Mirrored_Repos/crafty-4
1
0
Fork 0
mirror of https://gitlab.com/crafty-controller/crafty-4.git synced 2024-08-30 18:23:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make HTTP handler functions not return anything else than None to remove an error in the log. Also make users not log out when visiting a page on the public handler

Browse Source
This commit is contained in:
luukas 2021-07-30 19:20:01 +03:00
parent 3559c0a942
commit 7acf095463
6 changed files with 47 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
app/classes/web/ajax_handler.py
View File

@ -48,7 +48,7 @@ class AjaxHandler(BaseHandler):
if server_id is None: if server_id is None:
logger.warning("Server ID not found in server_log ajax call") logger.warning("Server ID not found in server_log ajax call")
self.redirect("/panel/error?error=Server ID Not Found") self.redirect("/panel/error?error=Server ID Not Found")
return False return
server_id = bleach.clean(server_id) server_id = bleach.clean(server_id)
@ -86,14 +86,14 @@ class AjaxHandler(BaseHandler):
file_path = self.get_argument('file_path', None) file_path = self.get_argument('file_path', None)
server_id = self.get_argument('id', None) server_id = self.get_argument('id', None)
if not self.check_server_id(server_id, 'get_file'): return False if not self.check_server_id(server_id, 'get_file'): return
else: server_id = bleach.clean(server_id) else: server_id = bleach.clean(server_id)
if not helper.in_path(db_helper.get_server_data_by_id(server_id)['path'], file_path)\ if not helper.in_path(db_helper.get_server_data_by_id(server_id)['path'], file_path)\
or not helper.check_file_exists(os.path.abspath(file_path)): or not helper.check_file_exists(os.path.abspath(file_path)):
logger.warning("Invalid path in get_file ajax call ({})".format(file_path)) logger.warning("Invalid path in get_file ajax call ({})".format(file_path))
console.warning("Invalid path in get_file ajax call ({})".format(file_path)) console.warning("Invalid path in get_file ajax call ({})".format(file_path))
return False return
error = None error = None
@ -114,7 +114,7 @@ class AjaxHandler(BaseHandler):
elif page == "get_tree": elif page == "get_tree":
server_id = self.get_argument('id', None) server_id = self.get_argument('id', None)
if not self.check_server_id(server_id, 'get_tree'): return False if not self.check_server_id(server_id, 'get_tree'): return
else: server_id = bleach.clean(server_id) else: server_id = bleach.clean(server_id)
self.write(db_helper.get_server_data_by_id(server_id)['path'] + '\n' + self.write(db_helper.get_server_data_by_id(server_id)['path'] + '\n' +
@ -152,14 +152,14 @@ class AjaxHandler(BaseHandler):
server_id = self.get_argument('id', None) server_id = self.get_argument('id', None)
print(server_id) print(server_id)
if not self.check_server_id(server_id, 'create_file'): return False if not self.check_server_id(server_id, 'create_file'): return
else: server_id = bleach.clean(server_id) else: server_id = bleach.clean(server_id)
if not helper.in_path(db_helper.get_server_data_by_id(server_id)['path'], file_path) \ if not helper.in_path(db_helper.get_server_data_by_id(server_id)['path'], file_path) \
or helper.check_file_exists(os.path.abspath(file_path)): or helper.check_file_exists(os.path.abspath(file_path)):
logger.warning("Invalid path in create_file ajax call ({})".format(file_path)) logger.warning("Invalid path in create_file ajax call ({})".format(file_path))
console.warning("Invalid path in create_file ajax call ({})".format(file_path)) console.warning("Invalid path in create_file ajax call ({})".format(file_path))
return False return
# Create the file by opening it # Create the file by opening it
with open(file_path, 'w') as file_object: with open(file_path, 'w') as file_object:
@ -172,14 +172,14 @@ class AjaxHandler(BaseHandler):
