diff --git a/api/api.py b/api/api.py index 653716d2..23722ce0 100644 --- a/api/api.py +++ b/api/api.py @@ -5,7 +5,7 @@ import os from bottle import route, run, hook, response, request, error import api_funct -import app.modules.db.sql as sql +import app.modules.db.user as user_sql import app.modules.roxywi.common as roxywi_common _error_auth = '403 Auth before' @@ -106,7 +106,7 @@ def get_servers(): data = {} try: token = request.headers.get('token') - login, group_id, role_id = sql.get_username_groupid_from_api_token(token) + login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token) servers = roxywi_common.get_dick_permit(username=login, group_id=group_id, token=token) for s in servers: diff --git a/api/api_funct.py b/api/api_funct.py index 4b91b15e..fa386870 100644 --- a/api/api_funct.py +++ b/api/api_funct.py @@ -6,6 +6,11 @@ from bottle import request sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/')) import app.modules.db.sql as sql +import app.modules.db.cred as cred_sql +import app.modules.db.user as user_sql +import app.modules.db.group as group_sql +import app.modules.db.server as server_sql +import app.modules.db.ha_cluster as ha_sql import app.modules.server.ssh as ssh_mod import app.modules.server.server as server_mod import app.modules.config.section as section_mod @@ -45,11 +50,11 @@ def get_token(): return f'error getting credentials: {e}' try: group_name = login_pass['group'] - group_id = sql.get_group_id_by_name(group_name) + group_id = group_sql.get_group_id_by_name(group_name) except Exception as e: return f'error getting group: {e}' try: - users = sql.select_users(user=login) + users = user_sql.select_users(user=login) password = roxy_wi_tools.Tools.get_hash(password_from_user) except Exception as e: return f'error one more: {e}' @@ -60,8 +65,8 @@ def get_token(): if login in user.username and password == user.password: import uuid user_token = str(uuid.uuid4()) - role_id = sql.get_role_id(user.user_id, group_id) - sql.write_api_token(user_token, group_id, role_id, user.username) + role_id = user_sql.get_role_id(user.user_id, group_id) + user_sql.write_api_token(user_token, group_id, role_id, user.username) return user_token else: return False @@ -82,11 +87,11 @@ def check_login(required_service=0) -> bool: return False token = request.headers.get('token') - if sql.get_api_token(token): + if user_sql.get_api_token(token): if required_service != 0: - user_id = sql.get_user_id_by_api_token(token) + user_id = user_sql.get_user_id_by_api_token(token) try: - user_services = sql.select_user_services(user_id) + user_services = user_sql.select_user_services(user_id) except Exception: return False @@ -114,9 +119,9 @@ def return_dict_from_out(server_id, out): def check_permit_to_server(server_id, service='haproxy'): - servers = sql.select_servers(id_hostname=server_id) + servers = server_sql.select_servers(id_hostname=server_id) token = request.headers.get('token') - login, group_id, role_id = sql.get_username_groupid_from_api_token(token) + login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token) try: for s in servers: @@ -179,10 +184,7 @@ def get_status(server_id, service): out = server_mod.subprocess_execute(cmd) data = return_dict_from_out(server_id, out[0]) elif service == 'nginx': - cmd = [ - "/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active' " - "|awk '{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l" - ] + cmd = "/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active'|awk '{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l" try: out = server_mod.ssh_command(s[2], cmd) out1 = out.split() @@ -224,9 +226,9 @@ def get_status(server_id, service): def get_all_statuses(): data = {} try: - servers = sql.select_servers() + servers = server_sql.select_servers() token = request.headers.get('token') - login, group_id, role_id = sql.get_username_groupid_from_api_token(token) + login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token) sock_port = sql.get_setting('haproxy_sock_port') for _s in servers: @@ -256,7 +258,7 @@ def actions(server_id, action, service): for s in servers: if service == 'apache': service = service_common.get_correct_apache_service_name(server_ip=s[2]) - cmd = ["sudo systemctl %s %s" % (action, service)] + cmd = "sudo systemctl %s %s" % (action, service) error = server_mod.ssh_command(s[2], cmd) done = error if error else 'done' data = {'server_id': s[0], 'ip': s[2], 'action': action, 'hostname': s[1], 'status': done} @@ -273,7 +275,7 @@ def runtime(server_id): action = json_loads['command'] haproxy_sock = sql.get_setting('haproxy_sock') servers = check_permit_to_server(server_id) - cmd = ['echo "%s" |sudo socat stdio %s' % (action, haproxy_sock)] + cmd = 'echo "%s" |sudo socat stdio %s' % (action, haproxy_sock) for s in servers: out = server_mod.ssh_command(s[2], cmd) @@ -364,7 +366,7 @@ def edit_section(server_id, delete=0): token = request.headers.get('token') servers = check_permit_to_server(server_id) hap_configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir') - login, group_id, role_id = sql.get_username_groupid_from_api_token(token) + login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token) if save == '': save = 'save' @@ -426,7 +428,7 @@ def upload_config(server_id, **kwargs): body = request.body.getvalue().decode('utf-8') save = request.headers.get('action') token = request.headers.get('token') - login, group_id, role_id = sql.get_username_groupid_from_api_token(token) + login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token) nginx = '' apache = '' @@ -497,7 +499,7 @@ def add_to_config(server_id): save = request.headers.get('action') hap_configs_dir = get_config_var.get_config_var('configs', 'haproxy_save_configs_dir') token = request.headers.get('token') - login, group_id, role_id = sql.get_username_groupid_from_api_token(token) + login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token) time_zone = sql.get_setting('time_zone') get_date = roxy_wi_tools.GetDate(time_zone) @@ -721,8 +723,8 @@ def generate_acl(**kwargs): def user_list(): data = {} token = request.headers.get('token') - login, group_id, role_id = sql.get_username_groupid_from_api_token(token) - users = sql.select_users(by_group_id=group_id) + login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token) + users = user_sql.select_users(by_group_id=group_id) for user in users: data[user.user_id] = { 'login': user.username, @@ -744,7 +746,7 @@ def create_user(): password = json_loads['password'] role = json_loads['role'] token = request.headers.get('token') - login, group_id, role_id = sql.get_username_groupid_from_api_token(token) + login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token) if roxywi_user.create_user(name, email, password, role, 1, group_id, role_id=role_id, token=token): data = {'status': 'done'} @@ -757,8 +759,8 @@ def create_user(): def ssh_list(): data = {} token = request.headers.get('token') - login, group_id, role_id = sql.get_username_groupid_from_api_token(token) - sshs = sql.select_ssh(group=group_id) + login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token) + sshs = cred_sql.select_ssh(group=group_id) for ssh in sshs: data[ssh.id] = { 'name': ssh.name, @@ -777,13 +779,13 @@ def create_ssh(): username = json_loads['username'] password = json_loads['password'] token = request.headers.get('token') - login, group_id, role_id = sql.get_username_groupid_from_api_token(token) - if ssh_mod.create_ssh_cread_api(name, enable, group_id, username, password): + login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token) + try: + ssh_mod.create_ssh_cread_api(name, enable, group_id, username, password) data = {'status': 'done'} - return dict(data) - else: - data = {'status': 'error: check all fields'} - return dict(data) + except Exception as e: + data = {'status': f'error: {e}'} + return dict(data) def upload_ssh_key(): @@ -793,7 +795,7 @@ def upload_ssh_key(): key = json_loads['key'] passphrase = json_loads['passphrase'] token = request.headers.get('token') - login, group_id, role_id = sql.get_username_groupid_from_api_token(token) + login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token) groups = sql.select_groups(id=group_id) for group in groups: user_group = group.name @@ -817,7 +819,7 @@ def create_server(): cred_id = json_loads['cred_id'] desc = json_loads['description'] token = request.headers.get('token') - login, group_id, role_id = sql.get_username_groupid_from_api_token(token) + login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token) try: if server_mod.create_server(hostname, ip, group_id, virt, 1, master_id, cred_id, port, desc, 0, 0, 0, 0, role_id=role_id, token=token): @@ -831,8 +833,8 @@ def create_server(): def cluster_list(): token = request.headers.get('token') - login, group_id, role_id = sql.get_username_groupid_from_api_token(token) - clusters = sql.select_clusters(group_id) + login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token) + clusters = ha_sql.select_clusters(group_id) data = {} for cluster in clusters: data.setdefault(cluster.id, cluster.name) @@ -844,7 +846,7 @@ def create_ha_cluster(): token = request.headers.get('token') body = request.body.getvalue().decode('utf-8') json_loads = json.loads(body) - login, group_id, role_id = sql.get_username_groupid_from_api_token(token) + login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token) data = {'status': dict()} try: @@ -886,7 +888,7 @@ def update_cluster(): token = request.headers.get('token') body = request.body.getvalue().decode('utf-8') json_loads = json.loads(body) - login, group_id, role_id = sql.get_username_groupid_from_api_token(token) + login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token) data = {'status': dict()} try: diff --git a/app/create_db.py b/app/create_db.py index 747cefcb..bea86247 100644 --- a/app/create_db.py +++ b/app/create_db.py @@ -4,6 +4,10 @@ import distro from modules.db.db_model import * +conn = connect() +migrator = connect(get_migrator=1) + + def default_values(): if distro.id() == 'ubuntu': apache_dir = 'apache2' diff --git a/app/jobs.py b/app/jobs.py index 6c7c9ba8..9652315d 100644 --- a/app/jobs.py +++ b/app/jobs.py @@ -6,6 +6,9 @@ import distro from app import scheduler import app.modules.db.sql as sql +import app.modules.db.user as user_sql +import app.modules.db.roxy as roxy_sql +import app.modules.db.history as history_sql import app.modules.roxywi.roxy as roxy import app.modules.tools.common as tools_common import app.modules.roxy_wi_tools as roxy_wi_tools @@ -24,10 +27,10 @@ def update_user_status(): def check_new_version(): app = scheduler.app with app.app_context(): - tools = sql.get_roxy_tools() + tools = roxy_sql.get_roxy_tools() for tool in tools: ver = roxy.check_new_version(tool) - sql.update_tool_new_version(tool, ver) + roxy_sql.update_tool_new_version(tool, ver) @scheduler.task('interval', id='update_cur_tool_versions', days=1, misfire_grace_time=None) @@ -41,14 +44,14 @@ def update_cur_tool_versions(): def delete_old_uuid(): app = scheduler.app with app.app_context(): - sql.delete_old_uuid() + user_sql.delete_old_uuid() @scheduler.task('interval', id='delete_action_history_for_period', minutes=70, misfire_grace_time=None) def delete_action_history_for_period(): app = scheduler.app with app.app_context(): - sql.delete_action_history_for_period() + history_sql.delete_action_history_for_period() @scheduler.task('interval', id='delete_old_logs', hours=1, misfire_grace_time=None) diff --git a/app/login.py b/app/login.py index 26803a69..adcd647e 100644 --- a/app/login.py +++ b/app/login.py @@ -2,7 +2,7 @@ from flask import render_template, request, redirect, url_for, make_response from flask_login import login_required, logout_user, current_user, login_url from app import app, login_manager, cache -import app.modules.db.sql as sql +import app.modules.db.user as user_sql import app.modules.roxywi.common as roxywi_common import app.modules.roxywi.auth as roxywi_auth import app.modules.roxywi.roxy as roxy @@ -20,7 +20,7 @@ def check_login(): except Exception: return redirect(login_url('login_page', next_url=request.url)) - if not sql.is_user_active(user_params['user_id']): + if not user_sql.is_user_active(user_params['user_id']): return redirect(login_url('login_page', next_url=request.url)) try: @@ -35,7 +35,7 @@ def load_user(user_id): user_obj = cache.get(user) if user_obj is None: - query = sql.get_user_id(user_id) + query = user_sql.get_user_id(user_id) cache.set(user, query, timeout=360) return query @@ -61,7 +61,7 @@ def login_page(): password = request.form.get('pass') if login and password: - users = sql.select_users(user=login) + users = user_sql.select_users(user=login) for user in users: if user.activeuser == 0: diff --git a/app/modules/common/common.py b/app/modules/common/common.py index ad1b220a..1a04f27d 100644 --- a/app/modules/common/common.py +++ b/app/modules/common/common.py @@ -131,3 +131,24 @@ def is_tool(name): is_tool_installed = which(name) return True if is_tool_installed is not None else False + + +def wrap_line(content: str, css_class: str="line") -> str: + """ + Wraps the provided content into a div HTML element with the given CSS class. + """ + return f'
{content}
' + + +def highlight_word(line: str, word: str) -> str: + """ + Highlights the word in the line by making it bold and colored red. + """ + return line.replace(word, f'{word}') + + +def sanitize_input_word(word: str) -> str: + """ + Sanitizes the input word by removing certain characters. + """ + return re.sub(r'[?|$|!|^|*|\]|\[|,| |]', r'', word) diff --git a/app/modules/config/add.py b/app/modules/config/add.py index ad2a78bb..ba1f0a1e 100644 --- a/app/modules/config/add.py +++ b/app/modules/config/add.py @@ -3,6 +3,8 @@ import os from flask import render_template, request import app.modules.db.sql as sql +import app.modules.db.add as add_sql +import app.modules.db.server as server_sql import app.modules.server.ssh as ssh_mod import app.modules.common.common as common import app.modules.config.config as config_mod @@ -10,7 +12,7 @@ import app.modules.config.common as config_common import app.modules.server.server as server_mod import app.modules.roxywi.common as roxywi_common import app.modules.service.common as service_common -import modules.roxy_wi_tools as roxy_wi_tools +import app.modules.roxy_wi_tools as roxy_wi_tools get_config = roxy_wi_tools.GetConfigVar() @@ -202,7 +204,7 @@ def save_bwlist(list_name: str, list_con: str, color: str, group: str, server_ip if server_ip != 'all': servers.append(server_ip) - masters = sql.is_master(server_ip) + masters = server_sql.is_master(server_ip) for master in masters: if master[0] is not None: servers.append(master[0]) @@ -212,8 +214,8 @@ def save_bwlist(list_name: str, list_con: str, color: str, group: str, server_ip servers.append(s[2]) for serv in servers: - server_mod.ssh_command(serv, [f"sudo mkdir {path}"]) - server_mod.ssh_command(serv, [f"sudo chown $(whoami) {path}"]) + server_mod.ssh_command(serv, f"sudo mkdir {path}") + server_mod.ssh_command(serv, f"sudo chown $(whoami) {path}") try: config_mod.upload(serv, f'{path}/{list_name}', list_path) except Exception as e: @@ -225,13 +227,13 @@ def save_bwlist(list_name: str, list_con: str, color: str, group: str, server_ip except Exception: pass - server_id = sql.select_server_id_by_ip(server_ip=serv) + server_id = server_sql.select_server_id_by_ip(server_ip=serv) haproxy_service_name = service_common.get_correct_service_name('haproxy', server_id) if action == 'restart': - server_mod.ssh_command(serv, [f"sudo systemctl restart {haproxy_service_name}"]) + server_mod.ssh_command(serv, f"sudo systemctl restart {haproxy_service_name}") elif action == 'reload': - server_mod.ssh_command(serv, [f"sudo systemctl reload {haproxy_service_name}"]) + server_mod.ssh_command(serv, f"sudo systemctl reload {haproxy_service_name}") return output @@ -251,7 +253,7 @@ def delete_bwlist(list_name: str, color: str, group: str, server_ip: str) -> str if server_ip != 'all': servers.append(server_ip) - masters = sql.is_master(server_ip) + masters = server_sql.is_master(server_ip) for master in masters: if master[0] is not None: servers.append(master[0]) @@ -261,16 +263,13 @@ def delete_bwlist(list_name: str, color: str, group: str, server_ip: str) -> str servers.append(s[2]) for serv in servers: - error = server_mod.ssh_command(serv, [f"sudo rm {path}/{list_name}"], return_err=1) + try: + server_mod.ssh_command(serv, f"sudo rm {path}/{list_name}") + except Exception as e: + return f'error: Deleting fail: {e} , ' - if error: - return f'error: Deleting fail: {error} , ' - else: - output += f'success: the {color} list has been deleted on {serv} , ' - try: - roxywi_common.logging(serv, f'has been deleted the {color} list {list_name}', roxywi=1, login=1) - except Exception: - pass + output += f'success: the {color} list has been deleted on {serv} , ' + roxywi_common.logging(serv, f'has been deleted the {color} list {list_name}', roxywi=1, login=1) return output @@ -326,7 +325,7 @@ def save_map(map_name: str, list_con: str, group: str, server_ip: str, action: s if server_ip != 'all': servers.append(server_ip) - masters = sql.is_master(server_ip) + masters = server_sql.is_master(server_ip) for master in masters: if master[0] is not None: servers.append(master[0]) @@ -336,8 +335,8 @@ def save_map(map_name: str, list_con: str, group: str, server_ip: str, action: s servers.append(s[2]) for serv in servers: - server_mod.ssh_command(serv, [f"sudo mkdir {path}"]) - server_mod.ssh_command(serv, [f"sudo chown $(whoami) {path}"]) + server_mod.ssh_command(serv, f"sudo mkdir {path}") + server_mod.ssh_command(serv, f"sudo chown $(whoami) {path}") try: config_mod.upload(serv, f'{path}/{map_name}', map_path) except Exception as e: @@ -348,13 +347,13 @@ def save_map(map_name: str, list_con: str, group: str, server_ip: str, action: s except Exception: pass - server_id = sql.select_server_id_by_ip(server_ip=serv) + server_id = server_sql.select_server_id_by_ip(server_ip=serv) haproxy_service_name = service_common.get_correct_service_name('haproxy', server_id) if action == 'restart': - server_mod.ssh_command(serv, [f"sudo systemctl restart {haproxy_service_name}"]) + server_mod.ssh_command(serv, f"sudo systemctl restart {haproxy_service_name}") elif action == 'reload': - server_mod.ssh_command(serv, [f"sudo systemctl reload {haproxy_service_name}"]) + server_mod.ssh_command(serv, f"sudo systemctl reload {haproxy_service_name}") output += f'success: Edited {map_name} map was uploaded to {serv} , ' @@ -376,7 +375,7 @@ def delete_map(map_name: str, group: str, server_ip: str) -> str: if server_ip != 'all': servers.append(server_ip) - masters = sql.is_master(server_ip) + masters = server_sql.is_master(server_ip) for master in masters: if master[0] is not None: servers.append(master[0]) @@ -386,27 +385,24 @@ def delete_map(map_name: str, group: str, server_ip: str) -> str: servers.append(s[2]) for serv in servers: - error = server_mod.ssh_command(serv, [f"sudo rm {path}/{map_name}"], return_err=1) + try: + server_mod.ssh_command(serv, f"sudo rm {path}/{map_name}") + except Exception as e: + return f'error: Deleting fail: {e} , ' - if error: - return f'error: Deleting fail: {error} , ' - else: - try: - roxywi_common.logging(serv, f'has been deleted the {map_name} map', roxywi=1, login=1) - except Exception: - pass - output += f'success: the {map_name} map has been deleted on {serv} , ' + roxywi_common.logging(serv, f'has been deleted the {map_name} map', roxywi=1, login=1) + output += f'success: the {map_name} map has been deleted on {serv} , ' return output def create_saved_option(option: str, group: int) -> str: - if sql.insert_new_option(option, group): - return render_template('ajax/new_option.html', options=sql.select_options(option=option)) + if add_sql.insert_new_option(option, group): + return render_template('ajax/new_option.html', options=add_sql.select_options(option=option)) def get_saved_option(group: str, term: str) -> dict: - options = sql.select_options(group=group, term=term) + options = add_sql.select_options(group=group, term=term) a = {} v = 0 @@ -419,7 +415,7 @@ def get_saved_option(group: str, term: str) -> dict: def update_saved_option(option, option_id) -> bool: try: - sql.update_options(option, option_id) + add_sql.update_options(option, option_id) except Exception as e: raise Exception(e) else: @@ -427,12 +423,12 @@ def update_saved_option(option, option_id) -> bool: def create_saved_server(server: str, group: str, desc: str) -> str: - if sql.insert_new_savedserver(server, desc, group): - return render_template('ajax/new_saved_servers.html', server=sql.select_saved_servers(server=server)) + if add_sql.insert_new_saved_server(server, desc, group): + return render_template('ajax/new_saved_servers.html', server=add_sql.select_saved_servers(server=server)) def get_saved_servers(group: str, term: str) -> dict: - servers = sql.select_saved_servers(group=group, term=term) + servers = add_sql.select_saved_servers(group=group, term=term) a = {} v = 0 for i in servers: @@ -487,39 +483,39 @@ def get_le_cert(server_ip: str, lets_domain: str, lets_email: str) -> str: def get_ssl_cert(server_ip: str, cert_id: int) -> str: cert_path = sql.get_setting('cert_path') - commands = [f"openssl x509 -in {cert_path}/{cert_id} -text"] + command = f"openssl x509 -in {cert_path}/{cert_id} -text" try: - return server_mod.ssh_command(server_ip, commands) + return server_mod.ssh_command(server_ip, command) except Exception as e: return f'error: Cannot connect to the server {e.args[0]}' def get_ssl_raw_cert(server_ip: str, cert_id: int) -> str: cert_path = sql.get_setting('cert_path') - commands = [f"cat {cert_path}/{cert_id}"] + command = f"cat {cert_path}/{cert_id}" try: - return server_mod.ssh_command(server_ip, commands) + return server_mod.ssh_command(server_ip, command) except Exception as e: return f'error: Cannot connect to the server {e.args[0]}' def get_ssl_certs(server_ip: str) -> str: cert_path = sql.get_setting('cert_path') - commands = [f"sudo ls -1t {cert_path} |grep -E 'pem|crt|key'"] + command = f"sudo ls -1t {cert_path} |grep -E 'pem|crt|key'" try: - return server_mod.ssh_command(server_ip, commands) + return server_mod.ssh_command(server_ip, command) except Exception as e: return f'error: Cannot connect to the server: {e.args[0]}' def del_ssl_cert(server_ip: str, cert_id: str) -> str: cert_path = sql.get_setting('cert_path') - commands = [f"sudo rm -f {cert_path}/{cert_id}"] + command = f"sudo rm -f {cert_path}/{cert_id}" try: - return server_mod.ssh_command(server_ip, commands) + return server_mod.ssh_command(server_ip, command) except Exception as e: return f'error: Cannot delete the certificate {e.args[0]}' @@ -541,19 +537,16 @@ def upload_ssl_cert(server_ip: str, ssl_name: str, ssl_cont: str) -> str: except IOError as e: return f'error: Cannot save the SSL key file: {e}' - masters = sql.is_master(server_ip) + masters = server_sql.is_master(server_ip) for master in masters: if master[0] is not None: - error = config_mod.upload(master[0], f'{cert_path}/{name}', path_to_file) - if not error: - slave_output += f'success: the SSL file has been uploaded to {master[0]} into: {cert_path}/{name} \n' + config_mod.upload(master[0], f'{cert_path}/{name}', path_to_file) + slave_output += f'success: the SSL file has been uploaded to {master[0]} into: {cert_path}/{name} \n' try: - error = config_mod.upload(server_ip, f'{cert_path}/{name}', path_to_file) + config_mod.upload(server_ip, f'{cert_path}/{name}', path_to_file) except Exception as e: roxywi_common.logging('Roxy-WI server', str(e), roxywi=1) return f'error: cannot upload SSL cert: {e}' roxywi_common.logging(server_ip, f"add#ssl uploaded a new SSL cert {name}", roxywi=1, login=1) - - if not error: - return f'success: the SSL file has been uploaded to {server_ip} into: {cert_path}/{name} \n {slave_output}' + return f'success: the SSL file has been uploaded to {server_ip} into: {cert_path}/{name} \n {slave_output}' diff --git a/app/modules/config/config.py b/app/modules/config/config.py index e17df884..e85a195b 100644 --- a/app/modules/config/config.py +++ b/app/modules/config/config.py @@ -1,16 +1,19 @@ import os -import re from pathlib import Path from typing import Any from flask import render_template, request import app.modules.db.sql as sql +import app.modules.db.user as user_sql +import app.modules.db.server as server_sql +import app.modules.db.config as config_sql +import app.modules.db.service as service_sql import app.modules.server.ssh as mod_ssh import app.modules.server.server as server_mod import app.modules.common.common as common import app.modules.roxywi.common as roxywi_common -import modules.roxy_wi_tools as roxy_wi_tools +import app.modules.roxy_wi_tools as roxy_wi_tools import app.modules.service.common as service_common import app.modules.service.action as service_action import app.modules.config.common as config_common @@ -31,7 +34,7 @@ def _replace_config_path_to_correct(config_path: str) -> str: try: return config_path.replace('92', '/') except Exception as e: - roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'error: Cannot sanitize config file: {e}', roxywi=1) + roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'Cannot sanitize config file', roxywi=1) def get_config(server_ip, cfg, service='haproxy', **kwargs): @@ -77,7 +80,7 @@ def get_config(server_ip, cfg, service='haproxy', **kwargs): with mod_ssh.ssh_connect(server_ip) as ssh: ssh.get_sftp(config_path, cfg) except Exception as e: - roxywi_common.handle_exceptions(e, 'Roxy-WI server', 'error: Cannot get config', roxywi=1) + roxywi_common.handle_exceptions(e, 'Roxy-WI server', 'Cannot get config', roxywi=1) def upload(server_ip: str, path: str, file: str) -> None: @@ -93,10 +96,10 @@ def upload(server_ip: str, path: str, file: str) -> None: with mod_ssh.ssh_connect(server_ip) as ssh: ssh.put_sftp(file, path) except Exception as e: - roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'error: Cannot upload {file} to {path} to server: {server_ip}: {e}', roxywi=1) + roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'Cannot upload {file} to {path} to server: {server_ip}', roxywi=1) -def _generate_command(service: str, server_id: int, just_save: str, config_path: str, tmp_file: str, cfg: str, server_ip: str) -> list: +def _generate_command(service: str, server_id: int, just_save: str, config_path: str, tmp_file: str, cfg: str, server_ip: str) -> str: """ :param service: The name of the service. :param server_id: The ID of the server. @@ -110,7 +113,7 @@ def _generate_command(service: str, server_id: int, just_save: str, config_path: This method generates a list of commands based on the given parameters. """ container_name = sql.get_setting(f'{service}_container_name') - is_dockerized = sql.select_service_setting(server_id, service, 'dockerized') + is_dockerized = service_sql.select_service_setting(server_id, service, 'dockerized') reload_or_restart_command = f' && {service_action.get_action_command(service, just_save, server_id)}' move_config = f" sudo mv -f {tmp_file} {config_path}" command_for_docker = f'sudo docker exec -it {container_name}' @@ -128,24 +131,23 @@ def _generate_command(service: str, server_id: int, just_save: str, config_path: raise Exception(f'error: Cannot generate command: {e}') if just_save == 'test': - return [f"{check_config} && sudo rm -f {tmp_file}"] + return f"{check_config} && sudo rm -f {tmp_file}" elif just_save == 'save': reload_or_restart_command = '' else: if service_common.is_not_allowed_to_restart(server_id, service, just_save): raise Exception(f'error: This server is not allowed to be restarted') - if service in ('keepalived', 'waf'): - commands = [f'{move_config} {reload_or_restart_command}'] + if service == 'waf': + commands = f'{move_config} {reload_or_restart_command}' elif service in ('nginx', 'apache'): - commands = [f'{move_config} && {check_config} {reload_or_restart_command}'] + commands = f'{move_config} && {check_config} {reload_or_restart_command}' else: - commands = [f'{check_config} && {move_config} {reload_or_restart_command}'] + commands = f'{check_config} && {move_config} {reload_or_restart_command}' if service in ('haproxy', 'nginx'): - if sql.return_firewall(server_ip): - commands[0] += _open_port_firewalld(cfg, server_ip, service) - + if server_sql.return_firewall(server_ip): + commands += _open_port_firewalld(cfg, server_ip, service) return commands @@ -185,7 +187,7 @@ def _create_config_version(server_id: int, server_ip: str, service: str, config_ try: user_id = roxywi_common.get_user_id(login=login) - sql.insert_config_version(server_id, user_id, service, cfg, config_path, diff) + config_sql.insert_config_version(server_id, user_id, service, cfg, config_path, diff) except Exception as e: roxywi_common.logging('Roxy-WI server', f'error: Cannot insert config version: {e}', roxywi=1) @@ -204,7 +206,7 @@ def upload_and_restart(server_ip: str, cfg: str, just_save: str, service: str, * file_format = config_common.get_file_format(service) config_path = kwargs.get('config_file_name') config_date = get_date.return_date('config') - server_id = sql.select_server_id_by_ip(server_ip=server_ip) + server_id = server_sql.select_server_id_by_ip(server_ip=server_ip) if config_path and config_path != 'undefined': config_path = _replace_config_path_to_correct(kwargs.get('config_file_name')) @@ -220,12 +222,12 @@ def upload_and_restart(server_ip: str, cfg: str, just_save: str, service: str, * try: os.system(f"dos2unix -q {cfg}") except OSError as e: - roxywi_common.handle_exceptions(e, 'Roxy-WI server', 'error: There is no dos2unix') + roxywi_common.handle_exceptions(e, 'Roxy-WI server', 'There is no dos2unix') try: upload(server_ip, tmp_file, cfg) except Exception as e: - roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'error: Cannot upload config: {e}', roxywi=1) + roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'Cannot upload config', login=login) try: if just_save != 'test': @@ -240,12 +242,12 @@ def upload_and_restart(server_ip: str, cfg: str, just_save: str, service: str, * try: commands = _generate_command(service, server_id, just_save, config_path, tmp_file, cfg, server_ip) except Exception as e: - return f'{e}' + return f'error: {e}' try: error = server_mod.ssh_command(server_ip, commands) except Exception as e: - roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'{e}', roxywi=1) + roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'Cannot {just_save} {service}', roxywi=1) try: if just_save in ('reload', 'restart'): @@ -272,11 +274,11 @@ def master_slave_upload_and_restart(server_ip: str, cfg: str, just_save: str, se """ slave_output = '' - masters = sql.is_master(server_ip) + masters = server_sql.is_master(server_ip) config_file_name = kwargs.get('config_file_name') old_cfg = kwargs.get('oldcfg') waf = kwargs.get('waf') - server_name = sql.get_hostname_by_server_ip(server_ip) + server_name = server_sql.get_hostname_by_server_ip(server_ip) if kwargs.get('login'): login = kwargs.get('login') @@ -354,8 +356,8 @@ def _open_port_firewalld(cfg: str, server_ip: str, service: str) -> str: except Exception: pass - firewalld_commands += 'sudo firewall-cmd --reload -q' - roxywi_common.logging(server_ip, f' Next ports have been opened: {ports}') + firewalld_commands += ' sudo firewall-cmd --reload -q' + roxywi_common.logging(server_ip, f'Next ports have been opened: {ports}') return firewalld_commands @@ -386,7 +388,7 @@ def diff_config(old_cfg, cfg, **kwargs): try: user_uuid = request.cookies.get('uuid') - login = sql.get_user_name_by_uuid(user_uuid) + login = user_sql.get_user_name_by_uuid(user_uuid) except Exception: login = '' @@ -400,20 +402,6 @@ def diff_config(old_cfg, cfg, **kwargs): roxywi_common.logging('Roxy-WI server', f'error: Cannot write a diff config to the log file: {e}, {stderr}', login=login, roxywi=1) -def _sanitize_input_word(word: str) -> str: - """ - Sanitizes the input word by removing certain characters. - """ - return re.sub(r'[?|$|!|^|*|\]|\[|,| |]', r'', word) - - -def _highlight_word(line: str, word: str) -> str: - """ - Highlights the word in the line by making it bold and colored red. - """ - return line.replace(word, f'{word}') - - def _classify_line(line: str) -> str: """ Classifies the line as 'line' or 'line3' based on if it contains '--'. @@ -421,13 +409,6 @@ def _classify_line(line: str) -> str: return "line" if '--' in line else "line3" -def _wrap_line(content: str, css_class: str="line") -> str: - """ - Wraps the provided content into a div HTML element with the given CSS class. - """ - return f'
{content}
' - - def show_finding_in_config(stdout: str, **kwargs) -> str: """ :param stdout: The stdout of a command execution. @@ -440,18 +421,18 @@ def show_finding_in_config(stdout: str, **kwargs) -> str: *. The formatted output string is returned. """ - css_class_divider = _wrap_line("--") + css_class_divider = common.wrap_line("--") output = css_class_divider word_to_find = kwargs.get('grep') if word_to_find: - word_to_find = _sanitize_input_word(word_to_find) + word_to_find = common.sanitize_input_word(word_to_find) for line in stdout: if word_to_find: - line = _highlight_word(line, word_to_find) + line = common.highlight_word(line, word_to_find) line_class = _classify_line(line) - output += _wrap_line(line, line_class) + output += common.wrap_line(line, line_class) output += css_class_divider return output @@ -504,7 +485,7 @@ def show_config(server_ip: str, service: str, config_file_name: str, configver: user_uuid = request.cookies.get('uuid') group_id = int(request.cookies.get('group')) configs_dir = config_common.get_config_dir(service) - server_id = sql.select_server_id_by_ip(server_ip) + server_id = server_sql.select_server_id_by_ip(server_ip) try: config_file_name = config_file_name.replace('/', '92') @@ -536,13 +517,13 @@ def show_config(server_ip: str, service: str, config_file_name: str, configver: 'conf': conf, 'serv': server_ip, 'configver': configver, - 'role': sql.get_user_role_by_uuid(user_uuid, group_id), + 'role': user_sql.get_user_role_by_uuid(user_uuid, group_id), 'service': service, 'config_file_name': config_file_name, - 'is_serv_protected': sql.is_serv_protected(server_ip), - 'is_restart': sql.select_service_setting(server_id, service, 'restart'), + 'is_serv_protected': server_sql.is_serv_protected(server_ip), + 'is_restart': service_sql.select_service_setting(server_id, service, 'restart'), 'lang': roxywi_common.get_user_lang_for_flask(), - 'hostname': sql.get_hostname_by_server_ip(server_ip) + 'hostname': server_sql.get_hostname_by_server_ip(server_ip) } return render_template('ajax/config_show.html', **kwargs) @@ -586,8 +567,8 @@ def list_of_versions(server_ip: str, service: str, configver: str, for_delver: i :param for_delver: The delete version to use. :return: The rendered HTML template with the list of versions. """ - users = sql.select_users() - configs = sql.select_config_version(server_ip, service) + users = user_sql.select_users() + configs = config_sql.select_config_version(server_ip, service) lang = roxywi_common.get_user_lang_for_flask() action = f'/app/config/versions/{service}/{server_ip}' config_dir = config_common.get_config_dir(service) diff --git a/app/modules/config/runtime.py b/app/modules/config/runtime.py index 113eff96..65e21e9b 100644 --- a/app/modules/config/runtime.py +++ b/app/modules/config/runtime.py @@ -3,12 +3,13 @@ import json from flask import render_template import app.modules.db.sql as sql +import app.modules.db.server as server_sql import app.modules.config.config as config_mod import app.modules.config.common as config_common import app.modules.config.section as section_mod import app.modules.server.server as server_mod import app.modules.roxywi.common as roxywi_common -import modules.roxy_wi_tools as roxy_wi_tools +import app.modules.roxy_wi_tools as roxy_wi_tools get_config_var = roxy_wi_tools.GetConfigVar() @@ -121,7 +122,7 @@ def change_ip_and_port(serv, backend_backend, backend_server, backend_ip, backen lines = '' sock_port = sql.get_setting('haproxy_sock_port') - masters = sql.is_master(serv) + masters = server_sql.is_master(serv) for master in masters: if master[0] is not None: @@ -209,7 +210,7 @@ def add_server( stderr = '' check_cfg = '' check = int(check) - masters = sql.is_master(server_ip) + masters = server_sql.is_master(server_ip) for master in masters: if master[0] is not None: @@ -263,7 +264,7 @@ def add_server( def delete_server(server_ip: str, backend: str, server: str) -> str: lines = '' stderr = '' - masters = sql.is_master(server_ip) + masters = server_sql.is_master(server_ip) for master in masters: if master[0] is not None: @@ -302,7 +303,7 @@ def change_maxconn_global(serv: str, maxconn: int) -> str: return 'error: Maxconn must be integer and not 0' haproxy_sock_port = sql.get_setting('haproxy_sock_port') - masters = sql.is_master(serv) + masters = server_sql.is_master(serv) for master in masters: if master[0] is not None: @@ -334,7 +335,7 @@ def change_maxconn_frontend(serv, maxconn, frontend) -> str: return 'error: Maxconn must be integer and not 0' haproxy_sock_port = sql.get_setting('haproxy_sock_port') - masters = sql.is_master(serv) + masters = server_sql.is_master(serv) for master in masters: if master[0] is not None: @@ -367,7 +368,7 @@ def change_maxconn_backend(serv, backend, backend_server, maxconn) -> str: haproxy_sock_port = sql.get_setting('haproxy_sock_port') - masters = sql.is_master(serv) + masters = server_sql.is_master(serv) for master in masters: if master[0] is not None: cmd = f'echo "set maxconn server {backend}/{backend_server} {maxconn}" |nc {master[0]} {haproxy_sock_port}' diff --git a/app/modules/config/section.py b/app/modules/config/section.py index d44ea4d4..bdb75441 100644 --- a/app/modules/config/section.py +++ b/app/modules/config/section.py @@ -132,7 +132,7 @@ def get_remote_sections(server_ip: str, service: str) -> str: if service == 'apache': section_name = 'ServerName' - commands = [f"sudo grep {section_name} {config_dir}*/*.conf -R |grep -v '${{}}\|#'|awk '{{print $1, $3}}'"] + commands = f"sudo grep {section_name} {config_dir}*/*.conf -R |grep -v '${{}}\|#'|awk '{{print $1, $3}}'" backends = server_mod.ssh_command(server_ip, commands) diff --git a/app/modules/db/add.py b/app/modules/db/add.py new file mode 100644 index 00000000..0343c784 --- /dev/null +++ b/app/modules/db/add.py @@ -0,0 +1,96 @@ +from app.modules.db.db_model import SavedServer, Option +from app.modules.db.common import out_error + + +def update_saved_server(server, description, saved_id): + query_update = SavedServer.update(server=server, description=description).where(SavedServer.id == saved_id) + try: + query_update.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def delete_saved_server(saved_id): + query = SavedServer.delete().where(SavedServer.id == saved_id) + try: + query.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def delete_option(option_id): + try: + Option.delete().where(Option.id == option_id).execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def insert_new_saved_server(server, description, group): + try: + SavedServer.insert(server=server, description=description, groups=group).execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def insert_new_option(saved_option, group): + try: + Option.insert(options=saved_option, groups=group).execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def select_options(**kwargs): + if kwargs.get('option'): + query = Option.select().where(Option.options == kwargs.get('option')) + elif kwargs.get('group'): + query = Option.select(Option.options).where( + (Option.groups == kwargs.get('group')) & (Option.options.startswith(kwargs.get('term')))) + else: + query = Option.select() + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def update_options(option, option_id): + try: + Option.update(options=option).where(Option.id == option_id).execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def select_saved_servers(**kwargs): + if kwargs.get('server'): + query = SavedServer.select().where(SavedServer.server == kwargs.get('server')) + elif kwargs.get('group'): + query = SavedServer.select(SavedServer.server, SavedServer.description).where( + (SavedServer.groups == kwargs.get('group')) & (SavedServer.server.startswith(kwargs.get('term')))) + else: + query = SavedServer.select() + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res diff --git a/app/modules/db/backup.py b/app/modules/db/backup.py new file mode 100644 index 00000000..5cb83aea --- /dev/null +++ b/app/modules/db/backup.py @@ -0,0 +1,158 @@ +from app.modules.db.db_model import Backup, S3Backup, GitSetting +from app.modules.db.common import out_error + + +def insert_backup_job(server, rserver, rpath, backup_type, time, cred, description): + try: + Backup.insert( + server=server, rhost=rserver, rpath=rpath, backup_type=backup_type, time=time, + cred=cred, description=description + ).execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def insert_s3_backup_job(server, s3_server, bucket, secret_key, access_key, time, description): + try: + S3Backup.insert( + server=server, s3_server=s3_server, bucket=bucket, secret_key=secret_key, access_key=access_key, time=time, + description=description + ).execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def update_backup(server, rserver, rpath, backup_type, time, cred, description, backup_id): + backup_update = Backup.update( + server=server, rhost=rserver, rpath=rpath, backup_type=backup_type, time=time, + cred=cred, description=description + ).where(Backup.id == backup_id) + try: + backup_update.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def delete_backups(backup_id: int) -> bool: + query = Backup.delete().where(Backup.id == backup_id) + try: + query.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def delete_s3_backups(backup_id: int) -> bool: + query = S3Backup.delete().where(S3Backup.id == backup_id) + try: + query.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def insert_new_git(server_id, service_id, repo, branch, period, cred, description): + try: + GitSetting.insert( + server_id=server_id, service_id=service_id, repo=repo, branch=branch, period=period, + cred_id=cred, description=description + ).execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def delete_git(git_id): + query = GitSetting.delete().where(GitSetting.id == git_id) + try: + query.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def select_gits(**kwargs): + if kwargs.get("server_id") is not None and kwargs.get("service_id") is not None: + query = GitSetting.select().where( + (GitSetting.server_id == kwargs.get("server_id")) & (GitSetting.service_id == kwargs.get("service_id"))) + else: + query = GitSetting.select().order_by(GitSetting.id) + + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + +def select_backups(**kwargs): + if kwargs.get("server") is not None and kwargs.get("rserver") is not None: + query = Backup.select().where((Backup.server == kwargs.get("server")) & (Backup.rhost == kwargs.get("rserver"))) + else: + query = Backup.select().order_by(Backup.id) + + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_s3_backups(**kwargs): + if kwargs.get("server") is not None and kwargs.get("bucket") is not None: + query = S3Backup.select().where( + (S3Backup.server == kwargs.get("server")) & + (S3Backup.s3_server == kwargs.get("s3_server")) & + (S3Backup.bucket == kwargs.get("bucket")) + ) + else: + query = S3Backup.select().order_by(S3Backup.id) + + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def check_exists_backup(server: str) -> bool: + try: + backup = Backup.get(Backup.server == server) + except Exception: + pass + else: + if backup.id is not None: + return True + else: + return False + + +def check_exists_s3_backup(server: str) -> bool: + try: + backup = S3Backup.get(S3Backup.server == server) + except Exception: + pass + else: + if backup.id is not None: + return True + else: + return False diff --git a/app/modules/db/channel.py b/app/modules/db/channel.py new file mode 100644 index 00000000..f0a4aa4d --- /dev/null +++ b/app/modules/db/channel.py @@ -0,0 +1,210 @@ +from app.modules.db.db_model import Telegram, Slack, PD, Server +from app.modules.db.common import out_error + + +def get_user_telegram_by_group(group): + try: + return Telegram.select().where(Telegram.groups == group).execute() + except Exception as e: + out_error(e) + + +def get_telegram_by_ip(ip): + try: + return Telegram.select().join(Server, on=(Server.groups == Telegram.groups)).where(Server.ip == ip).execute() + except Exception as e: + out_error(e) + + +def get_telegram_by_id(telegram_id): + try: + return Telegram.select().where(Telegram.id == telegram_id).execute() + except Exception as e: + out_error(e) + + +def get_user_slack_by_group(group): + try: + return Slack.select().where(Slack.groups == group).execute() + except Exception as e: + out_error(e) + + +def get_slack_by_ip(ip): + try: + return Slack.select().join(Server, on=(Server.groups == Slack.groups)).where(Server.ip == ip).execute() + except Exception as e: + out_error(e) + + +def get_slack_by_id(slack_id): + try: + return Slack.select().where(Slack.id == slack_id).execute() + except Exception as e: + out_error(e) + + +def get_user_pd_by_group(group): + try: + return PD.select().where(PD.groups == group).execute() + except Exception as e: + out_error(e) + + +def get_user_pd_by_group(group): + try: + return PD.select().where(PD.groups == group).execute() + except Exception as e: + out_error(e) + + +def get_pd_by_ip(ip): + query = PD.select().join(Server, on=(Server.groups == PD.groups)).where(Server.ip == ip) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def get_pd_by_id(pd_id): + try: + return PD.select().where(PD.id == pd_id).execute() + except Exception as e: + out_error(e) + + +def delete_telegram(telegram_id): + query = Telegram.delete().where(Telegram.id == telegram_id) + try: + query.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def select_telegram(**kwargs): + if kwargs.get('token'): + query = Telegram.select().where(Telegram.token == kwargs.get('token')) + elif kwargs.get('id'): + query = Telegram.select().where(Telegram.id == kwargs.get('id')) + else: + query = Telegram.select() + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def insert_new_telegram(token, channel, group): + try: + Telegram.insert(token=token, chanel_name=channel, groups=group).execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def update_telegram(token, channel, group, telegram_id): + telegram_update = Telegram.update(token=token, chanel_name=channel, groups=group).where(Telegram.id == telegram_id) + try: + telegram_update.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def delete_slack(slack_id): + query = Slack.delete().where(Slack.id == slack_id) + try: + query.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def select_slack(**kwargs): + if kwargs.get('token'): + query = Slack.select().where(Slack.token == kwargs.get('token')) + elif kwargs.get('id'): + query = Slack.select().where(Slack.id == kwargs.get('id')) + else: + query = Slack.select() + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def insert_new_slack(token, chanel, group): + try: + Slack.insert(token=token, chanel_name=chanel, groups=group).execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def update_slack(token, chanel, group, slack_id): + try: + return Slack.update(token=token, chanel_name=chanel, groups=group).where(Slack.id == slack_id).execute() + except Exception as e: + out_error(e) + + +def delete_pd(pd_id): + try: + PD.delete().where(PD.id == pd_id).execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def select_pd(**kwargs): + if kwargs.get('token'): + query = PD.select().where(PD.token == kwargs.get('token')) + elif kwargs.get('id'): + query = PD.select().where(PD.id == kwargs.get('id')) + else: + query = PD.select() + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def insert_new_pd(token, chanel, group): + try: + PD.insert(token=token, chanel_name=chanel, groups=group).execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def update_pd(token, chanel, group, pd_id): + try: + PD.update(token=token, chanel_name=chanel, groups=group).where(PD.id == pd_id).execute() + except Exception as e: + out_error(e) + return False + else: + return True diff --git a/app/modules/db/checker.py b/app/modules/db/checker.py new file mode 100644 index 00000000..bb03a9e3 --- /dev/null +++ b/app/modules/db/checker.py @@ -0,0 +1,210 @@ +from app.modules.db.db_model import CheckerSetting, Server, ServiceStatus +from app.modules.db.common import out_error + + +def select_checker_settings(service_id: int): + query = CheckerSetting.select().where(CheckerSetting.service_id == service_id) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + return + else: + return query_res + + +def select_checker_settings_for_server(service_id: int, server_id: int): + query = CheckerSetting.select().where( + (CheckerSetting.service_id == service_id) + & (CheckerSetting.server_id == server_id) + ) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + return + else: + return query_res + + +def insert_new_checker_setting_for_server(server_ip: str) -> None: + server_id = () + try: + server_id = Server.get(Server.ip == server_ip).server_id + except Exception as e: + out_error(e) + + for service_id in range(1, 5): + CheckerSetting.insert( + server_id=server_id, service_id=service_id + ).on_conflict_ignore().execute() + + +def update_haproxy_checker_settings( + email: int, telegram_id: int, slack_id: int, pd_id: int, service_alert: int, backend_alert: int, + maxconn_alert: int, setting_id: int +) -> bool: + settings_update = CheckerSetting.update( + email=email, telegram_id=telegram_id, slack_id=slack_id, pd_id=pd_id, service_alert=service_alert, + backend_alert=backend_alert, maxconn_alert=maxconn_alert + ).where(CheckerSetting.id == setting_id) + try: + settings_update.execute() + except Exception: + return False + else: + return True + + +def update_keepalived_checker_settings( + email: int, telegram_id: int, slack_id: int, pd_id: int, service_alert: int, backend_alert: int, + setting_id: int +) -> bool: + settings_update = CheckerSetting.update( + email=email, telegram_id=telegram_id, slack_id=slack_id, pd_id=pd_id, + service_alert=service_alert, backend_alert=backend_alert + ).where(CheckerSetting.id == setting_id) + try: + settings_update.execute() + except Exception: + return False + else: + return True + + +def update_service_checker_settings( + email: int, telegram_id: int, slack_id: int, pd_id: int, service_alert: int, setting_id: int +) -> bool: + settings_update = CheckerSetting.update( + email=email, telegram_id=telegram_id, slack_id=slack_id, pd_id=pd_id, service_alert=service_alert + ).where(CheckerSetting.id == setting_id) + try: + settings_update.execute() + except Exception: + return False + else: + return True + + +def select_checker_service_status(server_id: int, service_id: int, service_check: str) -> int: + try: + service_check_status = ServiceStatus.get( + (ServiceStatus.server_id == server_id) + & (ServiceStatus.service_id == service_id) + & (ServiceStatus.service_check == service_check) + ).status + except Exception as e: + return out_error(e) + else: + return service_check_status + + +def select_checker_services_status() -> tuple: + try: + services_check_status = ServiceStatus.select().execute() + except Exception as e: + return out_error(e) + else: + return services_check_status + + +def inset_or_update_service_status(server_id: int, service_id: int, service_check: str, status: int) -> None: + query = ServiceStatus.insert( + server_id=server_id, service_id=service_id, service_check=service_check, status=status + ).on_conflict('replace') + try: + query.execute() + except Exception as e: + out_error(e) + + +def select_alert(**kwargs): + if kwargs.get("group") is not None: + query = Server.select(Server.ip).where( + (Server.alert == 1) & (Server.enable == 1) & (Server.groups == kwargs.get('group')) + ) + else: + query = Server.select(Server.ip).where((Server.alert == 1) & (Server.enable == 1)) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_all_alerts(**kwargs): + if kwargs.get("group") is not None: + query = Server.select(Server.ip).where( + ((Server.alert == 1) | (Server.nginx_alert == 1)) & (Server.enable == 1) & (Server.groups == kwargs.get('group')) + ) + else: + query = Server.select(Server.ip).where(((Server.alert == 1) | (Server.nginx_alert == 1)) & (Server.enable == 1)) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_nginx_alert(**kwargs): + if kwargs.get("group") is not None: + query = Server.select(Server.ip).where( + (Server.nginx_alert == 1) + & (Server.enable == 1) + & (Server.groups == kwargs.get('group')) + & (Server.nginx == 1) + ) + else: + query = Server.select(Server.ip).where( + (Server.nginx_alert == 1) + & (Server.enable == 1) + & (Server.nginx == 1) + ) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_apache_alert(**kwargs): + if kwargs.get("group") is not None: + query = Server.select(Server.ip).where( + (Server.apache_alert == 1) + & (Server.enable == 1) + & (Server.groups == kwargs.get('group')) + & (Server.apache == 1) + ) + else: + query = Server.select(Server.ip).where((Server.apache_alert == 1) & (Server.enable == 1) & (Server.apache == 1)) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_keepalived_alert(**kwargs): + if kwargs.get("group") is not None: + query = Server.select(Server.ip).where( + (Server.keepalived_alert == 1) + & (Server.enable == 1) + & (Server.groups == kwargs.get('group')) + & (Server.keepalived == 1) + ) + else: + query = Server.select(Server.ip).where( + (Server.keepalived_alert == 1) + & (Server.enable == 1) + & (Server.keepalived == 1) + ) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res diff --git a/app/modules/db/common.py b/app/modules/db/common.py index 9d3ae779..de97ed41 100644 --- a/app/modules/db/common.py +++ b/app/modules/db/common.py @@ -2,10 +2,6 @@ import os import sys import traceback -from flask import request - -from app.modules.db.db_model import Setting - def out_error(error): error = str(error) @@ -15,37 +11,3 @@ def out_error(error): function_name = stk[0][2] error = f'{error} in function: {function_name} in file: {file_name}' raise Exception(f'error: {error}') - - -def get_setting(param, **kwargs): - user_group_id = '' - try: - user_group_id = request.cookies.get('group') - except Exception: - pass - if user_group_id == '' or user_group_id is None or param == 'proxy': - user_group_id = 1 - - if kwargs.get('all'): - query = Setting.select().where(Setting.group == user_group_id).order_by(Setting.section.desc()) - else: - query = Setting.select().where((Setting.param == param) & (Setting.group == user_group_id)) - - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - if kwargs.get('all'): - return query_res - else: - for setting in query_res: - if param in ( - 'nginx_stats_port', 'session_ttl', 'token_ttl', 'haproxy_stats_port', 'haproxy_sock_port', 'ldap_type', - 'ldap_port', 'ldap_enable', 'log_time_storage', 'syslog_server_enable', 'checker_check_interval', 'port_scan_interval', - 'smon_keep_history_range', 'checker_keep_history_range', 'portscanner_keep_history_range', 'checker_maxconn_threshold', - 'apache_stats_port', 'smon_ssl_expire_warning_alert', 'smon_ssl_expire_critical_alert', 'action_keep_history_range' - ): - return int(setting.value) - else: - return setting.value diff --git a/app/modules/db/config.py b/app/modules/db/config.py new file mode 100644 index 00000000..95a5f416 --- /dev/null +++ b/app/modules/db/config.py @@ -0,0 +1,65 @@ +from app.modules.db.db_model import ConfigVersion +from app.modules.db.sql import get_setting +from app.modules.db.server import select_server_id_by_ip +from app.modules.db.common import out_error +import app.modules.roxy_wi_tools as roxy_wi_tools + + +def insert_config_version(server_id: int, user_id: int, service: str, local_path: str, remote_path: str, diff: str): + time_zone = get_setting('time_zone') + get_date = roxy_wi_tools.GetDate(time_zone) + cur_date = get_date.return_date('regular') + try: + ConfigVersion.insert( + server_id=server_id, + user_id=user_id, + service=service, + local_path=local_path, + remote_path=remote_path, + diff=diff, + date=cur_date + ).execute() + except Exception as e: + out_error(e) + + +def select_config_version(server_ip: str, service: str) -> str: + server_id = select_server_id_by_ip(server_ip) + query = ConfigVersion.select().where( + (ConfigVersion.server_id == server_id) + & (ConfigVersion.service == service) + ) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def delete_config_version(service: str, local_path: str): + query_res = ConfigVersion.delete().where( + (ConfigVersion.service == service) + & (ConfigVersion.local_path == local_path) + ) + try: + query_res.