poprawa błędów i dodanie hasła

This commit is contained in:
Mateusz779 2023-04-21 10:40:09 +02:00
parent 135eb3b32b
commit e67f453410
3 changed files with 65 additions and 73 deletions

67
app.py
View File

@ -36,6 +36,7 @@ def login():
return render_template('index.html', ssh_port=config.webssh_port, machines=machines_all.machines, timezone=config.timezone)
return render_template('login.html')
@app.route('/logout')
def logout():
auth_token = request.cookies.get('auth_token')
@ -47,6 +48,7 @@ def logout():
return response
return render_template('login.html')
@app.route('/images')
def list_images():
auth_token = request.cookies.get('auth_token')
@ -56,6 +58,7 @@ def list_images():
images_all = db.get_images()
return render_template("images.html", images=images_all.images)
@app.route('/create')
def create_conf():
auth_token = request.cookies.get('auth_token')
@ -72,10 +75,14 @@ def create_conf_post():
if db.get_user_bytoken(auth_token) is None:
return redirect("/login")
try:
config_name = request.form['config_name']
token_name = request.form['token_name']
key_length = request.form['key_length']
ip = request.form['ip']
password = request.form['pass']
except:
return jsonify(message="400")
if db.get_conf_id_name(config_name+".squashfs") is not None:
return jsonify(message="400")
if db.get_conf_id(token_name) is not None:
@ -105,8 +112,8 @@ def create_conf_post():
if os.path.exists(folder):
shutil.rmtree(folder)
db.add_conf_image(config_name+".squashfs", token_name, ip)
output = subprocess.run(['openssl','passwd','-6', password], capture_output=True, text=True)
db.add_conf_image(config_name+".squashfs", token_name, ip, output.stdout)
return send_file(os.path.join(app.config['UPLOAD_FOLDER'], config_name+".pub"))
@ -126,6 +133,7 @@ def login_api():
response.set_cookie('auth_token', auth_token)
return response
@app.route('/delete/<int:image_id>', methods=['POST'])
def delete(image_id):
auth_token = request.cookies.get('auth_token')
@ -137,7 +145,8 @@ def delete(image_id):
return jsonify(message="409")
filename = db.get_conf_image_id(image_id)
squashfs = os.path.join(app.config['UPLOAD_FOLDER'], filename)
pubkey = os.path.join(app.config['UPLOAD_FOLDER'], filename.split(".")[0]+".pub")
pubkey = os.path.join(
app.config['UPLOAD_FOLDER'], filename.split(".")[0]+".pub")
if os.path.exists(squashfs):
os.remove(squashfs)
if os.path.exists(pubkey):
@ -146,49 +155,6 @@ def delete(image_id):
return redirect(url_for('list_images'))
@app.route("/api/addimage", methods=['POST'])
def add_image():
auth_token = request.cookies.get('auth_token')
if auth_token != "" or auth_token is not None:
if db.get_user_bytoken(auth_token) is None:
return redirect("/login")
name = None
try:
file = request.files['file']
if file is None or file == "":
return jsonify(message="nofile")
except Exception as e:
return jsonify(message="nofile")
try:
token = request.form['token']
if token is None or token == "":
return jsonify(message="notoken")
except:
if token is None:
return jsonify(message="notoken")
incorrect = True
while incorrect:
if db.GetVPNImage(token) is not None:
if name[-1:].isdigit():
name = name[:-1] + str(int(name[-1:])+1)
else:
name = name+"1"
else:
incorrect = False
filename = secure_filename(file.filename)
while os.path.exists(os.path.join(app.config['UPLOAD_FOLDER'], filename)):
if filename[0].isdigit():
filename = str(int(filename[0])+1)+filename[1:]
else:
filename = "1"+filename
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
db.add_conf_image(filename, token)
return jsonify(message="ok")
@app.route("/api/getconf")
def get_image():
@ -216,6 +182,15 @@ def get_image():
return send_file(os.path.join(app.config['UPLOAD_FOLDER'], filename))
@app.route("/api/getpass")
def get_pass():
try:
password = db.get_conf_password(request.headers['token'])
return password
except:
return ""
@app.route("/api/release_allocation", methods=['POST'])
def release_allocation():
try:

33
db.py
View File

@ -4,6 +4,7 @@ import utils
import machines
import images
def connect():
global cur, conn
try:
@ -26,6 +27,7 @@ def connect():
image_name VARCHAR(255) NOT NULL,
token VARCHAR(255) NOT NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
password VARCHAR(128) NOT NULL,
vpn_ip INET
);""")
conn.commit()
@ -76,13 +78,13 @@ def get_one(sql, value):
return None
def add_conf_image(name, token, ip):
def add_conf_image(name, token, ip, password):
connect()
with get_cur() as cur:
cur.execute("""
INSERT INTO image (image_name, token, vpn_ip)
VALUES (%s, %s, %s)
""", (name, token,ip, ))
INSERT INTO image (image_name, token, vpn_ip, password)
VALUES (%s, %s, %s, %s)
""", (name, token, ip, password, ))
conn.commit()
@ -90,9 +92,14 @@ def get_conf_image(token):
return get_one("SELECT image_name FROM image WHERE token = %s", token)
def get_conf_password(token):
return get_one("SELECT password FROM image WHERE token = %s", token)
def get_conf_image_id(id):
return get_one("SELECT image_name FROM image WHERE id = %s", id)
def get_conf_id(token):
return get_one("SELECT id FROM image WHERE token = %s", token)
@ -154,7 +161,6 @@ def del_auth_token(token):
return None
def login(username, password):
user_id = get_user_pass(username, password)
if user_id is not None:
@ -162,6 +168,7 @@ def login(username, password):
else:
return None
def get_machines():
connect()
with get_cur() as cur:
@ -170,9 +177,12 @@ def get_machines():
try:
machinesall = machines.MachineManager()
for row in cur.fetchall():
token = get_one("SELECT token FROM image WHERE id = %s", row[0])
image_name = get_one("SELECT image_name FROM image WHERE id = %s", row[0])
machine = machines.Machine(token, image_name, start_time=row[1], ipvpn=row[2], iplocal=row[3], username="root", password="")
token = get_one(
"SELECT token FROM image WHERE id = %s", row[0])
image_name = get_one(
"SELECT image_name FROM image WHERE id = %s", row[0])
machine = machines.Machine(
token, image_name, start_time=row[1], ipvpn=row[2], iplocal=row[3], username="root", password="")
machinesall.add_machine(machine)
return machinesall
except:
@ -187,12 +197,14 @@ def get_images():
try:
images_all = images.ImageManager()
for row in cur.fetchall():
image = images.Image(id = row[0], token=row[1], name=row[2], vpn_ip=row[3])
image = images.Image(
id=row[0], token=row[1], name=row[2], vpn_ip=row[3])
images_all.add_image(image)
return images_all
except:
return None
def del_image(image_id):
connect()
with get_cur() as cur:
@ -203,6 +215,7 @@ def del_image(image_id):
except:
return None
def get_image_allocation_all_id():
connect()
with get_cur() as cur:
@ -226,6 +239,7 @@ def get_image_allocation_all():
except:
return None
def get_image_allocation(image_id):
return get_one("SELECT id FROM image_allocation WHERE image_id = %s", image_id)
@ -307,6 +321,7 @@ def update_image_allocation_time(id):
except:
return None
def update_image_allocation_ip_vpn(token, ip):
image_id = get_conf_id(token)
if image_id is None:

View File

@ -70,15 +70,17 @@ form textarea {
<br>
<h1>Formularz tworzenia obrazu konfiguracyjnego</h1>
<form method="POST" action="/api/createconf" enctype="multipart/form-data">
<label>Nazwa konfiguracji:</label><br>
<label>Nazwa konfiguracji:</label>
<input type="text" name="config_name" required><br><br>
<label>Nazwa tokenu:</label><br>
<label>Nazwa tokenu:</label>
<input type="text" name="token_name" required><br><br>
<label>Długość klucza:</label><br>
<label>Długość klucza:</label>
<input type="number" name="key_length" min="1024" value="2048" required><br><br>
<label>Adres ip VPN:</label><br>
<label>Adres ip VPN:</label>
<input type="text" name="ip" required><br><br>
<label>Konfiguracja authorized_keys:</label><br>
<label>Hasło dla roota:</label>
<input type="password" name="pass" required><br><br>
<label>Konfiguracja authorized_keys:</label>
<textarea name="authorized_keys_config" rows="4" cols="50"></textarea><br><br>
<input type="submit" value="Wyślij">
</form>