server_id = self.get_argument('id', None) server_id = self.get_argument('id', None)
print(server_id) print(server_id)
if not self.check_server_id(server_id, 'create_dir'): return False if not self.check_server_id(server_id, 'create_dir'): return
else: server_id = bleach.clean(server_id) else: server_id = bleach.clean(server_id)
if not helper.in_path(db_helper.get_server_data_by_id(server_id)['path'], dir_path) \ if not helper.in_path(db_helper.get_server_data_by_id(server_id)['path'], dir_path) \
or helper.check_path_exists(os.path.abspath(dir_path)): or helper.check_path_exists(os.path.abspath(dir_path)):
logger.warning("Invalid path in create_dir ajax call ({})".format(dir_path)) logger.warning("Invalid path in create_dir ajax call ({})".format(dir_path))
console.warning("Invalid path in create_dir ajax call ({})".format(dir_path)) console.warning("Invalid path in create_dir ajax call ({})".format(dir_path))
return False return
# Create the directory # Create the directory
os.mkdir(dir_path) os.mkdir(dir_path)
@ -192,7 +192,7 @@ class AjaxHandler(BaseHandler):
console.warning("delete {} for server {}".format(file_path, server_id)) console.warning("delete {} for server {}".format(file_path, server_id))
if not self.check_server_id(server_id, 'del_file'): return False if not self.check_server_id(server_id, 'del_file'): return
else: server_id = bleach.clean(server_id) else: server_id = bleach.clean(server_id)
server_info = db_helper.get_server_data_by_id(server_id) server_info = db_helper.get_server_data_by_id(server_id)
@ -201,7 +201,7 @@ class AjaxHandler(BaseHandler):
or not helper.check_file_exists(os.path.abspath(file_path)): or not helper.check_file_exists(os.path.abspath(file_path)):
logger.warning("Invalid path in del_file ajax call ({})".format(file_path)) logger.warning("Invalid path in del_file ajax call ({})".format(file_path))
console.warning("Invalid path in del_file ajax call ({})".format(file_path)) console.warning("Invalid path in del_file ajax call ({})".format(file_path))
return False return
# Delete the file # Delete the file
os.remove(file_path) os.remove(file_path)
@ -213,7 +213,7 @@ class AjaxHandler(BaseHandler):
console.warning("delete {} for server {}".format(file_path, server_id)) console.warning("delete {} for server {}".format(file_path, server_id))
if not self.check_server_id(server_id, 'del_dir'): return False if not self.check_server_id(server_id, 'del_dir'): return
else: server_id = bleach.clean(server_id) else: server_id = bleach.clean(server_id)
server_info = db_helper.get_server_data_by_id(server_id) server_info = db_helper.get_server_data_by_id(server_id)
@ -221,7 +221,7 @@ class AjaxHandler(BaseHandler):
or not helper.check_path_exists(os.path.abspath(dir_path)): or not helper.check_path_exists(os.path.abspath(dir_path)):
logger.warning("Invalid path in del_file ajax call ({})".format(dir_path)) logger.warning("Invalid path in del_file ajax call ({})".format(dir_path))
console.warning("Invalid path in del_file ajax call ({})".format(dir_path)) console.warning("Invalid path in del_file ajax call ({})".format(dir_path))
return False return
# Delete the directory # Delete the directory
# os.rmdir(dir_path) # Would only remove empty directories # os.rmdir(dir_path) # Would only remove empty directories
@ -237,14 +237,14 @@ class AjaxHandler(BaseHandler):
print(file_path) print(file_path)
print(server_id) print(server_id)
if not self.check_server_id(server_id, 'save_file'): return False if not self.check_server_id(server_id, 'save_file'): return
else: server_id = bleach.clean(server_id) else: server_id = bleach.clean(server_id)
if not helper.in_path(db_helper.get_server_data_by_id(server_id)['path'], file_path)\ if not helper.in_path(db_helper.get_server_data_by_id(server_id)['path'], file_path)\
or not helper.check_file_exists(os.path.abspath(file_path)): or not helper.check_file_exists(os.path.abspath(file_path)):
