Mirrored_Repos/crafty-4
1
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2024-08-30 18:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
369ac7ad15
crafty-4/app/classes/web/ajax_handler.py

488 lines
23 KiB
Python
Raw Normal View History

many new things, regexit sub function created virtual console now has colors fixed error with login function auditing None instead of 0 other things I can't remember atm
2020-09-02 01:30:39 +00:00
import json
import logging
This is broken right now. Trying to add unzip function
2021-08-19 20:50:18 +00:00
import tempfile
Made it so a new thread is spawned for uploads. Need to add file checking so system doesn't crash when a user tries to upload a dmg or a .mov
2021-08-20 19:41:22 +00:00
import threading
Adds kill process button to dashboard.
2021-09-13 19:03:47 +00:00
from typing import Container
This is broken right now. Trying to add unzip function
2021-08-19 20:50:18 +00:00
import zipfile
many new things, regexit sub function created virtual console now has colors fixed error with login function auditing None instead of 0 other things I can't remember atm
2020-09-02 01:30:39 +00:00
import tornado.web
import tornado.escape
import bleach
Now can edit files. Also fixed a bunch of bugs.
2021-01-15 19:59:58 +00:00
import os
File Manager: DONE
2021-01-17 17:20:28 +00:00
import shutil
Escape logfile output, fixes weird formatting and remote code execution vulnerability
2021-06-02 18:47:08 +00:00
import html
Full release on stdout fix! Basically I ditch the ANSI codes and use the old highlighting system.
2021-08-11 20:29:31 +00:00
import re
Fix security issues
2021-11-30 19:37:45 +00:00
from app.classes.models.users import helper_users
many new things, regexit sub function created virtual console now has colors fixed error with login function auditing None instead of 0 other things I can't remember atm
2020-09-02 01:30:39 +00:00
from app.classes.shared.console import console
Rework architecture for better MVC
2021-09-08 22:01:10 +00:00
from app.classes.shared.main_models import Users, installer
many new things, regexit sub function created virtual console now has colors fixed error with login function auditing None instead of 0 other things I can't remember atm
2020-09-02 01:30:39 +00:00
from app.classes.web.base_handler import BaseHandler
from app.classes.shared.helpers import helper
Use stdout for virtual terminal. WebSockets seem to be "laggy".
2021-08-10 20:17:56 +00:00
from app.classes.shared.server import ServerOutBuf
Fix security issues
2021-11-30 19:37:45 +00:00
from app.classes.models.server_permissions import Enum_Permissions_Server
many new things, regexit sub function created virtual console now has colors fixed error with login function auditing None instead of 0 other things I can't remember atm
2020-09-02 01:30:39 +00:00
logger = logging.getLogger(__name__)
class AjaxHandler(BaseHandler):
def render_page(self, template, page_data):
self.render(
template,
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
data=page_data,
translate=self.translator.translate,
many new things, regexit sub function created virtual console now has colors fixed error with login function auditing None instead of 0 other things I can't remember atm
2020-09-02 01:30:39 +00:00
)
@tornado.web.authenticated
def get(self, page):
user_data = json.loads(self.get_secure_cookie("user_data"))
error = bleach.clean(self.get_argument('error', "WTF Error!"))
template = "panel/denied.html"
page_data = {
'user_data': user_data,
'error': error
}
if page == "error":
template = "public/error.html"
self.render_page(template, page_data)
elif page == 'server_log':
server_id = self.get_argument('id', None)
added max_log_lines to config.json, added server_logs subpage, split server details top part to it's own include
2020-09-04 02:49:20 +00:00
full_log = self.get_argument('full', False)
many new things, regexit sub function created virtual console now has colors fixed error with login function auditing None instead of 0 other things I can't remember atm
2020-09-02 01:30:39 +00:00
if server_id is None:
logger.warning("Server ID not found in server_log ajax call")
self.redirect("/panel/error?error=Server ID Not Found")
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
return
many new things, regexit sub function created virtual console now has colors fixed error with login function auditing None instead of 0 other things I can't remember atm
2020-09-02 01:30:39 +00:00
server_id = bleach.clean(server_id)
Correction of undefined db_helper following merge
2021-09-25 21:05:49 +00:00
server_data = self.controller.servers.get_server_data_by_id(server_id)
many new things, regexit sub function created virtual console now has colors fixed error with login function auditing None instead of 0 other things I can't remember atm
2020-09-02 01:30:39 +00:00
if not server_data:
logger.warning("Server Data not found in server_log ajax call")
self.redirect("/panel/error?error=Server ID Not Found")
Use stdout for virtual terminal. WebSockets seem to be "laggy".
