Mirrored_Repos/crafty-4
1
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2024-08-30 18:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

only allow basic users rights to edit some fields

Browse Source
This commit is contained in:
amcmanu3 2023-03-03 17:16:20 -05:00
parent a373943ae6
commit 317ed3e667
1 changed files with 63 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
app/classes/web/routes/api/servers/server/index.py
View File

@ -1,5 +1,6 @@
import logging
import json
import shlex
from jsonschema import validate
from jsonschema.exceptions import ValidationError
from playhouse.shortcuts import model_to_dict
@ -13,11 +14,11 @@ server_patch_schema = {
"type": "object",
"properties": {
"server_name": {"type": "string", "minLength": 1},
"path": {"type": "string", "minLength": 1},
"backup_path": {"type": "string"},
"executable": {"type": "string"},
"log_path": {"type": "string", "minLength": 1},
"execution_command": {"type": "string", "minLength": 1},
"java_selection": {"type": "string"},
"auto_start": {"type": "boolean"},
"auto_start_delay": {"type": "integer"},
"crash_detection": {"type": "boolean"},
@ -25,8 +26,27 @@ server_patch_schema = {
"executable_update_url": {"type": "string", "minLength": 1},
"server_ip": {"type": "string", "minLength": 1},
"server_port": {"type": "integer"},
"shutdown_timeout": {"type": "integer"},
"logs_delete_after": {"type": "integer"},
"type": {"type": "string", "minLength": 1},
"ignored_exits": {"type": "string"},
"show_status": {"type": "boolean"},
},
"additionalProperties": False,
"minProperties": 1,
}
basic_server_patch_schema = {
"type": "object",
"properties": {
"server_name": {"type": "string", "minLength": 1},
"executable": {"type": "string"},
"java_selection": {"type": "string"},
"auto_start": {"type": "boolean"},
"auto_start_delay": {"type": "integer"},
"crash_detection": {"type": "boolean"},
"stop_command": {"type": "string"},
"shutdown_timeout": {"type": "integer"},
"logs_delete_after": {"type": "integer"},
"ignored_exits": {"type": "string"},
},
"additionalProperties": False,
"minProperties": 1,
@ -63,8 +83,12 @@ class ApiServersServerIndexHandler(BaseApiHandler):
)
try:
validate(data, server_patch_schema)
if auth_data[4]["superuser"]:
validate(data, server_patch_schema)
else:
validate(data, basic_server_patch_schema)
except ValidationError as e:
print(e)
return self.finish_json(
400,
{
@ -88,9 +112,45 @@ class ApiServersServerIndexHandler(BaseApiHandler):
return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"})
server_obj = self.controller.servers.get_server_obj(server_id)
java_flag = False
for key in data:
# If we don't validate the input there could be security issues
if key == "java_selection" and data[key] != "none":
java_flag = True
try:
if self.helper.is_os_windows():
execution_list = shlex.split(
server_obj.execution_command, posix=False
)
else:
execution_list = shlex.split(
server_obj.execution_command, posix=True
)
except ValueError:
return self.finish_json(
200, {"status": "error", "error": "INVALID EXECUTION COMMAND"}
)
if (
not any(
data[key] in path for path in self.helper.find_java_installs()
)
and data[key] != "java"
):
return
if data[key] != "java":
if self.helper.is_os_windows():
execution_list[0] = '"' + data[key] + '/bin/java"'
else:
execution_list[0] = '"' + data[key] + '"'
else:
execution_list[0] = "java"
execution_command = ""
for item in execution_list:
execution_command += item + " "
setattr(server_obj, "execution_command", execution_command)
if key != "path":
if key == "execution_command" and java_flag:
continue
setattr(server_obj, key, data[key])
self.controller.servers.update_server(server_obj)