logger.warning("Invalid path in save_file ajax call ({})".format(file_path)) logger.warning("Invalid path in save_file ajax call ({})".format(file_path))
console.warning("Invalid path in save_file ajax call ({})".format(file_path)) console.warning("Invalid path in save_file ajax call ({})".format(file_path))
return False return
# Open the file in write mode and store the content in file_object # Open the file in write mode and store the content in file_object
with open(file_path, 'w') as file_object: with open(file_path, 'w') as file_object:
@ -256,19 +256,19 @@ class AjaxHandler(BaseHandler):
server_id = self.get_argument('id', None) server_id = self.get_argument('id', None)
print(server_id) print(server_id)
if not self.check_server_id(server_id, 'rename_item'): return False if not self.check_server_id(server_id, 'rename_item'): return
else: server_id = bleach.clean(server_id) else: server_id = bleach.clean(server_id)
if item_path is None or new_item_name is None: if item_path is None or new_item_name is None:
logger.warning("Invalid path(s) in rename_item ajax call") logger.warning("Invalid path(s) in rename_item ajax call")
console.warning("Invalid path(s) in rename_item ajax call") console.warning("Invalid path(s) in rename_item ajax call")
return False return
if not helper.in_path(db_helper.get_server_data_by_id(server_id)['path'], item_path) \ if not helper.in_path(db_helper.get_server_data_by_id(server_id)['path'], item_path) \
or not helper.check_path_exists(os.path.abspath(item_path)): or not helper.check_path_exists(os.path.abspath(item_path)):
logger.warning("Invalid old name path in rename_item ajax call ({})".format(server_id)) logger.warning("Invalid old name path in rename_item ajax call ({})".format(server_id))
console.warning("Invalid old name path in rename_item ajax call ({})".format(server_id)) console.warning("Invalid old name path in rename_item ajax call ({})".format(server_id))
return False return
new_item_path = os.path.join(os.path.split(item_path)[0], new_item_name) new_item_path = os.path.join(os.path.split(item_path)[0], new_item_name)
@ -276,7 +276,7 @@ class AjaxHandler(BaseHandler):
or helper.check_path_exists(os.path.abspath(new_item_path)): or helper.check_path_exists(os.path.abspath(new_item_path)):
logger.warning("Invalid new name path in rename_item ajax call ({})".format(server_id)) logger.warning("Invalid new name path in rename_item ajax call ({})".format(server_id))
console.warning("Invalid new name path in rename_item ajax call ({})".format(server_id)) console.warning("Invalid new name path in rename_item ajax call ({})".format(server_id))
return False return
# RENAME # RENAME
os.rename(item_path, new_item_path) os.rename(item_path, new_item_path)
@ -284,7 +284,7 @@ class AjaxHandler(BaseHandler):
if server_id is None: if server_id is None:
logger.warning("Server ID not defined in {} ajax call ({})".format(page_name, server_id)) logger.warning("Server ID not defined in {} ajax call ({})".format(page_name, server_id))
console.warning("Server ID not defined in {} ajax call ({})".format(page_name, server_id)) console.warning("Server ID not defined in {} ajax call ({})".format(page_name, server_id))
return False return
else: else:
server_id = bleach.clean(server_id) server_id = bleach.clean(server_id)
@ -292,5 +292,5 @@ class AjaxHandler(BaseHandler):
if not db_helper.server_id_exists(server_id): if not db_helper.server_id_exists(server_id):
logger.warning("Server ID not found in {} ajax call ({})".format(page_name, server_id)) logger.warning("Server ID not found in {} ajax call ({})".format(page_name, server_id))
console.warning("Server ID not found in {} ajax call ({})".format(page_name, server_id)) console.warning("Server ID not found in {} ajax call ({})".format(page_name, server_id))
return False return
return True return True

