2021-09-29 21:46:54 +00:00
|
|
|
from app.classes.shared.translation import Translation
|
2020-08-13 14:38:36 +00:00
|
|
|
import json
|
|
|
|
|
import logging
|
|
|
|
|
import tornado.web
|
|
|
|
|
import tornado.escape
|
|
|
|
|
import bleach
|
2020-12-14 21:52:46 +00:00
|
|
|
import time
|
|
|
|
|
import datetime
|
2021-03-22 04:02:18 +00:00
|
|
|
import os
|
2020-08-13 14:38:36 +00:00
|
|
|
|
2021-08-08 20:43:04 +00:00
|
|
|
from tornado import iostream
|
2021-12-17 02:07:36 +00:00
|
|
|
from tornado.ioloop import IOLoop
|
2020-08-13 14:38:36 +00:00
|
|
|
from app.classes.shared.console import console
|
2021-09-08 22:01:10 +00:00
|
|
|
from app.classes.shared.main_models import Users, installer
|
|
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
from app.classes.web.base_handler import BaseHandler
|
2021-09-08 22:01:10 +00:00
|
|
|
|
|
|
|
|
from app.classes.models.servers import Servers
|
2022-01-10 04:34:11 +00:00
|
|
|
from app.classes.models.server_permissions import Enum_Permissions_Server, Permissions_Servers
|
|
|
|
|
from app.classes.models.crafty_permissions import Enum_Permissions_Crafty, Permissions_Crafty
|
2021-11-30 20:46:30 +00:00
|
|
|
from app.classes.models.management import management_helper
|
2021-09-08 22:01:10 +00:00
|
|
|
|
2020-08-28 18:38:42 +00:00
|
|
|
from app.classes.shared.helpers import helper
|
2020-08-19 01:04:43 +00:00
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
2020-08-17 02:47:53 +00:00
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
class PanelHandler(BaseHandler):
|
|
|
|
|
|
2021-12-17 02:07:36 +00:00
|
|
|
# Server fetching, spawned asynchronously
|
|
|
|
|
# TODO: Make the related front-end elements update with AJAX
|
|
|
|
|
def fetch_server_data(self, page_data):
|
|
|
|
|
total_players = 0
|
|
|
|
|
for server in page_data['servers']:
|
|
|
|
|
total_players += len(self.controller.stats.get_server_players(server['server_data']['server_id']))
|
|
|
|
|
page_data['num_players'] = total_players
|
|
|
|
|
|
|
|
|
|
for s in page_data['servers']:
|
|
|
|
|
try:
|
|
|
|
|
data = json.loads(s['int_ping_results'])
|
|
|
|
|
s['int_ping_results'] = data
|
|
|
|
|
except Exception as e:
|
|
|
|
|
logger.error("Failed server data for page with error: {} ".format(e))
|
|
|
|
|
|
|
|
|
|
return page_data
|
|
|
|
|
|
|
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
@tornado.web.authenticated
|
2021-12-17 02:07:36 +00:00
|
|
|
async def get(self, page):
|
2020-09-01 17:29:39 +00:00
|
|
|
error = bleach.clean(self.get_argument('error', "WTF Error!"))
|
2020-08-13 14:38:36 +00:00
|
|
|
|
|
|
|
|
template = "panel/denied.html"
|
|
|
|
|
|
2020-12-14 21:52:46 +00:00
|
|
|
now = time.time()
|
|
|
|
|
formatted_time = str(datetime.datetime.fromtimestamp(now).strftime('%Y-%m-%d %H:%M:%S'))
|
|
|
|
|
|
2021-04-03 17:36:01 +00:00
|
|
|
exec_user_data = json.loads(self.get_secure_cookie("user_data"))
|
|
|
|
|
exec_user_id = exec_user_data['user_id']
|
2021-09-08 22:01:10 +00:00
|
|
|
exec_user = self.controller.users.get_user_by_id(exec_user_id)
|
2021-09-28 16:41:54 +00:00
|
|
|
|
2021-04-03 17:36:01 +00:00
|
|
|
exec_user_role = set()
|
|
|
|
|
if exec_user['superuser'] == 1:
|
2021-03-22 04:44:22 +00:00
|
|
|
defined_servers = self.controller.list_defined_servers()
|
2021-04-03 17:36:01 +00:00
|
|
|
exec_user_role.add("Super User")
|
2021-09-06 17:27:01 +00:00
|
|
|
exec_user_crafty_permissions = self.controller.crafty_perms.list_defined_crafty_permissions()
|
2021-03-09 22:17:50 +00:00
|
|
|
else:
|
2021-09-06 17:27:01 +00:00
|
|
|
exec_user_crafty_permissions = self.controller.crafty_perms.get_crafty_permissions_list(exec_user_id)
|
2021-04-03 17:36:01 +00:00
|
|
|
logger.debug(exec_user['roles'])
|
|
|
|
|
for r in exec_user['roles']:
|
2021-09-08 22:01:10 +00:00
|
|
|
role = self.controller.roles.get_role(r)
|
2021-04-03 17:36:01 +00:00
|
|
|
exec_user_role.add(role['role_name'])
|
2021-09-08 22:01:10 +00:00
|
|
|
defined_servers = self.controller.servers.get_authorized_servers(exec_user_id)
|
2020-08-19 01:04:43 +00:00
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
page_data = {
|
2020-09-23 01:43:22 +00:00
|
|
|
# todo: make this actually pull and compare version data
|
2020-09-23 01:42:41 +00:00
|
|
|
'update_available': False,
|
2022-01-10 19:58:38 +00:00
|
|
|
'serverTZ': time.tzname,
|
2020-09-01 17:29:39 +00:00
|
|
|
'version_data': helper.get_version_string(),
|
2021-04-03 17:36:01 +00:00
|
|
|
'user_data': exec_user_data,
|
|
|
|
|
'user_role' : exec_user_role,
|
2021-08-24 21:07:00 +00:00
|
|
|
'user_crafty_permissions' : exec_user_crafty_permissions,
|
|
|
|
|
'crafty_permissions': {
|
|
|
|
|
'Server_Creation': Enum_Permissions_Crafty.Server_Creation,
|
|
|
|
|
'User_Config': Enum_Permissions_Crafty.User_Config,
|
|
|
|
|
'Roles_Config': Enum_Permissions_Crafty.Roles_Config,
|
|
|
|
|
},
|
2020-08-19 01:04:43 +00:00
|
|
|
'server_stats': {
|
2020-08-24 17:08:17 +00:00
|
|
|
'total': len(defined_servers),
|
2021-03-22 04:02:18 +00:00
|
|
|
'running': len(self.controller.list_running_servers()),
|
|
|
|
|
'stopped': (len(self.controller.list_defined_servers()) - len(self.controller.list_running_servers()))
|
2020-08-19 01:04:43 +00:00
|
|
|
},
|
2021-08-06 17:47:06 +00:00
|
|
|
'menu_servers': defined_servers,
|
2021-09-08 22:01:10 +00:00
|
|
|
'hosts_data': self.controller.management.get_latest_hosts_stats(),
|
2020-09-01 17:29:39 +00:00
|
|
|
'show_contribute': helper.get_setting("show_contribute_link", True),
|
2020-12-14 21:52:46 +00:00
|
|
|
'error': error,
|
|
|
|
|
'time': formatted_time
|
2020-08-13 14:38:36 +00:00
|
|
|
}
|
2021-09-29 22:05:07 +00:00
|
|
|
page_data['lang'] = self.controller.users.get_user_lang_by_id(exec_user_id)
|
2021-09-14 02:02:57 +00:00
|
|
|
page_data['super_user'] = exec_user['superuser']
|
2020-08-13 14:38:36 +00:00
|
|
|
|
|
|
|
|
if page == 'unauthorized':
|
|
|
|
|
template = "panel/denied.html"
|
|
|
|
|
|
2020-09-01 17:29:39 +00:00
|
|
|
elif page == "error":
|
|
|
|
|
template = "public/error.html"
|
|
|
|
|
|
2020-08-28 03:21:55 +00:00
|
|
|
elif page == 'credits':
|
2021-03-13 17:07:04 +00:00
|
|
|
with open(helper.credits_cache) as republic_credits_will_do:
|
|
|
|
|
credits = json.load(republic_credits_will_do)
|
2021-11-18 21:08:19 +00:00
|
|
|
timestamp = credits["lastUpdate"] / 1000.0
|
2021-11-18 20:01:30 +00:00
|
|
|
page_data["patrons"] = credits["patrons"]
|
2021-03-13 17:07:04 +00:00
|
|
|
page_data["staff"] = credits["staff"]
|
|
|
|
|
page_data["translations"] = credits["translations"]
|
2021-11-18 21:08:19 +00:00
|
|
|
page_data["lastUpdate"] = str(datetime.datetime.fromtimestamp(timestamp).strftime('%Y-%m-%d %H:%M:%S'))
|
2020-08-28 03:21:55 +00:00
|
|
|
template = "panel/credits.html"
|
|
|
|
|
|
2020-08-28 18:38:42 +00:00
|
|
|
elif page == 'contribute':
|
|
|
|
|
template = "panel/contribute.html"
|
|
|
|
|
|
2020-09-14 18:05:17 +00:00
|
|
|
elif page == "remove_server":
|
|
|
|
|
server_id = self.get_argument('id', None)
|
2021-04-03 17:36:01 +00:00
|
|
|
|
|
|
|
|
if not exec_user['superuser']:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access: not superuser")
|
|
|
|
|
return
|
|
|
|
|
elif server_id is None:
|
|
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
|
|
|
|
return
|
|
|
|
|
|
2021-03-22 04:44:22 +00:00
|
|
|
server_data = self.controller.get_server_data(server_id)
|
2020-09-14 18:05:17 +00:00
|
|
|
server_name = server_data['server_name']
|
|
|
|
|
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.management.add_to_audit_log(exec_user_data['user_id'],
|
2020-09-14 18:05:17 +00:00
|
|
|
"Deleted server {} named {}".format(server_id, server_name),
|
|
|
|
|
server_id,
|
|
|
|
|
self.get_remote_ip())
|
|
|
|
|
|
2021-03-22 04:02:18 +00:00
|
|
|
self.controller.remove_server(server_id)
|
2020-09-14 18:05:17 +00:00
|
|
|
self.redirect("/panel/dashboard")
|
|
|
|
|
return
|
|
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
elif page == 'dashboard':
|
2021-04-03 17:36:01 +00:00
|
|
|
if exec_user['superuser'] == 1:
|
2021-11-29 21:22:46 +00:00
|
|
|
try:
|
|
|
|
|
page_data['servers'] = self.controller.servers.get_all_servers_stats()
|
|
|
|
|
except IndexError:
|
|
|
|
|
self.controller.stats.record_stats()
|
|
|
|
|
page_data['servers'] = self.controller.servers.get_all_servers_stats()
|
|
|
|
|
|
2021-09-20 22:30:17 +00:00
|
|
|
for data in page_data['servers']:
|
2021-09-25 15:56:12 +00:00
|
|
|
try:
|
2021-09-25 20:58:01 +00:00
|
|
|
data['stats']['waiting_start'] = self.controller.servers.get_waiting_start(int(data['stats']['server_id']['server_id']))
|
2021-09-25 15:56:12 +00:00
|
|
|
except:
|
|
|
|
|
data['stats']['waiting_start'] = False
|
2021-03-09 22:17:50 +00:00
|
|
|
else:
|
2021-11-29 21:22:46 +00:00
|
|
|
try:
|
|
|
|
|
user_auth = self.controller.servers.get_authorized_servers_stats(exec_user_id)
|
|
|
|
|
except IndexError:
|
|
|
|
|
self.controller.stats.record_stats()
|
|
|
|
|
user_auth = self.controller.servers.get_authorized_servers_stats(exec_user_id)
|
2021-08-06 04:34:57 +00:00
|
|
|
logger.debug("ASFR: {}".format(user_auth))
|
|
|
|
|
page_data['servers'] = user_auth
|
2021-10-18 21:11:43 +00:00
|
|
|
page_data['server_stats']['running'] = 0
|
|
|
|
|
page_data['server_stats']['stopped'] = 0
|
2021-09-25 15:56:12 +00:00
|
|
|
for data in page_data['servers']:
|
2021-10-18 21:11:43 +00:00
|
|
|
if data['stats']['running']:
|
|
|
|
|
page_data['server_stats']['running'] += 1
|
|
|
|
|
else:
|
|
|
|
|
page_data['server_stats']['stopped'] += 1
|
2021-09-25 15:56:12 +00:00
|
|
|
try:
|
2021-10-18 21:11:43 +00:00
|
|
|
page_data['stats']['waiting_start'] = self.controller.servers.get_waiting_start(int(data['stats']['server_id']['server_id']))
|
2021-09-25 15:56:12 +00:00
|
|
|
except:
|
|
|
|
|
data['stats']['waiting_start'] = False
|
2021-09-28 16:41:54 +00:00
|
|
|
|
2021-12-17 02:07:36 +00:00
|
|
|
page_data['num_players'] = 0
|
2021-09-28 16:41:54 +00:00
|
|
|
|
2021-12-17 02:07:36 +00:00
|
|
|
IOLoop.current().add_callback(self.fetch_server_data, page_data)
|
2020-08-28 03:21:55 +00:00
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
template = "panel/dashboard.html"
|
|
|
|
|
|
2020-08-31 17:46:25 +00:00
|
|
|
elif page == 'server_detail':
|
2020-09-01 17:29:39 +00:00
|
|
|
server_id = self.get_argument('id', None)
|
|
|
|
|
subpage = bleach.clean(self.get_argument('subpage', ""))
|
|
|
|
|
|
|
|
|
|
if server_id is None:
|
|
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-09-01 17:29:39 +00:00
|
|
|
else:
|
|
|
|
|
# does this server id exist?
|
2021-09-08 22:01:10 +00:00
|
|
|
if not self.controller.servers.server_id_exists(server_id):
|
2020-09-01 17:29:39 +00:00
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-09-01 17:29:39 +00:00
|
|
|
|
2021-04-03 17:36:01 +00:00
|
|
|
if exec_user['superuser'] != 1:
|
2021-09-08 22:01:10 +00:00
|
|
|
if not self.controller.servers.server_id_authorized(server_id, exec_user_id):
|
|
|
|
|
if not self.controller.servers.server_id_authorized(int(server_id), exec_user_id):
|
2021-08-06 04:34:57 +00:00
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
|
|
|
|
return False
|
2021-03-09 22:17:50 +00:00
|
|
|
|
2021-11-30 20:46:30 +00:00
|
|
|
valid_subpages = ['term', 'logs', 'backup', 'config', 'files', 'admin_controls', 'tasks']
|
2020-09-01 17:29:39 +00:00
|
|
|
|
|
|
|
|
if subpage not in valid_subpages:
|
2021-01-19 13:56:00 +00:00
|
|
|
logger.debug('not a valid subpage')
|
2020-09-01 17:29:39 +00:00
|
|
|
subpage = 'term'
|
2021-01-19 13:56:00 +00:00
|
|
|
logger.debug('Subpage: "{}"'.format(subpage))
|
2020-09-01 17:29:39 +00:00
|
|
|
|
2021-03-22 04:02:18 +00:00
|
|
|
server = self.controller.get_server_obj(server_id)
|
2020-09-01 17:29:39 +00:00
|
|
|
# server_data isn't needed since the server_stats also pulls server data
|
2021-09-08 22:01:10 +00:00
|
|
|
page_data['server_data'] = self.controller.servers.get_server_data_by_id(server_id)
|
|
|
|
|
page_data['server_stats'] = self.controller.servers.get_server_stats_by_id(server_id)
|
2021-09-25 15:56:12 +00:00
|
|
|
try:
|
2021-09-25 20:58:01 +00:00
|
|
|
page_data['waiting_start'] = self.controller.servers.get_waiting_start(server_id)
|
2021-09-25 15:56:12 +00:00
|
|
|
except:
|
|
|
|
|
page_data['waiting_start'] = False
|
2021-03-22 04:02:18 +00:00
|
|
|
page_data['get_players'] = lambda: self.controller.stats.get_server_players(server_id)
|
2021-08-21 08:44:03 +00:00
|
|
|
page_data['active_link'] = subpage
|
|
|
|
|
page_data['permissions'] = {
|
2021-08-22 09:57:02 +00:00
|
|
|
'Commands': Enum_Permissions_Server.Commands,
|
|
|
|
|
'Terminal': Enum_Permissions_Server.Terminal,
|
|
|
|
|
'Logs': Enum_Permissions_Server.Logs,
|
|
|
|
|
'Schedule': Enum_Permissions_Server.Schedule,
|
|
|
|
|
'Backup': Enum_Permissions_Server.Backup,
|
|
|
|
|
'Files': Enum_Permissions_Server.Files,
|
|
|
|
|
'Config': Enum_Permissions_Server.Config,
|
|
|
|
|
'Players': Enum_Permissions_Server.Players,
|
2021-08-21 08:44:03 +00:00
|
|
|
}
|
2021-09-08 22:01:10 +00:00
|
|
|
page_data['user_permissions'] = self.controller.server_perms.get_server_permissions_foruser(exec_user_id, server_id)
|
2021-11-30 17:29:53 +00:00
|
|
|
|
|
|
|
|
if subpage == 'term':
|
|
|
|
|
if not page_data['permissions']['Terminal'] in page_data['user_permissions']:
|
|
|
|
|
if not exec_user['superuser']:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access to Terminal")
|
2021-11-30 19:37:45 +00:00
|
|
|
return
|
2021-11-30 17:29:53 +00:00
|
|
|
|
|
|
|
|
if subpage == 'logs':
|
|
|
|
|
if not page_data['permissions']['Logs'] in page_data['user_permissions']:
|
|
|
|
|
if not exec_user['superuser']:
|
2021-11-30 19:37:45 +00:00
|
|
|
self.redirect("/panel/error?error=Unauthorized access to Logs")
|
|
|
|
|
return
|
2021-11-30 17:29:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
if subpage == 'tasks':
|
|
|
|
|
if not page_data['permissions']['Schedule'] in page_data['user_permissions']:
|
|
|
|
|
if not exec_user['superuser']:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access To Scheduled Tasks")
|
2021-11-30 19:37:45 +00:00
|
|
|
return
|
2021-11-30 20:46:30 +00:00
|
|
|
page_data['schedules'] = management_helper.get_schedules_by_server(server_id)
|
2021-11-30 17:29:53 +00:00
|
|
|
|
|
|
|
|
if subpage == 'config':
|
|
|
|
|
if not page_data['permissions']['Config'] in page_data['user_permissions']:
|
|
|
|
|
if not exec_user['superuser']:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access Server Config")
|
2021-11-30 19:37:45 +00:00
|
|
|
return
|
2021-11-30 17:29:53 +00:00
|
|
|
|
|
|
|
|
if subpage == 'files':
|
|
|
|
|
if not page_data['permissions']['Files'] in page_data['user_permissions']:
|
|
|
|
|
if not exec_user['superuser']:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access Files")
|
2021-11-30 19:37:45 +00:00
|
|
|
return
|
2021-11-30 17:29:53 +00:00
|
|
|
|
2021-08-21 08:44:03 +00:00
|
|
|
|
2021-03-22 04:02:18 +00:00
|
|
|
if subpage == "backup":
|
2021-11-30 17:29:53 +00:00
|
|
|
if not page_data['permissions']['Backup'] in page_data['user_permissions']:
|
|
|
|
|
if not exec_user['superuser']:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access to Backups")
|
2021-11-30 19:37:45 +00:00
|
|
|
return
|
2021-11-20 03:17:24 +00:00
|
|
|
server_info = self.controller.servers.get_server_data_by_id(server_id)
|
2021-09-08 22:01:10 +00:00
|
|
|
page_data['backup_config'] = self.controller.management.get_backup_config(server_id)
|
2021-11-29 21:22:46 +00:00
|
|
|
self.controller.refresh_server_settings(server_id)
|
|
|
|
|
try:
|
|
|
|
|
page_data['backup_list'] = server.list_backups()
|
|
|
|
|
except:
|
|
|
|
|
page_data['backup_list'] = []
|
2021-11-21 10:52:29 +00:00
|
|
|
page_data['backup_path'] = helper.wtol_path(server_info["backup_path"])
|
2021-03-05 08:58:38 +00:00
|
|
|
|
|
|
|
|
def get_banned_players_html():
|
2021-09-08 22:01:10 +00:00
|
|
|
banned_players = self.controller.servers.get_banned_players(server_id)
|
2021-03-05 08:58:38 +00:00
|
|
|
if banned_players is None:
|
|
|
|
|
return """
|
|
|
|
|
<li class="playerItem banned">
|
|
|
|
|
<h3>Error while reading banned-players.json</h3>
|
|
|
|
|
</li>
|
|
|
|
|
"""
|
|
|
|
|
html = ""
|
|
|
|
|
for player in banned_players:
|
|
|
|
|
html += """
|
|
|
|
|
<li class="playerItem banned">
|
|
|
|
|
<h3>{}</h3>
|
|
|
|
|
<span>Banned by {} for reason: {}</span>
|
|
|
|
|
<button onclick="send_command_to_server('pardon {}')" type="button" class="btn btn-danger">Unban</button>
|
|
|
|
|
</li>
|
|
|
|
|
""".format(player['name'], player['source'], player['reason'], player['name'])
|
2021-09-28 16:41:54 +00:00
|
|
|
|
2021-03-05 08:58:38 +00:00
|
|
|
return html
|
|
|
|
|
if subpage == "admin_controls":
|
2021-11-30 17:29:53 +00:00
|
|
|
if not page_data['permissions']['Players'] in page_data['user_permissions']:
|
|
|
|
|
if not exec_user['superuser']:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access")
|
2021-03-05 08:58:38 +00:00
|
|
|
page_data['banned_players'] = get_banned_players_html()
|
2020-08-31 17:46:25 +00:00
|
|
|
|
2020-09-01 17:29:39 +00:00
|
|
|
# template = "panel/server_details.html"
|
|
|
|
|
template = "panel/server_{subpage}.html".format(subpage=subpage)
|
2020-08-31 17:46:25 +00:00
|
|
|
|
2021-03-22 04:02:18 +00:00
|
|
|
elif page == 'download_backup':
|
|
|
|
|
server_id = self.get_argument('id', None)
|
|
|
|
|
file = self.get_argument('file', "")
|
|
|
|
|
|
|
|
|
|
if server_id is None:
|
|
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
|
|
|
|
return
|
|
|
|
|
else:
|
|
|
|
|
# does this server id exist?
|
2021-09-08 22:01:10 +00:00
|
|
|
if not self.controller.servers.server_id_exists(server_id):
|
2021-03-22 04:02:18 +00:00
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
|
|
|
|
return
|
|
|
|
|
|
2021-04-03 17:36:01 +00:00
|
|
|
if exec_user['superuser'] != 1:
|
2021-09-08 22:01:10 +00:00
|
|
|
#if not self.controller.servers.server_id_authorized(server_id, exec_user_id):
|
|
|
|
|
if not self.controller.servers.server_id_authorized(int(server_id), exec_user_id):
|
2021-03-22 04:44:22 +00:00
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
2021-07-30 16:20:01 +00:00
|
|
|
return
|
2021-03-22 04:02:18 +00:00
|
|
|
|
2021-09-08 22:01:10 +00:00
|
|
|
server_info = self.controller.servers.get_server_data_by_id(server_id)
|
2021-11-21 10:52:29 +00:00
|
|
|
backup_file = os.path.abspath(os.path.join(helper.get_os_understandable_path(server_info["backup_path"]), file))
|
|
|
|
|
if not helper.in_path(helper.get_os_understandable_path(server_info["backup_path"]), backup_file) \
|
2021-03-22 04:02:18 +00:00
|
|
|
or not os.path.isfile(backup_file):
|
|
|
|
|
self.redirect("/panel/error?error=Invalid path detected")
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
self.set_header('Content-Type', 'application/octet-stream')
|
|
|
|
|
self.set_header('Content-Disposition', 'attachment; filename=' + file)
|
|
|
|
|
chunk_size = 1024 * 1024 * 4 # 4 MiB
|
|
|
|
|
|
|
|
|
|
with open(backup_file, 'rb') as f:
|
|
|
|
|
while True:
|
|
|
|
|
chunk = f.read(chunk_size)
|
|
|
|
|
if not chunk:
|
|
|
|
|
break
|
|
|
|
|
try:
|
|
|
|
|
self.write(chunk) # write the chunk to response
|
|
|
|
|
self.flush() # send the chunk to client
|
|
|
|
|
except iostream.StreamClosedError:
|
|
|
|
|
# this means the client has closed the connection
|
|
|
|
|
# so break the loop
|
|
|
|
|
break
|
|
|
|
|
finally:
|
2021-09-28 16:41:54 +00:00
|
|
|
# deleting the chunk is very important because
|
|
|
|
|
# if many clients are downloading files at the
|
|
|
|
|
# same time, the chunks in memory will keep
|
2021-03-22 04:02:18 +00:00
|
|
|
# increasing and will eat up the RAM
|
|
|
|
|
del chunk
|
|
|
|
|
self.redirect("/panel/server_detail?id={}&subpage=backup".format(server_id))
|
|
|
|
|
|
|
|
|
|
elif page == 'backup_now':
|
|
|
|
|
server_id = self.get_argument('id', None)
|
|
|
|
|
|
|
|
|
|
if server_id is None:
|
|
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
|
|
|
|
return
|
|
|
|
|
else:
|
|
|
|
|
# does this server id exist?
|
2021-09-08 22:01:10 +00:00
|
|
|
if not self.controller.servers.server_id_exists(server_id):
|
2021-03-22 04:02:18 +00:00
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
|
|
|
|
return
|
|
|
|
|
|
2021-04-03 17:36:01 +00:00
|
|
|
if exec_user['superuser'] != 1:
|
2021-09-08 22:01:10 +00:00
|
|
|
#if not self.controller.servers.server_id_authorized(server_id, exec_user_id):
|
|
|
|
|
if not self.controller.servers.server_id_authorized(int(server_id), exec_user_id):
|
2021-03-22 04:44:22 +00:00
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
2021-07-30 16:20:01 +00:00
|
|
|
return
|
2021-03-22 04:02:18 +00:00
|
|
|
|
|
|
|
|
server = self.controller.get_server_obj(server_id).backup_server()
|
|
|
|
|
self.redirect("/panel/server_detail?id={}&subpage=backup".format(server_id))
|
|
|
|
|
|
2020-12-06 20:42:49 +00:00
|
|
|
elif page == 'panel_config':
|
2021-08-08 20:43:04 +00:00
|
|
|
auth_servers = {}
|
|
|
|
|
auth_role_servers = {}
|
2021-08-09 21:11:45 +00:00
|
|
|
users_list = []
|
|
|
|
|
role_users = {}
|
2021-09-08 22:01:10 +00:00
|
|
|
roles = self.controller.roles.get_all_roles()
|
2021-08-08 20:43:04 +00:00
|
|
|
user_roles = {}
|
2021-09-08 22:01:10 +00:00
|
|
|
for user in self.controller.users.get_all_users():
|
|
|
|
|
user_roles_list = self.controller.users.get_user_roles_names(user.user_id)
|
|
|
|
|
user_servers = self.controller.servers.get_authorized_servers(user.user_id)
|
2021-08-08 20:43:04 +00:00
|
|
|
servers = []
|
|
|
|
|
for server in user_servers:
|
2021-11-17 18:08:41 +00:00
|
|
|
if server['server_name'] not in servers:
|
|
|
|
|
servers.append(server['server_name'])
|
2021-08-08 20:43:04 +00:00
|
|
|
new_item = {user.user_id: servers}
|
|
|
|
|
auth_servers.update(new_item)
|
|
|
|
|
data = {user.user_id: user_roles_list}
|
|
|
|
|
user_roles.update(data)
|
|
|
|
|
for role in roles:
|
2021-08-09 04:24:08 +00:00
|
|
|
role_servers = []
|
2021-09-08 22:01:10 +00:00
|
|
|
role = self.controller.roles.get_role_with_servers(role.role_id)
|
2021-08-08 20:43:04 +00:00
|
|
|
for serv_id in role['servers']:
|
2021-09-08 22:01:10 +00:00
|
|
|
role_servers.append(self.controller.servers.get_server_data_by_id(serv_id)['server_name'])
|
2021-08-08 20:43:04 +00:00
|
|
|
data = {role['role_id']: role_servers}
|
|
|
|
|
auth_role_servers.update(data)
|
|
|
|
|
|
2021-08-09 21:11:45 +00:00
|
|
|
|
2021-08-08 20:43:04 +00:00
|
|
|
page_data['auth-servers'] = auth_servers
|
|
|
|
|
page_data['role-servers'] = auth_role_servers
|
|
|
|
|
page_data['user-roles'] = user_roles
|
|
|
|
|
|
2022-01-09 23:04:54 +00:00
|
|
|
page_data['users'] = self.controller.users.user_query(exec_user['user_id'])
|
|
|
|
|
page_data['roles'] = self.controller.users.user_role_query(exec_user['user_id'])
|
|
|
|
|
|
2021-08-08 20:43:04 +00:00
|
|
|
|
2020-12-26 03:00:28 +00:00
|
|
|
for user in page_data['users']:
|
|
|
|
|
if user.user_id != exec_user['user_id']:
|
|
|
|
|
user.api_token = "********"
|
2022-01-09 23:04:54 +00:00
|
|
|
if exec_user['superuser']:
|
|
|
|
|
for user in self.controller.users.get_all_users():
|
|
|
|
|
if user.superuser == 1:
|
|
|
|
|
super_auth_servers = []
|
|
|
|
|
super_auth_servers.append("Super User Access To All Servers")
|
|
|
|
|
page_data['users'] = self.controller.users.get_all_users()
|
|
|
|
|
page_data['roles'] = self.controller.roles.get_all_roles()
|
|
|
|
|
page_data['auth-servers'][user.user_id] = super_auth_servers
|
|
|
|
|
|
2020-12-06 20:42:49 +00:00
|
|
|
template = "panel/panel_config.html"
|
2020-08-31 17:46:25 +00:00
|
|
|
|
2020-12-24 22:55:15 +00:00
|
|
|
elif page == "add_user":
|
|
|
|
|
page_data['new_user'] = True
|
|
|
|
|
page_data['user'] = {}
|
|
|
|
|
page_data['user']['username'] = ""
|
|
|
|
|
page_data['user']['user_id'] = -1
|
2022-01-08 23:03:45 +00:00
|
|
|
page_data['user']['email'] = ""
|
2020-12-24 22:55:15 +00:00
|
|
|
page_data['user']['enabled'] = True
|
|
|
|
|
page_data['user']['superuser'] = False
|
2020-12-26 03:00:28 +00:00
|
|
|
page_data['user']['api_token'] = "N/A"
|
|
|
|
|
page_data['user']['created'] = "N/A"
|
|
|
|
|
page_data['user']['last_login'] = "N/A"
|
|
|
|
|
page_data['user']['last_ip'] = "N/A"
|
2021-03-09 22:17:50 +00:00
|
|
|
page_data['user']['last_update'] = "N/A"
|
2020-12-26 03:00:28 +00:00
|
|
|
page_data['user']['roles'] = set()
|
2020-12-27 16:00:26 +00:00
|
|
|
|
2021-08-24 21:07:00 +00:00
|
|
|
if Enum_Permissions_Crafty.User_Config not in exec_user_crafty_permissions:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access: not a user editor")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-27 16:00:26 +00:00
|
|
|
|
2021-09-08 22:01:10 +00:00
|
|
|
page_data['roles_all'] = self.controller.roles.get_all_roles()
|
2021-04-03 17:36:01 +00:00
|
|
|
page_data['servers'] = []
|
2021-03-22 04:02:18 +00:00
|
|
|
page_data['servers_all'] = self.controller.list_defined_servers()
|
2021-08-09 05:44:16 +00:00
|
|
|
page_data['role-servers'] = []
|
2021-09-08 22:01:10 +00:00
|
|
|
page_data['permissions_all'] = self.controller.crafty_perms.list_defined_crafty_permissions()
|
2021-08-24 21:07:00 +00:00
|
|
|
page_data['permissions_list'] = set()
|
2021-09-08 22:01:10 +00:00
|
|
|
page_data['quantity_server'] = self.controller.crafty_perms.list_all_crafty_permissions_quantity_limits()
|
2021-09-29 21:46:54 +00:00
|
|
|
page_data['languages'] = []
|
2021-09-29 23:32:21 +00:00
|
|
|
page_data['languages'].append(self.controller.users.get_user_lang_by_id(exec_user_id))
|
2022-01-10 04:16:11 +00:00
|
|
|
if exec_user['superuser']:
|
|
|
|
|
page_data['super-disabled'] = ''
|
|
|
|
|
else:
|
|
|
|
|
page_data['super-disabled'] = 'disabled'
|
2021-09-29 21:46:54 +00:00
|
|
|
for file in os.listdir(os.path.join(helper.root_dir, 'app', 'translations')):
|
|
|
|
|
if file.endswith('.json'):
|
2021-09-29 23:32:21 +00:00
|
|
|
if file != str(page_data['languages'][0] + '.json'):
|
|
|
|
|
page_data['languages'].append(file.split('.')[0])
|
2021-08-24 21:07:00 +00:00
|
|
|
|
2020-12-24 22:55:15 +00:00
|
|
|
template = "panel/panel_edit_user.html"
|
|
|
|
|
|
|
|
|
|
elif page == "edit_user":
|
2020-12-27 16:00:26 +00:00
|
|
|
user_id = self.get_argument('id', None)
|
2021-09-08 22:01:10 +00:00
|
|
|
role_servers = self.controller.servers.get_authorized_servers(user_id)
|
2021-08-08 22:26:28 +00:00
|
|
|
page_role_servers = []
|
2021-08-06 04:34:57 +00:00
|
|
|
servers = set()
|
2021-08-08 22:26:28 +00:00
|
|
|
for server in role_servers:
|
|
|
|
|
page_role_servers.append(server['server_id'])
|
2021-08-06 04:34:57 +00:00
|
|
|
page_data['new_user'] = False
|
2021-09-08 22:01:10 +00:00
|
|
|
page_data['user'] = self.controller.users.get_user_by_id(user_id)
|
2021-08-06 04:34:57 +00:00
|
|
|
page_data['servers'] = servers
|
2021-08-08 22:26:28 +00:00
|
|
|
page_data['role-servers'] = page_role_servers
|
2021-09-08 22:01:10 +00:00
|
|
|
page_data['roles_all'] = self.controller.roles.get_all_roles()
|
2021-03-22 04:02:18 +00:00
|
|
|
page_data['servers_all'] = self.controller.list_defined_servers()
|
2021-09-08 22:01:10 +00:00
|
|
|
page_data['permissions_all'] = self.controller.crafty_perms.list_defined_crafty_permissions()
|
2021-09-06 17:27:01 +00:00
|
|
|
page_data['permissions_list'] = self.controller.crafty_perms.get_crafty_permissions_list(user_id)
|
2021-09-08 22:01:10 +00:00
|
|
|
page_data['quantity_server'] = self.controller.crafty_perms.list_crafty_permissions_quantity_limits(user_id)
|
2021-09-29 21:46:54 +00:00
|
|
|
page_data['languages'] = []
|
2021-09-29 23:50:51 +00:00
|
|
|
page_data['languages'].append(self.controller.users.get_user_lang_by_id(user_id))
|
2022-01-09 23:04:54 +00:00
|
|
|
#checks if super user. If not we disable the button.