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def select_remote_path_from_version(server_ip: str, service: str, local_path: str): + server_id = select_server_id_by_ip(server_ip) + try: + query_res = ConfigVersion.get( + (ConfigVersion.server_id == server_id) + & (ConfigVersion.service == service) + & (ConfigVersion.local_path == local_path) + ).remote_path + except Exception as e: + out_error(e) + else: + return query_res \ No newline at end of file diff --git a/app/modules/db/cred.py b/app/modules/db/cred.py new file mode 100644 index 00000000..6dbd7215 --- /dev/null +++ b/app/modules/db/cred.py @@ -0,0 +1,59 @@ +from app.modules.db.db_model import Cred, Server +from app.modules.db.common import out_error + + +def select_ssh(**kwargs): + if kwargs.get("name") is not None: + query = Cred.select().where(Cred.name == kwargs.get('name')) + elif kwargs.get("id") is not None: + query = Cred.select().where(Cred.id == kwargs.get('id')) + elif kwargs.get("serv") is not None: + query = Cred.select().join(Server, on=(Cred.id == Server.cred)).where(Server.ip == kwargs.get('serv')) + elif kwargs.get("group") is not None: + query = Cred.select().where(Cred.groups == kwargs.get("group")) + else: + query = Cred.select() + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def insert_new_ssh(name, enable, group, username, password): + if password is None: + password = 'None' + try: + Cred.insert(name=name, enable=enable, groups=group, username=username, password=password).execute() + except Exception as e: + out_error(e) + + +def delete_ssh(ssh_id): + query = Cred.delete().where(Cred.id == ssh_id) + try: + query.execute() + except Exception as e: + out_error(e) + else: + return True + + +def update_ssh(cred_id, name, enable, group, username, password): + if password is None: + password = 'None' + + cred_update = Cred.update(name=name, enable=enable, groups=group, username=username, password=password).where( + Cred.id == cred_id) + try: + cred_update.execute() + except Exception as e: + out_error(e) + + +def update_ssh_passphrase(name: str, passphrase: str): + try: + Cred.update(passphrase=passphrase).where(Cred.name == name).execute() + except Exception as e: + out_error(e) diff --git a/app/modules/db/db_model.py b/app/modules/db/db_model.py index 6acfec95..d4a4c719 100644 --- a/app/modules/db/db_model.py +++ b/app/modules/db/db_model.py @@ -1,30 +1,39 @@ -from peewee import * from playhouse.migrate import * from datetime import datetime from flask_login import UserMixin - +from playhouse.shortcuts import ReconnectMixin import modules.roxy_wi_tools as roxy_wi_tools get_config = roxy_wi_tools.GetConfigVar() mysql_enable = get_config.get_config_var('mysql', 'enable') -if mysql_enable == '1': - mysql_user = get_config.get_config_var('mysql', 'mysql_user') - mysql_password = get_config.get_config_var('mysql', 'mysql_password') - mysql_db = get_config.get_config_var('mysql', 'mysql_db') - mysql_host = get_config.get_config_var('mysql', 'mysql_host') - mysql_port = get_config.get_config_var('mysql', 'mysql_port') - conn = MySQLDatabase(mysql_db, user=mysql_user, password=mysql_password, host=mysql_host, port=int(mysql_port)) - migrator = MySQLMigrator(conn) -else: - db = "/var/lib/roxy-wi/roxy-wi.db" - conn = SqliteDatabase(db, pragmas={'timeout': 1000, 'foreign_keys': 1}) - migrator = SqliteMigrator(conn) + +class ReconnectMySQLDatabase(ReconnectMixin, MySQLDatabase): + pass + + +def connect(get_migrator=None): + if mysql_enable == '1': + mysql_user = get_config.get_config_var('mysql', 'mysql_user') + mysql_password = get_config.get_config_var('mysql', 'mysql_password') + mysql_db = get_config.get_config_var('mysql', 'mysql_db') + mysql_host = get_config.get_config_var('mysql', 'mysql_host') + mysql_port = get_config.get_config_var('mysql', 'mysql_port') + conn = ReconnectMySQLDatabase(mysql_db, user=mysql_user, password=mysql_password, host=mysql_host, port=int(mysql_port)) + migrator = MySQLMigrator(conn) + else: + db = "/var/lib/roxy-wi/roxy-wi.db" + conn = SqliteDatabase(db, pragmas={'timeout': 1000, 'foreign_keys': 1}) + migrator = SqliteMigrator(conn) + if get_migrator: + return migrator + else: + return conn class BaseModel(Model): class Meta: - database = conn + database = connect() class User(BaseModel, UserMixin): @@ -738,6 +747,7 @@ class HaClusterService(BaseModel): def create_tables(): + conn = connect() with conn: conn.create_tables( [User, Server, Role, Telegram, Slack, UUID, Token, ApiToken, Groups, UserGroups, ConfigVersion, Setting, diff --git a/app/modules/db/group.py b/app/modules/db/group.py new file mode 100644 index 00000000..ddd20d33 --- /dev/null +++ b/app/modules/db/group.py @@ -0,0 +1,141 @@ +from app.modules.db.db_model import Groups, Setting, UserGroups +from app.modules.db.common import out_error + + +def select_groups(**kwargs): + if kwargs.get("group") is not None: + query = Groups.select().where(Groups.name == kwargs.get('group')) + elif kwargs.get("id") is not None: + query = Groups.select().where(Groups.group_id == kwargs.get('id')) + else: + query = Groups.select().order_by(Groups.group_id) + + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def add_group(name, description): + try: + last_insert = Groups.insert(name=name, description=description) + last_insert_id = last_insert.execute() + except Exception as e: + out_error(e) + return False + else: + add_setting_for_new_group(last_insert_id) + return True + + +def add_setting_for_new_group(group_id): + group_id = str(group_id) + data_source = [ + {'param': 'time_zone', 'value': 'UTC', 'section': 'main', 'desc': 'Time Zone', 'group': group_id}, + {'param': 'proxy', 'value': '', 'section': 'main', 'desc': 'IP address and port of the proxy server . Use proto://ip:port', 'group': group_id}, + {'param': 'session_ttl', 'value': '5', 'section': 'main', 'desc': 'TTL for a user session (in days)', 'group': group_id}, + {'param': 'token_ttl', 'value': '5', 'section': 'main', 'desc': 'TTL for a user token (in days)', 'group': group_id}, + {'param': 'tmp_config_path', 'value': '/tmp/', 'section': 'main', 'desc': 'Path to the temporary directory.', 'group': group_id}, + {'param': 'cert_path', 'value': '/etc/ssl/certs/', 'section': 'main', 'desc': 'Path to SSL dir', 'group': group_id}, + {'param': 'haproxy_path_logs', 'value': '/var/log/haproxy/', 'section': 'haproxy', 'desc': 'The default local path for saving logs', 'group': group_id}, + {'param': 'syslog_server_enable', 'value': '0', 'section': 'logs', 'desc': 'Enable getting logs from a syslog server; (0 - no, 1 - yes)', 'group': group_id}, + {'param': 'syslog_server', 'value': '', 'section': 'logs', 'desc': 'IP address of the syslog_server', 'group': group_id}, + {'param': 'haproxy_stats_user', 'value': 'admin', 'section': 'haproxy', 'desc': 'Username for accessing HAProxy stats page', 'group': group_id}, + {'param': 'haproxy_stats_password', 'value': 'password', 'section': 'haproxy', 'desc': 'Password for accessing HAProxy stats page', 'group': group_id}, + {'param': 'haproxy_stats_port', 'value': '8085', 'section': 'haproxy', 'desc': 'Port for HAProxy stats page', 'group': group_id}, + {'param': 'haproxy_stats_page', 'value': 'stats', 'section': 'haproxy', 'desc': 'URI for HAProxy stats page', 'group': group_id}, + {'param': 'haproxy_dir', 'value': '/etc/haproxy', 'section': 'haproxy', 'desc': 'Path to the HAProxy directory', 'group': group_id}, + {'param': 'haproxy_config_path', 'value': '/etc/haproxy/haproxy.cfg', 'section': 'haproxy', 'desc': 'Path to the HAProxy configuration file', 'group': group_id}, + {'param': 'server_state_file', 'value': '/etc/haproxy/haproxy.state', 'section': 'haproxy', 'desc': 'Path to the HAProxy state file', 'group': group_id}, + {'param': 'haproxy_sock', 'value': '/var/run/haproxy.sock', 'section': 'haproxy', 'desc': 'Path to the HAProxy sock file', 'group': group_id}, + {'param': 'haproxy_sock_port', 'value': '1999', 'section': 'haproxy', 'desc': 'Socket port for HAProxy', 'group': group_id}, + {'param': 'haproxy_container_name', 'value': 'haproxy', 'section': 'haproxy', 'desc': 'Docker container name for HAProxy service', 'group': group_id}, + {'param': 'maxmind_key', 'value': '', 'section': 'main', 'desc': 'License key for downloading GeoIP DB. You can create it on maxmind.com', 'group': group_id}, + {'param': 'nginx_path_logs', 'value': '/var/log/nginx/', 'section': 'nginx', 'desc': 'NGINX error log', 'group': group_id}, + {'param': 'nginx_stats_user', 'value': 'admin', 'section': 'nginx', 'desc': 'Username for accessing NGINX stats page', 'group': group_id}, + {'param': 'nginx_stats_password', 'value': 'password', 'section': 'nginx', 'desc': 'Password for accessing NGINX stats page', 'group': group_id}, + {'param': 'nginx_stats_port', 'value': '8086', 'section': 'nginx', 'desc': 'Stats port for web page NGINX', 'group': group_id}, + {'param': 'nginx_stats_page', 'value': 'stats', 'section': 'nginx', 'desc': 'URI Stats for web page NGINX', 'group': group_id}, + {'param': 'nginx_dir', 'value': '/etc/nginx/', 'section': 'nginx', 'desc': 'Path to the NGINX directory with config files', 'group': group_id}, + {'param': 'nginx_config_path', 'value': '/etc/nginx/nginx.conf', 'section': 'nginx', 'desc': 'Path to the main NGINX configuration file', 'group': group_id}, + {'param': 'nginx_container_name', 'value': 'nginx', 'section': 'nginx', 'desc': 'Docker container name for NGINX service', 'group': group_id}, + {'param': 'ldap_enable', 'value': '0', 'section': 'ldap', 'desc': 'Enable LDAP', 'group': group_id}, + {'param': 'ldap_server', 'value': '', 'section': 'ldap', 'desc': 'IP address of the LDAP server', 'group': group_id}, + {'param': 'ldap_port', 'value': '389', 'section': 'ldap', 'desc': 'LDAP port (port 389 or 636 is used by default)', 'group': group_id}, + {'param': 'ldap_user', 'value': '', 'section': 'ldap', 'desc': 'LDAP username. Format: user@domain.com', 'group': group_id}, + {'param': 'ldap_password', 'value': '', 'section': 'ldap', 'desc': 'LDAP password', 'group': group_id}, + {'param': 'ldap_base', 'value': '', 'section': 'ldap', 'desc': 'Base domain. Example: dc=domain, dc=com', 'group': group_id}, + {'param': 'ldap_domain', 'value': '', 'section': 'ldap', 'desc': 'LDAP domain for logging in', 'group': group_id}, + {'param': 'ldap_class_search', 'value': 'user', 'section': 'ldap', 'desc': 'Class for searching the user', 'group': group_id}, + {'param': 'ldap_user_attribute', 'value': 'sAMAccountName', 'section': 'ldap', 'desc': 'Attribute to search users by', 'group': group_id}, + {'param': 'ldap_search_field', 'value': 'mail', 'section': 'ldap', 'desc': 'User\'s email address', 'group': group_id}, + {'param': 'ldap_type', 'value': '0', 'section': 'ldap', 'desc': 'Use LDAPS', 'group': group_id}, + {'param': 'apache_path_logs', 'value': '/var/log/httpd/', 'section': 'apache', 'desc': 'The path for Apache logs', 'group': group_id}, + {'param': 'apache_stats_user', 'value': 'admin', 'section': 'apache', 'desc': 'Username for accessing Apache stats page', 'group': group_id}, + {'param': 'apache_stats_password', 'value': 'password', 'section': 'apache', 'desc': 'Password for Apache stats webpage', 'group': group_id}, + {'param': 'apache_stats_port', 'value': '8087', 'section': 'apache', 'desc': 'Stats port for webpage Apache', 'group': group_id}, + {'param': 'apache_stats_page', 'value': 'stats', 'section': 'apache', 'desc': 'URI Stats for webpage Apache', 'group': group_id}, + {'param': 'apache_dir', 'value': '/etc/httpd/', 'section': 'apache', 'desc': 'Path to the Apache directory with config files', 'group': group_id}, + {'param': 'apache_config_path', 'value': '/etc/httpd/conf/httpd.conf', 'section': 'apache', 'desc': 'Path to the main Apache configuration file', 'group': group_id}, + {'param': 'apache_container_name', 'value': 'apache', 'section': 'apache', 'desc': 'Docker container name for Apache service', 'group': group_id}, + {'param': 'keepalived_config_path', 'value': '/etc/keepalived/keepalived.conf', 'section': 'keepalived', 'desc': 'Path to the main Keepalived configuration file', 'group': group_id}, + {'param': 'keepalived_path_logs', 'value': '/var/log/keepalived/', 'section': 'keepalived', 'desc': 'The path for Keepalived logs', 'group': group_id}, + ] + + try: + Setting.insert_many(data_source).execute() + except Exception as e: + out_error(e) + + +def delete_group(group_id): + try: + Groups.delete().where(Groups.group_id == group_id).execute() + UserGroups.delete().where(UserGroups.user_group_id == group_id).execute() + except Exception as e: + out_error(e) + return False + else: + delete_group_settings(group_id) + return True + + +def delete_group_settings(group_id): + try: + group_for_delete = Setting.delete().where(Setting.group == group_id) + group_for_delete.execute() + except Exception as e: + out_error(e) + else: + return True + + +def update_group(name, descript, group_id): + try: + group_update = Groups.update(name=name, description=descript).where(Groups.group_id == group_id) + group_update.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def get_group_name_by_id(group_id): + try: + group_name = Groups.get(Groups.group_id == group_id) + except Exception as e: + out_error(e) + else: + return group_name.name + + +def get_group_id_by_name(group_name): + try: + group_id = Groups.get(Groups.name == group_name) + except Exception as e: + out_error(e) + else: + return group_id.group_id diff --git a/app/modules/db/ha_cluster.py b/app/modules/db/ha_cluster.py new file mode 100644 index 00000000..9c63f2c5 --- /dev/null +++ b/app/modules/db/ha_cluster.py @@ -0,0 +1,279 @@ +from app.modules.db.db_model import connect, HaCluster, HaClusterVirt, HaClusterVip, HaClusterService, HaClusterSlave, Server, HaClusterRouter +from app.modules.db.common import out_error + + +def select_clusters(group_id: int): + try: + return HaCluster.select().where(HaCluster.group_id == group_id).execute() + except Exception as e: + out_error(e) + + +def create_cluster(name: str, syn_flood: int, group_id: int, desc: str) -> int: + try: + last_id = HaCluster.insert( + name=name, syn_flood=syn_flood, group_id=group_id, desc=desc + ).execute() + return last_id + except Exception as e: + out_error(e) + + +def select_cluster(cluster_id: int): + try: + return HaCluster.select().where(HaCluster.id == cluster_id).execute() + except Exception as e: + out_error(e) + + +def select_cluster_name(cluster_id: int) -> str: + try: + return HaCluster.get(HaCluster.id == cluster_id).name + except Exception as e: + out_error(e) + + +def select_clusters_virts(): + try: + return HaClusterVirt.select().execute() + except Exception as e: + out_error(e) + + +def select_cluster_vips(cluster_id: int) -> object: + try: + return HaClusterVip.select().where(HaClusterVip.cluster_id == cluster_id).execute() + except Exception as e: + out_error(e) + + +def select_clusters_vip(cluster_id: int, router_id: int): + try: + return HaClusterVip.get((HaClusterVip.cluster_id == cluster_id) & (HaClusterVip.router_id == router_id)).vip + except Exception as e: + out_error(e) + + +def select_clusters_vip_return_master(cluster_id: int, router_id: int): + try: + return HaClusterVip.get((HaClusterVip.cluster_id == cluster_id) & (HaClusterVip.router_id == router_id)).return_master + except Exception as e: + out_error(e) + + +def select_clusters_vip_id(cluster_id: int, router_id): + try: + return HaClusterVip.get((HaClusterVip.cluster_id == cluster_id) & (HaClusterVip.router_id == router_id)).id + except Exception as e: + out_error(e) + + +def delete_cluster_services(cluster_id: int): + try: + return HaClusterService.delete().where(HaClusterService.cluster_id == cluster_id).execute() + except Exception as e: + out_error(e) + + +def insert_cluster_services(cluster_id: int, service_id: int): + try: + return HaClusterService.insert(cluster_id=cluster_id, service_id=service_id).execute() + except Exception as e: + out_error(e) + + +def select_cluster_master_slaves(cluster_id: int, group_id: int, router_id: int): + conn = connect() + cursor = conn.cursor() + sql = f"select * from servers left join ha_cluster_slaves on (servers.id = ha_cluster_slaves.server_id) " \ + f"where servers.groups = {group_id} and ha_cluster_slaves.cluster_id = {cluster_id} and ha_cluster_slaves.router_id = {router_id};" + try: + cursor.execute(sql) + except Exception as e: + out_error(e) + else: + return cursor.fetchall() + + +def select_cluster_slaves(cluster_id: int, router_id: int): + conn = connect() + cursor = conn.cursor() + sql = f"select * from servers left join ha_cluster_slaves on (servers.id = ha_cluster_slaves.server_id) " \ + f"where ha_cluster_slaves.cluster_id = {cluster_id} and ha_cluster_slaves.router_id = {router_id};" + try: + cursor.execute(sql) + except Exception as e: + out_error(e) + else: + return cursor.fetchall() + + +def select_cluster_slaves_for_inv(router_id: int): + try: + return HaClusterSlave.select().where(HaClusterSlave.router_id == router_id).execute() + except Exception as e: + out_error(e) + + +def delete_ha_cluster_delete_slave(server_id: int) -> None: + try: + HaClusterSlave.delete().where(HaClusterSlave.server_id == server_id).execute() + except Exception as e: + out_error(e) + + +def delete_master_from_slave(server_id: int) -> None: + try: + Server.update(master=0).where(Server.server_id == server_id).execute() + except Exception as e: + out_error(e) + + +def select_ha_cluster_not_masters_not_slaves(group_id: int): + """ + Method for selecting HA clusters excluding masters and slaves. + + :param group_id: The ID of the group. + :return: The query result. + """ + try: + query = Server.select().where( + (Server.type_ip == 0) & + (Server.server_id.not_in(HaClusterSlave.select(HaClusterSlave.server_id))) & + (Server.groups == group_id) + ) + return query.execute() + except Exception as e: + out_error(e) + + +def get_router_id(cluster_id: int, default_router=0) -> int: + """ + :param cluster_id: The ID of the cluster to get the router ID from. + :param default_router: The default router ID to retrieve. Default value is 0. + :return: The ID of the router associated with the given cluster ID and default router ID. + + """ + try: + return HaClusterRouter.get((HaClusterRouter.cluster_id == cluster_id) & (HaClusterRouter.default == default_router)).id + except Exception as e: + out_error(e) + + +def create_ha_router(cluster_id: int) -> int: + """ + Create HA Router + + This method is used to create a HA (High Availability) router for a given cluster. + + :param cluster_id: The ID of the cluster for which the HA router needs to be created. + :return: The ID of the created HA router. + :rtype: int + + :raises Exception: If an error occurs while creating the HA router. + + """ + try: + last_id = HaClusterRouter.insert(cluster_id=cluster_id).execute() + return last_id + except Exception as e: + out_error(e) + + +def delete_ha_router(router_id: int) -> int: + try: + last_id = HaClusterRouter.delete().where(HaClusterRouter.id == router_id).execute() + return last_id + except Exception as e: + out_error(e) + + +def insert_or_update_slave(cluster_id: int, server_id: int, eth: str, master: int, router_id) -> None: + try: + HaClusterSlave.insert(cluster_id=cluster_id, server_id=server_id, eth=eth, master=master, router_id=router_id).on_conflict('replace').execute() + except Exception as e: + out_error(e) + + +def update_slave(cluster_id: int, server_id: int, eth: str, master: int, router_id) -> None: + try: + HaClusterSlave.update( + cluster_id=cluster_id, server_id=server_id, eth=eth, master=master, router_id=router_id + ).where((HaClusterSlave.server_id == server_id) & (HaClusterSlave.router_id == router_id)).execute() + except Exception as e: + out_error(e) + + +def update_cluster(cluster_id: int, name: str, desc: str, syn_flood: int) -> None: + try: + HaCluster.update(name=name, desc=desc, syn_flood=syn_flood).where(HaCluster.id == cluster_id).execute() + except Exception as e: + out_error(e) + + +def update_ha_cluster_vip(cluster_id: int, router_id: int, vip: str, return_master: int) -> None: + try: + HaClusterVip.update(vip=vip, return_master=return_master).where((HaClusterVip.cluster_id == cluster_id) & (HaClusterVip.router_id == router_id)).execute() + except Exception as e: + out_error(e) + + +def update_ha_virt_ip(vip_id: int, vip: str) -> None: + try: + Server.update(ip=vip).where(Server.server_id == HaClusterVirt.get(HaClusterVirt.vip_id == vip_id).virt_id).execute() + except Exception as e: + out_error(e) + + +def delete_ha_virt(vip_id: int) -> None: + try: + Server.delete().where(Server.server_id == HaClusterVirt.get(HaClusterVirt.vip_id == vip_id).virt_id).execute() + except Exception: + pass + + +def check_ha_virt(vip_id: int) -> bool: + try: + HaClusterVirt.get(HaClusterVirt.vip_id == vip_id).virt_id + except Exception: + return False + return True + + +def select_ha_cluster_name_and_slaves() -> object: + try: + return HaCluster.select(HaCluster.id, HaCluster.name, HaClusterSlave.server_id).join(HaClusterSlave).execute() + except Exception as e: + out_error(e) + + +def select_cluster_services(cluster_id: int): + try: + return HaClusterService.select().where(HaClusterService.cluster_id == cluster_id).execute() + except Exception as e: + out_error(e) + + +def update_server_master(master, slave): + try: + master_id = Server.get(Server.ip == master).server_id + except Exception as e: + out_error(e) + + update_master_server_by_slave_ip(master_id, slave) + + +def update_master_server_by_slave_ip(master_id: int, slave_ip: str) -> None: + try: + Server.update(master=master_id).where(Server.ip == slave_ip).execute() + except Exception as e: + out_error(e) + + +def get_cred_id_by_server_ip(server_ip): + try: + cred = Server.get(Server.ip == server_ip) + except Exception as e: + return out_error(e) + else: + return cred.cred diff --git a/app/modules/db/history.py b/app/modules/db/history.py new file mode 100644 index 00000000..81712b4b --- /dev/null +++ b/app/modules/db/history.py @@ -0,0 +1,92 @@ +from app.modules.db.db_model import connect, ActionHistory, Alerts +from app.modules.db.sql import get_setting +from app.modules.db.common import out_error +import app.modules.roxy_wi_tools as roxy_wi_tools + + +def alerts_history(service, user_group, **kwargs): + conn = connect() + cursor = conn.cursor() + and_host = '' + if kwargs.get('host'): + and_host = "and ip = '{}'".format(kwargs.get('host')) + + if user_group == 1: + sql_user_group = "" + else: + sql_user_group = "and user_group = '{}'".format(user_group) + + sql = ( + f"select message, level, ip, port, date " + f"from alerts " + f"where service = '{service}' {sql_user_group} {and_host} " + f"order by date desc; " + ) + try: + cursor.execute(sql) + except Exception as e: + out_error(e) + else: + conn.close() + return cursor.fetchall() + + +def insert_alerts(user_group, level, ip, port, message, service): + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) + cur_date = get_date.return_date('regular') + try: + Alerts.insert( + user_group=user_group, message=message, level=level, ip=ip, port=port, service=service, + date=cur_date + ).execute() + except Exception as e: + out_error(e) + + +def delete_alert_history(keep_interval: int, service: str): + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) + cur_date = get_date.return_date('regular', timedelta_minus=keep_interval) + query = Alerts.delete().where( + (Alerts.date < cur_date) & (Alerts.service == service) + ) + try: + query.execute() + except Exception as e: + out_error(e) + + +def insert_action_history(service: str, action: str, server_id: int, user_id: int, user_ip: str, server_ip: str, hostname: str): + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) + cur_date = get_date.return_date('regular') + try: + ActionHistory.insert( + service=service, + action=action, + server_id=server_id, + user_id=user_id, + ip=user_ip, + date=cur_date, + server_ip=server_ip, + hostname=hostname + ).execute() + except Exception as e: + out_error(e) + + +def delete_action_history(server_id: int): + query = ActionHistory.delete().where(ActionHistory.server_id == server_id) + try: + query.execute() + except Exception as e: + out_error(e) + + +def delete_action_history_for_period(): + time_period = get_setting('action_keep_history_range') + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) + cur_date = get_date.return_date('regular', timedelta_minus=time_period) + query = ActionHistory.delete().where(ActionHistory.date < cur_date) + try: + query.execute() + except Exception as e: + out_error(e) diff --git a/app/modules/db/keep_alive.py b/app/modules/db/keep_alive.py new file mode 100644 index 00000000..06ebd359 --- /dev/null +++ b/app/modules/db/keep_alive.py @@ -0,0 +1,62 @@ +from app.modules.db.db_model import KeepaliveRestart, Server +from app.modules.db.common import out_error + + +def select_keep_alive(): + query = Server.select(Server.ip, Server.groups, Server.server_id).where(Server.active == 1) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_nginx_keep_alive(): + query = Server.select(Server.ip, Server.groups, Server.server_id).where(Server.nginx_active == 1) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_apache_keep_alive(): + query = Server.select(Server.ip, Server.groups, Server.server_id).where(Server.apache_active == 1) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_keepalived_keep_alive(): + query = Server.select(Server.ip, Server.port, Server.groups, Server.server_id).where(Server.keepalived_active == 1) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_update_keep_alive_restart(server_id: int, service: str) -> int: + try: + restarted = KeepaliveRestart.get( + (KeepaliveRestart.server_id == server_id) & + (KeepaliveRestart.service == service) + ).restarted + except Exception as e: + out_error(e) + else: + return restarted or 0 + + +def update_keep_alive_restart(server_id: int, service: str, restarted: int) -> None: + query = KeepaliveRestart.insert(server_id=server_id, service=service, restarted=restarted).on_conflict('replace') + try: + query.execute() + except Exception as e: + out_error(e) \ No newline at end of file diff --git a/app/modules/db/metric.py b/app/modules/db/metric.py new file mode 100644 index 00000000..c70dfab2 --- /dev/null +++ b/app/modules/db/metric.py @@ -0,0 +1,612 @@ +from app.modules.db.db_model import connect, mysql_enable, Metrics, MetricsHttpStatus, Server, NginxMetrics, ApacheMetrics, WafMetrics +from app.modules.db.sql import get_setting +from app.modules.db.common import out_error +import app.modules.roxy_wi_tools as roxy_wi_tools + + +def insert_metrics(serv, curr_con, cur_ssl_con, sess_rate, max_sess_rate): + time_zone = get_setting('time_zone') + get_date = roxy_wi_tools.GetDate(time_zone) + cur_date = get_date.return_date('regular') + try: + Metrics.insert( + serv=serv, curr_con=curr_con, cur_ssl_con=cur_ssl_con, sess_rate=sess_rate, max_sess_rate=max_sess_rate, + date=cur_date + ).execute() + except Exception as e: + out_error(e) + else: + conn = connect() + if type(conn) is not str: + if not conn.is_closed(): + conn.close() + + +def insert_metrics_http(serv, http_2xx, http_3xx, http_4xx, http_5xx): + time_zone = get_setting('time_zone') + get_date = roxy_wi_tools.GetDate(time_zone) + cur_date = get_date.return_date('regular') + try: + MetricsHttpStatus.insert( + serv=serv, ok_ans=http_2xx, redir_ans=http_3xx, not_found_ans=http_4xx, err_ans=http_5xx, + date=cur_date + ).execute() + except Exception as e: + out_error(e) + else: + conn = connect() + if type(conn) is not str: + if not conn.is_closed(): + conn.close() + + +def insert_nginx_metrics(serv, connection): + time_zone = get_setting('time_zone') + get_date = roxy_wi_tools.GetDate(time_zone) + cur_date = get_date.return_date('regular') + try: + NginxMetrics.insert(serv=serv, conn=connection, date=cur_date).execute() + except Exception as e: + out_error(e) + else: + conn = connect() + if type(conn) is not str: + if not conn.is_closed(): + conn.close() + + +def insert_apache_metrics(serv, connection): + time_zone = get_setting('time_zone') + get_date = roxy_wi_tools.GetDate(time_zone) + cur_date = get_date.return_date('regular') + try: + ApacheMetrics.insert(serv=serv, conn=connection, date=cur_date).execute() + except Exception as e: + out_error(e) + else: + conn = connect() + if type(conn) is not str: + if not conn.is_closed(): + conn.close() + + +def insert_waf_metrics(serv, connection): + time_zone = get_setting('time_zone') + get_date = roxy_wi_tools.GetDate(time_zone) + cur_date = get_date.return_date('regular') + try: + WafMetrics.insert(serv=serv, conn=connection, date=cur_date).execute() + except Exception as e: + out_error(e) + finally: + conn = connect() + if type(conn) is not str: + if not conn.is_closed(): + conn.close() + + +def delete_waf_metrics(): + time_zone = get_setting('time_zone') + get_date = roxy_wi_tools.GetDate(time_zone) + cur_date = get_date.return_date('regular', timedelta_minus=3) + query = WafMetrics.delete().where(WafMetrics.date < cur_date) + try: + query.execute() + except Exception as e: + out_error(e) + finally: + conn = connect() + if type(conn) is not str: + if not conn.is_closed(): + conn.close() + + +def delete_metrics(): + time_zone = get_setting('time_zone') + get_date = roxy_wi_tools.GetDate(time_zone) + cur_date = get_date.return_date('regular', timedelta_minus=3) + query = Metrics.delete().where(Metrics.date < cur_date) + try: + query.execute() + except Exception as e: + out_error(e) + finally: + conn = connect() + if type(conn) is not str: + if not conn.is_closed(): + conn.close() + + +def delete_http_metrics(): + time_zone = get_setting('time_zone') + get_date = roxy_wi_tools.GetDate(time_zone) + cur_date = get_date.return_date('regular', timedelta_minus=3) + query = MetricsHttpStatus.delete().where(MetricsHttpStatus.date < cur_date) + try: + query.execute() + except Exception as e: + out_error(e) + finally: + conn = connect() + if type(conn) is not str: + if not conn.is_closed(): + conn.close() + + +def delete_nginx_metrics(): + time_zone = get_setting('time_zone') + get_date = roxy_wi_tools.GetDate(time_zone) + cur_date = get_date.return_date('regular', timedelta_minus=3) + query = NginxMetrics.delete().where(NginxMetrics.date < cur_date) + try: + query.execute() + except Exception as e: + out_error(e) + finally: + conn = connect() + if type(conn) is not str: + if not conn.is_closed(): + conn.close() + + +def delete_apache_metrics(): + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) + cur_date = get_date.return_date('regular', timedelta_minus=3) + query = ApacheMetrics.delete().where(ApacheMetrics.date < cur_date) + try: + query.execute() + except Exception as e: + out_error(e) + finally: + conn = connect() + if type(conn) is not str: + if not conn.is_closed(): + conn.close() + + +def select_metrics(serv, service, **kwargs): + conn = connect() + cursor = conn.cursor() + + if service in ('nginx', 'apache', 'waf'): + metrics_table = '{}_metrics'.format(service) + elif service == 'http_metrics': + metrics_table = 'metrics_http_status' + else: + metrics_table = 'metrics' + + if mysql_enable == '1': + if kwargs.get('time_range') == '60': + date_from = "and date > now() - INTERVAL 60 minute group by `date` div 100" + elif kwargs.get('time_range') == '180': + date_from = "and date > now() - INTERVAL 180 minute group by `date` div 200" + elif kwargs.get('time_range') == '360': + date_from = "and date > now() - INTERVAL 360 minute group by `date` div 300" + elif kwargs.get('time_range') == '720': + date_from = "and date > now() - INTERVAL 720 minute group by `date` div 500" + else: + date_from = "and date > now() - INTERVAL 30 minute" + sql = """ select * from {metrics_table} where serv = '{serv}' {date_from} order by `date` asc """.format( + metrics_table=metrics_table, serv=serv, date_from=date_from + ) + else: + if kwargs.get('time_range') == '60': + date_from = "and date > datetime('now', '-60 minutes', 'localtime') and rowid % 2 = 0" + elif kwargs.get('time_range') == '180': + date_from = "and date > datetime('now', '-180 minutes', 'localtime') and rowid % 5 = 0" + elif kwargs.get('time_range') == '360': + date_from = "and date > datetime('now', '-360 minutes', 'localtime') and rowid % 7 = 0" + elif kwargs.get('time_range') == '720': + date_from = "and date > datetime('now', '-720 minutes', 'localtime') and rowid % 9 = 0" + else: + date_from = "and date > datetime('now', '-30 minutes', 'localtime')" + + sql = """ select * from (select * from {metrics_table} where serv = '{serv}' {date_from} order by `date`) order by `date` """.format( + metrics_table=metrics_table, serv=serv, date_from=date_from) + + try: + cursor.execute(sql) + except Exception as e: + out_error(e) + else: + return cursor.fetchall() + + +def select_servers_metrics_for_master(**kwargs): + if kwargs.get('group') != 1: + query = Server.select(Server.ip).where( + ((Server.metrics == 1) | (Server.nginx_metrics == 1) | (Server.apache_metrics == 1)) + & (Server.groups == kwargs.get('group')) + ) + else: + query = Server.select(Server.ip).where( + (Server.metrics == 1) + | (Server.nginx_metrics == 1) + | (Server.apache_metrics == 1) + ) + + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_haproxy_servers_metrics_for_master(): + query = Server.select(Server.ip).where(Server.metrics == 1) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_nginx_servers_metrics_for_master(): + query = Server.select(Server.ip).where((Server.nginx_metrics == 1) & (Server.nginx == 1)) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_apache_servers_metrics_for_master(): + query = Server.select(Server.ip).where( + (Server.apache_metrics == 1) + & (Server.apache == 1) + ) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_servers_metrics(group_id): + if group_id == 1: + query = Server.select(Server.ip).where((Server.enable == 1) & (Server.metrics == 1)) + else: + query = Server.select(Server.ip).where( + (Server.enable == 1) & (Server.groups == group_id) & (Server.metrics == 1)) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_table_metrics(group_id): + conn = connect() + cursor = conn.cursor() + + if group_id == 1: + groups = "" + else: + groups = "and servers.groups = '{group}' ".format(group=group_id) + if mysql_enable == '1': + sql = """ + select ip.ip, hostname, avg_sess_1h, avg_sess_24h, avg_sess_3d, max_sess_1h, max_sess_24h, max_sess_3d, + avg_cur_1h, avg_cur_24h, avg_cur_3d, max_con_1h, max_con_24h, max_con_3d from + (select servers.ip from servers where metrics = 1 ) as ip, + + (select servers.ip, servers.hostname as hostname from servers left join metrics as metr on servers.ip = metr.serv where servers.metrics = 1 %s) as hostname, + + (select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_1h from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(), INTERVAL -1 HOUR) + group by servers.ip) as avg_sess_1h, + + (select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_24h from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR) + group by servers.ip) as avg_sess_24h, + + (select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_3d from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(), INTERVAL -3 DAY) + group by servers.ip ) as avg_sess_3d, + + (select servers.ip,max(metr.sess_rate) as max_sess_1h from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -1 HOUR) + group by servers.ip) as max_sess_1h, + + (select servers.ip,max(metr.sess_rate) as max_sess_24h from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR) + group by servers.ip) as max_sess_24h, + + (select servers.ip,max(metr.sess_rate) as max_sess_3d from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -3 DAY) + group by servers.ip ) as max_sess_3d, + + (select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_1h from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -1 HOUR) + group by servers.ip) as avg_cur_1h, + + (select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_24h from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR) + group by servers.ip) as avg_cur_24h, + + (select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_3d from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -3 DAY) + group by servers.ip ) as avg_cur_3d, + + (select servers.ip,max(metr.curr_con) as max_con_1h from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -1 HOUR) + group by servers.ip) as max_con_1h, + + (select servers.ip,max(metr.curr_con) as max_con_24h from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR) + group by servers.ip) as max_con_24h, + + (select servers.ip,max(metr.curr_con) as max_con_3d from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -3 DAY) + group by servers.ip ) as max_con_3d + + where ip.ip=hostname.ip + and ip.ip=avg_sess_1h.ip + and ip.ip=avg_sess_24h.ip + and ip.ip=avg_sess_3d.ip + and ip.ip=max_sess_1h.ip + and ip.ip=max_sess_24h.ip + and ip.ip=max_sess_3d.ip + and ip.ip=avg_cur_1h.ip + and ip.ip=avg_cur_24h.ip + and ip.ip=avg_cur_3d.ip + and ip.ip=max_con_1h.ip + and ip.ip=max_con_24h.ip + and ip.ip=max_con_3d.ip + + group by hostname.ip """ % groups + else: + sql = """ + select ip.ip, hostname, avg_sess_1h, avg_sess_24h, avg_sess_3d, max_sess_1h, max_sess_24h, max_sess_3d, avg_cur_1h, + avg_cur_24h, avg_cur_3d, max_con_1h, max_con_24h, max_con_3d from + (select servers.ip from servers where metrics = 1 ) as ip, + + (select servers.ip, servers.hostname as hostname from servers left join metrics as metr on servers.ip = metr.serv where servers.metrics = 1 %s) as hostname, + + (select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_1h from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime') + group by servers.ip) as avg_sess_1h, + + (select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_24h from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime') + group by servers.ip) as avg_sess_24h, + + (select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_3d from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime') + group by servers.ip ) as avg_sess_3d, + + (select servers.ip,max(metr.sess_rate) as max_sess_1h from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime') + group by servers.ip) as max_sess_1h, + + (select servers.ip,max(metr.sess_rate) as max_sess_24h from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime') + group by servers.ip) as max_sess_24h, + + (select servers.ip,max(metr.sess_rate) as max_sess_3d from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime') + group by servers.ip ) as max_sess_3d, + + (select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_1h from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime') + group by servers.ip) as avg_cur_1h, + + (select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_24h from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime') + group by servers.ip) as avg_cur_24h, + + (select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_3d from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime') + group by servers.ip ) as avg_cur_3d, + + (select servers.ip,max(metr.curr_con) as max_con_1h from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime') + group by servers.ip) as max_con_1h, + + (select servers.ip,max(metr.curr_con) as max_con_24h from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime') + group by servers.ip) as max_con_24h, + + (select servers.ip,max(metr.curr_con) as max_con_3d from servers + left join metrics as metr on metr.serv = servers.ip + where servers.metrics = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime') + group by servers.ip ) as max_con_3d + + where ip.ip=hostname.ip + and ip.ip=avg_sess_1h.ip + and ip.ip=avg_sess_24h.ip + and ip.ip=avg_sess_3d.ip + and ip.ip=max_sess_1h.ip + and ip.ip=max_sess_24h.ip + and ip.ip=max_sess_3d.ip + and ip.ip=avg_cur_1h.ip + and ip.ip=avg_cur_24h.ip + and ip.ip=avg_cur_3d.ip + and ip.ip=max_con_1h.ip + and ip.ip=max_con_24h.ip + and ip.ip=max_con_3d.ip + + group by hostname.ip """ % groups + + try: + cursor.execute(sql) + except Exception as e: + out_error(e) + else: + return cursor.fetchall() + + +def select_service_table_metrics(service: str, group_id: int): + conn = connect() + cursor = conn.cursor() + + if service in ('nginx', 'apache'): + metrics_table = f'{service}_metrics' + + if group_id == 1: + groups = "" + else: + groups = f"and servers.groups = '{group_id}' " + + if mysql_enable == '1': + sql = """ + select ip.ip, hostname, avg_cur_1h, avg_cur_24h, avg_cur_3d, max_con_1h, max_con_24h, max_con_3d from + (select servers.ip from servers where {metrics} = 1 ) as ip, + + (select servers.ip, servers.hostname as hostname from servers left join {metrics} as metr on servers.ip = metr.serv where servers.{metrics} = 1 {groups}) as hostname, + + (select servers.ip,round(avg(metr.conn), 1) as avg_cur_1h from servers + left join {metrics} as metr on metr.serv = servers.ip + where servers.{metrics} = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -1 HOUR) + group by servers.ip) as avg_cur_1h, + + (select servers.ip,round(avg(metr.conn), 1) as avg_cur_24h from servers + left join {metrics} as metr on metr.serv = servers.ip + where servers.{metrics} = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR) + group by servers.ip) as avg_cur_24h, + + (select servers.ip,round(avg(metr.conn), 1) as avg_cur_3d from servers + left join {metrics} as metr on metr.serv = servers.ip + where servers.{metrics} = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -3 DAY) + group by servers.ip ) as avg_cur_3d, + + (select servers.ip,max(metr.conn) as max_con_1h from servers + left join {metrics} as metr on metr.serv = servers.ip + where servers.{metrics} = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -1 HOUR) + group by servers.ip) as max_con_1h, + + (select servers.ip,max(metr.conn) as max_con_24h from servers + left join {metrics} as metr on metr.serv = servers.ip + where servers.{metrics} = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR) + group by servers.ip) as max_con_24h, + + (select servers.ip,max(metr.conn) as max_con_3d from servers + left join {metrics} as metr on metr.serv = servers.ip + where servers.{metrics} = 1 and + metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -3 DAY) + group by servers.ip ) as max_con_3d + + where ip.ip=hostname.ip + and ip.ip=avg_cur_1h.ip + and ip.ip=avg_cur_24h.ip + and ip.ip=avg_cur_3d.ip + and ip.ip=max_con_1h.ip + and ip.ip=max_con_24h.ip + and ip.ip=max_con_3d.ip + + group by hostname.ip """.format(metrics=metrics_table, groups=groups) + else: + sql = """ + select ip.ip, hostname, avg_cur_1h, avg_cur_24h, avg_cur_3d, max_con_1h, max_con_24h, max_con_3d from + (select servers.ip from servers where {metrics} = 1 ) as ip, + + (select servers.ip, servers.hostname as hostname from servers left join {metrics} as metr on servers.ip = metr.serv where servers.{metrics} = 1 {groups}) as hostname, + + (select servers.ip,round(avg(metr.conn), 1) as avg_cur_1h from servers + left join {metrics} as metr on metr.serv = servers.ip + where servers.{metrics} = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime') + group by servers.ip) as avg_cur_1h, + + (select servers.ip,round(avg(metr.conn), 1) as avg_cur_24h from servers + left join {metrics} as metr on metr.serv = servers.ip + where servers.{metrics} = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime') + group by servers.ip) as avg_cur_24h, + + (select servers.ip,round(avg(metr.conn), 1) as avg_cur_3d from servers + left join {metrics} as metr on metr.serv = servers.ip + where servers.{metrics} = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime') + group by servers.ip ) as avg_cur_3d, + + (select servers.ip,max(metr.conn) as max_con_1h from servers + left join {metrics} as metr on metr.serv = servers.ip + where servers.{metrics} = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime') + group by servers.ip) as max_con_1h, + + (select servers.ip,max(metr.conn) as max_con_24h from servers + left join {metrics} as metr on metr.serv = servers.ip + where servers.{metrics} = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime') + group by servers.ip) as max_con_24h, + + (select servers.ip,max(metr.conn) as max_con_3d from servers + left join {metrics} as metr on metr.serv = servers.ip + where servers.{metrics} = 1 and + metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime') + group by servers.ip ) as max_con_3d + + where ip.ip=hostname.ip + and ip.ip=avg_cur_1h.ip + and ip.ip=avg_cur_24h.ip + and ip.ip=avg_cur_3d.ip + and ip.ip=max_con_1h.ip + and ip.ip=max_con_24h.ip + and ip.ip=max_con_3d.ip + + group by hostname.ip """.format(metrics=metrics_table, groups=groups) + + try: + cursor.execute(sql) + except Exception as e: + out_error(e) + else: + return cursor.fetchall() diff --git a/app/modules/db/portscanner.py b/app/modules/db/portscanner.py new file mode 100644 index 00000000..87d8ffca --- /dev/null +++ b/app/modules/db/portscanner.py @@ -0,0 +1,150 @@ +from app.modules.db.db_model import connect, fn, PortScannerPorts, PortScannerSettings, PortScannerHistory +from app.modules.db.sql import get_setting +from app.modules.db.common import out_error +import app.modules.roxy_wi_tools as roxy_wi_tools + + +def delete_port_scanner_settings(server_id): + query = PortScannerSettings.delete().where(PortScannerSettings.server_id == server_id) + try: + query.execute() + except Exception as e: + out_error(e) + + +def select_port_scanner_settings(user_group): + if user_group != 1: + query = PortScannerSettings.select().where(PortScannerSettings.user_group_id == str(user_group)) + else: + query = PortScannerSettings.select() + + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_port_scanner_settings_for_service(): + query = PortScannerSettings.select() + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def insert_port_scanner_port(serv, user_group_id, port, service_name): + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) + cur_date = get_date.return_date('regular') + try: + PortScannerPorts.insert( + serv=serv, port=port, user_group_id=user_group_id, service_name=service_name, + date=cur_date + ).execute() + except Exception as e: + out_error(e) + + +def select_ports(serv): + conn = connect() + cursor = conn.cursor() + sql = """select port from port_scanner_ports where serv = '%s' """ % serv + + try: + cursor.execute(sql) + except Exception as e: + out_error(e) + else: + conn.close() + return cursor.fetchall() + + +def select_port_name(serv, port): + query = PortScannerPorts.select(PortScannerPorts.service_name).where( + (PortScannerPorts.serv == serv) & (PortScannerPorts.port == port)) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + for port in query_res: + return port.service_name + + +def delete_ports(serv): + query = PortScannerPorts.delete().where(PortScannerPorts.serv == serv) + try: + query.execute() + except Exception as e: + out_error(e) + + +def insert_port_scanner_history(serv, port, port_status, service_name): + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) + cur_date = get_date.return_date('regular') + try: + PortScannerHistory.insert( + serv=serv, port=port, status=port_status, service_name=service_name, date=cur_date + ).execute() + except Exception as e: + out_error(e) + + +def insert_port_scanner_settings(server_id, user_group_id, enabled, notify, history): + try: + PortScannerSettings.insert( + server_id=server_id, user_group_id=user_group_id, enabled=enabled, notify=notify, history=history + ).execute() + return True + except Exception: + return False + + +def update_port_scanner_settings(server_id, user_group_id, enabled, notify, history): + query = PortScannerSettings.update( + user_group_id=user_group_id, enabled=enabled, notify=notify, history=history + ).where(PortScannerSettings.server_id == server_id) + try: + query.execute() + except Exception as e: + out_error(e) + + + +def select_count_opened_ports(serv): + query = PortScannerPorts.select( + PortScannerPorts.date, fn.Count(PortScannerPorts.port).alias('count') + ).where(PortScannerPorts.serv == serv) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + port = list() + for ports in query_res: + port.append([ports.count, ports.date]) + return port + + +def delete_portscanner_history(keep_interval: int): + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) + cur_date = get_date.return_date('regular', timedelta_minus=keep_interval) + query = PortScannerHistory.delete().where( + PortScannerHistory.date < cur_date) + try: + query.execute() + except Exception as e: + out_error(e) + + +def select_port_scanner_history(serv): + query = PortScannerHistory.select().where(PortScannerHistory.serv == serv) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res diff --git a/app/modules/db/roxy.py b/app/modules/db/roxy.py new file mode 100644 index 00000000..4017896b --- /dev/null +++ b/app/modules/db/roxy.py @@ -0,0 +1,125 @@ +from app.modules.db.db_model import UserName, RoxyTool, Version +from app.modules.db.common import out_error + + +def insert_user_name(user_name): + try: + UserName.insert(UserName=user_name).execute() + except Exception: + pass + + +def select_user_name(): + try: + query_res = UserName.get().UserName + except Exception: + return False + else: + return query_res + + + +def update_user_name(user_name): + user_update = UserName.update(UserName=user_name) + try: + user_update.