2021-08-10 20:17:56 +00:00
return
many new things, regexit sub function created virtual console now has colors fixed error with login function auditing None instead of 0 other things I can't remember atm
2020-09-02 01:30:39 +00:00
One monster truck commit for rework and backups
2021-03-22 04:02:18 +00:00
if not server_data['log_path']:
logger.warning("Log path not found in server_log ajax call ({})".format(server_id))
many new things, regexit sub function created virtual console now has colors fixed error with login function auditing None instead of 0 other things I can't remember atm
2020-09-02 01:30:39 +00:00
added max_log_lines to config.json, added server_logs subpage, split server details top part to it's own include
2020-09-04 02:49:20 +00:00
if full_log:
log_lines = helper.get_setting('max_log_lines')
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
data = helper.tail_file(helper.get_os_understandable_path(server_data['log_path']), log_lines)
added max_log_lines to config.json, added server_logs subpage, split server details top part to it's own include
2020-09-04 02:49:20 +00:00
else:
Use stdout for virtual terminal. WebSockets seem to be "laggy".
2021-08-10 20:17:56 +00:00
data = ServerOutBuf.lines.get(server_id, [])
added max_log_lines to config.json, added server_logs subpage, split server details top part to it's own include
2020-09-04 02:49:20 +00:00
many new things, regexit sub function created virtual console now has colors fixed error with login function auditing None instead of 0 other things I can't remember atm
2020-09-02 01:30:39 +00:00
for d in data:
try:
Full release on stdout fix! Basically I ditch the ANSI codes and use the old highlighting system.
2021-08-11 20:29:31 +00:00
d = re.sub('(\033\\[(0;)?[0-9]*[A-z]?(;[0-9])?m?)|(> )', '', d)
d = re.sub('[A-z]{2}\b\b', '', d)
Escape logfile output, fixes weird formatting and remote code execution vulnerability
2021-06-02 18:47:08 +00:00
line = helper.log_colors(html.escape(d))
many new things, regexit sub function created virtual console now has colors fixed error with login function auditing None instead of 0 other things I can't remember atm
2020-09-02 01:30:39 +00:00
self.write('{}<br />'.format(line))
# self.write(d.encode("utf-8"))
except Exception as e:
logger.warning("Skipping Log Line due to error: {}".format(e))
pass
changed notify icon - added code to grab remote json from craftycontrol.com for announcements and such - icon turns red if update available
2020-09-23 01:42:41 +00:00
elif page == "announcements":
data = helper.get_announcements()
page_data['notify_data'] = data
self.render_page('ajax/notify.html', page_data)
Now can edit files. Also fixed a bunch of bugs.
2021-01-15 19:59:58 +00:00
elif page == "get_file":
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
file_path = helper.get_os_understandable_path(self.get_argument('file_path', None))
Now can edit files. Also fixed a bunch of bugs.
2021-01-15 19:59:58 +00:00
server_id = self.get_argument('id', None)
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
if not self.check_server_id(server_id, 'get_file'): return
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
else: server_id = bleach.clean(server_id)
Now can edit files. Also fixed a bunch of bugs.
2021-01-15 19:59:58 +00:00
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
if not helper.in_path(helper.get_os_understandable_path(self.controller.servers.get_server_data_by_id(server_id)['path']), file_path)\
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
or not helper.check_file_exists(os.path.abspath(file_path)):
Remove unnecessary logs, update logs to have more information, add resizing to file editor
2021-01-20 21:10:25 +00:00
logger.warning("Invalid path in get_file ajax call ({})".format(file_path))
console.warning("Invalid path in get_file ajax call ({})".format(file_path))
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
return
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
error = None
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
try:
with open(file_path) as file:
file_contents = file.read()
except UnicodeDecodeError:
file_contents = ''
error = 'UnicodeDecodeError'
self.write({
'content': file_contents,
'error': error
})
Now can edit files. Also fixed a bunch of bugs.
