Merge branch 'pretzel-branch' into 'dev'

Fix error with scheduled tasks by system See merge request crafty-controller/crafty-commander!120
2024-08-30 18:23:09 +00:00 · 2021-12-21 04:07:01 +00:00 · 2021-12-21 04:07:01 +00:00 · 3b1b45b34a
commit 3b1b45b34a
parent 5a03d4eb7c 71d3e03875
6 changed files with 43 additions and 12 deletions
--- a/app/classes/models/users.py
+++ b/app/classes/models/users.py
@ -70,7 +70,7 @@ class helper_users:

    @staticmethod
    def get_all_users():
-        query = Users.select()
+        query = Users.select().where(Users.username != "system")
        return query

    @staticmethod
@ -79,8 +79,6 @@ class helper_users:

    @staticmethod
    def get_user_id_by_name(username):
-        if username == "SYSTEM":
-            return 0
        try:
            return (Users.get(Users.username == username)).user_id
        except DoesNotExist:
@ -108,14 +106,14 @@ class helper_users:
        if user_id == 0:
            return {
                'user_id': 0,
-                'created': None,
-                'last_login': None,
-                'last_update': None,
+                'created': '10/24/2019, 11:34:00',
+                'last_login': '10/24/2019, 11:34:00',
+                'last_update': '10/24/2019, 11:34:00',
                'last_ip': "127.27.23.89",
                'username': "SYSTEM",
                'password': None,
                'enabled': True,
-                'superuser': False,
+                'superuser': True,
                'api_token': None,
                'roles': [],
                'servers': [],
@ -130,6 +128,13 @@ class helper_users:
            #logger.debug("user: ({}) {}".format(user_id, {}))
            return {}

+    def check_system_user(user_id):
+        try:
+            Users.get(Users.user_id == user_id).user_id == user_id
+            return True
+        except:
+            return False
+
    @staticmethod
    def add_user(username, password=None, api_token=None, enabled=True, superuser=False):
        if password is not None:
--- a/app/classes/shared/main_controller.py
+++ b/app/classes/shared/main_controller.py
@ -3,6 +3,7 @@ import pathlib
 import time
 import logging
 import sys
+from app.classes.models.users import helper_users
 from peewee import DoesNotExist
 import schedule
 import yaml
@ -120,6 +121,17 @@ class Controller:
        server_obj = self.get_server_obj(server_id)
        server_obj.reload_server_settings()

+    @staticmethod
+    def check_system_user():
+        if helper_users.get_user_id_by_name("system") is not None:
+            return True
+        else:
+            return False
+
+    @staticmethod
+    def add_system_user():
+        helper_users.add_user("system", helper.random_string_generator(64), helper_users.new_api_token(), False, False)
+
    def get_server_settings(self, server_id):
        for s in self.servers_list:
            if int(s['server_id']) == int(server_id):
@ -319,8 +331,11 @@ class Controller:
                    path_list = test.split('/')
                    root_path = path_list[0]
                    if len(path_list) > 1:
-                        for i in range(len(path_list)-2):
-                            root_path = os.path.join(root_path, path_list[i+1])
+                        for i in range(len(path_list)-1):
+                            try:
+                                root_path = os.path.join(root_path, path_list[i+1])
+                            except:
+                                root_path = root_path

                    full_root_path = os.path.join(tempDir, root_path)

--- a/app/classes/shared/tasks.py
+++ b/app/classes/shared/tasks.py
@ -73,8 +73,9 @@ class TasksManager:
                logger.info("Loading schedule ID#{i}: '{a}' every {n} {t} at {s}".format(
                    i=j.schedule_id, a=j.action, n=j.interval, t=j.interval_type, s=j.start_time))
                try:
+                    print(self.controller.users.get_id_by_name('system'))
                    getattr(schedule.every(j.interval), j.interval_type).at(j.start_time).do(
-                        self.controller.management.send_command, 0, j.server_id, "127.27.23.89", j.action)
+                        self.controller.management.send_command, self.controller.users.get_id_by_name('system'), j.server_id, "127.27.23.89", j.action)
                except schedule.ScheduleValueError as e:
                    logger.critical("Scheduler value error occurred: {} on ID#{}".format(e, j.schedule_id))
            else:
--- a/app/classes/web/panel_handler.py
+++ b/app/classes/web/panel_handler.py
@ -818,6 +818,8 @@ class PanelHandler(BaseHandler):
            self.redirect("/panel/server_detail?id={}&subpage=backup".format(server_id))

        elif page == "edit_user":
+            if bleach.clean(self.get_argument('username', None)) == 'system':
+                self.redirect("/panel/error?error=Unauthorized access: system user is not editable")
            user_id = bleach.clean(self.get_argument('id', None))
            username = bleach.clean(self.get_argument('username', None))
            password0 = bleach.clean(self.get_argument('password0', None))
@ -914,6 +916,8 @@ class PanelHandler(BaseHandler):


        elif page == "add_user":
+            if bleach.clean(self.get_argument('username', None)):
+                self.redirect("/panel/error?error=Unauthorized access: username system is reserved for the Crafty system. Please choose a different username.")
            username = bleach.clean(self.get_argument('username', None))
            password0 = bleach.clean(self.get_argument('password0', None))
            password1 = bleach.clean(self.get_argument('password1', None))
--- a/app/frontend/templates/panel/server_files.html
+++ b/app/frontend/templates/panel/server_files.html
@ -139,7 +139,7 @@
                      <i class="far fa-folder-open"></i>
                      {{ translate('serverFiles', 'files', data['lang']) }}
                    </div>
-                    <ul class="tree-nested" id="files-tree">
+                    <ul class="tree-nested d-block" id="files-tree">
                      <li>{{ translate('serverFiles', 'error', data['lang']) }}</li>

                    </ul>
@ -647,7 +647,7 @@
      document.getElementById("fileList").innerHTML = list;
  }, false);
 });
-    }
+  }
    function getTreeView() {
      $.ajax({
        type: "GET",
@ -898,6 +898,8 @@
      target.classList.add('btn-primary');
    }

+    window.onload = getTreeView();
+
 </script>

 {% end %}
--- a/main.py
+++ b/main.py
@ -6,6 +6,7 @@ import time
 import argparse
 import logging.config
 import signal
+from app.classes.controllers.management_controller import Management_Controller

 """ Our custom classes / pip packages """
 from app.classes.shared.console import console
@ -146,6 +147,9 @@ if __name__ == '__main__':
        console.warning("We have detected Crafty's port, {} may not be open on the host network or a firewall is blocking it. Remote client connections to Crafty may be limited.".format(helper.get_setting('https_port')))
        console.help("If you are not forwarding ports from your public IP or your router does not support hairpin NAT you can safely disregard the previous message.")

+    if not controller.check_system_user():
+        controller.add_system_user()
+
    Crafty = MainPrompt(tasks_manager, migration_manager)

    def sigterm_handler(signum, current_stack_frame):