abuse valid but rare HTTP use patterns. Restricting HTTP protocol usage is effective in '
'therefore effective in blocking many application layer attacks'},
{'serv': serv, 'rule_name': 'Bad robots', 'rule_file': 'modsecurity_crs_35_bad_robots.conf',
'desc': 'Bad robots detection is based on checking elements easily controlled by the client. As such a '
'determined attacked can bypass those checks. Therefore bad robots detection should not be viewed '
'as a security mechanism against targeted attacks but rather as a nuisance reduction, eliminating '
'most of the random attacks against your web site'},
{'serv': serv, 'rule_name': 'OS Injection Attacks', 'rule_file': 'modsecurity_crs_40_generic_attacks.conf',
'desc': 'OS Command Injection Attacks'},
{'serv': serv, 'rule_name': 'SQL injection', 'rule_file': 'modsecurity_crs_41_sql_injection_attacks.conf',
'desc': 'SQL injection protection'},
{'serv': serv, 'rule_name': 'XSS Protections', 'rule_file': 'modsecurity_crs_41_xss_attacks.conf',
'desc': 'XSS attacks protection'},
{'serv': serv, 'rule_name': 'Comment spam', 'rule_file': 'modsecurity_crs_42_comment_spam.conf',
'desc': 'Comment spam is an attack against blogs, guestbooks, wikis and other types of interactive web sites '
'that accept and display hyperlinks submitted by visitors. The spammers automatically post specially '
'crafted random comments which include links that point to the spammer\'s web site. The links artificially '
'increase the site\'s search engine ranking and may make the site more noticable in search results.'},
{'serv': serv, 'rule_name': 'Trojans Protections', 'rule_file': 'modsecurity_crs_45_trojans.conf ',
'desc': 'The trojan access detection rules detects access to known Trojans already installed on a server. '
'Uploading of Trojans is part of the Anti-Virus rules and uses external Anti Virus program when uploading '
'files. Detection of Trojans access is especially important in a hosting environment where the actual Trojan '
'upload may be done through valid methods and not through hacking'},
{'serv': serv, 'rule_name': 'RFI Protections', 'rule_file': 'modsecurity_crs_46_slr_et_lfi_attacks.conf',
'desc': 'Remote file inclusion is an attack targeting vulnerabilities in web applications that dynamically reference '
'external scripts. The perpetrators goal is to exploit the referencing function in an application to upload '
'malware (e.g., backdoor shells) from a remote URL located within a different domain'},
{'serv': serv, 'rule_name': 'RFI Protections 2', 'rule_file': 'modsecurity_crs_46_slr_et_rfi_attacks.conf',
'desc': 'Remote file inclusion is an attack targeting vulnerabilities in web applications that dynamically reference '
'external scripts. The perpetrators goal is to exploit the referencing function in an application to '
'upload malware (e.g., backdoor shells) from a remote URL located within a different domain'},
{'serv': serv, 'rule_name': 'SQLi Protections', 'rule_file': 'modsecurity_crs_46_slr_et_sqli_attacks.conf',
'desc': 'SQLi injection attacks protection'},
{'serv': serv, 'rule_name': 'XSS Protections 2', 'rule_file': 'modsecurity_crs_46_slr_et_xss_attacks.conf',
'desc': 'XSS attacks protection'},
{'serv': serv, 'rule_name': 'Common exceptions', 'rule_file': 'modsecurity_crs_47_common_exceptions.conf',
'desc': 'This file is used as an exception mechanism to remove common false positives that may be encountered'},
]
try:
WafRules.insert_many(data_source).execute()
except Exception as e:
out_error(e)
else:
return True
def insert_nginx_waf_rules(serv):
data_source = [
{'serv': serv, 'rule_name': 'Initialization', 'rule_file': 'REQUEST-901-INITIALIZATION.conf',
'desc': 'This file REQUEST-901-INITIALIZATION.conf initializes the Core Rules and performs preparatory actions. '
'It also fixes errors and omissions of variable definitions in the file crs-setup.conf The setup.conf'
'can and should be edited by the user, this file. is part of the CRS installation and should not be altered.',
'service': 'nginx'},
{'serv': serv, 'rule_name': 'Drupal exclusion rules', 'rule_file': 'REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf',
'desc': 'These exclusions remedy false positives in a default Drupal install. The exclusions are only active '
'if crs_exclusions_drupal=1 is set. See rule 900130 in crs-setup.conf for instructions.',
'service': 'nginx'},
{'serv': serv, 'rule_name': 'Nextcloud exclusion rules', 'rule_file': 'REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf',
'desc': 'These exclusions remedy false positives in a default NextCloud install. They will likely work with OwnCloud '
'too, but you may have to modify them. The exclusions are only active if crs_exclusions_nextcloud=1 is set. '
'See rule 900130 in crs-setup.conf for instructions.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Dokuwiki exclusion rules', 'rule_file': 'REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf',
'desc': 'These exclusions remedy false positives in a default Dokuwiki install. The exclusions are only active '
'if crs_exclusions_dokuwiki=1 is set. See rule 900130 in crs-setup.conf for instructions.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'CPanel exclusion rules', 'rule_file': 'REQUEST-903.9005-CPANEL-EXCLUSION-RULES.conf',
'desc': 'These exclusions remedy false positives in a default CPanel install. The exclusions are only active '
'if crs_exclusions_cpanel=1 is set. See rule 900130 in crs-setup.conf for instructions.',
'service': 'nginx'},
{'serv': serv, 'rule_name': 'XenForo exclusion rules', 'rule_file': 'REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf',
'desc': 'These exclusions remedy false positives in a default XenForo install. The exclusions are only active '
'if crs_exclusions_xenforo=1 is set. See rule 900130 in crs-setup.conf for instructions.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Common exceptions', 'rule_file': 'REQUEST-905-COMMON-EXCEPTIONS.conf',
'desc': 'This file is used as an exception mechanism to remove common false positives that may be encountered.',
'service': 'nginx'},
{'serv': serv, 'rule_name': 'IP reputation', 'rule_file': 'REQUEST-910-IP-REPUTATION.conf',
'desc': 'IP reputation rule.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Method enforcement', 'rule_file': 'REQUEST-911-METHOD-ENFORCEMENT.conf',
'desc': 'Method enforcement rule.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'DDOS protection', 'rule_file': 'REQUEST-912-DOS-PROTECTION.conf',
'desc': 'Anti-Automation rules to detect Denial of Service attacks.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Protocol enforcement', 'rule_file': 'REQUEST-920-PROTOCOL-ENFORCEMENT.conf',
'desc': 'Some protocol violations are common in application layer attacks. Validating HTTP requests eliminates '
'a large number of application layer attacks. The purpose of this rules file is to enforce HTTP RFC '
'requirements that state how the client is supposed to interact with the server.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Protocol attack', 'rule_file': 'REQUEST-921-PROTOCOL-ATTACK.conf',
'desc': 'Protocol attack rule.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Application attack LFI', 'rule_file': 'REQUEST-930-APPLICATION-ATTACK-LFI.conf',
'desc': 'Application attack LFI rule.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Application attack RCE', 'rule_file': 'REQUEST-932-APPLICATION-ATTACK-RCE.conf',
'desc': 'Application attack RCE rule.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Application attack PHP', 'rule_file': 'REQUEST-933-APPLICATION-ATTACK-PHP.conf',
'desc': 'Application attack PHP rule.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Application attack NodeJS', 'rule_file': 'REQUEST-934-APPLICATION-ATTACK-NODEJS.conf',
'desc': 'Application attack NodeJS rule.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Application attack SQLI', 'rule_file': 'REQUEST-942-APPLICATION-ATTACK-SQLI.conf',
'desc': 'Application attack SQLI rule.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Application attack session-fixation', 'rule_file': 'REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf',
'desc': 'Application attack session-fixation rule.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Application attack JAVA', 'rule_file': 'REQUEST-944-APPLICATION-ATTACK-JAVA.conf',
'desc': 'Application attack JAVA rule.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Application attack blocking evaluation', 'rule_file': 'REQUEST-949-BLOCKING-EVALUATION.conf',
'desc': 'Application attack blocking evaluation rule.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Data leakages', 'rule_file': 'RESPONSE-950-DATA-LEAKAGES.conf',
'desc': 'The paranoia level skip rules 950020, 950021 and 950022 have odd numbers not in sync with other paranoia '
'level skip rules in other. files. This is done to avoid rule id collisions with CRSv2. This is also true '
'for rule 950130.', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Data leakages SQL', 'rule_file': 'RESPONSE-951-DATA-LEAKAGES-SQL.conf',
'desc': 'Data leakages SQL rule', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Data leakages JAVA', 'rule_file': 'RESPONSE-952-DATA-LEAKAGES-JAVA.conf',
'desc': 'Data leakages JAVA rule', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Data leakages PHP', 'rule_file': 'RESPONSE-953-DATA-LEAKAGES-PHP.conf',
'desc': 'Data leakages PHP rule', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Data leakages IIS', 'rule_file': 'RESPONSE-954-DATA-LEAKAGES-IIS.conf',
'desc': 'Data leakages IIS rule', 'service': 'nginx'},
{'serv': serv, 'rule_name': 'Blocking evaluation', 'rule_file': 'RESPONSE-959-BLOCKING-EVALUATION.conf',
'desc': 'You should set the score to the proper threshold you would prefer. If kept at "@gt 0" it will work '
'similarly to previous Mod CRS rules and will create an event in the error_log file if there are any '
'rules that match. If you would like to lessen the number of events generated in the error_log file, '
'you should increase the anomaly score threshold to something like "@gt 20". This would only generate '
'an event in the error_log file if there are multiple lower severity rule matches or if any 1 higher '
'severity item matches. You should also set the desired disruptive action (deny, redirect, etc...).',
'service': 'nginx'},
{'serv': serv, 'rule_name': 'Correlation', 'rule_file': 'RESPONSE-980-CORRELATION.conf',
'desc': 'This file is used in post processing after the response has been sent to the client (in the logging phase). '
'Its purpose is to provide inbound+outbound correlation of events to provide a more intelligent designation '
'as to the outcome or result of the transaction - meaning, was this a successful attack?',
'service': 'nginx'},
]
try:
WafRules.insert_many(data_source).execute()
except Exception as e:
out_error(e)
else:
return True
def select_waf_rules(serv, service):
query = WafRules.select(WafRules.id, WafRules.rule_name, WafRules.en, WafRules.desc).where(
(WafRules.serv == serv)
& (WafRules.service == service)
)
try:
query_res = query.execute()
except Exception as e:
out_error(e)
else:
return query_res
def delete_waf_rules(serv):
query = WafRules.delete().where(WafRules.serv == serv)
try:
query.execute()
except Exception as e:
out_error(e)
def select_waf_rule_by_id(rule_id):
try:
query = WafRules.get(WafRules.id == rule_id)
except Exception as e:
out_error(e)
else:
return query.rule_file
def update_enable_waf_rules(rule_id, serv, en):
query = WafRules.update(en=en).where((WafRules.id == rule_id) & (WafRules.serv == serv))
try:
query.execute()
except Exception as e:
out_error(e)
def insert_new_waf_rule(rule_name: str, rule_file: str, rule_description: str, service: str, serv: str) -> int:
try:
last_id = WafRules.insert(
serv=serv,
rule_name=rule_name,
rule_file=rule_file,
desc=rule_description,
service=service
).execute()
except Exception as e:
out_error(e)
else:
return last_id
def delete_waf_server(server_id):
query = Waf.delete().where(Waf.server_id == server_id)
try:
query.execute()
except Exception as e:
out_error(e)
def update_waf_metrics_enable(name, enable):
server_id = 0
try:
server_id = Server.get(Server.hostname == name).server_id
except Exception as e:
out_error(e)
try:
Waf.update(metrics=enable).where(Waf.server_id == server_id).execute()
except Exception as e:
out_error(e)
else:
return 'ok'

23
app/modules/roxywi/auth.py
View File

@ -5,6 +5,9 @@ from flask_login import login_user
from datetime import datetime, timedelta
import app.modules.db.sql as sql
import app.modules.db.user as user_sql
import app.modules.db.group as group_sql
import app.modules.db.service as service_sql
import app.modules.roxywi.common as roxywi_common
@ -13,7 +16,7 @@ def check_login(user_uuid, token) -> str:
return 'login_page'
if user_uuid is not None:
if sql.get_user_name_by_uuid(user_uuid) is None:
if user_sql.get_user_name_by_uuid(user_uuid) is None:
return 'login_page'
else:
try:
@ -21,17 +24,17 @@ def check_login(user_uuid, token) -> str:
except Exception:
ip = ''
sql.update_last_act_user(user_uuid, token, ip)
user_sql.update_last_act_user(user_uuid, token, ip)
return 'ok'
return 'login_page'
def is_access_permit_to_service(service: str) -> bool:
service_id = sql.select_service_id_by_slug(service)
service_id = service_sql.select_service_id_by_slug(service)
user_uuid = request.cookies.get('uuid')
user_id = sql.get_user_id_by_uuid(user_uuid)
user_services = sql.select_user_services(user_id)
user_id = user_sql.get_user_id_by_uuid(user_uuid)
user_services = user_sql.select_user_services(user_id)
if str(service_id) in user_services:
return True
else:
@ -46,7 +49,7 @@ def is_admin(level=1, **kwargs):
group_id = request.cookies.get('group')
try:
role = sql.get_user_role_by_uuid(user_id, group_id)
role = user_sql.get_user_role_by_uuid(user_id, group_id)
except Exception:
role = 4
pass
@ -104,8 +107,8 @@ def check_in_ldap(user, password):
def create_uuid_and_token(login: str):
user_uuid = str(uuid.uuid4())
user_token = str(uuid.uuid4())
sql.write_user_uuid(login, user_uuid)
sql.write_user_token(login, user_token)
user_sql.write_user_uuid(login, user_uuid)
user_sql.write_user_token(login, user_token)
return user_uuid, user_token
@ -129,12 +132,12 @@ def do_login(user_uuid: str, user_group: str, user: str, next_url: str):
resp.set_cookie('group', str(user_group), expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT"), samesite='Strict')
try:
user_group_name = sql.get_group_name_by_id(user_group)
user_group_name = group_sql.get_group_name_by_id(user_group)
except Exception:
user_group_name = ''
try:
user_name = sql.get_user_name_by_uuid(user_uuid)
user_name = user_sql.get_user_name_by_uuid(user_uuid)
roxywi_common.logging('Roxy-WI server', f' user: {user_name}, group: {user_group_name} login', roxywi=1)
except Exception as e:
print(f'error: {e}')

57
app/modules/roxywi/common.py
View File

@ -4,11 +4,15 @@ from typing import Any
from flask import request
import app.modules.db.sql as sql
import modules.roxy_wi_tools as roxy_wi_tools
from app.modules.db.sql import get_setting
import app.modules.db.roxy as roxy_sql
import app.modules.db.user as user_sql
import app.modules.db.group as group_sql
import app.modules.db.server as server_sql
import app.modules.db.history as history_sql
import app.modules.db.ha_cluster as ha_sql
import app.modules.roxy_wi_tools as roxy_wi_tools
time_zone = sql.get_setting('time_zone')
get_date = roxy_wi_tools.GetDate(time_zone)
get_config_var = roxy_wi_tools.GetConfigVar()
@ -21,7 +25,7 @@ def get_user_group(**kwargs) -> int:
try:
user_group_id = request.cookies.get('group')
groups = sql.select_groups(id=user_group_id)
groups = group_sql.select_groups(id=user_group_id)
for g in groups:
if g.group_id == int(user_group_id):
if kwargs.get('id'):
@ -40,13 +44,13 @@ def check_user_group_for_flask(**kwargs):
if kwargs.get('user_uuid'):
group_id = kwargs.get('user_group_id')
user_uuid = kwargs.get('user_uuid')
user_id = sql.get_user_id_by_uuid(user_uuid)
user_id = user_sql.get_user_id_by_uuid(user_uuid)
else:
user_uuid = request.cookies.get('uuid')
group_id = request.cookies.get('group')
user_id = sql.get_user_id_by_uuid(user_uuid)
user_id = user_sql.get_user_id_by_uuid(user_uuid)
if sql.check_user_group(user_id, group_id):
if user_sql.check_user_group(user_id, group_id):
return True
else:
logging('Roxy-WI server', ' has tried to actions in not his group ', roxywi=1, login=1)
@ -55,19 +59,19 @@ def check_user_group_for_flask(**kwargs):
def get_user_id(**kwargs):
if kwargs.get('login'):
return sql.get_user_id_by_username(kwargs.get('login'))
return user_sql.get_user_id_by_username(kwargs.get('login'))
user_uuid = request.cookies.get('uuid')
if user_uuid is not None:
user_id = sql.get_user_id_by_uuid(user_uuid)
user_id = user_sql.get_user_id_by_uuid(user_uuid)
return user_id
def check_is_server_in_group(server_ip: str) -> bool:
group_id = get_user_group(id=1)
servers = sql.select_servers(server=server_ip)
servers = server_sql.select_servers(server=server_ip)
for s in servers:
if (s[2] == server_ip and int(s[3]) == int(group_id)) or group_id == 1:
return True
@ -104,6 +108,7 @@ def get_files(folder, file_format, server_ip=None) -> list:
def logging(server_ip: str, action: str, **kwargs) -> None:
get_date = roxy_wi_tools.GetDate(get_setting('time_zone'))
cur_date_in_log = get_date.return_date('date_in_log')
log_path = get_config_var.get_config_var('main', 'log_path')
@ -122,7 +127,7 @@ def logging(server_ip: str, action: str, **kwargs) -> None:
try:
user_uuid = request.cookies.get('uuid')
login = sql.get_user_name_by_uuid(user_uuid)
login = user_sql.get_user_name_by_uuid(user_uuid)
except Exception:
login = ''
@ -151,7 +156,7 @@ def logging(server_ip: str, action: str, **kwargs) -> None:
def keep_action_history(service: str, action: str, server_ip: str, login: str, user_ip: str):
if login != '':
user_id = sql.get_user_id_by_username(login)
user_id = user_sql.get_user_id_by_username(login)
else:
user_id = 0
if user_ip == '':
@ -159,14 +164,14 @@ def keep_action_history(service: str, action: str, server_ip: str, login: str, u
if service == 'HA cluster':
cluster_id = server_ip
cluster_name = sql.select_cluster_name(int(cluster_id))
sql.insert_action_history(service, action, int(cluster_id), user_id, user_ip, cluster_id, cluster_name)
cluster_name = ha_sql.select_cluster_name(int(cluster_id))
history_sql.insert_action_history(service, action, int(cluster_id), user_id, user_ip, cluster_id, cluster_name)
else:
try:
server_id = sql.select_server_id_by_ip(server_ip=server_ip)
hostname = sql.get_hostname_by_server_ip(server_ip)
server_id = server_sql.select_server_id_by_ip(server_ip=server_ip)
hostname = server_sql.get_hostname_by_server_ip(server_ip)
sql.insert_action_history(service, action, server_id, user_id, user_ip, server_ip, hostname)
history_sql.insert_action_history(service, action, server_id, user_id, user_ip, server_ip, hostname)
except Exception as e:
logging('Roxy-WI server', f'Cannot save a history: {e}', roxywi=1)
@ -187,7 +192,7 @@ def get_dick_permit(**kwargs):
if check_user_group_for_flask(token=token):
try:
servers = sql.get_dick_permit(group_id, **kwargs)
servers = server_sql.get_dick_permit(group_id, **kwargs)
except Exception as e:
raise Exception(e)
else:
@ -199,7 +204,7 @@ def get_dick_permit(**kwargs):
def get_users_params(**kwargs):
try:
user_uuid = request.cookies.get('uuid')
user = sql.get_user_name_by_uuid(user_uuid)
user = user_sql.get_user_name_by_uuid(user_uuid)
except Exception:
raise Exception('error: Cannot get user UUID')
@ -209,22 +214,22 @@ def get_users_params(**kwargs):
raise Exception(f'error: Cannot get user group: {e}')
try:
role = sql.get_user_role_by_uuid(user_uuid, group_id)
role = user_sql.get_user_role_by_uuid(user_uuid, group_id)
except Exception:
raise Exception('error: Cannot get user role')
try:
user_id = sql.get_user_id_by_uuid(user_uuid)
user_id = user_sql.get_user_id_by_uuid(user_uuid)
except Exception as e:
raise Exception(f'error: Cannot get user id {e}')
try:
user_services = sql.select_user_services(user_id)
user_services = user_sql.select_user_services(user_id)
except Exception as e:
raise Exception(f'error: Cannot get user services {e}')
try:
token = sql.get_token(user_uuid)
token = user_sql.get_token(user_uuid)
except Exception as e:
raise Exception(f'error: Cannot get user token {e}')
@ -270,8 +275,8 @@ def get_user_lang_for_flask() -> str:
def return_user_status() -> dict:
user_subscription = {}
user_subscription.setdefault('user_status', sql.select_user_status())
user_subscription.setdefault('user_plan', sql.select_user_plan())
user_subscription.setdefault('user_status', roxy_sql.select_user_status())
user_subscription.setdefault('user_plan', roxy_sql.select_user_plan())
return user_subscription

8
app/modules/roxywi/group.py
View File

@ -1,4 +1,4 @@
import app.modules.db.sql as sql
import app.modules.db.group as group_sql
import app.modules.roxywi.common as roxywi_common
@ -7,7 +7,7 @@ def update_group(group_id: int, group_name: str, desc: str) -> str:
return roxywi_common.return_error_message()
else:
try:
sql.update_group(group_name, desc, group_id)
group_sql.update_group(group_name, desc, group_id)
roxywi_common.logging('Roxy-WI server', f'The {group_name} has been updated', roxywi=1, login=1)
return 'ok'
except Exception as e:
@ -15,12 +15,12 @@ def update_group(group_id: int, group_name: str, desc: str) -> str:
def delete_group(group_id: int) -> str:
group = sql.select_groups(id=group_id)
group = group_sql.select_groups(id=group_id)
group_name = ''
for g in group:
group_name = g.name
if sql.delete_group(group_id):
if group_sql.delete_group(group_id):
roxywi_common.logging('Roxy-WI server', f'The {group_name} has been deleted', roxywi=1, login=1)
return 'ok'