2021-01-15 19:59:58 +00:00
self.finish()
changed notify icon - added code to grab remote json from craftycontrol.com for announcements and such - icon turns red if update available
2020-09-23 01:42:41 +00:00
File Manager: DONE
2021-01-17 17:20:28 +00:00
elif page == "get_tree":
server_id = self.get_argument('id', None)
Improved File Loading, Fixed Port checking
2022-01-08 23:03:45 +00:00
path = self.get_argument('path', None)
File Manager: DONE
2021-01-17 17:20:28 +00:00
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
if not self.check_server_id(server_id, 'get_tree'): return
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
else: server_id = bleach.clean(server_id)
File Manager: DONE
2021-01-17 17:20:28 +00:00
Improved File Loading, Fixed Port checking
2022-01-08 23:03:45 +00:00
if helper.validate_traversal(self.controller.servers.get_server_data_by_id(server_id)['path'], path):
self.write(helper.get_os_understandable_path(path) + '\n' +
helper.generate_tree(path))
self.finish()
elif page == "get_dir":
server_id = self.get_argument('id', None)
path = self.get_argument('path', None)
if not self.check_server_id(server_id, 'get_tree'): return
else: server_id = bleach.clean(server_id)
if helper.validate_traversal(self.controller.servers.get_server_data_by_id(server_id)['path'], path):
self.write(helper.get_os_understandable_path(path) + '\n' +
helper.generate_dir(path))
File Manager: DONE
2021-01-17 17:20:28 +00:00
self.finish()
Add auth requirement to AJAX handlers
2021-01-18 15:02:38 +00:00
@tornado.web.authenticated
adding virtual console ajax to actually send the command
2020-09-22 02:01:16 +00:00
def post(self, page):
user_data = json.loads(self.get_secure_cookie("user_data"))
Fix security issues
2021-11-30 19:37:45 +00:00
server_id = self.get_argument('id', None)
exec_user_id = user_data['user_id']
exec_user = helper_users.get_user(exec_user_id)
permissions = {
'Commands': Enum_Permissions_Server.Commands,
'Terminal': Enum_Permissions_Server.Terminal,
'Logs': Enum_Permissions_Server.Logs,
'Schedule': Enum_Permissions_Server.Schedule,
'Backup': Enum_Permissions_Server.Backup,
'Files': Enum_Permissions_Server.Files,
'Config': Enum_Permissions_Server.Config,
'Players': Enum_Permissions_Server.Players,
}
user_perms = self.controller.server_perms.get_server_permissions_foruser(exec_user_id, server_id)
adding virtual console ajax to actually send the command
2020-09-22 02:01:16 +00:00
error = bleach.clean(self.get_argument('error', "WTF Error!"))
page_data = {
'user_data': user_data,
'error': error
}
if page == "send_command":
File Manager: DONE
2021-01-17 17:20:28 +00:00
command = self.get_body_argument('command', default=None, strip=True)
server_id = self.get_argument('id')
adding virtual console ajax to actually send the command
2020-09-22 02:01:16 +00:00
if server_id is None:
logger.warning("Server ID not found in send_command ajax call")
Now can edit files. Also fixed a bunch of bugs.
2021-01-15 19:59:58 +00:00
console.warning("Server ID not found in send_command ajax call")
adding virtual console ajax to actually send the command
2020-09-22 02:01:16 +00:00
One monster truck commit for rework and backups
2021-03-22 04:02:18 +00:00
srv_obj = self.controller.get_server_obj(server_id)
adding virtual console ajax to actually send the command
2020-09-22 02:01:16 +00:00
if command:
if srv_obj.check_running():
srv_obj.send_command(command)
many new things, regexit sub function created virtual console now has colors fixed error with login function auditing None instead of 0 other things I can't remember atm
2020-09-02 01:30:39 +00:00
Correction of undefined db_helper following merge
2021-09-25 21:05:49 +00:00
self.controller.management.add_to_audit_log(user_data['user_id'], "Sent command to {} terminal: {}".format(self.controller.servers.get_server_friendly_name(server_id), command), server_id, self.get_remote_ip())
Fixes bug where player counts would cause crash if not super user. Adds commands sent through terminal to audit log. Makes it so regular users cannot see the audit log.
