From cd475e0cf59c9587dbda49a8c5844172d9d97249 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Wed, 1 Mar 2023 13:04:51 -0500 Subject: [PATCH 01/37] Use API to send remote commands to server --- app/classes/web/ajax_handler.py | 63 +------------------ app/frontend/templates/panel/dashboard.html | 49 ++++----------- .../templates/panel/server_backup.html | 2 +- 3 files changed, 14 insertions(+), 100 deletions(-) diff --git a/app/classes/web/ajax_handler.py b/app/classes/web/ajax_handler.py index cd1ccc04..3887a00b 100644 --- a/app/classes/web/ajax_handler.py +++ b/app/classes/web/ajax_handler.py @@ -281,73 +281,12 @@ class AjaxHandler(BaseHandler): exec_user["user_id"], server_id ) - if page == "send_command": - command = self.get_body_argument("command", default=None, strip=True) - server_id = self.get_argument("id", None) - - if server_id is None: - logger.warning("Server ID not found in send_command ajax call") - Console.warning("Server ID not found in send_command ajax call") - - srv_obj = self.controller.servers.get_server_instance_by_id(server_id) - - if command == srv_obj.settings["stop_command"]: - logger.info( - "Stop command detected as terminal input - intercepting." - + f"Starting Crafty's stop process for server with id: {server_id}" - ) - self.controller.management.send_command( - exec_user["user_id"], server_id, self.get_remote_ip(), "stop_server" - ) - command = None - elif command == "restart": - logger.info( - "Restart command detected as terminal input - intercepting." - + f"Starting Crafty's stop process for server with id: {server_id}" - ) - self.controller.management.send_command( - exec_user["user_id"], - server_id, - self.get_remote_ip(), - "restart_server", - ) - command = None - if command: - if srv_obj.check_running(): - srv_obj.send_command(command) - - self.controller.management.add_to_audit_log( - exec_user["user_id"], - f"Sent command to " - f"{self.controller.servers.get_server_friendly_name(server_id)} " - f"terminal: {command}", - server_id, - self.get_remote_ip(), - ) - - elif page == "send_order": + if page == "send_order": self.controller.users.update_server_order( exec_user["user_id"], bleach.clean(self.get_argument("order")) ) return - elif page == "backup_now": - server_id = self.get_argument("id", None) - if server_id is None: - logger.error("Server ID is none. Canceling backup!") - return - - server = self.controller.servers.get_server_instance_by_id(server_id) - self.controller.management.add_to_audit_log_raw( - self.controller.users.get_user_by_id(exec_user["user_id"])["username"], - exec_user["user_id"], - server_id, - f"Backup now executed for server {server_id} ", - source_ip=self.get_remote_ip(), - ) - - server.backup_server() - elif page == "select_photo": if exec_user["superuser"]: photo = urllib.parse.unquote(self.get_argument("photo", "")) diff --git a/app/frontend/templates/panel/dashboard.html b/app/frontend/templates/panel/dashboard.html index 981a4163..a1c25231 100644 --- a/app/frontend/templates/panel/dashboard.html +++ b/app/frontend/templates/panel/dashboard.html @@ -645,10 +645,13 @@ $.ajax({ type: "POST", headers: { 'X-XSRFToken': token }, - url: '/server/command?command=' + command + '&id=' + server_id, + url: `/api/v2/servers/${server_id}/action/${command}`, success: function (data) { console.log("got response:"); console.log(data); + if (command === "clone_server" && data.status === "ok") { + window.location.reload(); + } /*setTimeout(function () { if (command != 'start_server') { location.reload(); @@ -703,24 +706,6 @@ document.querySelector('.dynamicMsg').appendChild(parentEl); } - function send_kill(server_id) { - /* this getCookie function is in base.html */ - const token = getCookie("_xsrf"); - - $.ajax({ - type: "POST", - headers: { 'X-XSRFToken': token }, - url: '/ajax/kill?id=' + server_id, - success: function (data) { - console.log("got response:"); - console.log(data); - /*setTimeout(function () { - location.reload(); - }, 10000);*/ - } - }); - } - function update_one_server_status(server) { /* Mobile view update */ server_cpu = document.getElementById('server_cpu_' + server.id); @@ -899,17 +884,11 @@ }, callback: function (result) { if (result) { - send_kill(server_id); + send_command(server_id, "kill_server"); let dialog = bootbox.dialog({ title: '{% raw translate("dashboard", "killing", data["lang"]) %}', message: '

Loading...