44
app/modules/roxywi/logs.py
View File

@ -1,10 +1,9 @@
import re
import modules.db.sql as sql
import modules.server.server as server_mod
from modules.common.common import checkAjaxInput
import modules.roxy_wi_tools as roxy_wi_tools
import modules.roxywi.common as roxywi_common
import app.modules.db.sql as sql
import app.modules.common.common as common
import app.modules.server.server as server_mod
from app.modules.common.common import checkAjaxInput
import app.modules.roxy_wi_tools as roxy_wi_tools
import app.modules.roxywi.common as roxywi_common
get_config_var = roxy_wi_tools.GetConfigVar()
@ -18,7 +17,7 @@ def roxy_wi_log() -> list:
group_grep = f'|grep "group: {user_group}"'
else:
group_grep = ''
cmd = f"find {log_path}/roxy-wi-* -type f -exec stat --format '%Y :%y %n' '{{}}' \; | sort -nr | cut -d: -f2- " \
cmd = f"find {log_path}/roxy-wi.log -type f -exec stat --format '%Y :%y %n' '{{}}' \; | sort -nr | cut -d: -f2- " \
f"| head -1 |awk '{{print $4}}' |xargs tail {group_grep}|sort -r"
try:
output, stderr = server_mod.subprocess_execute(cmd)
@ -30,17 +29,16 @@ def roxy_wi_log() -> list:
def show_log(stdout, **kwargs):
i = 0
out = ''
grep = ''
grep = kwargs.get('grep')
if kwargs.get('grep'):
grep = kwargs.get('grep')
grep = re.sub(r'[?|$|.|!|^|*|\]|\[|,| |]', r'', grep)
if grep:
grep = common.sanitize_input_word(grep)
for line in stdout:
i = i + 1
if kwargs.get('grep'):
line = line.replace(grep, f'<span style="color: red; font-weight: bold;">{grep}</span>')
if grep:
line = common.highlight_word(line, grep)
line_class = "line3" if i % 2 == 0 else "line"
out += f'<div class="{line_class}">{line}</div>'
out += common.wrap_line(line, line_class)
return out
@ -75,28 +73,24 @@ def show_roxy_log(
if syslog_server_enable is None or syslog_server_enable == 0:
local_path_logs = sql.get_setting(f'{service}_path_logs')
if service == 'nginx':
commands = ["sudo cat %s/%s |tail -%s %s %s" % (local_path_logs, log_file, rows, grep_act, exgrep_act)]
commands = "sudo cat %s/%s |tail -%s %s %s" % (local_path_logs, log_file, rows, grep_act, exgrep_act)
elif service == 'apache':
commands = [
"sudo cat %s/%s| awk -F\"/|:\" '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act)
]
commands = "sudo cat %s/%s| awk -F\"/|:\" '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act)
elif service == 'keepalived':
commands = [
"sudo cat %s/%s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act)
]
commands = "sudo cat %s/%s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act)
else:
commands = ["sudo cat %s/%s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act)]
commands = "sudo cat %s/%s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act)
syslog_server = serv
else:
if '..' in serv: raise Exception('error: nice try')
commands = ["sudo cat /var/log/%s/syslog.log | sed '/ %s:00/,/ %s:00/! d' |tail -%s %s %s %s" % (serv, date, date1, rows, grep_act, grep, exgrep_act)]
commands = "sudo cat /var/log/%s/syslog.log | sed '/ %s:00/,/ %s:00/! d' |tail -%s %s %s %s" % (serv, date, date1, rows, grep_act, grep, exgrep_act)
syslog_server = sql.get_setting('syslog_server')
if waf == "1":
local_path_logs = '/var/log/waf.log'
commands = ["sudo cat %s |tail -%s %s %s" % (local_path_logs, rows, grep_act, exgrep_act)]
commands = "sudo cat %s |tail -%s %s %s" % (local_path_logs, rows, grep_act, exgrep_act)
if kwargs.get('html') == 0:
a = server_mod.ssh_command(syslog_server, commands)

8
app/modules/roxywi/metrics.py
View File

@ -1,6 +1,6 @@
import psutil
import app.modules.db.sql as sql
import app.modules.db.metric as metric_sql
import app.modules.server.server as server_mod
@ -56,7 +56,7 @@ def show_cpu_metrics(metrics_type: str) -> dict:
def haproxy_metrics(server_ip: str, hostname: str, time_range: str) -> dict:
metric = sql.select_metrics(server_ip, 'haproxy', time_range=time_range)
metric = metric_sql.select_metrics(server_ip, 'haproxy', time_range=time_range)
metrics = {'chartData': {}}
metrics['chartData']['labels'] = {}
labels = ''
@ -84,7 +84,7 @@ def haproxy_metrics(server_ip: str, hostname: str, time_range: str) -> dict:
def haproxy_http_metrics(server_ip: str, hostname: str, time_range: str) -> dict:
metric = sql.select_metrics(server_ip, 'http_metrics', time_range=time_range)
metric = metric_sql.select_metrics(server_ip, 'http_metrics', time_range=time_range)
metrics = {'chartData': {}}
metrics['chartData']['labels'] = {}
labels = ''
@ -115,7 +115,7 @@ def haproxy_http_metrics(server_ip: str, hostname: str, time_range: str) -> dict
def service_metrics(server_ip: str, hostname: str, service: str, time_range: str) -> dict:
metric = sql.select_metrics(server_ip, service, time_range=time_range)
metric = metric_sql.select_metrics(server_ip, service, time_range=time_range)
metrics = {'chartData': {}}
metrics['chartData']['labels'] = {}

3
app/modules/roxywi/nettools.py
View File

@ -53,7 +53,7 @@ def telnet_from_server(server_from: str, server_to: str, port_to: str) -> str:
action_for_sending = f'echo "exit"|nc {server_to} {port_to} -t -w 1s'
output, stderr = server_mod.subprocess_execute(action_for_sending)
else:
action_for_sending = [f'echo "exit"|nc {server_to} {port_to} -t -w 1s']
action_for_sending = f'echo "exit"|nc {server_to} {port_to} -t -w 1s'
output = server_mod.ssh_command(server_from, action_for_sending, raw=1)
if stderr != '':
@ -85,7 +85,6 @@ def nslookup_from_server(server_from: str, dns_name: str, record_type: str) -> s
if server_from == 'localhost':
output, stderr = server_mod.subprocess_execute(action_for_sending)
else:
action_for_sending = [action_for_sending]
output = server_mod.ssh_command(server_from, action_for_sending, raw=1)
if stderr != '':

45
app/modules/roxywi/overview.py
View File

@ -3,6 +3,13 @@ import requests
from flask import render_template, request
import app.modules.db.sql as sql
import app.modules.db.waf as waf_sql
import app.modules.db.roxy as roxy_sql
import app.modules.db.user as user_sql
import app.modules.db.metric as metric_sql
import app.modules.db.server as server_sql
import app.modules.db.service as service_sql
import app.modules.db.checker as checker_sql
import app.modules.common.common as common
import app.modules.tools.common as tools_common
import app.modules.roxywi.common as roxywi_common
@ -14,13 +21,13 @@ def user_owv() -> str:
lang = roxywi_common.get_user_lang_for_flask()
roles = sql.select_roles()
user_params = roxywi_common.get_users_params()
users_groups = sql.select_user_groups_with_names(1, all=1)
users_groups = user_sql.select_user_groups_with_names(1, all=1)
user_group = roxywi_common.get_user_group(id=1)
if (user_params['role'] == 2 or user_params['role'] == 3) and int(user_group) != 1:
users = sql.select_users(group=user_group)
users = user_sql.select_users(group=user_group)
else:
users = sql.select_users()
users = user_sql.select_users()
return render_template('ajax/show_users_ovw.html', users=users, users_groups=users_groups, lang=lang, roles=roles)
@ -28,7 +35,7 @@ def user_owv() -> str:
def show_sub_ovw() -> str:
lang = roxywi_common.get_user_lang_for_flask()
return render_template('ajax/show_sub_ovw.html', sub=sql.select_user_all(), lang=lang)
return render_template('ajax/show_sub_ovw.html', sub=roxy_sql.select_user_all(), lang=lang)
def show_overview(serv) -> str:
@ -36,17 +43,17 @@ def show_overview(serv) -> str:
user_uuid = request.cookies.get('uuid')
group_id = request.cookies.get('group')
lang = roxywi_common.get_user_lang_for_flask()
role = sql.get_user_role_by_uuid(user_uuid, group_id)
server = [server for server in sql.select_servers(server=serv)]
user_id = sql.get_user_id_by_uuid(user_uuid)
user_services = sql.select_user_services(user_id)
role = user_sql.get_user_role_by_uuid(user_uuid, group_id)
server = [server for server in server_sql.select_servers(server=serv)]
user_id = user_sql.get_user_id_by_uuid(user_uuid)
user_services = user_sql.select_user_services(user_id)
haproxy = sql.select_haproxy(serv) if '1' in user_services else 0
nginx = sql.select_nginx(serv) if '2' in user_services else 0
keepalived = sql.select_keepalived(serv) if '3' in user_services else 0
apache = sql.select_apache(serv) if '4' in user_services else 0
haproxy = service_sql.select_haproxy(serv) if '1' in user_services else 0
nginx = service_sql.select_nginx(serv) if '2' in user_services else 0
keepalived = service_sql.select_keepalived(serv) if '3' in user_services else 0
apache = service_sql.select_apache(serv) if '4' in user_services else 0
waf = sql.select_waf_servers(server[0][2])
waf = waf_sql.select_waf_servers(server[0][2])
haproxy_process = ''
keepalived_process = ''
nginx_process = ''
@ -80,14 +87,14 @@ def show_overview(serv) -> str:
return f'error: {e} for server {server[0][2]}'
if keepalived:
command = ["ps ax |grep keepalived|grep -v grep|wc -l|tr -d '\n'"]
command = "ps ax |grep keepalived|grep -v grep|wc -l|tr -d '\n'"
try:
keepalived_process = server_mod.ssh_command(server[0][2], command)
except Exception as e:
return f'error: {e} for server {server[0][2]}'
if waf_len >= 1:
command = ["ps ax |grep waf/bin/modsecurity |grep -v grep |wc -l"]
command = "ps ax |grep waf/bin/modsecurity |grep -v grep |wc -l"
try:
waf_process = server_mod.ssh_command(server[0][2], command)
except Exception as e:
@ -186,8 +193,8 @@ def show_services_overview():
for s in user_params['servers']:
servers_group.append(s[2])
is_checker_worker = len(sql.select_all_alerts(group=user_group))
is_metrics_worker = len(sql.select_servers_metrics_for_master(group=user_group))
is_checker_worker = len(checker_sql.select_all_alerts(group=user_group))
is_metrics_worker = len(metric_sql.select_servers_metrics_for_master(group=user_group))
for pids in psutil.pids():
if pids < 300:
@ -214,7 +221,7 @@ def show_services_overview():
except psutil.NoSuchProcess:
pass
roxy_tools = sql.get_roxy_tools()
roxy_tools = roxy_sql.get_roxy_tools()
roxy_tools_status = {}
for tool in roxy_tools:
if tool == 'roxy-wi-prometheus-exporter':
@ -230,7 +237,7 @@ def show_services_overview():
def keepalived_became_master(server_ip) -> str:
commands = ["sudo kill -USR2 $(cat /var/run/keepalived.pid) && sudo grep 'Became master' /tmp/keepalived.stats |awk '{print $3}'"]
commands = "sudo kill -USR2 $(cat /var/run/keepalived.pid) && sudo grep 'Became master' /tmp/keepalived.stats |awk '{print $3}'"
became_master = server_mod.ssh_command(server_ip, commands)
lang = roxywi_common.get_user_lang_for_flask()

15
app/modules/roxywi/roxy.py
View File

@ -7,6 +7,7 @@ from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.retry import Retry
import app.modules.db.sql as sql
import app.modules.db.roxy as roxy_sql
import app.modules.roxywi.common as roxywi_common
import app.modules.server.server as server_mod
@ -23,7 +24,7 @@ def is_docker() -> bool:
def check_ver():
return sql.get_ver()
return roxy_sql.get_ver()
def versions():
@ -76,7 +77,7 @@ def update_user_status() -> None:
proxy_dict = {}
if proxy is not None and proxy != '' and proxy != 'None':
proxy_dict = {"https": proxy, "http": proxy}
user_name = sql.select_user_name()
user_name = roxy_sql.select_user_name()
retry_strategy = Retry(
total=3,
status_forcelist=[429, 500, 502, 503, 504],
@ -89,7 +90,7 @@ def update_user_status() -> None:
try:
status = roxy_wi_get_plan.content.decode(encoding='UTF-8')
status = status.split(' ')
sql.update_user_status(status[0], status[1].strip(), status[2].strip())
roxy_sql.update_user_status(status[0], status[1].strip(), status[2].strip())
except Exception as e:
roxywi_common.logging('Roxy-WI server', f'error: Cannot get user status {e}', roxywi=1)
@ -99,7 +100,7 @@ def action_service(action: str, service: str) -> str:
cmd = f"sudo systemctl disable {service} --now"
if action in ("start", "restart"):
cmd = f"sudo systemctl {action} {service} --now"
if not sql.select_user_status():
if not roxy_sql.select_user_status():
return 'warning: The service is disabled because you are not subscribed. Read <a href="https://roxy-wi.org/pricing" ' \
'title="Roxy-WI pricing" target="_blank">here</a> about subscriptions'
if is_in_docker:
@ -123,10 +124,10 @@ def update_plan():
else:
user_name = 'git'
if sql.select_user_name():
sql.update_user_name(user_name)
if roxy_sql.select_user_name():
roxy_sql.update_user_name(user_name)
else:
sql.insert_user_name(user_name)
roxy_sql.insert_user_name(user_name)
except Exception as e:
roxywi_common.logging('Cannot update subscription: ', str(e), roxywi=1)

64
app/modules/roxywi/user.py
View File

@ -1,19 +1,21 @@
import os
from flask import render_template, make_response, request
from flask import render_template, make_response
import app.modules.db.sql as sql
import app.modules.db.user as user_sql
import app.modules.db.service as service_sql
import app.modules.roxywi.common as roxywi_common
import app.modules.tools.alerting as alerting
def create_user(new_user: str, email: str, password: str, role: str, activeuser: int, group: int) -> None:
def create_user(new_user: str, email: str, password: str, role: int, activeuser: int, group: int) -> None:
try:
user_id = sql.add_user(new_user, email, password, role, activeuser, group)
sql.update_user_role(user_id, group, role)
roxywi_common.logging(f'a new user {new_user}', ' has been created ', roxywi=1, login=1)
user_id = user_sql.add_user(new_user, email, password, role, activeuser, group)
# user_sql.update_user_role(user_id, group, role)
roxywi_common.logging(f'a new user {new_user}', 'has been created', roxywi=1, login=1)
try:
sql.update_user_role(user_id, group, role)
user_sql.update_user_role(user_id, group, role)
except Exception as e:
raise Exception(f'error: cannot update user role {e}')
try:
@ -32,26 +34,26 @@ def create_user(new_user: str, email: str, password: str, role: str, activeuser:
def delete_user(user_id: int) -> str:
if sql.is_user_super_admin(user_id):
count_super_admin_users = sql.get_super_admin_count()
if user_sql.is_user_super_admin(user_id):
count_super_admin_users = user_sql.get_super_admin_count()
if count_super_admin_users < 2:
raise Exception('error: you cannot delete a last user with superAdmin role')
user = sql.select_users(id=user_id)
user = user_sql.select_users(id=user_id)
username = ''
for u in user:
username = u.username
if sql.delete_user(user_id):
sql.delete_user_groups(user_id)
if user_sql.delete_user(user_id):
user_sql.delete_user_groups(user_id)
roxywi_common.logging(username, ' has been deleted user ', roxywi=1, login=1)
return "ok"
def update_user(email, new_user, user_id, enabled, group_id, role_id):
try:
sql.update_user(new_user, email, role_id, user_id, enabled)
user_sql.update_user(new_user, email, role_id, user_id, enabled)
except Exception as e:
roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'Cannot update user {new_user}', roxywi=1, login=1)
sql.update_user_role(user_id, group_id, role_id)
user_sql.update_user_role(user_id, group_id, role_id)
roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)
@ -59,23 +61,23 @@ def update_user_password(password, uuid, user_id_from_get):
username = ''
if uuid:
user_id = sql.get_user_id_by_uuid(uuid)
user_id = user_sql.get_user_id_by_uuid(uuid)
else:
user_id = user_id_from_get
user = sql.select_users(id=user_id)
user = user_sql.select_users(id=user_id)
for u in user:
username = u.username
sql.update_user_password(password, user_id)
user_sql.update_user_password(password, user_id)
roxywi_common.logging(f'user {username}', ' has changed password ', roxywi=1, login=1)
return 'ok'
def get_user_services(user_id: int) -> str:
lang = roxywi_common.get_user_lang_for_flask()
services = sql.select_services()
services = service_sql.select_services()
return render_template(
'ajax/user_services.html', user_services=sql.select_user_services(user_id), id=user_id, services=services, lang=lang
'ajax/user_services.html', user_services=user_sql.select_user_services(user_id), id=user_id, services=services, lang=lang
)
@ -87,16 +89,16 @@ def change_user_services(user: str, user_id: int, user_services: str) -> str:
services += ' ' + k2
try:
if sql.update_user_services(services=services, user_id=user_id):
roxywi_common.logging('Roxy-WI server', f'Access to the services has been updated for user: {user}', roxywi=1, login=1)
return 'ok'
user_sql.update_user_services(services=services, user_id=user_id)
except Exception as e:
return f'error: Cannot save: {e}'
roxywi_common.logging('Roxy-WI server', f'Access to the services has been updated for user: {user}', roxywi=1, login=1)
return 'ok'
def change_user_active_group(group_id: int, user_uuid: str) -> str:
try:
if sql.update_user_current_groups(group_id, user_uuid):
if user_sql.update_user_current_groups(group_id, user_uuid):
return 'Ok'
else:
return 'error: Cannot change group'
@ -105,41 +107,41 @@ def change_user_active_group(group_id: int, user_uuid: str) -> str:
def get_user_active_group(uuid: str, group: str) -> str:
group_id = sql.get_user_id_by_uuid(uuid)
groups = sql.select_user_groups_with_names(group_id)
group_id = user_sql.get_user_id_by_uuid(uuid)
groups = user_sql.select_user_groups_with_names(group_id)
lang = roxywi_common.get_user_lang_for_flask()
return render_template('ajax/user_current_group.html', groups=groups, group=group, id=group_id, lang=lang)
def show_user_groups_and_roles(user_id: int, lang: str) -> str:
groups = sql.select_user_groups_with_names(user_id, user_not_in_group=1)
groups = user_sql.select_user_groups_with_names(user_id, user_not_in_group=1)
roles = sql.select_roles()
user_groups = sql.select_user_groups_with_names(user_id)
user_groups = user_sql.select_user_groups_with_names(user_id)
return render_template('ajax/user_groups_and_roles.html', groups=groups, user_groups=user_groups, roles=roles, lang=lang)
def is_current_user(user_id: int, user_uuid: str) -> bool:
current_user_id = sql.get_user_id_by_uuid(user_uuid)
current_user_id = user_sql.get_user_id_by_uuid(user_uuid)
if current_user_id == user_id:
return True
return False
def save_user_group_and_role(user: str, groups_and_roles: dict, user_uuid: str) -> str:
def save_user_group_and_role(user: str, groups_and_roles: dict, user_uuid: str):
resp = make_response('ok')
for k, v in groups_and_roles.items():
user_id = int(k)
if not sql.delete_user_groups(user_id):
if not user_sql.delete_user_groups(user_id):
return 'error: Cannot delete old groups'
for k2, v2 in v.items():
group_id = int(k2)
role_id = int(v2['role_id'])
if len(v) == 1:
sql.update_user_current_groups_by_id(group_id, user_id)
user_sql.update_user_current_groups_by_id(group_id, user_id)
if is_current_user(user_id, user_uuid):
resp.set_cookie('group', str(group_id), secure=True)
try:
sql.update_user_role(user_id, group_id, role_id)
user_sql.update_user_role(user_id, group_id, role_id)
except Exception as e:
raise Exception(f'error: Cannot update groups: {e}')
else:

56
app/modules/roxywi/waf.py
View File

@ -1,16 +1,20 @@
from flask import render_template, request
import modules.db.sql as sql
import modules.common.common as common
import modules.server.server as server_mod
import modules.roxywi.common as roxywi_common
import app.modules.db.sql as sql
import app.modules.db.waf as waf_sql
import app.modules.db.user as user_sql
import app.modules.db.server as server_sql
import app.modules.db.service as service_sql
import app.modules.common.common as common
import app.modules.server.server as server_mod
import app.modules.roxywi.common as roxywi_common
def waf_overview(serv, waf_service) -> None:
servers = sql.select_servers(server=serv)
def waf_overview(serv, waf_service) -> str:
servers = server_sql.select_servers(server=serv)
user_id = request.cookies.get('uuid')
group_id = int(request.cookies.get('group'))
role = sql.get_user_role_by_uuid(user_id, group_id)
role = user_sql.get_user_role_by_uuid(user_id, group_id)
returned_servers = []
waf = ''
metrics_en = 0
@ -20,17 +24,17 @@ def waf_overview(serv, waf_service) -> None:
for server in servers:
if waf_service == 'haproxy':
is_waf_on_server = sql.select_haproxy(server[2])
is_waf_on_server = service_sql.select_haproxy(server[2])
elif waf_service == 'nginx':
is_waf_on_server = sql.select_nginx(server[2])
is_waf_on_server = service_sql.select_nginx(server[2])
if is_waf_on_server == 1:
config_path = sql.get_setting(f'{waf_service}_dir')
if waf_service == 'haproxy':
waf = sql.select_waf_servers(server[2])
metrics_en = sql.select_waf_metrics_enable_server(server[2])
waf = waf_sql.select_waf_servers(server[2])
metrics_en = waf_sql.select_waf_metrics_enable_server(server[2])
elif waf_service == 'nginx':
waf = sql.select_waf_nginx_servers(server[2])
waf = waf_sql.select_waf_nginx_servers(server[2])
try:
waf_len = len(waf)
except Exception:
@ -38,12 +42,10 @@ def waf_overview(serv, waf_service) -> None:
if waf_len >= 1:
if waf_service == 'haproxy':
command = ["ps ax |grep waf/bin/modsecurity |grep -v grep |wc -l"]
command = "ps ax |grep waf/bin/modsecurity |grep -v grep |wc -l"
elif waf_service == 'nginx':
command = [
f"grep 'modsecurity on' {common.return_nice_path(config_path)}* --exclude-dir=waf -Rs |wc -l"]
commands1 = [
f"grep SecRuleEngine {config_path}/waf/modsecurity.conf |grep -v '#' |awk '{{print $2}}'"]
command = f"grep 'modsecurity on' {common.return_nice_path(config_path)}* --exclude-dir=waf -Rs |wc -l"
commands1 = f"grep SecRuleEngine {config_path}/waf/modsecurity.conf |grep -v '#' |awk '{{print $2}}'"
waf_process = server_mod.ssh_command(server[2], command)
waf_mode = server_mod.ssh_command(server[2], commands1).strip()
@ -70,14 +72,14 @@ def waf_overview(serv, waf_service) -> None:
def change_waf_mode(waf_mode: str, server_hostname: str, service: str) -> str:
serv = sql.select_server_by_name(server_hostname)
serv = server_sql.select_server_by_name(server_hostname)
if service == 'haproxy':
config_dir = sql.get_setting('haproxy_dir')
elif service == 'nginx':
config_dir = sql.get_setting('nginx_dir')
commands = [f"sudo sed -i 's/^SecRuleEngine.*/SecRuleEngine {waf_mode}/' {config_dir}/waf/modsecurity.conf"]
commands = f"sudo sed -i 's/^SecRuleEngine.*/SecRuleEngine {waf_mode}/' {config_dir}/waf/modsecurity.conf"
try:
server_mod.ssh_command(serv, commands)
@ -91,16 +93,16 @@ def change_waf_mode(waf_mode: str, server_hostname: str, service: str) -> str:
def switch_waf_rule(serv: str, enable: int, rule_id: int) -> str:
haproxy_path = sql.get_setting('haproxy_dir')
rule_file = sql.select_waf_rule_by_id(rule_id)
rule_file = waf_sql.select_waf_rule_by_id(rule_id)
conf_file_path = haproxy_path + '/waf/modsecurity.conf'
rule_file_path = f'Include {haproxy_path}/waf/rules/{rule_file}'
if enable == '0':
cmd = ["sudo sed -i 's!" + rule_file_path + "!#" + rule_file_path + "!' " + conf_file_path]
en_for_log = 'disable'
cmd = "sudo sed -i 's!" + rule_file_path + "!#" + rule_file_path + "!' " + conf_file_path
en_for_log = 'disabled'
else:
cmd = ["sudo sed -i 's!#" + rule_file_path + "!" + rule_file_path + "!' " + conf_file_path]
en_for_log = 'enable'
cmd = "sudo sed -i 's!#" + rule_file_path + "!" + rule_file_path + "!' " + conf_file_path
en_for_log = 'enabled'
try:
roxywi_common.logging('WAF', f' Has been {en_for_log} WAF rule: {rule_file} for the server {serv}',
@ -108,7 +110,7 @@ def switch_waf_rule(serv: str, enable: int, rule_id: int) -> str:
except Exception:
pass
sql.update_enable_waf_rules(rule_id, serv, enable)
waf_sql.update_enable_waf_rules(rule_id, serv, enable)
return server_mod.ssh_command(serv, cmd)
@ -127,9 +129,9 @@ def create_waf_rule(serv, service) -> str:
conf_file_path = f'{waf_path}waf/modsecurity.conf'
rule_file_path = f'{waf_path}waf/rules/{rule_file}'
cmd = [f"sudo echo Include {rule_file_path} >> {conf_file_path} && sudo touch {rule_file_path}"]
cmd = f"sudo echo Include {rule_file_path} >> {conf_file_path} && sudo touch {rule_file_path}"
server_mod.ssh_command(serv, cmd)
sql.insert_new_waf_rule(new_waf_rule, rule_file, new_rule_desc, service, serv)
waf_sql.insert_new_waf_rule(new_waf_rule, rule_file, new_rule_desc, service, serv)
try:
roxywi_common.logging('WAF', f' A new rule has been created {rule_file} on the server {serv}',

156
app/modules/server/server.py
View File

@ -3,13 +3,20 @@ import json
from flask import render_template
import app.modules.db.sql as sql
import app.modules.db.waf as waf_sql
import app.modules.db.server as server_sql
import app.modules.db.backup as backup_sql
import app.modules.db.checker as checker_sql
import app.modules.db.service as service_sql
import app.modules.db.history as history_sql
import app.modules.db.portscanner as ps_sql
import app.modules.server.ssh as mod_ssh
import app.modules.common.common as common
import app.modules.roxywi.auth as roxywi_auth
import app.modules.roxywi.common as roxywi_common
def ssh_command(server_ip: str, commands: list, **kwargs):
def ssh_command(server_ip: str, commands: str, **kwargs):
if server_ip == '':
raise Exception('error: IP cannot be empty')
if kwargs.get('timeout'):
@ -18,29 +25,33 @@ def ssh_command(server_ip: str, commands: list, **kwargs):
timeout = 2
try:
with mod_ssh.ssh_connect(server_ip) as ssh:
for command in commands:
try:
stdin, stdout, stderr = ssh.run_command(command, timeout=timeout)
stdin.close()
except Exception as e:
roxywi_common.handle_exceptions(e, server_ip, 'Something wrong with SSH connection. Probably sudo with password', roxywi=1)
if isinstance(commands, list):
command = commands[0]
else:
command = commands
try:
stdin, stdout, stderr = ssh.run_command(command, timeout=timeout)
stdin.close()
except Exception as e:
roxywi_common.handle_exceptions(e, server_ip, 'Something wrong with SSH connection. Probably sudo with password', roxywi=1)
if stderr:
for line in stderr.readlines():
if line:
roxywi_common.handle_exceptions(line, server_ip, line, roxywi=1)
if stderr:
for line in stderr.readlines():
if line:
roxywi_common.handle_exceptions(line, server_ip, line, roxywi=1)
if kwargs.get('raw'):
return stdout.readlines()
elif kwargs.get("show_log") == "1":
import modules.roxywi.logs as roxywi_logs
return roxywi_logs.show_log(stdout, grep=kwargs.get("grep"))
elif kwargs.get('return_err') == 1:
return stderr.read().decode(encoding='UTF-8')
else:
return stdout.read().decode(encoding='UTF-8')
if stdout.channel.recv_exit_status() and kwargs.get('rc'):
roxywi_common.handle_exceptions(stdout.read().decode('utf-8'), server_ip, f'Cannot perform SSH command: {command} ', roxywi=1)
if kwargs.get('raw'):
return stdout.readlines()
elif kwargs.get("show_log") == "1":
import app.modules.roxywi.logs as roxywi_logs
return roxywi_logs.show_log(stdout, grep=kwargs.get("grep"))
else:
return stdout.read().decode(encoding='UTF-8')
except Exception as e:
roxywi_common.handle_exceptions(e, server_ip, 'Something wrong with SSH connection. Probably sudo with password', roxywi=1)
roxywi_common.handle_exceptions(e, server_ip, '', roxywi=1)
def subprocess_execute(cmd):
@ -73,14 +84,14 @@ def subprocess_execute_with_rc(cmd):
def is_file_exists(server_ip: str, file: str) -> bool:
cmd = [f'[ -f {file} ] && echo yes || echo no']
cmd = f'[ -f {file} ] && echo yes || echo no'
out = ssh_command(server_ip, cmd)
return True if 'yes' in out else False
def is_service_active(server_ip: str, service_name: str) -> bool:
cmd = [f'systemctl is-active {service_name}']
cmd = f'systemctl is-active {service_name}'
out = ssh_command(server_ip, cmd)
out = out.strip()
@ -90,10 +101,10 @@ def is_service_active(server_ip: str, service_name: str) -> bool:
def get_remote_files(server_ip: str, config_dir: str, file_format: str):
config_dir = common.return_nice_path(config_dir)
if file_format == 'conf':
commands = [f'sudo ls {config_dir}*/*.{file_format}']
command = f'sudo ls {config_dir}*/*.{file_format}'
else:
commands = [f'sudo ls {config_dir}|grep {file_format}$']
config_files = ssh_command(server_ip, commands)
command = f'sudo ls {config_dir}|grep {file_format}$'
config_files = ssh_command(server_ip, command)
return config_files
@ -103,9 +114,9 @@ def get_system_info(server_ip: str) -> str:
if server_ip == '':
return 'error: IP cannot be empty'
server_id = sql.select_server_id_by_ip(server_ip)
command = ["sudo lshw -quiet -json"]
command1 = ['sudo hostnamectl |grep "Operating System"|awk -F":" \'{print $2}\'']
server_id = server_sql.select_server_id_by_ip(server_ip)
command = "sudo lshw -quiet -json"
command1 = 'sudo hostnamectl |grep "Operating System"|awk -F":" \'{print $2}\''
try:
sys_info_returned = ssh_command(server_ip, command, timeout=5)
@ -330,33 +341,33 @@ def get_system_info(server_ip: str) -> str:
pass
try:
sql.insert_system_info(server_id, os_info, sys_info, cpu, ram, network, disks)
server_sql.insert_system_info(server_id, os_info, sys_info, cpu, ram, network, disks)
except Exception as e:
raise e
def show_system_info(server_ip: str, server_id: int) -> str:
if not sql.is_system_info(server_id):
if not server_sql.is_system_info(server_id):
try:
get_system_info(server_ip)
except Exception as e:
return f'error: Cannot get system info: {e}'
try:
system_info = sql.select_one_system_info(server_id)
system_info = server_sql.select_one_system_info(server_id)
except Exception as e:
return f'Cannot update server info: {e}'
else:
system_info = sql.select_one_system_info(server_id)
system_info = server_sql.select_one_system_info(server_id)
return render_template('ajax/show_system_info.html', system_info=system_info, server_ip=server_ip, server_id=server_id)
def update_system_info(server_ip: str, server_id: int) -> str:
sql.delete_system_info(server_id)
server_sql.delete_system_info(server_id)
try:
get_system_info(server_ip)
system_info = sql.select_one_system_info(server_id)
system_info = server_sql.select_one_system_info(server_id)
return render_template('ajax/show_system_info.html', system_info=system_info, server_ip=server_ip, server_id=server_id)
except Exception as e:
@ -365,20 +376,31 @@ def update_system_info(server_ip: str, server_id: int) -> str:
def show_firewalld_rules(server_ip) -> str:
input_chain2 = []
cmd = ["sudo iptables -L INPUT -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"]
cmd1 = ["sudo iptables -L IN_public_allow -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"]
cmd2 = ["sudo iptables -L OUTPUT -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"]
cmd = "sudo iptables -L INPUT -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"
cmd1 = "sudo iptables -L IN_public_allow -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"
cmd2 = "sudo iptables -L OUTPUT -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"
input_chain = ssh_command(server_ip, cmd, raw=1)
try:
input_chain = ssh_command(server_ip, cmd, raw=1)
except Exception as e:
roxywi_common.logging(server_ip, f'error: Cannot get Iptables Input chain: {e}')
return 'error: Cannot get Iptables Input chain'
try:
in_public_allow = ssh_command(server_ip, cmd1, raw=1)
except Exception as e:
roxywi_common.logging(server_ip, f'error: Cannot get Iptables IN_public_allow chain: {e}')
return 'error: Cannot get Iptables IN_public_allow chain'
try:
output_chain = ssh_command(server_ip, cmd2, raw=1)
except Exception as e:
roxywi_common.logging(server_ip, f'error: Cannot get Iptables OUTPUT chain: {e}')
return 'error: Cannot get Iptables OUTPUT chain'
for each_line in input_chain:
input_chain2.append(each_line.strip('\n'))
if 'error:' in input_chain:
return input_chain
in_public_allow = ssh_command(server_ip, cmd1, raw=1)
output_chain = ssh_command(server_ip, cmd2, raw=1)
lang = roxywi_common.get_user_lang_for_flask()
return render_template('ajax/firewall_rules.html', input_chain=input_chain2, IN_public_allow=in_public_allow, output_chain=output_chain, lang=lang)
@ -387,7 +409,7 @@ def create_server(hostname, ip, group, typeip, enable, master, cred, port, desc,
if not roxywi_auth.is_admin(level=2, role_id=kwargs.get('role_id')):
raise Exception('error: not enough permission')
if sql.add_server(hostname, ip, group, typeip, enable, master, cred, port, desc, haproxy, nginx, apache, firewall):
if server_sql.add_server(hostname, ip, group, typeip, enable, master, cred, port, desc, haproxy, nginx, apache, firewall):
return True
else:
return False
@ -395,7 +417,7 @@ def create_server(hostname, ip, group, typeip, enable, master, cred, port, desc,
def update_server_after_creating(hostname: str, ip: str, scan_server: int) -> str:
try:
sql.insert_new_checker_setting_for_server(ip)
checker_sql.insert_new_checker_setting_for_server(ip)
except Exception as e:
roxywi_common.logging(f'Cannot insert Checker settings for {hostname}', str(e), roxywi=1)
raise Exception(f'error: Cannot insert Checker settings for {hostname} {e}')
@ -409,23 +431,23 @@ def update_server_after_creating(hostname: str, ip: str, scan_server: int) -> st
keepalived_config_path = sql.get_setting('keepalived_config_path')
if is_file_exists(ip, nginx_config_path):
sql.update_nginx(ip)
service_sql.update_nginx(ip)
if is_file_exists(ip, haproxy_config_path):
sql.update_haproxy(ip)
service_sql.update_haproxy(ip)
if is_file_exists(ip, keepalived_config_path):
sql.update_keepalived(ip)
service_sql.update_keepalived(ip)
if is_file_exists(ip, apache_config_path):
sql.update_apache(ip)
service_sql.update_apache(ip)
if is_file_exists(ip, haproxy_dir + '/waf/bin/modsecurity'):
sql.insert_waf_metrics_enable(ip, "0")
sql.insert_waf_rules(ip)
waf_sql.insert_waf_metrics_enable(ip, "0")
waf_sql.insert_waf_rules(ip)
if is_service_active(ip, 'firewalld'):
sql.update_firewall(ip)
server_sql.update_firewall(ip)
except Exception as e:
roxywi_common.logging(f'Cannot scan a new server {hostname}', str(e), roxywi=1)
@ -441,7 +463,7 @@ def update_server_after_creating(hostname: str, ip: str, scan_server: int) -> st
def delete_server(server_id: int) -> str:
server = sql.select_servers(id=server_id)
server = server_sql.select_servers(id=server_id)
server_ip = ''
hostname = ''
@ -449,35 +471,35 @@ def delete_server(server_id: int) -> str:
hostname = s[1]
server_ip = s[2]
if sql.check_exists_backup(server_ip):
if backup_sql.check_exists_backup(server_ip):
return 'warning: Delete the backup first'
if sql.check_exists_s3_backup(server_ip):
if backup_sql.check_exists_s3_backup(server_ip):
return 'warning: Delete the S3 backup first'
if sql.delete_server(server_id):
sql.delete_waf_server(server_id)
sql.delete_port_scanner_settings(server_id)
sql.delete_waf_rules(server_ip)
sql.delete_action_history(server_id)
sql.delete_system_info(server_id)
sql.delete_service_settings(server_id)
if server_sql.delete_server(server_id):
waf_sql.delete_waf_server(server_id)
ps_sql.delete_port_scanner_settings(server_id)
waf_sql.delete_waf_rules(server_ip)
history_sql.delete_action_history(server_id)
server_sql.delete_system_info(server_id)
service_sql.delete_service_settings(server_id)
roxywi_common.logging(server_ip, f'The server {hostname} has been deleted', roxywi=1, login=1)
return 'Ok'
def server_is_up(server_ip: str) -> str:
cmd = [f'if ping -c 1 -W 1 {server_ip} >> /dev/null; then echo up; else echo down; fi']
cmd = f'if ping -c 1 -W 1 {server_ip} >> /dev/null; then echo up; else echo down; fi'
server_status, stderr = subprocess_execute(cmd)
return server_status[0]
def show_server_services(server_id: int) -> str:
server = sql.select_servers(id=server_id)
server = server_sql.select_servers(id=server_id)
lang = roxywi_common.get_user_lang_for_flask()
return render_template('ajax/show_server_services.html', server=server, lang=lang)
def change_server_services(server_id: int, server_name: str, server_services: dict) -> str:
services = sql.select_services()
services = service_sql.select_services()
services_status = {}
for k, v in server_services.items():
@ -486,7 +508,7 @@ def change_server_services(server_id: int, server_name: str, server_services: di
services_status[service.service_id] = v
try:
if sql.update_server_services(server_id, services_status[1], services_status[2], services_status[4], services_status[3]):
if service_sql.update_server_services(server_id, services_status[1], services_status[2], services_status[4], services_status[3]):
roxywi_common.logging('Roxy-WI server', f'Active services have been updated for {server_name}', roxywi=1, login=1)
return 'ok'
except Exception as e:

37
app/modules/server/ssh.py
View File

@ -4,7 +4,9 @@ from cryptography.fernet import Fernet
import paramiko
from flask import render_template, request
import app.modules.db.sql as sql
import app.modules.db.cred as cred_sql
import app.modules.db.group as group_sql
import app.modules.db.server as server_sql
import app.modules.common.common as common
from app.modules.server import ssh_connection
import app.modules.roxywi.common as roxywi_common
@ -18,9 +20,9 @@ def return_ssh_keys_path(server_ip: str, **kwargs) -> dict:
lib_path = get_config.get_config_var('main', 'lib_path')
ssh_settings = {}
if kwargs.get('id'):
sshs = sql.select_ssh(id=kwargs.get('id'))
sshs = cred_sql.select_ssh(id=kwargs.get('id'))
else:
sshs = sql.select_ssh(serv=server_ip)
sshs = cred_sql.select_ssh(serv=server_ip)
for ssh in sshs:
if ssh.password:
@ -46,7 +48,7 @@ def return_ssh_keys_path(server_ip: str, **kwargs) -> dict:
ssh_settings.setdefault('passphrase', passphrase)
try:
ssh_port = [str(server[10]) for server in sql.select_servers(server=server_ip)]
ssh_port = [str(server[10]) for server in server_sql.select_servers(server=server_ip)]
ssh_settings.setdefault('port', ssh_port[0])
except Exception as e:
raise Exception(f'error: Cannot get SSH settings: {e}')
@ -65,7 +67,7 @@ def create_ssh_cred() -> str:
name = common.checkAjaxInput(request.form.get('new_ssh'))
enable = common.checkAjaxInput(request.form.get('ssh_enable'))
group = common.checkAjaxInput(request.form.get('new_group'))
group_name = sql.get_group_name_by_id(group)
group_name = group_sql.get_group_name_by_id(group)
username = common.checkAjaxInput(request.form.get('ssh_user'))
password = common.checkAjaxInput(request.form.get('ssh_pass'))
page = common.checkAjaxInput(request.form.get('page'))
@ -83,15 +85,15 @@ def create_ssh_cred() -> str:
return error_mess
else:
try:
sql.insert_new_ssh(name, enable, group, username, password)
cred_sql.insert_new_ssh(name, enable, group, username, password)
except Exception as e:
roxywi_common.handle_exceptions(e, 'Roxy-WI server', 'Cannot create new SSH credentials', roxywi=1, login=1)
roxywi_common.logging('Roxy-WI server', f'New SSH credentials {name} has been created', roxywi=1, login=1)
return render_template('ajax/new_ssh.html', groups=sql.select_groups(), sshs=sql.select_ssh(name=name), page=page, lang=lang)
return render_template('ajax/new_ssh.html', groups=group_sql.select_groups(), sshs=cred_sql.select_ssh(name=name), page=page, lang=lang)
def create_ssh_cread_api(name: str, enable: str, group: str, username: str, password: str) -> bool:
group_name = sql.get_group_name_by_id(group)
group_name = group_sql.get_group_name_by_id(group)
name = common.checkAjaxInput(name)
name = f'{name}_{group_name}'
enable = common.checkAjaxInput(enable)
@ -107,8 +109,12 @@ def create_ssh_cread_api(name: str, enable: str, group: str, username: str, pass
if username is None or name is None:
return False
else:
if sql.insert_new_ssh(name, enable, group, username, password):
try:
cred_sql.insert_new_ssh(name, enable, group, username, password)
roxywi_common.logging('Roxy-WI server', f'New SSH credentials {name} has been created', roxywi=1)
return True
except Exception as e:
roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'Cannot create SSH credentials {name}', roxywi=1)
def upload_ssh_key(name: str, user_group: str, key: str, passphrase: str) -> str:
@ -158,7 +164,7 @@ def upload_ssh_key(name: str, user_group: str, key: str, passphrase: str) -> str
raise Exception(e)
try:
sql.update_ssh_passphrase(name, passphrase)
cred_sql.update_ssh_passphrase(name, passphrase)
except Exception as e:
raise Exception(e)
@ -188,7 +194,7 @@ def update_ssh_key() -> str:
lib_path = get_config.get_config_var('main', 'lib_path')
for sshs in sql.select_ssh(id=ssh_id):
for sshs in cred_sql.select_ssh(id=ssh_id):
ssh_enable = sshs.enable
ssh_key_name = f'{lib_path}/keys/{sshs.name}.pem'
new_ssh_key_name = f'{lib_path}/keys/{name}.pem'
@ -197,7 +203,7 @@ def update_ssh_key() -> str:
os.rename(ssh_key_name, new_ssh_key_name)
os.chmod(new_ssh_key_name, 0o600)
sql.update_ssh(ssh_id, name, enable, group, username, password)
cred_sql.update_ssh(ssh_id, name, enable, group, username, password)
roxywi_common.logging('Roxy-WI server', f'The SSH credentials {name} has been updated ', roxywi=1, login=1)
return 'ok'
@ -209,7 +215,7 @@ def delete_ssh_key(ssh_id) -> str:
ssh_enable = 0
ssh_key_name = ''
for sshs in sql.select_ssh(id=ssh_id):
for sshs in cred_sql.select_ssh(id=ssh_id):
ssh_enable = sshs.enable
name = sshs.name
ssh_key_name = f'{lib_path}/keys/{sshs.name}.pem'
@ -219,9 +225,12 @@ def delete_ssh_key(ssh_id) -> str:
os.remove(ssh_key_name)
except Exception:
pass
if sql.delete_ssh(ssh_id):
try:
cred_sql.delete_ssh(ssh_id)
roxywi_common.logging('Roxy-WI server', f'The SSH credentials {name} has deleted', roxywi=1, login=1)
return 'ok'
except Exception as e:
roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'Cannot delete SSH credentials {name}', roxywi=1, login=1)
def crypt_password(password: str) -> bytes:

2
app/modules/server/ssh_connection.py
View File

@ -58,7 +58,7 @@ class SshConnection:
if kwargs.get('timeout'):
timeout = kwargs.get('timeout')
else:
timeout = 1
timeout = 5
try:
stdin, stdout, stderr = self.ssh.exec_command(command, get_pty=True, timeout=timeout)
except Exception as e:

192
app/modules/service/action.py
View File

@ -1,4 +1,10 @@
import socket
from contextlib import closing
import app.modules.db.sql as sql
import app.modules.db.user as user_sql
import app.modules.db.server as server_sql
import app.modules.db.service as service_sql
import app.modules.common.common as common
import app.modules.server.server as server_mod
import app.modules.roxywi.common as roxywi_common
@ -7,15 +13,47 @@ import app.modules.service.common as service_common
def common_action(server_ip: str, action: str, service: str) -> str:
action_functions = {
'haproxy': action_haproxy,
'nginx': action_nginx,
'keepalived': action_keepalived,
'apache': action_apache,
'haproxy': service_action,
'nginx': service_action,
'keepalived': service_action,
'apache': service_action,
'waf_haproxy': action_haproxy_waf,
'waf_nginx': action_nginx_waf
}
return action_functions[service](server_ip, action)
return action_functions[service](server_ip, action, service)
def service_action(server_ip: str, action: str, service: str) -> str:
"""
:param server_ip: The IP address of the server on which the action will be performed.
:param action: The action to be performed on the service (e.g., "start", "stop").
:param service: The name of the service on which the action will be performed.
:return: A string indicating the success or failure of the action.
"""
try:
service_common.is_protected(server_ip, action)
except Exception as e:
return str(e)
server_id = server_sql.select_server_id_by_ip(server_ip=server_ip)
if service_common.is_not_allowed_to_restart(server_id, service, action):
return f'error: This server is not allowed to be restarted'
try:
if service != 'keepalived':
service_common.check_service_config(server_ip, server_id, service)
except Exception as e:
return f'error: Cannot check config: {e}'
command = get_action_command(service, action, server_id)
try:
server_mod.ssh_command(server_ip, command)
roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service=service)
return f"success: {service.title()} has been {action}"
except Exception as e:
return f"error: Cannot {action} {service.title()}: {e}"
def get_action_command(service: str, action: str, server_id: int) -> str:
@ -26,7 +64,7 @@ def get_action_command(service: str, action: str, server_id: int) -> str:
:return: A list containing the action command that needs to be executed.
"""
is_docker = sql.select_service_setting(server_id, service, 'dockerized')
is_docker = service_sql.select_service_setting(server_id, service, 'dockerized')
if is_docker == '1':
container_name = sql.get_setting(f'{service}_container_name')
if action == 'reload':
@ -39,77 +77,7 @@ def get_action_command(service: str, action: str, server_id: int) -> str:
return commands
def action_haproxy(server_ip: str, action: str) -> str:
try:
service_common.is_protected(server_ip, action)
except Exception as e:
return str(e)
if not service_common.check_haproxy_config(server_ip):
return "error: Bad config, check please"
server_id = sql.select_server_id_by_ip(server_ip=server_ip)
if service_common.is_not_allowed_to_restart(server_id, 'haproxy', action):
return f'error: This server is not allowed to be restarted'
commands = [get_action_command('haproxy', action, server_id)]
server_mod.ssh_command(server_ip, commands, timeout=5)
roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service='haproxy')
return f"success: HAProxy has been {action}"
def action_nginx(server_ip: str, action: str) -> str:
try:
service_common.is_protected(server_ip, action)
except Exception as e:
return str(e)
check_config = service_common.check_nginx_config(server_ip)
if check_config != 'ok':
return f"error: Bad config, check please {check_config}"
server_id = sql.select_server_id_by_ip(server_ip=server_ip)
if service_common.is_not_allowed_to_restart(server_id, 'nginx', action):
return f'error: This server is not allowed to be restarted'
commands = [get_action_command('nginx', action, server_id)]
server_mod.ssh_command(server_ip, commands, timeout=5)
roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service='nginx')
return f"success: NGINX has been {action}"
def action_keepalived(server_ip: str, action: str) -> str:
try:
service_common.is_protected(server_ip, action)
except Exception as e:
return str(e)
commands = [f"sudo systemctl {action} keepalived"]
server_mod.ssh_command(server_ip, commands)
roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service='keepalived')
return f"success: Keepalived has been {action}"
def action_apache(server_ip: str, action: str) -> str:
try:
service_common.is_protected(server_ip, action)
except Exception as e:
return str(e)
server_id = sql.select_server_id_by_ip(server_ip)
if service_common.is_not_allowed_to_restart(server_id, 'apache', action):
return f'error: This server is not allowed to be restarted'
commands = [get_action_command('apache', action, server_id)]
server_mod.ssh_command(server_ip, commands, timeout=5)
roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service='apache')
return f"success: Apache has been {action}"
def action_haproxy_waf(server_ip: str, action: str) -> str:
def action_haproxy_waf(server_ip: str, action: str, service: str) -> str:
try:
service_common.is_protected(server_ip, action)
except Exception as e:
@ -118,12 +86,14 @@ def action_haproxy_waf(server_ip: str, action: str) -> str:
roxywi_common.logging(
server_ip, f'HAProxy WAF service has been {action}ed', roxywi=1, login=1, keep_history=1, service='haproxy'
)
commands = [f"sudo systemctl {action} waf"]
server_mod.ssh_command(server_ip, commands)
return f"success: WAF has been {action}"
command = f"sudo systemctl {action} waf"
try:
server_mod.ssh_command(server_ip, command)
return f"success: WAF has been {action}"
except Exception as e:
return f"error: Cannot {action} WAF service: {e}"
def action_nginx_waf(server_ip: str, action: str) -> str:
def action_nginx_waf(server_ip: str, action: str, service: str) -> str:
config_dir = common.return_nice_path(sql.get_setting('nginx_dir'))
try:
@ -134,21 +104,20 @@ def action_nginx_waf(server_ip: str, action: str) -> str:
waf_new_state = 'on' if action == 'start' else 'off'
waf_old_state = 'off' if action == 'start' else 'on'
roxywi_common.logging(server_ip, f'NGINX WAF service has been {action}ed', roxywi=1, login=1, keep_history=1,
service='nginx')
commands = [f"sudo sed -i 's/modsecurity {waf_old_state}/modsecurity {waf_new_state}/g' {config_dir}nginx.conf"
f" && sudo systemctl reload nginx"]
server_mod.ssh_command(server_ip, commands)
roxywi_common.logging(server_ip, f'NGINX WAF service has been {action}ed', roxywi=1, login=1, keep_history=1, service='nginx')
command = (f"sudo sed -i 's/modsecurity {waf_old_state}/modsecurity {waf_new_state}/g' {config_dir}nginx.conf "
f"&& sudo systemctl reload nginx")
return f"success: Apache has been {action}"
try:
server_mod.ssh_command(server_ip, command)
return f"success: WAF has been {action}"
except Exception as e:
return f"error: Cannot {action} WAF service: {e}"
def check_service(server_ip: str, user_uuid: str, service: str) -> str:
import socket
from contextlib import closing
user_id = sql.get_user_id_by_uuid(user_uuid)
user_services = sql.select_user_services(user_id)
user_id = user_sql.get_user_id_by_uuid(user_uuid)
user_services = user_sql.select_user_services(user_id)
if '1' in user_services:
if service == 'haproxy':
@ -160,31 +129,16 @@ def check_service(server_ip: str, user_uuid: str, service: str) -> str:
return 'up'
else:
return 'down'
if '2' in user_services:
if service == 'nginx':
nginx_stats_port = sql.get_setting('nginx_stats_port')
if ('2' in user_services and service == 'nginx') or ('4' in user_services and service == 'apache'):
stats_port = sql.get_setting(f'{service}_stats_port')
with closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as sock:
sock.settimeout(5)
with closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as sock:
sock.settimeout(5)
try:
if sock.connect_ex((server_ip, nginx_stats_port)) == 0:
return 'up'
else:
return 'down'
except Exception as e:
return 'down' + str(e)
if '4' in user_services:
if service == 'apache':
apache_stats_port = sql.get_setting('apache_stats_port')
with closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as sock:
sock.settimeout(5)
try:
if sock.connect_ex((server_ip, apache_stats_port)) == 0:
return 'up'
else:
return 'down'
except Exception as e:
return 'down' + str(e)
try:
if sock.connect_ex((server_ip, stats_port)) == 0:
return 'up'
else:
return 'down'
except Exception as e:
return f'down {e}'

46
app/modules/service/backup.py
View File

@ -2,11 +2,15 @@ import os
from flask import render_template
import modules.db.sql as sql
import modules.server.ssh as ssh_mod
import modules.server.server as server_mod
import modules.roxywi.common as roxywi_common
import modules.service.installation as installation_mod
import app.modules.db.sql as sql
import app.modules.db.cred as cred_sql
import app.modules.db.backup as backup_sql
import app.modules.db.server as server_sql
import app.modules.db.service as service_sql
import app.modules.server.ssh as ssh_mod
import app.modules.server.server as server_mod
import app.modules.roxywi.common as roxywi_common
import app.modules.service.installation as installation_mod
def backup(serv, rpath, time, backup_type, rserver, cred, deljob, update, description) -> str:
@ -22,7 +26,7 @@ def backup(serv, rpath, time, backup_type, rserver, cred, deljob, update, descri
deljob = ''
else:
deljob = ''
if sql.check_exists_backup(serv):
if backup_sql.check_exists_backup(serv):
return f'warning: Backup job for {serv} already exists'
os.system(f"cp {full_path}/scripts/{script} {full_path}/{script}")
@ -47,21 +51,21 @@ def backup(serv, rpath, time, backup_type, rserver, cred, deljob, update, descri
return f'error: {output}'
else:
if not deljob and not update:
if sql.insert_backup_job(serv, rserver, rpath, backup_type, time, cred, description):
if backup_sql.insert_backup_job(serv, rserver, rpath, backup_type, time, cred, description):
roxywi_common.logging('backup ', f' a new backup job for server {serv} has been created', roxywi=1,
login=1)
return render_template(
'ajax/new_backup.html', backups=sql.select_backups(server=serv, rserver=rserver), sshs=sql.select_ssh()
'ajax/new_backup.html', backups=backup_sql.select_backups(server=serv, rserver=rserver), sshs=cred_sql.select_ssh()
)
else:
raise Exception('error: Cannot add the job into DB')
elif deljob:
sql.delete_backups(deljob)
backup_sql.delete_backups(deljob)
roxywi_common.logging('backup ', f' a backup job for server {serv} has been deleted', roxywi=1, login=1)
return 'ok'
elif update:
sql.update_backup(serv, rserver, rpath, backup_type, time, cred, description, update)
backup_sql.update_backup(serv, rserver, rpath, backup_type, time, cred, description, update)
roxywi_common.logging('backup ', f' a backup job for server {serv} has been updated', roxywi=1, login=1)
return 'ok'
@ -77,7 +81,7 @@ def s3_backup(server, s3_server, bucket, secret_key, access_key, time, deljob, d
access_key = ''
tag = 'delete'
else:
if sql.check_exists_s3_backup(server):
if backup_sql.check_exists_s3_backup(server):
raise Exception(f'error: Backup job for {server} already exists')
os.system(f"cp {full_path}/scripts/{script} {full_path}/{script}")
@ -98,15 +102,15 @@ def s3_backup(server, s3_server, bucket, secret_key, access_key, time, deljob, d
try:
if installation_mod.show_installation_output(return_out['error'], return_out['output'], 'S3 backup', rc=return_out['rc']):
try:
sql.insert_s3_backup_job(server, s3_server, bucket, secret_key, access_key, time, description)
backup_sql.insert_s3_backup_job(server, s3_server, bucket, secret_key, access_key, time, description)
except Exception as e:
raise Exception(f'error: {e}')
except Exception as e:
raise Exception(e)
roxywi_common.logging('backup ', f' a new S3 backup job for server {server} has been created', roxywi=1, login=1)
return render_template('ajax/new_s3_backup.html', backups=sql.select_s3_backups(server=server, s3_server=s3_server, bucket=bucket))
return render_template('ajax/new_s3_backup.html', backups=backup_sql.select_s3_backups(server=server, s3_server=s3_server, bucket=bucket))
elif deljob:
sql.delete_s3_backups(deljob)
backup_sql.delete_s3_backups(deljob)
roxywi_common.logging('backup ', f' a S3 backup job for server {server} has been deleted', roxywi=1, login=1)
return 'ok'
@ -114,9 +118,9 @@ def s3_backup(server, s3_server, bucket, secret_key, access_key, time, deljob, d
def git_backup(server_id, service_id, git_init, repo, branch, period, cred, deljob, description, backup_id) -> str:
servers = roxywi_common.get_dick_permit()
proxy = sql.get_setting('proxy')
services = sql.select_services()
server_ip = sql.select_server_ip_by_id(server_id)
service_name = sql.select_service_name_by_id(service_id).lower()
services = service_sql.select_services()
server_ip = server_sql.select_server_ip_by_id(server_id)
service_name = service_sql.select_service_name_by_id(service_id).lower()
service_config_dir = sql.get_setting(service_name + '_dir')
script = 'git_backup.sh'
proxy_serv = ''
@ -154,12 +158,12 @@ def git_backup(server_id, service_id, git_init, repo, branch, period, cred, delj
return 'error: ' + output
else:
if deljob == '0':
if sql.insert_new_git(
if backup_sql.insert_new_git(
server_id=server_id, service_id=service_id, repo=repo, branch=branch,
period=period, cred=cred, description=description
):
gits = sql.select_gits(server_id=server_id, service_id=service_id)
sshs = sql.select_ssh()
gits = backup_sql.select_gits(server_id=server_id, service_id=service_id)
sshs = cred_sql.select_ssh()
lang = roxywi_common.get_user_lang_for_flask()
roxywi_common.logging(
@ -168,5 +172,5 @@ def git_backup(server_id, service_id, git_init, repo, branch, period, cred, delj
)
return render_template('ajax/new_git.html', gits=gits, sshs=sshs, servers=servers, services=services, new_add=1, lang=lang)
else:
if sql.delete_git(backup_id):
if backup_sql.delete_git(backup_id):
return 'ok'

122
app/modules/service/common.py
View File

@ -2,7 +2,9 @@ import requests
from flask import render_template, request
import app.modules.db.sql as sql
import app.modules.server.ssh as mod_ssh
import app.modules.db.user as user_sql
import app.modules.db.server as server_sql
import app.modules.db.service as service_sql
import app.modules.common.common as common
import app.modules.server.server as server_mod
import app.modules.roxywi.common as roxywi_common
@ -21,7 +23,7 @@ def get_correct_service_name(service: str, server_id: int) -> str:
* with parameters 0 and the server ID to get the correct apache service name. If none of the conditions match, it will return the original service name.
"""
if service == 'haproxy':
haproxy_enterprise = sql.select_service_setting(server_id, 'haproxy', 'haproxy_enterprise')
haproxy_enterprise = service_sql.select_service_setting(server_id, 'haproxy', 'haproxy_enterprise')
if haproxy_enterprise == '1':
return "hapee-2.0-lb"
if service == 'apache':
@ -52,9 +54,9 @@ def is_protected(server_ip: str, action: str) -> None:
"""
user_uuid = request.cookies.get('uuid')
group_id = int(request.cookies.get('group'))
user_role = sql.get_user_role_by_uuid(user_uuid, group_id)
user_role = user_sql.get_user_role_by_uuid(user_uuid, group_id)
if sql.is_serv_protected(server_ip) and int(user_role) > 2:
if server_sql.is_serv_protected(server_ip) and int(user_role) > 2:
raise Exception(f'error: This server is protected. You cannot {action} it')
@ -71,9 +73,9 @@ def is_not_allowed_to_restart(server_id: int, service: str, action: str) -> int:
is_restart = 0
if service != 'waf' and action == 'restart':
try:
is_restart = sql.select_service_setting(server_id, service, 'restart')
is_restart = int(service_sql.select_service_setting(server_id, service, 'restart'))
except Exception as e:
roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'error: Cannot get restart settings for service {service}: {e}')
roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'Cannot get restart settings for service {service}')
return is_restart
@ -81,17 +83,17 @@ def is_not_allowed_to_restart(server_id: int, service: str, action: str) -> int:
def get_exp_version(server_ip: str, service_name: str) -> str:
server_ip = common.is_ip_or_dns(server_ip)
if service_name == 'haproxy':
commands = ["/opt/prometheus/exporters/haproxy_exporter --version 2>&1 |head -1|awk '{print $3}'"]
command = "/opt/prometheus/exporters/haproxy_exporter --version 2>&1 |head -1|awk '{print $3}'"
elif service_name == 'nginx':
commands = ["/opt/prometheus/exporters/nginx_exporter --version 2>&1 |head -1 |awk -F\"version\" '{print $2}'|awk '{print $1}'"]
command = "/opt/prometheus/exporters/nginx_exporter --version 2>&1 |head -1 |awk -F\"version\" '{print $2}'|awk '{print $1}'"
elif service_name == 'node':
commands = ["node_exporter --version 2>&1 |head -1|awk '{print $3}'"]
command = "node_exporter --version 2>&1 |head -1|awk '{print $3}'"
elif service_name == 'apache':
commands = ["/opt/prometheus/exporters/apache_exporter --version 2>&1 |head -1|awk '{print $3}'"]
command = "/opt/prometheus/exporters/apache_exporter --version 2>&1 |head -1|awk '{print $3}'"
elif service_name == 'keepalived':
commands = ["keepalived_exporter --version 2>&1 |head -1|awk '{print $2}'"]
command = "keepalived_exporter --version 2>&1 |head -1|awk '{print $2}'"
ver = server_mod.ssh_command(server_ip, commands)
ver = server_mod.ssh_command(server_ip, command)
if ver != '':
return ver
@ -101,10 +103,10 @@ def get_exp_version(server_ip: str, service_name: str) -> str:
def get_correct_apache_service_name(server_ip=None, server_id=None) -> str:
if server_id is None:
server_id = sql.select_server_id_by_ip(server_ip)
server_id = server_sql.select_server_id_by_ip(server_ip)
try:
os_info = sql.select_os_info(server_id)
os_info = server_sql.select_os_info(server_id)
except Exception as e:
raise Exception(f'error: cannot get server info: {e}')
@ -129,45 +131,59 @@ def server_status(stdout):
return proc_count
def check_haproxy_config(server_ip):
server_id = sql.select_server_id_by_ip(server_ip=server_ip)
is_dockerized = sql.select_service_setting(server_id, 'haproxy', 'dockerized')
config_path = sql.get_setting('haproxy_config_path')
def check_service_config(server_ip: str, server_id: int, service: str) -> None:
"""
:param server_ip: The IP address of the server to check the service configuration for.
:param server_id: The unique identifier of the server.
:param service: The name of the service to check the configuration for.
:return: True if the service configuration is valid, False otherwise.
if is_dockerized == '1':
container_name = sql.get_setting('haproxy_container_name')
commands = [f"sudo docker exec -it {container_name} haproxy -q -c -f {config_path}"]
else:
commands = [f"haproxy -q -c -f {config_path}"]
This method checks the configuration of a given service on a server. It first retrieves the value of the "dockerized" setting for the service and the container name from the database
*. Then, it constructs the command to check the configuration based on the service type and dockerization status.
The command depends on the service type and can be one of the following:
- For haproxy:
- If not dockerized: `haproxy -c -f {config_path}`
- If dockerized: `sudo docker exec -it {container_name} haproxy -c -f {config_path}`
- For nginx:
- If not dockerized: `sudo nginx -q -t -p {config_path}`
- If dockerized: `sudo docker exec -it {container_name} nginx -t`
- For apache:
- If not dockerized: `sudo apachectl -t`
- If dockerized: `sudo docker exec -it {container_name} apachectl -t`
- For keepalived:
- If not dockerized: `keepalived -t -f {config_path}`
- If dockerized: empty string ` ` (no command needed)
The method then tries to execute the generated command on the server using the server_mod.ssh_command method. If any exception occurs during the process, it is re-ra
*ised with an appropriate error message.
"""
is_dockerized = service_sql.select_service_setting(server_id, service, 'dockerized')
container_name = sql.get_setting(f'{service}_container_name')
command_for_docker = f'sudo docker exec -it {container_name}'
config_path = ''
if service in ('haproxy', 'keepalived'):
config_path = sql.get_setting(f'{service}_config_path')
command = {
'haproxy': {'0': f'haproxy -c -f {config_path} ', '1': f'{command_for_docker} haproxy -c -f {config_path} '},
'nginx': {'0': 'sudo nginx -q -t ', '1': f'{command_for_docker} nginx -t '},
'apache': {'0': 'sudo apachectl -t ', '1': f'{command_for_docker} apachectl -t '},
'keepalived': {'0': f'keepalived -t -f {config_path} ', '1': ' '}
}
try:
with mod_ssh.ssh_connect(server_ip) as ssh:
for command in commands:
stdin, stdout, stderr = ssh.run_command(command, timeout=5)
if not stderr.read():
return True
else:
return False
check_config = command[service][is_dockerized]
except Exception as e:
print(f'error: {e}')
raise Exception(f'error: Cannot generate command: {e}')
try:
server_mod.ssh_command(server_ip, check_config)
except Exception as e:
raise Exception(e)
def check_nginx_config(server_ip) -> str:
"""
Check the Nginx configuration on the specified server IP.
:param server_ip: The IP address of the server where Nginx is running.
:return: True if the Nginx configuration is valid, False otherwise.
"""
commands = [f"sudo nginx -q -t -p {sql.get_setting('nginx_dir')}"]
with mod_ssh.ssh_connect(server_ip) as ssh:
for command in commands:
stdin, stdout, stderr = ssh.run_command(command)
for line in stdout.readlines():
if 'emerg' in line or 'error' in line or 'faield' in line:
return line
return 'ok'
def overview_backends(server_ip: str, service: str) -> str:
@ -202,9 +218,9 @@ def overview_backends(server_ip: str, service: str) -> str:
def get_overview_last_edit(server_ip: str, service: str) -> str:
config_path = sql.get_setting(f'{service}_config_path')
commands = ["ls -l %s |awk '{ print $6\" \"$7\" \"$8}'" % config_path]
command = "ls -l %s |awk '{ print $6\" \"$7\" \"$8}'" % config_path
try:
return server_mod.ssh_command(server_ip, commands)
return server_mod.ssh_command(server_ip, command)
except Exception as e:
return f'error: Cannot get last date {e} for server {server_ip}'
@ -249,16 +265,16 @@ def show_service_version(server_ip: str, service: str) -> str:
if service == 'haproxy':
return check_haproxy_version(server_ip)
server_id = sql.select_server_id_by_ip(server_ip)
server_id = server_sql.select_server_id_by_ip(server_ip)
service_name = get_correct_service_name(service, server_id)
is_dockerized = sql.select_service_setting(server_id, service, 'dockerized')
is_dockerized = service_sql.select_service_setting(server_id, service, 'dockerized')
if is_dockerized == '1':
container_name = sql.get_setting(f'{service}_container_name')
if service == 'apache':
cmd = [f'docker exec -it {container_name} /usr/local/apache2/bin/httpd -v 2>&1|head -1|awk -F":" \'{{print $2}}\'']
cmd = f'docker exec -it {container_name} /usr/local/apache2/bin/httpd -v 2>&1|head -1|awk -F":" \'{{print $2}}\''
else:
cmd = [f'docker exec -it {container_name} /usr/sbin/{service_name} -v 2>&1|head -1|awk -F":" \'{{print $2}}\'']
cmd = f'docker exec -it {container_name} /usr/sbin/{service_name} -v 2>&1|head -1|awk -F":" \'{{print $2}}\''
else:
cmd = [f'sudo /usr/sbin/{service_name} -v|head -1|awk -F":" \'{{print $2}}\'']