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def update_user_status(status, plan, method): + user_update = UserName.update(Status=status, Method=method, Plan=plan) + try: + user_update.execute() + except Exception: + return False + else: + return True + + +def select_user_status(): + try: + query_res = UserName.get().Status + except Exception: + return False + else: + return query_res + + +def select_user_plan(): + try: + query_res = UserName.get().Plan + except Exception: + return False + else: + return query_res + + +def select_user_all(): + try: + query_res = UserName.select() + except Exception: + return False + else: + return query_res + + +def get_roxy_tools(): + query = RoxyTool.select() + try: + query_res = query.where(RoxyTool.is_roxy == 1).execute() + except Exception as e: + out_error(e) + else: + tools = [] + for tool in query_res: + tools.append(tool.name) + return tools + + +def get_all_tools(): + try: + query_res = RoxyTool.select().execute() + except Exception as e: + out_error(e) + else: + tools = {} + for tool in query_res: + tools.setdefault(tool.name, {'current_version': tool.current_version, 'new_version': tool.new_version, 'desc': tool.desc}) + + return tools + + +def update_tool_cur_version(tool_name: str, version: str): + try: + RoxyTool.update(current_version=version).where(RoxyTool.name == tool_name).execute() + except Exception as e: + out_error(e) + + +def update_tool_new_version(tool_name: str, version: str): + try: + RoxyTool.update(new_version=version).where(RoxyTool.name == tool_name).execute() + except Exception as e: + out_error(e) + + +def get_tool_cur_version(tool_name: str): + try: + query = RoxyTool.get(RoxyTool.name == tool_name).current_version + except Exception as e: + out_error(e) + else: + return query + + +def get_ver(): + try: + ver = Version.get() + except Exception as e: + out_error(e) + else: + return ver.version diff --git a/app/modules/db/server.py b/app/modules/db/server.py new file mode 100644 index 00000000..77a05cc3 --- /dev/null +++ b/app/modules/db/server.py @@ -0,0 +1,286 @@ +from app.modules.db.db_model import mysql_enable, connect, Server, SystemInfo +from app.modules.db.common import out_error + + +def add_server(hostname, ip, group, typeip, enable, master, cred, port, desc, haproxy, nginx, apache, firewall): + try: + server_id = Server.insert( + hostname=hostname, ip=ip, groups=group, type_ip=typeip, enable=enable, master=master, cred=cred, + port=port, desc=desc, haproxy=haproxy, nginx=nginx, apache=apache, firewall_enable=firewall + ).execute() + return server_id + except Exception as e: + out_error(e) + return False + + +def delete_server(server_id): + try: + server_for_delete = Server.delete().where(Server.server_id == server_id) + server_for_delete.execute() + except Exception as e: + out_error(e) + else: + return True + + +def update_server(hostname, group, typeip, enable, master, server_id, cred, port, desc, firewall, protected): + try: + server_update = Server.update( + hostname=hostname, groups=group, type_ip=typeip, enable=enable, master=master, cred=cred, + port=port, desc=desc, firewall_enable=firewall, protected=protected + ).where(Server.server_id == server_id) + server_update.execute() + except Exception as e: + out_error(e) + + +def get_hostname_by_server_ip(server_ip): + try: + hostname = Server.get(Server.ip == server_ip) + except Exception as e: + return out_error(e) + else: + return hostname.hostname + + +def select_server_by_name(name): + try: + ip = Server.get(Server.hostname == name) + except Exception as e: + return out_error(e) + else: + return ip.ip + + +def insert_system_info( + server_id: int, os_info: str, sys_info: dict, cpu: dict, ram: dict, network: dict, disks: dict +): + try: + SystemInfo.insert( + server_id=server_id, os_info=os_info, sys_info=sys_info, cpu=cpu, ram=ram, network=network, disks=disks + ).on_conflict('replace').execute() + except Exception as e: + out_error(e) + + +def delete_system_info(server_id: int): + try: + SystemInfo.delete().where(SystemInfo.server_id == server_id).execute() + except Exception as e: + out_error(e) + + +def select_one_system_info(server_id: int): + try: + return SystemInfo.select().where(SystemInfo.server_id == server_id).execute() + except Exception as e: + out_error(e) + + +def is_system_info(server_id): + try: + query_res = SystemInfo.get(SystemInfo.server_id == server_id).server_id + except Exception: + return True + else: + if query_res: + return True + else: + return False + + +def select_os_info(server_id): + try: + query_res = SystemInfo.get(SystemInfo.server_id == server_id).os_info + except Exception as e: + out_error(e) + return + else: + return query_res + + +def update_firewall(serv): + query = Server.update(firewall_enable=1).where(Server.ip == serv) + try: + query.execute() + return True + except Exception as e: + out_error(e) + return False + + +def return_firewall(serv): + try: + query_res = Server.get(Server.ip == serv).firewall_enable + except Exception: + return False + else: + return True if query_res == 1 else False + + +def update_server_pos(pos, server_id) -> str: + query = Server.update(pos=pos).where(Server.server_id == server_id) + try: + query.execute() + return 'ok' + except Exception as e: + out_error(e) + + +def is_serv_protected(serv): + try: + query_res = Server.get(Server.ip == serv) + except Exception: + return "" + else: + return True if query_res.protected else False + + +def select_server_ip_by_id(server_id: int) -> str: + try: + server_ip = Server.get(Server.server_id == server_id).ip + except Exception as e: + return out_error(e) + else: + return server_ip + + +def select_server_id_by_ip(server_ip): + try: + server_id = Server.get(Server.ip == server_ip).server_id + except Exception: + return None + else: + return server_id + + +def select_servers(**kwargs): + conn = connect() + cursor = conn.cursor() + + if mysql_enable == '1': + sql = """select * from `servers` where `enable` = 1 ORDER BY servers.groups """ + + if kwargs.get("server") is not None: + sql = """select * from `servers` where `ip` = '{}' """.format(kwargs.get("server")) + if kwargs.get("full") is not None: + sql = """select * from `servers` ORDER BY hostname """ + if kwargs.get("get_master_servers") is not None: + sql = """select id,hostname from `servers` where `master` = 0 and type_ip = 0 and enable = 1 ORDER BY servers.groups """ + if kwargs.get("get_master_servers") is not None and kwargs.get('uuid') is not None: + sql = """ select servers.id, servers.hostname from `servers` + left join user as user on servers.groups = user.groups + left join uuid as uuid on user.id = uuid.user_id + where uuid.uuid = '{}' and servers.master = 0 and servers.type_ip = 0 and servers.enable = 1 ORDER BY servers.groups + """.format(kwargs.get('uuid')) + if kwargs.get("id"): + sql = """select * from `servers` where `id` = '{}' """.format(kwargs.get("id")) + if kwargs.get("hostname"): + sql = """select * from `servers` where `hostname` = '{}' """.format(kwargs.get("hostname")) + if kwargs.get("id_hostname"): + sql = """select * from `servers` where `hostname` ='{}' or id = '{}' or ip = '{}'""".format( + kwargs.get("id_hostname"), kwargs.get("id_hostname"), kwargs.get("id_hostname")) + if kwargs.get("server") and kwargs.get("keep_alive"): + sql = """select active from `servers` where `ip` = '{}' """.format(kwargs.get("server")) + else: + sql = """select * from servers where enable = '1' ORDER BY servers.groups """ + + if kwargs.get("server") is not None: + sql = """select * from servers where ip = '{}' """.format(kwargs.get("server")) + if kwargs.get("full") is not None: + sql = """select * from servers ORDER BY hostname """ + if kwargs.get("get_master_servers") is not None: + sql = """select id,hostname from servers where master = 0 and type_ip = 0 and enable = 1 ORDER BY servers.groups """ + if kwargs.get("get_master_servers") is not None and kwargs.get('uuid') is not None: + sql = """ select servers.id, servers.hostname from servers + left join user as user on servers.groups = user.groups + left join uuid as uuid on user.id = uuid.user_id + where uuid.uuid = '{}' and servers.master = 0 and servers.type_ip = 0 and servers.enable = 1 ORDER BY servers.groups + """.format(kwargs.get('uuid')) + if kwargs.get("id"): + sql = """select * from servers where id = '{}' """.format(kwargs.get("id")) + if kwargs.get("hostname"): + sql = """select * from servers where hostname = '{}' """.format(kwargs.get("hostname")) + if kwargs.get("id_hostname"): + sql = """select * from servers where hostname = '{}' or id = '{}' or ip = '{}'""".format( + kwargs.get("id_hostname"), kwargs.get("id_hostname"), kwargs.get("id_hostname")) + if kwargs.get("server") and kwargs.get("keep_alive"): + sql = """select active from servers where ip = '{}' """.format(kwargs.get("server")) + + try: + cursor.execute(sql) + except Exception as e: + out_error(e) + else: + return cursor.fetchall() + + +def get_dick_permit(group_id, **kwargs): + only_group = kwargs.get('only_group') + disable = 'enable = 1' + haproxy = '' + nginx = '' + keepalived = '' + apache = '' + ip = '' + + if kwargs.get('virt'): + type_ip = "" + else: + type_ip = "and type_ip = 0" + if kwargs.get('disable') == 0: + disable = '(enable = 1 or enable = 0)' + if kwargs.get('ip'): + ip = "and ip = '%s'" % kwargs.get('ip') + if kwargs.get('haproxy') or kwargs.get('service') == 'haproxy': + haproxy = "and haproxy = 1" + if kwargs.get('nginx') or kwargs.get('service') == 'nginx': + nginx = "and nginx = 1" + if kwargs.get('keepalived') or kwargs.get('service') == 'keepalived': + keepalived = "and keepalived = 1" + if kwargs.get('apache') or kwargs.get('service') == 'apache': + apache = "and apache = 1" + conn = connect() + cursor = conn.cursor() + try: + if mysql_enable == '1': + if group_id == '1' and not only_group: + sql = f" select * from `servers` where {disable} {type_ip} {nginx} {haproxy} {keepalived} {apache} {ip} order by `pos` asc" + else: + sql = f" select * from `servers` where `groups` = {group_id} and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by `pos` asc" + else: + if group_id == '1' and not only_group: + sql = f" select * from servers where {disable} {type_ip} {nginx} {haproxy} {keepalived} {apache} {ip} order by pos" + else: + sql = f" select * from servers where groups = '{group_id}' and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by pos" + + except Exception as e: + raise Exception(f'error: {e}') + + try: + cursor.execute(sql) + except Exception as e: + out_error(e) + else: + return cursor.fetchall() + + +def is_master(ip, **kwargs): + conn = connect() + cursor = conn.cursor() + if kwargs.get('master_slave'): + sql = """ select master.hostname, master.ip, slave.hostname, slave.ip + from servers as master + left join servers as slave on master.id = slave.master + where slave.master > 0 """ + else: + sql = """ select slave.ip, slave.hostname from servers as master + left join servers as slave on master.id = slave.master + where master.ip = '%s' """ % ip + try: + cursor.execute(sql) + except Exception as e: + out_error(e) + else: + return cursor.fetchall() diff --git a/app/modules/db/service.py b/app/modules/db/service.py new file mode 100644 index 00000000..1c0efe30 --- /dev/null +++ b/app/modules/db/service.py @@ -0,0 +1,266 @@ +from app.modules.db.db_model import Server, Services, ServiceSetting +from app.modules.db.common import out_error + + +def update_hapwi_server(server_id, alert, metrics, active, service_name): + try: + if service_name == 'nginx': + update_hapwi = Server.update( + nginx_alert=alert, nginx_active=active, nginx_metrics=metrics + ).where(Server.server_id == server_id) + elif service_name == 'keepalived': + update_hapwi = Server.update(keepalived_alert=alert, keepalived_active=active).where( + Server.server_id == server_id) + elif service_name == 'apache': + update_hapwi = Server.update(apache_alert=alert, apache_active=active, apache_metrics=metrics).where( + Server.server_id == server_id) + else: + update_hapwi = Server.update(alert=alert, metrics=metrics, active=active).where( + Server.server_id == server_id) + update_hapwi.execute() + except Exception as e: + out_error(e) + + +def update_server_services(server_id: int, haproxy: int, nginx: int, apache: int, keepalived: int) -> bool: + try: + server_update = Server.update( + haproxy=haproxy, nginx=nginx, apache=apache, keepalived=keepalived + ).where(Server.server_id == server_id) + server_update.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def insert_or_update_service_setting(server_id, service, setting, value): + try: + ServiceSetting.insert(server_id=server_id, service=service, setting=setting, value=value).on_conflict( + 'replace').execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def select_service_settings(server_id: int, service: str) -> str: + query = ServiceSetting.select().where((ServiceSetting.server_id == server_id) & (ServiceSetting.service == service)) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_docker_service_settings(server_id: int, service: str) -> str: + query = ServiceSetting.select().where( + (ServiceSetting.server_id == server_id) + & (ServiceSetting.service == service) + & (ServiceSetting.setting == 'dockerized') + ) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_docker_services_settings(service: str) -> str: + query = ServiceSetting.select().where( + (ServiceSetting.service == service) + & (ServiceSetting.setting == 'dockerized') + ) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_restart_service_settings(server_id: int, service: str) -> str: + query = ServiceSetting.select().where( + (ServiceSetting.server_id == server_id) + & (ServiceSetting.service == service) + & (ServiceSetting.setting == 'restart') + ) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_restart_services_settings(service: str) -> str: + query = ServiceSetting.select().where( + (ServiceSetting.service == service) + & (ServiceSetting.setting == 'restart') + ) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_service_setting(server_id: int, service: str, setting: str) -> str: + try: + result = ServiceSetting.get( + (ServiceSetting.server_id == server_id) + & (ServiceSetting.service == service) + & (ServiceSetting.setting == setting) + ).value + except Exception: + return '0' + else: + return result + + +def delete_service_settings(server_id: int): + query = ServiceSetting.delete().where(ServiceSetting.server_id == server_id) + try: + query.execute() + except Exception as e: + out_error(e) + + +def select_service_name_by_id(service_id: int) -> str: + try: + service = Services.get(Services.service_id == service_id).service + except Exception as e: + return out_error(e) + else: + return service + + +def select_service_id_by_slug(service_slug: str) -> int: + try: + service = Services.get(Services.slug == service_slug).service_id + except Exception as e: + return out_error(e) + else: + return service + + +def select_services(): + query = Services.select() + try: + query_res = query.execute() + except Exception as e: + out_error(e) + return + else: + return query_res + + +def select_service(slug: str) -> object: + try: + query_res = Services.get(Services.slug == slug) + except Exception as e: + out_error(e) + return 'there is no service' + else: + return query_res + + +def update_keepalived(serv): + query = Server.update(keepalived='1').where(Server.ip == serv) + try: + query.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def select_apache(serv): + try: + apache = Server.get(Server.ip == serv).apache + except Exception as e: + out_error(e) + else: + return apache + + +def update_apache(serv: str) -> bool: + query = Server.update(apache='1').where(Server.ip == serv) + try: + query.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def select_nginx(serv): + try: + query_res = Server.get(Server.ip == serv).nginx + except Exception as e: + out_error(e) + else: + return query_res + + +def update_nginx(serv: str) -> bool: + query = Server.update(nginx=1).where(Server.ip == serv) + try: + query.execute() + return True + except Exception as e: + out_error(e) + return False + + +def select_haproxy(serv): + try: + query_res = Server.get(Server.ip == serv).haproxy + except Exception as e: + out_error(e) + else: + return query_res + + +def update_haproxy(serv): + query = Server.update(haproxy=1).where(Server.ip == serv) + try: + query.execute() + return True + except Exception as e: + out_error(e) + return False + + +def select_keepalived(serv): + try: + keepalived = Server.get(Server.ip == serv).keepalived + except Exception as e: + out_error(e) + else: + return keepalived + + +def select_count_services(service: str) -> int: + try: + if service == 'haproxy': + query_res = Server.select().where(Server.haproxy == 1).count() + elif service == 'nginx': + query_res = Server.select().where(Server.nginx == 1).count() + elif service == 'keepalived': + query_res = Server.select().where(Server.keepalived == 1).count() + elif service == 'apache': + query_res = Server.select().where(Server.apache == 1).count() + else: + query_res = Server.select().where().count() + except Exception as e: + out_error(e) + else: + return query_res diff --git a/app/modules/db/smon.py b/app/modules/db/smon.py index 8fad7f0f..6e0dddc0 100644 --- a/app/modules/db/smon.py +++ b/app/modules/db/smon.py @@ -3,8 +3,9 @@ import uuid from peewee import fn from app.modules.db.db_model import SmonAgent, Server, SMON, SmonTcpCheck, SmonHttpCheck, SmonDnsCheck, SmonPingCheck, SmonHistory, SmonStatusPageCheck, SmonStatusPage +from app.modules.db.sql import get_setting from app.modules.db.common import out_error -from app.modules.common.common import get_date +import app.modules.roxy_wi_tools as roxy_wi_tools def get_agents(group_id: int): @@ -186,6 +187,7 @@ def add_sec_to_state_time(time, smon_id): def insert_smon_history(smon_id: int, resp_time: float, status: int, check_id: int, mes='') -> None: + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) cur_date = get_date.return_date('regular') try: SmonHistory.insert(smon_id=smon_id, response_time=resp_time, status=status, date=cur_date, check_id=check_id, mes=mes).execute() diff --git a/app/modules/db/sql.py b/app/modules/db/sql.py index a7e47721..6a4c658d 100755 --- a/app/modules/db/sql.py +++ b/app/modules/db/sql.py @@ -1,43 +1,23 @@ -#!/usr/bin/env python3 -# -*- coding: utf-8 -*- -import os -import sys -import traceback - from flask import request -from modules.db.db_model import * -import modules.roxy_wi_tools as roxy_wi_tools - - -def out_error(error): - error = str(error) - exc_type, exc_obj, exc_tb = sys.exc_info() - file_name = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1] - stk = traceback.extract_tb(exc_tb, 1) - function_name = stk[0][2] - error = f'{error} in function: {function_name} in file: {file_name}' - raise Exception(f'error: {error}') +from app.modules.db.db_model import GeoipCodes, Setting, Role +from app.modules.db.common import out_error +import app.modules.roxy_wi_tools as roxy_wi_tools def get_setting(param, **kwargs): - user_group = '' + user_group_id = '' try: user_group_id = request.cookies.get('group') - groups = select_groups(id=user_group_id) - for g in groups: - if int(g.group_id) == int(user_group_id): - user_group = g.group_id - break except Exception: pass - if user_group == '' or param == 'proxy': - user_group = 1 + if user_group_id == '' or user_group_id is None or param == 'proxy': + user_group_id = 1 if kwargs.get('all'): - query = Setting.select().where(Setting.group == user_group).order_by(Setting.section.desc()) + query = Setting.select().where(Setting.group == user_group_id).order_by(Setting.section.desc()) else: - query = Setting.select().where((Setting.param == param) & (Setting.group == user_group)) + query = Setting.select().where((Setting.param == param) & (Setting.group == user_group_id)) try: query_res = query.execute() @@ -63,2192 +43,6 @@ time_zone = get_setting('time_zone') get_date = roxy_wi_tools.GetDate(time_zone) -def add_user(user, email, password, role, activeuser, group): - if password != 'aduser': - try: - hashed_pass = roxy_wi_tools.Tools.get_hash(password) - last_id = User.insert( - username=user, email=email, password=hashed_pass, role=role, activeuser=activeuser, groups=group - ).execute() - except Exception as e: - out_error(e) - else: - return last_id - else: - try: - last_id = User.insert( - username=user, email=email, role=role, ldap_user=1, activeuser=activeuser, groups=group - ).execute() - except Exception as e: - out_error(e) - else: - return last_id - - -def update_user(user, email, role, user_id, activeuser): - user_update = User.update(username=user, email=email, role=role, activeuser=activeuser).where(User.user_id == user_id) - try: - user_update.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def update_user_from_admin_area(user, email, user_id, activeuser): - user_update = User.update(username=user, email=email, activeuser=activeuser).where(User.user_id == user_id) - try: - user_update.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def delete_user_groups(user_id): - group_for_delete = UserGroups.delete().where(UserGroups.user_id == user_id) - try: - group_for_delete.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def update_user_current_groups(groups, user_uuid): - user_id = get_user_id_by_uuid(user_uuid) - try: - user_update = User.update(groups=groups).where(User.user_id == user_id) - user_update.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def update_user_current_groups_by_id(groups, user_id): - try: - user_update = User.update(groups=groups).where(User.user_id == user_id) - user_update.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def update_user_password(password, user_id): - try: - hashed_pass = roxy_wi_tools.Tools.get_hash(password) - user_update = User.update(password=hashed_pass).where(User.user_id == user_id) - user_update.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def delete_user(user_id): - try: - user_for_delete = User.delete().where(User.user_id == user_id) - user_for_delete.execute() - delete_user_groups(user_id) - except Exception as e: - out_error(e) - return False - else: - return True - - -def add_group(name, description): - try: - last_insert = Groups.insert(name=name, description=description) - last_insert_id = last_insert.execute() - except Exception as e: - out_error(e) - return False - else: - add_setting_for_new_group(last_insert_id) - return True - - -def add_setting_for_new_group(group_id): - group_id = str(group_id) - data_source = [ - {'param': 'time_zone', 'value': 'UTC', 'section': 'main', 'desc': 'Time Zone', 'group': group_id}, - {'param': 'proxy', 'value': '', 'section': 'main', - 'desc': 'IP address and port of the proxy server . Use proto://ip:port', 'group': group_id}, - {'param': 'session_ttl', 'value': '5', 'section': 'main', 'desc': 'TTL for a user session (in days)', 'group': group_id}, - {'param': 'token_ttl', 'value': '5', 'section': 'main', 'desc': 'TTL for a user token (in days)', 'group': group_id}, - {'param': 'tmp_config_path', 'value': '/tmp/', 'section': 'main', - 'desc': 'Path to the temporary directory. A valid path should be specified as the value of this parameter. ' - 'The directory must be owned by the user specified in SSH settings', 'group': group_id}, - {'param': 'cert_path', 'value': '/etc/ssl/certs/', 'section': 'main', - 'desc': 'Path to SSL dir. Folder owner must be a user which set in the SSH settings. The path must be valid', 'group': group_id}, - {'param': 'haproxy_path_logs', 'value': '/var/log/haproxy/', 'section': 'haproxy', - 'desc': 'The default local path for saving logs', 'group': group_id}, - {'param': 'syslog_server_enable', 'value': '0', 'section': 'logs', - 'desc': 'Enable getting logs from a syslog server; (0 - no, 1 - yes)', 'group': group_id}, - {'param': 'syslog_server', 'value': '', 'section': 'logs', 'desc': 'IP address of the syslog_server', 'group': group_id}, - {'param': 'haproxy_stats_user', 'value': 'admin', 'section': 'haproxy', - 'desc': 'Username for accessing HAProxy stats page', 'group': group_id}, - {'param': 'haproxy_stats_password', 'value': 'password', 'section': 'haproxy', - 'desc': 'Password for accessing HAProxy stats page', 'group': group_id}, - {'param': 'haproxy_stats_port', 'value': '8085', 'section': 'haproxy', 'desc': 'Port for HAProxy stats page', 'group': group_id}, - {'param': 'haproxy_stats_page', 'value': 'stats', 'section': 'haproxy', 'desc': 'URI for HAProxy stats page', 'group': group_id}, - {'param': 'haproxy_dir', 'value': '/etc/haproxy', 'section': 'haproxy', 'desc': 'Path to the HAProxy directory', 'group': group_id}, - {'param': 'haproxy_config_path', 'value': '/etc/haproxy/haproxy.cfg', 'section': 'haproxy', 'desc': 'Path to the HAProxy configuration file', 'group': group_id}, - {'param': 'server_state_file', 'value': '/etc/haproxy/haproxy.state', 'section': 'haproxy', 'desc': 'Path to the HAProxy state file', 'group': group_id}, - {'param': 'haproxy_sock', 'value': '/var/run/haproxy.sock', 'section': 'haproxy', 'desc': 'Path to the HAProxy sock file', 'group': group_id}, - {'param': 'haproxy_sock_port', 'value': '1999', 'section': 'haproxy', 'desc': 'Socket port for HAProxy', 'group': group_id}, - {'param': 'haproxy_container_name', 'value': 'haproxy', 'section': 'haproxy', 'desc': 'Docker container name for HAProxy service', 'group': group_id}, - {'param': 'maxmind_key', 'value': '', 'section': 'main', - 'desc': 'License key for downloading GeoIP DB. You can create it on maxmind.com', 'group': group_id}, - {'param': 'nginx_path_logs', 'value': '/var/log/nginx/', 'section': 'nginx', 'desc': 'NGINX error log', 'group': group_id}, - {'param': 'nginx_stats_user', 'value': 'admin', 'section': 'nginx', 'desc': 'Username for accessing NGINX stats page', 'group': group_id}, - {'param': 'nginx_stats_password', 'value': 'password', 'section': 'nginx', 'desc': 'Password for accessing NGINX stats page', 'group': group_id}, - {'param': 'nginx_stats_port', 'value': '8086', 'section': 'nginx', 'desc': 'Stats port for web page NGINX', 'group': group_id}, - {'param': 'nginx_stats_page', 'value': 'stats', 'section': 'nginx', 'desc': 'URI Stats for web page NGINX', 'group': group_id}, - {'param': 'nginx_dir', 'value': '/etc/nginx/', 'section': 'nginx', 'desc': 'Path to the NGINX directory with config files', 'group': group_id}, - {'param': 'nginx_config_path', 'value': '/etc/nginx/nginx.conf', 'section': 'nginx', 'desc': 'Path to the main NGINX configuration file', 'group': group_id}, - {'param': 'nginx_container_name', 'value': 'nginx', 'section': 'nginx', 'desc': 'Docker container name for NGINX service', 'group': group_id}, - {'param': 'ldap_enable', 'value': '0', 'section': 'ldap', 'desc': 'Enable LDAP', 'group': group_id}, - {'param': 'ldap_server', 'value': '', 'section': 'ldap', 'desc': 'IP address of the LDAP server', 'group': group_id}, - {'param': 'ldap_port', 'value': '389', 'section': 'ldap', 'desc': 'LDAP port (port 389 or 636 is used by default)', 'group': group_id}, - {'param': 'ldap_user', 'value': '', 'section': 'ldap', 'desc': 'LDAP username. Format: user@domain.com', 'group': group_id}, - {'param': 'ldap_password', 'value': '', 'section': 'ldap', 'desc': 'LDAP password', 'group': group_id}, - {'param': 'ldap_base', 'value': '', 'section': 'ldap', 'desc': 'Base domain. Example: dc=domain, dc=com', 'group': group_id}, - {'param': 'ldap_domain', 'value': '', 'section': 'ldap', 'desc': 'LDAP domain for logging in', 'group': group_id}, - {'param': 'ldap_class_search', 'value': 'user', 'section': 'ldap', 'desc': 'Class for searching the user', 'group': group_id}, - {'param': 'ldap_user_attribute', 'value': 'sAMAccountName', 'section': 'ldap', 'desc': 'Attribute to search users by', 'group': group_id}, - {'param': 'ldap_search_field', 'value': 'mail', 'section': 'ldap', 'desc': 'User\'s email address', 'group': group_id}, - {'param': 'ldap_type', 'value': '0', 'section': 'ldap', 'desc': 'Use LDAPS', 'group': group_id}, - {'param': 'apache_path_logs', 'value': '/var/log/httpd/', 'section': 'apache', 'desc': 'The path for Apache logs', 'group': group_id}, - {'param': 'apache_stats_user', 'value': 'admin', 'section': 'apache', 'desc': 'Username for accessing Apache stats page', 'group': group_id}, - {'param': 'apache_stats_password', 'value': 'password', 'section': 'apache', 'desc': 'Password for Apache stats webpage', 'group': group_id}, - {'param': 'apache_stats_port', 'value': '8087', 'section': 'apache', 'desc': 'Stats port for webpage Apache', 'group': group_id}, - {'param': 'apache_stats_page', 'value': 'stats', 'section': 'apache', 'desc': 'URI Stats for webpage Apache', 'group': group_id}, - {'param': 'apache_dir', 'value': '/etc/httpd/', 'section': 'apache', 'desc': 'Path to the Apache directory with config files', 'group': group_id}, - {'param': 'apache_config_path', 'value': '/etc/httpd/conf/httpd.conf', 'section': 'apache', 'desc': 'Path to the main Apache configuration file', 'group': group_id}, - {'param': 'apache_container_name', 'value': 'apache', 'section': 'apache', 'desc': 'Docker container name for Apache service', 'group': group_id}, - {'param': 'keepalived_config_path', 'value': '/etc/keepalived/keepalived.conf', 'section': 'keepalived', - 'desc': 'Path to the main Keepalived configuration file', 'group': group_id}, - {'param': 'keepalived_path_logs', 'value': '/var/log/keepalived/', 'section': 'keepalived', 'desc': 'The path for Keepalived logs', 'group': group_id}, - ] - - try: - Setting.insert_many(data_source).execute() - except Exception as e: - out_error(e) - else: - return True - - -def delete_group_settings(group_id): - try: - group_for_delete = Setting.delete().where(Setting.group == group_id) - group_for_delete.execute() - except Exception as e: - out_error(e) - else: - return True - - -def delete_group(group_id): - try: - Groups.delete().where(Groups.group_id == group_id).execute() - UserGroups.delete().where(UserGroups.user_group_id == group_id).execute() - except Exception as e: - out_error(e) - return False - else: - delete_group_settings(group_id) - return True - - -def update_group(name, descript, group_id): - try: - group_update = Groups.update(name=name, description=descript).where(Groups.group_id == group_id) - group_update.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def add_server(hostname, ip, group, typeip, enable, master, cred, port, desc, haproxy, nginx, apache, firewall): - try: - server_id = Server.insert( - hostname=hostname, ip=ip, groups=group, type_ip=typeip, enable=enable, master=master, cred=cred, - port=port, desc=desc, haproxy=haproxy, nginx=nginx, apache=apache, firewall_enable=firewall - ).execute() - return server_id - except Exception as e: - out_error(e) - return False - - -def delete_server(server_id): - try: - server_for_delete = Server.delete().where(Server.server_id == server_id) - server_for_delete.execute() - except Exception as e: - out_error(e) - else: - return True - - -def update_hapwi_server(server_id, alert, metrics, active, service_name): - try: - if service_name == 'nginx': - update_hapwi = Server.update( - nginx_alert=alert, nginx_active=active, nginx_metrics=metrics - ).where(Server.server_id == server_id) - elif service_name == 'keepalived': - update_hapwi = Server.update(keepalived_alert=alert, keepalived_active=active).where( - Server.server_id == server_id) - elif service_name == 'apache': - update_hapwi = Server.update(apache_alert=alert, apache_active=active, apache_metrics=metrics).where( - Server.server_id == server_id) - else: - update_hapwi = Server.update(alert=alert, metrics=metrics, active=active).where( - Server.server_id == server_id) - update_hapwi.execute() - except Exception as e: - out_error(e) - - -def update_server(hostname, group, typeip, enable, master, server_id, cred, port, desc, firewall, protected): - try: - server_update = Server.update( - hostname=hostname, groups=group, type_ip=typeip, enable=enable, master=master, cred=cred, - port=port, desc=desc, firewall_enable=firewall, protected=protected - ).where(Server.server_id == server_id) - server_update.execute() - except Exception as e: - out_error(e) - - -def update_server_services(server_id: int, haproxy: int, nginx: int, apache: int, keepalived: int) -> bool: - try: - server_update = Server.update( - haproxy=haproxy, nginx=nginx, apache=apache, keepalived=keepalived - ).where(Server.server_id == server_id) - server_update.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def update_server_master(master, slave): - try: - master_id = Server.get(Server.ip == master).server_id - except Exception as e: - out_error(e) - - update_master_server_by_slave_ip(master_id, slave) - - -def update_master_server_by_slave_ip(master_id: int, slave_ip: str) -> None: - try: - Server.update(master=master_id).where(Server.ip == slave_ip).execute() - except Exception as e: - out_error(e) - - -def select_users(**kwargs): - if kwargs.get("user") is not None: - query = User.select().where(User.username == kwargs.get("user")) - elif kwargs.get("id") is not None: - query = User.select().where(User.user_id == kwargs.get("id")) - elif kwargs.get("group") is not None: - cur_date = get_date.return_date('regular', timedelta_minutes_minus=15) - query = (User.select( - User, UserGroups, Case( - 0, [((User.last_login_date >= cur_date), 0)], 1 - ).alias('last_login') - ).join(UserGroups, on=(User.user_id == UserGroups.user_id)).where( - UserGroups.user_group_id == kwargs.get("group") - )) - elif kwargs.get('by_group_id'): - query = User.select().where(User.groups == kwargs.get("by_group_id")) - else: - cur_date = get_date.return_date('regular', timedelta_minutes_minus=15) - query = User.select(User, Case(0, [( - (User.last_login_date >= cur_date), 0)], 1).alias('last_login')).order_by(User.user_id) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def is_user_active(user_id: int) -> int: - try: - query = User.get(User.user_id == user_id).activeuser - except Exception as e: - out_error(e) - else: - return int(query) - - -def select_user_groups(user_id, **kwargs): - if kwargs.get("limit") is not None: - query = UserGroups.select().where(UserGroups.user_id == user_id).limit(1) - else: - query = UserGroups.select().where(UserGroups.user_id == user_id) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - if kwargs.get("limit") is not None: - for i in query_res: - return i.user_group_id - else: - return query_res - - -def check_user_group(user_id, group_id): - try: - query_res = UserGroups.get((UserGroups.user_id == user_id) & (UserGroups.user_group_id == group_id)) - except Exception: - return False - else: - if query_res.user_id != '': - return True - else: - return False - - -def select_user_groups_with_names(user_id, **kwargs): - if kwargs.get("all") is not None: - query = (UserGroups.select( - UserGroups.user_group_id, UserGroups.user_id, Groups.name, Groups.description - ).join(Groups, on=(UserGroups.user_group_id == Groups.group_id))) - elif kwargs.get("user_not_in_group") is not None: - query = (Groups.select( - Groups.group_id, Groups.name - ).join(UserGroups, on=( - (UserGroups.user_group_id == Groups.group_id) & - (UserGroups.user_id == user_id) - ), join_type=JOIN.LEFT_OUTER).group_by(Groups.name).where(UserGroups.user_id.is_null(True))) - else: - query = (UserGroups.select( - UserGroups.user_group_id, UserGroups.user_role_id, Groups.name, Groups.group_id - ).join(Groups, on=(UserGroups.user_group_id == Groups.group_id)).where(UserGroups.user_id == user_id)) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_user_roles_by_group(group_id: int): - try: - query_res = UserGroups.select().where(UserGroups.user_group_id == group_id).execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_groups(**kwargs): - if kwargs.get("group") is not None: - query = Groups.select().where(Groups.name == kwargs.get('group')) - elif kwargs.get("id") is not None: - query = Groups.select().where(Groups.group_id == kwargs.get('id')) - else: - query = Groups.select().order_by(Groups.group_id) - - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def get_group_name_by_id(group_id): - try: - group_name = Groups.get(Groups.group_id == group_id) - except Exception as e: - out_error(e) - else: - return group_name.name - - -def get_group_id_by_name(group_name): - try: - group_id = Groups.get(Groups.name == group_name) - except Exception as e: - out_error(e) - else: - return group_id.group_id - - -def get_cred_id_by_server_ip(server_ip): - try: - cred = Server.get(Server.ip == server_ip) - except Exception as e: - return out_error(e) - else: - return cred.cred - - -def get_hostname_by_server_ip(server_ip): - try: - hostname = Server.get(Server.ip == server_ip) - except Exception as e: - return out_error(e) - else: - return hostname.hostname - - -def select_server_by_name(name): - try: - ip = Server.get(Server.hostname == name) - except Exception as e: - return out_error(e) - else: - return ip.ip - - -def select_server_id_by_ip(server_ip): - try: - server_id = Server.get(Server.ip == server_ip).server_id - except Exception: - return None - else: - return server_id - - -def select_server_ip_by_id(server_id: int) -> str: - try: - server_ip = Server.get(Server.server_id == server_id).ip - except Exception as e: - return out_error(e) - else: - return server_ip - - -def select_servers(**kwargs): - cursor = conn.cursor() - - if mysql_enable == '1': - sql = """select * from `servers` where `enable` = 1 ORDER BY servers.groups """ - - if kwargs.get("server") is not None: - sql = """select * from `servers` where `ip` = '{}' """.format(kwargs.get("server")) - if kwargs.get("full") is not None: - sql = """select * from `servers` ORDER BY hostname """ - if kwargs.get("get_master_servers") is not None: - sql = """select id,hostname from `servers` where `master` = 0 and type_ip = 0 and enable = 1 ORDER BY servers.groups """ - if kwargs.get("get_master_servers") is not None and kwargs.get('uuid') is not None: - sql = """ select servers.id, servers.hostname from `servers` - left join user as user on servers.groups = user.groups - left join uuid as uuid on user.id = uuid.user_id - where uuid.uuid = '{}' and servers.master = 0 and servers.type_ip = 0 and servers.enable = 1 ORDER BY servers.groups - """.format(kwargs.get('uuid')) - if kwargs.get("id"): - sql = """select * from `servers` where `id` = '{}' """.format(kwargs.get("id")) - if kwargs.get("hostname"): - sql = """select * from `servers` where `hostname` = '{}' """.format(kwargs.get("hostname")) - if kwargs.get("id_hostname"): - sql = """select * from `servers` where `hostname` ='{}' or id = '{}' or ip = '{}'""".format( - kwargs.get("id_hostname"), kwargs.get("id_hostname"), kwargs.get("id_hostname")) - if kwargs.get("server") and kwargs.get("keep_alive"): - sql = """select active from `servers` where `ip` = '{}' """.format(kwargs.get("server")) - else: - sql = """select * from servers where enable = '1' ORDER BY servers.groups """ - - if kwargs.get("server") is not None: - sql = """select * from servers where ip = '{}' """.format(kwargs.get("server")) - if kwargs.get("full") is not None: - sql = """select * from servers ORDER BY hostname """ - if kwargs.get("get_master_servers") is not None: - sql = """select id,hostname from servers where master = 0 and type_ip = 0 and enable = 1 ORDER BY servers.groups """ - if kwargs.get("get_master_servers") is not None and kwargs.get('uuid') is not None: - sql = """ select servers.id, servers.hostname from servers - left join user as user on servers.groups = user.groups - left join uuid as uuid on user.id = uuid.user_id - where uuid.uuid = '{}' and servers.master = 0 and servers.type_ip = 0 and servers.enable = 1 ORDER BY servers.groups - """.format(kwargs.get('uuid')) - if kwargs.get("id"): - sql = """select * from servers where id = '{}' """.format(kwargs.get("id")) - if kwargs.get("hostname"): - sql = """select * from servers where hostname = '{}' """.format(kwargs.get("hostname")) - if kwargs.get("id_hostname"): - sql = """select * from servers where hostname = '{}' or id = '{}' or ip = '{}'""".format( - kwargs.get("id_hostname"), kwargs.get("id_hostname"), kwargs.get("id_hostname")) - if kwargs.get("server") and kwargs.get("keep_alive"): - sql = """select active from servers where ip = '{}' """.format(kwargs.get("server")) - - try: - cursor.execute(sql) - except Exception as e: - out_error(e) - else: - return cursor.fetchall() - - -def write_user_uuid(login, user_uuid): - session_ttl = get_setting('session_ttl') - user_id = get_user_id_by_username(login) - cur_date = get_date.return_date('regular', timedelta=session_ttl) - - try: - UUID.insert(user_id=user_id, uuid=user_uuid, exp=cur_date).execute() - except Exception as e: - out_error(e) - - -def write_user_token(login, user_token): - token_ttl = int(get_setting('token_ttl')) - user_id = get_user_id_by_username(login) - cur_date = get_date.return_date('regular', timedelta=token_ttl) - - try: - Token.insert(user_id=user_id, token=user_token, exp=cur_date).execute() - except Exception as e: - out_error(e) - - -def write_api_token(user_token, group_id, user_role, user_name): - token_ttl = int(get_setting('token_ttl')) - cur_date = get_date.return_date('regular', timedelta=token_ttl) - cur_date_token_ttl = get_date.return_date('regular', timedelta=token_ttl) - - try: - ApiToken.insert( - token=user_token, user_name=user_name, user_group_id=group_id, user_role=user_role, - create_date=cur_date, expire_date=cur_date_token_ttl).execute() - except Exception as e: - out_error(e) - - -def get_api_token(token): - try: - user_token = ApiToken.get(ApiToken.token == token) - except Exception as e: - return str(e) - else: - return True if token == user_token.token else False - - -def get_user_id_by_api_token(token): - query = (User.select(User.user_id).join(ApiToken, on=( - ApiToken.user_name == User.username - )).where(ApiToken.token == token)) - try: - query_res = query.execute() - except Exception as e: - return str(e) - for i in query_res: - return i.user_id - - -def get_username_groupid_from_api_token(token): - try: - user_name = ApiToken.get(ApiToken.token == token) - except Exception as e: - return str(e) - else: - return user_name.user_name, user_name.user_group_id, user_name.user_role - - -def get_token(uuid): - query = Token.select().join(UUID, on=(Token.user_id == UUID.user_id)).where(UUID.uuid == uuid).limit(1) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - try: - for i in query_res: - return i.token - except Exception: - return '' - -# -# def delete_uuid(uuid): -# try: -# query = UUID.delete().where(UUID.uuid == uuid) -# query.execute() -# except Exception: -# pass - - -def delete_old_uuid(): - cur_date = get_date.return_date('regular') - query = UUID.delete().where((UUID.exp < cur_date) | (UUID.exp.is_null(True))) - query1 = Token.delete().where((Token.exp < cur_date) | (Token.exp.is_null(True))) - try: - query.execute() - query1.execute() - except Exception as e: - out_error(e) - finally: - if not conn.is_closed(): - conn.close() - - -def update_last_act_user(uuid: str, token: str, ip: str) -> None: - session_ttl = get_setting('session_ttl') - token_ttl = get_setting('token_ttl') - cur_date_session = get_date.return_date('regular', timedelta=session_ttl) - cur_date_token = get_date.return_date('regular', timedelta=token_ttl) - cur_date = get_date.return_date('regular') - user_id = get_user_id_by_uuid(uuid) - query = UUID.update(exp=cur_date_session).where(UUID.uuid == uuid) - query1 = Token.update(exp=cur_date_token).where(Token.token == token) - query2 = User.update(last_login_date=cur_date, last_login_ip=ip).where(User.user_id == user_id) - try: - query.execute() - query1.execute() - query2.execute() - except Exception as e: - out_error(e) - - -def get_user_name_by_uuid(uuid): - try: - query = User.select(User.username).join(UUID, on=(User.user_id == UUID.user_id)).where(UUID.uuid == uuid) - query_res = query.execute() - except Exception as e: - out_error(e) - else: - for user in query_res: - return user.username - - -def get_user_id(user_id: int) -> int: - try: - return User.get(User.user_id == user_id) - except Exception as e: - out_error(e) - - -def get_user_id_by_uuid(uuid): - try: - query = User.select(User.user_id).join(UUID, on=(User.user_id == UUID.user_id)).where(UUID.uuid == uuid) - query_res = query.execute() - except Exception as e: - out_error(e) - else: - for user in query_res: - return user.user_id - - -def get_user_id_by_username(username: str): - try: - query = User.get(User.username == username).user_id - except Exception as e: - out_error(e) - else: - return query - - -def get_user_role_by_uuid(uuid, group_id): - query = ( - UserGroups.select(UserGroups.user_role_id).join(UUID, on=(UserGroups.user_id == UUID.user_id) - ).where( - (UUID.uuid == uuid) & - (UserGroups.user_group_id == group_id) - ) - ) - - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - for user_id in query_res: - return int(user_id.user_role_id) - - -def get_user_telegram_by_group(group): - query = Telegram.select().where(Telegram.groups == group) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def get_telegram_by_ip(ip): - query = Telegram.select().join(Server, on=(Server.groups == Telegram.groups)).where(Server.ip == ip) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def get_telegram_by_id(telegram_id): - query = Telegram.select().where(Telegram.id == telegram_id) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def get_user_slack_by_group(group): - query = Slack.select().where(Slack.groups == group) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def get_slack_by_ip(ip): - query = Slack.select().join(Server, on=(Server.groups == Slack.groups)).where(Server.ip == ip) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def get_slack_by_id(slack_id): - query = Slack.select().where(Slack.id == slack_id) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def get_user_pd_by_group(group): - query = PD.select().where(PD.groups == group) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def get_pd_by_ip(ip): - query = PD.select().join(Server, on=(Server.groups == PD.groups)).where(Server.ip == ip) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def get_pd_by_id(pd_id): - query = PD.select().where(PD.id == pd_id) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def get_dick_permit(group_id, **kwargs): - only_group = kwargs.get('only_group') - disable = 'enable = 1' - haproxy = '' - nginx = '' - keepalived = '' - apache = '' - ip = '' - - if kwargs.get('virt'): - type_ip = "" - else: - type_ip = "and type_ip = 0" - if kwargs.get('disable') == 0: - disable = '(enable = 1 or enable = 0)' - if kwargs.get('ip'): - ip = "and ip = '%s'" % kwargs.get('ip') - if kwargs.get('haproxy') or kwargs.get('service') == 'haproxy': - haproxy = "and haproxy = 1" - if kwargs.get('nginx') or kwargs.get('service') == 'nginx': - nginx = "and nginx = 1" - if kwargs.get('keepalived') or kwargs.get('service') == 'keepalived': - keepalived = "and keepalived = 1" - if kwargs.get('apache') or kwargs.get('service') == 'apache': - apache = "and apache = 1" - - cursor = conn.cursor() - try: - if mysql_enable == '1': - if group_id == '1' and not only_group: - sql = f" select * from `servers` where {disable} {type_ip} {nginx} {haproxy} {keepalived} {apache} {ip} order by `pos` asc" - else: - sql = f" select * from `servers` where `groups` = {group_id} and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by `pos` asc" - else: - if group_id == '1' and not only_group: - sql = f" select * from servers where {disable} {type_ip} {nginx} {haproxy} {keepalived} {apache} {ip} order by pos" - else: - sql = f" select * from servers where groups = '{group_id}' and ({disable}) {type_ip} {ip} {haproxy} {nginx} {keepalived} {apache} order by pos" - - except Exception as e: - raise Exception(f'error: {e}') - - try: - cursor.execute(sql) - except Exception as e: - out_error(e) - else: - return cursor.fetchall() - - -def is_master(ip, **kwargs): - cursor = conn.cursor() - if kwargs.get('master_slave'): - sql = """ select master.hostname, master.ip, slave.hostname, slave.ip - from servers as master - left join servers as slave on master.id = slave.master - where slave.master > 0 """ - else: - sql = """ select slave.ip, slave.hostname from servers as master - left join servers as slave on master.id = slave.master - where master.ip = '%s' """ % ip - try: - cursor.execute(sql) - except Exception as e: - out_error(e) - else: - return cursor.fetchall() - - -def select_ssh(**kwargs): - if kwargs.get("name") is not None: - query = Cred.select().where(Cred.name == kwargs.get('name')) - elif kwargs.get("id") is not None: - query = Cred.select().where(Cred.id == kwargs.get('id')) - elif kwargs.get("serv") is not None: - query = Cred.select().join(Server, on=(Cred.id == Server.cred)).where(Server.ip == kwargs.get('serv')) - elif kwargs.get("group") is not None: - query = Cred.select().where(Cred.groups == kwargs.get("group")) - else: - query = Cred.select() - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def insert_new_ssh(name, enable, group, username, password): - if password is None: - password = 'None' - try: - Cred.insert(name=name, enable=enable, groups=group, username=username, password=password).execute() - except Exception as e: - out_error(e) - - -def delete_ssh(ssh_id): - query = Cred.delete().where(Cred.id == ssh_id) - try: - query.execute() - except Exception as e: - out_error(e) - else: - return True - - -def update_ssh(cred_id, name, enable, group, username, password): - if password is None: - password = 'None' - - cred_update = Cred.update(name=name, enable=enable, groups=group, username=username, password=password).where( - Cred.id == cred_id) - try: - cred_update.execute() - except Exception as e: - out_error(e) - - -def update_ssh_passphrase(name: str, passphrase: str): - try: - Cred.update(passphrase=passphrase).where(Cred.name == name).execute() - except Exception as e: - out_error(e) - - -def insert_backup_job(server, rserver, rpath, backup_type, time, cred, description): - try: - Backup.insert( - server=server, rhost=rserver, rpath=rpath, backup_type=backup_type, time=time, - cred=cred, description=description - ).execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def insert_s3_backup_job(server, s3_server, bucket, secret_key, access_key, time, description): - try: - S3Backup.insert( - server=server, s3_server=s3_server, bucket=bucket, secret_key=secret_key, access_key=access_key, time=time, - description=description - ).execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def select_backups(**kwargs): - if kwargs.get("server") is not None and kwargs.get("rserver") is not None: - query = Backup.select().where((Backup.server == kwargs.get("server")) & (Backup.rhost == kwargs.get("rserver"))) - else: - query = Backup.select().order_by(Backup.id) - - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_s3_backups(**kwargs): - if kwargs.get("server") is not None and kwargs.get("bucket") is not None: - query = S3Backup.select().where( - (S3Backup.server == kwargs.get("server")) & - (S3Backup.s3_server == kwargs.get("s3_server")) & - (S3Backup.bucket == kwargs.get("bucket")) - ) - else: - query = S3Backup.select().order_by(S3Backup.id) - - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def update_backup(server, rserver, rpath, backup_type, time, cred, description, backup_id): - backup_update = Backup.update( - server=server, rhost=rserver, rpath=rpath, backup_type=backup_type, time=time, - cred=cred, description=description - ).where(Backup.id == backup_id) - try: - backup_update.