' }); - - dialog.init(function () { - setTimeout(function () { - location.reload(); - }, 15000); - }); } } }); @@ -998,7 +977,13 @@ }, callback: function (result) { if (result) { - cloneServer(server_id); + send_command(server_id, 'clone_server'); + bootbox.dialog({ + backdrop: true, + title: '{% raw translate("dashboard", "sendingCommand", data["lang"]) %}', + message: '
  {% raw translate("dashboard", "bePatientClone", data["lang"]) %}
', + closeButton: false, + }); } } @@ -1006,16 +991,6 @@ }); }); - - function cloneServer(server_id) { - send_command(server_id, 'clone_server'); - bootbox.dialog({ - backdrop: true, - title: '{% raw translate("dashboard", "sendingCommand", data["lang"]) %}', - message: '
  {% raw translate("dashboard", "bePatientClone", data["lang"]) %}
', - closeButton: false, - }); - } diff --git a/app/frontend/templates/panel/server_backup.html b/app/frontend/templates/panel/server_backup.html index ab9b4f2e..1cb8f087 100644 --- a/app/frontend/templates/panel/server_backup.html +++ b/app/frontend/templates/panel/server_backup.html @@ -326,7 +326,7 @@ $.ajax({ type: "POST", headers: { 'X-XSRFToken': token }, - url: '/ajax/backup_now?id=' + server_id, + url: `/api/v2/servers/${server_id}/action/backup_server`, success: function (data) { return; }, From c0bca38319d54503859803b8af956ce3fa8c27c5 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Wed, 1 Mar 2023 13:27:06 -0500 Subject: [PATCH 02/37] Cleanup ajax a bit more --- app/classes/web/ajax_handler.py | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/app/classes/web/ajax_handler.py b/app/classes/web/ajax_handler.py index 3887a00b..fd8ffe4b 100644 --- a/app/classes/web/ajax_handler.py +++ b/app/classes/web/ajax_handler.py @@ -321,23 +321,6 @@ class AjaxHandler(BaseHandler): self.controller.cached_login = "login_1.jpg" return - elif page == "kill": - if not permissions["Commands"] in user_perms: - if not superuser: - self.redirect("/panel/error?error=Unauthorized access to Commands") - return - server_id = self.get_argument("id", None) - svr = self.controller.servers.get_server_instance_by_id(server_id) - try: - svr.kill() - time.sleep(5) - svr.cleanup_server_object() - svr.record_server_stats() - except Exception as e: - logger.error( - f"Could not find PID for requested termsig. Full error: {e}" - ) - return elif page == "eula": server_id = self.get_argument("id", None) svr = self.controller.servers.get_server_instance_by_id(server_id) From 1b6c7dd4787e1e4f88f91a35167b56d3aed65313 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Wed, 1 Mar 2023 13:30:21 -0500 Subject: [PATCH 03/37] Edit panel config for API --- app/frontend/templates/panel/server_config.html | 8 ++++---- app/frontend/templates/panel/server_term.html | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/frontend/templates/panel/server_config.html b/app/frontend/templates/panel/server_config.html index ed5186f9..500322ec 100644 --- a/app/frontend/templates/panel/server_config.html +++ b/app/frontend/templates/panel/server_config.html @@ -359,7 +359,7 @@ $.ajax({ type: "DELETE", headers: { 'X-XSRFToken': token }, - url: '/ajax/delete_server?id=' + serverId, + url: `/api/v2/servers/${serverId}`, data: { }, success: function (data) { @@ -373,7 +373,7 @@ $.ajax({ type: "DELETE", headers: { 'X-XSRFToken': token }, - url: '/ajax/delete_server_files?id=' + serverId, + url: `/api/v2/servers/${serverId}?files=true`, data: { }, success: function (data) { @@ -393,7 +393,7 @@ $.ajax({ type: "POST", headers: { 'X-XSRFToken': token }, - url: '/server/command?command=' + command + '&id=' + serverId, + url: `/api/v2/servers/${serverId}/action/${command}`, success: function (data) { console.log("got response:"); console.log(data); @@ -522,7 +522,7 @@ $.ajax({ type: "DELETE", headers: { 'X-XSRFToken': token }, - url: '/ajax/delete_unloaded_server?id=' + serverId, + url: `/api/v2/servers/${serverId}`, data: { }, success: function (data) { diff --git a/app/frontend/templates/panel/server_term.html b/app/frontend/templates/panel/server_term.html index 54ac127a..965d14ab 100644 --- a/app/frontend/templates/panel/server_term.html +++ b/app/frontend/templates/panel/server_term.html @@ -179,7 +179,7 @@ $.ajax({ type: "POST", headers: { 'X-XSRFToken': token }, - url: '/server/command?command=' + command + '&id=' + serverId, + url: `/api/v2/servers/${serverId}/action/${command}`, success: function (data) { console.log("got response:"); console.log(data); From c51d94023442cd389104b104318ca5f792e39996 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Wed, 1 Mar 2023 14:38:14 -0500 Subject: [PATCH 04/37] Allow unloaded servers to be deleted API --- app/classes/web/routes/api/servers/server/index.