73
app/modules/service/ha_cluster.py
View File

@ -1,6 +1,9 @@
import json
import app.modules.db.sql as sql
import app.modules.db.server as server_sql
import app.modules.db.ha_cluster as ha_sql
import app.modules.db.service as service_sql
from app.modules.db.db_model import HaCluster, HaClusterRouter, HaClusterVip, HaClusterVirt
import app.modules.common.common as common
import app.modules.server.server as server_mod
@ -17,7 +20,7 @@ def create_cluster(cluster: json, group_id: int) -> str:
desc = common.checkAjaxInput(cluster['desc'])
try:
cluster_id = sql.create_cluster(cluster_name, syn_flood, group_id, desc)
cluster_id = ha_sql.create_cluster(cluster_name, syn_flood, group_id, desc)
roxywi_common.logging(cluster_id, 'New cluster has been created', keep_history=1, roxywi=1, service='HA cluster')
except Exception as e:
return f'error: Cannot create new HA cluster: {e}'
@ -41,15 +44,15 @@ def create_cluster(cluster: json, group_id: int) -> str:
if value['master']:
continue
try:
sql.update_server_master(master_ip, value['ip'])
ha_sql.update_server_master(master_ip, value['ip'])
except Exception as e:
raise Exception(f'error: Cannot update master on slave {value["ip"]: {e}}')
for slave_id, value in cluster['servers'].items():
if value['master']:
slave_id = sql.select_server_id_by_ip(master_ip)
slave_id = server_sql.select_server_id_by_ip(master_ip)
try:
sql.insert_or_update_slave(cluster_id, slave_id, value['eth'], value['master'], router_id)
ha_sql.insert_or_update_slave(cluster_id, slave_id, value['eth'], value['master'], router_id)
roxywi_common.logging(cluster_id, f'New server {value["ip"]} has been added to the cluster', keep_history=1, roxywi=1, service='HA cluster')
except Exception as e:
raise Exception(f'error: Cannot update slave server {value["ip"]}: {e}')
@ -58,8 +61,8 @@ def create_cluster(cluster: json, group_id: int) -> str:
if not value['enabled']:
continue
try:
service_id = sql.select_service_id_by_slug(service)
sql.insert_cluster_services(cluster_id, service_id)
service_id = service_sql.select_service_id_by_slug(service)
ha_sql.insert_cluster_services(cluster_id, service_id)
roxywi_common.logging(cluster_id, f'Service {service} has been enabled on the cluster', keep_history=1, roxywi=1, service='HA cluster')
except Exception as e:
raise Exception(f'error: Cannot add service {service}: {e}')
@ -77,12 +80,12 @@ def update_cluster(cluster: json, group_id: int) -> str:
desc = common.checkAjaxInput(cluster['desc'])
try:
router_id = sql.get_router_id(cluster_id, default_router=1)
router_id = ha_sql.get_router_id(cluster_id, default_router=1)
except Exception as e:
raise Exception(f'error: Cannot get router: {e}')
try:
sql.update_cluster(cluster_id, cluster_name, desc, syn_flood)
ha_sql.update_cluster(cluster_id, cluster_name, desc, syn_flood)
except Exception as e:
raise Exception(f'error: Cannot update HA cluster: {e}')
@ -97,7 +100,7 @@ def update_cluster(cluster: json, group_id: int) -> str:
raise Exception(e)
try:
sql.delete_cluster_services(cluster_id)
ha_sql.delete_cluster_services(cluster_id)
except Exception as e:
raise Exception(f'error: Cannot delete old services: {e}')
@ -105,8 +108,8 @@ def update_cluster(cluster: json, group_id: int) -> str:
if not value['enabled']:
continue
try:
service_id = sql.select_service_id_by_slug(service)
sql.insert_cluster_services(cluster_id, service_id)
service_id = service_sql.select_service_id_by_slug(service)
ha_sql.insert_cluster_services(cluster_id, service_id)
except Exception as e:
raise Exception(f'error: Cannot add service {service}: {e}')
@ -116,13 +119,13 @@ def update_cluster(cluster: json, group_id: int) -> str:
def delete_cluster(cluster_id: int) -> str:
router_id = sql.get_router_id(cluster_id, default_router=1)
slaves = sql.select_cluster_slaves(cluster_id, router_id)
router_id = ha_sql.get_router_id(cluster_id, default_router=1)
slaves = ha_sql.select_cluster_slaves(cluster_id, router_id)
for slave in slaves:
slave_ip = sql.select_server_ip_by_id(slave[0])
slave_ip = server_sql.select_server_ip_by_id(slave[0])
try:
sql.update_master_server_by_slave_ip(0, slave_ip)
ha_sql.update_master_server_by_slave_ip(0, slave_ip)
except Exception as e:
raise Exception(f'error: Cannot update master on slave {slave_ip}: {e}')
@ -135,16 +138,16 @@ def delete_cluster(cluster_id: int) -> str:
def update_vip(cluster_id: int, router_id: int, json_data: json, group_id: int) -> None:
return_master = int(json_data['return_to_master'])
vip = common.is_ip_or_dns(json_data['vip'])
vip_id = sql.select_clusters_vip_id(cluster_id, router_id)
vip_id = ha_sql.select_clusters_vip_id(cluster_id, router_id)
try:
sql.update_ha_cluster_vip(cluster_id, router_id, vip, return_master)
ha_sql.update_ha_cluster_vip(cluster_id, router_id, vip, return_master)
except Exception as e:
raise Exception(f'error: Cannot update VIP: {e}')
for slave_id, value in json_data['servers'].items():
try:
sql.update_slave(cluster_id, slave_id, value['eth'], value['master'], router_id)
ha_sql.update_slave(cluster_id, slave_id, value['eth'], value['master'], router_id)
except Exception as e:
raise Exception(f'error: Cannot add server {value["ip"]}: {e}')
@ -152,8 +155,8 @@ def update_vip(cluster_id: int, router_id: int, json_data: json, group_id: int)
add_or_update_virt(json_data, cluster_id, vip_id, group_id)
else:
try:
if sql.check_ha_virt(vip_id):
sql.delete_ha_virt(vip_id)
if ha_sql.check_ha_virt(vip_id):
ha_sql.delete_ha_virt(vip_id)
roxywi_common.logging(cluster_id, f'Cluster virtual server for VIP: {vip} has been deleted', keep_history=1, roxywi=1, service='HA cluster')
except Exception as e:
roxywi_common.logging(cluster_id, f'Cannot delete cluster virtual server for VIP {vip}: {e}', keep_history=1, roxywi=1, service='HA cluster')
@ -166,7 +169,7 @@ def insert_vip(cluster_id: int, json_data: json, group_id: int) -> None:
return_master = int(json_data['return_to_master'])
try:
router_id = sql.create_ha_router(cluster_id)
router_id = ha_sql.create_ha_router(cluster_id)
except Exception as e:
raise Exception(f'error: Cannot create new router: {e}')
@ -177,7 +180,7 @@ def insert_vip(cluster_id: int, json_data: json, group_id: int) -> None:
for slave_id, value in json_data['servers'].items():
try:
sql.insert_or_update_slave(cluster_id, slave_id, value['eth'], value['master'], router_id)
ha_sql.insert_or_update_slave(cluster_id, slave_id, value['eth'], value['master'], router_id)
except Exception as e:
raise Exception(f'error: Cannot add server {value["ip"]}: {e}')
@ -192,7 +195,7 @@ def update_slaves(json_data: json, router_id: int) -> None:
cluster = json_data
cluster_id = int(json_data['cluster_id'])
all_routers_in_cluster = HaClusterRouter.select(HaClusterRouter.id).where(HaClusterRouter.cluster_id == cluster_id).execute()
server_ids_from_db = sql.select_cluster_slaves(cluster_id, router_id)
server_ids_from_db = ha_sql.select_cluster_slaves(cluster_id, router_id)
server_ids = []
server_ids_from_json = []
@ -205,7 +208,7 @@ def update_slaves(json_data: json, router_id: int) -> None:
for slave_id, value in cluster['servers'].items():
if value['master']:
slave_id = sql.select_server_id_by_ip(master_ip)
slave_id = server_sql.select_server_id_by_ip(master_ip)
server_ids_from_json.append(int(slave_id))
server_ids_for_deletion = set(server_ids) - set(server_ids_from_json)
@ -216,15 +219,15 @@ def update_slaves(json_data: json, router_id: int) -> None:
for server_id_add in server_ids_for_adding:
if int(slave_id) == int(server_id_add):
try:
sql.insert_or_update_slave(cluster_id, slave_id, value['eth'], value['master'], router)
ha_sql.insert_or_update_slave(cluster_id, slave_id, value['eth'], value['master'], router)
except Exception as e:
raise Exception(f'error: Cannot add new slave {value["name"]}: {e}')
for o_s in server_ids_for_deletion:
sql.delete_master_from_slave(o_s)
ha_sql.delete_master_from_slave(o_s)
try:
sql.delete_ha_cluster_delete_slave(o_s)
ha_sql.delete_ha_cluster_delete_slave(o_s)
except Exception as e:
raise Exception(f'error: Cannot recreate slaves server: {e}')
@ -232,15 +235,15 @@ def update_slaves(json_data: json, router_id: int) -> None:
if value['master']:
continue
try:
sql.update_server_master(master_ip, common.is_ip_or_dns((value['ip'])))
ha_sql.update_server_master(master_ip, common.is_ip_or_dns((value['ip'])))
except Exception as e:
raise Exception(f'error: Cannot update master on slave {value["ip"]}: {e}')
for slave_id, value in cluster['servers'].items():
if value['master']:
slave_id = sql.select_server_id_by_ip(master_ip)
slave_id = server_sql.select_server_id_by_ip(master_ip)
try:
sql.insert_or_update_slave(cluster_id, slave_id, value['eth'], value['master'], router_id)
ha_sql.insert_or_update_slave(cluster_id, slave_id, value['eth'], value['master'], router_id)
except Exception as e:
raise Exception(f'error: Cannot update server {value["ip"]}: {e}')
@ -257,23 +260,23 @@ def add_or_update_virt(cluster: json, cluster_id: int, vip_id: int, group_id: in
if value['master']:
master_ip = common.is_ip_or_dns(value['ip'])
if sql.check_ha_virt(vip_id):
if ha_sql.check_ha_virt(vip_id):
try:
sql.update_ha_virt_ip(vip_id, vip)
ha_sql.update_ha_virt_ip(vip_id, vip)
roxywi_common.logging(cluster_id, f'Cluster virtual server for VIP {vip} has been updated', keep_history=1, roxywi=1, service='HA cluster')
except Exception as e:
roxywi_common.logging(cluster_id, f'Cannot update cluster virtual server for VIP {vip}: {e}', roxywi=1, service='HA cluster')
else:
services = sql.select_cluster_services(cluster_id)
services = ha_sql.select_cluster_services(cluster_id)
for service in services:
haproxy = 1 if service.service_id == '1' else 0
nginx = 1 if service.service_id == '2' else 0
apache = 1 if service.service_id == '4' else 0
try:
cred_id = sql.get_cred_id_by_server_ip(master_ip)
cred_id = ha_sql.get_cred_id_by_server_ip(master_ip)
firewall = 1 if server_mod.is_service_active(master_ip, 'firewalld') else 0
ssh_settings = return_ssh_keys_path(master_ip)
virt_id = sql.add_server(
virt_id = server_sql.add_server(
f'{vip}-VIP', vip, group_id, '1', '1', '0', cred_id, ssh_settings['port'],
f'VRRP IP for {cluster_name} cluster', haproxy, nginx, apache, firewall
)

6
app/modules/service/haproxy.py
View File

@ -250,12 +250,10 @@ def runtime_command(serv: str, enable: str, backend: str, save: str) -> str:
if save == "on":
save_command = f'echo "show servers state" | sudo socat {haproxy_sock} stdio > {server_state_file}'
command = [cmd + ';' + save_command]
else:
command = [cmd]
cmd = cmd + ';' + save_command
try:
output = server_mod.ssh_command(serv, command, show_log="1")
output = server_mod.ssh_command(serv, cmd, show_log="1")
except Exception as e:
return f'{e}'
else:

40
app/modules/service/installation.py
View File

@ -5,6 +5,10 @@ from flask import render_template
import ansible_runner
import app.modules.db.sql as sql
import app.modules.db.waf as waf_sql
import app.modules.db.ha_cluster as ha_sql
import app.modules.db.server as server_sql
import app.modules.db.service as service_sql
import app.modules.service.common as service_common
import app.modules.common.common as common
import app.modules.server.server as server_mod
@ -64,8 +68,8 @@ def waf_install(server_ip: str):
raise Exception(e)
try:
sql.insert_waf_metrics_enable(server_ip, "0")
sql.insert_waf_rules(server_ip)
waf_sql.insert_waf_metrics_enable(server_ip, "0")
waf_sql.insert_waf_rules(server_ip)
except Exception as e:
return str(e)
@ -101,8 +105,8 @@ def waf_nginx_install(server_ip: str):
raise Exception(e)
try:
sql.insert_nginx_waf_rules(server_ip)
sql.insert_waf_nginx_server(server_ip)
waf_sql.insert_nginx_waf_rules(server_ip)
waf_sql.insert_waf_nginx_server(server_ip)
except Exception as e:
return str(e)
@ -193,16 +197,16 @@ def generate_kp_inv(json_data: json, install_service) -> object:
keepalived_path_logs = sql.get_setting('keepalived_path_logs')
syn_flood_protect = str(json_data['syn_flood'])
routers = {}
vips = sql.select_cluster_vips(cluster_id)
vips = ha_sql.select_cluster_vips(cluster_id)
for vip in vips:
router_id = str(vip.router_id)
routers[router_id] = {}
routers[router_id].setdefault('return_master', vip.return_master)
routers[router_id].setdefault('vip', vip.vip)
slaves = sql.select_cluster_slaves_for_inv(router_id)
slaves = ha_sql.select_cluster_slaves_for_inv(router_id)
for slave in slaves:
slave_ip = sql.select_server_ip_by_id(str(slave.server_id))
slave_ip = server_sql.select_server_ip_by_id(str(slave.server_id))
routers[router_id].setdefault(slave_ip, dict())
routers[router_id][slave_ip].setdefault('master', slave.master)
routers[router_id][slave_ip].setdefault('eth', slave.eth)
@ -414,14 +418,14 @@ def run_ansible(inv: dict, server_ips: str, ansible_role: str) -> object:
def service_actions_after_install(server_ips: str, service: str, json_data) -> None:
is_docker = None
update_functions = {
'haproxy': sql.update_haproxy,
'nginx': sql.update_nginx,
'apache': sql.update_apache,
'keepalived': sql.update_keepalived,
'haproxy': service_sql.update_haproxy,
'nginx': service_sql.update_nginx,
'apache': service_sql.update_apache,
'keepalived': service_sql.update_keepalived,
}
for server_ip in server_ips:
server_id = sql.select_server_id_by_ip(server_ip)
server_id = server_sql.select_server_id_by_ip(server_ip)
try:
update_functions[service](server_ip)
except Exception as e:
@ -431,8 +435,8 @@ def service_actions_after_install(server_ips: str, service: str, json_data) -> N
is_docker = json_data['services'][service]['docker']
if is_docker == '1' and service != 'keepalived':
sql.insert_or_update_service_setting(server_id, service, 'dockerized', '1')
sql.insert_or_update_service_setting(server_id, service, 'restart', '1')
service_sql.insert_or_update_service_setting(server_id, service, 'dockerized', '1')
service_sql.insert_or_update_service_setting(server_id, service, 'restart', '1')
def install_service(service: str, json_data: str) -> object:
@ -458,12 +462,16 @@ def install_service(service: str, json_data: str) -> object:
def _install_ansible_collections():
collections = ('community.general', 'ansible.posix', 'community.docker')
trouble_link = 'Read <a href="https://roxy-wi.org/troubleshooting#ansible_collection" target="_blank" class="link">troubleshooting</a>'
for collection in collections:
if not os.path.isdir(f'/usr/share/httpd/.ansible/collections/ansible_collections/{collection.replace(".", "/")}'):
try:
exit_code = os.system(f'ansible-galaxy collection install {collection}')
except Exception as e:
roxywi_common.handle_exceptions(e, 'Roxy-WI server', 'Cannot install as collection', roxywi=1)
roxywi_common.handle_exceptions(e,
'Roxy-WI server',
f'Cannot install as collection. {trouble_link}',
roxywi=1)
else:
if exit_code != 0:
raise Exception(f'error: Ansible collection installation was not successful: {exit_code}')
raise Exception(f'error: Ansible collection installation was not successful: {exit_code}. {trouble_link}')

6
app/modules/service/keepalived.py
View File

@ -5,10 +5,8 @@ def get_status(server_ip: str) -> tuple:
out1 = []
h = (['', ''],)
try:
cmd = [
"/usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}' && systemctl status keepalived |"
"grep -e 'Active' |awk '{print $2, $9$10$11$12$13}' && ps ax |grep keepalived|grep -v grep |wc -l"
]
cmd = ("/usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}' && systemctl status keepalived |"
"grep -e 'Active' |awk '{print $2, $9$10$11$12$13}' && ps ax |grep keepalived|grep -v grep |wc -l")
out = server_mod.ssh_command(server_ip, cmd)
for k in out.split():
out1.append(k)