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def delete_backups(backup_id: int) -> bool: - query = Backup.delete().where(Backup.id == backup_id) - try: - query.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def delete_s3_backups(backup_id: int) -> bool: - query = S3Backup.delete().where(S3Backup.id == backup_id) - try: - query.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def check_exists_backup(server: str) -> bool: - try: - backup = Backup.get(Backup.server == server) - except Exception: - pass - else: - if backup.id is not None: - return True - else: - return False - - -def check_exists_s3_backup(server: str) -> bool: - try: - backup = S3Backup.get(S3Backup.server == server) - except Exception: - pass - else: - if backup.id is not None: - return True - else: - return False - - -def delete_telegram(telegram_id): - query = Telegram.delete().where(Telegram.id == telegram_id) - try: - query.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def select_telegram(**kwargs): - if kwargs.get('token'): - query = Telegram.select().where(Telegram.token == kwargs.get('token')) - elif kwargs.get('id'): - query = Telegram.select().where(Telegram.id == kwargs.get('id')) - else: - query = Telegram.select() - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def insert_new_telegram(token, channel, group): - try: - Telegram.insert(token=token, chanel_name=channel, groups=group).execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def update_telegram(token, channel, group, telegram_id): - telegram_update = Telegram.update(token=token, chanel_name=channel, groups=group).where(Telegram.id == telegram_id) - try: - telegram_update.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def delete_slack(slack_id): - query = Slack.delete().where(Slack.id == slack_id) - try: - query.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def select_slack(**kwargs): - if kwargs.get('token'): - query = Slack.select().where(Slack.token == kwargs.get('token')) - elif kwargs.get('id'): - query = Slack.select().where(Slack.id == kwargs.get('id')) - else: - query = Slack.select() - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def insert_new_slack(token, chanel, group): - try: - Slack.insert(token=token, chanel_name=chanel, groups=group).execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def update_slack(token, chanel, group, slack_id): - query_update = Slack.update(token=token, chanel_name=chanel, groups=group).where(Slack.id == slack_id) - try: - query_update.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def delete_pd(pd_id): - query = PD.delete().where(PD.id == pd_id) - try: - query.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def select_pd(**kwargs): - if kwargs.get('token'): - query = PD.select().where(PD.token == kwargs.get('token')) - elif kwargs.get('id'): - query = PD.select().where(PD.id == kwargs.get('id')) - else: - query = PD.select() - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def insert_new_pd(token, chanel, group): - try: - PD.insert(token=token, chanel_name=chanel, groups=group).execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def update_pd(token, chanel, group, pd_id): - query_update = PD.update(token=token, chanel_name=chanel, groups=group).where(PD.id == pd_id) - try: - query_update.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def insert_new_option(saved_option, group): - try: - Option.insert(options=saved_option, groups=group).execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def select_options(**kwargs): - if kwargs.get('option'): - query = Option.select().where(Option.options == kwargs.get('option')) - elif kwargs.get('group'): - query = Option.select(Option.options).where( - (Option.groups == kwargs.get('group')) & (Option.options.startswith(kwargs.get('term')))) - else: - query = Option.select() - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def update_options(option, option_id): - query_update = Option.update(options=option).where(Option.id == option_id) - try: - query_update.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def delete_option(option_id): - query = Option.delete().where(Option.id == option_id) - try: - query.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def insert_new_savedserver(server, description, group): - try: - SavedServer.insert(server=server, description=description, groups=group).execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def select_saved_servers(**kwargs): - if kwargs.get('server'): - query = SavedServer.select().where(SavedServer.server == kwargs.get('server')) - elif kwargs.get('group'): - query = SavedServer.select(SavedServer.server, SavedServer.description).where( - (SavedServer.groups == kwargs.get('group')) & (SavedServer.server.startswith(kwargs.get('term')))) - else: - query = SavedServer.select() - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def update_savedserver(server, description, saved_id): - query_update = SavedServer.update(server=server, description=description).where(SavedServer.id == saved_id) - try: - query_update.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def delete_savedserver(saved_id): - query = SavedServer.delete().where(SavedServer.id == saved_id) - try: - query.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def insert_metrics(serv, curr_con, cur_ssl_con, sess_rate, max_sess_rate): - cur_date = get_date.return_date('regular') - try: - Metrics.insert( - serv=serv, curr_con=curr_con, cur_ssl_con=cur_ssl_con, sess_rate=sess_rate, max_sess_rate=max_sess_rate, - date=cur_date - ).execute() - except Exception as e: - out_error(e) - else: - if type(conn) is not str: - if not conn.is_closed(): - conn.close() - - -def insert_metrics_http(serv, http_2xx, http_3xx, http_4xx, http_5xx): - cur_date = get_date.return_date('regular') - try: - MetricsHttpStatus.insert( - serv=serv, ok_ans=http_2xx, redir_ans=http_3xx, not_found_ans=http_4xx, err_ans=http_5xx, - date=cur_date - ).execute() - except Exception as e: - out_error(e) - else: - if type(conn) is not str: - if not conn.is_closed(): - conn.close() - - -def insert_nginx_metrics(serv, conn): - cur_date = get_date.return_date('regular') - try: - NginxMetrics.insert(serv=serv, conn=conn, date=cur_date).execute() - except Exception as e: - out_error(e) - else: - if type(conn) is not str: - if not conn.is_closed(): - conn.close() - - -def insert_apache_metrics(serv, conn): - cur_date = get_date.return_date('regular') - try: - ApacheMetrics.insert(serv=serv, conn=conn, date=cur_date).execute() - except Exception as e: - out_error(e) - else: - if type(conn) is not str: - if not conn.is_closed(): - conn.close() - - -def select_waf_metrics_enable_server(ip): - query = Waf.select(Waf.metrics).join(Server, on=(Waf.server_id == Server.server_id)).where(Server.ip == ip) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - for en in query_res: - return en.metrics - - -def select_waf_servers(serv): - query = Server.select(Server.ip).join(Waf, on=(Waf.server_id == Server.server_id)).where(Server.ip == serv) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - for en in query_res: - return en.ip - - -def select_waf_nginx_servers(serv): - query = Server.select(Server.ip).join(WafNginx, on=(WafNginx.server_id == Server.server_id)).where(Server.ip == serv) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - for en in query_res: - return en.ip - - -def insert_waf_nginx_server(server_ip): - try: - server_id = Server.get(Server.ip == server_ip).server_id - WafNginx.insert(server_id=server_id).execute() - except Exception as e: - out_error(e) - - -def select_waf_servers_metrics_for_master(): - query = Server.select(Server.ip).join( - Waf, on=(Waf.server_id == Server.server_id) - ).where((Server.enable == 1) & Waf.metrics == 1) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_waf_servers_metrics(uuid): - try: - user_group = User.get(User.username == get_user_name_by_uuid(uuid)) - except Exception as e: - out_error(e) - else: - if user_group.groups == '1': - query = Waf.select(Server.ip).join(Server, on=(Waf.server_id == Server.server_id)).where( - (Server.enable == 1) & (Waf.metrics == 1) - ) - else: - query = Waf.select(Server.ip).join(Server, on=(Waf.server_id == Server.server_id)).where( - (Server.enable == 1) & (Waf.metrics == 1) & (Server.groups == user_group.groups) - ) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def insert_waf_metrics_enable(serv, enable): - try: - server_id = Server.get(Server.ip == serv).server_id - Waf.insert(server_id=server_id, metrics=enable).execute() - except Exception as e: - out_error(e) - - -def insert_waf_rules(serv): - data_source = [ - {'serv': serv, 'rule_name': 'Ignore static', 'rule_file': 'modsecurity_crs_10_ignore_static.conf', - 'desc': 'This ruleset will skip all tests for media files, but will skip only the request body phase (phase 2) ' - 'for text files. To skip the outbound stage for text files, add file 47 (skip_outbound_checks) ' - 'to your configuration, in addition to this fileth/aws/login'}, - {'serv': serv, 'rule_name': 'Brute force protection', 'rule_file': 'modsecurity_crs_11_brute_force.conf', - 'desc': 'Anti-Automation Rule for specific Pages (Brute Force Protection) This is a rate-limiting rule set and ' - 'does not directly correlate whether the authentication attempt was successful or not'}, - {'serv': serv, 'rule_name': 'DOS Protections', 'rule_file': 'modsecurity_crs_11_dos_protection.conf', - 'desc': 'Enforce an existing IP address block and log only 1-time/minute. We do not want to get flooded by alerts ' - 'during an attack or scan so we are only triggering an alert once/minute. You can adjust how often you ' - 'want to receive status alerts by changing the expirevar setting below'}, - {'serv': serv, 'rule_name': 'XML enabler', 'rule_file': 'modsecurity_crs_13_xml_enabler.conf', - 'desc': 'The rules in this file will trigger the XML parser upon an XML request'}, - {'serv': serv, 'rule_name': 'Protocol violations', 'rule_file': 'modsecurity_crs_20_protocol_violations.conf', - 'desc': 'Some protocol violations are common in application layer attacks. Validating HTTP requests eliminates a ' - 'large number of application layer attacks. The purpose of this rules file is to enforce HTTP RFC requirements ' - 'that state how the client is supposed to interact with the server. http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html'}, - {'serv': serv, 'rule_name': 'Protocol anomalies', 'rule_file': 'modsecurity_crs_21_protocol_anomalies.conf', - 'desc': 'Some common HTTP usage patterns are indicative of attacks but may also be used by non-browsers for ' - 'legitimate uses. Do not accept requests without common headers. All normal web browsers include Host, ' - 'User-Agent and Accept headers. Implies either an attacker or a legitimate automation client'}, - {'serv': serv, 'rule_name': 'Detect CC#', 'rule_file': 'modsecurity_crs_25_cc_known.conf', - 'desc': 'Detect CC# in input, log transaction and sanitize'}, - {'serv': serv, 'rule_name': 'CC traker', 'rule_file': 'modsecurity_crs_25_cc_track_pan.conf', - 'desc': 'Credit Card Track 1 and 2 and PAN Leakage Checks'}, - {'serv': serv, 'rule_name': 'HTTP policy', 'rule_file': 'modsecurity_crs_30_http_policy.conf', - 'desc': 'HTTP policy enforcement The HTTP policy enforcement rule set sets limitations on the use of HTTP by ' - 'clients. Few applications require the breadth and depth of the HTTP protocol. On the other hand many ' - 'attacks abuse valid but rare HTTP use patterns. Restricting HTTP protocol usage is effective in ' - 'therefore effective in blocking many application layer attacks'}, - {'serv': serv, 'rule_name': 'Bad robots', 'rule_file': 'modsecurity_crs_35_bad_robots.conf', - 'desc': 'Bad robots detection is based on checking elements easily controlled by the client. As such a ' - 'determined attacked can bypass those checks. Therefore bad robots detection should not be viewed ' - 'as a security mechanism against targeted attacks but rather as a nuisance reduction, eliminating ' - 'most of the random attacks against your web site'}, - {'serv': serv, 'rule_name': 'OS Injection Attacks', 'rule_file': 'modsecurity_crs_40_generic_attacks.conf', - 'desc': 'OS Command Injection Attacks'}, - {'serv': serv, 'rule_name': 'SQL injection', 'rule_file': 'modsecurity_crs_41_sql_injection_attacks.conf', - 'desc': 'SQL injection protection'}, - {'serv': serv, 'rule_name': 'XSS Protections', 'rule_file': 'modsecurity_crs_41_xss_attacks.conf', - 'desc': 'XSS attacks protection'}, - {'serv': serv, 'rule_name': 'Comment spam', 'rule_file': 'modsecurity_crs_42_comment_spam.conf', - 'desc': 'Comment spam is an attack against blogs, guestbooks, wikis and other types of interactive web sites ' - 'that accept and display hyperlinks submitted by visitors. The spammers automatically post specially ' - 'crafted random comments which include links that point to the spammer\'s web site. The links artificially ' - 'increase the site\'s search engine ranking and may make the site more noticable in search results.'}, - {'serv': serv, 'rule_name': 'Trojans Protections', 'rule_file': 'modsecurity_crs_45_trojans.conf ', - 'desc': 'The trojan access detection rules detects access to known Trojans already installed on a server. ' - 'Uploading of Trojans is part of the Anti-Virus rules and uses external Anti Virus program when uploading ' - 'files. Detection of Trojans access is especially important in a hosting environment where the actual Trojan ' - 'upload may be done through valid methods and not through hacking'}, - {'serv': serv, 'rule_name': 'RFI Protections', 'rule_file': 'modsecurity_crs_46_slr_et_lfi_attacks.conf', - 'desc': 'Remote file inclusion is an attack targeting vulnerabilities in web applications that dynamically reference ' - 'external scripts. The perpetrator’s goal is to exploit the referencing function in an application to upload ' - 'malware (e.g., backdoor shells) from a remote URL located within a different domain'}, - {'serv': serv, 'rule_name': 'RFI Protections 2', 'rule_file': 'modsecurity_crs_46_slr_et_rfi_attacks.conf', - 'desc': 'Remote file inclusion is an attack targeting vulnerabilities in web applications that dynamically reference ' - 'external scripts. The perpetrator’s goal is to exploit the referencing function in an application to ' - 'upload malware (e.g., backdoor shells) from a remote URL located within a different domain'}, - {'serv': serv, 'rule_name': 'SQLi Protections', 'rule_file': 'modsecurity_crs_46_slr_et_sqli_attacks.conf', - 'desc': 'SQLi injection attacks protection'}, - {'serv': serv, 'rule_name': 'XSS Protections 2', 'rule_file': 'modsecurity_crs_46_slr_et_xss_attacks.conf', - 'desc': 'XSS attacks protection'}, - {'serv': serv, 'rule_name': 'Common exceptions', 'rule_file': 'modsecurity_crs_47_common_exceptions.conf', - 'desc': 'This file is used as an exception mechanism to remove common false positives that may be encountered'}, - ] - try: - WafRules.insert_many(data_source).execute() - except Exception as e: - out_error(e) - else: - return True - - -def insert_nginx_waf_rules(serv): - data_source = [ - {'serv': serv, 'rule_name': 'Initialization', 'rule_file': 'REQUEST-901-INITIALIZATION.conf', - 'desc': 'This file REQUEST-901-INITIALIZATION.conf initializes the Core Rules and performs preparatory actions. ' - 'It also fixes errors and omissions of variable definitions in the file crs-setup.conf The setup.conf' - 'can and should be edited by the user, this file. is part of the CRS installation and should not be altered.', - 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Drupal exclusion rules', 'rule_file': 'REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf', - 'desc': 'These exclusions remedy false positives in a default Drupal install. The exclusions are only active ' - 'if crs_exclusions_drupal=1 is set. See rule 900130 in crs-setup.conf for instructions.', - 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Nextcloud exclusion rules', 'rule_file': 'REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf', - 'desc': 'These exclusions remedy false positives in a default NextCloud install. They will likely work with OwnCloud ' - 'too, but you may have to modify them. The exclusions are only active if crs_exclusions_nextcloud=1 is set. ' - 'See rule 900130 in crs-setup.conf for instructions.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Dokuwiki exclusion rules', 'rule_file': 'REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf', - 'desc': 'These exclusions remedy false positives in a default Dokuwiki install. The exclusions are only active ' - 'if crs_exclusions_dokuwiki=1 is set. See rule 900130 in crs-setup.conf for instructions.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'CPanel exclusion rules', 'rule_file': 'REQUEST-903.9005-CPANEL-EXCLUSION-RULES.conf', - 'desc': 'These exclusions remedy false positives in a default CPanel install. The exclusions are only active ' - 'if crs_exclusions_cpanel=1 is set. See rule 900130 in crs-setup.conf for instructions.', - 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'XenForo exclusion rules', 'rule_file': 'REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf', - 'desc': 'These exclusions remedy false positives in a default XenForo install. The exclusions are only active ' - 'if crs_exclusions_xenforo=1 is set. See rule 900130 in crs-setup.conf for instructions.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Common exceptions', 'rule_file': 'REQUEST-905-COMMON-EXCEPTIONS.conf', - 'desc': 'This file is used as an exception mechanism to remove common false positives that may be encountered.', - 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'IP reputation', 'rule_file': 'REQUEST-910-IP-REPUTATION.conf', - 'desc': 'IP reputation rule.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Method enforcement', 'rule_file': 'REQUEST-911-METHOD-ENFORCEMENT.conf', - 'desc': 'Method enforcement rule.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'DDOS protection', 'rule_file': 'REQUEST-912-DOS-PROTECTION.conf', - 'desc': 'Anti-Automation rules to detect Denial of Service attacks.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Protocol enforcement', 'rule_file': 'REQUEST-920-PROTOCOL-ENFORCEMENT.conf', - 'desc': 'Some protocol violations are common in application layer attacks. Validating HTTP requests eliminates ' - 'a large number of application layer attacks. The purpose of this rules file is to enforce HTTP RFC ' - 'requirements that state how the client is supposed to interact with the server.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Protocol attack', 'rule_file': 'REQUEST-921-PROTOCOL-ATTACK.conf', - 'desc': 'Protocol attack rule.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Application attack LFI', 'rule_file': 'REQUEST-930-APPLICATION-ATTACK-LFI.conf', - 'desc': 'Application attack LFI rule.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Application attack RCE', 'rule_file': 'REQUEST-932-APPLICATION-ATTACK-RCE.conf', - 'desc': 'Application attack RCE rule.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Application attack PHP', 'rule_file': 'REQUEST-933-APPLICATION-ATTACK-PHP.conf', - 'desc': 'Application attack PHP rule.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Application attack NodeJS', 'rule_file': 'REQUEST-934-APPLICATION-ATTACK-NODEJS.conf', - 'desc': 'Application attack NodeJS rule.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Application attack SQLI', 'rule_file': 'REQUEST-942-APPLICATION-ATTACK-SQLI.conf', - 'desc': 'Application attack SQLI rule.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Application attack session-fixation', 'rule_file': 'REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf', - 'desc': 'Application attack session-fixation rule.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Application attack JAVA', 'rule_file': 'REQUEST-944-APPLICATION-ATTACK-JAVA.conf', - 'desc': 'Application attack JAVA rule.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Application attack blocking evaluation', 'rule_file': 'REQUEST-949-BLOCKING-EVALUATION.conf', - 'desc': 'Application attack blocking evaluation rule.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Data leakages', 'rule_file': 'RESPONSE-950-DATA-LEAKAGES.conf', - 'desc': 'The paranoia level skip rules 950020, 950021 and 950022 have odd numbers not in sync with other paranoia ' - 'level skip rules in other. files. This is done to avoid rule id collisions with CRSv2. This is also true ' - 'for rule 950130.', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Data leakages SQL', 'rule_file': 'RESPONSE-951-DATA-LEAKAGES-SQL.conf', - 'desc': 'Data leakages SQL rule', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Data leakages JAVA', 'rule_file': 'RESPONSE-952-DATA-LEAKAGES-JAVA.conf', - 'desc': 'Data leakages JAVA rule', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Data leakages PHP', 'rule_file': 'RESPONSE-953-DATA-LEAKAGES-PHP.conf', - 'desc': 'Data leakages PHP rule', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Data leakages IIS', 'rule_file': 'RESPONSE-954-DATA-LEAKAGES-IIS.conf', - 'desc': 'Data leakages IIS rule', 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Blocking evaluation', 'rule_file': 'RESPONSE-959-BLOCKING-EVALUATION.conf', - 'desc': 'You should set the score to the proper threshold you would prefer. If kept at "@gt 0" it will work ' - 'similarly to previous Mod CRS rules and will create an event in the error_log file if there are any ' - 'rules that match. If you would like to lessen the number of events generated in the error_log file, ' - 'you should increase the anomaly score threshold to something like "@gt 20". This would only generate ' - 'an event in the error_log file if there are multiple lower severity rule matches or if any 1 higher ' - 'severity item matches. You should also set the desired disruptive action (deny, redirect, etc...).', - 'service': 'nginx'}, - {'serv': serv, 'rule_name': 'Correlation', 'rule_file': 'RESPONSE-980-CORRELATION.conf', - 'desc': 'This file is used in post processing after the response has been sent to the client (in the logging phase). ' - 'Its purpose is to provide inbound+outbound correlation of events to provide a more intelligent designation ' - 'as to the outcome or result of the transaction - meaning, was this a successful attack?', - 'service': 'nginx'}, - ] - try: - WafRules.insert_many(data_source).execute() - except Exception as e: - out_error(e) - else: - return True - - -def select_waf_rules(serv, service): - query = WafRules.select(WafRules.id, WafRules.rule_name, WafRules.en, WafRules.desc).where( - (WafRules.serv == serv) - & (WafRules.service == service) - ) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def delete_waf_rules(serv): - query = WafRules.delete().where(WafRules.serv == serv) - try: - query.execute() - except Exception as e: - out_error(e) - - -def select_waf_rule_by_id(rule_id): - try: - query = WafRules.get(WafRules.id == rule_id) - except Exception as e: - out_error(e) - else: - return query.rule_file - - -def update_enable_waf_rules(rule_id, serv, en): - query = WafRules.update(en=en).where((WafRules.id == rule_id) & (WafRules.serv == serv)) - try: - query.execute() - except Exception as e: - out_error(e) - - -def insert_new_waf_rule(rule_name: str, rule_file: str, rule_description: str, service: str, serv: str) -> int: - try: - last_id = WafRules.insert( - serv=serv, - rule_name=rule_name, - rule_file=rule_file, - desc=rule_description, - service=service - ).execute() - except Exception as e: - out_error(e) - else: - return last_id - - -def delete_waf_server(server_id): - query = Waf.delete().where(Waf.server_id == server_id) - try: - query.execute() - except Exception as e: - out_error(e) - - -def insert_waf_metrics(serv, conn): - cur_date = get_date.return_date('regular') - try: - WafMetrics.insert(serv=serv, conn=conn, date=cur_date).execute() - except Exception as e: - out_error(e) - finally: - if type(conn) is not str: - if not conn.is_closed(): - conn.close() - - -def delete_waf_metrics(): - cur_date = get_date.return_date('regular', timedelta_minus=3) - query = WafMetrics.delete().where(WafMetrics.date < cur_date) - try: - query.execute() - except Exception as e: - out_error(e) - finally: - if type(conn) is not str: - if not conn.is_closed(): - conn.close() - - -def update_waf_metrics_enable(name, enable): - server_id = 0 - try: - server_id = Server.get(Server.hostname == name).server_id - except Exception as e: - out_error(e) - - try: - Waf.update(metrics=enable).where(Waf.server_id == server_id).execute() - except Exception as e: - out_error(e) - else: - return 'ok' - - -def delete_metrics(): - cur_date = get_date.return_date('regular', timedelta_minus=3) - query = Metrics.delete().where(Metrics.date < cur_date) - try: - query.execute() - except Exception as e: - out_error(e) - finally: - if type(conn) is not str: - if not conn.is_closed(): - conn.close() - - -def delete_http_metrics(): - cur_date = get_date.return_date('regular', timedelta_minus=3) - query = MetricsHttpStatus.delete().where(MetricsHttpStatus.date < cur_date) - try: - query.execute() - except Exception as e: - out_error(e) - finally: - if type(conn) is not str: - if not conn.is_closed(): - conn.close() - - -def delete_nginx_metrics(): - cur_date = get_date.return_date('regular', timedelta_minus=3) - query = NginxMetrics.delete().where(NginxMetrics.date < cur_date) - try: - query.execute() - except Exception as e: - out_error(e) - finally: - if type(conn) is not str: - if not conn.is_closed(): - conn.close() - - -def delete_apache_metrics(): - cur_date = get_date.return_date('regular', timedelta_minus=3) - query = ApacheMetrics.delete().where(ApacheMetrics.date < cur_date) - try: - query.execute() - except Exception as e: - out_error(e) - finally: - if type(conn) is not str: - if not conn.is_closed(): - conn.close() - - -def select_metrics(serv, service, **kwargs): - cursor = conn.cursor() - - if service in ('nginx', 'apache', 'waf'): - metrics_table = '{}_metrics'.format(service) - elif service == 'http_metrics': - metrics_table = 'metrics_http_status' - else: - metrics_table = 'metrics' - - if mysql_enable == '1': - if kwargs.get('time_range') == '60': - date_from = "and date > now() - INTERVAL 60 minute group by `date` div 100" - elif kwargs.get('time_range') == '180': - date_from = "and date > now() - INTERVAL 180 minute group by `date` div 200" - elif kwargs.get('time_range') == '360': - date_from = "and date > now() - INTERVAL 360 minute group by `date` div 300" - elif kwargs.get('time_range') == '720': - date_from = "and date > now() - INTERVAL 720 minute group by `date` div 500" - else: - date_from = "and date > now() - INTERVAL 30 minute" - sql = """ select * from {metrics_table} where serv = '{serv}' {date_from} order by `date` asc """.format( - metrics_table=metrics_table, serv=serv, date_from=date_from - ) - else: - if kwargs.get('time_range') == '60': - date_from = "and date > datetime('now', '-60 minutes', 'localtime') and rowid % 2 = 0" - elif kwargs.get('time_range') == '180': - date_from = "and date > datetime('now', '-180 minutes', 'localtime') and rowid % 5 = 0" - elif kwargs.get('time_range') == '360': - date_from = "and date > datetime('now', '-360 minutes', 'localtime') and rowid % 7 = 0" - elif kwargs.get('time_range') == '720': - date_from = "and date > datetime('now', '-720 minutes', 'localtime') and rowid % 9 = 0" - else: - date_from = "and date > datetime('now', '-30 minutes', 'localtime')" - - sql = """ select * from (select * from {metrics_table} where serv = '{serv}' {date_from} order by `date`) order by `date` """.format( - metrics_table=metrics_table, serv=serv, date_from=date_from) - - try: - cursor.execute(sql) - except Exception as e: - out_error(e) - else: - return cursor.fetchall() - - -def select_servers_metrics_for_master(**kwargs): - if kwargs.get('group') != 1: - query = Server.select(Server.ip).where( - ((Server.metrics == 1) | (Server.nginx_metrics == 1) | (Server.apache_metrics == 1)) - & (Server.groups == kwargs.get('group')) - ) - else: - query = Server.select(Server.ip).where( - (Server.metrics == 1) - | (Server.nginx_metrics == 1) - | (Server.apache_metrics == 1) - ) - - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_haproxy_servers_metrics_for_master(): - query = Server.select(Server.ip).where(Server.metrics == 1) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_nginx_servers_metrics_for_master(): - query = Server.select(Server.ip).where((Server.nginx_metrics == 1) & (Server.nginx == 1)) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_apache_servers_metrics_for_master(): - query = Server.select(Server.ip).where( - (Server.apache_metrics == 1) - & (Server.apache == 1) - ) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_servers_metrics(group_id): - if group_id == 1: - query = Server.select(Server.ip).where((Server.enable == 1) & (Server.metrics == 1)) - else: - query = Server.select(Server.ip).where( - (Server.enable == 1) & (Server.groups == group_id) & (Server.metrics == 1)) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_table_metrics(group_id): - cursor = conn.cursor() - - if group_id == 1: - groups = "" - else: - groups = "and servers.groups = '{group}' ".format(group=group_id) - if mysql_enable == '1': - sql = """ - select ip.ip, hostname, avg_sess_1h, avg_sess_24h, avg_sess_3d, max_sess_1h, max_sess_24h, max_sess_3d, - avg_cur_1h, avg_cur_24h, avg_cur_3d, max_con_1h, max_con_24h, max_con_3d from - (select servers.ip from servers where metrics = 1 ) as ip, - - (select servers.ip, servers.hostname as hostname from servers left join metrics as metr on servers.ip = metr.serv where servers.metrics = 1 %s) as hostname, - - (select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_1h from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(), INTERVAL -1 HOUR) - group by servers.ip) as avg_sess_1h, - - (select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_24h from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR) - group by servers.ip) as avg_sess_24h, - - (select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_3d from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(), INTERVAL -3 DAY) - group by servers.ip ) as avg_sess_3d, - - (select servers.ip,max(metr.sess_rate) as max_sess_1h from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -1 HOUR) - group by servers.ip) as max_sess_1h, - - (select servers.ip,max(metr.sess_rate) as max_sess_24h from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR) - group by servers.ip) as max_sess_24h, - - (select servers.ip,max(metr.sess_rate) as max_sess_3d from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -3 DAY) - group by servers.ip ) as max_sess_3d, - - (select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_1h from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -1 HOUR) - group by servers.ip) as avg_cur_1h, - - (select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_24h from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR) - group by servers.ip) as avg_cur_24h, - - (select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_3d from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -3 DAY) - group by servers.ip ) as avg_cur_3d, - - (select servers.ip,max(metr.curr_con) as max_con_1h from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -1 HOUR) - group by servers.ip) as max_con_1h, - - (select servers.ip,max(metr.curr_con) as max_con_24h from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR) - group by servers.ip) as max_con_24h, - - (select servers.ip,max(metr.curr_con) as max_con_3d from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -3 DAY) - group by servers.ip ) as max_con_3d - - where ip.ip=hostname.ip - and ip.ip=avg_sess_1h.ip - and ip.ip=avg_sess_24h.ip - and ip.ip=avg_sess_3d.ip - and ip.ip=max_sess_1h.ip - and ip.ip=max_sess_24h.ip - and ip.ip=max_sess_3d.ip - and ip.ip=avg_cur_1h.ip - and ip.ip=avg_cur_24h.ip - and ip.ip=avg_cur_3d.ip - and ip.ip=max_con_1h.ip - and ip.ip=max_con_24h.ip - and ip.ip=max_con_3d.ip - - group by hostname.ip """ % groups - else: - sql = """ - select ip.ip, hostname, avg_sess_1h, avg_sess_24h, avg_sess_3d, max_sess_1h, max_sess_24h, max_sess_3d, avg_cur_1h, - avg_cur_24h, avg_cur_3d, max_con_1h, max_con_24h, max_con_3d from - (select servers.ip from servers where metrics = 1 ) as ip, - - (select servers.ip, servers.hostname as hostname from servers left join metrics as metr on servers.ip = metr.serv where servers.metrics = 1 %s) as hostname, - - (select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_1h from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime') - group by servers.ip) as avg_sess_1h, - - (select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_24h from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime') - group by servers.ip) as avg_sess_24h, - - (select servers.ip,round(avg(metr.sess_rate), 1) as avg_sess_3d from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime') - group by servers.ip ) as avg_sess_3d, - - (select servers.ip,max(metr.sess_rate) as max_sess_1h from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime') - group by servers.ip) as max_sess_1h, - - (select servers.ip,max(metr.sess_rate) as max_sess_24h from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime') - group by servers.ip) as max_sess_24h, - - (select servers.ip,max(metr.sess_rate) as max_sess_3d from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime') - group by servers.ip ) as max_sess_3d, - - (select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_1h from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime') - group by servers.ip) as avg_cur_1h, - - (select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_24h from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime') - group by servers.ip) as avg_cur_24h, - - (select servers.ip,round(avg(metr.curr_con+metr.cur_ssl_con), 1) as avg_cur_3d from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime') - group by servers.ip ) as avg_cur_3d, - - (select servers.ip,max(metr.curr_con) as max_con_1h from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime') - group by servers.ip) as max_con_1h, - - (select servers.ip,max(metr.curr_con) as max_con_24h from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime') - group by servers.ip) as max_con_24h, - - (select servers.ip,max(metr.curr_con) as max_con_3d from servers - left join metrics as metr on metr.serv = servers.ip - where servers.metrics = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime') - group by servers.ip ) as max_con_3d - - where ip.ip=hostname.ip - and ip.ip=avg_sess_1h.ip - and ip.ip=avg_sess_24h.ip - and ip.ip=avg_sess_3d.ip - and ip.ip=max_sess_1h.ip - and ip.ip=max_sess_24h.ip - and ip.ip=max_sess_3d.ip - and ip.ip=avg_cur_1h.ip - and ip.ip=avg_cur_24h.ip - and ip.ip=avg_cur_3d.ip - and ip.ip=max_con_1h.ip - and ip.ip=max_con_24h.ip - and ip.ip=max_con_3d.ip - - group by hostname.ip """ % groups - - try: - cursor.execute(sql) - except Exception as e: - out_error(e) - else: - return cursor.fetchall() - - -def select_service_table_metrics(service: str, group_id: int): - cursor = conn.cursor() - - if service in ('nginx', 'apache'): - metrics_table = f'{service}_metrics' - - if group_id == 1: - groups = "" - else: - groups = f"and servers.groups = '{group_id}' " - - if mysql_enable == '1': - sql = """ - select ip.ip, hostname, avg_cur_1h, avg_cur_24h, avg_cur_3d, max_con_1h, max_con_24h, max_con_3d from - (select servers.ip from servers where {metrics} = 1 ) as ip, - - (select servers.ip, servers.hostname as hostname from servers left join {metrics} as metr on servers.ip = metr.serv where servers.{metrics} = 1 {groups}) as hostname, - - (select servers.ip,round(avg(metr.conn), 1) as avg_cur_1h from servers - left join {metrics} as metr on metr.serv = servers.ip - where servers.{metrics} = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -1 HOUR) - group by servers.ip) as avg_cur_1h, - - (select servers.ip,round(avg(metr.conn), 1) as avg_cur_24h from servers - left join {metrics} as metr on metr.serv = servers.ip - where servers.{metrics} = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR) - group by servers.ip) as avg_cur_24h, - - (select servers.ip,round(avg(metr.conn), 1) as avg_cur_3d from servers - left join {metrics} as metr on metr.serv = servers.ip - where servers.{metrics} = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -3 DAY) - group by servers.ip ) as avg_cur_3d, - - (select servers.ip,max(metr.conn) as max_con_1h from servers - left join {metrics} as metr on metr.serv = servers.ip - where servers.{metrics} = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -1 HOUR) - group by servers.ip) as max_con_1h, - - (select servers.ip,max(metr.conn) as max_con_24h from servers - left join {metrics} as metr on metr.serv = servers.ip - where servers.{metrics} = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -24 HOUR) - group by servers.ip) as max_con_24h, - - (select servers.ip,max(metr.conn) as max_con_3d from servers - left join {metrics} as metr on metr.serv = servers.ip - where servers.{metrics} = 1 and - metr.date <= now() and metr.date >= DATE_ADD(NOW(),INTERVAL -3 DAY) - group by servers.ip ) as max_con_3d - - where ip.ip=hostname.ip - and ip.ip=avg_cur_1h.ip - and ip.ip=avg_cur_24h.ip - and ip.ip=avg_cur_3d.ip - and ip.ip=max_con_1h.ip - and ip.ip=max_con_24h.ip - and ip.ip=max_con_3d.ip - - group by hostname.ip """.format(metrics=metrics_table, groups=groups) - else: - sql = """ - select ip.ip, hostname, avg_cur_1h, avg_cur_24h, avg_cur_3d, max_con_1h, max_con_24h, max_con_3d from - (select servers.ip from servers where {metrics} = 1 ) as ip, - - (select servers.ip, servers.hostname as hostname from servers left join {metrics} as metr on servers.ip = metr.serv where servers.{metrics} = 1 {groups}) as hostname, - - (select servers.ip,round(avg(metr.conn), 1) as avg_cur_1h from servers - left join {metrics} as metr on metr.serv = servers.ip - where servers.{metrics} = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime') - group by servers.ip) as avg_cur_1h, - - (select servers.ip,round(avg(metr.conn), 1) as avg_cur_24h from servers - left join {metrics} as metr on metr.serv = servers.ip - where servers.{metrics} = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime') - group by servers.ip) as avg_cur_24h, - - (select servers.ip,round(avg(metr.conn), 1) as avg_cur_3d from servers - left join {metrics} as metr on metr.serv = servers.ip - where servers.{metrics} = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime') - group by servers.ip ) as avg_cur_3d, - - (select servers.ip,max(metr.conn) as max_con_1h from servers - left join {metrics} as metr on metr.serv = servers.ip - where servers.{metrics} = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-1 hours', 'localtime') - group by servers.ip) as max_con_1h, - - (select servers.ip,max(metr.conn) as max_con_24h from servers - left join {metrics} as metr on metr.serv = servers.ip - where servers.{metrics} = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-24 hours', 'localtime') - group by servers.ip) as max_con_24h, - - (select servers.ip,max(metr.conn) as max_con_3d from servers - left join {metrics} as metr on metr.serv = servers.ip - where servers.{metrics} = 1 and - metr.date <= datetime('now', 'localtime') and metr.date >= datetime('now', '-3 days', 'localtime') - group by servers.ip ) as max_con_3d - - where ip.ip=hostname.ip - and ip.ip=avg_cur_1h.ip - and ip.ip=avg_cur_24h.ip - and ip.ip=avg_cur_3d.ip - and ip.ip=max_con_1h.ip - and ip.ip=max_con_24h.ip - and ip.ip=max_con_3d.ip - - group by hostname.ip """.format(metrics=metrics_table, groups=groups) - - try: - cursor.execute(sql) - except Exception as e: - out_error(e) - else: - return cursor.fetchall() - - def update_setting(param: str, val: str, user_group: int) -> bool: query = Setting.update(value=val).where((Setting.param == param) & (Setting.group == user_group)) try: @@ -2259,15 +53,6 @@ def update_setting(param: str, val: str, user_group: int) -> bool: return False -def get_ver(): - try: - ver = Version.get() - except Exception as e: - out_error(e) - else: - return ver.version - - def select_roles(): query = Role.select() try: @@ -2278,323 +63,6 @@ def select_roles(): return query_res -def select_alert(**kwargs): - if kwargs.get("group") is not None: - query = Server.select(Server.ip).where( - (Server.alert == 1) & (Server.enable == 1) & (Server.groups == kwargs.get('group')) - ) - else: - query = Server.select(Server.ip).where((Server.alert == 1) & (Server.enable == 1)) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_all_alerts(**kwargs): - if kwargs.get("group") is not None: - query = Server.select(Server.ip).where( - ((Server.alert == 1) | (Server.nginx_alert == 1)) & (Server.enable == 1) & (Server.groups == kwargs.get('group')) - ) - else: - query = Server.select(Server.ip).where(((Server.alert == 1) | (Server.nginx_alert == 1)) & (Server.enable == 1)) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_nginx_alert(**kwargs): - if kwargs.get("group") is not None: - query = Server.select(Server.ip).where( - (Server.nginx_alert == 1) - & (Server.enable == 1) - & (Server.groups == kwargs.get('group')) - & (Server.nginx == 1) - ) - else: - query = Server.select(Server.ip).where( - (Server.nginx_alert == 1) - & (Server.enable == 1) - & (Server.nginx == 1) - ) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_apache_alert(**kwargs): - if kwargs.get("group") is not None: - query = Server.select(Server.ip).where( - (Server.apache_alert == 1) - & (Server.enable == 1) - & (Server.groups == kwargs.get('group')) - & (Server.apache == 1) - ) - else: - query = Server.select(Server.ip).where((Server.apache_alert == 1) & (Server.enable == 1) & (Server.apache == 1)) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_keepalived_alert(**kwargs): - if kwargs.get("group") is not None: - query = Server.select(Server.ip).where( - (Server.keepalived_alert == 1) - & (Server.enable == 1) - & (Server.groups == kwargs.get('group')) - & (Server.keepalived == 1) - ) - else: - query = Server.select(Server.ip).where( - (Server.keepalived_alert == 1) - & (Server.enable == 1) - & (Server.keepalived == 1) - ) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_keep_alive(): - query = Server.select(Server.ip, Server.groups, Server.server_id).where(Server.active == 1) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_nginx_keep_alive(): - query = Server.select(Server.ip, Server.groups, Server.server_id).where(Server.nginx_active == 1) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_apache_keep_alive(): - query = Server.select(Server.ip, Server.groups, Server.server_id).where(Server.apache_active == 1) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_keepalived_keep_alive(): - query = Server.select(Server.ip, Server.port, Server.groups, Server.server_id).where(Server.keepalived_active == 1) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_keepalived(serv): - try: - keepalived = Server.get(Server.ip == serv).keepalived - except Exception as e: - out_error(e) - else: - return keepalived - - -def select_update_keep_alive_restart(server_id: int, service: str) -> int: - try: - restarted = KeepaliveRestart.get( - (KeepaliveRestart.server_id == server_id) & - (KeepaliveRestart.service == service) - ).restarted - except Exception as e: - out_error(e) - else: - return restarted or 0 - - -def update_keep_alive_restart(server_id: int, service: str, restarted: int) -> None: - query = KeepaliveRestart.insert(server_id=server_id, service=service, restarted=restarted).on_conflict('replace') - try: - query.execute() - except Exception as e: - out_error(e) - - -def update_keepalived(serv): - query = Server.update(keepalived='1').where(Server.ip == serv) - try: - query.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def select_apache(serv): - try: - apache = Server.get(Server.ip == serv).apache - except Exception as e: - out_error(e) - else: - return apache - - -def update_apache(serv: str) -> bool: - query = Server.update(apache='1').where(Server.ip == serv) - try: - query.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def select_nginx(serv): - try: - query_res = Server.get(Server.ip == serv).nginx - except Exception as e: - out_error(e) - else: - return query_res - - -def update_nginx(serv: str) -> bool: - query = Server.update(nginx=1).where(Server.ip == serv) - try: - query.execute() - return True - except Exception as e: - out_error(e) - return False - - -def select_haproxy(serv): - try: - query_res = Server.get(Server.ip == serv).haproxy - except Exception as e: - out_error(e) - else: - return query_res - - -def update_haproxy(serv): - query = Server.update(haproxy=1).where(Server.ip == serv) - try: - query.execute() - return True - except Exception as e: - out_error(e) - return False - - -def update_firewall(serv): - query = Server.update(firewall_enable=1).where(Server.ip == serv) - try: - query.execute() - return True - except Exception as e: - out_error(e) - return False - - -def update_server_pos(pos, server_id) -> str: - query = Server.update(pos=pos).where(Server.server_id == server_id) - try: - query.execute() - return 'ok' - except Exception as e: - out_error(e) - return 'not_ok' - - -def alerts_history(service, user_group, **kwargs): - cursor = conn.cursor() - and_host = '' - - if kwargs.get('host'): - and_host = "and ip = '{}'".format(kwargs.get('host')) - - if user_group == 1: - sql_user_group = "" - else: - sql_user_group = "and user_group = '{}'".format(user_group) - - sql = ( - f"select message, level, ip, port, date " - f"from alerts " - f"where service = '{service}' {sql_user_group} {and_host} " - f"order by date desc; " - ) - try: - cursor.execute(sql) - except Exception as e: - out_error(e) - else: - return cursor.fetchall() - - -def insert_alerts(user_group, level, ip, port, message, service): - cur_date = get_date.return_date('regular') - try: - Alerts.insert( - user_group=user_group, message=message, level=level, ip=ip, port=port, service=service, - date=cur_date - ).execute() - return True - except Exception as e: - out_error(e) - return False - finally: - if type(conn) is not str: - if not conn.is_closed(): - conn.close() - - -def select_all_alerts_for_all(): - cursor = conn.cursor() - if mysql_enable == '1': - sql = """ select level, message, `date`, user_group from alerts where `date` <= (now()+ INTERVAL 10 second) """ - else: - sql = """ select level, message, `date`, user_group from alerts where `date` >= datetime('now', '-10 second', 'localtime') - and `date` <= datetime('now', 'localtime') ; """ - try: - cursor.execute(sql) - except Exception as e: - out_error(e) - else: - return cursor.fetchall() - - -def return_firewall(serv): - try: - query_res = Server.get(Server.ip == serv).firewall_enable - except Exception: - return False - else: - return True if query_res == 1 else False - - def select_geoip_country_codes(): query = GeoipCodes.select() try: @@ -2603,1122 +71,3 @@ def select_geoip_country_codes(): out_error(e) else: return query_res - - -def insert_port_scanner_settings(server_id, user_group_id, enabled, notify, history): - try: - PortScannerSettings.insert( - server_id=server_id, user_group_id=user_group_id, enabled=enabled, notify=notify, history=history - ).execute() - return True - except Exception: - return False - - -def update_port_scanner_settings(server_id, user_group_id, enabled, notify, history): - query = PortScannerSettings.update( - user_group_id=user_group_id, enabled=enabled, notify=notify, history=history - ).where(PortScannerSettings.server_id == server_id) - try: - query.execute() - except Exception as e: - out_error(e) - - -def select_port_scanner_settings(user_group): - if user_group != 1: - query = PortScannerSettings.select().where(PortScannerSettings.user_group_id == str(user_group)) - else: - query = PortScannerSettings.select() - - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_port_scanner_settings_for_service(): - query = PortScannerSettings.select() - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def delete_port_scanner_settings(server_id): - query = PortScannerSettings.delete().where(PortScannerSettings.server_id == server_id) - try: - query.execute() - except Exception as e: - out_error(e) - - -def insert_port_scanner_port(serv, user_group_id, port, service_name): - cur_date = get_date.return_date('regular') - try: - PortScannerPorts.insert( - serv=serv, port=port, user_group_id=user_group_id, service_name=service_name, - date=cur_date - ).execute() - except Exception as e: - out_error(e) - - -def select_ports(serv): - cursor = conn.cursor() - sql = """select port from port_scanner_ports where serv = '%s' """ % serv - - try: - cursor.execute(sql) - except Exception as e: - out_error(e) - else: - return cursor.fetchall() - - -def select_port_name(serv, port): - query = PortScannerPorts.select(PortScannerPorts.service_name).where( - (PortScannerPorts.serv == serv) & (PortScannerPorts.port == port)) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - for port in query_res: - return port.service_name - - -def select_count_opened_ports(serv): - query = PortScannerPorts.select( - PortScannerPorts.date, fn.Count(PortScannerPorts.port).alias('count') - ).where(PortScannerPorts.serv == serv) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - port = list() - for ports in query_res: - port.append([ports.count, ports.date]) - return port - - -def delete_ports(serv): - query = PortScannerPorts.delete().where(PortScannerPorts.serv == serv) - try: - query.execute() - except Exception as e: - out_error(e) - - -def insert_port_scanner_history(serv, port, port_status, service_name): - cur_date = get_date.return_date('regular') - try: - PortScannerHistory.insert( - serv=serv, port=port, status=port_status, service_name=service_name, date=cur_date - ).execute() - except Exception as e: - out_error(e) - - -def delete_alert_history(keep_interval: int, service: str): - cur_date = get_date.return_date('regular', timedelta_minus=keep_interval) - query = Alerts.delete().where( - (Alerts.date < cur_date) & (Alerts.service == service) - ) - try: - query.execute() - except Exception as e: - out_error(e) - - -def delete_smon_history(): - cur_date = get_date.return_date('regular', timedelta_minus=1) - query = SmonHistory.delete().where(SmonHistory.date < cur_date) - try: - query.execute() - except Exception as e: - out_error(e) - - -def delete_portscanner_history(keep_interval: int): - cur_date = get_date.return_date('regular', timedelta_minus=keep_interval) - query = PortScannerHistory.delete().where( - PortScannerHistory.date < cur_date) - try: - query.execute() - except Exception as e: - out_error(e) - - -def select_port_scanner_history(serv): - query = PortScannerHistory.select().where(PortScannerHistory.serv == serv) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def is_serv_protected(serv): - try: - query_res = Server.get(Server.ip == serv) - except Exception: - return "" - else: - return True if query_res.protected else False - - -def select_user_services(user_id): - try: - query_res = User.get(User.user_id == user_id).user_services - except Exception as e: - out_error(e) - return "" - else: - return query_res - - -def update_user_services(services, user_id): - try: - User.update(user_services=services).where(User.user_id == user_id).execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def insert_or_update_service_setting(server_id, service, setting, value): - try: - ServiceSetting.insert(server_id=server_id, service=service, setting=setting, value=value).on_conflict( - 'replace').execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def select_service_settings(server_id: int, service: str) -> str: - query = ServiceSetting.select().where((ServiceSetting.server_id == server_id) & (ServiceSetting.service == service)) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_docker_service_settings(server_id: int, service: str) -> str: - query = ServiceSetting.select().where( - (ServiceSetting.server_id == server_id) - & (ServiceSetting.service == service) - & (ServiceSetting.setting == 'dockerized') - ) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_docker_services_settings(service: str) -> str: - query = ServiceSetting.select().where( - (ServiceSetting.service == service) - & (ServiceSetting.setting == 'dockerized') - ) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_restart_service_settings(server_id: int, service: str) -> str: - query = ServiceSetting.select().where( - (ServiceSetting.server_id == server_id) - & (ServiceSetting.service == service) - & (ServiceSetting.setting == 'restart') - ) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_restart_services_settings(service: str) -> str: - query = ServiceSetting.select().where( - (ServiceSetting.service == service) - & (ServiceSetting.setting == 'restart') - ) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_service_setting(server_id: int, service: str, setting: str) -> str: - try: - result = ServiceSetting.get( - (ServiceSetting.server_id == server_id) - & (ServiceSetting.service == service) - & (ServiceSetting.setting == setting) - ).value - except Exception: - return '0' - else: - return result - - -def delete_service_settings(server_id: int): - query = ServiceSetting.delete().where(ServiceSetting.server_id == server_id) - try: - query.execute() - except Exception as e: - out_error(e) - - -def insert_action_history(service: str, action: str, server_id: int, user_id: int, user_ip: str, server_ip: str, hostname: str): - cur_date = get_date.return_date('regular') - try: - ActionHistory.insert( - service=service, - action=action, - server_id=server_id, - user_id=user_id, - ip=user_ip, - date=cur_date, - server_ip=server_ip, - hostname=hostname - ).execute() - except Exception as e: - out_error(e) - - -def delete_action_history(server_id: int): - query = ActionHistory.delete().where(ActionHistory.server_id == server_id) - try: - query.