2021-09-14 02:02:57 +00:00
File Manager: DONE
2021-01-17 17:20:28 +00:00
elif page == "create_file":
Fix security issues
2021-11-30 19:37:45 +00:00
if not permissions['Files'] in user_perms:
if not exec_user['superuser']:
self.redirect("/panel/error?error=Unauthorized access to Files")
return
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
file_parent = helper.get_os_understandable_path(self.get_body_argument('file_parent', default=None, strip=True))
File Manager: DONE
2021-01-17 17:20:28 +00:00
file_name = self.get_body_argument('file_name', default=None, strip=True)
file_path = os.path.join(file_parent, file_name)
server_id = self.get_argument('id', None)
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
if not self.check_server_id(server_id, 'create_file'): return
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
else: server_id = bleach.clean(server_id)
File Manager: DONE
2021-01-17 17:20:28 +00:00
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
if not helper.in_path(helper.get_os_understandable_path(self.controller.servers.get_server_data_by_id(server_id)['path']), file_path) \
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
or helper.check_file_exists(os.path.abspath(file_path)):
Remove unnecessary logs, update logs to have more information, add resizing to file editor
2021-01-20 21:10:25 +00:00
logger.warning("Invalid path in create_file ajax call ({})".format(file_path))
console.warning("Invalid path in create_file ajax call ({})".format(file_path))
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
return
File Manager: DONE
2021-01-17 17:20:28 +00:00
# Create the file by opening it
with open(file_path, 'w') as file_object:
file_object.close()
elif page == "create_dir":
Fix security issues
2021-11-30 19:37:45 +00:00
if not permissions['Files'] in user_perms:
if not exec_user['superuser']:
self.redirect("/panel/error?error=Unauthorized access to Files")
return
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
dir_parent = helper.get_os_understandable_path(self.get_body_argument('dir_parent', default=None, strip=True))
File Manager: DONE
2021-01-17 17:20:28 +00:00
dir_name = self.get_body_argument('dir_name', default=None, strip=True)
dir_path = os.path.join(dir_parent, dir_name)
server_id = self.get_argument('id', None)
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
if not self.check_server_id(server_id, 'create_dir'): return
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
else: server_id = bleach.clean(server_id)
File Manager: DONE
2021-01-17 17:20:28 +00:00
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
if not helper.in_path(helper.get_os_understandable_path(self.controller.servers.get_server_data_by_id(server_id)['path']), dir_path) \
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
or helper.check_path_exists(os.path.abspath(dir_path)):
Remove unnecessary logs, update logs to have more information, add resizing to file editor
2021-01-20 21:10:25 +00:00
logger.warning("Invalid path in create_dir ajax call ({})".format(dir_path))
console.warning("Invalid path in create_dir ajax call ({})".format(dir_path))
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
return
File Manager: DONE
2021-01-17 17:20:28 +00:00
# Create the directory
os.mkdir(dir_path)
Completed file uploading. Need to fix listing when right clicking. Unzip is shown at all times. Added unzip function to helpers and is called through ajax for unzipping files to current directory.
2021-08-20 03:36:25 +00:00
elif page == "unzip_file":
Fix security issues
2021-11-30 19:37:45 +00:00
if not permissions['Files'] in user_perms:
if not exec_user['superuser']:
self.redirect("/panel/error?error=Unauthorized access to Files")
return
Completed file uploading. Need to fix listing when right clicking. Unzip is shown at all times. Added unzip function to helpers and is called through ajax for unzipping files to current directory.
2021-08-20 03:36:25 +00:00
server_id = self.get_argument('id', None)
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
path = helper.get_os_understandable_path(self.get_argument('path', None))
Completed file uploading. Need to fix listing when right clicking. Unzip is shown at all times. Added unzip function to helpers and is called through ajax for unzipping files to current directory.