67
app/modules/tools/alerting.py
View File

@ -3,9 +3,14 @@ import json
import pika
from flask import render_template, request
import modules.db.sql as sql
import modules.common.common as common
import modules.roxywi.common as roxywi_common
import app.modules.db.sql as sql
import app.modules.db.user as user_sql
import app.modules.db.group as group_sql
import app.modules.db.server as server_sql
import app.modules.db.channel as channel_sql
import app.modules.db.checker as checker_sql
import app.modules.common.common as common
import app.modules.roxywi.common as roxywi_common
error_mess = common.error_mess
@ -41,8 +46,8 @@ def alert_routing(
server_ip: str, service_id: int, group_id: int, level: str, mes: str, alert_type: str
) -> None:
subject: str = level + ': ' + mes
server_id: int = sql.select_server_id_by_ip(server_ip)
checker_settings = sql.select_checker_settings_for_server(service_id, server_id)
server_id: int = server_sql.select_server_id_by_ip(server_ip)
checker_settings = checker_sql.select_checker_settings_for_server(service_id, server_id)
try:
json_for_sending = {"user_group": group_id, "message": subject}
@ -105,7 +110,7 @@ def alert_routing(
def send_email_to_server_group(subject: str, mes: str, level: str, group_id: int) -> None:
try:
users_email = sql.select_users_emails_by_group_id(group_id)
users_email = user_sql.select_users_emails_by_group_id(group_id)
for user_email in users_email:
send_email(user_email.email, subject, f'{level}: {mes}')
@ -154,9 +159,9 @@ def telegram_send_mess(mess, level, **kwargs):
return
if kwargs.get('channel_id'):
telegrams = sql.get_telegram_by_id(kwargs.get('channel_id'))
telegrams = channel_sql.get_telegram_by_id(kwargs.get('channel_id'))
else:
telegrams = sql.get_telegram_by_ip(kwargs.get('ip'))
telegrams = channel_sql.get_telegram_by_ip(kwargs.get('ip'))
proxy = sql.get_setting('proxy')
@ -189,9 +194,9 @@ def slack_send_mess(mess, level, **kwargs):
return
if kwargs.get('channel_id'):
slacks = sql.get_slack_by_id(kwargs.get('channel_id'))
slacks = channel_sql.get_slack_by_id(kwargs.get('channel_id'))
else:
slacks = sql.get_slack_by_ip(kwargs.get('ip'))
slacks = channel_sql.get_slack_by_ip(kwargs.get('ip'))
proxy = sql.get_setting('proxy')
@ -223,12 +228,12 @@ def pd_send_mess(mess, level, server_ip=None, service_id=None, alert_type=None,
if kwargs.get('channel_id'):
try:
pds = sql.get_pd_by_id(kwargs.get('channel_id'))
pds = channel_sql.get_pd_by_id(kwargs.get('channel_id'))
except Exception as e:
print(e)
else:
try:
pds = sql.get_pd_by_ip(kwargs.get('ip'))
pds = channel_sql.get_pd_by_ip(kwargs.get('ip'))
except Exception as e:
print(e)
@ -283,7 +288,7 @@ def check_email_alert() -> str:
return f'error: Cannot send a message {e}'
try:
user_email = sql.select_user_email_by_uuid(user_uuid)
user_email = user_sql.select_user_email_by_uuid(user_uuid)
except Exception as e:
return f'error: Cannot get a user email: {e}'
@ -299,10 +304,10 @@ def add_telegram_channel(token: str, channel: str, group: str, page: str) -> str
if token is None or channel is None or group is None:
return error_mess
else:
if sql.insert_new_telegram(token, channel, group):
if channel_sql.insert_new_telegram(token, channel, group):
lang = roxywi_common.get_user_lang_for_flask()
channels = sql.select_telegram(token=token)
groups = sql.select_groups()
channels = channel_sql.select_telegram(token=token)
groups = group_sql.select_groups()
roxywi_common.logging('Roxy-WI server', f'A new Telegram channel {channel} has been created ', roxywi=1, login=1)
return render_template('ajax/new_receiver.html', groups=groups, lang=lang, channels=channels, page=page, receiver='telegram')
@ -312,10 +317,10 @@ def add_slack_channel(token: str, channel: str, group: str, page: str) -> str:
if token is None or channel is None or group is None:
return error_mess
else:
if sql.insert_new_slack(token, channel, group):
if channel_sql.insert_new_slack(token, channel, group):
lang = roxywi_common.get_user_lang_for_flask()
channels = sql.select_slack(token=token)
groups = sql.select_groups()
channels = channel_sql.select_slack(token=token)
groups = group_sql.select_groups()
roxywi_common.logging('Roxy-WI server', f'A new Slack channel {channel} has been created ', roxywi=1, login=1)
return render_template('ajax/new_receiver.html', groups=groups, lang=lang, channels=channels, page=page, receiver='slack')
@ -324,58 +329,58 @@ def add_pd_channel(token: str, channel: str, group: str, page: str) -> str:
if token is None or channel is None or group is None:
return error_mess
else:
if sql.insert_new_pd(token, channel, group):
if channel_sql.insert_new_pd(token, channel, group):
lang = roxywi_common.get_user_lang_for_flask()
channels = sql.select_slack(token=token)
groups = sql.select_groups()
channels = channel_sql.select_slack(token=token)
groups = group_sql.select_groups()
roxywi_common.logging('Roxy-WI server', f'A new PagerDuty channel {channel} has been created ', roxywi=1, login=1)
return render_template('ajax/new_receiver.html', groups=groups, lang=lang, channels=channels, page=page, receiver='pd')
def delete_telegram_channel(channel_id) -> str:
telegram = sql.select_telegram(id=channel_id)
telegram = channel_sql.select_telegram(id=channel_id)
channel_name = ''
for t in telegram:
channel_name = t.token
if sql.delete_telegram(channel_id):
if channel_sql.delete_telegram(channel_id):
roxywi_common.logging('Roxy-WI server', f'The Telegram channel {channel_name} has been deleted ', roxywi=1, login=1)
return 'ok'
def delete_slack_channel(channel_id) -> str:
slack = sql.select_slack(id=channel_id)
slack = channel_sql.select_slack(id=channel_id)
channel_name = ''
for t in slack:
channel_name = t.chanel_name
if sql.delete_slack(channel_id):
if channel_sql.delete_slack(channel_id):
roxywi_common.logging('Roxy-WI server', f'The Slack channel {channel_name} has been deleted ', roxywi=1, login=1)
return 'ok'
def delete_pd_channel(channel_id) -> str:
pd = sql.select_pd(id=channel_id)
pd = channel_sql.select_pd(id=channel_id)
channel_name = ''
for t in pd:
channel_name = t.chanel_name
if sql.delete_pd(channel_id):
if channel_sql.delete_pd(channel_id):
roxywi_common.logging('Roxy-WI server', f'The PageDuty channel {channel_name} has been deleted ', roxywi=1, login=1)
return 'ok'
def update_telegram(token: str, channel: str, group: str, user_id: int) -> str:
sql.update_telegram(token, channel, group, user_id)
channel_sql.update_telegram(token, channel, group, user_id)
roxywi_common.logging('group ' + group, f'The Telegram token has been updated for channel: {channel}', roxywi=1, login=1)
return 'ok'
def update_slack(token: str, channel: str, group: str, user_id: int) -> str:
sql.update_slack(token, channel, group, user_id)
channel_sql.update_slack(token, channel, group, user_id)
roxywi_common.logging(f'group {group}', f'The Slack token has been updated for channel: {channel}', roxywi=1, login=1)
return 'ok'
def update_pd(token: str, channel: str, group: str, user_id: int) -> str:
sql.update_pd(token, channel, group, user_id)
channel_sql.update_pd(token, channel, group, user_id)
roxywi_common.logging(f'group {group}', f'The PagerDuty token has been updated for channel: {channel}', roxywi=1, login=1)
return 'ok'

26
app/modules/tools/checker.py
View File

@ -1,6 +1,8 @@
from flask import render_template, redirect, url_for
import app.modules.db.sql as sql
import app.modules.db.group as group_sql
import app.modules.db.channel as channel_sql
import app.modules.db.checker as checker_sql
import app.modules.tools.common as tools_common
import app.modules.roxywi.common as roxywi_common
@ -26,10 +28,10 @@ def load_checker() -> str:
if user_subscription['user_status']:
user_group = roxywi_common.get_user_group(id=1)
kwargs.setdefault('services', tools_common.get_services_status())
kwargs.setdefault('telegrams', sql.get_user_telegram_by_group(user_group))
kwargs.setdefault('pds', sql.get_user_pd_by_group(user_group))
kwargs.setdefault('groups', sql.select_groups())
kwargs.setdefault('slacks', sql.get_user_slack_by_group(user_group))
kwargs.setdefault('telegrams', channel_sql.get_user_telegram_by_group(user_group))
kwargs.setdefault('pds', channel_sql.get_user_pd_by_group(user_group))
kwargs.setdefault('groups', group_sql.select_groups())
kwargs.setdefault('slacks', channel_sql.get_user_slack_by_group(user_group))
kwargs.setdefault('haproxy_servers', roxywi_common.get_dick_permit(haproxy=1, only_group=1))
kwargs.setdefault('nginx_servers', roxywi_common.get_dick_permit(nginx=1, only_group=1))
kwargs.setdefault('apache_servers', roxywi_common.get_dick_permit(apache=1, only_group=1))
@ -37,16 +39,16 @@ def load_checker() -> str:
kwargs.setdefault('user_subscription', user_subscription)
kwargs.setdefault('user_params', user_params)
kwargs.setdefault('lang', user_params['lang'])
kwargs.setdefault('haproxy_settings', sql.select_checker_settings(1))
kwargs.setdefault('nginx_settings', sql.select_checker_settings(2))
kwargs.setdefault('keepalived_settings', sql.select_checker_settings(3))
kwargs.setdefault('apache_settings', sql.select_checker_settings(4))
kwargs.setdefault('haproxy_settings', checker_sql.select_checker_settings(1))
kwargs.setdefault('nginx_settings', checker_sql.select_checker_settings(2))
kwargs.setdefault('keepalived_settings', checker_sql.select_checker_settings(3))
kwargs.setdefault('apache_settings', checker_sql.select_checker_settings(4))
return render_template('ajax/load_checker.html', **kwargs)
def update_haproxy_settings(setting_id, email, service_alert, backend_alert, maxconn_alert, telegram_id, slack_id, pd_id) -> str:
if sql.update_haproxy_checker_settings(email, telegram_id, slack_id, pd_id, service_alert, backend_alert,
if checker_sql.update_haproxy_checker_settings(email, telegram_id, slack_id, pd_id, service_alert, backend_alert,
maxconn_alert, setting_id):
return 'ok'
else:
@ -54,7 +56,7 @@ def update_haproxy_settings(setting_id, email, service_alert, backend_alert, max
def update_keepalived_settings(setting_id, email, service_alert, backend_alert, telegram_id, slack_id, pd_id) -> str:
if sql.update_keepalived_checker_settings(email, telegram_id, slack_id, pd_id, service_alert, backend_alert,
if checker_sql.update_keepalived_checker_settings(email, telegram_id, slack_id, pd_id, service_alert, backend_alert,
setting_id):
return 'ok'
else:
@ -62,7 +64,7 @@ def update_keepalived_settings(setting_id, email, service_alert, backend_alert,
def update_service_settings(setting_id, email, service_alert, telegram_id, slack_id, pd_id) -> str:
if sql.update_service_checker_settings(email, telegram_id, slack_id, pd_id, service_alert, setting_id):
if checker_sql.update_service_checker_settings(email, telegram_id, slack_id, pd_id, service_alert, setting_id):
return 'ok'
else:
return 'error: Cannot update Checker settings'

16
app/modules/tools/common.py
View File

@ -1,13 +1,13 @@
import distro
import modules.db.sql as sql
import modules.roxywi.roxy as roxywi_mod
import modules.server.server as server_mod
import app.modules.db.roxy as roxy_sql
import app.modules.roxywi.roxy as roxywi_mod
import app.modules.server.server as server_mod
def get_services_status(update_cur_ver=0):
services = []
services_name = sql.get_all_tools()
services_name = roxy_sql.get_all_tools()
if update_cur_ver:
try:
@ -27,7 +27,7 @@ def get_services_status(update_cur_ver=0):
def update_roxy_wi(service: str) -> str:
restart_service = ''
services = sql.get_roxy_tools()
services = roxy_sql.get_roxy_tools()
if service not in services:
raise Exception(f'error: {service} is not part of Roxy-WI')
@ -63,7 +63,7 @@ def is_tool_active(tool_name: str) -> str:
def update_cur_tool_versions() -> None:
tools = sql.get_all_tools()
tools = roxy_sql.get_all_tools()
for s, _v in tools.items():
update_cur_tool_version(s)
@ -93,10 +93,10 @@ def update_cur_tool_version(tool_name: str) -> None:
service_ver = 0
try:
sql.update_tool_cur_version(tool_name, service_ver)
roxy_sql.update_tool_cur_version(tool_name, service_ver)
except Exception:
pass
def get_cur_tool_version(tool_name: str) -> str:
return sql.get_tool_cur_version(tool_name)
return roxy_sql.get_tool_cur_version(tool_name)

3
app/modules/tools/smon_agent.py
View File

@ -3,6 +3,7 @@ import uuid
import requests
import app.modules.db.sql as sql
import app.modules.db.smon as smon_sql
import app.modules.db.server as server_sql
import app.modules.common.common as common
import app.modules.roxywi.common as roxywi_common
from app.modules.service.installation import run_ansible
@ -40,7 +41,7 @@ def check_agent_limit():
def add_agent(data) -> int:
name = common.checkAjaxInput(data.get("name"))
server_id = int(data.get("server_id"))
server_ip = sql.select_server_ip_by_id(server_id)
server_ip = server_sql.select_server_ip_by_id(server_id)
desc = common.checkAjaxInput(data.get("desc"))
enabled = int(data.get("enabled"))
agent_uuid = str(uuid.uuid4())

17
app/routes/add/routes.py
View File

@ -5,6 +5,7 @@ from flask_login import login_required
from app.routes.add import bp
import app.modules.db.sql as sql
import app.modules.db.add as add_sql
from middleware import check_services, get_user_params
import app.modules.config.add as add_mod
import app.modules.common.common as common
@ -58,8 +59,8 @@ def add(service):
if not os.path.exists(black_dir):
os.makedirs(black_dir)
kwargs.setdefault('options', sql.select_options())
kwargs.setdefault('saved_servers', sql.select_saved_servers())
kwargs.setdefault('options', add_sql.select_options())
kwargs.setdefault('saved_servers', add_sql.select_saved_servers())
kwargs.setdefault('white_lists', roxywi_common.get_files(folder=white_dir, file_format="lst"))
kwargs.setdefault('black_lists', roxywi_common.get_files(folder=black_dir, file_format="lst"))
kwargs.setdefault('maps', roxywi_common.get_files(folder=f'{lib_path}/maps/{user_group}', file_format="map"))
@ -127,7 +128,7 @@ def add_haproxy():
else:
return 'error: The name cannot be empty'
if request.form.get('backends') is not None:
if request.form.get('backends') != '':
backend = f" default_backend {request.form.get('backends')}\n"
if request.form.get('maxconn'):
@ -496,7 +497,7 @@ def update_option():
option_id = int(request.form.get('id'))
try:
sql.update_options(option, option_id)
add_sql.update_options(option, option_id)
except Exception as e:
return str(e)
else:
@ -506,7 +507,7 @@ def update_option():
@bp.route('/option/delete/<int:option_id>')
def delete_option(option_id):
try:
sql.delete_option(option_id)
add_sql.delete_option(option_id)
except Exception as e:
return str(e)
else:
@ -537,7 +538,7 @@ def update_saved_server():
desc = common.checkAjaxInput(request.form.get('desc'))
try:
sql.update_savedserver(server, desc, server_id)
add_sql.update_saved_server(server, desc, server_id)
except Exception as e:
return str(e)
else:
@ -547,7 +548,7 @@ def update_saved_server():
@bp.route('/server/delete/<int:server_id>')
def delete_saved_server(server_id):
try:
sql.delete_savedserver(server_id)
add_sql.delete_saved_server(server_id)
except Exception as e:
return str(e)
else:
@ -676,6 +677,6 @@ def add_nginx_upstream():
@bp.route('/show/ip/<server_ip>')
def show_ip(server_ip):
server_ip = common.is_ip_or_dns(server_ip)
commands = ['sudo hostname -I | tr " " "\\n"|sed "/^$/d"']
commands = 'sudo hostname -I | tr " " "\\n"|sed "/^$/d"'
return server_mod.ssh_command(server_ip, commands, ip="1")

26
app/routes/admin/routes.py
View File

@ -8,7 +8,13 @@ from flask_login import login_required
from app import scheduler
from app.routes.admin import bp
import app.modules.db.sql as sql
from middleware import get_user_params
import app.modules.db.cred as cred_sql
import app.modules.db.user as user_sql
import app.modules.db.group as group_sql
import app.modules.db.backup as backup_sql
import app.modules.db.server as server_sql
import app.modules.db.service as service_sql
from app.middleware import get_user_params
import app.modules.common.common as common
import app.modules.roxywi.roxy as roxy
import app.modules.roxywi.auth as roxywi_auth
@ -35,21 +41,21 @@ def admin():
kwargs = {
'lang': g.user_params['lang'],
'users': sql.select_users(),
'groups': sql.select_groups(),
'sshs': sql.select_ssh(),
'servers': sql.select_servers(full=1),
'users': user_sql.select_users(),
'groups': group_sql.select_groups(),
'sshs': cred_sql.select_ssh(),
'servers': server_sql.select_servers(full=1),
'roles': sql.select_roles(),
'timezones': pytz.all_timezones,
'settings': sql.get_setting('', all=1),
'ldap_enable': sql.get_setting('ldap_enable'),
'services': sql.select_services(),
'gits': sql.select_gits(),
'masters': sql.select_servers(get_master_servers=1),
'services': service_sql.select_services(),
'gits': backup_sql.select_gits(),
'masters': server_sql.select_servers(get_master_servers=1),
'is_needed_tool': common.is_tool('ansible'),
'grafana': grafana,
'backups': sql.select_backups(),
's3_backups': sql.select_s3_backups(),
'backups': backup_sql.select_backups(),
's3_backups': backup_sql.select_s3_backups(),
'guide_me': 1,
'user_subscription': roxywi_common.return_user_subscription()
}

8
app/routes/checker/routes.py
View File

@ -2,8 +2,9 @@ from flask import render_template, request, g
from flask_login import login_required
from app.routes.checker import bp
from middleware import get_user_params
from app.middleware import get_user_params
import app.modules.db.sql as sql
import app.modules.db.history as history_sql
import app.modules.common.common as common
import app.modules.roxywi.common as roxywi_common
import app.modules.tools.alerting as alerting
@ -13,7 +14,7 @@ import app.modules.tools.checker as checker_mod
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
""" Protect all the admin endpoints. """
pass
@ -60,8 +61,9 @@ def checker_history():
kwargs = {
'lang': g.user_params['lang'],
'smon': sql.alerts_history('Checker', g.user_params['group_id']),
'smon': history_sql.alerts_history('Checker', g.user_params['group_id']),
'user_subscription': roxywi_common.return_user_subscription(),
'action': 'checker'
}
return render_template('smon/checker_history.html', **kwargs)

29
app/routes/config/routes.py
View File

@ -5,6 +5,9 @@ from flask_login import login_required
from app.routes.config import bp
import app.modules.db.sql as sql
import app.modules.db.config as config_sql
import app.modules.db.server as server_sql
import app.modules.db.service as service_sql
from middleware import check_services, get_user_params
import app.modules.common.common as common
import app.modules.roxywi.auth as roxywi_auth
@ -49,7 +52,7 @@ def find_in_config(service):
finding_words = request.form.get('words')
log_path = sql.get_setting(service + '_dir')
log_path = common.return_nice_path(log_path)
commands = [f'sudo grep "{finding_words}" {log_path}*/*.conf -C 2 -Rn']
commands = f'sudo grep "{finding_words}" {log_path}*/*.conf -C 2 -Rn'
try:
return_find = server_mod.ssh_command(server_ip, commands, raw=1)
return_find = config_mod.show_finding_in_config(return_find, grep=finding_words)
@ -84,9 +87,9 @@ def config(service, serv, edit, config_file_name, new):
if serv and edit and new_config is None:
roxywi_common.check_is_server_in_group(serv)
is_serv_protected = sql.is_serv_protected(serv)
server_id = sql.select_server_id_by_ip(serv)
is_restart = sql.select_service_setting(server_id, service, 'restart')
is_serv_protected = server_sql.is_serv_protected(serv)
server_id = server_sql.select_server_id_by_ip(serv)
is_restart = service_sql.select_service_setting(server_id, service, 'restart')
try:
error = config_mod.get_config(serv, cfg, service=service, config_file_name=config_file_name)
@ -121,7 +124,7 @@ def config(service, serv, edit, config_file_name, new):
'is_restart': is_restart,
'config_file_name': config_file_name,
'is_serv_protected': is_serv_protected,
'service_desc': sql.select_service(service),
'service_desc': service_sql.select_service(service),
'lang': g.user_params['lang']
}
@ -182,7 +185,7 @@ def versions(service, server_ip):
for get in request.form.getlist('do_delete'):
if file_fortmat in get and server_ip in get:
try:
if sql.delete_config_version(service, get):
if config_sql.delete_config_version(service, get):
try:
os.remove(get)
except OSError as e:
@ -229,7 +232,7 @@ def list_of_version(service):
@get_user_params(disable=1)
def show_version(service, server_ip, configver, save):
roxywi_auth.page_for_admin(level=3)
service_desc = sql.select_service(service)
service_desc = service_sql.select_service(service)
config_dir = config_common.get_config_dir('haproxy')
configver = config_dir + configver
aftersave = 0
@ -248,10 +251,8 @@ def show_version(service, server_ip, configver, save):
if service == 'keepalived':
stderr = config_mod.upload_and_restart(server_ip, configver, save_action, service)
elif service in ('nginx', 'apache'):
config_file_name = sql.select_remote_path_from_version(server_ip=server_ip, service=service,
local_path=configver)
stderr = config_mod.master_slave_upload_and_restart(server_ip, configver, save_action, service_desc.slug,
config_file_name=config_file_name)
config_file_name = config_sql.select_remote_path_from_version(server_ip=server_ip, service=service, local_path=configver)
stderr = config_mod.master_slave_upload_and_restart(server_ip, configver, save_action, service_desc.slug, config_file_name=config_file_name)
else:
stderr = config_mod.master_slave_upload_and_restart(server_ip, configver, save_action, service)
@ -290,7 +291,7 @@ def haproxy_section_show(server_ip, section):
cfg = config_common.generate_config_path('haproxy', server_ip)
error = config_mod.get_config(server_ip, cfg)
start_line, end_line, config_read = section_mod.get_section_from_config(cfg, section)
server_id = sql.select_server_id_by_ip(server_ip)
server_id = server_sql.select_server_id_by_ip(server_ip)
sections = section_mod.get_sections(cfg)
os.system(f"/bin/mv {cfg} {cfg}.old")
@ -301,7 +302,7 @@ def haproxy_section_show(server_ip, section):
pass
kwargs = {
'is_restart': sql.select_service_setting(server_id, 'haproxy', 'restart'),
'is_restart': service_sql.select_service_setting(server_id, 'haproxy', 'restart'),
'serv': server_ip,
'sections': sections,
'cfg': cfg,
@ -365,7 +366,7 @@ def show_compare_config(service, serv):
'service': service,
'stderr': '',
'error': '',
'service_desc': sql.select_service(service),
'service_desc': service_sql.select_service(service),
'lang': g.user_params['lang']
}