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def delete_action_history_for_period(): - time_period = get_setting('action_keep_history_range') - cur_date = get_date.return_date('regular', timedelta_minus=time_period) - query = ActionHistory.delete().where(ActionHistory.date < cur_date) - try: - query.execute() - except Exception as e: - out_error(e) - finally: - if type(conn) is not str: - if not conn.is_closed(): - conn.close() - - -def select_action_history_by_server_id(server_id: int): - query = ActionHistory.select().where(ActionHistory.server_id == server_id) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_action_history_by_user_id(user_id: int): - query = ActionHistory.select().where(ActionHistory.user_id == user_id) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_action_history_by_server_id_and_service(server_id: int, service: str): - query = ActionHistory.select().where( - (ActionHistory.server_id == server_id) - & (ActionHistory.service == service) - ) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def insert_config_version(server_id: int, user_id: int, service: str, local_path: str, remote_path: str, diff: str): - cur_date = get_date.return_date('regular') - try: - ConfigVersion.insert( - server_id=server_id, - user_id=user_id, - service=service, - local_path=local_path, - remote_path=remote_path, - diff=diff, - date=cur_date - ).execute() - except Exception as e: - out_error(e) - - -def select_config_version(server_ip: str, service: str) -> str: - server_id = select_server_id_by_ip(server_ip) - query = ConfigVersion.select().where( - (ConfigVersion.server_id == server_id) - & (ConfigVersion.service == service) - ) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def delete_config_version(service: str, local_path: str): - query_res = ConfigVersion.delete().where( - (ConfigVersion.service == service) - & (ConfigVersion.local_path == local_path) - ) - try: - query_res.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def select_remote_path_from_version(server_ip: str, service: str, local_path: str): - server_id = select_server_id_by_ip(server_ip) - try: - query_res = ConfigVersion.get( - (ConfigVersion.server_id == server_id) - & (ConfigVersion.service == service) - & (ConfigVersion.local_path == local_path) - ).remote_path - except Exception as e: - out_error(e) - else: - return query_res - - -def insert_system_info( - server_id: int, os_info: str, sys_info: dict, cpu: dict, ram: dict, network: dict, disks: dict -): - try: - SystemInfo.insert( - server_id=server_id, os_info=os_info, sys_info=sys_info, cpu=cpu, ram=ram, network=network, disks=disks - ).on_conflict('replace').execute() - except Exception as e: - out_error(e) - - -def delete_system_info(server_id: int): - query = SystemInfo.delete().where(SystemInfo.server_id == server_id) - try: - query.execute() - except Exception as e: - out_error(e) - - -def select_one_system_info(server_id: int): - query = SystemInfo.select().where(SystemInfo.server_id == server_id) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - return - else: - return query_res - - -def is_system_info(server_id): - try: - query_res = SystemInfo.get(SystemInfo.server_id == server_id).server_id - except Exception: - return True - else: - if query_res: - return True - else: - return False - - -def select_os_info(server_id): - try: - query_res = SystemInfo.get(SystemInfo.server_id == server_id).os_info - except Exception as e: - out_error(e) - return - else: - return query_res - - -def select_services(): - query = Services.select() - try: - query_res = query.execute() - except Exception as e: - out_error(e) - return - else: - return query_res - - -def select_service_name_by_id(service_id: int) -> str: - try: - service = Services.get(Services.service_id == service_id).service - except Exception as e: - return out_error(e) - else: - return service - - -def select_service_id_by_slug(service_slug: str) -> int: - try: - service = Services.get(Services.slug == service_slug).service_id - except Exception as e: - return out_error(e) - else: - return service - - -def insert_user_name(user_name): - try: - UserName.insert(UserName=user_name).execute() - except Exception as e: - out_error(e) - - -def select_user_name(): - try: - query_res = UserName.get().UserName - except Exception: - return False - else: - return query_res - - -def get_super_admin_count() -> int: - query = UserGroups.select(UserGroups.user_id, UserGroups.user_role_id).distinct().where(UserGroups.user_role_id == 1).group_by(UserGroups.user_id) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - try: - return len(list(query_res)) - except Exception as e: - raise Exception(f'error: {e}') - - -def update_user_name(user_name): - user_update = UserName.update(UserName=user_name) - try: - user_update.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def update_user_status(status, plan, method): - user_update = UserName.update(Status=status, Method=method, Plan=plan) - try: - user_update.execute() - except Exception: - return False - else: - return True - - -def select_user_status(): - try: - query_res = UserName.get().Status - except Exception: - return False - else: - return query_res - -# -# def check_user_status(): -# try: -# UserName.get().Status -# except Exception as e: -# raise Exception(str(e)) -# else: -# return True - - -def select_user_plan(): - try: - query_res = UserName.get().Plan - except Exception: - return False - else: - return query_res - - -def select_user_all(): - try: - query_res = UserName.select() - except Exception: - return False - else: - return query_res - - -def insert_new_git(server_id, service_id, repo, branch, period, cred, description): - try: - GitSetting.insert( - server_id=server_id, service_id=service_id, repo=repo, branch=branch, period=period, - cred_id=cred, description=description - ).execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def select_gits(**kwargs): - if kwargs.get("server_id") is not None and kwargs.get("service_id") is not None: - query = GitSetting.select().where( - (GitSetting.server_id == kwargs.get("server_id")) & (GitSetting.service_id == kwargs.get("service_id"))) - else: - query = GitSetting.select().order_by(GitSetting.id) - - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - return query_res - - -def delete_git(git_id): - query = GitSetting.delete().where(GitSetting.id == git_id) - try: - query.execute() - except Exception as e: - out_error(e) - return False - else: - return True - - -def select_users_emails_by_group_id(group_id: int): - query = User.select(User.email).where((User.groups == group_id) & (User.role != 'guest')) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - return - else: - return query_res - - -def select_user_email_by_uuid(uuid: str) -> str: - user_id = get_user_id_by_uuid(uuid) - try: - query_res = User.get(User.user_id == user_id).email - except Exception as e: - out_error(e) - return "" - else: - return query_res - - -def select_checker_settings(service_id: int): - query = CheckerSetting.select().where(CheckerSetting.service_id == service_id) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - return - else: - return query_res - - -def select_checker_settings_for_server(service_id: int, server_id: int): - query = CheckerSetting.select().where( - (CheckerSetting.service_id == service_id) - & (CheckerSetting.server_id == server_id) - ) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - return - else: - return query_res - - -def insert_new_checker_setting_for_server(server_ip: str) -> None: - server_id = () - try: - server_id = Server.get(Server.ip == server_ip).server_id - except Exception as e: - out_error(e) - - for service_id in range(1, 5): - CheckerSetting.insert( - server_id=server_id, service_id=service_id - ).on_conflict_ignore().execute() - - -def update_haproxy_checker_settings( - email: int, telegram_id: int, slack_id: int, pd_id: int, service_alert: int, backend_alert: int, - maxconn_alert: int, setting_id: int -) -> bool: - settings_update = CheckerSetting.update( - email=email, telegram_id=telegram_id, slack_id=slack_id, pd_id=pd_id, service_alert=service_alert, - backend_alert=backend_alert, maxconn_alert=maxconn_alert - ).where(CheckerSetting.id == setting_id) - try: - settings_update.execute() - except Exception: - return False - else: - return True - - -def update_keepalived_checker_settings( - email: int, telegram_id: int, slack_id: int, pd_id: int, service_alert: int, backend_alert: int, - setting_id: int -) -> bool: - settings_update = CheckerSetting.update( - email=email, telegram_id=telegram_id, slack_id=slack_id, pd_id=pd_id, - service_alert=service_alert, backend_alert=backend_alert - ).where(CheckerSetting.id == setting_id) - try: - settings_update.execute() - except Exception: - return False - else: - return True - - -def update_service_checker_settings( - email: int, telegram_id: int, slack_id: int, pd_id: int, service_alert: int, setting_id: int -) -> bool: - settings_update = CheckerSetting.update( - email=email, telegram_id=telegram_id, slack_id=slack_id, pd_id=pd_id, service_alert=service_alert - ).where(CheckerSetting.id == setting_id) - try: - settings_update.execute() - except Exception: - return False - else: - return True - - -def select_service(slug: str) -> object: - try: - query_res = Services.get(Services.slug == slug) - except Exception as e: - out_error(e) - return 'there is no service' - else: - return query_res - - -def select_count_services(service: str) -> int: - try: - if service == 'haproxy': - query_res = Server.select().where(Server.haproxy == 1).count() - elif service == 'nginx': - query_res = Server.select().where(Server.nginx == 1).count() - elif service == 'keepalived': - query_res = Server.select().where(Server.keepalived == 1).count() - elif service == 'apache': - query_res = Server.select().where(Server.apache == 1).count() - else: - query_res = Server.select().where().count() - except Exception as e: - out_error(e) - else: - return query_res - - -def select_checker_service_status(server_id: int, service_id: int, service_check: str) -> int: - try: - service_check_status = ServiceStatus.get( - (ServiceStatus.server_id == server_id) - & (ServiceStatus.service_id == service_id) - & (ServiceStatus.service_check == service_check) - ).status - except Exception as e: - return out_error(e) - else: - return service_check_status - - -def select_checker_services_status() -> tuple: - try: - services_check_status = ServiceStatus.select().execute() - except Exception as e: - return out_error(e) - else: - return services_check_status - - -def inset_or_update_service_status(server_id: int, service_id: int, service_check: str, status: int) -> None: - query = ServiceStatus.insert( - server_id=server_id, service_id=service_id, service_check=service_check, status=status - ).on_conflict('replace') - try: - query.execute() - except Exception as e: - out_error(e) - - -def update_user_role(user_id: int, group_id: int, role_id: int) -> None: - try: - UserGroups.insert(user_id=user_id, user_group_id=group_id, user_role_id=role_id).on_conflict('replace').execute() - except Exception as e: - out_error(e) - - -def get_role_id(user_id: int, group_id: int) -> int: - try: - role_id = UserGroups.get((UserGroups.user_id == user_id) & (UserGroups.user_group_id == group_id)) - except Exception as e: - out_error(e) - else: - return int(role_id.user_role_id) - - -def is_user_super_admin(user_id: int) -> bool: - query = UserGroups.select().where(UserGroups.user_id == user_id) - try: - query_res = query.execute() - except Exception as e: - out_error(e) - else: - for i in query_res: - if i.user_role_id == 1: - return True - else: - return False - - -def get_roxy_tools(): - query = RoxyTool.select() - try: - query_res = query.where(RoxyTool.is_roxy == 1).execute() - except Exception as e: - out_error(e) - else: - tools = [] - for tool in query_res: - tools.append(tool.name) - return tools - - -def get_all_tools(): - try: - query_res = RoxyTool.select().execute() - except Exception as e: - out_error(e) - else: - tools = {} - for tool in query_res: - tools.setdefault(tool.name, {'current_version': tool.current_version, 'new_version': tool.new_version, 'desc': tool.desc}) - - return tools - - -def update_tool_cur_version(tool_name: str, version: str): - try: - RoxyTool.update(current_version=version).where(RoxyTool.name == tool_name).execute() - except Exception as e: - out_error(e) - - -def update_tool_new_version(tool_name: str, version: str): - try: - RoxyTool.update(new_version=version).where(RoxyTool.name == tool_name).execute() - except Exception as e: - out_error(e) - - -def get_tool_cur_version(tool_name: str): - try: - query = RoxyTool.get(RoxyTool.name == tool_name).current_version - except Exception as e: - out_error(e) - else: - return query - - -def select_clusters(group_id: int): - try: - return HaCluster.select().where(HaCluster.group_id == group_id).execute() - except Exception as e: - out_error(e) - - -def create_cluster(name: str, syn_flood: int, group_id: int, desc: str) -> int: - try: - last_id = HaCluster.insert( - name=name, syn_flood=syn_flood, group_id=group_id, desc=desc - ).execute() - return last_id - except Exception as e: - out_error(e) - - -def select_cluster(cluster_id: int): - try: - return HaCluster.select().where(HaCluster.id == cluster_id).execute() - except Exception as e: - out_error(e) - - -def select_cluster_name(cluster_id: int) -> str: - try: - return HaCluster.get(HaCluster.id == cluster_id).name - except Exception as e: - out_error(e) - - -def select_clusters_virts(): - try: - return HaClusterVirt.select().execute() - except Exception as e: - out_error(e) - - -def select_cluster_vips(cluster_id: int) -> object: - try: - return HaClusterVip.select().where(HaClusterVip.cluster_id == cluster_id).execute() - except Exception as e: - out_error(e) - - -def select_clusters_vip(cluster_id: int, router_id: int): - try: - return HaClusterVip.get((HaClusterVip.cluster_id == cluster_id) & (HaClusterVip.router_id == router_id)).vip - except Exception as e: - out_error(e) - - -def select_clusters_vip_return_master(cluster_id: int, router_id: int): - try: - return HaClusterVip.get((HaClusterVip.cluster_id == cluster_id) & (HaClusterVip.router_id == router_id)).return_master - except Exception as e: - out_error(e) - - -def select_clusters_vip_id(cluster_id: int, router_id): - try: - return HaClusterVip.get((HaClusterVip.cluster_id == cluster_id) & (HaClusterVip.router_id == router_id)).id - except Exception as e: - out_error(e) - - -def select_cluster_services(cluster_id: int): - try: - return HaClusterService.select().where(HaClusterService.cluster_id == cluster_id).execute() - except Exception as e: - out_error(e) - - -def delete_cluster_services(cluster_id: int): - try: - return HaClusterService.delete().where(HaClusterService.cluster_id == cluster_id).execute() - except Exception as e: - out_error(e) - - -def insert_cluster_services(cluster_id: int, service_id: int): - try: - return HaClusterService.insert(cluster_id=cluster_id, service_id=service_id).execute() - except Exception as e: - out_error(e) - - -def select_cluster_master_slaves(cluster_id: int, group_id: int, router_id: int): - cursor = conn.cursor() - sql = f"select * from servers left join ha_cluster_slaves on (servers.id = ha_cluster_slaves.server_id) " \ - f"where servers.groups = {group_id} and ha_cluster_slaves.cluster_id = {cluster_id} and ha_cluster_slaves.router_id = {router_id};" - try: - cursor.execute(sql) - except Exception as e: - out_error(e) - else: - return cursor.fetchall() - - -def select_cluster_slaves(cluster_id: int, router_id: int): - cursor = conn.cursor() - sql = f"select * from servers left join ha_cluster_slaves on (servers.id = ha_cluster_slaves.server_id) " \ - f"where ha_cluster_slaves.cluster_id = {cluster_id} and ha_cluster_slaves.router_id = {router_id};" - try: - cursor.execute(sql) - except Exception as e: - out_error(e) - else: - return cursor.fetchall() - - -def select_cluster_slaves_for_inv(router_id: int): - try: - return HaClusterSlave.select().where(HaClusterSlave.router_id == router_id).execute() - except Exception as e: - out_error(e) - - -def delete_ha_cluster_delete_slave(server_id: int) -> None: - try: - HaClusterSlave.delete().where(HaClusterSlave.server_id == server_id).execute() - except Exception as e: - out_error(e) - - -def delete_master_from_slave(server_id: int) -> None: - try: - Server.update(master=0).where(Server.server_id == server_id).execute() - except Exception as e: - out_error(e) - - -def select_ha_cluster_not_masters_not_slaves(group_id: int): - """ - Method for selecting HA clusters excluding masters and slaves. - - :param group_id: The ID of the group. - :return: The query result. - """ - try: - query = Server.select().where( - (Server.type_ip == 0) & - (Server.server_id.not_in(HaClusterSlave.select(HaClusterSlave.server_id))) & - (Server.groups == group_id) - ) - return query.execute() - except Exception as e: - out_error(e) - - -def get_router_id(cluster_id: int, default_router=0) -> int: - """ - :param cluster_id: The ID of the cluster to get the router ID from. - :param default_router: The default router ID to retrieve. Default value is 0. - :return: The ID of the router associated with the given cluster ID and default router ID. - - """ - try: - return HaClusterRouter.get((HaClusterRouter.cluster_id == cluster_id) & (HaClusterRouter.default == default_router)).id - except Exception as e: - out_error(e) - - -def create_ha_router(cluster_id: int) -> int: - """ - Create HA Router - - This method is used to create a HA (High Availability) router for a given cluster. - - :param cluster_id: The ID of the cluster for which the HA router needs to be created. - :return: The ID of the created HA router. - :rtype: int - - :raises Exception: If an error occurs while creating the HA router. - - """ - try: - last_id = HaClusterRouter.insert(cluster_id=cluster_id).execute() - return last_id - except Exception as e: - out_error(e) - - -def delete_ha_router(router_id: int) -> int: - try: - last_id = HaClusterRouter.delete().where(HaClusterRouter.id == router_id).execute() - return last_id - except Exception as e: - out_error(e) - - -def insert_or_update_slave(cluster_id: int, server_id: int, eth: str, master: int, router_id) -> None: - try: - HaClusterSlave.insert(cluster_id=cluster_id, server_id=server_id, eth=eth, master=master, router_id=router_id).on_conflict('replace').execute() - except Exception as e: - out_error(e) - - -def update_slave(cluster_id: int, server_id: int, eth: str, master: int, router_id) -> None: - try: - HaClusterSlave.update( - cluster_id=cluster_id, server_id=server_id, eth=eth, master=master, router_id=router_id - ).where((HaClusterSlave.server_id == server_id) & (HaClusterSlave.router_id == router_id)).execute() - except Exception as e: - out_error(e) - - -def update_cluster(cluster_id: int, name: str, desc: str, syn_flood: int) -> None: - try: - HaCluster.update(name=name, desc=desc, syn_flood=syn_flood).where(HaCluster.id == cluster_id).execute() - except Exception as e: - out_error(e) - - -def update_ha_cluster_vip(cluster_id: int, router_id: int, vip: str, return_master: int) -> None: - try: - HaClusterVip.update(vip=vip, return_master=return_master).where((HaClusterVip.cluster_id == cluster_id) & (HaClusterVip.router_id == router_id)).execute() - except Exception as e: - out_error(e) - - -def update_ha_virt_ip(vip_id: int, vip: str) -> None: - try: - Server.update(ip=vip).where(Server.server_id == HaClusterVirt.get(HaClusterVirt.vip_id == vip_id).virt_id).execute() - except Exception as e: - out_error(e) - - -def delete_ha_virt(vip_id: int) -> None: - try: - Server.delete().where(Server.server_id == HaClusterVirt.get(HaClusterVirt.vip_id == vip_id).virt_id).execute() - except Exception: - pass - - -def check_ha_virt(vip_id: int) -> bool: - try: - HaClusterVirt.get(HaClusterVirt.vip_id == vip_id).virt_id - except Exception: - return False - return True - - -def select_ha_cluster_name_and_slaves() -> object: - try: - return HaCluster.select(HaCluster.id, HaCluster.name, HaClusterSlave.server_id).join(HaClusterSlave).execute() - except Exception as e: - out_error(e) diff --git a/app/modules/db/user.py b/app/modules/db/user.py new file mode 100644 index 00000000..644392bb --- /dev/null +++ b/app/modules/db/user.py @@ -0,0 +1,431 @@ +from peewee import Case, JOIN + +from app.modules.db.db_model import User, UserGroups, Groups, UUID, Token, ApiToken +from app.modules.db.sql import get_setting +from app.modules.db.common import out_error +import app.modules.roxy_wi_tools as roxy_wi_tools + + +def add_user(user, email, password, role, activeuser, group): + if password != 'aduser': + try: + hashed_pass = roxy_wi_tools.Tools.get_hash(password) + last_id = User.insert( + username=user, email=email, password=hashed_pass, role=role, activeuser=activeuser, groups=group + ).execute() + except Exception as e: + out_error(e) + else: + return last_id + else: + try: + last_id = User.insert( + username=user, email=email, role=role, ldap_user=1, activeuser=activeuser, groups=group + ).execute() + except Exception as e: + out_error(e) + else: + return last_id + + +def update_user(user, email, role, user_id, active_user): + try: + User.update(username=user, email=email, role=role, activeuser=active_user).where(User.user_id == user_id).execute() + except Exception as e: + out_error(e) + + +def update_user_from_admin_area(user, email, user_id, active_user): + try: + User.update(username=user, email=email, activeuser=active_user).where(User.user_id == user_id).execute() + except Exception as e: + out_error(e) + + +def delete_user_groups(user_id): + group_for_delete = UserGroups.delete().where(UserGroups.user_id == user_id) + try: + group_for_delete.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def update_user_current_groups(groups, user_uuid): + user_id = get_user_id_by_uuid(user_uuid) + try: + user_update = User.update(groups=groups).where(User.user_id == user_id) + user_update.execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def update_user_current_groups_by_id(groups, user_id): + try: + user_update = User.update(groups=groups).where(User.user_id == user_id) + user_update.execute() + except Exception as e: + out_error(e) + + +def update_user_password(password, user_id): + try: + hashed_pass = roxy_wi_tools.Tools.get_hash(password) + user_update = User.update(password=hashed_pass).where(User.user_id == user_id) + user_update.execute() + except Exception as e: + out_error(e) + + +def delete_user(user_id): + try: + user_for_delete = User.delete().where(User.user_id == user_id) + user_for_delete.execute() + delete_user_groups(user_id) + except Exception as e: + out_error(e) + return False + else: + return True + + +def update_user_role(user_id: int, group_id: int, role_id: int) -> None: + try: + UserGroups.insert(user_id=user_id, user_group_id=group_id, user_role_id=role_id).on_conflict('replace').execute() + except Exception as e: + out_error(e) + + +def select_users(**kwargs): + if kwargs.get("user") is not None: + query = User.select().where(User.username == kwargs.get("user")) + elif kwargs.get("id") is not None: + query = User.select().where(User.user_id == kwargs.get("id")) + elif kwargs.get("group") is not None: + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) + cur_date = get_date.return_date('regular', timedelta_minutes_minus=15) + query = (User.select( + User, UserGroups, Case( + 0, [((User.last_login_date >= cur_date), 0)], 1 + ).alias('last_login') + ).join(UserGroups, on=(User.user_id == UserGroups.user_id)).where( + UserGroups.user_group_id == kwargs.get("group") + )) + elif kwargs.get('by_group_id'): + query = User.select().where(User.groups == kwargs.get("by_group_id")) + else: + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) + cur_date = get_date.return_date('regular', timedelta_minutes_minus=15) + query = User.select(User, Case(0, [( + (User.last_login_date >= cur_date), 0)], 1).alias('last_login')).order_by(User.user_id) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def is_user_active(user_id: int) -> int: + try: + query = User.get(User.user_id == user_id).activeuser + except Exception as e: + out_error(e) + else: + return int(query) + + +def check_user_group(user_id, group_id): + try: + query_res = UserGroups.get((UserGroups.user_id == user_id) & (UserGroups.user_group_id == group_id)) + except Exception: + return False + else: + if query_res.user_id != '': + return True + else: + return False + + +def select_user_groups_with_names(user_id, **kwargs): + if kwargs.get("all") is not None: + query = (UserGroups.select( + UserGroups.user_group_id, UserGroups.user_id, Groups.name, Groups.description + ).join(Groups, on=(UserGroups.user_group_id == Groups.group_id))) + elif kwargs.get("user_not_in_group") is not None: + query = (Groups.select( + Groups.group_id, Groups.name + ).join(UserGroups, on=( + (UserGroups.user_group_id == Groups.group_id) & + (UserGroups.user_id == user_id) + ), join_type=JOIN.LEFT_OUTER).group_by(Groups.name).where(UserGroups.user_id.is_null(True))) + else: + query = (UserGroups.select( + UserGroups.user_group_id, UserGroups.user_role_id, Groups.name, Groups.group_id + ).join(Groups, on=(UserGroups.user_group_id == Groups.group_id)).where(UserGroups.user_id == user_id)) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_user_roles_by_group(group_id: int): + try: + query_res = UserGroups.select().where(UserGroups.user_group_id == group_id).execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def update_last_act_user(uuid: str, token: str, ip: str) -> None: + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) + session_ttl = get_setting('session_ttl') + token_ttl = get_setting('token_ttl') + cur_date_session = get_date.return_date('regular', timedelta=session_ttl) + cur_date_token = get_date.return_date('regular', timedelta=token_ttl) + cur_date = get_date.return_date('regular') + user_id = get_user_id_by_uuid(uuid) + query = UUID.update(exp=cur_date_session).where(UUID.uuid == uuid) + query1 = Token.update(exp=cur_date_token).where(Token.token == token) + query2 = User.update(last_login_date=cur_date, last_login_ip=ip).where(User.user_id == user_id) + try: + query.execute() + query1.execute() + query2.execute() + except Exception as e: + out_error(e) + + +def get_user_name_by_uuid(uuid): + try: + query = User.select(User.username).join(UUID, on=(User.user_id == UUID.user_id)).where(UUID.uuid == uuid) + query_res = query.execute() + except Exception as e: + out_error(e) + else: + for user in query_res: + return user.username + + +def get_user_id_by_uuid(uuid): + try: + query = User.select(User.user_id).join(UUID, on=(User.user_id == UUID.user_id)).where(UUID.uuid == uuid) + query_res = query.execute() + except Exception as e: + out_error(e) + else: + for user in query_res: + return user.user_id + + +def get_user_id_by_username(username: str): + try: + query = User.get(User.username == username).user_id + except Exception as e: + out_error(e) + else: + return query + + +def get_user_role_by_uuid(uuid, group_id): + query = ( + UserGroups.select(UserGroups.user_role_id).join(UUID, on=(UserGroups.user_id == UUID.user_id) + ).where( + (UUID.uuid == uuid) & + (UserGroups.user_group_id == group_id) + ) + ) + + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + for user_id in query_res: + return int(user_id.user_role_id) + + +def write_user_uuid(login, user_uuid): + session_ttl = get_setting('session_ttl') + user_id = get_user_id_by_username(login) + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) + cur_date = get_date.return_date('regular', timedelta=session_ttl) + + try: + UUID.insert(user_id=user_id, uuid=user_uuid, exp=cur_date).execute() + except Exception as e: + out_error(e) + + +def write_user_token(login, user_token): + token_ttl = get_setting('token_ttl') + user_id = get_user_id_by_username(login) + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) + cur_date = get_date.return_date('regular', timedelta=token_ttl) + + try: + Token.insert(user_id=user_id, token=user_token, exp=cur_date).execute() + except Exception as e: + out_error(e) + + +def select_user_services(user_id): + try: + query_res = User.get(User.user_id == user_id).user_services + except Exception as e: + out_error(e) + else: + return query_res + + +def update_user_services(services, user_id): + try: + User.update(user_services=services).where(User.user_id == user_id).execute() + except Exception as e: + out_error(e) + return False + else: + return True + + +def get_super_admin_count() -> int: + query = UserGroups.select(UserGroups.user_id, UserGroups.user_role_id).distinct().where(UserGroups.user_role_id == 1).group_by(UserGroups.user_id) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + try: + return len(list(query_res)) + except Exception as e: + raise Exception(f'error: {e}') + + +def select_users_emails_by_group_id(group_id: int): + query = User.select(User.email).where((User.groups == group_id) & (User.role != 'guest')) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + return + else: + return query_res + + +def select_user_email_by_uuid(uuid: str) -> str: + user_id = get_user_id_by_uuid(uuid) + try: + query_res = User.get(User.user_id == user_id).email + except Exception as e: + out_error(e) + return "" + else: + return query_res + + +def is_user_super_admin(user_id: int) -> bool: + query = UserGroups.select().where(UserGroups.user_id == user_id) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + for i in query_res: + if i.user_role_id == 1: + return True + else: + return False + + +def get_api_token(token): + try: + user_token = ApiToken.get(ApiToken.token == token) + except Exception as e: + return str(e) + else: + return True if token == user_token.token else False + + +def get_user_id_by_api_token(token): + query = (User.select(User.user_id).join(ApiToken, on=( + ApiToken.user_name == User.username + )).where(ApiToken.token == token)) + try: + query_res = query.execute() + except Exception as e: + return str(e) + for i in query_res: + return i.user_id + + +def write_api_token(user_token, group_id, user_role, user_name): + token_ttl = int(get_setting('token_ttl')) + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) + cur_date = get_date.return_date('regular', timedelta=token_ttl) + cur_date_token_ttl = get_date.return_date('regular', timedelta=token_ttl) + + try: + ApiToken.insert( + token=user_token, user_name=user_name, user_group_id=group_id, user_role=user_role, + create_date=cur_date, expire_date=cur_date_token_ttl).execute() + except Exception as e: + out_error(e) + + +def get_username_group_id_from_api_token(token): + try: + user_name = ApiToken.get(ApiToken.token == token) + except Exception as e: + return str(e) + else: + return user_name.user_name, user_name.user_group_id, user_name.user_role + + +def get_token(uuid): + query = Token.select().join(UUID, on=(Token.user_id == UUID.user_id)).where(UUID.uuid == uuid).limit(1) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + try: + for i in query_res: + return i.token + except Exception: + return '' + + +def delete_old_uuid(): + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) + cur_date = get_date.return_date('regular') + query = UUID.delete().where((UUID.exp < cur_date) | (UUID.exp.is_null(True))) + query1 = Token.delete().where((Token.exp < cur_date) | (Token.exp.is_null(True))) + try: + query.execute() + query1.execute() + except Exception as e: + out_error(e) + + +def get_role_id(user_id: int, group_id: int) -> int: + try: + role_id = UserGroups.get((UserGroups.user_id == user_id) & (UserGroups.user_group_id == group_id)) + except Exception as e: + out_error(e) + else: + return int(role_id.user_role_id) + + +def get_user_id(user_id: int) -> int: + try: + return User.get(User.user_id == user_id) + except Exception as e: + out_error(e) diff --git a/app/modules/db/waf.py b/app/modules/db/waf.py new file mode 100644 index 00000000..a2c23239 --- /dev/null +++ b/app/modules/db/waf.py @@ -0,0 +1,322 @@ +from app.modules.db.db_model import Waf, WafNginx, WafRules, Server +from app.modules.db.common import out_error + + +def select_waf_metrics_enable_server(ip): + query = Waf.select(Waf.metrics).join(Server, on=(Waf.server_id == Server.server_id)).where(Server.ip == ip) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + for en in query_res: + return en.metrics + + +def select_waf_servers(serv): + query = Server.select(Server.ip).join(Waf, on=(Waf.server_id == Server.server_id)).where(Server.ip == serv) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + for en in query_res: + return en.ip + + +def select_waf_nginx_servers(serv): + query = Server.select(Server.ip).join(WafNginx, on=(WafNginx.server_id == Server.server_id)).where(Server.ip == serv) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + for en in query_res: + return en.ip + + +def insert_waf_nginx_server(server_ip): + try: + server_id = Server.get(Server.ip == server_ip).server_id + WafNginx.insert(server_id=server_id).execute() + except Exception as e: + out_error(e) + + +def select_waf_servers_metrics_for_master(): + query = Server.select(Server.ip).join( + Waf, on=(Waf.server_id == Server.server_id) + ).where((Server.enable == 1) & Waf.metrics == 1) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def select_waf_servers_metrics(group_id): + if group_id == '1': + query = Waf.select(Server.ip).join(Server, on=(Waf.server_id == Server.server_id)).where( + (Server.enable == 1) & (Waf.metrics == 1) + ) + else: + query = Waf.select(Server.ip).join(Server, on=(Waf.server_id == Server.server_id)).where( + (Server.enable == 1) & (Waf.metrics == 1) & (Server.groups == group_id) + ) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def insert_waf_metrics_enable(serv, enable): + try: + server_id = Server.get(Server.ip == serv).server_id + Waf.insert(server_id=server_id, metrics=enable).execute() + except Exception as e: + out_error(e) + + +def insert_waf_rules(serv): + data_source = [ + {'serv': serv, 'rule_name': 'Ignore static', 'rule_file': 'modsecurity_crs_10_ignore_static.conf', + 'desc': 'This ruleset will skip all tests for media files, but will skip only the request body phase (phase 2) ' + 'for text files. To skip the outbound stage for text files, add file 47 (skip_outbound_checks) ' + 'to your configuration, in addition to this fileth/aws/login'}, + {'serv': serv, 'rule_name': 'Brute force protection', 'rule_file': 'modsecurity_crs_11_brute_force.conf', + 'desc': 'Anti-Automation Rule for specific Pages (Brute Force Protection) This is a rate-limiting rule set and ' + 'does not directly correlate whether the authentication attempt was successful or not'}, + {'serv': serv, 'rule_name': 'DOS Protections', 'rule_file': 'modsecurity_crs_11_dos_protection.conf', + 'desc': 'Enforce an existing IP address block and log only 1-time/minute. We do not want to get flooded by alerts ' + 'during an attack or scan so we are only triggering an alert once/minute. You can adjust how often you ' + 'want to receive status alerts by changing the expirevar setting below'}, + {'serv': serv, 'rule_name': 'XML enabler', 'rule_file': 'modsecurity_crs_13_xml_enabler.conf', + 'desc': 'The rules in this file will trigger the XML parser upon an XML request'}, + {'serv': serv, 'rule_name': 'Protocol violations', 'rule_file': 'modsecurity_crs_20_protocol_violations.conf', + 'desc': 'Some protocol violations are common in application layer attacks. Validating HTTP requests eliminates a ' + 'large number of application layer attacks. The purpose of this rules file is to enforce HTTP RFC requirements ' + 'that state how the client is supposed to interact with the server. http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html'}, + {'serv': serv, 'rule_name': 'Protocol anomalies', 'rule_file': 'modsecurity_crs_21_protocol_anomalies.conf', + 'desc': 'Some common HTTP usage patterns are indicative of attacks but may also be used by non-browsers for ' + 'legitimate uses. Do not accept requests without common headers. All normal web browsers include Host, ' + 'User-Agent and Accept headers. Implies either an attacker or a legitimate automation client'}, + {'serv': serv, 'rule_name': 'Detect CC#', 'rule_file': 'modsecurity_crs_25_cc_known.conf', + 'desc': 'Detect CC# in input, log transaction and sanitize'}, + {'serv': serv, 'rule_name': 'CC traker', 'rule_file': 'modsecurity_crs_25_cc_track_pan.conf', + 'desc': 'Credit Card Track 1 and 2 and PAN Leakage Checks'}, + {'serv': serv, 'rule_name': 'HTTP policy', 'rule_file': 'modsecurity_crs_30_http_policy.conf', + 'desc': 'HTTP policy enforcement The HTTP policy enforcement rule set sets limitations on the use of HTTP by ' + 'clients. Few applications require the breadth and depth of the HTTP protocol. On the other hand many ' + 'attacks abuse valid but rare HTTP use patterns. Restricting HTTP protocol usage is effective in ' + 'therefore effective in blocking many application layer attacks'}, + {'serv': serv, 'rule_name': 'Bad robots', 'rule_file': 'modsecurity_crs_35_bad_robots.conf', + 'desc': 'Bad robots detection is based on checking elements easily controlled by the client. As such a ' + 'determined attacked can bypass those checks. Therefore bad robots detection should not be viewed ' + 'as a security mechanism against targeted attacks but rather as a nuisance reduction, eliminating ' + 'most of the random attacks against your web site'}, + {'serv': serv, 'rule_name': 'OS Injection Attacks', 'rule_file': 'modsecurity_crs_40_generic_attacks.conf', + 'desc': 'OS Command Injection Attacks'}, + {'serv': serv, 'rule_name': 'SQL injection', 'rule_file': 'modsecurity_crs_41_sql_injection_attacks.conf', + 'desc': 'SQL injection protection'}, + {'serv': serv, 'rule_name': 'XSS Protections', 'rule_file': 'modsecurity_crs_41_xss_attacks.conf', + 'desc': 'XSS attacks protection'}, + {'serv': serv, 'rule_name': 'Comment spam', 'rule_file': 'modsecurity_crs_42_comment_spam.conf', + 'desc': 'Comment spam is an attack against blogs, guestbooks, wikis and other types of interactive web sites ' + 'that accept and display hyperlinks submitted by visitors. The spammers automatically post specially ' + 'crafted random comments which include links that point to the spammer\'s web site. The links artificially ' + 'increase the site\'s search engine ranking and may make the site more noticable in search results.'}, + {'serv': serv, 'rule_name': 'Trojans Protections', 'rule_file': 'modsecurity_crs_45_trojans.conf ', + 'desc': 'The trojan access detection rules detects access to known Trojans already installed on a server. ' + 'Uploading of Trojans is part of the Anti-Virus rules and uses external Anti Virus program when uploading ' + 'files. Detection of Trojans access is especially important in a hosting environment where the actual Trojan ' + 'upload may be done through valid methods and not through hacking'}, + {'serv': serv, 'rule_name': 'RFI Protections', 'rule_file': 'modsecurity_crs_46_slr_et_lfi_attacks.conf', + 'desc': 'Remote file inclusion is an attack targeting vulnerabilities in web applications that dynamically reference ' + 'external scripts. The perpetrator’s goal is to exploit the referencing function in an application to upload ' + 'malware (e.g., backdoor shells) from a remote URL located within a different domain'}, + {'serv': serv, 'rule_name': 'RFI Protections 2', 'rule_file': 'modsecurity_crs_46_slr_et_rfi_attacks.conf', + 'desc': 'Remote file inclusion is an attack targeting vulnerabilities in web applications that dynamically reference ' + 'external scripts. The perpetrator’s goal is to exploit the referencing function in an application to ' + 'upload malware (e.g., backdoor shells) from a remote URL located within a different domain'}, + {'serv': serv, 'rule_name': 'SQLi Protections', 'rule_file': 'modsecurity_crs_46_slr_et_sqli_attacks.conf', + 'desc': 'SQLi injection attacks protection'}, + {'serv': serv, 'rule_name': 'XSS Protections 2', 'rule_file': 'modsecurity_crs_46_slr_et_xss_attacks.conf', + 'desc': 'XSS attacks protection'}, + {'serv': serv, 'rule_name': 'Common exceptions', 'rule_file': 'modsecurity_crs_47_common_exceptions.conf', + 'desc': 'This file is used as an exception mechanism to remove common false positives that may be encountered'}, + ] + try: + WafRules.insert_many(data_source).execute() + except Exception as e: + out_error(e) + else: + return True + + +def insert_nginx_waf_rules(serv): + data_source = [ + {'serv': serv, 'rule_name': 'Initialization', 'rule_file': 'REQUEST-901-INITIALIZATION.conf', + 'desc': 'This file REQUEST-901-INITIALIZATION.conf initializes the Core Rules and performs preparatory actions. ' + 'It also fixes errors and omissions of variable definitions in the file crs-setup.conf The setup.conf' + 'can and should be edited by the user, this file. is part of the CRS installation and should not be altered.', + 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Drupal exclusion rules', 'rule_file': 'REQUEST-903.9001-DRUPAL-EXCLUSION-RULES.conf', + 'desc': 'These exclusions remedy false positives in a default Drupal install. The exclusions are only active ' + 'if crs_exclusions_drupal=1 is set. See rule 900130 in crs-setup.conf for instructions.', + 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Nextcloud exclusion rules', 'rule_file': 'REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES.conf', + 'desc': 'These exclusions remedy false positives in a default NextCloud install. They will likely work with OwnCloud ' + 'too, but you may have to modify them. The exclusions are only active if crs_exclusions_nextcloud=1 is set. ' + 'See rule 900130 in crs-setup.conf for instructions.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Dokuwiki exclusion rules', 'rule_file': 'REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES.conf', + 'desc': 'These exclusions remedy false positives in a default Dokuwiki install. The exclusions are only active ' + 'if crs_exclusions_dokuwiki=1 is set. See rule 900130 in crs-setup.conf for instructions.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'CPanel exclusion rules', 'rule_file': 'REQUEST-903.9005-CPANEL-EXCLUSION-RULES.conf', + 'desc': 'These exclusions remedy false positives in a default CPanel install. The exclusions are only active ' + 'if crs_exclusions_cpanel=1 is set. See rule 900130 in crs-setup.conf for instructions.', + 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'XenForo exclusion rules', 'rule_file': 'REQUEST-903.9006-XENFORO-EXCLUSION-RULES.conf', + 'desc': 'These exclusions remedy false positives in a default XenForo install. The exclusions are only active ' + 'if crs_exclusions_xenforo=1 is set. See rule 900130 in crs-setup.conf for instructions.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Common exceptions', 'rule_file': 'REQUEST-905-COMMON-EXCEPTIONS.conf', + 'desc': 'This file is used as an exception mechanism to remove common false positives that may be encountered.', + 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'IP reputation', 'rule_file': 'REQUEST-910-IP-REPUTATION.conf', + 'desc': 'IP reputation rule.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Method enforcement', 'rule_file': 'REQUEST-911-METHOD-ENFORCEMENT.conf', + 'desc': 'Method enforcement rule.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'DDOS protection', 'rule_file': 'REQUEST-912-DOS-PROTECTION.conf', + 'desc': 'Anti-Automation rules to detect Denial of Service attacks.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Protocol enforcement', 'rule_file': 'REQUEST-920-PROTOCOL-ENFORCEMENT.conf', + 'desc': 'Some protocol violations are common in application layer attacks. Validating HTTP requests eliminates ' + 'a large number of application layer attacks. The purpose of this rules file is to enforce HTTP RFC ' + 'requirements that state how the client is supposed to interact with the server.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Protocol attack', 'rule_file': 'REQUEST-921-PROTOCOL-ATTACK.conf', + 'desc': 'Protocol attack rule.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Application attack LFI', 'rule_file': 'REQUEST-930-APPLICATION-ATTACK-LFI.conf', + 'desc': 'Application attack LFI rule.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Application attack RCE', 'rule_file': 'REQUEST-932-APPLICATION-ATTACK-RCE.conf', + 'desc': 'Application attack RCE rule.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Application attack PHP', 'rule_file': 'REQUEST-933-APPLICATION-ATTACK-PHP.conf', + 'desc': 'Application attack PHP rule.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Application attack NodeJS', 'rule_file': 'REQUEST-934-APPLICATION-ATTACK-NODEJS.conf', + 'desc': 'Application attack NodeJS rule.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Application attack SQLI', 'rule_file': 'REQUEST-942-APPLICATION-ATTACK-SQLI.conf', + 'desc': 'Application attack SQLI rule.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Application attack session-fixation', 'rule_file': 'REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION.conf', + 'desc': 'Application attack session-fixation rule.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Application attack JAVA', 'rule_file': 'REQUEST-944-APPLICATION-ATTACK-JAVA.conf', + 'desc': 'Application attack JAVA rule.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Application attack blocking evaluation', 'rule_file': 'REQUEST-949-BLOCKING-EVALUATION.conf', + 'desc': 'Application attack blocking evaluation rule.