2021-08-20 03:36:25 +00:00
helper.unzipFile(path)
I leaned on my keyboard just before the last commit. Fixed the things
2021-08-20 03:50:24 +00:00
self.redirect("/panel/server_detail?id={}&subpage=files".format(server_id))
Completed file uploading. Need to fix listing when right clicking. Unzip is shown at all times. Added unzip function to helpers and is called through ajax for unzipping files to current directory.
2021-08-20 03:36:25 +00:00
return
Adds kill process button to dashboard.
2021-09-13 19:03:47 +00:00
elif page == "kill":
Fix security issues
2021-11-30 19:37:45 +00:00
if not permissions['Commands'] in user_perms:
if not exec_user['superuser']:
self.redirect("/panel/error?error=Unauthorized access to Commands")
return
Adds kill process button to dashboard.
2021-09-13 19:03:47 +00:00
server_id = self.get_argument('id', None)
svr = self.controller.get_server_obj(server_id)
Protype subprocess management
2021-09-25 19:29:28 +00:00
try:
svr.kill()
except Exception as e:
Adds kill process button to dashboard.
2021-09-13 19:03:47 +00:00
logger.error("Could not find PID for requested termsig. Full error: {}".format(e))
return
Add EULA confirm message on server startup if EULA is not found.
2021-11-23 21:11:23 +00:00
elif page == "eula":
server_id = self.get_argument('id', None)
svr = self.controller.get_server_obj(server_id)
Rework server start to look for user_id and not user_lang. Gives acces to more user info. Fixes websocket broadcast to only send broadcast to user who sent original request.
2021-11-27 22:10:43 +00:00
svr.agree_eula(user_data['user_id'])
Adds kill process button to dashboard.
2021-09-13 19:03:47 +00:00
Backup Restore/Root Disable
2021-11-29 21:22:46 +00:00
elif page == "restore_backup":
Fix security issues
2021-11-30 19:37:45 +00:00
if not permissions['Backup'] in user_perms:
if not exec_user['superuser']:
self.redirect("/panel/error?error=Unauthorized access to Backups")
return
Backup Restore/Root Disable
2021-11-29 21:22:46 +00:00
server_id = bleach.clean(self.get_argument('id', None))
zip_name = bleach.clean(self.get_argument('zip_file', None))
svr_obj = self.controller.servers.get_server_obj(server_id)
server_data = self.controller.servers.get_server_data_by_id(server_id)
backup_path = svr_obj.backup_path
if helper.validate_traversal(backup_path, zip_name):
new_server = self.controller.import_zip_server(svr_obj.server_name, os.path.join(backup_path, zip_name), server_data['executable'], '1', '2', server_data['server_port'])
new_server_id = new_server
new_server = self.controller.get_server_data(new_server)
self.controller.rename_backup_dir(server_id, new_server_id, new_server['server_uuid'])
self.controller.remove_server(server_id, True)
self.redirect('/panel/dashboard')
initial changes for zip imports selection
2022-01-09 23:04:54 +00:00
elif page == "unzip_server":
print("in unzip server")
path = self.get_argument('path', None)
logger.info(
"Removing server from panel for server: {}".format(self.controller.servers.get_server_friendly_name(server_id)))
self.controller.remove_server(server_id, False)
return "test"
Backup Restore/Root Disable
2021-11-29 21:22:46 +00:00
Add auth requirement to AJAX handlers
2021-01-18 15:02:38 +00:00
@tornado.web.authenticated
File Manager: DONE
2021-01-17 17:20:28 +00:00
def delete(self, page):
Fix security issues
2021-11-30 19:37:45 +00:00
user_data = json.loads(self.get_secure_cookie("user_data"))
server_id = self.get_argument('id', None)
exec_user_id = user_data['user_id']
exec_user = helper_users.get_user(exec_user_id)
permissions = {
'Commands': Enum_Permissions_Server.Commands,
'Terminal': Enum_Permissions_Server.Terminal,
'Logs': Enum_Permissions_Server.Logs,
'Schedule': Enum_Permissions_Server.Schedule,
'Backup': Enum_Permissions_Server.Backup,
'Files': Enum_Permissions_Server.Files,
'Config': Enum_Permissions_Server.Config,