77
app/routes/ha/routes.py
View File

@ -6,6 +6,9 @@ from flask_login import login_required
from app.routes.ha import bp
from middleware import get_user_params, check_services
import app.modules.db.sql as sql
import app.modules.db.ha_cluster as ha_sql
import app.modules.db.server as server_sql
import app.modules.db.service as service_sql
import app.modules.common.common as common
import app.modules.server.server as server_mod
import app.modules.roxywi.common as roxywi_common
@ -27,7 +30,7 @@ def cluster_function(service):
group_id = g.user_params['group_id']
if request.method == 'GET':
kwargs = {
'clusters': sql.select_clusters(group_id),
'clusters': ha_sql.select_clusters(group_id),
'is_needed_tool': common.is_tool('ansible'),
'user_subscription': roxywi_common.return_user_subscription()
}
@ -59,15 +62,15 @@ def cluster_function(service):
@check_services
@get_user_params()
def get_ha_cluster(service, cluster_id):
router_id = sql.get_router_id(cluster_id, default_router=1)
router_id = ha_sql.get_router_id(cluster_id, default_router=1)
kwargs = {
'servers': roxywi_common.get_dick_permit(virt=1),
'clusters': sql.select_cluster(cluster_id),
'slaves': sql.select_cluster_slaves(cluster_id, router_id),
'virts': sql.select_clusters_virts(),
'vips': sql.select_cluster_vips(cluster_id),
'cluster_services': sql.select_cluster_services(cluster_id),
'services': sql.select_services(),
'clusters': ha_sql.select_cluster(cluster_id),
'slaves': ha_sql.select_cluster_slaves(cluster_id, router_id),
'virts': ha_sql.select_clusters_virts(),
'vips': ha_sql.select_cluster_vips(cluster_id),
'cluster_services': ha_sql.select_cluster_services(cluster_id),
'services': service_sql.select_services(),
'group_id': g.user_params['group_id'],
'router_id': router_id,
'lang': g.user_params['lang']
@ -81,14 +84,14 @@ def get_ha_cluster(service, cluster_id):
@get_user_params()
def get_cluster_settings(service, cluster_id):
settings = {}
clusters = sql.select_cluster(cluster_id)
router_id = sql.get_router_id(cluster_id, default_router=1)
slaves = sql.select_cluster_slaves(cluster_id, router_id)
cluster_services = sql.select_cluster_services(cluster_id)
vip = sql.select_clusters_vip(cluster_id, router_id)
return_master = sql.select_clusters_vip_return_master(cluster_id, router_id)
vip_id = sql.select_clusters_vip_id(cluster_id, router_id)
is_virt = sql.check_ha_virt(vip_id)
clusters = ha_sql.select_cluster(cluster_id)
router_id = ha_sql.get_router_id(cluster_id, default_router=1)
slaves = ha_sql.select_cluster_slaves(cluster_id, router_id)
cluster_services = ha_sql.select_cluster_services(cluster_id)
vip = ha_sql.select_clusters_vip(cluster_id, router_id)
return_master = ha_sql.select_clusters_vip_return_master(cluster_id, router_id)
vip_id = ha_sql.select_clusters_vip_id(cluster_id, router_id)
is_virt = ha_sql.check_ha_virt(vip_id)
for cluster in clusters:
settings.setdefault('name', cluster.name)
settings.setdefault('desc', cluster.desc)
@ -118,14 +121,14 @@ def get_cluster_settings(service, cluster_id):
def show_ha_cluster(service, cluster_id):
services = []
service = 'keepalived'
service_desc = sql.select_service(service)
router_id = sql.get_router_id(cluster_id, default_router=1)
servers = sql.select_cluster_master_slaves(cluster_id, g.user_params['group_id'], router_id)
service_desc = service_sql.select_service(service)
router_id = ha_sql.get_router_id(cluster_id, default_router=1)
servers = ha_sql.select_cluster_master_slaves(cluster_id, g.user_params['group_id'], router_id)
waf_server = ''
cmd = "ps ax |grep -e 'keep_alive.py' |grep -v grep |wc -l"
keep_alive, stderr = server_mod.subprocess_execute(cmd)
servers_with_status1 = []
restart_settings = sql.select_restart_services_settings(service_desc.slug)
restart_settings = service_sql.select_restart_services_settings(service_desc.slug)
for s in servers:
servers_with_status = list()
servers_with_status.append(s[0])
@ -136,15 +139,15 @@ def show_ha_cluster(service, cluster_id):
servers_with_status.append(status1)
servers_with_status.append(status2)
servers_with_status.append(s[22])
servers_with_status.append(sql.is_master(s[2]))
servers_with_status.append(sql.select_servers(server=s[2]))
servers_with_status.append(server_sql.is_master(s[2]))
servers_with_status.append(server_sql.select_servers(server=s[2]))
is_keepalived = sql.select_keepalived(s[2])
is_keepalived = service_sql.select_keepalived(s[2])
if is_keepalived:
try:
cmd = ['sudo kill -USR1 `cat /var/run/keepalived.pid` && sudo grep State /tmp/keepalived.data -m 1 |'
'awk -F"=" \'{print $2}\'|tr -d \'[:space:]\' && sudo rm -f /tmp/keepalived.data']
cmd = ('sudo kill -USR1 `cat /var/run/keepalived.pid` && sudo grep State /tmp/keepalived.data -m 1 |'
'awk -F"=" \'{print $2}\'|tr -d \'[:space:]\' && sudo rm -f /tmp/keepalived.data')
out = server_mod.ssh_command(s[2], cmd)
out1 = ('1', out)
servers_with_status.append(out1)
@ -165,8 +168,8 @@ def show_ha_cluster(service, cluster_id):
'keep_alive': ''.join(keep_alive),
'restart_settings': restart_settings,
'user_subscription': user_subscription,
'clusters': sql.select_ha_cluster_name_and_slaves(),
'master_slave': sql.is_master(0, master_slave=1),
'clusters': ha_sql.select_ha_cluster_name_and_slaves(),
'master_slave': server_sql.is_master(0, master_slave=1),
'lang': g.user_params['lang']
}
@ -179,10 +182,10 @@ def show_ha_cluster(service, cluster_id):
def get_slaves(service, cluster_id):
lang = g.user_params['lang']
if request.method == 'GET':
router_id = sql.get_router_id(cluster_id, default_router=1)
router_id = ha_sql.get_router_id(cluster_id, default_router=1)
else:
router_id = int(request.form.get('router_id'))
slaves = sql.select_cluster_slaves(cluster_id, router_id)
slaves = ha_sql.select_cluster_slaves(cluster_id, router_id)
return render_template('ajax/ha/add_vip_slaves.html', lang=lang, slaves=slaves)
@ -194,11 +197,11 @@ def get_server_slaves(service, cluster_id):
group_id = g.user_params['group_id']
lang = g.user_params['lang']
try:
router_id = sql.get_router_id(cluster_id, default_router=1)
slaves = sql.select_cluster_slaves(cluster_id, router_id)
router_id = ha_sql.get_router_id(cluster_id, default_router=1)
slaves = ha_sql.select_cluster_slaves(cluster_id, router_id)
except Exception:
slaves = ''
free_servers = sql.select_ha_cluster_not_masters_not_slaves(group_id)
free_servers = ha_sql.select_ha_cluster_not_masters_not_slaves(group_id)
return render_template('ajax/ha/slave_servers.html', free_servers=free_servers, slaves=slaves, lang=lang)
@ -208,7 +211,7 @@ def get_server_slaves(service, cluster_id):
@get_user_params()
def get_masters(service):
group_id = g.user_params['group_id']
free_servers = sql.select_ha_cluster_not_masters_not_slaves(group_id)
free_servers = ha_sql.select_ha_cluster_not_masters_not_slaves(group_id)
return render_template('ajax/ha/masters.html', free_servers=free_servers)
@ -217,9 +220,9 @@ def get_masters(service):
@check_services
def get_vip_settings(service, cluster_id, router_id):
settings = {}
return_master = sql.select_clusters_vip_return_master(cluster_id, router_id)
vip_id = sql.select_clusters_vip_id(cluster_id, router_id)
is_virt = sql.check_ha_virt(vip_id)
return_master = ha_sql.select_clusters_vip_return_master(cluster_id, router_id)
vip_id = ha_sql.select_clusters_vip_id(cluster_id, router_id)
is_virt = ha_sql.check_ha_virt(vip_id)
settings.setdefault('return_to_master', return_master)
settings.setdefault('virt_server', is_virt)
return jsonify(settings)
@ -249,7 +252,7 @@ def ha_vip(service, cluster_id):
elif request.method == 'DELETE':
router_id = int(json_data['router_id'])
try:
sql.delete_ha_router(router_id)
ha_sql.delete_ha_router(router_id)
return 'ok'
except Exception as e:
return f'error: Cannot delete VIP: {e}'

4
app/routes/install/routes.py
View File

@ -46,7 +46,7 @@ def get_service_version(service, server_ip):
if service in ('haproxy', 'nginx', 'apache'):
return service_common.show_service_version(server_ip, service)
elif service == 'keepalived':
cmd = ["sudo /usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}'"]
cmd = "sudo /usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}'"
return server_mod.ssh_command(server_ip, cmd)
else:
return 'error: Wrong service'
@ -119,5 +119,5 @@ def check_geoip(service, server_ip):
return 'error: Wrong service'
service_dir = common.return_nice_path(sql.get_setting(f'{service}_dir'))
cmd = [f"ls {service_dir}geoip/"]
cmd = f"ls {service_dir}geoip/"
return server_mod.ssh_command(server_ip, cmd)

5
app/routes/logs/routes.py
View File

@ -2,8 +2,9 @@ from flask import render_template, request, redirect, url_for, g
from flask_login import login_required
from app.routes.logs import bp
from middleware import check_services, get_user_params
from app.middleware import check_services, get_user_params
import app.modules.db.sql as sql
import app.modules.db.service as service_sql
import app.modules.common.common as common
import app.modules.roxywi.auth as roxywi_auth
import app.modules.roxywi.logs as roxy_logs
@ -69,7 +70,7 @@ def logs(service, waf):
grep = ''
if service in ('haproxy', 'nginx', 'keepalived', 'apache') and not waf:
service_desc = sql.select_service(service)
service_desc = service_sql.select_service(service)
service_name = service_desc.service
servers = roxywi_common.get_dick_permit(service=service_desc.slug)
elif waf:

50
app/routes/main/routes.py
View File

@ -10,8 +10,14 @@ sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app'))
from app import app, cache
from app.routes.main import bp
import app.modules.db.sql as sql
from modules.db.db_model import conn
from middleware import check_services, get_user_params
import app.modules.db.cred as cred_sql
import app.modules.db.user as user_sql
import app.modules.db.group as group_sql
import app.modules.db.backup as backup_sql
import app.modules.db.server as server_sql
import app.modules.db.service as service_sql
import app.modules.db.history as history_sql
from app.middleware import check_services, get_user_params
import app.modules.common.common as common
import app.modules.roxywi.roxy as roxy
import app.modules.roxywi.auth as roxywi_auth
@ -70,12 +76,6 @@ def make_session_permanent():
session.permanent = True
@app.teardown_request
def _db_close(exc):
if not conn.is_closed():
conn.close()
@bp.route('/stats/<service>/', defaults={'serv': None})
@bp.route('/stats/<service>/<serv>')
@login_required
@ -86,7 +86,7 @@ def stats(service, serv):
'autorefresh': 1,
'serv': serv,
'service': service,
'service_desc': sql.select_service(service),
'service_desc': service_sql.select_service(service),
'lang': g.user_params['lang']
}
return render_template('statsview.html', **kwargs)
@ -140,26 +140,26 @@ def service_history(service, server_ip):
server_ip = common.checkAjaxInput(server_ip)
if service in ('haproxy', 'nginx', 'keepalived', 'apache', 'cluster'):
service_desc = sql.select_service(service)
service_desc = service_sql.select_service(service)
if not roxywi_auth.is_access_permit_to_service(service_desc.slug):
abort(403, f'You do not have needed permissions to access to {service_desc.slug.title()} service')
if service == 'cluster':
server_id = server_ip
else:
server_id = sql.select_server_id_by_ip(server_ip)
history = sql.select_action_history_by_server_id_and_service(server_id, service_desc.service)
server_id = server_sql.select_server_id_by_ip(server_ip)
history = history_sql.select_action_history_by_server_id_and_service(server_id, service_desc.service)
elif service == 'server':
if roxywi_common.check_is_server_in_group(server_ip):
server_id = sql.select_server_id_by_ip(server_ip)
history = sql.select_action_history_by_server_id(server_id)
server_id = server_sql.select_server_id_by_ip(server_ip)
history = history_sql.select_action_history_by_server_id(server_id)
elif service == 'user':
history = sql.select_action_history_by_user_id(server_ip)
history = history_sql.select_action_history_by_user_id(server_ip)
else:
abort(404, f'History not found')
kwargs = {
'user_subscription': roxywi_common.return_user_subscription(),
'users': sql.select_users(),
'users': user_sql.select_users(),
'serv': server_ip,
'service': service,
'history': history
@ -177,24 +177,24 @@ def servers():
user_group = roxywi_common.get_user_group(id=1)
kwargs = {
'h2': 1,
'users': sql.select_users(group=user_group),
'groups': sql.select_groups(),
'users': user_sql.select_users(group=user_group),
'groups': group_sql.select_groups(),
'servers': roxywi_common.get_dick_permit(virt=1, disable=0, only_group=1),
'roles': sql.select_roles(),
'sshs': sql.select_ssh(group=user_group),
'masters': sql.select_servers(get_master_servers=1, uuid=g.user_params['user_uuid']),
'sshs': cred_sql.select_ssh(group=user_group),
'masters': server_sql.select_servers(get_master_servers=1, uuid=g.user_params['user_uuid']),
'group': roxywi_common.get_user_group(id=1),
'services': sql.select_services(),
'services': service_sql.select_services(),
'timezones': pytz.all_timezones,
'guide_me': 1,
'settings': sql.get_setting('', all=1),
'backups': sql.select_backups(),
's3_backups': sql.select_s3_backups(),
'backups': backup_sql.select_backups(),
's3_backups': backup_sql.select_s3_backups(),
'page': 'servers.py',
'ldap_enable': sql.get_setting('ldap_enable'),
'gits': sql.select_gits(),
'gits': backup_sql.select_gits(),
'is_needed_tool': common.is_tool('ansible'),
'user_roles': sql.select_user_roles_by_group(user_group),
'user_roles': user_sql.select_user_roles_by_group(user_group),
'user_subscription': roxywi_common.return_user_subscription(),
'lang': g.user_params['lang']
}

20
app/routes/metric/routes.py
View File

@ -3,7 +3,9 @@ from flask import render_template, request, jsonify, g
from flask_login import login_required
from app.routes.metric import bp
import app.modules.db.sql as sql
import app.modules.db.server as server_sql
import app.modules.db.metric as metric_sql
import app.modules.db.service as service_sql
from app.middleware import check_services, get_user_params
import app.modules.common.common as common
import app.modules.server.server as server_mod
@ -40,12 +42,12 @@ def metrics(service):
else:
services = '1'
if service == 'nginx':
servers = sql.select_nginx_servers_metrics_for_master()
servers = metric_sql.select_nginx_servers_metrics_for_master()
elif service == 'apache':
servers = sql.select_apache_servers_metrics_for_master()
servers = metric_sql.select_apache_servers_metrics_for_master()
else:
group_id = roxywi_common.get_user_group(id=1)
servers = sql.select_servers_metrics(group_id)
servers = metric_sql.select_servers_metrics(group_id)
else:
servers = ''
except Exception as e:
@ -56,7 +58,7 @@ def metrics(service):
'servers': servers,
'service': service,
'services': services,
'service_desc': sql.select_service(service),
'service_desc': service_sql.select_service(service),
'user_subscription': roxywi_common.return_user_subscription(),
'lang': g.user_params['lang']
}
@ -86,9 +88,9 @@ def table_metrics(service):
group_id = roxywi_common.get_user_group(id=1)
if service in ('nginx', 'apache'):
table_stat = sql.select_service_table_metrics(service, group_id)
table_stat = metric_sql.select_service_table_metrics(service, group_id)
else:
table_stat = sql.select_table_metrics(group_id)
table_stat = metric_sql.select_table_metrics(group_id)
return render_template('ajax/table_metrics.html', table_stat=table_stat, service=service, lang=lang)
@ -96,7 +98,7 @@ def table_metrics(service):
@bp.post('/<service>/<server_ip>')
def show_metric(service, server_ip):
server_ip = common.is_ip_or_dns(server_ip)
hostname = sql.get_hostname_by_server_ip(server_ip)
hostname = server_sql.get_hostname_by_server_ip(server_ip)
time_range = common.checkAjaxInput(request.form.get('time_range'))
if service in ('nginx', 'apache', 'waf'):
@ -111,7 +113,7 @@ def show_metric(service, server_ip):
@check_services
def show_http_metric(service, server_ip):
server_ip = common.is_ip_or_dns(server_ip)
hostname = sql.get_hostname_by_server_ip(server_ip)
hostname = server_sql.get_hostname_by_server_ip(server_ip)
time_range = common.checkAjaxInput(request.form.get('time_range'))
if service == 'haproxy':

5
app/routes/overview/routes.py
View File

@ -2,8 +2,9 @@ from flask import render_template, g
from flask_login import login_required
from app.routes.overview import bp
from middleware import get_user_params
from app.middleware import get_user_params
import app.modules.db.sql as sql
import app.modules.db.group as group_sql
import app.modules.roxywi.logs as roxy_logs
import app.modules.roxywi.overview as roxy_overview
@ -22,7 +23,7 @@ def index():
kwargs = {
'autorefresh': 1,
'roles': sql.select_roles(),
'groups': sql.select_groups(),
'groups': group_sql.select_groups(),
'guide_me': 1,
'lang': g.user_params['lang']
}

20
app/routes/portscanner/routes.py
View File

@ -2,8 +2,10 @@ from flask import render_template, request, g
from flask_login import login_required
from app.routes.portscanner import bp
from middleware import get_user_params
from app.middleware import get_user_params
import app.modules.db.sql as sql
import app.modules.db.server as server_sql
import app.modules.db.portscanner as ps_sql
import app.modules.common.common as common
import app.modules.server.server as server_mod
import app.modules.roxywi.common as roxywi_common
@ -13,14 +15,14 @@ import app.modules.tools.common as tools_common
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
""" Protect all the admin endpoints. """
pass
@bp.route('')
@get_user_params(virt=1)
def portscanner():
port_scanner_settings = sql.select_port_scanner_settings(g.user_params['group_id'])
port_scanner_settings = ps_sql.select_port_scanner_settings(g.user_params['group_id'])
if not port_scanner_settings:
port_scanner_settings = ''
@ -28,7 +30,7 @@ def portscanner():
else:
count_ports = list()
for s in g.user_params['servers']:
count_ports_from_sql = sql.select_count_opened_ports(s[2])
count_ports_from_sql = ps_sql.select_count_opened_ports(s[2])
i = (s[2], count_ports_from_sql)
count_ports.append(i)
@ -50,7 +52,7 @@ def portscanner_history(server_ip):
kwargs = {
'h2': 1,
'lang': g.user_params['lang'],
'history': sql.select_port_scanner_history(server_ip),
'history': ps_sql.select_port_scanner_history(server_ip),
'user_subscription': roxywi_common.return_user_subscription()
}
@ -63,13 +65,13 @@ def change_settings_portscanner():
enabled = common.checkAjaxInput(request.form.get('enabled'))
notify = common.checkAjaxInput(request.form.get('notify'))
history = common.checkAjaxInput(request.form.get('history'))
user_group_id = [server[3] for server in sql.select_servers(id=server_id)]
user_group_id = [server[3] for server in server_sql.select_servers(id=server_id)]
try:
if sql.insert_port_scanner_settings(server_id, user_group_id[0], enabled, notify, history):
if ps_sql.insert_port_scanner_settings(server_id, user_group_id[0], enabled, notify, history):
return 'ok'
else:
if sql.update_port_scanner_settings(server_id, user_group_id[0], enabled, notify, history):
if ps_sql.update_port_scanner_settings(server_id, user_group_id[0], enabled, notify, history):
return 'ok'
except Exception as e:
return f'error: Cannot save settings: {e}'
@ -83,7 +85,7 @@ def scan_port(server_id, server_ip):
if server_ip:
ip = server_ip
else:
server = sql.select_servers(id=server_id)
server = server_sql.select_servers(id=server_id)
ip = ''
for s in server:

21
app/routes/server/routes.py
View File

@ -5,6 +5,9 @@ from flask_login import login_required
from app.routes.server import bp
import app.modules.db.sql as sql
import app.modules.db.cred as cred_sql
import app.modules.db.group as group_sql
import app.modules.db.server as server_sql
import app.modules.common.common as common
import app.modules.roxywi.group as group_mod
import app.modules.roxywi.auth as roxywi_auth
@ -30,7 +33,7 @@ def check_ssh(server_ip):
server_ip = common.is_ip_or_dns(server_ip)
try:
return server_mod.ssh_command(server_ip, ["ls -1t"])
return server_mod.ssh_command(server_ip, "ls -1t")
except Exception as e:
return str(e)
@ -46,9 +49,9 @@ def check_server(server_ip):
def show_if(server_ip):
roxywi_auth.page_for_admin(level=2)
server_ip = common.is_ip_or_dns(server_ip)
commands = ["sudo ip link|grep 'UP' |grep -v 'lo'| awk '{print $2}' |awk -F':' '{print $1}'"]
command = "sudo ip link|grep 'UP' |grep -v 'lo'| awk '{print $2}' |awk -F':' '{print $1}'"
return server_mod.ssh_command(server_ip, commands)
return server_mod.ssh_command(server_ip, command)
@bp.route('/create', methods=['POST'])
@ -113,8 +116,8 @@ def create_server():
roxywi_common.logging(ip, f'A new server {hostname} has been created', roxywi=1, login=1, keep_history=1, service='server')
return render_template(
'ajax/new_server.html', groups=sql.select_groups(), servers=sql.select_servers(server=ip), lang=lang,
masters=sql.select_servers(get_master_servers=1), sshs=sql.select_ssh(group=group), page=page,
'ajax/new_server.html', groups=group_sql.select_groups(), servers=server_sql.select_servers(server=ip), lang=lang,
masters=server_sql.select_servers(get_master_servers=1), sshs=cred_sql.select_ssh(group=group), page=page,
user_subscription=user_subscription, adding=1
)
except Exception as e:
@ -151,8 +154,8 @@ def update_server():
if name is None or port is None:
return error_mess
else:
sql.update_server(name, group, typeip, enable, master, serv_id, cred, port, desc, firewall, protected)
server_ip = sql.select_server_ip_by_id(serv_id)
server_sql.update_server(name, group, typeip, enable, master, serv_id, cred, port, desc, firewall, protected)
server_ip = server_sql.select_server_ip_by_id(serv_id)
roxywi_common.logging(server_ip, f'The server {name} has been update', roxywi=1, login=1, keep_history=1, service='server')
return 'ok'
@ -173,9 +176,9 @@ def create_group():
return error_mess
else:
try:
if sql.add_group(newgroup, desc):
if group_sql.add_group(newgroup, desc):
roxywi_common.logging('Roxy-WI server', f'A new group {newgroup} has been created', roxywi=1, login=1)
return render_template('ajax/new_group.html', groups=sql.select_groups(group=newgroup))
return render_template('ajax/new_group.html', groups=group_sql.select_groups(group=newgroup))
except Exception as e:
return str(e)

65
app/routes/service/routes.py
View File

@ -5,7 +5,12 @@ from flask_login import login_required
from app import cache
from app.routes.service import bp
import app.modules.db.sql as sql
from middleware import check_services, get_user_params
import app.modules.db.waf as waf_sql
import app.modules.db.user as user_sql
import app.modules.db.ha_cluster as ha_sql
import app.modules.db.server as server_sql
import app.modules.db.service as service_sql
from app.middleware import check_services, get_user_params
import app.modules.common.common as common
import app.modules.server.server as server_mod
import app.modules.service.action as service_action
@ -28,7 +33,7 @@ def before_request():
@get_user_params()
def services(service, serv):
tools = []
service_desc = sql.select_service(service)
service_desc = service_sql.select_service(service)
servers = roxywi_common.get_dick_permit(virt=1, service=service_desc.slug)
servers_with_status1 = []
autorefresh = 0
@ -44,17 +49,17 @@ def services(service, serv):
if serv:
if roxywi_common.check_is_server_in_group(serv):
servers = sql.select_servers(server=serv)
servers = server_sql.select_servers(server=serv)
autorefresh = 1
waf_server = sql.select_waf_servers(serv)
server_id = sql.select_server_id_by_ip(serv)
docker_settings = sql.select_docker_service_settings(server_id, service_desc.slug)
restart_settings = sql.select_restart_service_settings(server_id, service_desc.slug)
waf_server = waf_sql.select_waf_servers(serv)
server_id = server_sql.select_server_id_by_ip(serv)
docker_settings = service_sql.select_docker_service_settings(server_id, service_desc.slug)
restart_settings = service_sql.select_restart_service_settings(server_id, service_desc.slug)
else:
raise Exception('error: wrong group')
else:
docker_settings = sql.select_docker_services_settings(service_desc.slug)
restart_settings = sql.select_restart_services_settings(service_desc.slug)
docker_settings = service_sql.select_docker_services_settings(service_desc.slug)
restart_settings = service_sql.select_restart_services_settings(service_desc.slug)
for s, v in services_name.items():
if distro.id() == 'ubuntu':
@ -77,17 +82,13 @@ def services(service, serv):
servers_with_status.append(s[11])
if service == 'nginx':
h = (['', ''],)
cmd = [
"/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active' |awk "
"'{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l"
]
cmd = ("/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active' |awk "
"'{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l")
for service_set in docker_settings:
if service_set.server_id == s[0] and service_set.setting == 'dockerized' and service_set.value == '1':
container_name = sql.get_setting('nginx_container_name')
cmd = [
"docker exec -it " + container_name + " /usr/sbin/nginx -v 2>&1|awk '{print $3}' && "
"docker ps -a -f name=" + container_name + " --format '{{.Status}}'|tail -1 && ps ax |grep nginx:|grep -v grep |wc -l"
]
cmd = ("docker exec -it " + container_name + " /usr/sbin/nginx -v 2>&1|awk '{print $3}' "
"&& docker ps -a -f name=" + container_name + " --format '{{.Status}}'|tail -1 && ps ax |grep nginx:|grep -v grep |wc -l")
try:
out = server_mod.ssh_command(s[2], cmd)
h = ()
@ -140,13 +141,13 @@ def services(service, serv):
servers_with_status.append(s[12])
servers_with_status.append(sql.select_servers(server=s[2]))
is_keepalived = sql.select_keepalived(s[2])
servers_with_status.append(server_sql.select_servers(server=s[2]))
is_keepalived = service_sql.select_keepalived(s[2])
if is_keepalived:
try:
cmd = ['sudo kill -USR1 `cat /var/run/keepalived.pid` && sudo grep State /tmp/keepalived.data -m 1 |'
'awk -F"=" \'{print $2}\'|tr -d \'[:space:]\' && sudo rm -f /tmp/keepalived.data']
cmd = ('sudo kill -USR1 `cat /var/run/keepalived.pid` && sudo grep State /tmp/keepalived.data -m 1 |'
'awk -F"=" \'{print $2}\'|tr -d \'[:space:]\' && sudo rm -f /tmp/keepalived.data')
out = server_mod.ssh_command(s[2], cmd)
out1 = ('1', out)
servers_with_status.append(out1)
@ -158,8 +159,8 @@ def services(service, serv):
servers_with_status1.append(servers_with_status)
kwargs = {
'clusters': sql.select_ha_cluster_name_and_slaves(),
'master_slave': sql.is_master(0, master_slave=1),
'clusters': ha_sql.select_ha_cluster_name_and_slaves(),
'master_slave': server_sql.is_master(0, master_slave=1),
'user_subscription': roxywi_common.return_user_subscription(),
'autorefresh': autorefresh,
'servers': servers_with_status1,
@ -225,7 +226,7 @@ def cpu_ram_metrics(server_ip, server_id, name, service):
group_id = int(request.cookies.get('group'))
kwargs = {
'service_status': sorted(servers, key=common.get_key),
'role': sql.get_user_role_by_uuid(user_id, group_id),
'role': user_sql.get_user_role_by_uuid(user_id, group_id),
'id': server_id,
'service_page': service,
'lang': g.user_params['lang']
@ -273,7 +274,7 @@ def show_service_backends(service, server_ip):
@bp.route('/position/<int:server_id>/<int:pos>')
def change_pos(server_id, pos):
return sql.update_server_pos(pos, server_id)
return server_sql.update_server_pos(pos, server_id)
@bp.route('/haproxy/version/<server_ip>')
@ -286,7 +287,7 @@ def get_haproxy_v(server_ip):
@bp.route('/settings/<service>/<int:server_id>')
@check_services
def show_service_settings(service, server_id):
settings = sql.select_service_settings(server_id, service)
settings = service_sql.select_service_settings(server_id, service)
return render_template('ajax/service_settings.html', settings=settings, service=service)
@ -297,14 +298,14 @@ def save_service_settings(service):
haproxy_enterprise = common.checkAjaxInput(request.form.get('serverSettingsEnterprise'))
service_dockerized = common.checkAjaxInput(request.form.get('serverSettingsDockerized'))
service_restart = common.checkAjaxInput(request.form.get('serverSettingsRestart'))
server_ip = sql.select_server_ip_by_id(server_id)
server_ip = server_sql.select_server_ip_by_id(server_id)
service_docker = f'Service {service.title()} has been flagged as a dockerized'
service_systemd = f'Service {service.title()} has been flagged as a system service'
disable_restart = f'Restart option is disabled for {service.title()} service'
enable_restart = f'Restart option is disabled for {service.title()} service'
if service == 'haproxy':
if sql.insert_or_update_service_setting(server_id, service, 'haproxy_enterprise', haproxy_enterprise):
if service_sql.insert_or_update_service_setting(server_id, service, 'haproxy_enterprise', haproxy_enterprise):
if haproxy_enterprise == '1':
roxywi_common.logging(server_ip, 'Service has been flagged as an Enterprise version', roxywi=1, login=1,
keep_history=1, service=service)
@ -312,13 +313,13 @@ def save_service_settings(service):
roxywi_common.logging(server_ip, 'Service has been flagged as a community version', roxywi=1, login=1,
keep_history=1, service=service)
if sql.insert_or_update_service_setting(server_id, service, 'dockerized', service_dockerized):
if service_sql.insert_or_update_service_setting(server_id, service, 'dockerized', service_dockerized):
if service_dockerized == '1':
roxywi_common.logging(server_ip, service_docker, roxywi=1, login=1, keep_history=1, service=service)
else:
roxywi_common.logging(server_ip, service_systemd, roxywi=1, login=1, keep_history=1, service=service)
if sql.insert_or_update_service_setting(server_id, service, 'restart', service_restart):
if service_sql.insert_or_update_service_setting(server_id, service, 'restart', service_restart):
if service_restart == '1':
roxywi_common.logging(server_ip, disable_restart, roxywi=1, login=1, keep_history=1, service=service)
else:
@ -335,8 +336,8 @@ def update_tools_enable(service):
name = request.form.get('name')
alert = request.form.get('alert_en')
metrics = request.form.get('metrics')
sql.update_hapwi_server(server_id, alert, metrics, active, service)
server_ip = sql.select_server_ip_by_id(server_id)
service_sql.update_hapwi_server(server_id, alert, metrics, active, service)
server_ip = server_sql.select_server_ip_by_id(server_id)
roxywi_common.logging(server_ip, f'The server {name} has been updated ', roxywi=1, login=1, keep_history=1,
service=service)

28
app/routes/smon/routes.py
View File

@ -5,21 +5,15 @@ from datetime import datetime
from app.routes.smon import bp
from app.middleware import get_user_params
from app.modules.db.db_model import conn
import app.modules.db.sql as sql
import app.modules.db.history as history_sql
import app.modules.db.smon as smon_sql
import app.modules.db.channel as channel_sql
import app.modules.common.common as common
import app.modules.roxywi.common as roxywi_common
import app.modules.tools.smon as smon_mod
import app.modules.tools.common as tools_common
@bp.teardown_request
def _db_close(exc):
if not conn.is_closed():
conn.close()
@bp.route('/dashboard')
@login_required
@get_user_params()
@ -41,9 +35,9 @@ def smon_main_dashboard():
'group': group_id,
'smon_status': tools_common.is_tool_active('roxy-wi-smon'),
'user_subscription': roxywi_common.return_user_subscription(),
'telegrams': sql.get_user_telegram_by_group(group_id),
'slacks': sql.get_user_pd_by_group(group_id),
'pds': sql.get_user_slack_by_group(group_id),
'telegrams': channel_sql.get_user_telegram_by_group(group_id),
'slacks': channel_sql.get_user_pd_by_group(group_id),
'pds': channel_sql.get_user_slack_by_group(group_id),
'sort': request.args.get('sort', None)
}
@ -337,9 +331,10 @@ def smon_history():
kwargs = {
'lang': g.user_params['lang'],
'smon': sql.alerts_history('SMON', g.user_params['group_id']),
'smon': history_sql.alerts_history('SMON', g.user_params['group_id']),
'smon_status': tools_common.is_tool_active('roxy-wi-smon'),
'user_subscription': roxywi_common.return_user_subscription()
'user_subscription': roxywi_common.return_user_subscription(),
'action': 'smon'
}
return render_template('smon/history.html', **kwargs)
@ -351,15 +346,16 @@ def smon_history():
def smon_host_history(server_ip):
roxywi_common.check_user_group_for_flask()
needed_host = common.is_ip_or_dns(server_ip)
needed_host = common.checkAjaxInput(server_ip)
smon_status = tools_common.is_tool_active('roxy-wi-smon')
smon = sql.alerts_history('SMON', g.user_params['group_id'], host=needed_host)
smon = history_sql.alerts_history('SMON', g.user_params['group_id'], host=needed_host)
user_subscription = roxywi_common.return_user_subscription()
kwargs = {
'lang': g.user_params['lang'],
'smon': smon,
'smon_status': smon_status,
'user_subscription': user_subscription
'user_subscription': user_subscription,
'action': 'smon'
}
return render_template('smon/history.html', **kwargs)

10
app/routes/user/routes.py
View File

@ -5,6 +5,8 @@ from flask_login import login_required
from app.routes.user import bp
import app.modules.db.sql as sql
import app.modules.db.user as user_sql
import app.modules.db.group as group_sql
import app.modules.common.common as common
import app.modules.roxywi.user as roxywi_user
import app.modules.roxywi.auth as roxywi_auth
@ -14,7 +16,7 @@ import app.modules.roxywi.common as roxywi_common
@bp.before_request
@login_required
def before_request():
""" Protect all of the admin endpoints. """
""" Protect all the admin endpoints. """
pass
@ -43,7 +45,7 @@ def create_user():
return str(e)
else:
return render_template(
'ajax/new_user.html', users=sql.select_users(user=new_user), groups=sql.select_groups(), page=page,
'ajax/new_user.html', users=user_sql.select_users(user=new_user), groups=group_sql.select_groups(), page=page,
roles=sql.select_roles(), adding=1, lang=lang
)
@ -67,7 +69,7 @@ def update_user():
return 'error: dalsd'
else:
try:
sql.update_user_from_admin_area(new_user, email, user_id, enabled)
user_sql.update_user_from_admin_area(new_user, email, user_id, enabled)
except Exception as e:
return f'error: Cannot update user: {e}'
roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1)
@ -145,4 +147,4 @@ def change_user_groups_and_roles():
@bp.route('/group/name/<int:group_id>')
def get_group_name_by_id(group_id):
return sql.get_group_name_by_id(group_id)
return group_sql.get_group_name_by_id(group_id)

19
app/routes/waf/routes.py
View File

@ -5,7 +5,8 @@ from flask_login import login_required
from app.routes.waf import bp
import app.modules.db.sql as sql
from middleware import check_services, get_user_params
import app.modules.db.waf as waf_sql
from app.middleware import check_services, get_user_params
import app.modules.common.common as common
import app.modules.roxy_wi_tools as roxy_wi_tools
import app.modules.roxywi.waf as roxy_waf
@ -43,7 +44,7 @@ def waf(service):
'title': 'Web application firewall',
'autorefresh': 1,
'serv': '',
'servers': sql.select_waf_servers_metrics(g.user_params['user_uuid']),
'servers': waf_sql.select_waf_servers_metrics(g.user_params['group_id']),
'servers_all': servers,
'manage_rules': '',
'rules': '',
@ -69,10 +70,10 @@ def waf_rules(service, server_ip):
kwargs = {
'title': 'Manage rules - Web application firewall',
'serv': server_ip,
'servers': sql.select_waf_servers_metrics(g.user_params['user_uuid']),
'servers': waf_sql.select_waf_servers_metrics(g.user_params['group_id']),
'servers_all': '',
'manage_rules': '1',
'rules': sql.select_waf_rules(server_ip, service),
'rules': waf_sql.select_waf_rules(server_ip, service),
'waf_rule_file': '',
'waf_rule_id': '',
'config': '',
@ -98,7 +99,7 @@ def waf_rule_edit(service, server_ip, rule_id):
else:
config_path = sql.get_setting('haproxy_dir')
waf_rule_file = sql.select_waf_rule_by_id(rule_id)
waf_rule_file = waf_sql.select_waf_rule_by_id(rule_id)
configs_dir = sql.get_setting('tmp_config_path')
cfg = f"{configs_dir}{server_ip}-{get_date.return_date('config')}-{waf_rule_file}"
error = config_mod.get_config(server_ip, cfg, waf=service, waf_rule_file=waf_rule_file)
@ -115,11 +116,11 @@ def waf_rule_edit(service, server_ip, rule_id):
kwargs = {
'title': 'Edit a WAF rule',
'serv': server_ip,
'servers': sql.select_waf_servers_metrics(g.user_params['user_uuid']),
'servers': waf_sql.select_waf_servers_metrics(g.user_params['group_id']),
'servers_all': '',
'manage_rules': '',
'rules': sql.select_waf_rules(server_ip, service),
'waf_rule_file': sql.select_waf_rule_by_id(rule_id),
'rules': waf_sql.select_waf_rules(server_ip, service),
'waf_rule_file': waf_sql.select_waf_rule_by_id(rule_id),
'waf_rule_id': rule_id,
'config': config_read,
'cfg': cfg,
@ -205,4 +206,4 @@ def overview_waf(service, server_ip):
@bp.route('/metric/enable/<int:enable>/<server_name>')
def enable_metric(enable, server_name):
server_name = common.checkAjaxInput(server_name)
return sql.update_waf_metrics_enable(server_name, enable)
return waf_sql.update_waf_metrics_enable(server_name, enable)

26
app/templates/ajax/alerts_history.html
View File

@ -1,15 +1,15 @@
<link href="{{ url_for('static', filename='css/table-6.3.9.css') }}" rel="stylesheet" type="text/css">
<script type="text/javascript" charset="utf8" src="/inc/dataTables.min.js"></script>
{% if action == "history" %}
{% set column_for_sort = 4 %}
{% if action == "checker" %}
{% set column_for_sort = 3 %}
{% else %}
{% set column_for_sort = 3 %}
{% set column_for_sort = 4 %}
{% endif %}
<script>
$(document).ready(function() {
$('#alerts_table').on( 'page.dt' )
.DataTable( {
"order": [[ {{column_for_sort}}, "desc" ]],
"order": [[ {{ column_for_sort }}, "desc" ]],
"pageLength": 25,
"columnDefs": [
{
@ -25,8 +25,12 @@
<thead>
<tr class="overviewHead">
<th class="padding10" style="width: 10%; padding-left: 10px;">{{lang.words.level|title()}}</th>
<th>{{lang.words.host|title()}}</th>
{% if action != "checker_history" %}
{% if action == 'smon' %}
<th>{{lang.words.check|title()}}</th>
{% else %}
<th>{{lang.words.host|title()}}</th>
{% endif %}
{% if action != "checker" %}
<th>{{lang.words.port|title()}}</th>
{% endif %}
<th>{{lang.words.alert|title()}}</th>
@ -49,8 +53,14 @@
{% endif %}
<span style="color: {{color}};"><b>{{t.1 |upper}}</b></span>
</td>
<td><a href="/app/history/server/{{t.2}}" title="{{lang.words.open|title()}} {{lang.words.history}} {{lang.words.for}} {{t.2}} {{lang.words.host}}">{{t.2}}</a></td>
{% if action != "checker_history" %}
<td>
{% if action == 'smon' %}
<a href="/app/smon/history/host/{{t.2}}" title="{{lang.words.open|title()}} {{lang.words.history}} {{lang.words.for}} {{t.2}} {{lang.words.host}}">{{t.2}}</a>
{% else %}
<a href="/app/history/server/{{t.2}}" title="{{lang.words.open|title()}} {{lang.words.history}} {{lang.words.for}} {{t.2}} {{lang.words.host}}">{{t.2}}</a>
{% endif %}
</td>
{% if action != "checker" %}
<td>{{t.3}}</td>
{% endif %}
<td>{{t.0}}</td>

1
app/templates/ajax/ha/clusters.html
View File

@ -13,6 +13,7 @@
<a class="edit" onclick="createHaClusterStep1(true, '{{cluster.id}}')"></a>
<a class="delete" onclick="confirmDeleteCluster('{{cluster.id}}')"></a>
{% endif %}
<a href="{{ url_for('main.service_history', service='cluster', server_ip=cluster.id) }}" title="{{lang.words.view|title()}} {{lang.words.history3}} {{cluster.name}}" class="history" style="margin: 0 5px 0 10px;"></a>
</span>
</div>
<div class="server-desc">