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Data leakages', 'rule_file': 'RESPONSE-950-DATA-LEAKAGES.conf', + 'desc': 'The paranoia level skip rules 950020, 950021 and 950022 have odd numbers not in sync with other paranoia ' + 'level skip rules in other. files. This is done to avoid rule id collisions with CRSv2. This is also true ' + 'for rule 950130.', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Data leakages SQL', 'rule_file': 'RESPONSE-951-DATA-LEAKAGES-SQL.conf', + 'desc': 'Data leakages SQL rule', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Data leakages JAVA', 'rule_file': 'RESPONSE-952-DATA-LEAKAGES-JAVA.conf', + 'desc': 'Data leakages JAVA rule', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Data leakages PHP', 'rule_file': 'RESPONSE-953-DATA-LEAKAGES-PHP.conf', + 'desc': 'Data leakages PHP rule', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Data leakages IIS', 'rule_file': 'RESPONSE-954-DATA-LEAKAGES-IIS.conf', + 'desc': 'Data leakages IIS rule', 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Blocking evaluation', 'rule_file': 'RESPONSE-959-BLOCKING-EVALUATION.conf', + 'desc': 'You should set the score to the proper threshold you would prefer. If kept at "@gt 0" it will work ' + 'similarly to previous Mod CRS rules and will create an event in the error_log file if there are any ' + 'rules that match. If you would like to lessen the number of events generated in the error_log file, ' + 'you should increase the anomaly score threshold to something like "@gt 20". This would only generate ' + 'an event in the error_log file if there are multiple lower severity rule matches or if any 1 higher ' + 'severity item matches. You should also set the desired disruptive action (deny, redirect, etc...).', + 'service': 'nginx'}, + {'serv': serv, 'rule_name': 'Correlation', 'rule_file': 'RESPONSE-980-CORRELATION.conf', + 'desc': 'This file is used in post processing after the response has been sent to the client (in the logging phase). ' + 'Its purpose is to provide inbound+outbound correlation of events to provide a more intelligent designation ' + 'as to the outcome or result of the transaction - meaning, was this a successful attack?', + 'service': 'nginx'}, + ] + try: + WafRules.insert_many(data_source).execute() + except Exception as e: + out_error(e) + else: + return True + + +def select_waf_rules(serv, service): + query = WafRules.select(WafRules.id, WafRules.rule_name, WafRules.en, WafRules.desc).where( + (WafRules.serv == serv) + & (WafRules.service == service) + ) + try: + query_res = query.execute() + except Exception as e: + out_error(e) + else: + return query_res + + +def delete_waf_rules(serv): + query = WafRules.delete().where(WafRules.serv == serv) + try: + query.execute() + except Exception as e: + out_error(e) + + +def select_waf_rule_by_id(rule_id): + try: + query = WafRules.get(WafRules.id == rule_id) + except Exception as e: + out_error(e) + else: + return query.rule_file + + +def update_enable_waf_rules(rule_id, serv, en): + query = WafRules.update(en=en).where((WafRules.id == rule_id) & (WafRules.serv == serv)) + try: + query.execute() + except Exception as e: + out_error(e) + + +def insert_new_waf_rule(rule_name: str, rule_file: str, rule_description: str, service: str, serv: str) -> int: + try: + last_id = WafRules.insert( + serv=serv, + rule_name=rule_name, + rule_file=rule_file, + desc=rule_description, + service=service + ).execute() + except Exception as e: + out_error(e) + else: + return last_id + + +def delete_waf_server(server_id): + query = Waf.delete().where(Waf.server_id == server_id) + try: + query.execute() + except Exception as e: + out_error(e) + + +def update_waf_metrics_enable(name, enable): + server_id = 0 + try: + server_id = Server.get(Server.hostname == name).server_id + except Exception as e: + out_error(e) + + try: + Waf.update(metrics=enable).where(Waf.server_id == server_id).execute() + except Exception as e: + out_error(e) + else: + return 'ok' diff --git a/app/modules/roxywi/auth.py b/app/modules/roxywi/auth.py index cf4e875b..dfb6bbc2 100644 --- a/app/modules/roxywi/auth.py +++ b/app/modules/roxywi/auth.py @@ -5,6 +5,9 @@ from flask_login import login_user from datetime import datetime, timedelta import app.modules.db.sql as sql +import app.modules.db.user as user_sql +import app.modules.db.group as group_sql +import app.modules.db.service as service_sql import app.modules.roxywi.common as roxywi_common @@ -13,7 +16,7 @@ def check_login(user_uuid, token) -> str: return 'login_page' if user_uuid is not None: - if sql.get_user_name_by_uuid(user_uuid) is None: + if user_sql.get_user_name_by_uuid(user_uuid) is None: return 'login_page' else: try: @@ -21,17 +24,17 @@ def check_login(user_uuid, token) -> str: except Exception: ip = '' - sql.update_last_act_user(user_uuid, token, ip) + user_sql.update_last_act_user(user_uuid, token, ip) return 'ok' return 'login_page' def is_access_permit_to_service(service: str) -> bool: - service_id = sql.select_service_id_by_slug(service) + service_id = service_sql.select_service_id_by_slug(service) user_uuid = request.cookies.get('uuid') - user_id = sql.get_user_id_by_uuid(user_uuid) - user_services = sql.select_user_services(user_id) + user_id = user_sql.get_user_id_by_uuid(user_uuid) + user_services = user_sql.select_user_services(user_id) if str(service_id) in user_services: return True else: @@ -46,7 +49,7 @@ def is_admin(level=1, **kwargs): group_id = request.cookies.get('group') try: - role = sql.get_user_role_by_uuid(user_id, group_id) + role = user_sql.get_user_role_by_uuid(user_id, group_id) except Exception: role = 4 pass @@ -104,8 +107,8 @@ def check_in_ldap(user, password): def create_uuid_and_token(login: str): user_uuid = str(uuid.uuid4()) user_token = str(uuid.uuid4()) - sql.write_user_uuid(login, user_uuid) - sql.write_user_token(login, user_token) + user_sql.write_user_uuid(login, user_uuid) + user_sql.write_user_token(login, user_token) return user_uuid, user_token @@ -129,12 +132,12 @@ def do_login(user_uuid: str, user_group: str, user: str, next_url: str): resp.set_cookie('group', str(user_group), expires=expires.strftime("%a, %d %b %Y %H:%M:%S GMT"), samesite='Strict') try: - user_group_name = sql.get_group_name_by_id(user_group) + user_group_name = group_sql.get_group_name_by_id(user_group) except Exception: user_group_name = '' try: - user_name = sql.get_user_name_by_uuid(user_uuid) + user_name = user_sql.get_user_name_by_uuid(user_uuid) roxywi_common.logging('Roxy-WI server', f' user: {user_name}, group: {user_group_name} login', roxywi=1) except Exception as e: print(f'error: {e}') diff --git a/app/modules/roxywi/common.py b/app/modules/roxywi/common.py index 15a442fe..4398cead 100644 --- a/app/modules/roxywi/common.py +++ b/app/modules/roxywi/common.py @@ -4,11 +4,15 @@ from typing import Any from flask import request -import app.modules.db.sql as sql -import modules.roxy_wi_tools as roxy_wi_tools +from app.modules.db.sql import get_setting +import app.modules.db.roxy as roxy_sql +import app.modules.db.user as user_sql +import app.modules.db.group as group_sql +import app.modules.db.server as server_sql +import app.modules.db.history as history_sql +import app.modules.db.ha_cluster as ha_sql +import app.modules.roxy_wi_tools as roxy_wi_tools -time_zone = sql.get_setting('time_zone') -get_date = roxy_wi_tools.GetDate(time_zone) get_config_var = roxy_wi_tools.GetConfigVar() @@ -21,7 +25,7 @@ def get_user_group(**kwargs) -> int: try: user_group_id = request.cookies.get('group') - groups = sql.select_groups(id=user_group_id) + groups = group_sql.select_groups(id=user_group_id) for g in groups: if g.group_id == int(user_group_id): if kwargs.get('id'): @@ -40,13 +44,13 @@ def check_user_group_for_flask(**kwargs): if kwargs.get('user_uuid'): group_id = kwargs.get('user_group_id') user_uuid = kwargs.get('user_uuid') - user_id = sql.get_user_id_by_uuid(user_uuid) + user_id = user_sql.get_user_id_by_uuid(user_uuid) else: user_uuid = request.cookies.get('uuid') group_id = request.cookies.get('group') - user_id = sql.get_user_id_by_uuid(user_uuid) + user_id = user_sql.get_user_id_by_uuid(user_uuid) - if sql.check_user_group(user_id, group_id): + if user_sql.check_user_group(user_id, group_id): return True else: logging('Roxy-WI server', ' has tried to actions in not his group ', roxywi=1, login=1) @@ -55,19 +59,19 @@ def check_user_group_for_flask(**kwargs): def get_user_id(**kwargs): if kwargs.get('login'): - return sql.get_user_id_by_username(kwargs.get('login')) + return user_sql.get_user_id_by_username(kwargs.get('login')) user_uuid = request.cookies.get('uuid') if user_uuid is not None: - user_id = sql.get_user_id_by_uuid(user_uuid) + user_id = user_sql.get_user_id_by_uuid(user_uuid) return user_id def check_is_server_in_group(server_ip: str) -> bool: group_id = get_user_group(id=1) - servers = sql.select_servers(server=server_ip) + servers = server_sql.select_servers(server=server_ip) for s in servers: if (s[2] == server_ip and int(s[3]) == int(group_id)) or group_id == 1: return True @@ -104,6 +108,7 @@ def get_files(folder, file_format, server_ip=None) -> list: def logging(server_ip: str, action: str, **kwargs) -> None: + get_date = roxy_wi_tools.GetDate(get_setting('time_zone')) cur_date_in_log = get_date.return_date('date_in_log') log_path = get_config_var.get_config_var('main', 'log_path') @@ -122,7 +127,7 @@ def logging(server_ip: str, action: str, **kwargs) -> None: try: user_uuid = request.cookies.get('uuid') - login = sql.get_user_name_by_uuid(user_uuid) + login = user_sql.get_user_name_by_uuid(user_uuid) except Exception: login = '' @@ -151,7 +156,7 @@ def logging(server_ip: str, action: str, **kwargs) -> None: def keep_action_history(service: str, action: str, server_ip: str, login: str, user_ip: str): if login != '': - user_id = sql.get_user_id_by_username(login) + user_id = user_sql.get_user_id_by_username(login) else: user_id = 0 if user_ip == '': @@ -159,14 +164,14 @@ def keep_action_history(service: str, action: str, server_ip: str, login: str, u if service == 'HA cluster': cluster_id = server_ip - cluster_name = sql.select_cluster_name(int(cluster_id)) - sql.insert_action_history(service, action, int(cluster_id), user_id, user_ip, cluster_id, cluster_name) + cluster_name = ha_sql.select_cluster_name(int(cluster_id)) + history_sql.insert_action_history(service, action, int(cluster_id), user_id, user_ip, cluster_id, cluster_name) else: try: - server_id = sql.select_server_id_by_ip(server_ip=server_ip) - hostname = sql.get_hostname_by_server_ip(server_ip) + server_id = server_sql.select_server_id_by_ip(server_ip=server_ip) + hostname = server_sql.get_hostname_by_server_ip(server_ip) - sql.insert_action_history(service, action, server_id, user_id, user_ip, server_ip, hostname) + history_sql.insert_action_history(service, action, server_id, user_id, user_ip, server_ip, hostname) except Exception as e: logging('Roxy-WI server', f'Cannot save a history: {e}', roxywi=1) @@ -187,7 +192,7 @@ def get_dick_permit(**kwargs): if check_user_group_for_flask(token=token): try: - servers = sql.get_dick_permit(group_id, **kwargs) + servers = server_sql.get_dick_permit(group_id, **kwargs) except Exception as e: raise Exception(e) else: @@ -199,7 +204,7 @@ def get_dick_permit(**kwargs): def get_users_params(**kwargs): try: user_uuid = request.cookies.get('uuid') - user = sql.get_user_name_by_uuid(user_uuid) + user = user_sql.get_user_name_by_uuid(user_uuid) except Exception: raise Exception('error: Cannot get user UUID') @@ -209,22 +214,22 @@ def get_users_params(**kwargs): raise Exception(f'error: Cannot get user group: {e}') try: - role = sql.get_user_role_by_uuid(user_uuid, group_id) + role = user_sql.get_user_role_by_uuid(user_uuid, group_id) except Exception: raise Exception('error: Cannot get user role') try: - user_id = sql.get_user_id_by_uuid(user_uuid) + user_id = user_sql.get_user_id_by_uuid(user_uuid) except Exception as e: raise Exception(f'error: Cannot get user id {e}') try: - user_services = sql.select_user_services(user_id) + user_services = user_sql.select_user_services(user_id) except Exception as e: raise Exception(f'error: Cannot get user services {e}') try: - token = sql.get_token(user_uuid) + token = user_sql.get_token(user_uuid) except Exception as e: raise Exception(f'error: Cannot get user token {e}') @@ -270,8 +275,8 @@ def get_user_lang_for_flask() -> str: def return_user_status() -> dict: user_subscription = {} - user_subscription.setdefault('user_status', sql.select_user_status()) - user_subscription.setdefault('user_plan', sql.select_user_plan()) + user_subscription.setdefault('user_status', roxy_sql.select_user_status()) + user_subscription.setdefault('user_plan', roxy_sql.select_user_plan()) return user_subscription diff --git a/app/modules/roxywi/group.py b/app/modules/roxywi/group.py index bb578a69..04ed535c 100644 --- a/app/modules/roxywi/group.py +++ b/app/modules/roxywi/group.py @@ -1,4 +1,4 @@ -import app.modules.db.sql as sql +import app.modules.db.group as group_sql import app.modules.roxywi.common as roxywi_common @@ -7,7 +7,7 @@ def update_group(group_id: int, group_name: str, desc: str) -> str: return roxywi_common.return_error_message() else: try: - sql.update_group(group_name, desc, group_id) + group_sql.update_group(group_name, desc, group_id) roxywi_common.logging('Roxy-WI server', f'The {group_name} has been updated', roxywi=1, login=1) return 'ok' except Exception as e: @@ -15,12 +15,12 @@ def update_group(group_id: int, group_name: str, desc: str) -> str: def delete_group(group_id: int) -> str: - group = sql.select_groups(id=group_id) + group = group_sql.select_groups(id=group_id) group_name = '' for g in group: group_name = g.name - if sql.delete_group(group_id): + if group_sql.delete_group(group_id): roxywi_common.logging('Roxy-WI server', f'The {group_name} has been deleted', roxywi=1, login=1) return 'ok' diff --git a/app/modules/roxywi/logs.py b/app/modules/roxywi/logs.py index 0f2758b3..7f33baba 100644 --- a/app/modules/roxywi/logs.py +++ b/app/modules/roxywi/logs.py @@ -1,10 +1,9 @@ -import re - -import modules.db.sql as sql -import modules.server.server as server_mod -from modules.common.common import checkAjaxInput -import modules.roxy_wi_tools as roxy_wi_tools -import modules.roxywi.common as roxywi_common +import app.modules.db.sql as sql +import app.modules.common.common as common +import app.modules.server.server as server_mod +from app.modules.common.common import checkAjaxInput +import app.modules.roxy_wi_tools as roxy_wi_tools +import app.modules.roxywi.common as roxywi_common get_config_var = roxy_wi_tools.GetConfigVar() @@ -18,7 +17,7 @@ def roxy_wi_log() -> list: group_grep = f'|grep "group: {user_group}"' else: group_grep = '' - cmd = f"find {log_path}/roxy-wi-* -type f -exec stat --format '%Y :%y %n' '{{}}' \; | sort -nr | cut -d: -f2- " \ + cmd = f"find {log_path}/roxy-wi.log -type f -exec stat --format '%Y :%y %n' '{{}}' \; | sort -nr | cut -d: -f2- " \ f"| head -1 |awk '{{print $4}}' |xargs tail {group_grep}|sort -r" try: output, stderr = server_mod.subprocess_execute(cmd) @@ -30,17 +29,16 @@ def roxy_wi_log() -> list: def show_log(stdout, **kwargs): i = 0 out = '' - grep = '' + grep = kwargs.get('grep') - if kwargs.get('grep'): - grep = kwargs.get('grep') - grep = re.sub(r'[?|$|.|!|^|*|\]|\[|,| |]', r'', grep) + if grep: + grep = common.sanitize_input_word(grep) for line in stdout: i = i + 1 - if kwargs.get('grep'): - line = line.replace(grep, f'{grep}') + if grep: + line = common.highlight_word(line, grep) line_class = "line3" if i % 2 == 0 else "line" - out += f'
{line}
' + out += common.wrap_line(line, line_class) return out @@ -75,28 +73,24 @@ def show_roxy_log( if syslog_server_enable is None or syslog_server_enable == 0: local_path_logs = sql.get_setting(f'{service}_path_logs') if service == 'nginx': - commands = ["sudo cat %s/%s |tail -%s %s %s" % (local_path_logs, log_file, rows, grep_act, exgrep_act)] + commands = "sudo cat %s/%s |tail -%s %s %s" % (local_path_logs, log_file, rows, grep_act, exgrep_act) elif service == 'apache': - commands = [ - "sudo cat %s/%s| awk -F\"/|:\" '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act) - ] + commands = "sudo cat %s/%s| awk -F\"/|:\" '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act) elif service == 'keepalived': - commands = [ - "sudo cat %s/%s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act) - ] + commands = "sudo cat %s/%s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act) else: - commands = ["sudo cat %s/%s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act)] + commands = "sudo cat %s/%s| awk '$3>\"%s:00\" && $3<\"%s:00\"' |tail -%s %s %s" % (local_path_logs, log_file, date, date1, rows, grep_act, exgrep_act) syslog_server = serv else: if '..' in serv: raise Exception('error: nice try') - commands = ["sudo cat /var/log/%s/syslog.log | sed '/ %s:00/,/ %s:00/! d' |tail -%s %s %s %s" % (serv, date, date1, rows, grep_act, grep, exgrep_act)] + commands = "sudo cat /var/log/%s/syslog.log | sed '/ %s:00/,/ %s:00/! d' |tail -%s %s %s %s" % (serv, date, date1, rows, grep_act, grep, exgrep_act) syslog_server = sql.get_setting('syslog_server') if waf == "1": local_path_logs = '/var/log/waf.log' - commands = ["sudo cat %s |tail -%s %s %s" % (local_path_logs, rows, grep_act, exgrep_act)] + commands = "sudo cat %s |tail -%s %s %s" % (local_path_logs, rows, grep_act, exgrep_act) if kwargs.get('html') == 0: a = server_mod.ssh_command(syslog_server, commands) diff --git a/app/modules/roxywi/metrics.py b/app/modules/roxywi/metrics.py index d9b4c874..dcabb392 100644 --- a/app/modules/roxywi/metrics.py +++ b/app/modules/roxywi/metrics.py @@ -1,6 +1,6 @@ import psutil -import app.modules.db.sql as sql +import app.modules.db.metric as metric_sql import app.modules.server.server as server_mod @@ -56,7 +56,7 @@ def show_cpu_metrics(metrics_type: str) -> dict: def haproxy_metrics(server_ip: str, hostname: str, time_range: str) -> dict: - metric = sql.select_metrics(server_ip, 'haproxy', time_range=time_range) + metric = metric_sql.select_metrics(server_ip, 'haproxy', time_range=time_range) metrics = {'chartData': {}} metrics['chartData']['labels'] = {} labels = '' @@ -84,7 +84,7 @@ def haproxy_metrics(server_ip: str, hostname: str, time_range: str) -> dict: def haproxy_http_metrics(server_ip: str, hostname: str, time_range: str) -> dict: - metric = sql.select_metrics(server_ip, 'http_metrics', time_range=time_range) + metric = metric_sql.select_metrics(server_ip, 'http_metrics', time_range=time_range) metrics = {'chartData': {}} metrics['chartData']['labels'] = {} labels = '' @@ -115,7 +115,7 @@ def haproxy_http_metrics(server_ip: str, hostname: str, time_range: str) -> dict def service_metrics(server_ip: str, hostname: str, service: str, time_range: str) -> dict: - metric = sql.select_metrics(server_ip, service, time_range=time_range) + metric = metric_sql.select_metrics(server_ip, service, time_range=time_range) metrics = {'chartData': {}} metrics['chartData']['labels'] = {} diff --git a/app/modules/roxywi/nettools.py b/app/modules/roxywi/nettools.py index b9068261..6cb062d5 100644 --- a/app/modules/roxywi/nettools.py +++ b/app/modules/roxywi/nettools.py @@ -53,7 +53,7 @@ def telnet_from_server(server_from: str, server_to: str, port_to: str) -> str: action_for_sending = f'echo "exit"|nc {server_to} {port_to} -t -w 1s' output, stderr = server_mod.subprocess_execute(action_for_sending) else: - action_for_sending = [f'echo "exit"|nc {server_to} {port_to} -t -w 1s'] + action_for_sending = f'echo "exit"|nc {server_to} {port_to} -t -w 1s' output = server_mod.ssh_command(server_from, action_for_sending, raw=1) if stderr != '': @@ -85,7 +85,6 @@ def nslookup_from_server(server_from: str, dns_name: str, record_type: str) -> s if server_from == 'localhost': output, stderr = server_mod.subprocess_execute(action_for_sending) else: - action_for_sending = [action_for_sending] output = server_mod.ssh_command(server_from, action_for_sending, raw=1) if stderr != '': diff --git a/app/modules/roxywi/overview.py b/app/modules/roxywi/overview.py index c8f49c53..a8d4baa0 100644 --- a/app/modules/roxywi/overview.py +++ b/app/modules/roxywi/overview.py @@ -3,6 +3,13 @@ import requests from flask import render_template, request import app.modules.db.sql as sql +import app.modules.db.waf as waf_sql +import app.modules.db.roxy as roxy_sql +import app.modules.db.user as user_sql +import app.modules.db.metric as metric_sql +import app.modules.db.server as server_sql +import app.modules.db.service as service_sql +import app.modules.db.checker as checker_sql import app.modules.common.common as common import app.modules.tools.common as tools_common import app.modules.roxywi.common as roxywi_common @@ -14,13 +21,13 @@ def user_owv() -> str: lang = roxywi_common.get_user_lang_for_flask() roles = sql.select_roles() user_params = roxywi_common.get_users_params() - users_groups = sql.select_user_groups_with_names(1, all=1) + users_groups = user_sql.select_user_groups_with_names(1, all=1) user_group = roxywi_common.get_user_group(id=1) if (user_params['role'] == 2 or user_params['role'] == 3) and int(user_group) != 1: - users = sql.select_users(group=user_group) + users = user_sql.select_users(group=user_group) else: - users = sql.select_users() + users = user_sql.select_users() return render_template('ajax/show_users_ovw.html', users=users, users_groups=users_groups, lang=lang, roles=roles) @@ -28,7 +35,7 @@ def user_owv() -> str: def show_sub_ovw() -> str: lang = roxywi_common.get_user_lang_for_flask() - return render_template('ajax/show_sub_ovw.html', sub=sql.select_user_all(), lang=lang) + return render_template('ajax/show_sub_ovw.html', sub=roxy_sql.select_user_all(), lang=lang) def show_overview(serv) -> str: @@ -36,17 +43,17 @@ def show_overview(serv) -> str: user_uuid = request.cookies.get('uuid') group_id = request.cookies.get('group') lang = roxywi_common.get_user_lang_for_flask() - role = sql.get_user_role_by_uuid(user_uuid, group_id) - server = [server for server in sql.select_servers(server=serv)] - user_id = sql.get_user_id_by_uuid(user_uuid) - user_services = sql.select_user_services(user_id) + role = user_sql.get_user_role_by_uuid(user_uuid, group_id) + server = [server for server in server_sql.select_servers(server=serv)] + user_id = user_sql.get_user_id_by_uuid(user_uuid) + user_services = user_sql.select_user_services(user_id) - haproxy = sql.select_haproxy(serv) if '1' in user_services else 0 - nginx = sql.select_nginx(serv) if '2' in user_services else 0 - keepalived = sql.select_keepalived(serv) if '3' in user_services else 0 - apache = sql.select_apache(serv) if '4' in user_services else 0 + haproxy = service_sql.select_haproxy(serv) if '1' in user_services else 0 + nginx = service_sql.select_nginx(serv) if '2' in user_services else 0 + keepalived = service_sql.select_keepalived(serv) if '3' in user_services else 0 + apache = service_sql.select_apache(serv) if '4' in user_services else 0 - waf = sql.select_waf_servers(server[0][2]) + waf = waf_sql.select_waf_servers(server[0][2]) haproxy_process = '' keepalived_process = '' nginx_process = '' @@ -80,14 +87,14 @@ def show_overview(serv) -> str: return f'error: {e} for server {server[0][2]}' if keepalived: - command = ["ps ax |grep keepalived|grep -v grep|wc -l|tr -d '\n'"] + command = "ps ax |grep keepalived|grep -v grep|wc -l|tr -d '\n'" try: keepalived_process = server_mod.ssh_command(server[0][2], command) except Exception as e: return f'error: {e} for server {server[0][2]}' if waf_len >= 1: - command = ["ps ax |grep waf/bin/modsecurity |grep -v grep |wc -l"] + command = "ps ax |grep waf/bin/modsecurity |grep -v grep |wc -l" try: waf_process = server_mod.ssh_command(server[0][2], command) except Exception as e: @@ -186,8 +193,8 @@ def show_services_overview(): for s in user_params['servers']: servers_group.append(s[2]) - is_checker_worker = len(sql.select_all_alerts(group=user_group)) - is_metrics_worker = len(sql.select_servers_metrics_for_master(group=user_group)) + is_checker_worker = len(checker_sql.select_all_alerts(group=user_group)) + is_metrics_worker = len(metric_sql.select_servers_metrics_for_master(group=user_group)) for pids in psutil.pids(): if pids < 300: @@ -214,7 +221,7 @@ def show_services_overview(): except psutil.NoSuchProcess: pass - roxy_tools = sql.get_roxy_tools() + roxy_tools = roxy_sql.get_roxy_tools() roxy_tools_status = {} for tool in roxy_tools: if tool == 'roxy-wi-prometheus-exporter': @@ -230,7 +237,7 @@ def show_services_overview(): def keepalived_became_master(server_ip) -> str: - commands = ["sudo kill -USR2 $(cat /var/run/keepalived.pid) && sudo grep 'Became master' /tmp/keepalived.stats |awk '{print $3}'"] + commands = "sudo kill -USR2 $(cat /var/run/keepalived.pid) && sudo grep 'Became master' /tmp/keepalived.stats |awk '{print $3}'" became_master = server_mod.ssh_command(server_ip, commands) lang = roxywi_common.get_user_lang_for_flask() diff --git a/app/modules/roxywi/roxy.py b/app/modules/roxywi/roxy.py index 15eb6c0a..1fde9420 100644 --- a/app/modules/roxywi/roxy.py +++ b/app/modules/roxywi/roxy.py @@ -7,6 +7,7 @@ from requests.adapters import HTTPAdapter from requests.packages.urllib3.util.retry import Retry import app.modules.db.sql as sql +import app.modules.db.roxy as roxy_sql import app.modules.roxywi.common as roxywi_common import app.modules.server.server as server_mod @@ -23,7 +24,7 @@ def is_docker() -> bool: def check_ver(): - return sql.get_ver() + return roxy_sql.get_ver() def versions(): @@ -76,7 +77,7 @@ def update_user_status() -> None: proxy_dict = {} if proxy is not None and proxy != '' and proxy != 'None': proxy_dict = {"https": proxy, "http": proxy} - user_name = sql.select_user_name() + user_name = roxy_sql.select_user_name() retry_strategy = Retry( total=3, status_forcelist=[429, 500, 502, 503, 504], @@ -89,7 +90,7 @@ def update_user_status() -> None: try: status = roxy_wi_get_plan.content.decode(encoding='UTF-8') status = status.split(' ') - sql.update_user_status(status[0], status[1].strip(), status[2].strip()) + roxy_sql.update_user_status(status[0], status[1].strip(), status[2].strip()) except Exception as e: roxywi_common.logging('Roxy-WI server', f'error: Cannot get user status {e}', roxywi=1) @@ -99,7 +100,7 @@ def action_service(action: str, service: str) -> str: cmd = f"sudo systemctl disable {service} --now" if action in ("start", "restart"): cmd = f"sudo systemctl {action} {service} --now" - if not sql.select_user_status(): + if not roxy_sql.select_user_status(): return 'warning: The service is disabled because you are not subscribed. Read here about subscriptions' if is_in_docker: @@ -123,10 +124,10 @@ def update_plan(): else: user_name = 'git' - if sql.select_user_name(): - sql.update_user_name(user_name) + if roxy_sql.select_user_name(): + roxy_sql.update_user_name(user_name) else: - sql.insert_user_name(user_name) + roxy_sql.insert_user_name(user_name) except Exception as e: roxywi_common.logging('Cannot update subscription: ', str(e), roxywi=1) diff --git a/app/modules/roxywi/user.py b/app/modules/roxywi/user.py index 079158bc..30762d7b 100644 --- a/app/modules/roxywi/user.py +++ b/app/modules/roxywi/user.py @@ -1,19 +1,21 @@ import os -from flask import render_template, make_response, request +from flask import render_template, make_response import app.modules.db.sql as sql +import app.modules.db.user as user_sql +import app.modules.db.service as service_sql import app.modules.roxywi.common as roxywi_common import app.modules.tools.alerting as alerting -def create_user(new_user: str, email: str, password: str, role: str, activeuser: int, group: int) -> None: +def create_user(new_user: str, email: str, password: str, role: int, activeuser: int, group: int) -> None: try: - user_id = sql.add_user(new_user, email, password, role, activeuser, group) - sql.update_user_role(user_id, group, role) - roxywi_common.logging(f'a new user {new_user}', ' has been created ', roxywi=1, login=1) + user_id = user_sql.add_user(new_user, email, password, role, activeuser, group) + # user_sql.update_user_role(user_id, group, role) + roxywi_common.logging(f'a new user {new_user}', 'has been created', roxywi=1, login=1) try: - sql.update_user_role(user_id, group, role) + user_sql.update_user_role(user_id, group, role) except Exception as e: raise Exception(f'error: cannot update user role {e}') try: @@ -32,26 +34,26 @@ def create_user(new_user: str, email: str, password: str, role: str, activeuser: def delete_user(user_id: int) -> str: - if sql.is_user_super_admin(user_id): - count_super_admin_users = sql.get_super_admin_count() + if user_sql.is_user_super_admin(user_id): + count_super_admin_users = user_sql.get_super_admin_count() if count_super_admin_users < 2: raise Exception('error: you cannot delete a last user with superAdmin role') - user = sql.select_users(id=user_id) + user = user_sql.select_users(id=user_id) username = '' for u in user: username = u.username - if sql.delete_user(user_id): - sql.delete_user_groups(user_id) + if user_sql.delete_user(user_id): + user_sql.delete_user_groups(user_id) roxywi_common.logging(username, ' has been deleted user ', roxywi=1, login=1) return "ok" def update_user(email, new_user, user_id, enabled, group_id, role_id): try: - sql.update_user(new_user, email, role_id, user_id, enabled) + user_sql.update_user(new_user, email, role_id, user_id, enabled) except Exception as e: roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'Cannot update user {new_user}', roxywi=1, login=1) - sql.update_user_role(user_id, group_id, role_id) + user_sql.update_user_role(user_id, group_id, role_id) roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1) @@ -59,23 +61,23 @@ def update_user_password(password, uuid, user_id_from_get): username = '' if uuid: - user_id = sql.get_user_id_by_uuid(uuid) + user_id = user_sql.get_user_id_by_uuid(uuid) else: user_id = user_id_from_get - user = sql.select_users(id=user_id) + user = user_sql.select_users(id=user_id) for u in user: username = u.username - sql.update_user_password(password, user_id) + user_sql.update_user_password(password, user_id) roxywi_common.logging(f'user {username}', ' has changed password ', roxywi=1, login=1) return 'ok' def get_user_services(user_id: int) -> str: lang = roxywi_common.get_user_lang_for_flask() - services = sql.select_services() + services = service_sql.select_services() return render_template( - 'ajax/user_services.html', user_services=sql.select_user_services(user_id), id=user_id, services=services, lang=lang + 'ajax/user_services.html', user_services=user_sql.select_user_services(user_id), id=user_id, services=services, lang=lang ) @@ -87,16 +89,16 @@ def change_user_services(user: str, user_id: int, user_services: str) -> str: services += ' ' + k2 try: - if sql.update_user_services(services=services, user_id=user_id): - roxywi_common.logging('Roxy-WI server', f'Access to the services has been updated for user: {user}', roxywi=1, login=1) - return 'ok' + user_sql.update_user_services(services=services, user_id=user_id) except Exception as e: return f'error: Cannot save: {e}' + roxywi_common.logging('Roxy-WI server', f'Access to the services has been updated for user: {user}', roxywi=1, login=1) + return 'ok' def change_user_active_group(group_id: int, user_uuid: str) -> str: try: - if sql.update_user_current_groups(group_id, user_uuid): + if user_sql.update_user_current_groups(group_id, user_uuid): return 'Ok' else: return 'error: Cannot change group' @@ -105,41 +107,41 @@ def change_user_active_group(group_id: int, user_uuid: str) -> str: def get_user_active_group(uuid: str, group: str) -> str: - group_id = sql.get_user_id_by_uuid(uuid) - groups = sql.select_user_groups_with_names(group_id) + group_id = user_sql.get_user_id_by_uuid(uuid) + groups = user_sql.select_user_groups_with_names(group_id) lang = roxywi_common.get_user_lang_for_flask() return render_template('ajax/user_current_group.html', groups=groups, group=group, id=group_id, lang=lang) def show_user_groups_and_roles(user_id: int, lang: str) -> str: - groups = sql.select_user_groups_with_names(user_id, user_not_in_group=1) + groups = user_sql.select_user_groups_with_names(user_id, user_not_in_group=1) roles = sql.select_roles() - user_groups = sql.select_user_groups_with_names(user_id) + user_groups = user_sql.select_user_groups_with_names(user_id) return render_template('ajax/user_groups_and_roles.html', groups=groups, user_groups=user_groups, roles=roles, lang=lang) def is_current_user(user_id: int, user_uuid: str) -> bool: - current_user_id = sql.get_user_id_by_uuid(user_uuid) + current_user_id = user_sql.get_user_id_by_uuid(user_uuid) if current_user_id == user_id: return True return False -def save_user_group_and_role(user: str, groups_and_roles: dict, user_uuid: str) -> str: +def save_user_group_and_role(user: str, groups_and_roles: dict, user_uuid: str): resp = make_response('ok') for k, v in groups_and_roles.items(): user_id = int(k) - if not sql.delete_user_groups(user_id): + if not user_sql.delete_user_groups(user_id): return 'error: Cannot delete old groups' for k2, v2 in v.items(): group_id = int(k2) role_id = int(v2['role_id']) if len(v) == 1: - sql.update_user_current_groups_by_id(group_id, user_id) + user_sql.update_user_current_groups_by_id(group_id, user_id) if is_current_user(user_id, user_uuid): resp.set_cookie('group', str(group_id), secure=True) try: - sql.update_user_role(user_id, group_id, role_id) + user_sql.update_user_role(user_id, group_id, role_id) except Exception as e: raise Exception(f'error: Cannot update groups: {e}') else: diff --git a/app/modules/roxywi/waf.py b/app/modules/roxywi/waf.py index 5c8a0ddb..59bb65bf 100644 --- a/app/modules/roxywi/waf.py +++ b/app/modules/roxywi/waf.py @@ -1,16 +1,20 @@ from flask import render_template, request -import modules.db.sql as sql -import modules.common.common as common -import modules.server.server as server_mod -import modules.roxywi.common as roxywi_common +import app.modules.db.sql as sql +import app.modules.db.waf as waf_sql +import app.modules.db.user as user_sql +import app.modules.db.server as server_sql +import app.modules.db.service as service_sql +import app.modules.common.common as common +import app.modules.server.server as server_mod +import app.modules.roxywi.common as roxywi_common -def waf_overview(serv, waf_service) -> None: - servers = sql.select_servers(server=serv) +def waf_overview(serv, waf_service) -> str: + servers = server_sql.select_servers(server=serv) user_id = request.cookies.get('uuid') group_id = int(request.cookies.get('group')) - role = sql.get_user_role_by_uuid(user_id, group_id) + role = user_sql.get_user_role_by_uuid(user_id, group_id) returned_servers = [] waf = '' metrics_en = 0 @@ -20,17 +24,17 @@ def waf_overview(serv, waf_service) -> None: for server in servers: if waf_service == 'haproxy': - is_waf_on_server = sql.select_haproxy(server[2]) + is_waf_on_server = service_sql.select_haproxy(server[2]) elif waf_service == 'nginx': - is_waf_on_server = sql.select_nginx(server[2]) + is_waf_on_server = service_sql.select_nginx(server[2]) if is_waf_on_server == 1: config_path = sql.get_setting(f'{waf_service}_dir') if waf_service == 'haproxy': - waf = sql.select_waf_servers(server[2]) - metrics_en = sql.select_waf_metrics_enable_server(server[2]) + waf = waf_sql.select_waf_servers(server[2]) + metrics_en = waf_sql.select_waf_metrics_enable_server(server[2]) elif waf_service == 'nginx': - waf = sql.select_waf_nginx_servers(server[2]) + waf = waf_sql.select_waf_nginx_servers(server[2]) try: waf_len = len(waf) except Exception: @@ -38,12 +42,10 @@ def waf_overview(serv, waf_service) -> None: if waf_len >= 1: if waf_service == 'haproxy': - command = ["ps ax |grep waf/bin/modsecurity |grep -v grep |wc -l"] + command = "ps ax |grep waf/bin/modsecurity |grep -v grep |wc -l" elif waf_service == 'nginx': - command = [ - f"grep 'modsecurity on' {common.return_nice_path(config_path)}* --exclude-dir=waf -Rs |wc -l"] - commands1 = [ - f"grep SecRuleEngine {config_path}/waf/modsecurity.conf |grep -v '#' |awk '{{print $2}}'"] + command = f"grep 'modsecurity on' {common.return_nice_path(config_path)}* --exclude-dir=waf -Rs |wc -l" + commands1 = f"grep SecRuleEngine {config_path}/waf/modsecurity.conf |grep -v '#' |awk '{{print $2}}'" waf_process = server_mod.ssh_command(server[2], command) waf_mode = server_mod.ssh_command(server[2], commands1).strip() @@ -70,14 +72,14 @@ def waf_overview(serv, waf_service) -> None: def change_waf_mode(waf_mode: str, server_hostname: str, service: str) -> str: - serv = sql.select_server_by_name(server_hostname) + serv = server_sql.select_server_by_name(server_hostname) if service == 'haproxy': config_dir = sql.get_setting('haproxy_dir') elif service == 'nginx': config_dir = sql.get_setting('nginx_dir') - commands = [f"sudo sed -i 's/^SecRuleEngine.*/SecRuleEngine {waf_mode}/' {config_dir}/waf/modsecurity.conf"] + commands = f"sudo sed -i 's/^SecRuleEngine.*/SecRuleEngine {waf_mode}/' {config_dir}/waf/modsecurity.conf" try: server_mod.ssh_command(serv, commands) @@ -91,16 +93,16 @@ def change_waf_mode(waf_mode: str, server_hostname: str, service: str) -> str: def switch_waf_rule(serv: str, enable: int, rule_id: int) -> str: haproxy_path = sql.get_setting('haproxy_dir') - rule_file = sql.select_waf_rule_by_id(rule_id) + rule_file = waf_sql.select_waf_rule_by_id(rule_id) conf_file_path = haproxy_path + '/waf/modsecurity.conf' rule_file_path = f'Include {haproxy_path}/waf/rules/{rule_file}' if enable == '0': - cmd = ["sudo sed -i 's!" + rule_file_path + "!#" + rule_file_path + "!' " + conf_file_path] - en_for_log = 'disable' + cmd = "sudo sed -i 's!" + rule_file_path + "!#" + rule_file_path + "!' " + conf_file_path + en_for_log = 'disabled' else: - cmd = ["sudo sed -i 's!#" + rule_file_path + "!" + rule_file_path + "!' " + conf_file_path] - en_for_log = 'enable' + cmd = "sudo sed -i 's!#" + rule_file_path + "!" + rule_file_path + "!' " + conf_file_path + en_for_log = 'enabled' try: roxywi_common.logging('WAF', f' Has been {en_for_log} WAF rule: {rule_file} for the server {serv}', @@ -108,7 +110,7 @@ def switch_waf_rule(serv: str, enable: int, rule_id: int) -> str: except Exception: pass - sql.update_enable_waf_rules(rule_id, serv, enable) + waf_sql.update_enable_waf_rules(rule_id, serv, enable) return server_mod.ssh_command(serv, cmd) @@ -127,9 +129,9 @@ def create_waf_rule(serv, service) -> str: conf_file_path = f'{waf_path}waf/modsecurity.conf' rule_file_path = f'{waf_path}waf/rules/{rule_file}' - cmd = [f"sudo echo Include {rule_file_path} >> {conf_file_path} && sudo touch {rule_file_path}"] + cmd = f"sudo echo Include {rule_file_path} >> {conf_file_path} && sudo touch {rule_file_path}" server_mod.ssh_command(serv, cmd) - sql.insert_new_waf_rule(new_waf_rule, rule_file, new_rule_desc, service, serv) + waf_sql.insert_new_waf_rule(new_waf_rule, rule_file, new_rule_desc, service, serv) try: roxywi_common.logging('WAF', f' A new rule has been created {rule_file} on the server {serv}', diff --git a/app/modules/server/server.py b/app/modules/server/server.py index dfb3dbf7..318bb27d 100644 --- a/app/modules/server/server.py +++ b/app/modules/server/server.py @@ -3,13 +3,20 @@ import json from flask import render_template import app.modules.db.sql as sql +import app.modules.db.waf as waf_sql +import app.modules.db.server as server_sql +import app.modules.db.backup as backup_sql +import app.modules.db.checker as checker_sql +import app.modules.db.service as service_sql +import app.modules.db.history as history_sql +import app.modules.db.portscanner as ps_sql import app.modules.server.ssh as mod_ssh import app.modules.common.common as common import app.modules.roxywi.auth as roxywi_auth import app.modules.roxywi.common as roxywi_common -def ssh_command(server_ip: str, commands: list, **kwargs): +def ssh_command(server_ip: str, commands: str, **kwargs): if server_ip == '': raise Exception('error: IP cannot be empty') if kwargs.get('timeout'): @@ -18,29 +25,33 @@ def ssh_command(server_ip: str, commands: list, **kwargs): timeout = 2 try: with mod_ssh.ssh_connect(server_ip) as ssh: - for command in commands: - try: - stdin, stdout, stderr = ssh.run_command(command, timeout=timeout) - stdin.close() - except Exception as e: - roxywi_common.handle_exceptions(e, server_ip, 'Something wrong with SSH connection. Probably sudo with password', roxywi=1) + if isinstance(commands, list): + command = commands[0] + else: + command = commands + try: + stdin, stdout, stderr = ssh.run_command(command, timeout=timeout) + stdin.close() + except Exception as e: + roxywi_common.handle_exceptions(e, server_ip, 'Something wrong with SSH connection. Probably sudo with password', roxywi=1) - if stderr: - for line in stderr.readlines(): - if line: - roxywi_common.handle_exceptions(line, server_ip, line, roxywi=1) + if stderr: + for line in stderr.readlines(): + if line: + roxywi_common.handle_exceptions(line, server_ip, line, roxywi=1) - if kwargs.get('raw'): - return stdout.readlines() - elif kwargs.get("show_log") == "1": - import modules.roxywi.logs as roxywi_logs - return roxywi_logs.show_log(stdout, grep=kwargs.get("grep")) - elif kwargs.get('return_err') == 1: - return stderr.read().decode(encoding='UTF-8') - else: - return stdout.read().decode(encoding='UTF-8') + if stdout.channel.recv_exit_status() and kwargs.get('rc'): + roxywi_common.handle_exceptions(stdout.read().decode('utf-8'), server_ip, f'Cannot perform SSH command: {command} ', roxywi=1) + + if kwargs.get('raw'): + return stdout.readlines() + elif kwargs.get("show_log") == "1": + import app.modules.roxywi.logs as roxywi_logs + return roxywi_logs.show_log(stdout, grep=kwargs.get("grep")) + else: + return stdout.read().decode(encoding='UTF-8') except Exception as e: - roxywi_common.handle_exceptions(e, server_ip, 'Something wrong with SSH connection. Probably sudo with password', roxywi=1) + roxywi_common.handle_exceptions(e, server_ip, '', roxywi=1) def subprocess_execute(cmd): @@ -73,14 +84,14 @@ def subprocess_execute_with_rc(cmd): def is_file_exists(server_ip: str, file: str) -> bool: - cmd = [f'[ -f {file} ] && echo yes || echo no'] + cmd = f'[ -f {file} ] && echo yes || echo no' out = ssh_command(server_ip, cmd) return True if 'yes' in out else False def is_service_active(server_ip: str, service_name: str) -> bool: - cmd = [f'systemctl is-active {service_name}'] + cmd = f'systemctl is-active {service_name}' out = ssh_command(server_ip, cmd) out = out.strip() @@ -90,10 +101,10 @@ def is_service_active(server_ip: str, service_name: str) -> bool: def get_remote_files(server_ip: str, config_dir: str, file_format: str): config_dir = common.return_nice_path(config_dir) if file_format == 'conf': - commands = [f'sudo ls {config_dir}*/*.{file_format}'] + command = f'sudo ls {config_dir}*/*.{file_format}' else: - commands = [f'sudo ls {config_dir}|grep {file_format}$'] - config_files = ssh_command(server_ip, commands) + command = f'sudo ls {config_dir}|grep {file_format}$' + config_files = ssh_command(server_ip, command) return config_files @@ -103,9 +114,9 @@ def get_system_info(server_ip: str) -> str: if server_ip == '': return 'error: IP cannot be empty' - server_id = sql.select_server_id_by_ip(server_ip) - command = ["sudo lshw -quiet -json"] - command1 = ['sudo hostnamectl |grep "Operating System"|awk -F":" \'{print $2}\''] + server_id = server_sql.select_server_id_by_ip(server_ip) + command = "sudo lshw -quiet -json" + command1 = 'sudo hostnamectl |grep "Operating System"|awk -F":" \'{print $2}\'' try: sys_info_returned = ssh_command(server_ip, command, timeout=5) @@ -330,33 +341,33 @@ def get_system_info(server_ip: str) -> str: pass try: - sql.insert_system_info(server_id, os_info, sys_info, cpu, ram, network, disks) + server_sql.insert_system_info(server_id, os_info, sys_info, cpu, ram, network, disks) except Exception as e: raise e def show_system_info(server_ip: str, server_id: int) -> str: - if not sql.is_system_info(server_id): + if not server_sql.is_system_info(server_id): try: get_system_info(server_ip) except Exception as e: return f'error: Cannot get system info: {e}' try: - system_info = sql.select_one_system_info(server_id) + system_info = server_sql.select_one_system_info(server_id) except Exception as e: return f'Cannot update server info: {e}' else: - system_info = sql.select_one_system_info(server_id) + system_info = server_sql.select_one_system_info(server_id) return render_template('ajax/show_system_info.html', system_info=system_info, server_ip=server_ip, server_id=server_id) def update_system_info(server_ip: str, server_id: int) -> str: - sql.delete_system_info(server_id) + server_sql.delete_system_info(server_id) try: get_system_info(server_ip) - system_info = sql.select_one_system_info(server_id) + system_info = server_sql.select_one_system_info(server_id) return render_template('ajax/show_system_info.html', system_info=system_info, server_ip=server_ip, server_id=server_id) except Exception as e: @@ -365,20 +376,31 @@ def update_system_info(server_ip: str, server_id: int) -> str: def show_firewalld_rules(server_ip) -> str: input_chain2 = [] - cmd = ["sudo iptables -L INPUT -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"] - cmd1 = ["sudo iptables -L IN_public_allow -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"] - cmd2 = ["sudo iptables -L OUTPUT -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'"] + cmd = "sudo iptables -L INPUT -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'" + cmd1 = "sudo iptables -L IN_public_allow -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'" + cmd2 = "sudo iptables -L OUTPUT -n --line-numbers|sed 's/ */ /g'|grep -v -E 'Chain|target'" - input_chain = ssh_command(server_ip, cmd, raw=1) + try: + input_chain = ssh_command(server_ip, cmd, raw=1) + except Exception as e: + roxywi_common.logging(server_ip, f'error: Cannot get Iptables Input chain: {e}') + return 'error: Cannot get Iptables Input chain' + + try: + in_public_allow = ssh_command(server_ip, cmd1, raw=1) + except Exception as e: + roxywi_common.logging(server_ip, f'error: Cannot get Iptables IN_public_allow chain: {e}') + return 'error: Cannot get Iptables IN_public_allow chain' + + try: + output_chain = ssh_command(server_ip, cmd2, raw=1) + except Exception as e: + roxywi_common.logging(server_ip, f'error: Cannot get Iptables OUTPUT chain: {e}') + return 'error: Cannot get Iptables OUTPUT chain' for each_line in input_chain: input_chain2.append(each_line.strip('\n')) - if 'error:' in input_chain: - return input_chain - - in_public_allow = ssh_command(server_ip, cmd1, raw=1) - output_chain = ssh_command(server_ip, cmd2, raw=1) lang = roxywi_common.get_user_lang_for_flask() return render_template('ajax/firewall_rules.html', input_chain=input_chain2, IN_public_allow=in_public_allow, output_chain=output_chain, lang=lang) @@ -387,7 +409,7 @@ def create_server(hostname, ip, group, typeip, enable, master, cred, port, desc, if not roxywi_auth.is_admin(level=2, role_id=kwargs.get('role_id')): raise Exception('error: not enough permission') - if sql.add_server(hostname, ip, group, typeip, enable, master, cred, port, desc, haproxy, nginx, apache, firewall): + if server_sql.add_server(hostname, ip, group, typeip, enable, master, cred, port, desc, haproxy, nginx, apache, firewall): return True else: return False @@ -395,7 +417,7 @@ def create_server(hostname, ip, group, typeip, enable, master, cred, port, desc, def update_server_after_creating(hostname: str, ip: str, scan_server: int) -> str: try: - sql.insert_new_checker_setting_for_server(ip) + checker_sql.insert_new_checker_setting_for_server(ip) except Exception as e: roxywi_common.logging(f'Cannot insert Checker settings for {hostname}', str(e), roxywi=1) raise Exception(f'error: Cannot insert Checker settings for {hostname} {e}') @@ -409,23 +431,23 @@ def update_server_after_creating(hostname: str, ip: str, scan_server: int) -> st keepalived_config_path = sql.get_setting('keepalived_config_path') if is_file_exists(ip, nginx_config_path): - sql.update_nginx(ip) + service_sql.update_nginx(ip) if is_file_exists(ip, haproxy_config_path): - sql.update_haproxy(ip) + service_sql.update_haproxy(ip) if is_file_exists(ip, keepalived_config_path): - sql.update_keepalived(ip) + service_sql.update_keepalived(ip) if is_file_exists(ip, apache_config_path): - sql.update_apache(ip) + service_sql.update_apache(ip) if is_file_exists(ip, haproxy_dir + '/waf/bin/modsecurity'): - sql.insert_waf_metrics_enable(ip, "0") - sql.insert_waf_rules(ip) + waf_sql.insert_waf_metrics_enable(ip, "0") + waf_sql.insert_waf_rules(ip) if is_service_active(ip, 'firewalld'): - sql.update_firewall(ip) + server_sql.update_firewall(ip) except Exception as e: roxywi_common.logging(f'Cannot scan a new server {hostname}', str(e), roxywi=1) @@ -441,7 +463,7 @@ def update_server_after_creating(hostname: str, ip: str, scan_server: int) -> st def delete_server(server_id: int) -> str: - server = sql.select_servers(id=server_id) + server = server_sql.select_servers(id=server_id) server_ip = '' hostname = '' @@ -449,35 +471,35 @@ def delete_server(server_id: int) -> str: hostname = s[1] server_ip = s[2] - if sql.check_exists_backup(server_ip): + if backup_sql.check_exists_backup(server_ip): return 'warning: Delete the backup first' - if sql.check_exists_s3_backup(server_ip): + if backup_sql.check_exists_s3_backup(server_ip): return 'warning: Delete the S3 backup first' - if sql.delete_server(server_id): - sql.delete_waf_server(server_id) - sql.delete_port_scanner_settings(server_id) - sql.delete_waf_rules(server_ip) - sql.delete_action_history(server_id) - sql.delete_system_info(server_id) - sql.delete_service_settings(server_id) + if server_sql.delete_server(server_id): + waf_sql.delete_waf_server(server_id) + ps_sql.delete_port_scanner_settings(server_id) + waf_sql.delete_waf_rules(server_ip) + history_sql.delete_action_history(server_id) + server_sql.delete_system_info(server_id) + service_sql.delete_service_settings(server_id) roxywi_common.logging(server_ip, f'The server {hostname} has been deleted', roxywi=1, login=1) return 'Ok' def server_is_up(server_ip: str) -> str: - cmd = [f'if ping -c 1 -W 1 {server_ip} >> /dev/null; then echo up; else echo down; fi'] + cmd = f'if ping -c 1 -W 1 {server_ip} >> /dev/null; then echo up; else echo down; fi' server_status, stderr = subprocess_execute(cmd) return server_status[0] def show_server_services(server_id: int) -> str: - server = sql.select_servers(id=server_id) + server = server_sql.select_servers(id=server_id) lang = roxywi_common.get_user_lang_for_flask() return render_template('ajax/show_server_services.html', server=server, lang=lang) def change_server_services(server_id: int, server_name: str, server_services: dict) -> str: - services = sql.select_services() + services = service_sql.select_services() services_status = {} for k, v in server_services.items(): @@ -486,7 +508,7 @@ def change_server_services(server_id: int, server_name: str, server_services: di services_status[service.service_id] = v try: - if sql.update_server_services(server_id, services_status[1], services_status[2], services_status[4], services_status[3]): + if service_sql.update_server_services(server_id, services_status[1], services_status[2], services_status[4], services_status[3]): roxywi_common.logging('Roxy-WI server', f'Active services have been updated for {server_name}', roxywi=1, login=1) return 'ok' except Exception as e: diff --git a/app/modules/server/ssh.py b/app/modules/server/ssh.py index fe386b88..14db2cc6 100644 --- a/app/modules/server/ssh.py +++ b/app/modules/server/ssh.py @@ -4,7 +4,9 @@ from cryptography.fernet import Fernet import paramiko from flask import render_template, request -import app.modules.db.sql as sql +import app.modules.db.cred as cred_sql +import app.modules.db.group as group_sql +import app.modules.db.server as server_sql import app.modules.common.common as common from app.modules.server import ssh_connection import app.modules.roxywi.common as roxywi_common @@ -18,9 +20,9 @@ def return_ssh_keys_path(server_ip: str, **kwargs) -> dict: lib_path = get_config.get_config_var('main', 'lib_path') ssh_settings = {} if kwargs.get('id'): - sshs = sql.select_ssh(id=kwargs.get('id')) + sshs = cred_sql.select_ssh(id=kwargs.get('id')) else: - sshs = sql.select_ssh(serv=server_ip) + sshs = cred_sql.select_ssh(serv=server_ip) for ssh in sshs: if ssh.password: @@ -46,7 +48,7 @@ def return_ssh_keys_path(server_ip: str, **kwargs) -> dict: ssh_settings.setdefault('passphrase', passphrase) try: - ssh_port = [str(server[10]) for server in sql.select_servers(server=server_ip)] + ssh_port = [str(server[10]) for server in server_sql.select_servers(server=server_ip)] ssh_settings.setdefault('port', ssh_port[0]) except Exception as e: raise Exception(f'error: Cannot get SSH settings: {e}') @@ -65,7 +67,7 @@ def create_ssh_cred() -> str: name = common.checkAjaxInput(request.form.get('new_ssh')) enable = common.checkAjaxInput(request.form.get('ssh_enable')) group = common.checkAjaxInput(request.form.get('new_group')) - group_name = sql.get_group_name_by_id(group) + group_name = group_sql.get_group_name_by_id(group) username = common.checkAjaxInput(request.form.get('ssh_user')) password = common.checkAjaxInput(request.form.get('ssh_pass')) page = common.checkAjaxInput(request.form.get('page')) @@ -83,15 +85,15 @@ def create_ssh_cred() -> str: return error_mess else: try: - sql.insert_new_ssh(name, enable, group, username, password) + cred_sql.insert_new_ssh(name, enable, group, username, password) except Exception as e: roxywi_common.handle_exceptions(e, 'Roxy-WI server', 'Cannot create new SSH credentials', roxywi=1, login=1) roxywi_common.logging('Roxy-WI server', f'New SSH credentials {name} has been created', roxywi=1, login=1) - return render_template('ajax/new_ssh.html', groups=sql.select_groups(), sshs=sql.select_ssh(name=name), page=page, lang=lang) + return render_template('ajax/new_ssh.html', groups=group_sql.select_groups(), sshs=cred_sql.select_ssh(name=name), page=page, lang=lang) def create_ssh_cread_api(name: str, enable: str, group: str, username: str, password: str) -> bool: - group_name = sql.get_group_name_by_id(group) + group_name = group_sql.get_group_name_by_id(group) name = common.checkAjaxInput(name) name = f'{name}_{group_name}' enable = common.checkAjaxInput(enable) @@ -107,8 +109,12 @@ def create_ssh_cread_api(name: str, enable: str, group: str, username: str, pass if username is None or name is None: return False else: - if sql.insert_new_ssh(name, enable, group, username, password): + try: + cred_sql.insert_new_ssh(name, enable, group, username, password) + roxywi_common.logging('Roxy-WI server', f'New SSH credentials {name} has been created', roxywi=1) return True + except Exception as e: + roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'Cannot create SSH credentials {name}', roxywi=1) def upload_ssh_key(name: str, user_group: str, key: str, passphrase: str) -> str: @@ -158,7 +164,7 @@ def upload_ssh_key(name: str, user_group: str, key: str, passphrase: str) -> str raise Exception(e) try: - sql.update_ssh_passphrase(name, passphrase) + cred_sql.update_ssh_passphrase(name, passphrase) except Exception as e: raise Exception(e) @@ -188,7 +194,7 @@ def update_ssh_key() -> str: lib_path = get_config.get_config_var('main', 'lib_path') - for sshs in sql.select_ssh(id=ssh_id): + for sshs in cred_sql.select_ssh(id=ssh_id): ssh_enable = sshs.enable ssh_key_name = f'{lib_path}/keys/{sshs.name}.pem' new_ssh_key_name = f'{lib_path}/keys/{name}.pem' @@ -197,7 +203,7 @@ def update_ssh_key() -> str: os.rename(ssh_key_name, new_ssh_key_name) os.chmod(new_ssh_key_name, 0o600) - sql.update_ssh(ssh_id, name, enable, group, username, password) + cred_sql.update_ssh(ssh_id, name, enable, group, username, password) roxywi_common.logging('Roxy-WI server', f'The SSH credentials {name} has been updated ', roxywi=1, login=1) return 'ok' @@ -209,7 +215,7 @@ def delete_ssh_key(ssh_id) -> str: ssh_enable = 0 ssh_key_name = '' - for sshs in sql.select_ssh(id=ssh_id): + for sshs in cred_sql.select_ssh(id=ssh_id): ssh_enable = sshs.enable name = sshs.name ssh_key_name = f'{lib_path}/keys/{sshs.name}.pem' @@ -219,9 +225,12 @@ def delete_ssh_key(ssh_id) -> str: os.remove(ssh_key_name) except Exception: pass - if sql.delete_ssh(ssh_id): + try: + cred_sql.delete_ssh(ssh_id) roxywi_common.logging('Roxy-WI server', f'The SSH credentials {name} has deleted', roxywi=1, login=1) return 'ok' + except Exception as e: + roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'Cannot delete SSH credentials {name}', roxywi=1, login=1) def crypt_password(password: str) -> bytes: diff --git a/app/modules/server/ssh_connection.py b/app/modules/server/ssh_connection.py index 32ae3dd9..c4b2930f 100644 --- a/app/modules/server/ssh_connection.py +++ b/app/modules/server/ssh_connection.py @@ -58,7 +58,7 @@ class SshConnection: if kwargs.get('timeout'): timeout = kwargs.get('timeout') else: - timeout = 1 + timeout = 5 try: stdin, stdout, stderr = self.ssh.exec_command(command, get_pty=True, timeout=timeout) except Exception as e: diff --git a/app/modules/service/action.py b/app/modules/service/action.py index 29db8b5e..7e0aa127 100644 --- a/app/modules/service/action.py +++ b/app/modules/service/action.py @@ -1,4 +1,10 @@ +import socket +from contextlib import closing + import app.modules.db.sql as sql +import app.modules.db.user as user_sql +import app.modules.db.server as server_sql +import app.modules.db.service as service_sql import app.modules.common.common as common import app.modules.server.server as server_mod import app.modules.roxywi.common as roxywi_common @@ -7,15 +13,47 @@ import app.modules.service.common as service_common def common_action(server_ip: str, action: str, service: str) -> str: action_functions = { - 'haproxy': action_haproxy, - 'nginx': action_nginx, - 'keepalived': action_keepalived, - 'apache': action_apache, + 'haproxy': service_action, + 'nginx': service_action, + 'keepalived': service_action, + 'apache': service_action, 'waf_haproxy': action_haproxy_waf, 'waf_nginx': action_nginx_waf } - return action_functions[service](server_ip, action) + return action_functions[service](server_ip, action, service) + + + +def service_action(server_ip: str, action: str, service: str) -> str: + """ + :param server_ip: The IP address of the server on which the action will be performed. + :param action: The action to be performed on the service (e.g., "start", "stop"). + :param service: The name of the service on which the action will be performed. + :return: A string indicating the success or failure of the action. + """ + try: + service_common.is_protected(server_ip, action) + except Exception as e: + return str(e) + server_id = server_sql.select_server_id_by_ip(server_ip=server_ip) + + if service_common.is_not_allowed_to_restart(server_id, service, action): + return f'error: This server is not allowed to be restarted' + + try: + if service != 'keepalived': + service_common.check_service_config(server_ip, server_id, service) + except Exception as e: + return f'error: Cannot check config: {e}' + + command = get_action_command(service, action, server_id) + try: + server_mod.ssh_command(server_ip, command) + roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service=service) + return f"success: {service.title()} has been {action}" + except Exception as e: + return f"error: Cannot {action} {service.title()}: {e}" def get_action_command(service: str, action: str, server_id: int) -> str: @@ -26,7 +64,7 @@ def get_action_command(service: str, action: str, server_id: int) -> str: :return: A list containing the action command that needs to be executed. """ - is_docker = sql.select_service_setting(server_id, service, 'dockerized') + is_docker = service_sql.select_service_setting(server_id, service, 'dockerized') if is_docker == '1': container_name = sql.get_setting(f'{service}_container_name') if action == 'reload': @@ -39,77 +77,7 @@ def get_action_command(service: str, action: str, server_id: int) -> str: return commands -def action_haproxy(server_ip: str, action: str) -> str: - try: - service_common.is_protected(server_ip, action) - except Exception as e: - return str(e) - - if not service_common.check_haproxy_config(server_ip): - return "error: Bad config, check please" - - server_id = sql.select_server_id_by_ip(server_ip=server_ip) - - if service_common.is_not_allowed_to_restart(server_id, 'haproxy', action): - return f'error: This server is not allowed to be restarted' - - commands = [get_action_command('haproxy', action, server_id)] - server_mod.ssh_command(server_ip, commands, timeout=5) - roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service='haproxy') - return f"success: HAProxy has been {action}" - - -def action_nginx(server_ip: str, action: str) -> str: - try: - service_common.is_protected(server_ip, action) - except Exception as e: - return str(e) - - check_config = service_common.check_nginx_config(server_ip) - if check_config != 'ok': - return f"error: Bad config, check please {check_config}" - - server_id = sql.select_server_id_by_ip(server_ip=server_ip) - - if service_common.is_not_allowed_to_restart(server_id, 'nginx', action): - return f'error: This server is not allowed to be restarted' - - commands = [get_action_command('nginx', action, server_id)] - server_mod.ssh_command(server_ip, commands, timeout=5) - roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service='nginx') - return f"success: NGINX has been {action}" - - -def action_keepalived(server_ip: str, action: str) -> str: - try: - service_common.is_protected(server_ip, action) - except Exception as e: - return str(e) - - commands = [f"sudo systemctl {action} keepalived"] - server_mod.ssh_command(server_ip, commands) - roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service='keepalived') - return f"success: Keepalived has been {action}" - - -def action_apache(server_ip: str, action: str) -> str: - try: - service_common.is_protected(server_ip, action) - except Exception as e: - return str(e) - - server_id = sql.select_server_id_by_ip(server_ip) - - if service_common.is_not_allowed_to_restart(server_id, 'apache', action): - return f'error: This server is not allowed to be restarted' - - commands = [get_action_command('apache', action, server_id)] - server_mod.ssh_command(server_ip, commands, timeout=5) - roxywi_common.logging(server_ip, f'Service has been {action}ed', roxywi=1, login=1, keep_history=1, service='apache') - return f"success: Apache has been {action}" - - -def action_haproxy_waf(server_ip: str, action: str) -> str: +def action_haproxy_waf(server_ip: str, action: str, service: str) -> str: try: service_common.is_protected(server_ip, action) except Exception as e: @@ -118,12 +86,14 @@ def action_haproxy_waf(server_ip: str, action: str) -> str: roxywi_common.logging( server_ip, f'HAProxy WAF service has been {action}ed', roxywi=1, login=1, keep_history=1, service='haproxy' ) - commands = [f"sudo systemctl {action} waf"] - server_mod.ssh_command(server_ip, commands) - return f"success: WAF has been {action}" + command = f"sudo systemctl {action} waf" + try: + server_mod.ssh_command(server_ip, command) + return f"success: WAF has been {action}" + except Exception as e: + return f"error: Cannot {action} WAF service: {e}" - -def action_nginx_waf(server_ip: str, action: str) -> str: +def action_nginx_waf(server_ip: str, action: str, service: str) -> str: config_dir = common.return_nice_path(sql.get_setting('nginx_dir')) try: @@ -134,21 +104,20 @@ def action_nginx_waf(server_ip: str, action: str) -> str: waf_new_state = 'on' if action == 'start' else 'off' waf_old_state = 'off' if action == 'start' else 'on' - roxywi_common.logging(server_ip, f'NGINX WAF service has been {action}ed', roxywi=1, login=1, keep_history=1, - service='nginx') - commands = [f"sudo sed -i 's/modsecurity {waf_old_state}/modsecurity {waf_new_state}/g' {config_dir}nginx.conf" - f" && sudo systemctl reload nginx"] - server_mod.ssh_command(server_ip, commands) + roxywi_common.logging(server_ip, f'NGINX WAF service has been {action}ed', roxywi=1, login=1, keep_history=1, service='nginx') + command = (f"sudo sed -i 's/modsecurity {waf_old_state}/modsecurity {waf_new_state}/g' {config_dir}nginx.conf " + f"&& sudo systemctl reload nginx") - return f"success: Apache has been {action}" + try: + server_mod.ssh_command(server_ip, command) + return f"success: WAF has been {action}" + except Exception as e: + return f"error: Cannot {action} WAF service: {e}" def check_service(server_ip: str, user_uuid: str, service: str) -> str: - import socket - from contextlib import closing - - user_id = sql.get_user_id_by_uuid(user_uuid) - user_services = sql.select_user_services(user_id) + user_id = user_sql.get_user_id_by_uuid(user_uuid) + user_services = user_sql.select_user_services(user_id) if '1' in user_services: if service == 'haproxy': @@ -160,31 +129,16 @@ def check_service(server_ip: str, user_uuid: str, service: str) -> str: return 'up' else: return 'down' - if '2' in user_services: - if service == 'nginx': - nginx_stats_port = sql.get_setting('nginx_stats_port') + if ('2' in user_services and service == 'nginx') or ('4' in user_services and service == 'apache'): + stats_port = sql.get_setting(f'{service}_stats_port') - with closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as sock: - sock.settimeout(5) + with closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as sock: + sock.settimeout(5) - try: - if sock.connect_ex((server_ip, nginx_stats_port)) == 0: - return 'up' - else: - return 'down' - except Exception as e: - return 'down' + str(e) - if '4' in user_services: - if service == 'apache': - apache_stats_port = sql.get_setting('apache_stats_port') - - with closing(socket.socket(socket.AF_INET, socket.SOCK_STREAM)) as sock: - sock.settimeout(5) - - try: - if sock.connect_ex((server_ip, apache_stats_port)) == 0: - return 'up' - else: - return 'down' - except Exception as e: - return 'down' + str(e) + try: + if sock.connect_ex((server_ip, stats_port)) == 0: + return 'up' + else: + return 'down' + except Exception as e: + return f'down {e}' diff --git a/app/modules/service/backup.py b/app/modules/service/backup.py index 4b8e0c23..1e180430 100644 --- a/app/modules/service/backup.py +++ b/app/modules/service/backup.py @@ -2,11 +2,15 @@ import os from flask import render_template -import modules.db.sql as sql -import modules.server.ssh as ssh_mod -import modules.server.server as server_mod -import modules.roxywi.common as roxywi_common -import modules.service.installation as installation_mod +import app.modules.db.sql as sql +import app.modules.db.cred as cred_sql +import app.modules.db.backup as backup_sql +import app.modules.db.server as server_sql +import app.modules.db.service as service_sql +import app.modules.server.ssh as ssh_mod +import app.modules.server.server as server_mod +import app.modules.roxywi.common as roxywi_common +import app.modules.service.installation as installation_mod def backup(serv, rpath, time, backup_type, rserver, cred, deljob, update, description) -> str: @@ -22,7 +26,7 @@ def backup(serv, rpath, time, backup_type, rserver, cred, deljob, update, descri deljob = '' else: deljob = '' - if sql.check_exists_backup(serv): + if backup_sql.check_exists_backup(serv): return f'warning: Backup job for {serv} already exists' os.system(f"cp {full_path}/scripts/{script} {full_path}/{script}") @@ -47,21 +51,21 @@ def backup(serv, rpath, time, backup_type, rserver, cred, deljob, update, descri return f'error: {output}' else: if not deljob and not update: - if sql.insert_backup_job(serv, rserver, rpath, backup_type, time, cred, description): + if backup_sql.insert_backup_job(serv, rserver, rpath, backup_type, time, cred, description): roxywi_common.logging('backup ', f' a new backup job for server {serv} has been created', roxywi=1, login=1) return render_template( - 'ajax/new_backup.html', backups=sql.select_backups(server=serv, rserver=rserver), sshs=sql.select_ssh() + 'ajax/new_backup.html', backups=backup_sql.select_backups(server=serv, rserver=rserver), sshs=cred_sql.select_ssh() ) else: raise Exception('error: Cannot add the job into DB') elif deljob: - sql.delete_backups(deljob) + backup_sql.delete_backups(deljob) roxywi_common.logging('backup ', f' a backup job for server {serv} has been deleted', roxywi=1, login=1) return 'ok' elif update: - sql.update_backup(serv, rserver, rpath, backup_type, time, cred, description, update) + backup_sql.update_backup(serv, rserver, rpath, backup_type, time, cred, description, update) roxywi_common.logging('backup ', f' a backup job for server {serv} has been updated', roxywi=1, login=1) return 'ok' @@ -77,7 +81,7 @@ def s3_backup(server, s3_server, bucket, secret_key, access_key, time, deljob, d access_key = '' tag = 'delete' else: - if sql.check_exists_s3_backup(server): + if backup_sql.check_exists_s3_backup(server): raise Exception(f'error: Backup job for {server} already exists') os.system(f"cp {full_path}/scripts/{script} {full_path}/{script}") @@ -98,15 +102,15 @@ def s3_backup(server, s3_server, bucket, secret_key, access_key, time, deljob, d try: if installation_mod.show_installation_output(return_out['error'], return_out['output'], 'S3 backup', rc=return_out['rc']): try: - sql.insert_s3_backup_job(server, s3_server, bucket, secret_key, access_key, time, description) + backup_sql.insert_s3_backup_job(server, s3_server, bucket, secret_key, access_key, time, description) except Exception as e: raise Exception(f'error: {e}') except Exception as e: raise Exception(e) roxywi_common.logging('backup ', f' a new S3 backup job for server {server} has been created', roxywi=1, login=1) - return render_template('ajax/new_s3_backup.html', backups=sql.select_s3_backups(server=server, s3_server=s3_server, bucket=bucket)) + return render_template('ajax/new_s3_backup.html', backups=backup_sql.select_s3_backups(server=server, s3_server=s3_server, bucket=bucket)) elif deljob: - sql.delete_s3_backups(deljob) + backup_sql.delete_s3_backups(deljob) roxywi_common.logging('backup ', f' a S3 backup job for server {server} has been deleted', roxywi=1, login=1) return 'ok' @@ -114,9 +118,9 @@ def s3_backup(server, s3_server, bucket, secret_key, access_key, time, deljob, d def git_backup(server_id, service_id, git_init, repo, branch, period, cred, deljob, description, backup_id) -> str: servers = roxywi_common.get_dick_permit() proxy = sql.get_setting('proxy') - services = sql.select_services() - server_ip = sql.select_server_ip_by_id(server_id) - service_name = sql.select_service_name_by_id(service_id).lower() + services = service_sql.select_services() + server_ip = server_sql.select_server_ip_by_id(server_id) + service_name = service_sql.select_service_name_by_id(service_id).lower() service_config_dir = sql.get_setting(service_name + '_dir') script = 'git_backup.sh' proxy_serv = '' @@ -154,12 +158,12 @@ def git_backup(server_id, service_id, git_init, repo, branch, period, cred, delj return 'error: ' + output else: if deljob == '0': - if sql.insert_new_git( + if backup_sql.insert_new_git( server_id=server_id, service_id=service_id, repo=repo, branch=branch, period=period, cred=cred, description=description ): - gits = sql.select_gits(server_id=server_id, service_id=service_id) - sshs = sql.select_ssh() + gits = backup_sql.select_gits(server_id=server_id, service_id=service_id) + sshs = cred_sql.select_ssh() lang = roxywi_common.get_user_lang_for_flask() roxywi_common.logging( @@ -168,5 +172,5 @@ def git_backup(server_id, service_id, git_init, repo, branch, period, cred, delj ) return render_template('ajax/new_git.html', gits=gits, sshs=sshs, servers=servers, services=services, new_add=1, lang=lang) else: - if sql.delete_git(backup_id): + if backup_sql.delete_git(backup_id): return 'ok' diff --git a/app/modules/service/common.py b/app/modules/service/common.py index 4420b679..bba4ce63 100644 --- a/app/modules/service/common.py +++ b/app/modules/service/common.py @@ -2,7 +2,9 @@ import requests from flask import render_template, request import app.modules.db.sql as sql -import app.modules.server.ssh as mod_ssh +import app.modules.db.user as user_sql +import app.modules.db.server as server_sql +import app.modules.db.service as service_sql import app.modules.common.common as common import app.modules.server.server as server_mod import app.modules.roxywi.common as roxywi_common @@ -21,7 +23,7 @@ def get_correct_service_name(service: str, server_id: int) -> str: * with parameters 0 and the server ID to get the correct apache service name. If none of the conditions match, it will return the original service name. """ if service == 'haproxy': - haproxy_enterprise = sql.select_service_setting(server_id, 'haproxy', 'haproxy_enterprise') + haproxy_enterprise = service_sql.select_service_setting(server_id, 'haproxy', 'haproxy_enterprise') if haproxy_enterprise == '1': return "hapee-2.0-lb" if service == 'apache': @@ -52,9 +54,9 @@ def is_protected(server_ip: str, action: str) -> None: """ user_uuid = request.cookies.get('uuid') group_id = int(request.cookies.get('group')) - user_role = sql.get_user_role_by_uuid(user_uuid, group_id) + user_role = user_sql.get_user_role_by_uuid(user_uuid, group_id) - if sql.is_serv_protected(server_ip) and int(user_role) > 2: + if server_sql.is_serv_protected(server_ip) and int(user_role) > 2: raise Exception(f'error: This server is protected. You cannot {action} it') @@ -71,9 +73,9 @@ def is_not_allowed_to_restart(server_id: int, service: str, action: str) -> int: is_restart = 0 if service != 'waf' and action == 'restart': try: - is_restart = sql.select_service_setting(server_id, service, 'restart') + is_restart = int(service_sql.select_service_setting(server_id, service, 'restart')) except Exception as e: - roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'error: Cannot get restart settings for service {service}: {e}') + roxywi_common.handle_exceptions(e, 'Roxy-WI server', f'Cannot get restart settings for service {service}') return is_restart @@ -81,17 +83,17 @@ def is_not_allowed_to_restart(server_id: int, service: str, action: str) -> int: def get_exp_version(server_ip: str, service_name: str) -> str: server_ip = common.is_ip_or_dns(server_ip) if service_name == 'haproxy': - commands = ["/opt/prometheus/exporters/haproxy_exporter --version 2>&1 |head -1|awk '{print $3}'"] + command = "/opt/prometheus/exporters/haproxy_exporter --version 2>&1 |head -1|awk '{print $3}'" elif service_name == 'nginx': - commands = ["/opt/prometheus/exporters/nginx_exporter --version 2>&1 |head -1 |awk -F\"version\" '{print $2}'|awk '{print $1}'"] + command = "/opt/prometheus/exporters/nginx_exporter --version 2>&1 |head -1 |awk -F\"version\" '{print $2}'|awk '{print $1}'" elif service_name == 'node': - commands = ["node_exporter --version 2>&1 |head -1|awk '{print $3}'"] + command = "node_exporter --version 2>&1 |head -1|awk '{print $3}'" elif service_name == 'apache': - commands = ["/opt/prometheus/exporters/apache_exporter --version 2>&1 |head -1|awk '{print $3}'"] + command = "/opt/prometheus/exporters/apache_exporter --version 2>&1 |head -1|awk '{print $3}'" elif service_name == 'keepalived': - commands = ["keepalived_exporter --version 2>&1 |head -1|awk '{print $2}'"] + command = "keepalived_exporter --version 2>&1 |head -1|awk '{print $2}'" - ver = server_mod.ssh_command(server_ip, commands) + ver = server_mod.ssh_command(server_ip, command) if ver != '': return ver @@ -101,10 +103,10 @@ def get_exp_version(server_ip: str, service_name: str) -> str: def get_correct_apache_service_name(server_ip=None, server_id=None) -> str: if server_id is None: - server_id = sql.select_server_id_by_ip(server_ip) + server_id = server_sql.select_server_id_by_ip(server_ip) try: - os_info = sql.select_os_info(server_id) + os_info = server_sql.select_os_info(server_id) except Exception as e: raise Exception(f'error: cannot get server info: {e}') @@ -129,45 +131,59 @@ def server_status(stdout): return proc_count -def check_haproxy_config(server_ip): - server_id = sql.select_server_id_by_ip(server_ip=server_ip) - is_dockerized = sql.select_service_setting(server_id, 'haproxy', 'dockerized') - config_path = sql.get_setting('haproxy_config_path') +def check_service_config(server_ip: str, server_id: int, service: str) -> None: + """ + :param server_ip: The IP address of the server to check the service configuration for. + :param server_id: The unique identifier of the server. + :param service: The name of the service to check the configuration for. + :return: True if the service configuration is valid, False otherwise. - if is_dockerized == '1': - container_name = sql.get_setting('haproxy_container_name') - commands = [f"sudo docker exec -it {container_name} haproxy -q -c -f {config_path}"] - else: - commands = [f"haproxy -q -c -f {config_path}"] + This method checks the configuration of a given service on a server. It first retrieves the value of the "dockerized" setting for the service and the container name from the database + *. Then, it constructs the command to check the configuration based on the service type and dockerization status. + + The command depends on the service type and can be one of the following: + - For haproxy: + - If not dockerized: `haproxy -c -f {config_path}` + - If dockerized: `sudo docker exec -it {container_name} haproxy -c -f {config_path}` + - For nginx: + - If not dockerized: `sudo nginx -q -t -p {config_path}` + - If dockerized: `sudo docker exec -it {container_name} nginx -t` + - For apache: + - If not dockerized: `sudo apachectl -t` + - If dockerized: `sudo docker exec -it {container_name} apachectl -t` + - For keepalived: + - If not dockerized: `keepalived -t -f {config_path}` + - If dockerized: empty string ` ` (no command needed) + + The method then tries to execute the generated command on the server using the server_mod.ssh_command method. If any exception occurs during the process, it is re-ra + *ised with an appropriate error message. + + """ + is_dockerized = service_sql.select_service_setting(server_id, service, 'dockerized') + container_name = sql.get_setting(f'{service}_container_name') + command_for_docker = f'sudo docker exec -it {container_name}' + config_path = '' + + if service in ('haproxy', 'keepalived'): + config_path = sql.get_setting(f'{service}_config_path') + + command = { + 'haproxy': {'0': f'haproxy -c -f {config_path} ', '1': f'{command_for_docker} haproxy -c -f {config_path} '}, + 'nginx': {'0': 'sudo nginx -q -t ', '1': f'{command_for_docker} nginx -t '}, + 'apache': {'0': 'sudo apachectl -t ', '1': f'{command_for_docker} apachectl -t '}, + 'keepalived': {'0': f'keepalived -t -f {config_path} ', '1': ' '} + } try: - with mod_ssh.ssh_connect(server_ip) as ssh: - for command in commands: - stdin, stdout, stderr = ssh.run_command(command, timeout=5) - if not stderr.read(): - return True - else: - return False + check_config = command[service][is_dockerized] except Exception as e: - print(f'error: {e}') + raise Exception(f'error: Cannot generate command: {e}') + try: + server_mod.ssh_command(server_ip, check_config) + except Exception as e: + raise Exception(e) -def check_nginx_config(server_ip) -> str: - """ - Check the Nginx configuration on the specified server IP. - - :param server_ip: The IP address of the server where Nginx is running. - :return: True if the Nginx configuration is valid, False otherwise. - """ - commands = [f"sudo nginx -q -t -p {sql.get_setting('nginx_dir')}"] - - with mod_ssh.ssh_connect(server_ip) as ssh: - for command in commands: - stdin, stdout, stderr = ssh.run_command(command) - for line in stdout.readlines(): - if 'emerg' in line or 'error' in line or 'faield' in line: - return line - return 'ok' def overview_backends(server_ip: str, service: str) -> str: @@ -202,9 +218,9 @@ def overview_backends(server_ip: str, service: str) -> str: def get_overview_last_edit(server_ip: str, service: str) -> str: config_path = sql.get_setting(f'{service}_config_path') - commands = ["ls -l %s |awk '{ print $6\" \"$7\" \"$8}'" % config_path] + command = "ls -l %s |awk '{ print $6\" \"$7\" \"$8}'" % config_path try: - return server_mod.ssh_command(server_ip, commands) + return server_mod.ssh_command(server_ip, command) except Exception as e: return f'error: Cannot get last date {e} for server {server_ip}' @@ -249,16 +265,16 @@ def show_service_version(server_ip: str, service: str) -> str: if service == 'haproxy': return check_haproxy_version(server_ip) - server_id = sql.select_server_id_by_ip(server_ip) + server_id = server_sql.select_server_id_by_ip(server_ip) service_name = get_correct_service_name(service, server_id) - is_dockerized = sql.select_service_setting(server_id, service, 'dockerized') + is_dockerized = service_sql.select_service_setting(server_id, service, 'dockerized') if is_dockerized == '1': container_name = sql.get_setting(f'{service}_container_name') if service == 'apache': - cmd = [f'docker exec -it {container_name} /usr/local/apache2/bin/httpd -v 2>&1|head -1|awk -F":" \'{{print $2}}\''] + cmd = f'docker exec -it {container_name} /usr/local/apache2/bin/httpd -v 2>&1|head -1|awk -F":" \'{{print $2}}\'' else: - cmd = [f'docker exec -it {container_name} /usr/sbin/{service_name} -v 2>&1|head -1|awk -F":" \'{{print $2}}\''] + cmd = f'docker exec -it {container_name} /usr/sbin/{service_name} -v 2>&1|head -1|awk -F":" \'{{print $2}}\'' else: cmd = [f'sudo /usr/sbin/{service_name} -v|head -1|awk -F":" \'{{print $2}}\''] diff --git a/app/modules/service/ha_cluster.py b/app/modules/service/ha_cluster.py index 29a0a916..967a0a78 100644 --- a/app/modules/service/ha_cluster.py +++ b/app/modules/service/ha_cluster.py @@ -1,6 +1,9 @@ import json import app.modules.db.sql as sql +import app.modules.db.server as server_sql +import app.modules.db.ha_cluster as ha_sql +import app.modules.db.service as service_sql from app.modules.db.db_model import HaCluster, HaClusterRouter, HaClusterVip, HaClusterVirt import app.modules.common.common as common import app.modules.server.server as server_mod @@ -17,7 +20,7 @@ def create_cluster(cluster: json, group_id: int) -> str: desc = common.checkAjaxInput(cluster['desc']) try: - cluster_id = sql.create_cluster(cluster_name, syn_flood, group_id, desc) + cluster_id = ha_sql.create_cluster(cluster_name, syn_flood, group_id, desc) roxywi_common.logging(cluster_id, 'New cluster has been created', keep_history=1, roxywi=1, service='HA cluster') except Exception as e: return f'error: Cannot create new HA cluster: {e}' @@ -41,15 +44,15 @@ def create_cluster(cluster: json, group_id: int) -> str: if value['master']: continue try: - sql.update_server_master(master_ip, value['ip']) + ha_sql.update_server_master(master_ip, value['ip']) except Exception as e: raise Exception(f'error: Cannot update master on slave {value["ip"]: {e}}') for slave_id, value in cluster['servers'].items(): if value['master']: - slave_id = sql.select_server_id_by_ip(master_ip) + slave_id = server_sql.select_server_id_by_ip(master_ip) try: - sql.insert_or_update_slave(cluster_id, slave_id, value['eth'], value['master'], router_id) + ha_sql.insert_or_update_slave(cluster_id, slave_id, value['eth'], value['master'], router_id) roxywi_common.logging(cluster_id, f'New server {value["ip"]} has been added to the cluster', keep_history=1, roxywi=1, service='HA cluster') except Exception as e: raise Exception(f'error: Cannot update slave server {value["ip"]}: {e}') @@ -58,8 +61,8 @@ def create_cluster(cluster: json, group_id: int) -> str: if not value['enabled']: continue try: - service_id = sql.select_service_id_by_slug(service) - sql.insert_cluster_services(cluster_id, service_id) + service_id = service_sql.select_service_id_by_slug(service) + ha_sql.insert_cluster_services(cluster_id, service_id) roxywi_common.logging(cluster_id, f'Service {service} has been enabled on the cluster', keep_history=1, roxywi=1, service='HA cluster') except Exception as e: raise Exception(f'error: Cannot add service {service}: {e}') @@ -77,12 +80,12 @@ def update_cluster(cluster: json, group_id: int) -> str: desc = common.checkAjaxInput(cluster['desc']) try: - router_id = sql.get_router_id(cluster_id, default_router=1) + router_id = ha_sql.get_router_id(cluster_id, default_router=1) except Exception as e: raise Exception(f'error: Cannot get router: {e}') try: - sql.update_cluster(cluster_id, cluster_name, desc, syn_flood) + ha_sql.update_cluster(cluster_id, cluster_name, desc, syn_flood) except Exception as e: raise Exception(f'error: Cannot update HA cluster: {e}') @@ -97,7 +100,7 @@ def update_cluster(cluster: json, group_id: int) -> str: raise Exception(e) try: - sql.delete_cluster_services(cluster_id) + ha_sql.delete_cluster_services(cluster_id) except Exception as e: raise Exception(f'error: Cannot delete old services: {e}') @@ -105,8 +108,8 @@ def update_cluster(cluster: json, group_id: int) -> str: if not value['enabled']: continue try: - service_id = sql.select_service_id_by_slug(service) - sql.insert_cluster_services(cluster_id, service_id) + service_id = service_sql.select_service_id_by_slug(service) + ha_sql.insert_cluster_services(cluster_id, service_id) except Exception as e: raise Exception(f'error: Cannot add service {service}: {e}') @@ -116,13 +119,13 @@ def update_cluster(cluster: json, group_id: int) -> str: def delete_cluster(cluster_id: int) -> str: - router_id = sql.get_router_id(cluster_id, default_router=1) - slaves = sql.select_cluster_slaves(cluster_id, router_id) + router_id = ha_sql.get_router_id(cluster_id, default_router=1) + slaves = ha_sql.select_cluster_slaves(cluster_id, router_id) for slave in slaves: - slave_ip = sql.select_server_ip_by_id(slave[0]) + slave_ip = server_sql.select_server_ip_by_id(slave[0]) try: - sql.update_master_server_by_slave_ip(0, slave_ip) + ha_sql.update_master_server_by_slave_ip(0, slave_ip) except Exception as e: raise Exception(f'error: Cannot update master on slave {slave_ip}: {e}') @@ -135,16 +138,16 @@ def delete_cluster(cluster_id: int) -> str: def update_vip(cluster_id: int, router_id: int, json_data: json, group_id: int) -> None: return_master = int(json_data['return_to_master']) vip = common.is_ip_or_dns(json_data['vip']) - vip_id = sql.select_clusters_vip_id(cluster_id, router_id) + vip_id = ha_sql.select_clusters_vip_id(cluster_id, router_id) try: - sql.update_ha_cluster_vip(cluster_id, router_id, vip, return_master) + ha_sql.update_ha_cluster_vip(cluster_id, router_id, vip, return_master) except Exception as e: raise Exception(f'error: Cannot update VIP: {e}') for slave_id, value in json_data['servers'].items(): try: - sql.update_slave(cluster_id, slave_id, value['eth'], value['master'], router_id) + ha_sql.update_slave(cluster_id, slave_id, value['eth'], value['master'], router_id) except Exception as e: raise Exception(f'error: Cannot add server {value["ip"]}: {e}') @@ -152,8 +155,8 @@ def update_vip(cluster_id: int, router_id: int, json_data: json, group_id: int) add_or_update_virt(json_data, cluster_id, vip_id, group_id) else: try: - if sql.check_ha_virt(vip_id): - sql.delete_ha_virt(vip_id) + if ha_sql.check_ha_virt(vip_id): + ha_sql.delete_ha_virt(vip_id) roxywi_common.logging(cluster_id, f'Cluster virtual server for VIP: {vip} has been deleted', keep_history=1, roxywi=1, service='HA cluster') except Exception as e: roxywi_common.logging(cluster_id, f'Cannot delete cluster virtual server for VIP {vip}: {e}', keep_history=1, roxywi=1, service='HA cluster') @@ -166,7 +169,7 @@ def insert_vip(cluster_id: int, json_data: json, group_id: int) -> None: return_master = int(json_data['return_to_master']) try: - router_id = sql.create_ha_router(cluster_id) + router_id = ha_sql.create_ha_router(cluster_id) except Exception as e: raise Exception(f'error: Cannot create new router: {e}') @@ -177,7 +180,7 @@ def insert_vip(cluster_id: int, json_data: json, group_id: int) -> None: for slave_id, value in json_data['servers'].items(): try: - sql.insert_or_update_slave(cluster_id, slave_id, value['eth'], value['master'], router_id) + ha_sql.insert_or_update_slave(cluster_id, slave_id, value['eth'], value['master'], router_id) except Exception as e: raise Exception(f'error: Cannot add server {value["ip"]}: {e}') @@ -192,7 +195,7 @@ def update_slaves(json_data: json, router_id: int) -> None: cluster = json_data cluster_id = int(json_data['cluster_id']) all_routers_in_cluster = HaClusterRouter.select(HaClusterRouter.id).where(HaClusterRouter.cluster_id == cluster_id).execute() - server_ids_from_db = sql.select_cluster_slaves(cluster_id, router_id) + server_ids_from_db = ha_sql.select_cluster_slaves(cluster_id, router_id) server_ids = [] server_ids_from_json = [] @@ -205,7 +208,7 @@ def update_slaves(json_data: json, router_id: int) -> None: for slave_id, value in cluster['servers'].items(): if value['master']: - slave_id = sql.select_server_id_by_ip(master_ip) + slave_id = server_sql.select_server_id_by_ip(master_ip) server_ids_from_json.append(int(slave_id)) server_ids_for_deletion = set(server_ids) - set(server_ids_from_json) @@ -216,15 +219,15 @@ def update_slaves(json_data: json, router_id: int) -> None: for server_id_add in server_ids_for_adding: if int(slave_id) == int(server_id_add): try: - sql.insert_or_update_slave(cluster_id, slave_id, value['eth'], value['master'], router) + ha_sql.insert_or_update_slave(cluster_id, slave_id, value['eth'], value['master'], router) except Exception as e: raise Exception(f'error: Cannot add new slave {value["name"]}: {e}') for o_s in server_ids_for_deletion: - sql.delete_master_from_slave(o_s) + ha_sql.delete_master_from_slave(o_s) try: - sql.delete_ha_cluster_delete_slave(o_s) + ha_sql.delete_ha_cluster_delete_slave(o_s) except Exception as e: raise Exception(f'error: Cannot recreate slaves server: {e}') @@ -232,15 +235,15 @@ def update_slaves(json_data: json, router_id: int) -> None: if value['master']: continue try: - sql.update_server_master(master_ip, common.is_ip_or_dns((value['ip']))) + ha_sql.update_server_master(master_ip, common.is_ip_or_dns((value['ip']))) except Exception as e: raise Exception(f'error: Cannot update master on slave {value["ip"]}: {e}') for slave_id, value in cluster['servers'].items(): if value['master']: - slave_id = sql.select_server_id_by_ip(master_ip) + slave_id = server_sql.select_server_id_by_ip(master_ip) try: - sql.insert_or_update_slave(cluster_id, slave_id, value['eth'], value['master'], router_id) + ha_sql.insert_or_update_slave(cluster_id, slave_id, value['eth'], value['master'], router_id) except Exception as e: raise Exception(f'error: Cannot update server {value["ip"]}: {e}') @@ -257,23 +260,23 @@ def add_or_update_virt(cluster: json, cluster_id: int, vip_id: int, group_id: in if value['master']: master_ip = common.is_ip_or_dns(value['ip']) - if sql.check_ha_virt(vip_id): + if ha_sql.check_ha_virt(vip_id): try: - sql.update_ha_virt_ip(vip_id, vip) + ha_sql.update_ha_virt_ip(vip_id, vip) roxywi_common.logging(cluster_id, f'Cluster virtual server for VIP {vip} has been updated', keep_history=1, roxywi=1, service='HA cluster') except Exception as e: roxywi_common.logging(cluster_id, f'Cannot update cluster virtual server for VIP {vip}: {e}', roxywi=1, service='HA cluster') else: - services = sql.select_cluster_services(cluster_id) + services = ha_sql.select_cluster_services(cluster_id) for service in services: haproxy = 1 if service.service_id == '1' else 0 nginx = 1 if service.service_id == '2' else 0 apache = 1 if service.service_id == '4' else 0 try: - cred_id = sql.get_cred_id_by_server_ip(master_ip) + cred_id = ha_sql.get_cred_id_by_server_ip(master_ip) firewall = 1 if server_mod.is_service_active(master_ip, 'firewalld') else 0 ssh_settings = return_ssh_keys_path(master_ip) - virt_id = sql.add_server( + virt_id = server_sql.add_server( f'{vip}-VIP', vip, group_id, '1', '1', '0', cred_id, ssh_settings['port'], f'VRRP IP for {cluster_name} cluster', haproxy, nginx, apache, firewall ) diff --git a/app/modules/service/haproxy.py b/app/modules/service/haproxy.py index 35a2892a..0b203af1 100644 --- a/app/modules/service/haproxy.py +++ b/app/modules/service/haproxy.py @@ -250,12 +250,10 @@ def runtime_command(serv: str, enable: str, backend: str, save: str) -> str: if save == "on": save_command = f'echo "show servers state" | sudo socat {haproxy_sock} stdio > {server_state_file}' - command = [cmd + ';' + save_command] - else: - command = [cmd] + cmd = cmd + ';' + save_command try: - output = server_mod.ssh_command(serv, command, show_log="1") + output = server_mod.ssh_command(serv, cmd, show_log="1") except Exception as e: return f'{e}' else: diff --git a/app/modules/service/installation.py b/app/modules/service/installation.py index c72088ca..0c0893af 100644 --- a/app/modules/service/installation.py +++ b/app/modules/service/installation.py @@ -5,6 +5,10 @@ from flask import render_template import ansible_runner import app.modules.db.sql as sql +import app.modules.db.waf as waf_sql +import app.modules.db.ha_cluster as ha_sql +import app.modules.db.server as server_sql +import app.modules.db.service as service_sql import app.modules.service.common as service_common import app.modules.common.common as common import app.modules.server.server as server_mod @@ -64,8 +68,8 @@ def waf_install(server_ip: str): raise Exception(e) try: - sql.insert_waf_metrics_enable(server_ip, "0") - sql.insert_waf_rules(server_ip) + waf_sql.insert_waf_metrics_enable(server_ip, "0") + waf_sql.insert_waf_rules(server_ip) except Exception as e: return str(e) @@ -101,8 +105,8 @@ def waf_nginx_install(server_ip: str): raise Exception(e) try: - sql.insert_nginx_waf_rules(server_ip) - sql.insert_waf_nginx_server(server_ip) + waf_sql.insert_nginx_waf_rules(server_ip) + waf_sql.insert_waf_nginx_server(server_ip) except Exception as e: return str(e) @@ -193,16 +197,16 @@ def generate_kp_inv(json_data: json, install_service) -> object: keepalived_path_logs = sql.get_setting('keepalived_path_logs') syn_flood_protect = str(json_data['syn_flood']) routers = {} - vips = sql.select_cluster_vips(cluster_id) + vips = ha_sql.select_cluster_vips(cluster_id) for vip in vips: router_id = str(vip.router_id) routers[router_id] = {} routers[router_id].setdefault('return_master', vip.return_master) routers[router_id].setdefault('vip', vip.vip) - slaves = sql.select_cluster_slaves_for_inv(router_id) + slaves = ha_sql.select_cluster_slaves_for_inv(router_id) for slave in slaves: - slave_ip = sql.select_server_ip_by_id(str(slave.server_id)) + slave_ip = server_sql.select_server_ip_by_id(str(slave.server_id)) routers[router_id].setdefault(slave_ip, dict()) routers[router_id][slave_ip].setdefault('master', slave.master) routers[router_id][slave_ip].setdefault('eth', slave.eth) @@ -414,14 +418,14 @@ def run_ansible(inv: dict, server_ips: str, ansible_role: str) -> object: def service_actions_after_install(server_ips: str, service: str, json_data) -> None: is_docker = None update_functions = { - 'haproxy': sql.update_haproxy, - 'nginx': sql.update_nginx, - 'apache': sql.update_apache, - 'keepalived': sql.update_keepalived, + 'haproxy': service_sql.update_haproxy, + 'nginx': service_sql.update_nginx, + 'apache': service_sql.update_apache, + 'keepalived': service_sql.update_keepalived, } for server_ip in server_ips: - server_id = sql.select_server_id_by_ip(server_ip) + server_id = server_sql.select_server_id_by_ip(server_ip) try: update_functions[service](server_ip) except Exception as e: @@ -431,8 +435,8 @@ def service_actions_after_install(server_ips: str, service: str, json_data) -> N is_docker = json_data['services'][service]['docker'] if is_docker == '1' and service != 'keepalived': - sql.insert_or_update_service_setting(server_id, service, 'dockerized', '1') - sql.insert_or_update_service_setting(server_id, service, 'restart', '1') + service_sql.insert_or_update_service_setting(server_id, service, 'dockerized', '1') + service_sql.insert_or_update_service_setting(server_id, service, 'restart', '1') def install_service(service: str, json_data: str) -> object: @@ -458,12 +462,16 @@ def install_service(service: str, json_data: str) -> object: def _install_ansible_collections(): collections = ('community.general', 'ansible.posix', 'community.docker') + trouble_link = 'Read troubleshooting' for collection in collections: if not os.path.isdir(f'/usr/share/httpd/.ansible/collections/ansible_collections/{collection.replace(".", "/")}'): try: exit_code = os.system(f'ansible-galaxy collection install {collection}') except Exception as e: - roxywi_common.handle_exceptions(e, 'Roxy-WI server', 'Cannot install as collection', roxywi=1) + roxywi_common.handle_exceptions(e, + 'Roxy-WI server', + f'Cannot install as collection. {trouble_link}', + roxywi=1) else: if exit_code != 0: - raise Exception(f'error: Ansible collection installation was not successful: {exit_code}') + raise Exception(f'error: Ansible collection installation was not successful: {exit_code}. {trouble_link}') diff --git a/app/modules/service/keepalived.py b/app/modules/service/keepalived.py index 5fe3b9a7..a6e566b6 100644 --- a/app/modules/service/keepalived.py +++ b/app/modules/service/keepalived.py @@ -5,10 +5,8 @@ def get_status(server_ip: str) -> tuple: out1 = [] h = (['', ''],) try: - cmd = [ - "/usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}' && systemctl status keepalived |" - "grep -e 'Active' |awk '{print $2, $9$10$11$12$13}' && ps ax |grep keepalived|grep -v grep |wc -l" - ] + cmd = ("/usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}' && systemctl status keepalived |" + "grep -e 'Active' |awk '{print $2, $9$10$11$12$13}' && ps ax |grep keepalived|grep -v grep |wc -l") out = server_mod.ssh_command(server_ip, cmd) for k in out.split(): out1.append(k) diff --git a/app/modules/tools/alerting.py b/app/modules/tools/alerting.py index a3047f45..25cc63eb 100644 --- a/app/modules/tools/alerting.py +++ b/app/modules/tools/alerting.py @@ -3,9 +3,14 @@ import json import pika from flask import render_template, request -import modules.db.sql as sql -import modules.common.common as common -import modules.roxywi.common as roxywi_common +import app.modules.db.sql as sql +import app.modules.db.user as user_sql +import app.modules.db.group as group_sql +import app.modules.db.server as server_sql +import app.modules.db.channel as channel_sql +import app.modules.db.checker as checker_sql +import app.modules.common.common as common +import app.modules.roxywi.common as roxywi_common error_mess = common.error_mess @@ -41,8 +46,8 @@ def alert_routing( server_ip: str, service_id: int, group_id: int, level: str, mes: str, alert_type: str ) -> None: subject: str = level + ': ' + mes - server_id: int = sql.select_server_id_by_ip(server_ip) - checker_settings = sql.select_checker_settings_for_server(service_id, server_id) + server_id: int = server_sql.select_server_id_by_ip(server_ip) + checker_settings = checker_sql.select_checker_settings_for_server(service_id, server_id) try: json_for_sending = {"user_group": group_id, "message": subject} @@ -105,7 +110,7 @@ def alert_routing( def send_email_to_server_group(subject: str, mes: str, level: str, group_id: int) -> None: try: - users_email = sql.select_users_emails_by_group_id(group_id) + users_email = user_sql.select_users_emails_by_group_id(group_id) for user_email in users_email: send_email(user_email.email, subject, f'{level}: {mes}') @@ -154,9 +159,9 @@ def telegram_send_mess(mess, level, **kwargs): return if kwargs.get('channel_id'): - telegrams = sql.get_telegram_by_id(kwargs.get('channel_id')) + telegrams = channel_sql.get_telegram_by_id(kwargs.get('channel_id')) else: - telegrams = sql.get_telegram_by_ip(kwargs.get('ip')) + telegrams = channel_sql.get_telegram_by_ip(kwargs.get('ip')) proxy = sql.get_setting('proxy') @@ -189,9 +194,9 @@ def slack_send_mess(mess, level, **kwargs): return if kwargs.get('channel_id'): - slacks = sql.get_slack_by_id(kwargs.get('channel_id')) + slacks = channel_sql.get_slack_by_id(kwargs.get('channel_id')) else: - slacks = sql.get_slack_by_ip(kwargs.get('ip')) + slacks = channel_sql.get_slack_by_ip(kwargs.get('ip')) proxy = sql.get_setting('proxy') @@ -223,12 +228,12 @@ def pd_send_mess(mess, level, server_ip=None, service_id=None, alert_type=None, if kwargs.get('channel_id'): try: - pds = sql.get_pd_by_id(kwargs.get('channel_id')) + pds = channel_sql.get_pd_by_id(kwargs.get('channel_id')) except Exception as e: print(e) else: try: - pds = sql.get_pd_by_ip(kwargs.get('ip')) + pds = channel_sql.get_pd_by_ip(kwargs.get('ip')) except Exception as e: print(e) @@ -283,7 +288,7 @@ def check_email_alert() -> str: return f'error: Cannot send a message {e}' try: - user_email = sql.select_user_email_by_uuid(user_uuid) + user_email = user_sql.select_user_email_by_uuid(user_uuid) except Exception as e: return f'error: Cannot get a user email: {e}' @@ -299,10 +304,10 @@ def add_telegram_channel(token: str, channel: str, group: str, page: str) -> str if token is None or channel is None or group is None: return error_mess else: - if sql.insert_new_telegram(token, channel, group): + if channel_sql.insert_new_telegram(token, channel, group): lang = roxywi_common.get_user_lang_for_flask() - channels = sql.select_telegram(token=token) - groups = sql.select_groups() + channels = channel_sql.select_telegram(token=token) + groups = group_sql.select_groups() roxywi_common.logging('Roxy-WI server', f'A new Telegram channel {channel} has been created ', roxywi=1, login=1) return render_template('ajax/new_receiver.html', groups=groups, lang=lang, channels=channels, page=page, receiver='telegram') @@ -312,10 +317,10 @@ def add_slack_channel(token: str, channel: str, group: str, page: str) -> str: if token is None or channel is None or group is None: return error_mess else: - if sql.insert_new_slack(token, channel, group): + if channel_sql.insert_new_slack(token, channel, group): lang = roxywi_common.get_user_lang_for_flask() - channels = sql.select_slack(token=token) - groups = sql.select_groups() + channels = channel_sql.select_slack(token=token) + groups = group_sql.select_groups() roxywi_common.logging('Roxy-WI server', f'A new Slack channel {channel} has been created ', roxywi=1, login=1) return render_template('ajax/new_receiver.html', groups=groups, lang=lang, channels=channels, page=page, receiver='slack') @@ -324,58 +329,58 @@ def add_pd_channel(token: str, channel: str, group: str, page: str) -> str: if token is None or channel is None or group is None: return error_mess else: - if sql.insert_new_pd(token, channel, group): + if channel_sql.insert_new_pd(token, channel, group): lang = roxywi_common.get_user_lang_for_flask() - channels = sql.select_slack(token=token) - groups = sql.select_groups() + channels = channel_sql.select_slack(token=token) + groups = group_sql.select_groups() roxywi_common.logging('Roxy-WI server', f'A new PagerDuty channel {channel} has been created ', roxywi=1, login=1) return render_template('ajax/new_receiver.html', groups=groups, lang=lang, channels=channels, page=page, receiver='pd') def delete_telegram_channel(channel_id) -> str: - telegram = sql.select_telegram(id=channel_id) + telegram = channel_sql.select_telegram(id=channel_id) channel_name = '' for t in telegram: channel_name = t.token - if sql.delete_telegram(channel_id): + if channel_sql.delete_telegram(channel_id): roxywi_common.logging('Roxy-WI server', f'The Telegram channel {channel_name} has been deleted ', roxywi=1, login=1) return 'ok' def delete_slack_channel(channel_id) -> str: - slack = sql.select_slack(id=channel_id) + slack = channel_sql.select_slack(id=channel_id) channel_name = '' for t in slack: channel_name = t.chanel_name - if sql.delete_slack(channel_id): + if channel_sql.delete_slack(channel_id): roxywi_common.logging('Roxy-WI server', f'The Slack channel {channel_name} has been deleted ', roxywi=1, login=1) return 'ok' def delete_pd_channel(channel_id) -> str: - pd = sql.select_pd(id=channel_id) + pd = channel_sql.select_pd(id=channel_id) channel_name = '' for t in pd: channel_name = t.chanel_name - if sql.delete_pd(channel_id): + if channel_sql.delete_pd(channel_id): roxywi_common.logging('Roxy-WI server', f'The PageDuty channel {channel_name} has been deleted ', roxywi=1, login=1) return 'ok' def update_telegram(token: str, channel: str, group: str, user_id: int) -> str: - sql.update_telegram(token, channel, group, user_id) + channel_sql.update_telegram(token, channel, group, user_id) roxywi_common.logging('group ' + group, f'The Telegram token has been updated for channel: {channel}', roxywi=1, login=1) return 'ok' def update_slack(token: str, channel: str, group: str, user_id: int) -> str: - sql.update_slack(token, channel, group, user_id) + channel_sql.update_slack(token, channel, group, user_id) roxywi_common.logging(f'group {group}', f'The Slack token has been updated for channel: {channel}', roxywi=1, login=1) return 'ok' def update_pd(token: str, channel: str, group: str, user_id: int) -> str: - sql.update_pd(token, channel, group, user_id) + channel_sql.update_pd(token, channel, group, user_id) roxywi_common.logging(f'group {group}', f'The PagerDuty token has been updated for channel: {channel}', roxywi=1, login=1) return 'ok' diff --git a/app/modules/tools/checker.py b/app/modules/tools/checker.py index d9eed2a4..86830df8 100644 --- a/app/modules/tools/checker.py +++ b/app/modules/tools/checker.py @@ -1,6 +1,8 @@ from flask import render_template, redirect, url_for -import app.modules.db.sql as sql +import app.modules.db.group as group_sql +import app.modules.db.channel as channel_sql +import app.modules.db.checker as checker_sql import app.modules.tools.common as tools_common import app.modules.roxywi.common as roxywi_common @@ -26,10 +28,10 @@ def load_checker() -> str: if user_subscription['user_status']: user_group = roxywi_common.get_user_group(id=1) kwargs.setdefault('services', tools_common.get_services_status()) - kwargs.setdefault('telegrams', sql.get_user_telegram_by_group(user_group)) - kwargs.setdefault('pds', sql.get_user_pd_by_group(user_group)) - kwargs.setdefault('groups', sql.select_groups()) - kwargs.setdefault('slacks', sql.get_user_slack_by_group(user_group)) + kwargs.setdefault('telegrams', channel_sql.get_user_telegram_by_group(user_group)) + kwargs.setdefault('pds', channel_sql.get_user_pd_by_group(user_group)) + kwargs.setdefault('groups', group_sql.select_groups()) + kwargs.setdefault('slacks', channel_sql.get_user_slack_by_group(user_group)) kwargs.setdefault('haproxy_servers', roxywi_common.get_dick_permit(haproxy=1, only_group=1)) kwargs.setdefault('nginx_servers', roxywi_common.get_dick_permit(nginx=1, only_group=1)) kwargs.setdefault('apache_servers', roxywi_common.get_dick_permit(apache=1, only_group=1)) @@ -37,16 +39,16 @@ def load_checker() -> str: kwargs.setdefault('user_subscription', user_subscription) kwargs.setdefault('user_params', user_params) kwargs.setdefault('lang', user_params['lang']) - kwargs.setdefault('haproxy_settings', sql.select_checker_settings(1)) - kwargs.setdefault('nginx_settings', sql.select_checker_settings(2)) - kwargs.setdefault('keepalived_settings', sql.select_checker_settings(3)) - kwargs.setdefault('apache_settings', sql.select_checker_settings(4)) + kwargs.setdefault('haproxy_settings', checker_sql.select_checker_settings(1)) + kwargs.setdefault('nginx_settings', checker_sql.select_checker_settings(2)) + kwargs.setdefault('keepalived_settings', checker_sql.select_checker_settings(3)) + kwargs.setdefault('apache_settings', checker_sql.select_checker_settings(4)) return render_template('ajax/load_checker.html', **kwargs) def update_haproxy_settings(setting_id, email, service_alert, backend_alert, maxconn_alert, telegram_id, slack_id, pd_id) -> str: - if sql.update_haproxy_checker_settings(email, telegram_id, slack_id, pd_id, service_alert, backend_alert, + if checker_sql.update_haproxy_checker_settings(email, telegram_id, slack_id, pd_id, service_alert, backend_alert, maxconn_alert, setting_id): return 'ok' else: @@ -54,7 +56,7 @@ def update_haproxy_settings(setting_id, email, service_alert, backend_alert, max def update_keepalived_settings(setting_id, email, service_alert, backend_alert, telegram_id, slack_id, pd_id) -> str: - if sql.update_keepalived_checker_settings(email, telegram_id, slack_id, pd_id, service_alert, backend_alert, + if checker_sql.update_keepalived_checker_settings(email, telegram_id, slack_id, pd_id, service_alert, backend_alert, setting_id): return 