'Players': Enum_Permissions_Server.Players,
}
user_perms = self.controller.server_perms.get_server_permissions_foruser(exec_user_id, server_id)
File Manager: DONE
2021-01-17 17:20:28 +00:00
if page == "del_file":
Fix security issues
2021-11-30 19:37:45 +00:00
if not permissions['Files'] in user_perms:
if not exec_user['superuser']:
self.redirect("/panel/error?error=Unauthorized access to Files")
return
file_path = helper.get_os_understandable_path(self.get_body_argument('file_path', default=None, strip=True))
server_id = self.get_argument('id', None)
console.warning("delete {} for server {}".format(file_path, server_id))
if not self.check_server_id(server_id, 'del_file'):
return
else: server_id = bleach.clean(server_id)
server_info = self.controller.servers.get_server_data_by_id(server_id)
if not (helper.in_path(helper.get_os_understandable_path(server_info['path']), file_path) \
or helper.in_path(helper.get_os_understandable_path(server_info['backup_path']), file_path)) \
or not helper.check_file_exists(os.path.abspath(file_path)):
logger.warning("Invalid path in del_file ajax call ({})".format(file_path))
console.warning("Invalid path in del_file ajax call ({})".format(file_path))
return
# Delete the file
os.remove(file_path)
if page == "del_backup":
if not permissions['Backup'] in user_perms:
if not exec_user['superuser']:
self.redirect("/panel/error?error=Unauthorized access to Backups")
return
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
file_path = helper.get_os_understandable_path(self.get_body_argument('file_path', default=None, strip=True))
File Manager: DONE
2021-01-17 17:20:28 +00:00
server_id = self.get_argument('id', None)
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
console.warning("delete {} for server {}".format(file_path, server_id))
File Manager: DONE
2021-01-17 17:20:28 +00:00
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
if not self.check_server_id(server_id, 'del_file'):
Puts a temporary fix on deleting backups. Will be fixed in alpha 4
2021-11-20 02:09:09 +00:00
return
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
else: server_id = bleach.clean(server_id)
File Manager: DONE
2021-01-17 17:20:28 +00:00
Rework architecture for better MVC
2021-09-08 22:01:10 +00:00
server_info = self.controller.servers.get_server_data_by_id(server_id)
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
if not (helper.in_path(helper.get_os_understandable_path(server_info['path']), file_path) \
or helper.in_path(helper.get_os_understandable_path(server_info['backup_path']), file_path)) \
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
or not helper.check_file_exists(os.path.abspath(file_path)):
Remove unnecessary logs, update logs to have more information, add resizing to file editor
2021-01-20 21:10:25 +00:00
logger.warning("Invalid path in del_file ajax call ({})".format(file_path))
console.warning("Invalid path in del_file ajax call ({})".format(file_path))
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
return
File Manager: DONE
2021-01-17 17:20:28 +00:00
# Delete the file
Improved File Loading, Fixed Port checking
2022-01-08 23:03:45 +00:00
if helper.validate_traversal(helper.get_os_understandable_path(server_info['path']), file_path):
os.remove(file_path)
File Manager: DONE
2021-01-17 17:20:28 +00:00
elif page == "del_dir":
Fix security issues
2021-11-30 19:37:45 +00:00
if not permissions['Files'] in user_perms:
if not exec_user['superuser']:
self.redirect("/panel/error?error=Unauthorized access to Files")
return
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
dir_path = helper.get_os_understandable_path(self.get_body_argument('dir_path', default=None, strip=True))
File Manager: DONE
2021-01-17 17:20:28 +00:00
server_id = self.get_argument('id', None)
Added option to remove server files on delete. Added confirmation for server delete.