4
app/classes/web/api_handler.py
View File

@ -41,11 +41,11 @@ class ApiHandler(BaseHandler):
else: else:
logging.debug("Auth unsuccessful") logging.debug("Auth unsuccessful")
self.access_denied("unknown", "the user provided an invalid token") self.access_denied("unknown", "the user provided an invalid token")
return False return
except Exception as e: except Exception as e:
log.warning("An error occured while authenticating an API user: %s", e) log.warning("An error occured while authenticating an API user: %s", e)
self.access_denied("unknown"), "an error occured while authenticating the user" self.access_denied("unknown"), "an error occured while authenticating the user"
return False return
class ServersStats(ApiHandler): class ServersStats(ApiHandler):

6
app/classes/web/panel_handler.py
View File

@ -140,7 +140,7 @@ class PanelHandler(BaseHandler):
#if not db_helper.server_id_authorized(server_id, exec_user_id): #if not db_helper.server_id_authorized(server_id, exec_user_id):
if not db_helper.server_id_authorized_from_roles(int(server_id), exec_user_id): if not db_helper.server_id_authorized_from_roles(int(server_id), exec_user_id):
self.redirect("/panel/error?error=Invalid Server ID") self.redirect("/panel/error?error=Invalid Server ID")
return False return
valid_subpages = ['term', 'logs', 'backup', 'config', 'files', 'admin_controls'] valid_subpages = ['term', 'logs', 'backup', 'config', 'files', 'admin_controls']
@ -200,7 +200,7 @@ class PanelHandler(BaseHandler):
#if not db_helper.server_id_authorized(server_id, exec_user_id): #if not db_helper.server_id_authorized(server_id, exec_user_id):
if not db_helper.server_id_authorized_from_roles(int(server_id), exec_user_id): if not db_helper.server_id_authorized_from_roles(int(server_id), exec_user_id):
self.redirect("/panel/error?error=Invalid Server ID") self.redirect("/panel/error?error=Invalid Server ID")
return False return
server_info = db_helper.get_server_data_by_id(server_id) server_info = db_helper.get_server_data_by_id(server_id)
backup_file = os.path.abspath(os.path.join(server_info["backup_path"], file)) backup_file = os.path.abspath(os.path.join(server_info["backup_path"], file))
@ -249,7 +249,7 @@ class PanelHandler(BaseHandler):
#if not db_helper.server_id_authorized(server_id, exec_user_id): #if not db_helper.server_id_authorized(server_id, exec_user_id):
if not db_helper.server_id_authorized_from_roles(int(server_id), exec_user_id): if not db_helper.server_id_authorized_from_roles(int(server_id), exec_user_id):
self.redirect("/panel/error?error=Invalid Server ID") self.redirect("/panel/error?error=Invalid Server ID")
return False return
server = self.controller.get_server_obj(server_id).backup_server() server = self.controller.get_server_obj(server_id).backup_server()
self.redirect("/panel/server_detail?id={}&subpage=backup".format(server_id)) self.redirect("/panel/server_detail?id={}&subpage=backup".format(server_id))

20
app/classes/web/public_handler.py
View File

@ -37,9 +37,6 @@ class PublicHandler(BaseHandler):
def get(self, page=None): def get(self, page=None):
self.clear_cookie("user")
self.clear_cookie("user_data")
error = bleach.clean(self.get_argument('error', "Invalid Login!")) error = bleach.clean(self.get_argument('error', "Invalid Login!"))
page_data = { page_data = {
@ -59,9 +56,16 @@ class PublicHandler(BaseHandler):
elif page == "error": elif page == "error":
template = "public/error.html" template = "public/error.html"
elif page == "logout":
self.clear_cookie("user")
self.clear_cookie("user_data")
self.redirect('/public/login')
return
# if we have no page, let's go to login # if we have no page, let's go to login
else: else:
self.redirect('/public/login') self.redirect('/public/login')
return
self.render( self.render(
template, template,
@ -82,14 +86,18 @@ class PublicHandler(BaseHandler):
# if we don't have a user # if we don't have a user
if not user_data: if not user_data:
next_page = "/public/error?error=Login Failed" next_page = "/public/error?error=Login Failed"
self.clear_cookie("user")
self.clear_cookie("user_data")
self.redirect(next_page) self.redirect(next_page)
return False return
# if they are disabled # if they are disabled
if not user_data.enabled: if not user_data.enabled:
next_page = "/public/error?error=Login Failed" next_page = "/public/error?error=Login Failed"
self.clear_cookie("user")
self.clear_cookie("user_data")
self.redirect(next_page) self.redirect(next_page)
return False return
login_result = helper.verify_pass(entered_password, user_data.password) login_result = helper.verify_pass(entered_password, user_data.password)
@ -118,6 +126,8 @@ class PublicHandler(BaseHandler):
next_page = "/panel/dashboard" next_page = "/panel/dashboard"
self.redirect(next_page) self.redirect(next_page)
else: else:
self.clear_cookie("user")
self.clear_cookie("user_data")
# log this failed login attempt # log this failed login attempt
db_helper.add_to_audit_log(user_data.user_id, "Tried to log in", 0, self.get_remote_ip()) db_helper.add_to_audit_log(user_data.user_id, "Tried to log in", 0, self.get_remote_ip())
self.redirect('/public/error?error=Login Failed') self.redirect('/public/error?error=Login Failed')