'ok' else: @@ -62,7 +64,7 @@ def update_keepalived_settings(setting_id, email, service_alert, backend_alert, def update_service_settings(setting_id, email, service_alert, telegram_id, slack_id, pd_id) -> str: - if sql.update_service_checker_settings(email, telegram_id, slack_id, pd_id, service_alert, setting_id): + if checker_sql.update_service_checker_settings(email, telegram_id, slack_id, pd_id, service_alert, setting_id): return 'ok' else: return 'error: Cannot update Checker settings' diff --git a/app/modules/tools/common.py b/app/modules/tools/common.py index b5cc617f..ae0393a8 100644 --- a/app/modules/tools/common.py +++ b/app/modules/tools/common.py @@ -1,13 +1,13 @@ import distro -import modules.db.sql as sql -import modules.roxywi.roxy as roxywi_mod -import modules.server.server as server_mod +import app.modules.db.roxy as roxy_sql +import app.modules.roxywi.roxy as roxywi_mod +import app.modules.server.server as server_mod def get_services_status(update_cur_ver=0): services = [] - services_name = sql.get_all_tools() + services_name = roxy_sql.get_all_tools() if update_cur_ver: try: @@ -27,7 +27,7 @@ def get_services_status(update_cur_ver=0): def update_roxy_wi(service: str) -> str: restart_service = '' - services = sql.get_roxy_tools() + services = roxy_sql.get_roxy_tools() if service not in services: raise Exception(f'error: {service} is not part of Roxy-WI') @@ -63,7 +63,7 @@ def is_tool_active(tool_name: str) -> str: def update_cur_tool_versions() -> None: - tools = sql.get_all_tools() + tools = roxy_sql.get_all_tools() for s, _v in tools.items(): update_cur_tool_version(s) @@ -93,10 +93,10 @@ def update_cur_tool_version(tool_name: str) -> None: service_ver = 0 try: - sql.update_tool_cur_version(tool_name, service_ver) + roxy_sql.update_tool_cur_version(tool_name, service_ver) except Exception: pass def get_cur_tool_version(tool_name: str) -> str: - return sql.get_tool_cur_version(tool_name) + return roxy_sql.get_tool_cur_version(tool_name) diff --git a/app/modules/tools/smon_agent.py b/app/modules/tools/smon_agent.py index 5819392e..65b19660 100644 --- a/app/modules/tools/smon_agent.py +++ b/app/modules/tools/smon_agent.py @@ -3,6 +3,7 @@ import uuid import requests import app.modules.db.sql as sql import app.modules.db.smon as smon_sql +import app.modules.db.server as server_sql import app.modules.common.common as common import app.modules.roxywi.common as roxywi_common from app.modules.service.installation import run_ansible @@ -40,7 +41,7 @@ def check_agent_limit(): def add_agent(data) -> int: name = common.checkAjaxInput(data.get("name")) server_id = int(data.get("server_id")) - server_ip = sql.select_server_ip_by_id(server_id) + server_ip = server_sql.select_server_ip_by_id(server_id) desc = common.checkAjaxInput(data.get("desc")) enabled = int(data.get("enabled")) agent_uuid = str(uuid.uuid4()) diff --git a/app/routes/add/routes.py b/app/routes/add/routes.py index 45271106..54ef0ad3 100644 --- a/app/routes/add/routes.py +++ b/app/routes/add/routes.py @@ -5,6 +5,7 @@ from flask_login import login_required from app.routes.add import bp import app.modules.db.sql as sql +import app.modules.db.add as add_sql from middleware import check_services, get_user_params import app.modules.config.add as add_mod import app.modules.common.common as common @@ -58,8 +59,8 @@ def add(service): if not os.path.exists(black_dir): os.makedirs(black_dir) - kwargs.setdefault('options', sql.select_options()) - kwargs.setdefault('saved_servers', sql.select_saved_servers()) + kwargs.setdefault('options', add_sql.select_options()) + kwargs.setdefault('saved_servers', add_sql.select_saved_servers()) kwargs.setdefault('white_lists', roxywi_common.get_files(folder=white_dir, file_format="lst")) kwargs.setdefault('black_lists', roxywi_common.get_files(folder=black_dir, file_format="lst")) kwargs.setdefault('maps', roxywi_common.get_files(folder=f'{lib_path}/maps/{user_group}', file_format="map")) @@ -127,7 +128,7 @@ def add_haproxy(): else: return 'error: The name cannot be empty' - if request.form.get('backends') is not None: + if request.form.get('backends') != '': backend = f" default_backend {request.form.get('backends')}\n" if request.form.get('maxconn'): @@ -496,7 +497,7 @@ def update_option(): option_id = int(request.form.get('id')) try: - sql.update_options(option, option_id) + add_sql.update_options(option, option_id) except Exception as e: return str(e) else: @@ -506,7 +507,7 @@ def update_option(): @bp.route('/option/delete/') def delete_option(option_id): try: - sql.delete_option(option_id) + add_sql.delete_option(option_id) except Exception as e: return str(e) else: @@ -537,7 +538,7 @@ def update_saved_server(): desc = common.checkAjaxInput(request.form.get('desc')) try: - sql.update_savedserver(server, desc, server_id) + add_sql.update_saved_server(server, desc, server_id) except Exception as e: return str(e) else: @@ -547,7 +548,7 @@ def update_saved_server(): @bp.route('/server/delete/') def delete_saved_server(server_id): try: - sql.delete_savedserver(server_id) + add_sql.delete_saved_server(server_id) except Exception as e: return str(e) else: @@ -676,6 +677,6 @@ def add_nginx_upstream(): @bp.route('/show/ip/') def show_ip(server_ip): server_ip = common.is_ip_or_dns(server_ip) - commands = ['sudo hostname -I | tr " " "\\n"|sed "/^$/d"'] + commands = 'sudo hostname -I | tr " " "\\n"|sed "/^$/d"' return server_mod.ssh_command(server_ip, commands, ip="1") diff --git a/app/routes/admin/routes.py b/app/routes/admin/routes.py index fbd6240b..8150826e 100644 --- a/app/routes/admin/routes.py +++ b/app/routes/admin/routes.py @@ -8,7 +8,13 @@ from flask_login import login_required from app import scheduler from app.routes.admin import bp import app.modules.db.sql as sql -from middleware import get_user_params +import app.modules.db.cred as cred_sql +import app.modules.db.user as user_sql +import app.modules.db.group as group_sql +import app.modules.db.backup as backup_sql +import app.modules.db.server as server_sql +import app.modules.db.service as service_sql +from app.middleware import get_user_params import app.modules.common.common as common import app.modules.roxywi.roxy as roxy import app.modules.roxywi.auth as roxywi_auth @@ -35,21 +41,21 @@ def admin(): kwargs = { 'lang': g.user_params['lang'], - 'users': sql.select_users(), - 'groups': sql.select_groups(), - 'sshs': sql.select_ssh(), - 'servers': sql.select_servers(full=1), + 'users': user_sql.select_users(), + 'groups': group_sql.select_groups(), + 'sshs': cred_sql.select_ssh(), + 'servers': server_sql.select_servers(full=1), 'roles': sql.select_roles(), 'timezones': pytz.all_timezones, 'settings': sql.get_setting('', all=1), 'ldap_enable': sql.get_setting('ldap_enable'), - 'services': sql.select_services(), - 'gits': sql.select_gits(), - 'masters': sql.select_servers(get_master_servers=1), + 'services': service_sql.select_services(), + 'gits': backup_sql.select_gits(), + 'masters': server_sql.select_servers(get_master_servers=1), 'is_needed_tool': common.is_tool('ansible'), 'grafana': grafana, - 'backups': sql.select_backups(), - 's3_backups': sql.select_s3_backups(), + 'backups': backup_sql.select_backups(), + 's3_backups': backup_sql.select_s3_backups(), 'guide_me': 1, 'user_subscription': roxywi_common.return_user_subscription() } diff --git a/app/routes/checker/routes.py b/app/routes/checker/routes.py index c0c868af..c261feb5 100644 --- a/app/routes/checker/routes.py +++ b/app/routes/checker/routes.py @@ -2,8 +2,9 @@ from flask import render_template, request, g from flask_login import login_required from app.routes.checker import bp -from middleware import get_user_params +from app.middleware import get_user_params import app.modules.db.sql as sql +import app.modules.db.history as history_sql import app.modules.common.common as common import app.modules.roxywi.common as roxywi_common import app.modules.tools.alerting as alerting @@ -13,7 +14,7 @@ import app.modules.tools.checker as checker_mod @bp.before_request @login_required def before_request(): - """ Protect all of the admin endpoints. """ + """ Protect all the admin endpoints. """ pass @@ -60,8 +61,9 @@ def checker_history(): kwargs = { 'lang': g.user_params['lang'], - 'smon': sql.alerts_history('Checker', g.user_params['group_id']), + 'smon': history_sql.alerts_history('Checker', g.user_params['group_id']), 'user_subscription': roxywi_common.return_user_subscription(), + 'action': 'checker' } return render_template('smon/checker_history.html', **kwargs) diff --git a/app/routes/config/routes.py b/app/routes/config/routes.py index 759efe3d..f5435a26 100644 --- a/app/routes/config/routes.py +++ b/app/routes/config/routes.py @@ -5,6 +5,9 @@ from flask_login import login_required from app.routes.config import bp import app.modules.db.sql as sql +import app.modules.db.config as config_sql +import app.modules.db.server as server_sql +import app.modules.db.service as service_sql from middleware import check_services, get_user_params import app.modules.common.common as common import app.modules.roxywi.auth as roxywi_auth @@ -49,7 +52,7 @@ def find_in_config(service): finding_words = request.form.get('words') log_path = sql.get_setting(service + '_dir') log_path = common.return_nice_path(log_path) - commands = [f'sudo grep "{finding_words}" {log_path}*/*.conf -C 2 -Rn'] + commands = f'sudo grep "{finding_words}" {log_path}*/*.conf -C 2 -Rn' try: return_find = server_mod.ssh_command(server_ip, commands, raw=1) return_find = config_mod.show_finding_in_config(return_find, grep=finding_words) @@ -84,9 +87,9 @@ def config(service, serv, edit, config_file_name, new): if serv and edit and new_config is None: roxywi_common.check_is_server_in_group(serv) - is_serv_protected = sql.is_serv_protected(serv) - server_id = sql.select_server_id_by_ip(serv) - is_restart = sql.select_service_setting(server_id, service, 'restart') + is_serv_protected = server_sql.is_serv_protected(serv) + server_id = server_sql.select_server_id_by_ip(serv) + is_restart = service_sql.select_service_setting(server_id, service, 'restart') try: error = config_mod.get_config(serv, cfg, service=service, config_file_name=config_file_name) @@ -121,7 +124,7 @@ def config(service, serv, edit, config_file_name, new): 'is_restart': is_restart, 'config_file_name': config_file_name, 'is_serv_protected': is_serv_protected, - 'service_desc': sql.select_service(service), + 'service_desc': service_sql.select_service(service), 'lang': g.user_params['lang'] } @@ -182,7 +185,7 @@ def versions(service, server_ip): for get in request.form.getlist('do_delete'): if file_fortmat in get and server_ip in get: try: - if sql.delete_config_version(service, get): + if config_sql.delete_config_version(service, get): try: os.remove(get) except OSError as e: @@ -229,7 +232,7 @@ def list_of_version(service): @get_user_params(disable=1) def show_version(service, server_ip, configver, save): roxywi_auth.page_for_admin(level=3) - service_desc = sql.select_service(service) + service_desc = service_sql.select_service(service) config_dir = config_common.get_config_dir('haproxy') configver = config_dir + configver aftersave = 0 @@ -248,10 +251,8 @@ def show_version(service, server_ip, configver, save): if service == 'keepalived': stderr = config_mod.upload_and_restart(server_ip, configver, save_action, service) elif service in ('nginx', 'apache'): - config_file_name = sql.select_remote_path_from_version(server_ip=server_ip, service=service, - local_path=configver) - stderr = config_mod.master_slave_upload_and_restart(server_ip, configver, save_action, service_desc.slug, - config_file_name=config_file_name) + config_file_name = config_sql.select_remote_path_from_version(server_ip=server_ip, service=service, local_path=configver) + stderr = config_mod.master_slave_upload_and_restart(server_ip, configver, save_action, service_desc.slug, config_file_name=config_file_name) else: stderr = config_mod.master_slave_upload_and_restart(server_ip, configver, save_action, service) @@ -290,7 +291,7 @@ def haproxy_section_show(server_ip, section): cfg = config_common.generate_config_path('haproxy', server_ip) error = config_mod.get_config(server_ip, cfg) start_line, end_line, config_read = section_mod.get_section_from_config(cfg, section) - server_id = sql.select_server_id_by_ip(server_ip) + server_id = server_sql.select_server_id_by_ip(server_ip) sections = section_mod.get_sections(cfg) os.system(f"/bin/mv {cfg} {cfg}.old") @@ -301,7 +302,7 @@ def haproxy_section_show(server_ip, section): pass kwargs = { - 'is_restart': sql.select_service_setting(server_id, 'haproxy', 'restart'), + 'is_restart': service_sql.select_service_setting(server_id, 'haproxy', 'restart'), 'serv': server_ip, 'sections': sections, 'cfg': cfg, @@ -365,7 +366,7 @@ def show_compare_config(service, serv): 'service': service, 'stderr': '', 'error': '', - 'service_desc': sql.select_service(service), + 'service_desc': service_sql.select_service(service), 'lang': g.user_params['lang'] } diff --git a/app/routes/ha/routes.py b/app/routes/ha/routes.py index cf813fd7..d9e245c6 100644 --- a/app/routes/ha/routes.py +++ b/app/routes/ha/routes.py @@ -6,6 +6,9 @@ from flask_login import login_required from app.routes.ha import bp from middleware import get_user_params, check_services import app.modules.db.sql as sql +import app.modules.db.ha_cluster as ha_sql +import app.modules.db.server as server_sql +import app.modules.db.service as service_sql import app.modules.common.common as common import app.modules.server.server as server_mod import app.modules.roxywi.common as roxywi_common @@ -27,7 +30,7 @@ def cluster_function(service): group_id = g.user_params['group_id'] if request.method == 'GET': kwargs = { - 'clusters': sql.select_clusters(group_id), + 'clusters': ha_sql.select_clusters(group_id), 'is_needed_tool': common.is_tool('ansible'), 'user_subscription': roxywi_common.return_user_subscription() } @@ -59,15 +62,15 @@ def cluster_function(service): @check_services @get_user_params() def get_ha_cluster(service, cluster_id): - router_id = sql.get_router_id(cluster_id, default_router=1) + router_id = ha_sql.get_router_id(cluster_id, default_router=1) kwargs = { 'servers': roxywi_common.get_dick_permit(virt=1), - 'clusters': sql.select_cluster(cluster_id), - 'slaves': sql.select_cluster_slaves(cluster_id, router_id), - 'virts': sql.select_clusters_virts(), - 'vips': sql.select_cluster_vips(cluster_id), - 'cluster_services': sql.select_cluster_services(cluster_id), - 'services': sql.select_services(), + 'clusters': ha_sql.select_cluster(cluster_id), + 'slaves': ha_sql.select_cluster_slaves(cluster_id, router_id), + 'virts': ha_sql.select_clusters_virts(), + 'vips': ha_sql.select_cluster_vips(cluster_id), + 'cluster_services': ha_sql.select_cluster_services(cluster_id), + 'services': service_sql.select_services(), 'group_id': g.user_params['group_id'], 'router_id': router_id, 'lang': g.user_params['lang'] @@ -81,14 +84,14 @@ def get_ha_cluster(service, cluster_id): @get_user_params() def get_cluster_settings(service, cluster_id): settings = {} - clusters = sql.select_cluster(cluster_id) - router_id = sql.get_router_id(cluster_id, default_router=1) - slaves = sql.select_cluster_slaves(cluster_id, router_id) - cluster_services = sql.select_cluster_services(cluster_id) - vip = sql.select_clusters_vip(cluster_id, router_id) - return_master = sql.select_clusters_vip_return_master(cluster_id, router_id) - vip_id = sql.select_clusters_vip_id(cluster_id, router_id) - is_virt = sql.check_ha_virt(vip_id) + clusters = ha_sql.select_cluster(cluster_id) + router_id = ha_sql.get_router_id(cluster_id, default_router=1) + slaves = ha_sql.select_cluster_slaves(cluster_id, router_id) + cluster_services = ha_sql.select_cluster_services(cluster_id) + vip = ha_sql.select_clusters_vip(cluster_id, router_id) + return_master = ha_sql.select_clusters_vip_return_master(cluster_id, router_id) + vip_id = ha_sql.select_clusters_vip_id(cluster_id, router_id) + is_virt = ha_sql.check_ha_virt(vip_id) for cluster in clusters: settings.setdefault('name', cluster.name) settings.setdefault('desc', cluster.desc) @@ -118,14 +121,14 @@ def get_cluster_settings(service, cluster_id): def show_ha_cluster(service, cluster_id): services = [] service = 'keepalived' - service_desc = sql.select_service(service) - router_id = sql.get_router_id(cluster_id, default_router=1) - servers = sql.select_cluster_master_slaves(cluster_id, g.user_params['group_id'], router_id) + service_desc = service_sql.select_service(service) + router_id = ha_sql.get_router_id(cluster_id, default_router=1) + servers = ha_sql.select_cluster_master_slaves(cluster_id, g.user_params['group_id'], router_id) waf_server = '' cmd = "ps ax |grep -e 'keep_alive.py' |grep -v grep |wc -l" keep_alive, stderr = server_mod.subprocess_execute(cmd) servers_with_status1 = [] - restart_settings = sql.select_restart_services_settings(service_desc.slug) + restart_settings = service_sql.select_restart_services_settings(service_desc.slug) for s in servers: servers_with_status = list() servers_with_status.append(s[0]) @@ -136,15 +139,15 @@ def show_ha_cluster(service, cluster_id): servers_with_status.append(status1) servers_with_status.append(status2) servers_with_status.append(s[22]) - servers_with_status.append(sql.is_master(s[2])) - servers_with_status.append(sql.select_servers(server=s[2])) + servers_with_status.append(server_sql.is_master(s[2])) + servers_with_status.append(server_sql.select_servers(server=s[2])) - is_keepalived = sql.select_keepalived(s[2]) + is_keepalived = service_sql.select_keepalived(s[2]) if is_keepalived: try: - cmd = ['sudo kill -USR1 `cat /var/run/keepalived.pid` && sudo grep State /tmp/keepalived.data -m 1 |' - 'awk -F"=" \'{print $2}\'|tr -d \'[:space:]\' && sudo rm -f /tmp/keepalived.data'] + cmd = ('sudo kill -USR1 `cat /var/run/keepalived.pid` && sudo grep State /tmp/keepalived.data -m 1 |' + 'awk -F"=" \'{print $2}\'|tr -d \'[:space:]\' && sudo rm -f /tmp/keepalived.data') out = server_mod.ssh_command(s[2], cmd) out1 = ('1', out) servers_with_status.append(out1) @@ -165,8 +168,8 @@ def show_ha_cluster(service, cluster_id): 'keep_alive': ''.join(keep_alive), 'restart_settings': restart_settings, 'user_subscription': user_subscription, - 'clusters': sql.select_ha_cluster_name_and_slaves(), - 'master_slave': sql.is_master(0, master_slave=1), + 'clusters': ha_sql.select_ha_cluster_name_and_slaves(), + 'master_slave': server_sql.is_master(0, master_slave=1), 'lang': g.user_params['lang'] } @@ -179,10 +182,10 @@ def show_ha_cluster(service, cluster_id): def get_slaves(service, cluster_id): lang = g.user_params['lang'] if request.method == 'GET': - router_id = sql.get_router_id(cluster_id, default_router=1) + router_id = ha_sql.get_router_id(cluster_id, default_router=1) else: router_id = int(request.form.get('router_id')) - slaves = sql.select_cluster_slaves(cluster_id, router_id) + slaves = ha_sql.select_cluster_slaves(cluster_id, router_id) return render_template('ajax/ha/add_vip_slaves.html', lang=lang, slaves=slaves) @@ -194,11 +197,11 @@ def get_server_slaves(service, cluster_id): group_id = g.user_params['group_id'] lang = g.user_params['lang'] try: - router_id = sql.get_router_id(cluster_id, default_router=1) - slaves = sql.select_cluster_slaves(cluster_id, router_id) + router_id = ha_sql.get_router_id(cluster_id, default_router=1) + slaves = ha_sql.select_cluster_slaves(cluster_id, router_id) except Exception: slaves = '' - free_servers = sql.select_ha_cluster_not_masters_not_slaves(group_id) + free_servers = ha_sql.select_ha_cluster_not_masters_not_slaves(group_id) return render_template('ajax/ha/slave_servers.html', free_servers=free_servers, slaves=slaves, lang=lang) @@ -208,7 +211,7 @@ def get_server_slaves(service, cluster_id): @get_user_params() def get_masters(service): group_id = g.user_params['group_id'] - free_servers = sql.select_ha_cluster_not_masters_not_slaves(group_id) + free_servers = ha_sql.select_ha_cluster_not_masters_not_slaves(group_id) return render_template('ajax/ha/masters.html', free_servers=free_servers) @@ -217,9 +220,9 @@ def get_masters(service): @check_services def get_vip_settings(service, cluster_id, router_id): settings = {} - return_master = sql.select_clusters_vip_return_master(cluster_id, router_id) - vip_id = sql.select_clusters_vip_id(cluster_id, router_id) - is_virt = sql.check_ha_virt(vip_id) + return_master = ha_sql.select_clusters_vip_return_master(cluster_id, router_id) + vip_id = ha_sql.select_clusters_vip_id(cluster_id, router_id) + is_virt = ha_sql.check_ha_virt(vip_id) settings.setdefault('return_to_master', return_master) settings.setdefault('virt_server', is_virt) return jsonify(settings) @@ -249,7 +252,7 @@ def ha_vip(service, cluster_id): elif request.method == 'DELETE': router_id = int(json_data['router_id']) try: - sql.delete_ha_router(router_id) + ha_sql.delete_ha_router(router_id) return 'ok' except Exception as e: return f'error: Cannot delete VIP: {e}' diff --git a/app/routes/install/routes.py b/app/routes/install/routes.py index bab5df9b..8e8518d4 100644 --- a/app/routes/install/routes.py +++ b/app/routes/install/routes.py @@ -46,7 +46,7 @@ def get_service_version(service, server_ip): if service in ('haproxy', 'nginx', 'apache'): return service_common.show_service_version(server_ip, service) elif service == 'keepalived': - cmd = ["sudo /usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}'"] + cmd = "sudo /usr/sbin/keepalived -v 2>&1|head -1|awk '{print $2}'" return server_mod.ssh_command(server_ip, cmd) else: return 'error: Wrong service' @@ -119,5 +119,5 @@ def check_geoip(service, server_ip): return 'error: Wrong service' service_dir = common.return_nice_path(sql.get_setting(f'{service}_dir')) - cmd = [f"ls {service_dir}geoip/"] + cmd = f"ls {service_dir}geoip/" return server_mod.ssh_command(server_ip, cmd) diff --git a/app/routes/logs/routes.py b/app/routes/logs/routes.py index a4dd4e48..a16889c4 100644 --- a/app/routes/logs/routes.py +++ b/app/routes/logs/routes.py @@ -2,8 +2,9 @@ from flask import render_template, request, redirect, url_for, g from flask_login import login_required from app.routes.logs import bp -from middleware import check_services, get_user_params +from app.middleware import check_services, get_user_params import app.modules.db.sql as sql +import app.modules.db.service as service_sql import app.modules.common.common as common import app.modules.roxywi.auth as roxywi_auth import app.modules.roxywi.logs as roxy_logs @@ -69,7 +70,7 @@ def logs(service, waf): grep = '' if service in ('haproxy', 'nginx', 'keepalived', 'apache') and not waf: - service_desc = sql.select_service(service) + service_desc = service_sql.select_service(service) service_name = service_desc.service servers = roxywi_common.get_dick_permit(service=service_desc.slug) elif waf: diff --git a/app/routes/main/routes.py b/app/routes/main/routes.py index c34402e9..bf7282da 100644 --- a/app/routes/main/routes.py +++ b/app/routes/main/routes.py @@ -10,8 +10,14 @@ sys.path.append(os.path.join(sys.path[0], '/var/www/haproxy-wi/app')) from app import app, cache from app.routes.main import bp import app.modules.db.sql as sql -from modules.db.db_model import conn -from middleware import check_services, get_user_params +import app.modules.db.cred as cred_sql +import app.modules.db.user as user_sql +import app.modules.db.group as group_sql +import app.modules.db.backup as backup_sql +import app.modules.db.server as server_sql +import app.modules.db.service as service_sql +import app.modules.db.history as history_sql +from app.middleware import check_services, get_user_params import app.modules.common.common as common import app.modules.roxywi.roxy as roxy import app.modules.roxywi.auth as roxywi_auth @@ -70,12 +76,6 @@ def make_session_permanent(): session.permanent = True -@app.teardown_request -def _db_close(exc): - if not conn.is_closed(): - conn.close() - - @bp.route('/stats//', defaults={'serv': None}) @bp.route('/stats//') @login_required @@ -86,7 +86,7 @@ def stats(service, serv): 'autorefresh': 1, 'serv': serv, 'service': service, - 'service_desc': sql.select_service(service), + 'service_desc': service_sql.select_service(service), 'lang': g.user_params['lang'] } return render_template('statsview.html', **kwargs) @@ -140,26 +140,26 @@ def service_history(service, server_ip): server_ip = common.checkAjaxInput(server_ip) if service in ('haproxy', 'nginx', 'keepalived', 'apache', 'cluster'): - service_desc = sql.select_service(service) + service_desc = service_sql.select_service(service) if not roxywi_auth.is_access_permit_to_service(service_desc.slug): abort(403, f'You do not have needed permissions to access to {service_desc.slug.title()} service') if service == 'cluster': server_id = server_ip else: - server_id = sql.select_server_id_by_ip(server_ip) - history = sql.select_action_history_by_server_id_and_service(server_id, service_desc.service) + server_id = server_sql.select_server_id_by_ip(server_ip) + history = history_sql.select_action_history_by_server_id_and_service(server_id, service_desc.service) elif service == 'server': if roxywi_common.check_is_server_in_group(server_ip): - server_id = sql.select_server_id_by_ip(server_ip) - history = sql.select_action_history_by_server_id(server_id) + server_id = server_sql.select_server_id_by_ip(server_ip) + history = history_sql.select_action_history_by_server_id(server_id) elif service == 'user': - history = sql.select_action_history_by_user_id(server_ip) + history = history_sql.select_action_history_by_user_id(server_ip) else: abort(404, f'History not found') kwargs = { 'user_subscription': roxywi_common.return_user_subscription(), - 'users': sql.select_users(), + 'users': user_sql.select_users(), 'serv': server_ip, 'service': service, 'history': history @@ -177,24 +177,24 @@ def servers(): user_group = roxywi_common.get_user_group(id=1) kwargs = { 'h2': 1, - 'users': sql.select_users(group=user_group), - 'groups': sql.select_groups(), + 'users': user_sql.select_users(group=user_group), + 'groups': group_sql.select_groups(), 'servers': roxywi_common.get_dick_permit(virt=1, disable=0, only_group=1), 'roles': sql.select_roles(), - 'sshs': sql.select_ssh(group=user_group), - 'masters': sql.select_servers(get_master_servers=1, uuid=g.user_params['user_uuid']), + 'sshs': cred_sql.select_ssh(group=user_group), + 'masters': server_sql.select_servers(get_master_servers=1, uuid=g.user_params['user_uuid']), 'group': roxywi_common.get_user_group(id=1), - 'services': sql.select_services(), + 'services': service_sql.select_services(), 'timezones': pytz.all_timezones, 'guide_me': 1, 'settings': sql.get_setting('', all=1), - 'backups': sql.select_backups(), - 's3_backups': sql.select_s3_backups(), + 'backups': backup_sql.select_backups(), + 's3_backups': backup_sql.select_s3_backups(), 'page': 'servers.py', 'ldap_enable': sql.get_setting('ldap_enable'), - 'gits': sql.select_gits(), + 'gits': backup_sql.select_gits(), 'is_needed_tool': common.is_tool('ansible'), - 'user_roles': sql.select_user_roles_by_group(user_group), + 'user_roles': user_sql.select_user_roles_by_group(user_group), 'user_subscription': roxywi_common.return_user_subscription(), 'lang': g.user_params['lang'] } diff --git a/app/routes/metric/routes.py b/app/routes/metric/routes.py index e4e98eef..351ebb0f 100644 --- a/app/routes/metric/routes.py +++ b/app/routes/metric/routes.py @@ -3,7 +3,9 @@ from flask import render_template, request, jsonify, g from flask_login import login_required from app.routes.metric import bp -import app.modules.db.sql as sql +import app.modules.db.server as server_sql +import app.modules.db.metric as metric_sql +import app.modules.db.service as service_sql from app.middleware import check_services, get_user_params import app.modules.common.common as common import app.modules.server.server as server_mod @@ -40,12 +42,12 @@ def metrics(service): else: services = '1' if service == 'nginx': - servers = sql.select_nginx_servers_metrics_for_master() + servers = metric_sql.select_nginx_servers_metrics_for_master() elif service == 'apache': - servers = sql.select_apache_servers_metrics_for_master() + servers = metric_sql.select_apache_servers_metrics_for_master() else: group_id = roxywi_common.get_user_group(id=1) - servers = sql.select_servers_metrics(group_id) + servers = metric_sql.select_servers_metrics(group_id) else: servers = '' except Exception as e: @@ -56,7 +58,7 @@ def metrics(service): 'servers': servers, 'service': service, 'services': services, - 'service_desc': sql.select_service(service), + 'service_desc': service_sql.select_service(service), 'user_subscription': roxywi_common.return_user_subscription(), 'lang': g.user_params['lang'] } @@ -86,9 +88,9 @@ def table_metrics(service): group_id = roxywi_common.get_user_group(id=1) if service in ('nginx', 'apache'): - table_stat = sql.select_service_table_metrics(service, group_id) + table_stat = metric_sql.select_service_table_metrics(service, group_id) else: - table_stat = sql.select_table_metrics(group_id) + table_stat = metric_sql.select_table_metrics(group_id) return render_template('ajax/table_metrics.html', table_stat=table_stat, service=service, lang=lang) @@ -96,7 +98,7 @@ def table_metrics(service): @bp.post('//') def show_metric(service, server_ip): server_ip = common.is_ip_or_dns(server_ip) - hostname = sql.get_hostname_by_server_ip(server_ip) + hostname = server_sql.get_hostname_by_server_ip(server_ip) time_range = common.checkAjaxInput(request.form.get('time_range')) if service in ('nginx', 'apache', 'waf'): @@ -111,7 +113,7 @@ def show_metric(service, server_ip): @check_services def show_http_metric(service, server_ip): server_ip = common.is_ip_or_dns(server_ip) - hostname = sql.get_hostname_by_server_ip(server_ip) + hostname = server_sql.get_hostname_by_server_ip(server_ip) time_range = common.checkAjaxInput(request.form.get('time_range')) if service == 'haproxy': diff --git a/app/routes/overview/routes.py b/app/routes/overview/routes.py index 346b9486..378ad692 100644 --- a/app/routes/overview/routes.py +++ b/app/routes/overview/routes.py @@ -2,8 +2,9 @@ from flask import render_template, g from flask_login import login_required from app.routes.overview import bp -from middleware import get_user_params +from app.middleware import get_user_params import app.modules.db.sql as sql +import app.modules.db.group as group_sql import app.modules.roxywi.logs as roxy_logs import app.modules.roxywi.overview as roxy_overview @@ -22,7 +23,7 @@ def index(): kwargs = { 'autorefresh': 1, 'roles': sql.select_roles(), - 'groups': sql.select_groups(), + 'groups': group_sql.select_groups(), 'guide_me': 1, 'lang': g.user_params['lang'] } diff --git a/app/routes/portscanner/routes.py b/app/routes/portscanner/routes.py index 8e56ef45..f65c0901 100644 --- a/app/routes/portscanner/routes.py +++ b/app/routes/portscanner/routes.py @@ -2,8 +2,10 @@ from flask import render_template, request, g from flask_login import login_required from app.routes.portscanner import bp -from middleware import get_user_params +from app.middleware import get_user_params import app.modules.db.sql as sql +import app.modules.db.server as server_sql +import app.modules.db.portscanner as ps_sql import app.modules.common.common as common import app.modules.server.server as server_mod import app.modules.roxywi.common as roxywi_common @@ -13,14 +15,14 @@ import app.modules.tools.common as tools_common @bp.before_request @login_required def before_request(): - """ Protect all of the admin endpoints. """ + """ Protect all the admin endpoints. """ pass @bp.route('') @get_user_params(virt=1) def portscanner(): - port_scanner_settings = sql.select_port_scanner_settings(g.user_params['group_id']) + port_scanner_settings = ps_sql.select_port_scanner_settings(g.user_params['group_id']) if not port_scanner_settings: port_scanner_settings = '' @@ -28,7 +30,7 @@ def portscanner(): else: count_ports = list() for s in g.user_params['servers']: - count_ports_from_sql = sql.select_count_opened_ports(s[2]) + count_ports_from_sql = ps_sql.select_count_opened_ports(s[2]) i = (s[2], count_ports_from_sql) count_ports.append(i) @@ -50,7 +52,7 @@ def portscanner_history(server_ip): kwargs = { 'h2': 1, 'lang': g.user_params['lang'], - 'history': sql.select_port_scanner_history(server_ip), + 'history': ps_sql.select_port_scanner_history(server_ip), 'user_subscription': roxywi_common.return_user_subscription() } @@ -63,13 +65,13 @@ def change_settings_portscanner(): enabled = common.checkAjaxInput(request.form.get('enabled')) notify = common.checkAjaxInput(request.form.get('notify')) history = common.checkAjaxInput(request.form.get('history')) - user_group_id = [server[3] for server in sql.select_servers(id=server_id)] + user_group_id = [server[3] for server in server_sql.select_servers(id=server_id)] try: - if sql.insert_port_scanner_settings(server_id, user_group_id[0], enabled, notify, history): + if ps_sql.insert_port_scanner_settings(server_id, user_group_id[0], enabled, notify, history): return 'ok' else: - if sql.update_port_scanner_settings(server_id, user_group_id[0], enabled, notify, history): + if ps_sql.update_port_scanner_settings(server_id, user_group_id[0], enabled, notify, history): return 'ok' except Exception as e: return f'error: Cannot save settings: {e}' @@ -83,7 +85,7 @@ def scan_port(server_id, server_ip): if server_ip: ip = server_ip else: - server = sql.select_servers(id=server_id) + server = server_sql.select_servers(id=server_id) ip = '' for s in server: diff --git a/app/routes/server/routes.py b/app/routes/server/routes.py index ffe4a391..28445bd7 100644 --- a/app/routes/server/routes.py +++ b/app/routes/server/routes.py @@ -5,6 +5,9 @@ from flask_login import login_required from app.routes.server import bp import app.modules.db.sql as sql +import app.modules.db.cred as cred_sql +import app.modules.db.group as group_sql +import app.modules.db.server as server_sql import app.modules.common.common as common import app.modules.roxywi.group as group_mod import app.modules.roxywi.auth as roxywi_auth @@ -30,7 +33,7 @@ def check_ssh(server_ip): server_ip = common.is_ip_or_dns(server_ip) try: - return server_mod.ssh_command(server_ip, ["ls -1t"]) + return server_mod.ssh_command(server_ip, "ls -1t") except Exception as e: return str(e) @@ -46,9 +49,9 @@ def check_server(server_ip): def show_if(server_ip): roxywi_auth.page_for_admin(level=2) server_ip = common.is_ip_or_dns(server_ip) - commands = ["sudo ip link|grep 'UP' |grep -v 'lo'| awk '{print $2}' |awk -F':' '{print $1}'"] + command = "sudo ip link|grep 'UP' |grep -v 'lo'| awk '{print $2}' |awk -F':' '{print $1}'" - return server_mod.ssh_command(server_ip, commands) + return server_mod.ssh_command(server_ip, command) @bp.route('/create', methods=['POST']) @@ -113,8 +116,8 @@ def create_server(): roxywi_common.logging(ip, f'A new server {hostname} has been created', roxywi=1, login=1, keep_history=1, service='server') return render_template( - 'ajax/new_server.html', groups=sql.select_groups(), servers=sql.select_servers(server=ip), lang=lang, - masters=sql.select_servers(get_master_servers=1), sshs=sql.select_ssh(group=group), page=page, + 'ajax/new_server.html', groups=group_sql.select_groups(), servers=server_sql.select_servers(server=ip), lang=lang, + masters=server_sql.select_servers(get_master_servers=1), sshs=cred_sql.select_ssh(group=group), page=page, user_subscription=user_subscription, adding=1 ) except Exception as e: @@ -151,8 +154,8 @@ def update_server(): if name is None or port is None: return error_mess else: - sql.update_server(name, group, typeip, enable, master, serv_id, cred, port, desc, firewall, protected) - server_ip = sql.select_server_ip_by_id(serv_id) + server_sql.update_server(name, group, typeip, enable, master, serv_id, cred, port, desc, firewall, protected) + server_ip = server_sql.select_server_ip_by_id(serv_id) roxywi_common.logging(server_ip, f'The server {name} has been update', roxywi=1, login=1, keep_history=1, service='server') return 'ok' @@ -173,9 +176,9 @@ def create_group(): return error_mess else: try: - if sql.add_group(newgroup, desc): + if group_sql.add_group(newgroup, desc): roxywi_common.logging('Roxy-WI server', f'A new group {newgroup} has been created', roxywi=1, login=1) - return render_template('ajax/new_group.html', groups=sql.select_groups(group=newgroup)) + return render_template('ajax/new_group.html', groups=group_sql.select_groups(group=newgroup)) except Exception as e: return str(e) diff --git a/app/routes/service/routes.py b/app/routes/service/routes.py index a7dd98ca..168a6193 100644 --- a/app/routes/service/routes.py +++ b/app/routes/service/routes.py @@ -5,7 +5,12 @@ from flask_login import login_required from app import cache from app.routes.service import bp import app.modules.db.sql as sql -from middleware import check_services, get_user_params +import app.modules.db.waf as waf_sql +import app.modules.db.user as user_sql +import app.modules.db.ha_cluster as ha_sql +import app.modules.db.server as server_sql +import app.modules.db.service as service_sql +from app.middleware import check_services, get_user_params import app.modules.common.common as common import app.modules.server.server as server_mod import app.modules.service.action as service_action @@ -28,7 +33,7 @@ def before_request(): @get_user_params() def services(service, serv): tools = [] - service_desc = sql.select_service(service) + service_desc = service_sql.select_service(service) servers = roxywi_common.get_dick_permit(virt=1, service=service_desc.slug) servers_with_status1 = [] autorefresh = 0 @@ -44,17 +49,17 @@ def services(service, serv): if serv: if roxywi_common.check_is_server_in_group(serv): - servers = sql.select_servers(server=serv) + servers = server_sql.select_servers(server=serv) autorefresh = 1 - waf_server = sql.select_waf_servers(serv) - server_id = sql.select_server_id_by_ip(serv) - docker_settings = sql.select_docker_service_settings(server_id, service_desc.slug) - restart_settings = sql.select_restart_service_settings(server_id, service_desc.slug) + waf_server = waf_sql.select_waf_servers(serv) + server_id = server_sql.select_server_id_by_ip(serv) + docker_settings = service_sql.select_docker_service_settings(server_id, service_desc.slug) + restart_settings = service_sql.select_restart_service_settings(server_id, service_desc.slug) else: raise Exception('error: wrong group') else: - docker_settings = sql.select_docker_services_settings(service_desc.slug) - restart_settings = sql.select_restart_services_settings(service_desc.slug) + docker_settings = service_sql.select_docker_services_settings(service_desc.slug) + restart_settings = service_sql.select_restart_services_settings(service_desc.slug) for s, v in services_name.items(): if distro.id() == 'ubuntu': @@ -77,17 +82,13 @@ def services(service, serv): servers_with_status.append(s[11]) if service == 'nginx': h = (['', ''],) - cmd = [ - "/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active' |awk " - "'{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l" - ] + cmd = ("/usr/sbin/nginx -v 2>&1|awk '{print $3}' && systemctl status nginx |grep -e 'Active' |awk " + "'{print $2, $9$10$11$12$13}' && ps ax |grep nginx:|grep -v grep |wc -l") for service_set in docker_settings: if service_set.server_id == s[0] and service_set.setting == 'dockerized' and service_set.value == '1': container_name = sql.get_setting('nginx_container_name') - cmd = [ - "docker exec -it " + container_name + " /usr/sbin/nginx -v 2>&1|awk '{print $3}' && " - "docker ps -a -f name=" + container_name + " --format '{{.Status}}'|tail -1 && ps ax |grep nginx:|grep -v grep |wc -l" - ] + cmd = ("docker exec -it " + container_name + " /usr/sbin/nginx -v 2>&1|awk '{print $3}' " + "&& docker ps -a -f name=" + container_name + " --format '{{.Status}}'|tail -1 && ps ax |grep nginx:|grep -v grep |wc -l") try: out = server_mod.ssh_command(s[2], cmd) h = () @@ -140,13 +141,13 @@ def services(service, serv): servers_with_status.append(s[12]) - servers_with_status.append(sql.select_servers(server=s[2])) - is_keepalived = sql.select_keepalived(s[2]) + servers_with_status.append(server_sql.select_servers(server=s[2])) + is_keepalived = service_sql.select_keepalived(s[2]) if is_keepalived: try: - cmd = ['sudo kill -USR1 `cat /var/run/keepalived.pid` && sudo grep State /tmp/keepalived.data -m 1 |' - 'awk -F"=" \'{print $2}\'|tr -d \'[:space:]\' && sudo rm -f /tmp/keepalived.data'] + cmd = ('sudo kill -USR1 `cat /var/run/keepalived.pid` && sudo grep State /tmp/keepalived.data -m 1 |' + 'awk -F"=" \'{print $2}\'|tr -d \'[:space:]\' && sudo rm -f /tmp/keepalived.data') out = server_mod.ssh_command(s[2], cmd) out1 = ('1', out) servers_with_status.append(out1) @@ -158,8 +159,8 @@ def services(service, serv): servers_with_status1.append(servers_with_status) kwargs = { - 'clusters': sql.select_ha_cluster_name_and_slaves(), - 'master_slave': sql.is_master(0, master_slave=1), + 'clusters': ha_sql.select_ha_cluster_name_and_slaves(), + 'master_slave': server_sql.is_master(0, master_slave=1), 'user_subscription': roxywi_common.return_user_subscription(), 'autorefresh': autorefresh, 'servers': servers_with_status1, @@ -225,7 +226,7 @@ def cpu_ram_metrics(server_ip, server_id, name, service): group_id = int(request.cookies.get('group')) kwargs = { 'service_status': sorted(servers, key=common.get_key), - 'role': sql.get_user_role_by_uuid(user_id, group_id), + 'role': user_sql.get_user_role_by_uuid(user_id, group_id), 'id': server_id, 'service_page': service, 'lang': g.user_params['lang'] @@ -273,7 +274,7 @@ def show_service_backends(service, server_ip): @bp.route('/position//') def change_pos(server_id, pos): - return sql.update_server_pos(pos, server_id) + return server_sql.update_server_pos(pos, server_id) @bp.route('/haproxy/version/') @@ -286,7 +287,7 @@ def get_haproxy_v(server_ip): @bp.route('/settings//') @check_services def show_service_settings(service, server_id): - settings = sql.select_service_settings(server_id, service) + settings = service_sql.select_service_settings(server_id, service) return render_template('ajax/service_settings.html', settings=settings, service=service) @@ -297,14 +298,14 @@ def save_service_settings(service): haproxy_enterprise = common.checkAjaxInput(request.form.get('serverSettingsEnterprise')) service_dockerized = common.checkAjaxInput(request.form.get('serverSettingsDockerized')) service_restart = common.checkAjaxInput(request.form.get('serverSettingsRestart')) - server_ip = sql.select_server_ip_by_id(server_id) + server_ip = server_sql.select_server_ip_by_id(server_id) service_docker = f'Service {service.title()} has been flagged as a dockerized' service_systemd = f'Service {service.title()} has been flagged as a system service' disable_restart = f'Restart option is disabled for {service.title()} service' enable_restart = f'Restart option is disabled for {service.title()} service' if service == 'haproxy': - if sql.insert_or_update_service_setting(server_id, service, 'haproxy_enterprise', haproxy_enterprise): + if service_sql.insert_or_update_service_setting(server_id, service, 'haproxy_enterprise', haproxy_enterprise): if haproxy_enterprise == '1': roxywi_common.logging(server_ip, 'Service has been flagged as an Enterprise version', roxywi=1, login=1, keep_history=1, service=service) @@ -312,13 +313,13 @@ def save_service_settings(service): roxywi_common.logging(server_ip, 'Service has been flagged as a community version', roxywi=1, login=1, keep_history=1, service=service) - if sql.insert_or_update_service_setting(server_id, service, 'dockerized', service_dockerized): + if service_sql.insert_or_update_service_setting(server_id, service, 'dockerized', service_dockerized): if service_dockerized == '1': roxywi_common.logging(server_ip, service_docker, roxywi=1, login=1, keep_history=1, service=service) else: roxywi_common.logging(server_ip, service_systemd, roxywi=1, login=1, keep_history=1, service=service) - if sql.insert_or_update_service_setting(server_id, service, 'restart', service_restart): + if service_sql.insert_or_update_service_setting(server_id, service, 'restart', service_restart): if service_restart == '1': roxywi_common.logging(server_ip, disable_restart, roxywi=1, login=1, keep_history=1, service=service) else: @@ -335,8 +336,8 @@ def update_tools_enable(service): name = request.form.get('name') alert = request.form.get('alert_en') metrics = request.form.get('metrics') - sql.update_hapwi_server(server_id, alert, metrics, active, service) - server_ip = sql.select_server_ip_by_id(server_id) + service_sql.update_hapwi_server(server_id, alert, metrics, active, service) + server_ip = server_sql.select_server_ip_by_id(server_id) roxywi_common.logging(server_ip, f'The server {name} has been updated ', roxywi=1, login=1, keep_history=1, service=service) diff --git a/app/routes/smon/routes.py b/app/routes/smon/routes.py index 1c767c52..56fc3c70 100644 --- a/app/routes/smon/routes.py +++ b/app/routes/smon/routes.py @@ -5,21 +5,15 @@ from datetime import datetime from app.routes.smon import bp from app.middleware import get_user_params -from app.modules.db.db_model import conn -import app.modules.db.sql as sql +import app.modules.db.history as history_sql import app.modules.db.smon as smon_sql +import app.modules.db.channel as channel_sql import app.modules.common.common as common import app.modules.roxywi.common as roxywi_common import app.modules.tools.smon as smon_mod import app.modules.tools.common as tools_common -@bp.teardown_request -def _db_close(exc): - if not conn.is_closed(): - conn.close() - - @bp.route('/dashboard') @login_required @get_user_params() @@ -41,9 +35,9 @@ def smon_main_dashboard(): 'group': group_id, 'smon_status': tools_common.is_tool_active('roxy-wi-smon'), 'user_subscription': roxywi_common.return_user_subscription(), - 'telegrams': sql.get_user_telegram_by_group(group_id), - 'slacks': sql.get_user_pd_by_group(group_id), - 'pds': sql.get_user_slack_by_group(group_id), + 'telegrams': channel_sql.get_user_telegram_by_group(group_id), + 'slacks': channel_sql.get_user_pd_by_group(group_id), + 'pds': channel_sql.get_user_slack_by_group(group_id), 'sort': request.args.get('sort', None) } @@ -337,9 +331,10 @@ def smon_history(): kwargs = { 'lang': g.user_params['lang'], - 'smon': sql.alerts_history('SMON', g.user_params['group_id']), + 'smon': history_sql.alerts_history('SMON', g.user_params['group_id']), 'smon_status': tools_common.is_tool_active('roxy-wi-smon'), - 'user_subscription': roxywi_common.return_user_subscription() + 'user_subscription': roxywi_common.return_user_subscription(), + 'action': 'smon' } return render_template('smon/history.html', **kwargs) @@ -351,15 +346,16 @@ def smon_history(): def smon_host_history(server_ip): roxywi_common.check_user_group_for_flask() - needed_host = common.is_ip_or_dns(server_ip) + needed_host = common.checkAjaxInput(server_ip) smon_status = tools_common.is_tool_active('roxy-wi-smon') - smon = sql.alerts_history('SMON', g.user_params['group_id'], host=needed_host) + smon = history_sql.alerts_history('SMON', g.user_params['group_id'], host=needed_host) user_subscription = roxywi_common.return_user_subscription() kwargs = { 'lang': g.user_params['lang'], 'smon': smon, 'smon_status': smon_status, - 'user_subscription': user_subscription + 'user_subscription': user_subscription, + 'action': 'smon' } return render_template('smon/history.html', **kwargs) diff --git a/app/routes/user/routes.py b/app/routes/user/routes.py index 75658479..314fb42e 100644 --- a/app/routes/user/routes.py +++ b/app/routes/user/routes.py @@ -5,6 +5,8 @@ from flask_login import login_required from app.routes.user import bp import app.modules.db.sql as sql +import app.modules.db.user as user_sql +import app.modules.db.group as group_sql import app.modules.common.common as common import app.modules.roxywi.user as roxywi_user import app.modules.roxywi.auth as roxywi_auth @@ -14,7 +16,7 @@ import app.modules.roxywi.common as roxywi_common @bp.before_request @login_required def before_request(): - """ Protect all of the admin endpoints. """ + """ Protect all the admin endpoints. """ pass @@ -43,7 +45,7 @@ def create_user(): return str(e) else: return render_template( - 'ajax/new_user.html', users=sql.select_users(user=new_user), groups=sql.select_groups(), page=page, + 'ajax/new_user.html', users=user_sql.select_users(user=new_user), groups=group_sql.select_groups(), page=page, roles=sql.select_roles(), adding=1, lang=lang ) @@ -67,7 +69,7 @@ def update_user(): return 'error: dalsd' else: try: - sql.update_user_from_admin_area(new_user, email, user_id, enabled) + user_sql.update_user_from_admin_area(new_user, email, user_id, enabled) except Exception as e: return f'error: Cannot update user: {e}' roxywi_common.logging(new_user, ' has been updated user ', roxywi=1, login=1) @@ -145,4 +147,4 @@ def change_user_groups_and_roles(): @bp.route('/group/name/') def get_group_name_by_id(group_id): - return sql.get_group_name_by_id(group_id) + return group_sql.get_group_name_by_id(group_id) diff --git a/app/routes/waf/routes.py b/app/routes/waf/routes.py index 77c395c6..f9fc1ed3 100644 --- a/app/routes/waf/routes.py +++ b/app/routes/waf/routes.py @@ -5,7 +5,8 @@ from flask_login import login_required from app.routes.waf import bp import app.modules.db.sql as sql -from middleware import check_services, get_user_params +import app.modules.db.waf as waf_sql +from app.middleware import check_services, get_user_params import app.modules.common.common as common import app.modules.roxy_wi_tools as roxy_wi_tools import app.modules.roxywi.waf as roxy_waf @@ -43,7 +44,7 @@ def waf(service): 'title': 'Web application firewall', 'autorefresh': 1, 'serv': '', - 'servers': sql.select_waf_servers_metrics(g.user_params['user_uuid']), + 'servers': waf_sql.select_waf_servers_metrics(g.user_params['group_id']), 'servers_all': servers, 'manage_rules': '', 'rules': '', @@ -69,10 +70,10 @@ def waf_rules(service, server_ip): kwargs = { 'title': 'Manage rules - Web application firewall', 'serv': server_ip, - 'servers': sql.select_waf_servers_metrics(g.user_params['user_uuid']), + 'servers': waf_sql.select_waf_servers_metrics(g.user_params['group_id']), 'servers_all': '', 'manage_rules': '1', - 'rules': sql.select_waf_rules(server_ip, service), + 'rules': waf_sql.select_waf_rules(server_ip, service), 'waf_rule_file': '', 'waf_rule_id': '', 'config': '', @@ -98,7 +99,7 @@ def waf_rule_edit(service, server_ip, rule_id): else: config_path = sql.get_setting('haproxy_dir') - waf_rule_file = sql.select_waf_rule_by_id(rule_id) + waf_rule_file = waf_sql.select_waf_rule_by_id(rule_id) configs_dir = sql.get_setting('tmp_config_path') cfg = f"{configs_dir}{server_ip}-{get_date.return_date('config')}-{waf_rule_file}" error = config_mod.get_config(server_ip, cfg, waf=service, waf_rule_file=waf_rule_file) @@ -115,11 +116,11 @@ def waf_rule_edit(service, server_ip, rule_id): kwargs = { 'title': 'Edit a WAF rule', 'serv': server_ip, - 'servers': sql.select_waf_servers_metrics(g.user_params['user_uuid']), + 'servers': waf_sql.select_waf_servers_metrics(g.user_params['group_id']), 'servers_all': '', 'manage_rules': '', - 'rules': sql.select_waf_rules(server_ip, service), - 'waf_rule_file': sql.select_waf_rule_by_id(rule_id), + 'rules': waf_sql.select_waf_rules(server_ip, service), + 'waf_rule_file': waf_sql.select_waf_rule_by_id(rule_id), 'waf_rule_id': rule_id, 'config': config_read, 'cfg': cfg, @@ -205,4 +206,4 @@ def overview_waf(service, server_ip): @bp.route('/metric/enable//') def enable_metric(enable, server_name): server_name = common.checkAjaxInput(server_name) - return sql.update_waf_metrics_enable(server_name, enable) + return waf_sql.update_waf_metrics_enable(server_name, enable) diff --git a/app/templates/ajax/alerts_history.html b/app/templates/ajax/alerts_history.html index 6c81d67f..946290b3 100644 --- a/app/templates/ajax/alerts_history.html +++ b/app/templates/ajax/alerts_history.html @@ -1,15 +1,15 @@ -{% if action == "history" %} - {% set column_for_sort = 4 %} +{% if action == "checker" %} +{% set column_for_sort = 3 %} {% else %} - {% set column_for_sort = 3 %} +{% set column_for_sort = 4 %} {% endif %}