2021-08-10 00:48:22 +00:00
console.warning("delete {} for server {}".format(dir_path, server_id))
File Manager: DONE
2021-01-17 17:20:28 +00:00
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
if not self.check_server_id(server_id, 'del_dir'): return
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
else: server_id = bleach.clean(server_id)
File Manager: DONE
2021-01-17 17:20:28 +00:00
Rework architecture for better MVC
2021-09-08 22:01:10 +00:00
server_info = self.controller.servers.get_server_data_by_id(server_id)
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
if not helper.in_path(helper.get_os_understandable_path(server_info['path']), dir_path) \
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
or not helper.check_path_exists(os.path.abspath(dir_path)):
Remove unnecessary logs, update logs to have more information, add resizing to file editor
2021-01-20 21:10:25 +00:00
logger.warning("Invalid path in del_file ajax call ({})".format(dir_path))
console.warning("Invalid path in del_file ajax call ({})".format(dir_path))
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
return
File Manager: DONE
2021-01-17 17:20:28 +00:00
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
# Delete the directory
# os.rmdir(dir_path) # Would only remove empty directories
Improved File Loading, Fixed Port checking
2022-01-08 23:03:45 +00:00
if helper.validate_traversal(helper.get_os_understandable_path(server_info['path']), dir_path):
shutil.rmtree(dir_path) # Removes also when there are contents
File Manager: DONE
2021-01-17 17:20:28 +00:00
Moved delete server to ajax call instead of a task.
2021-08-18 22:50:53 +00:00
elif page == "delete_server":
Fix security issues
2021-11-30 19:37:45 +00:00
if not permissions['Config'] in user_perms:
if not exec_user['superuser']:
self.redirect("/panel/error?error=Unauthorized access to Config")
return
Moved delete server to ajax call instead of a task.
2021-08-18 22:50:53 +00:00
server_id = self.get_argument('id', None)
logger.info(
Rework architecture for better MVC
2021-09-08 22:01:10 +00:00
"Removing server from panel for server: {}".format(self.controller.servers.get_server_friendly_name(server_id)))
Moved delete server to ajax call instead of a task.
2021-08-18 22:50:53 +00:00
self.controller.remove_server(server_id, False)
elif page == "delete_server_files":
Fix security issues
2021-11-30 19:37:45 +00:00
if not permissions['Config'] in user_perms:
if not exec_user['superuser']:
self.redirect("/panel/error?error=Unauthorized access to Config")
return
Moved delete server to ajax call instead of a task.
2021-08-18 22:50:53 +00:00
server_id = self.get_argument('id', None)
logger.info(
Rework architecture for better MVC
2021-09-08 22:01:10 +00:00
"Removing server and all associated files for server: {}".format(self.controller.servers.get_server_friendly_name(server_id)))
Moved delete server to ajax call instead of a task.
2021-08-18 22:50:53 +00:00
self.controller.remove_server(server_id, True)
Add auth requirement to AJAX handlers
2021-01-18 15:02:38 +00:00
@tornado.web.authenticated
File Manager: DONE
2021-01-17 17:20:28 +00:00
def put(self, page):
Fix security issues
2021-11-30 19:37:45 +00:00
user_data = json.loads(self.get_secure_cookie("user_data"))
server_id = self.get_argument('id', None)
exec_user_id = user_data['user_id']
exec_user = helper_users.get_user(exec_user_id)
permissions = {
'Commands': Enum_Permissions_Server.Commands,
'Terminal': Enum_Permissions_Server.Terminal,
'Logs': Enum_Permissions_Server.Logs,
'Schedule': Enum_Permissions_Server.Schedule,
'Backup': Enum_Permissions_Server.Backup,
'Files': Enum_Permissions_Server.Files,
'Config': Enum_Permissions_Server.Config,
'Players': Enum_Permissions_Server.Players,
}
user_perms = self.controller.server_perms.get_server_permissions_foruser(exec_user_id, server_id)
File Manager: DONE
2021-01-17 17:20:28 +00:00
if page == "save_file":
Fix security issues
2021-11-30 19:37:45 +00:00
if not permissions['Files'] in user_perms:
if not exec_user['superuser']:
self.redirect("/panel/error?error=Unauthorized access to Files")
return
File Manager: DONE
2021-01-17 17:20:28 +00:00
file_contents = self.get_body_argument('file_contents', default=None, strip=True)
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
file_path = helper.get_os_understandable_path(self.get_body_argument('file_path', default=None, strip=True))
Now can edit files. Also fixed a bunch of bugs.