|
|
|
|
|
if exec_user['superuser'] and str(exec_user['user_id']) != str(user_id):
|
|
|
|
|
page_data['super-disabled'] = ''
|
|
|
|
|
else:
|
|
|
|
|
page_data['super-disabled'] = 'disabled'
|
|
|
|
|
|
2021-12-21 20:39:33 +00:00
|
|
|
for file in sorted(os.listdir(os.path.join(helper.root_dir, 'app', 'translations'))):
|
2021-09-29 21:46:54 +00:00
|
|
|
if file.endswith('.json'):
|
2021-09-29 23:32:21 +00:00
|
|
|
if file != str(page_data['languages'][0] + '.json'):
|
|
|
|
|
page_data['languages'].append(file.split('.')[0])
|
2020-12-26 03:00:28 +00:00
|
|
|
|
2021-08-09 21:11:45 +00:00
|
|
|
if user_id is None:
|
|
|
|
|
self.redirect("/panel/error?error=Invalid User ID")
|
|
|
|
|
return
|
2021-08-24 21:07:00 +00:00
|
|
|
elif Enum_Permissions_Crafty.User_Config not in exec_user_crafty_permissions:
|
2021-09-29 23:50:51 +00:00
|
|
|
if str(user_id) != str(exec_user_id):
|
2021-08-24 21:07:00 +00:00
|
|
|
self.redirect("/panel/error?error=Unauthorized access: not a user editor")
|
|
|
|
|
return
|
|
|
|
|
|
2021-08-09 05:29:13 +00:00
|
|
|
page_data['servers'] = []
|
|
|
|
|
page_data['role-servers'] = []
|
|
|
|
|
page_data['roles_all'] = []
|
|
|
|
|
page_data['servers_all'] = []
|
2020-12-27 16:00:26 +00:00
|
|
|
|
2020-12-26 03:00:28 +00:00
|
|
|
if exec_user['user_id'] != page_data['user']['user_id']:
|
|
|
|
|
page_data['user']['api_token'] = "********"
|
2022-01-08 23:03:45 +00:00
|
|
|
|
|
|
|
|
if exec_user['email'] == 'default@example.com':
|
|
|
|
|
page_data['user']['email'] = ""
|
2020-12-24 22:55:15 +00:00
|
|
|
template = "panel/panel_edit_user.html"
|
|
|
|
|
|
|
|
|
|
elif page == "remove_user":
|
|
|
|
|
user_id = bleach.clean(self.get_argument('id', None))
|
2022-01-10 04:34:11 +00:00
|
|
|
|
|
|
|
|
if not exec_user['superuser'] and Enum_Permissions_Crafty.User_Config not in exec_user_crafty_permissions:
|
2020-12-24 22:55:15 +00:00
|
|
|
self.redirect("/panel/error?error=Unauthorized access: not superuser")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2022-01-10 04:34:11 +00:00
|
|
|
|
|
|
|
|
elif str(exec_user_id) == str(user_id):
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access: you cannot delete yourself")
|
|
|
|
|
return
|
2020-12-24 22:55:15 +00:00
|
|
|
elif user_id is None:
|
|
|
|
|
self.redirect("/panel/error?error=Invalid User ID")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-24 22:55:15 +00:00
|
|
|
else:
|
|
|
|
|
# does this user id exist?
|
2021-09-08 22:01:10 +00:00
|
|
|
target_user = self.controller.users.get_user_by_id(user_id)
|
2020-12-24 22:55:15 +00:00
|
|
|
if not target_user:
|
|
|
|
|
self.redirect("/panel/error?error=Invalid User ID")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-24 22:55:15 +00:00
|
|
|
elif target_user['superuser']:
|
|
|
|
|
self.redirect("/panel/error?error=Cannot remove a superuser")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-24 22:55:15 +00:00
|
|
|
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.users.remove_user(user_id)
|
2020-12-24 22:55:15 +00:00
|
|
|
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.management.add_to_audit_log(exec_user['user_id'],
|
2020-12-24 22:55:15 +00:00
|
|
|
"Removed user {} (UID:{})".format(target_user['username'], user_id),
|
|
|
|
|
server_id=0,
|
|
|
|
|
source_ip=self.get_remote_ip())
|
|
|
|
|
self.redirect("/panel/panel_config")
|
|
|
|
|
|
2020-12-27 16:00:26 +00:00
|
|
|
elif page == "add_role":
|
2021-08-09 21:18:02 +00:00
|
|
|
user_roles = {}
|
2021-09-08 22:01:10 +00:00
|
|
|
for user in self.controller.users.get_all_users():
|
|
|
|
|
user_roles_list = self.controller.users.get_user_roles_names(user.user_id)
|
|
|
|
|
user_servers = self.controller.servers.get_authorized_servers(user.user_id)
|
2021-08-09 21:18:02 +00:00
|
|
|
data = {user.user_id: user_roles_list}
|
|
|
|
|
user_roles.update(data)
|
2020-12-27 16:00:26 +00:00
|
|
|
page_data['new_role'] = True
|
|
|
|
|
page_data['role'] = {}
|
|
|
|
|
page_data['role']['role_name'] = ""
|
|
|
|
|
page_data['role']['role_id'] = -1
|
|
|
|
|
page_data['role']['created'] = "N/A"
|
|
|
|
|
page_data['role']['last_update'] = "N/A"
|
|
|
|
|
page_data['role']['servers'] = set()
|
2021-08-09 21:18:02 +00:00
|
|
|
page_data['user-roles'] = user_roles
|
2021-09-08 22:01:10 +00:00
|
|
|
page_data['users'] = self.controller.users.get_all_users()
|
2020-12-27 16:00:26 +00:00
|
|
|
|
2021-08-24 21:07:00 +00:00
|
|
|
if Enum_Permissions_Crafty.Roles_Config not in exec_user_crafty_permissions:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access: not a role editor")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-27 16:00:26 +00:00
|
|
|
|
2021-03-22 04:02:18 +00:00
|
|
|
page_data['servers_all'] = self.controller.list_defined_servers()
|
2021-09-08 22:01:10 +00:00
|
|
|
page_data['permissions_all'] = self.controller.server_perms.list_defined_permissions()
|
2021-08-19 22:18:50 +00:00
|
|
|
page_data['permissions_list'] = set()
|
2020-12-27 16:00:26 +00:00
|
|
|
template = "panel/panel_edit_role.html"
|
|
|
|
|
|
|
|
|
|
elif page == "edit_role":
|
2021-08-09 21:11:45 +00:00
|
|
|
auth_servers = {}
|
|
|
|
|
|
|
|
|
|
user_roles = {}
|
2021-09-08 22:01:10 +00:00
|
|
|
for user in self.controller.users.get_all_users():
|
|
|
|
|
user_roles_list = self.controller.users.get_user_roles_names(user.user_id)
|
|
|
|
|
user_servers = self.controller.servers.get_authorized_servers(user.user_id)
|
2021-08-09 21:11:45 +00:00
|
|
|
data = {user.user_id: user_roles_list}
|
|
|
|
|
user_roles.update(data)
|
2020-12-27 16:00:26 +00:00
|
|
|
page_data['new_role'] = False
|
|
|
|
|
role_id = self.get_argument('id', None)
|
2021-09-08 22:01:10 +00:00
|
|
|
page_data['role'] = self.controller.roles.get_role_with_servers(role_id)
|
2021-03-22 04:02:18 +00:00
|
|
|
page_data['servers_all'] = self.controller.list_defined_servers()
|
2021-09-08 22:01:10 +00:00
|
|
|
page_data['permissions_all'] = self.controller.server_perms.list_defined_permissions()
|
|
|
|
|
page_data['permissions_list'] = self.controller.server_perms.get_role_permissions(role_id)
|
2021-08-09 21:11:45 +00:00
|
|
|
page_data['user-roles'] = user_roles
|
2021-09-08 22:01:10 +00:00
|
|
|
page_data['users'] = self.controller.users.get_all_users()
|
2020-12-27 16:00:26 +00:00
|
|
|
|
2021-08-24 21:07:00 +00:00
|
|
|
if Enum_Permissions_Crafty.Roles_Config not in exec_user_crafty_permissions:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access: not a role editor")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-27 16:00:26 +00:00
|
|
|
elif role_id is None:
|
|
|
|
|
self.redirect("/panel/error?error=Invalid Role ID")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-27 16:00:26 +00:00
|
|
|
|
|
|
|
|
template = "panel/panel_edit_role.html"
|
|
|
|
|
|
|
|
|
|
elif page == "remove_role":
|
|
|
|
|
role_id = bleach.clean(self.get_argument('id', None))
|
|
|
|
|
|
|
|
|
|
if not exec_user['superuser']:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access: not superuser")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-27 16:00:26 +00:00
|
|
|
elif role_id is None:
|
|
|
|
|
self.redirect("/panel/error?error=Invalid Role ID")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-27 16:00:26 +00:00
|
|
|
else:
|
|
|
|
|
# does this user id exist?
|
2021-09-08 22:01:10 +00:00
|
|
|
target_role = self.controller.roles.get_role(role_id)
|
2020-12-27 16:00:26 +00:00
|
|
|
if not target_role:
|
|
|
|
|
self.redirect("/panel/error?error=Invalid Role ID")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-27 16:00:26 +00:00
|
|
|
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.roles.remove_role(role_id)
|
2020-12-27 16:00:26 +00:00
|
|
|
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.management.add_to_audit_log(exec_user['user_id'],
|
2020-12-27 16:00:26 +00:00
|
|
|
"Removed role {} (RID:{})".format(target_role['role_name'], role_id),
|
|
|
|
|
server_id=0,
|
|
|
|
|
source_ip=self.get_remote_ip())
|
|
|
|
|
self.redirect("/panel/panel_config")
|
|
|
|
|
|
2020-12-13 18:40:55 +00:00
|
|
|
elif page == "activity_logs":
|
2021-09-08 22:01:10 +00:00
|
|
|
page_data['audit_logs'] = self.controller.management.get_actity_log()
|
2020-12-13 18:40:55 +00:00
|
|
|
|
|
|
|
|
template = "panel/activity_logs.html"
|
|
|
|
|
|
2021-08-25 01:33:29 +00:00
|
|
|
elif page == 'download_file':
|
|
|
|
|
server_id = self.get_argument('id', None)
|
2021-11-21 10:52:29 +00:00
|
|
|
file = helper.get_os_understandable_path(self.get_argument('path', ""))
|
2021-08-25 01:33:29 +00:00
|
|
|
name = self.get_argument('name', "")
|
|
|
|
|
|
|
|
|
|
if server_id is None:
|
|
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
|
|
|
|
return
|
|
|
|
|
else:
|
|
|
|
|
# does this server id exist?
|
2021-09-08 22:01:10 +00:00
|
|
|
if not self.controller.servers.server_id_exists(server_id):
|
2021-08-25 01:33:29 +00:00
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
if exec_user['superuser'] != 1:
|
2021-09-08 22:01:10 +00:00
|
|
|
if not self.controller.servers.server_id_authorized(int(server_id), exec_user_id):
|
2021-08-25 01:33:29 +00:00
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
|
|
|
|
return
|
|
|
|
|
|
2021-09-08 22:01:10 +00:00
|
|
|
server_info = self.controller.servers.get_server_data_by_id(server_id)
|
2021-08-25 01:33:29 +00:00
|
|
|
|
2021-11-21 10:52:29 +00:00
|
|
|
if not helper.in_path(helper.get_os_understandable_path(server_info["path"]), file) \
|
2021-08-25 01:33:29 +00:00
|
|
|
or not os.path.isfile(file):
|
|
|
|
|
self.redirect("/panel/error?error=Invalid path detected")
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
self.set_header('Content-Type', 'application/octet-stream')
|
|
|
|
|
self.set_header('Content-Disposition', 'attachment; filename=' + name)
|
|
|
|
|
chunk_size = 1024 * 1024 * 4 # 4 MiB
|
|
|
|
|
|
|
|
|
|
with open(file, 'rb') as f:
|
|
|
|
|
while True:
|
|
|
|
|
chunk = f.read(chunk_size)
|
|
|
|
|
if not chunk:
|
|
|
|
|
break
|
|
|
|
|
try:
|
|
|
|
|
self.write(chunk) # write the chunk to response
|
|
|
|
|
self.flush() # send the chunk to client
|
|
|
|
|
except iostream.StreamClosedError:
|
|
|
|
|
# this means the client has closed the connection
|
|
|
|
|
# so break the loop
|
|
|
|
|
break
|
|
|
|
|
finally:
|
2021-09-28 16:41:54 +00:00
|
|
|
# deleting the chunk is very important because
|
|
|
|
|
# if many clients are downloading files at the
|
|
|
|
|
# same time, the chunks in memory will keep
|
2021-08-25 01:33:29 +00:00
|
|
|
# increasing and will eat up the RAM
|
|
|
|
|
del chunk
|
|
|
|
|
self.redirect("/panel/server_detail?id={}&subpage=files".format(server_id))
|
|
|
|
|
|
|
|
|
|
|
2020-08-13 14:38:36 +00:00
|
|
|
self.render(
|
|
|
|
|
template,
|
2020-12-15 23:17:41 +00:00
|
|
|
data=page_data,
|
|
|
|
|
time=time,
|
|
|
|
|
utc_offset=(time.timezone * -1 / 60 / 60),
|
2021-03-26 13:57:50 +00:00
|
|
|
translate=self.translator.translate,
|
2020-08-24 17:08:17 +00:00
|
|
|
)
|
2020-09-04 16:35:06 +00:00
|
|
|
|
|
|
|
|
@tornado.web.authenticated
|
|
|
|
|
def post(self, page):
|
2021-04-03 17:36:01 +00:00
|
|
|
exec_user_data = json.loads(self.get_secure_cookie("user_data"))
|
|
|
|
|
exec_user_id = exec_user_data['user_id']
|
2021-09-08 22:01:10 +00:00
|
|
|
exec_user = self.controller.users.get_user_by_id(exec_user_id)
|
2021-11-30 19:37:45 +00:00
|
|
|
server_id = self.get_argument('id', None)
|
|
|
|
|
permissions = {
|
|
|
|
|
'Commands': Enum_Permissions_Server.Commands,
|
|
|
|
|
'Terminal': Enum_Permissions_Server.Terminal,
|
|
|
|
|
'Logs': Enum_Permissions_Server.Logs,
|
|
|
|
|
'Schedule': Enum_Permissions_Server.Schedule,
|
|
|
|
|
'Backup': Enum_Permissions_Server.Backup,
|
|
|
|
|
'Files': Enum_Permissions_Server.Files,
|
|
|
|
|
'Config': Enum_Permissions_Server.Config,
|
|
|
|
|
'Players': Enum_Permissions_Server.Players,
|
|
|
|
|
}
|
|
|
|
|
user_perms = self.controller.server_perms.get_server_permissions_foruser(exec_user_id, server_id)
|
2021-04-03 17:36:01 +00:00
|
|
|
exec_user_role = set()
|
|
|
|
|
if exec_user['superuser'] == 1:
|
|
|
|
|
defined_servers = self.controller.list_defined_servers()
|
|
|
|
|
exec_user_role.add("Super User")
|
2021-09-08 22:01:10 +00:00
|
|
|
exec_user_crafty_permissions = self.controller.crafty_perms.list_defined_crafty_permissions()
|
2021-04-03 17:36:01 +00:00
|
|
|
else:
|
2021-09-06 17:27:01 +00:00
|
|
|
exec_user_crafty_permissions = self.controller.crafty_perms.get_crafty_permissions_list(exec_user_id)
|
2021-09-08 22:01:10 +00:00
|
|
|
defined_servers = self.controller.servers.get_authorized_servers(exec_user_id)
|
2021-04-03 17:36:01 +00:00
|
|
|
for r in exec_user['roles']:
|
2021-09-08 22:01:10 +00:00
|
|
|
role = self.controller.roles.get_role(r)
|
2021-04-03 17:36:01 +00:00
|
|
|
exec_user_role.add(role['role_name'])
|
2020-09-04 16:35:06 +00:00
|
|
|
|
|
|
|
|
if page == 'server_detail':
|
2021-11-30 19:37:45 +00:00
|
|
|
if not permissions['Config'] in user_perms:
|
|
|
|
|
if not exec_user['superuser']:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access to Config")
|
|
|
|
|
return
|
2020-09-04 16:35:06 +00:00
|
|
|
server_id = self.get_argument('id', None)
|
|
|
|
|
server_name = self.get_argument('server_name', None)
|
2021-11-30 19:37:45 +00:00
|
|
|
server_obj = self.controller.servers.get_server_obj(server_id)
|
|
|
|
|
if exec_user['superuser']:
|
|
|
|
|
server_path = self.get_argument('server_path', None)
|
|
|
|
|
log_path = self.get_argument('log_path', None)
|
|
|
|
|
executable = self.get_argument('executable', None)
|
|
|
|
|
execution_command = self.get_argument('execution_command', None)
|
|
|
|
|
server_ip = self.get_argument('server_ip', None)
|
|
|
|
|
server_port = self.get_argument('server_port', None)
|
|
|
|
|
executable_update_url = self.get_argument('executable_update_url', None)
|
|
|
|
|
else:
|
|
|
|
|
execution_command = server_obj.execution_command
|
|
|
|
|
executable = server_obj.executable
|
2020-09-04 16:35:06 +00:00
|
|
|
stop_command = self.get_argument('stop_command', None)
|
2020-09-04 18:05:42 +00:00
|
|
|
auto_start_delay = self.get_argument('auto_start_delay', '10')
|
|
|
|
|
auto_start = int(float(self.get_argument('auto_start', '0')))
|
|
|
|
|
crash_detection = int(float(self.get_argument('crash_detection', '0')))
|
2021-01-20 15:20:42 +00:00
|
|
|
logs_delete_after = int(float(self.get_argument('logs_delete_after', '0')))
|
2020-09-04 16:35:06 +00:00
|
|
|
subpage = self.get_argument('subpage', None)
|
|
|
|
|
|
2021-03-06 20:48:02 +00:00
|
|
|
if not exec_user['superuser']:
|
2021-09-08 22:01:10 +00:00
|
|
|
if not self.controller.servers.server_id_authorized(server_id, exec_user_id):
|
2021-08-22 10:14:31 +00:00
|
|
|
self.redirect("/panel/error?error=Unauthorized access: invalid server id")
|
|
|
|
|
return
|
2020-12-24 22:55:15 +00:00
|
|
|
elif server_id is None:
|
2020-09-04 16:35:06 +00:00
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-09-04 16:35:06 +00:00
|
|
|
else:
|
|
|
|
|
# does this server id exist?
|
2021-09-08 22:01:10 +00:00
|
|
|
if not self.controller.servers.server_id_exists(server_id):
|
2020-09-04 16:35:06 +00:00
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-09-04 16:35:06 +00:00
|
|
|
|
2021-11-21 10:52:29 +00:00
|
|
|
server_obj = self.controller.servers.get_server_obj(server_id)
|
2021-11-27 19:29:28 +00:00
|
|
|
server_settings = self.controller.get_server_data(server_id)
|
|
|
|
|
stale_executable = server_obj.executable
|
2021-11-28 00:28:53 +00:00
|
|
|
#Compares old jar name to page data being passed. If they are different we replace the executable name in the
|
2021-11-27 19:29:28 +00:00
|
|
|
if str(stale_executable) != str(executable):
|
|
|
|
|
execution_command = execution_command.replace(str(stale_executable), str(executable))
|
|
|
|
|
|
2021-11-21 10:52:29 +00:00
|
|
|
server_obj.server_name = server_name
|
2021-11-28 02:52:49 +00:00
|
|
|
if exec_user['superuser']:
|
|
|
|
|
if helper.validate_traversal(helper.get_servers_root_dir(), server_path):
|
|
|
|
|
server_obj.path = server_path
|
|
|
|
|
server_obj.log_path = log_path
|
|
|
|
|
if helper.validate_traversal(helper.get_servers_root_dir(), executable):
|
|
|
|
|
server_obj.executable = executable
|
|
|
|
|
server_obj.execution_command = execution_command
|
|
|
|
|
server_obj.server_ip = server_ip
|
|
|
|
|
server_obj.server_port = server_port
|
|
|
|
|
server_obj.executable_update_url = executable_update_url
|
2021-11-30 19:37:45 +00:00
|
|
|
else:
|
|
|
|
|
server_obj.path = server_obj.path
|
|
|
|
|
server_obj.log_path = server_obj.log_path
|
|
|
|
|
server_obj.executable = server_obj.executable
|
|
|
|
|
print(server_obj.execution_command)
|
|
|
|
|
server_obj.execution_command = server_obj.execution_command
|
|
|
|
|
server_obj.server_ip = server_obj.server_ip
|
|
|
|
|
server_obj.server_port = server_obj.server_port
|
|
|
|
|
server_obj.executable_update_url = server_obj.executable_update_url
|
|
|
|
|
server_obj.stop_command = stop_command
|
2021-11-21 10:52:29 +00:00
|
|
|
server_obj.auto_start_delay = auto_start_delay
|
|
|
|
|
server_obj.auto_start = auto_start
|
|
|
|
|
server_obj.crash_detection = crash_detection
|
|
|
|
|
server_obj.logs_delete_after = logs_delete_after
|
|
|
|
|
self.controller.servers.update_server(server_obj)
|
2020-09-04 16:35:06 +00:00
|
|
|
|
2021-03-22 04:02:18 +00:00
|
|
|
self.controller.refresh_server_settings(server_id)
|
2020-10-07 13:19:47 +00:00
|
|
|
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.management.add_to_audit_log(exec_user['user_id'],
|
2020-09-04 18:05:42 +00:00
|
|
|
"Edited server {} named {}".format(server_id, server_name),
|
|
|
|
|
server_id,
|
|
|
|
|
self.get_remote_ip())
|
|
|
|
|
|
2020-09-04 16:35:06 +00:00
|
|
|
self.redirect("/panel/server_detail?id={}&subpage=config".format(server_id))
|
2020-12-24 22:55:15 +00:00
|
|
|
|
2021-03-22 04:02:18 +00:00
|
|
|
if page == "server_backup":
|
|
|
|
|
logger.debug(self.request.arguments)
|
|
|
|
|
server_id = self.get_argument('id', None)
|
2021-11-30 19:37:45 +00:00
|
|
|
server_obj = self.controller.servers.get_server_obj(server_id)
|
|
|
|
|
if exec_user['superuser']:
|
|
|
|
|
backup_path = bleach.clean(self.get_argument('backup_path', None))
|
|
|
|
|
else:
|
|
|
|
|
backup_path = server_obj.backup_path
|
2021-03-22 04:02:18 +00:00
|
|
|
max_backups = bleach.clean(self.get_argument('max_backups', None))
|
2021-09-20 19:41:08 +00:00
|
|
|
try:
|
|
|
|
|
enabled = int(float(bleach.clean(self.get_argument('auto_enabled'), '0')))
|
|
|
|
|
except Exception as e:
|
|
|
|
|
enabled = '0'
|
2021-03-22 04:02:18 +00:00
|
|
|
|
2021-11-30 19:37:45 +00:00
|
|
|
if not permissions['Backup'] in user_perms:
|
|
|
|
|
if not exec_user['superuser']:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access: User not authorized")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
|
|
|
|
elif server_id is None:
|
|
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
|
|
|
|
return
|
|
|
|
|
else:
|
|
|
|
|
# does this server id exist?
|
2021-09-08 22:01:10 +00:00
|
|
|
if not self.controller.servers.server_id_exists(server_id):
|
2021-03-22 04:02:18 +00:00
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
|
|
|
|
return
|
|
|
|
|
|
2021-09-20 19:41:08 +00:00
|
|
|
if enabled == '0':
|
2021-11-21 10:52:29 +00:00
|
|
|
#TODO Use Controller method
|
|
|
|
|
server_obj = self.controller.servers.get_server_obj(server_id)
|
|
|
|
|
server_obj.backup_path = backup_path
|
|
|
|
|
self.controller.servers.update_server(server_obj)
|
2021-09-21 19:12:56 +00:00
|
|
|
self.controller.management.set_backup_config(server_id, max_backups=max_backups, auto_enabled=False)
|
2021-09-20 19:41:08 +00:00
|
|
|
else:
|
2021-11-21 10:52:29 +00:00
|
|
|
#TODO Use Controller method
|
|
|
|
|
server_obj = self.controller.servers.get_server_obj(server_id)
|
|
|
|
|
server_obj.backup_path = backup_path
|
|
|
|
|
self.controller.servers.update_server(server_obj)
|
2021-09-21 19:12:56 +00:00
|
|
|
self.controller.management.set_backup_config(server_id, max_backups=max_backups, auto_enabled=True)
|
2021-03-22 04:02:18 +00:00
|
|
|
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.management.add_to_audit_log(exec_user['user_id'],
|
2021-03-22 04:02:18 +00:00
|
|
|
"Edited server {}: updated backups".format(server_id),
|
|
|
|
|
server_id,
|
|
|
|
|
self.get_remote_ip())
|
|
|
|
|
self.tasks_manager.reload_schedule_from_db()
|
|
|
|
|
self.redirect("/panel/server_detail?id={}&subpage=backup".format(server_id))
|
|
|
|
|
|
2022-01-11 01:11:52 +00:00
|
|
|
|
|
|
|
|
if page == "tasks":
|
2022-01-11 05:26:33 +00:00
|
|
|
server_id = bleach.clean(self.get_argument('id', None))
|
|
|
|
|
difficulty = bleach.clean(self.get_argument('difficulty', None))
|
2022-01-11 01:11:52 +00:00
|
|
|
server_obj = self.controller.servers.get_server_obj(server_id)
|
2022-01-11 05:26:33 +00:00
|
|
|
enabled = bleach.clean(self.get_argument('enabled', '0'))
|
2022-01-11 01:11:52 +00:00
|
|
|
if difficulty == 'basic':
|
2022-01-11 05:26:33 +00:00
|
|
|
action = bleach.clean(self.get_argument('action', None))
|
|
|
|
|
interval = bleach.clean(self.get_argument('interval', None))
|
|
|
|
|
interval_type = bleach.clean(self.get_argument('interval_type', None))
|
2022-01-11 01:11:52 +00:00
|
|
|
#only check for time if it's number of days
|
|
|
|
|
if interval_type == "days":
|
2022-01-11 05:26:33 +00:00
|
|
|
time = bleach.clean(self.get_argument('time', None))
|
2022-01-11 01:11:52 +00:00
|
|
|
if action == "command":
|
2022-01-11 05:26:33 +00:00
|
|
|
command = bleach.clean(self.get_argument('command', None))
|
2022-01-11 01:11:52 +00:00
|
|
|
elif action == "start":
|
|
|
|
|
command = "start_server"
|
|
|
|
|
elif action == "stop":
|
|
|
|
|
command = "stop_server"
|
|
|
|
|
elif action == "restart":
|
2022-01-11 05:26:33 +00:00
|
|
|
command = "restart_server"
|
|
|
|
|
elif action == "backup":
|
|
|
|
|
command = "backup_server"
|
|
|
|
|
else:
|
|
|
|
|
cron_string = bleach.clean(self.get_argument('cron', ''))
|
|
|
|
|
action = bleach.clean(self.get_argument('action', None))
|
|
|
|
|
if action == "command":
|
|
|
|
|
command = bleach.clean(self.get_argument('command', None))
|
|
|
|
|
elif action == "start":
|
|
|
|
|
command = "start_server"
|
|
|
|
|
elif action == "stop":
|
|
|
|
|
command = "stop_server"
|
|
|
|
|
elif action == "restart":
|
|
|
|
|
command = "restart_server"
|
|
|
|
|
elif action == "backup":
|
|
|
|
|
command = "backup_server"
|
2022-01-11 06:29:27 +00:00
|
|
|
if bleach.clean(self.get_argument('enabled', '1'))=='1':
|
|
|
|
|
enabled = True
|
|
|
|
|
else:
|
|
|
|
|
enabled = False
|
|
|
|
|
if bleach.clean(self.get_argument('one_time', '0')) == '1':
|
|
|
|
|
one_time = True
|
|
|
|
|
else:
|
|
|
|
|
one_time = False
|
2022-01-11 01:11:52 +00:00
|
|
|
|
|
|
|
|
if not exec_user['superuser'] and not permissions['Backup'] in user_perms:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access: User not authorized")
|
|
|
|
|
return
|
|
|
|
|
elif server_id is None:
|
|
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
|
|
|
|
return
|
|
|
|
|
else:
|
|
|
|
|
# does this server id exist?
|
|
|
|
|
if not self.controller.servers.server_id_exists(server_id):
|
|
|
|
|
self.redirect("/panel/error?error=Invalid Server ID")
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
if interval_type == "days":
|
|
|
|
|
job_data = {
|
|
|
|
|
"server_id": server_id,
|
|
|
|
|
"action": action,
|
|
|
|
|
"interval_type": interval_type,
|
|
|
|
|
"interval": interval,
|
|
|
|
|
"command": command,
|
|
|
|
|
"time": time,
|
|
|
|
|
"enabled": enabled,
|
|
|
|
|
"one_time": one_time
|
|
|
|
|
}
|
2022-01-11 05:26:33 +00:00
|
|
|
elif difficulty == "advanced":
|
|
|
|
|
job_data = {
|
|
|
|
|
"server_id": server_id,
|
|
|
|
|
"action": action,
|
|
|
|
|
"command": command,
|
|
|
|
|
"cron_string": cron_string,
|
|
|
|
|
"enabled": enabled,
|
|
|
|
|
"one_time": one_time
|
|
|
|
|
}
|
2022-01-11 01:11:52 +00:00
|
|
|
else:
|
|
|
|
|
job_data = {
|
|
|
|
|
"server_id": server_id,
|
|
|
|
|
"action": action,
|
|
|
|
|
"interval_type": interval_type,
|
|
|
|
|
"interval": interval,
|
|
|
|
|
"command": command,
|
|
|
|
|
"enabled": enabled,
|
|
|
|
|
"time": '00:00',
|
|
|
|
|
"one_time": one_time
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
self.tasks_manager.schedule_job(job_data)
|
|
|
|
|
|
|
|
|
|
self.controller.management.add_to_audit_log(exec_user['user_id'],
|
|
|
|
|
"Edited server {}: updated backups".format(server_id),
|
|
|
|
|
server_id,
|
|
|
|
|
self.get_remote_ip())
|
|
|
|
|
self.tasks_manager.reload_schedule_from_db()
|
|
|
|
|
self.redirect("/panel/server_detail?id={}&subpage=tasks".format(server_id))
|
|
|
|
|
|
|
|
|
|
|
2020-12-24 22:55:15 +00:00
|
|
|
elif page == "edit_user":
|
2021-12-21 04:04:07 +00:00
|
|
|
if bleach.clean(self.get_argument('username', None)) == 'system':
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access: system user is not editable")
|
2020-12-24 22:55:15 +00:00
|
|
|
user_id = bleach.clean(self.get_argument('id', None))
|
|
|
|
|
username = bleach.clean(self.get_argument('username', None))
|
|
|
|
|
password0 = bleach.clean(self.get_argument('password0', None))
|
|
|
|
|
password1 = bleach.clean(self.get_argument('password1', None))
|
2022-01-08 23:03:45 +00:00
|
|
|
email = bleach.clean(self.get_argument('email', "default@example.com"))
|
2021-04-04 18:22:52 +00:00
|
|
|
enabled = int(float(self.get_argument('enabled', '0')))
|
|
|
|
|
regen_api = int(float(self.get_argument('regen_api', '0')))
|
2021-09-29 23:32:21 +00:00
|
|
|
lang = bleach.clean(self.get_argument('language'), 'en_EN')
|
2022-01-09 23:04:54 +00:00
|
|
|
if exec_user['superuser']:
|
|
|
|
|
#Checks if user is trying to change super user status of self. We don't want that. Automatically make them stay super user since we know they are.
|
|
|
|
|
if str(exec_user['user_id']) != str(user_id):
|
|
|
|
|
superuser = bleach.clean(self.get_argument('superuser', '0'))
|
|
|
|
|
else:
|
|
|
|
|
superuser = '1'
|
|
|
|
|
else:
|
|
|
|
|
superuser = '0'
|
|
|
|
|
if superuser == '1':
|
|
|
|
|
superuser = True
|
|
|
|
|
else:
|
|
|
|
|
superuser = False
|
2020-12-24 22:55:15 +00:00
|
|
|
|
2021-08-24 21:07:00 +00:00
|
|
|
if Enum_Permissions_Crafty.User_Config not in exec_user_crafty_permissions:
|
2021-09-29 23:50:51 +00:00
|
|
|
if str(user_id) != str(exec_user_id):
|
2021-08-24 21:07:00 +00:00
|
|
|
self.redirect("/panel/error?error=Unauthorized access: not a user editor")
|
|
|
|
|
return
|
|
|
|
|
|
2021-08-09 05:29:13 +00:00
|
|
|
user_data = {
|
|
|
|
|
"username": username,
|
|
|
|
|
"password": password0,
|
2021-09-29 23:50:51 +00:00
|
|
|
"lang": lang,
|
2021-08-09 05:29:13 +00:00
|
|
|
}
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.users.update_user(user_id, user_data=user_data)
|
2021-08-09 05:29:13 +00:00
|
|
|
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.management.add_to_audit_log(exec_user['user_id'],
|
2021-08-09 05:29:13 +00:00
|
|
|
"Edited user {} (UID:{}) password".format(username,
|
|
|
|
|
user_id),
|
|
|
|
|
server_id=0,
|
|
|
|
|
source_ip=self.get_remote_ip())
|
|
|
|
|
self.redirect("/panel/panel_config")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-24 22:55:15 +00:00
|
|
|
elif username is None or username == "":
|
|
|
|
|
self.redirect("/panel/error?error=Invalid username")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-24 22:55:15 +00:00
|
|
|
elif user_id is None:
|
|
|
|
|
self.redirect("/panel/error?error=Invalid User ID")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-24 22:55:15 +00:00
|
|
|
else:
|
|
|
|
|
# does this user id exist?
|
2021-09-08 22:01:10 +00:00
|
|
|
if not self.controller.users.user_id_exists(user_id):
|
2020-12-24 22:55:15 +00:00
|
|
|
self.redirect("/panel/error?error=Invalid User ID")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-24 22:55:15 +00:00
|
|
|
|
|
|
|
|
if password0 != password1:
|
|
|
|
|
self.redirect("/panel/error?error=Passwords must match")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-24 22:55:15 +00:00
|
|
|
|
2020-12-26 03:00:28 +00:00
|
|
|
roles = set()
|
2021-09-08 22:01:10 +00:00
|
|
|
for role in self.controller.roles.get_all_roles():
|
2020-12-26 03:00:28 +00:00
|
|
|
argument = int(float(
|
|
|
|
|
bleach.clean(
|
2020-12-27 16:00:26 +00:00
|
|
|
self.get_argument('role_{}_membership'.format(role.role_id), '0')
|
2020-12-26 03:00:28 +00:00
|
|
|
)
|
|
|
|
|
))
|
|
|
|
|
if argument:
|
2020-12-27 16:00:26 +00:00
|
|
|
roles.add(role.role_id)
|
2020-12-26 03:00:28 +00:00
|
|
|
|
2021-08-25 18:22:43 +00:00
|
|
|
permissions_mask = "000"
|
2021-08-24 21:07:00 +00:00
|
|
|
server_quantity = {}
|
2021-09-08 22:01:10 +00:00
|
|
|
for permission in self.controller.crafty_perms.list_defined_crafty_permissions():
|
2021-08-06 04:34:57 +00:00
|
|
|
argument = int(float(
|
|
|
|
|
bleach.clean(
|
2021-08-24 21:07:00 +00:00
|
|
|
self.get_argument('permission_{}'.format(permission.name), '0')
|
2021-08-06 04:34:57 +00:00
|
|
|
)
|
|
|
|
|
))
|
|
|
|
|
if argument:
|
2021-09-08 22:01:10 +00:00
|
|
|
permissions_mask = self.controller.crafty_perms.set_permission(permissions_mask, permission, argument)
|
2021-08-24 21:07:00 +00:00
|
|
|
|
|
|
|
|
q_argument = int(float(
|
|
|
|
|
bleach.clean(
|
|
|
|
|
self.get_argument('quantity_{}'.format(permission.name), '0')
|
|
|
|
|
)
|
|
|
|
|
))
|
|
|
|
|
if q_argument:
|
|
|
|
|
server_quantity[permission.name] = q_argument
|
2021-08-24 23:19:33 +00:00
|
|
|
else:
|
|
|
|
|
server_quantity[permission.name] = 0
|
|
|
|
|
|
2022-01-08 23:03:45 +00:00
|
|
|
# if email is None or "":
|
|
|
|
|
# email = "default@example.com"
|
|
|
|
|
|
2020-12-24 22:55:15 +00:00
|
|
|
user_data = {
|
|
|
|
|
"username": username,
|
|
|
|
|
"password": password0,
|
2022-01-08 23:03:45 +00:00
|
|
|
"email": email,
|
2020-12-24 22:55:15 +00:00
|
|
|
"enabled": enabled,
|
|
|
|
|
"regen_api": regen_api,
|
2020-12-26 03:00:28 +00:00
|
|
|
"roles": roles,
|
2021-09-29 23:50:51 +00:00
|
|
|
"lang": lang,
|
2022-01-09 23:04:54 +00:00
|
|
|
"superuser": superuser,
|
2020-12-24 22:55:15 +00:00
|
|
|
}
|
2021-08-24 21:07:00 +00:00
|
|
|
user_crafty_data = {
|
|
|
|
|
"permissions_mask": permissions_mask,
|
|
|
|
|
"server_quantity": server_quantity
|
|
|
|
|
}
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.users.update_user(user_id, user_data=user_data, user_crafty_data=user_crafty_data)
|
2020-12-24 22:55:15 +00:00
|
|
|
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.management.add_to_audit_log(exec_user['user_id'],
|
2021-08-24 21:07:00 +00:00
|
|
|
"Edited user {} (UID:{}) with roles {} and permissions {}".format(username, user_id, roles, permissions_mask),
|
2020-12-24 22:55:15 +00:00
|
|
|
server_id=0,
|
|
|
|
|
source_ip=self.get_remote_ip())
|
|
|
|
|
self.redirect("/panel/panel_config")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
elif page == "add_user":
|
2021-12-21 20:39:33 +00:00
|
|
|
if bleach.clean(self.get_argument('username', None)).lower() == 'system':
|
2021-12-21 04:04:07 +00:00
|
|
|
self.redirect("/panel/error?error=Unauthorized access: username system is reserved for the Crafty system. Please choose a different username.")
|
2021-12-21 20:39:33 +00:00
|
|
|
return
|
2020-12-24 22:55:15 +00:00
|
|
|
username = bleach.clean(self.get_argument('username', None))
|
|
|
|
|
password0 = bleach.clean(self.get_argument('password0', None))
|
|
|
|
|
password1 = bleach.clean(self.get_argument('password1', None))
|
2022-01-08 23:03:45 +00:00
|
|
|
email = bleach.clean(self.get_argument('email', "default@example.com"))
|
2021-09-29 21:46:54 +00:00
|
|
|
enabled = int(float(self.get_argument('enabled', '0'))),
|
|
|
|
|
lang = bleach.clean(self.get_argument('lang', 'en_EN'))
|
2022-01-09 23:04:54 +00:00
|
|
|
if exec_user['superuser']:
|
|
|
|
|
superuser = bleach.clean(self.get_argument('superuser', '0'))
|
|
|
|
|
else:
|
|
|
|
|
superuser = '0'
|
|
|
|
|
if superuser == '1':
|
|
|
|
|
superuser = True
|
|
|
|
|
else:
|
|
|
|
|
superuser = False
|
2020-12-24 22:55:15 +00:00
|
|
|
|
2021-08-24 21:07:00 +00:00
|
|
|
if Enum_Permissions_Crafty.User_Config not in exec_user_crafty_permissions:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access: not a user editor")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-24 22:55:15 +00:00
|
|
|
elif username is None or username == "":
|
|
|
|
|
self.redirect("/panel/error?error=Invalid username")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-24 22:55:15 +00:00
|
|
|
else:
|
|
|
|
|
# does this user id exist?
|
2021-09-08 22:01:10 +00:00
|
|
|
if self.controller.users.get_id_by_name(username) is not None:
|
2020-12-24 22:55:15 +00:00
|
|
|
self.redirect("/panel/error?error=User exists")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-24 22:55:15 +00:00
|
|
|
|
|
|
|
|
if password0 != password1:
|
|
|
|
|
self.redirect("/panel/error?error=Passwords must match")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-24 22:55:15 +00:00
|
|
|
|
2020-12-26 03:00:28 +00:00
|
|
|
roles = set()
|
2021-09-08 22:01:10 +00:00
|
|
|
for role in self.controller.roles.get_all_roles():
|
2020-12-26 03:00:28 +00:00
|
|
|
argument = int(float(
|
|
|
|
|
bleach.clean(
|
2020-12-27 16:00:26 +00:00
|
|
|
self.get_argument('role_{}_membership'.format(role.role_id), '0')
|
2020-12-26 03:00:28 +00:00
|
|
|
)
|
|
|
|
|
))
|
|
|
|
|
if argument:
|
2021-04-03 18:18:43 +00:00
|
|
|
roles.add(role.role_id)
|
2021-09-28 16:41:54 +00:00
|
|
|
|
2021-08-25 18:22:43 +00:00
|
|
|
permissions_mask = "000"
|
2021-08-24 21:07:00 +00:00
|
|
|
server_quantity = {}
|
2021-09-28 16:41:54 +00:00
|
|
|
for permission in self.controller.crafty_perms.list_defined_crafty_permissions():
|
2020-12-26 03:00:28 +00:00
|
|
|
argument = int(float(
|
|
|
|
|
bleach.clean(
|
2021-08-24 21:07:00 +00:00
|
|
|
self.get_argument('permission_{}'.format(permission.name), '0')
|
2020-12-26 03:00:28 +00:00
|
|
|
)
|
|
|
|
|
))
|
|
|
|
|
if argument:
|
2021-09-08 22:01:10 +00:00
|
|
|
permissions_mask = self.controller.crafty_perms.set_permission(permissions_mask, permission, argument)
|
2021-09-28 16:41:54 +00:00
|
|
|
|
2021-08-24 21:07:00 +00:00
|
|
|
q_argument = int(float(
|
|
|
|
|
bleach.clean(
|
|
|
|
|
self.get_argument('quantity_{}'.format(permission.name), '0')
|
|
|
|
|
)
|
|
|
|
|
))
|
|
|
|
|
if q_argument:
|
|
|
|
|
server_quantity[permission.name] = q_argument
|
2021-08-24 23:25:35 +00:00
|
|
|
else:
|
|
|
|
|
server_quantity[permission.name] = 0
|
|
|
|
|
|
2022-01-10 04:16:11 +00:00
|
|
|
user_id = self.controller.users.add_user(username, password=password0, email=email, enabled=enabled, superuser=superuser)
|
2021-08-06 04:34:57 +00:00
|
|
|
user_data = {
|
|
|
|
|
"roles": roles,
|
2021-09-29 21:46:54 +00:00
|
|
|
'lang': lang
|
2021-08-06 04:34:57 +00:00
|
|
|
}
|
2021-08-24 21:07:00 +00:00
|
|
|
user_crafty_data = {
|
|
|
|
|
"permissions_mask": permissions_mask,
|
|
|
|
|
"server_quantity": server_quantity
|
|
|
|
|
}
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.users.update_user(user_id, user_data=user_data, user_crafty_data=user_crafty_data)
|
2020-12-24 22:55:15 +00:00
|
|
|
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.management.add_to_audit_log(exec_user['user_id'],
|
2020-12-24 22:55:15 +00:00
|
|
|
"Added user {} (UID:{})".format(username, user_id),
|
|
|
|
|
server_id=0,
|
|
|
|
|
source_ip=self.get_remote_ip())
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.management.add_to_audit_log(exec_user['user_id'],
|
2021-04-03 17:36:01 +00:00
|
|
|
"Edited user {} (UID:{}) with roles {}".format(username, user_id, roles),
|
2020-12-24 22:55:15 +00:00
|
|
|
server_id=0,
|
|
|
|
|
source_ip=self.get_remote_ip())
|
2020-12-27 16:00:26 +00:00
|
|
|
self.redirect("/panel/panel_config")
|
|
|
|
|
|
|
|
|
|
elif page == "edit_role":
|
|
|
|
|
role_id = bleach.clean(self.get_argument('id', None))
|
|
|
|
|
role_name = bleach.clean(self.get_argument('role_name', None))
|
|
|
|
|
|
2021-08-24 21:07:00 +00:00
|
|
|
if Enum_Permissions_Crafty.Roles_Config not in exec_user_crafty_permissions:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access: not a role editor")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-27 16:00:26 +00:00
|
|
|
elif role_name is None or role_name == "":
|
|
|
|
|
self.redirect("/panel/error?error=Invalid username")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-27 16:00:26 +00:00
|
|
|
elif role_id is None:
|
|
|
|
|
self.redirect("/panel/error?error=Invalid Role ID")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-27 16:00:26 +00:00
|
|
|
else:
|
|
|
|
|
# does this user id exist?
|
2021-09-08 22:01:10 +00:00
|
|
|
if not self.controller.roles.role_id_exists(role_id):
|
2020-12-27 16:00:26 +00:00
|
|
|
self.redirect("/panel/error?error=Invalid Role ID")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-27 16:00:26 +00:00
|
|
|
|
|
|
|
|
servers = set()
|
2021-03-22 04:02:18 +00:00
|
|
|
for server in self.controller.list_defined_servers():
|
2020-12-27 16:00:26 +00:00
|
|
|
argument = int(float(
|
|
|
|
|
bleach.clean(
|
|
|
|
|
self.get_argument('server_{}_access'.format(server['server_id']), '0')
|
|
|
|
|
)
|
|
|
|
|
))
|
|
|
|
|
if argument:
|
|
|
|
|
servers.add(server['server_id'])
|
2021-09-28 16:41:54 +00:00
|
|
|
|
2021-08-19 22:18:50 +00:00
|
|
|
permissions_mask = "00000000"
|
2021-09-08 22:01:10 +00:00
|
|
|
for permission in self.controller.server_perms.list_defined_permissions():
|
2021-08-19 22:18:50 +00:00
|
|
|
argument = int(float(
|
|
|
|
|
bleach.clean(
|
|
|
|
|
self.get_argument('permission_{}'.format(permission.name), '0')
|
|
|
|
|
)
|
|
|
|
|
))
|
|
|
|
|
if argument:
|
2021-09-08 22:01:10 +00:00
|
|
|
permissions_mask = self.controller.server_perms.set_permission(permissions_mask, permission, argument)
|
2020-12-27 16:00:26 +00:00
|
|
|
|
|
|
|
|
role_data = {
|
|
|
|
|
"role_name": role_name,
|
|
|
|
|
"servers": servers
|
|
|
|
|
}
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.roles.update_role(role_id, role_data=role_data, permissions_mask=permissions_mask)
|
2020-12-27 16:00:26 +00:00
|
|
|
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.management.add_to_audit_log(exec_user['user_id'],
|
2020-12-27 16:00:26 +00:00
|
|
|
"Edited role {} (RID:{}) with servers {}".format(role_name, role_id, servers),
|
|
|
|
|
server_id=0,
|
|
|
|
|
source_ip=self.get_remote_ip())
|
|
|
|
|
self.redirect("/panel/panel_config")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
elif page == "add_role":
|
|
|
|
|
role_name = bleach.clean(self.get_argument('role_name', None))
|
|
|
|
|
|
2021-08-24 21:07:00 +00:00
|
|
|
if Enum_Permissions_Crafty.Roles_Config not in exec_user_crafty_permissions:
|
|
|
|
|
self.redirect("/panel/error?error=Unauthorized access: not a role editor")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-27 16:00:26 +00:00
|
|
|
elif role_name is None or role_name == "":
|
|
|
|
|
self.redirect("/panel/error?error=Invalid role name")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-27 16:00:26 +00:00
|
|
|
else:
|
|
|
|
|
# does this user id exist?
|
2021-09-08 22:01:10 +00:00
|
|
|
if self.controller.roles.get_roleid_by_name(role_name) is not None:
|
2020-12-27 16:00:26 +00:00
|
|
|
self.redirect("/panel/error?error=Role exists")
|
2021-03-22 04:02:18 +00:00
|
|
|
return
|
2020-12-27 16:00:26 +00:00
|
|
|
|
|
|
|
|
servers = set()
|
2021-03-22 04:02:18 +00:00
|
|
|
for server in self.controller.list_defined_servers():
|
2020-12-27 16:00:26 +00:00
|
|
|
argument = int(float(
|
|
|
|
|
bleach.clean(
|
|
|
|
|
self.get_argument('server_{}_access'.format(server['server_id']), '0')
|
|
|
|
|
)
|
|
|
|
|
))
|
|
|
|
|
if argument:
|
|
|
|
|
servers.add(server['server_id'])
|
2021-09-28 16:41:54 +00:00
|
|
|
|
2021-08-19 22:18:50 +00:00
|
|
|
permissions_mask = "00000000"
|
2021-09-08 22:01:10 +00:00
|
|
|
for permission in self.controller.server_perms.list_defined_permissions():
|
2021-08-19 22:18:50 +00:00
|
|
|
argument = int(float(
|
|
|
|
|
bleach.clean(
|
|
|
|
|
self.get_argument('permission_{}'.format(permission.name), '0')
|
|
|
|
|
)
|
|
|
|
|
))
|
|
|
|
|
if argument:
|
2021-09-08 22:01:10 +00:00
|
|
|
permissions_mask = self.controller.server_perms.set_permission(permissions_mask, permission, argument)
|
2020-12-27 16:00:26 +00:00
|
|
|
|
2021-09-08 22:01:10 +00:00
|
|
|
role_id = self.controller.roles.add_role(role_name)
|
|
|
|
|
self.controller.roles.update_role(role_id, {"servers": servers}, permissions_mask)
|
2020-12-27 16:00:26 +00:00
|
|
|
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.management.add_to_audit_log(exec_user['user_id'],
|
2020-12-27 16:00:26 +00:00
|
|
|
"Added role {} (RID:{})".format(role_name, role_id),
|
|
|
|
|
server_id=0,
|
|
|
|
|
source_ip=self.get_remote_ip())
|
2021-09-08 22:01:10 +00:00
|
|
|
self.controller.management.add_to_audit_log(exec_user['user_id'],
|
2020-12-27 16:00:26 +00:00
|
|
|
"Edited role {} (RID:{}) with servers {}".format(role_name, role_id, servers),
|
|
|
|
|
server_id=0,
|
|
|
|
|
source_ip=self.get_remote_ip())
|
2021-03-06 20:48:02 +00:00
|
|
|
self.redirect("/panel/panel_config")
|
2021-03-22 04:02:18 +00:00
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
self.set_status(404)
|
2021-11-23 22:29:34 +00:00
|
|
|
page_data = []
|
|
|
|
|
page_data['lang'] = tornado.locale.get("en_EN")
|
2021-03-26 13:57:50 +00:00
|
|
|
self.render(
|
|
|
|
|
"public/404.html",
|
|
|
|
|
translate=self.translator.translate,
|
2021-11-23 22:29:34 +00:00
|
|
|
data=page_data
|
2021-03-26 13:57:50 +00:00
|
|
|
)
|