12
app/classes/web/server_handler.py
View File

@ -96,7 +96,7 @@ class ServerHandler(BaseHandler):
for server in db_helper.get_all_defined_servers(): for server in db_helper.get_all_defined_servers():
if server['server_name'] == name: if server['server_name'] == name:
return True return True
return False return
server_data = db_helper.get_server_data_by_id(server_id) server_data = db_helper.get_server_data_by_id(server_id)
server_uuid = server_data.get('server_uuid') server_uuid = server_data.get('server_uuid')
@ -165,14 +165,14 @@ class ServerHandler(BaseHandler):
if not server_name: if not server_name:
self.redirect("/panel/error?error=Server name cannot be empty!") self.redirect("/panel/error?error=Server name cannot be empty!")
return False return
if import_type == 'import_jar': if import_type == 'import_jar':
good_path = self.controller.verify_jar_server(import_server_path, import_server_jar) good_path = self.controller.verify_jar_server(import_server_path, import_server_jar)
if not good_path: if not good_path:
self.redirect("/panel/error?error=Server path or Server Jar not found!") self.redirect("/panel/error?error=Server path or Server Jar not found!")
return False return
new_server_id = self.controller.import_jar_server(server_name, import_server_path,import_server_jar, min_mem, max_mem, port) new_server_id = self.controller.import_jar_server(server_name, import_server_path,import_server_jar, min_mem, max_mem, port)
db_helper.add_to_audit_log(exec_user_data['user_id'], db_helper.add_to_audit_log(exec_user_data['user_id'],
@ -184,12 +184,12 @@ class ServerHandler(BaseHandler):
good_path = self.controller.verify_zip_server(import_server_path) good_path = self.controller.verify_zip_server(import_server_path)
if not good_path: if not good_path:
self.redirect("/panel/error?error=Zip file not found!") self.redirect("/panel/error?error=Zip file not found!")
return False return
new_server_id = self.controller.import_zip_server(server_name, import_server_path,import_server_jar, min_mem, max_mem, port) new_server_id = self.controller.import_zip_server(server_name, import_server_path,import_server_jar, min_mem, max_mem, port)
if new_server_id == "false": if new_server_id == "false":
self.redirect("/panel/error?error=Zip file not accessible! You can fix this permissions issue with sudo chown -R crafty:crafty {} And sudo chmod 2775 -R {}".format(import_server_path, import_server_path)) self.redirect("/panel/error?error=Zip file not accessible! You can fix this permissions issue with sudo chown -R crafty:crafty {} And sudo chmod 2775 -R {}".format(import_server_path, import_server_path))
return False return
db_helper.add_to_audit_log(exec_user_data['user_id'], db_helper.add_to_audit_log(exec_user_data['user_id'],
"imported a zip server named \"{}\"".format(server_name), # Example: Admin imported a server named "old creative" "imported a zip server named \"{}\"".format(server_name), # Example: Admin imported a server named "old creative"
new_server_id, new_server_id,
@ -197,7 +197,7 @@ class ServerHandler(BaseHandler):
else: else:
if len(server_parts) != 2: if len(server_parts) != 2:
self.redirect("/panel/error?error=Invalid server data") self.redirect("/panel/error?error=Invalid server data")
return False return
server_type, server_version = server_parts server_type, server_version = server_parts
# todo: add server type check here and call the correct server add functions if not a jar # todo: add server type check here and call the correct server add functions if not a jar
new_server_id = self.controller.create_jar_server(server_type, server_version, server_name, min_mem, max_mem, port) new_server_id = self.controller.create_jar_server(server_type, server_version, server_name, min_mem, max_mem, port)

2
app/frontend/templates/notify.html
View File

@ -29,7 +29,7 @@
{% end %} {% end %}
</div> </div>
<a class="dropdown-item" href="/panel/activity_logs"><i class="dropdown-item-icon mdi mdi-calendar-check-outline text-primary"></i> Activity</a> <a class="dropdown-item" href="/panel/activity_logs"><i class="dropdown-item-icon mdi mdi-calendar-check-outline text-primary"></i> Activity</a>
<a class="dropdown-item" href="/public/login"><i class="dropdown-item-icon mdi mdi-power text-primary"></i>Sign Out</a> <a class="dropdown-item" href="/public/logout"><i class="dropdown-item-icon mdi mdi-power text-primary"></i>Sign Out</a>
</div> </div>
</li> </li>
</ul> </ul>