2021-01-15 19:59:58 +00:00
server_id = self.get_argument('id', None)
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
if not self.check_server_id(server_id, 'save_file'): return
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
else: server_id = bleach.clean(server_id)
Now can edit files. Also fixed a bunch of bugs.
2021-01-15 19:59:58 +00:00
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
if not helper.in_path(helper.get_os_understandable_path(self.controller.servers.get_server_data_by_id(server_id)['path']), file_path)\
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
or not helper.check_file_exists(os.path.abspath(file_path)):
Remove unnecessary logs, update logs to have more information, add resizing to file editor
2021-01-20 21:10:25 +00:00
logger.warning("Invalid path in save_file ajax call ({})".format(file_path))
console.warning("Invalid path in save_file ajax call ({})".format(file_path))
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
return
Now can edit files. Also fixed a bunch of bugs.
2021-01-15 19:59:58 +00:00
# Open the file in write mode and store the content in file_object
with open(file_path, 'w') as file_object:
File Manager: DONE
2021-01-17 17:20:28 +00:00
file_object.write(file_contents)
elif page == "rename_item":
Fix security issues
2021-11-30 19:37:45 +00:00
if not permissions['Files'] in user_perms:
if not exec_user['superuser']:
self.redirect("/panel/error?error=Unauthorized access to Files")
return
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
item_path = helper.get_os_understandable_path(self.get_body_argument('item_path', default=None, strip=True))
File Manager: DONE
2021-01-17 17:20:28 +00:00
new_item_name = self.get_body_argument('new_item_name', default=None, strip=True)
server_id = self.get_argument('id', None)
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
if not self.check_server_id(server_id, 'rename_item'): return
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
else: server_id = bleach.clean(server_id)
File Manager: DONE
2021-01-17 17:20:28 +00:00
if item_path is None or new_item_name is None:
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
logger.warning("Invalid path(s) in rename_item ajax call")
console.warning("Invalid path(s) in rename_item ajax call")
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
return
File Manager: DONE
2021-01-17 17:20:28 +00:00
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
if not helper.in_path(helper.get_os_understandable_path(self.controller.servers.get_server_data_by_id(server_id)['path']), item_path) \
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
or not helper.check_path_exists(os.path.abspath(item_path)):
logger.warning("Invalid old name path in rename_item ajax call ({})".format(server_id))
console.warning("Invalid old name path in rename_item ajax call ({})".format(server_id))
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
return
File Manager: DONE
2021-01-17 17:20:28 +00:00
new_item_path = os.path.join(os.path.split(item_path)[0], new_item_name)
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
if not helper.in_path(helper.get_os_understandable_path(self.controller.servers.get_server_data_by_id(server_id)['path']), new_item_path) \
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
or helper.check_path_exists(os.path.abspath(new_item_path)):
logger.warning("Invalid new name path in rename_item ajax call ({})".format(server_id))
console.warning("Invalid new name path in rename_item ajax call ({})".format(server_id))
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
return
File Manager: DONE
2021-01-17 17:20:28 +00:00
# RENAME
os.rename(item_path, new_item_path)
Adding Helpers for Path Correcting a MVC update missing function
2021-11-21 10:52:29 +00:00
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
def check_server_id(self, server_id, page_name):
if server_id is None:
logger.warning("Server ID not defined in {} ajax call ({})".format(page_name, server_id))
console.warning("Server ID not defined in {} ajax call ({})".format(page_name, server_id))
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
return
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
else:
server_id = bleach.clean(server_id)
# does this server id exist?
Rework architecture for better MVC
2021-09-08 22:01:10 +00:00
if not self.controller.servers.server_id_exists(server_id):
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
logger.warning("Server ID not found in {} ajax call ({})".format(page_name, server_id))
console.warning("Server ID not found in {} ajax call ({})".format(page_name, server_id))
Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler
2021-07-30 16:20:01 +00:00
return
One monster truck commit for add translation API, add fi_FI and en_EN translations, add C and .properties file support, check if file is binary before sending and clean up ajax handler
2021-03-26 13:57:50 +00:00
return True
Reference in New Issue Copy Permalink