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/app/classes/web/routes/api/servers/server/index.py b/app/classes/web/routes/api/servers/server/index.py index 3d5e3e2f..1d68b2e8 100644 --- a/app/classes/web/routes/api/servers/server/index.py +++ b/app/classes/web/routes/api/servers/server/index.py @@ -134,7 +134,15 @@ class ApiServersServerIndexHandler(BaseApiHandler): ) self.tasks_manager.remove_all_server_tasks(server_id) - self.controller.remove_server(server_id, remove_files) + failed = False + for item in self.controller.servers.failed_servers[:]: + if item["server_id"] == int(server_id): + self.controller.servers.failed_servers.remove(item) + + if failed: + self.controller.remove_unloaded_server(server_id) + else: + self.controller.remove_server(server_id, remove_files) self.controller.management.add_to_audit_log( auth_data[4]["user_id"], From ec1076fbce753f39e97e72310ff92914d284ae2a Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Wed, 1 Mar 2023 14:40:02 -0500 Subject: [PATCH 05/37] Cleanup ajax handler --- app/classes/web/ajax_handler.py | 78 --------------------------------- 1 file changed, 78 deletions(-) diff --git a/app/classes/web/ajax_handler.py b/app/classes/web/ajax_handler.py index fd8ffe4b..750badd3 100644 --- a/app/classes/web/ajax_handler.py +++ b/app/classes/web/ajax_handler.py @@ -590,84 +590,6 @@ class AjaxHandler(BaseHandler): ): os.remove(file_path) - elif page == "delete_server": - if not permissions["Config"] in user_perms: - if not superuser: - self.redirect("/panel/error?error=Unauthorized access to Config") - return - server_id = self.get_argument("id", None) - logger.info( - f"Removing server from panel for server: " - f"{self.controller.servers.get_server_friendly_name(server_id)}" - ) - - server_data = self.controller.servers.get_server_data(server_id) - server_name = server_data["server_name"] - - self.controller.management.add_to_audit_log( - exec_user["user_id"], - f"Deleted server {server_id} named {server_name}", - server_id, - self.get_remote_ip(), - ) - - self.tasks_manager.remove_all_server_tasks(server_id) - self.controller.remove_server(server_id, False) - - elif page == "delete_server_files": - if not permissions["Config"] in user_perms: - if not superuser: - self.redirect("/panel/error?error=Unauthorized access to Config") - return - server_id = self.get_argument("id", None) - logger.info( - f"Removing server and all associated files for server: " - f"{self.controller.servers.get_server_friendly_name(server_id)}" - ) - - server_data = self.controller.servers.get_server_data(server_id) - server_name = server_data["server_name"] - - self.controller.management.add_to_audit_log( - exec_user["user_id"], - f"Deleted server {server_id} named {server_name}", - server_id, - self.get_remote_ip(), - ) - - for server in self.controller.servers.failed_servers: - if server["server_id"] == int(server_id): - return - self.tasks_manager.remove_all_server_tasks(server_id) - self.controller.remove_server(server_id, True) - - elif page == "delete_unloaded_server": - if not permissions["Config"] in user_perms: - if not superuser: - self.redirect("/panel/error?error=Unauthorized access to Config") - return - server_id = self.get_argument("id", None) - logger.info( - f"Removing server and all associated files for server: " - f"{self.controller.servers.get_server_friendly_name(server_id)}" - ) - - server_data = self.controller.servers.get_server_data_by_id(server_id) - server_name = server_data["server_name"] - - self.controller.management.add_to_audit_log( - exec_user["user_id"], - f"Deleted server {server_id} named {server_name}", - server_id, - self.get_remote_ip(), - ) - - self.tasks_manager.remove_all_server_tasks(server_id) - for item in self.controller.servers.failed_servers[:]: - if item["server_id"] == int(server_id): - self.controller.servers.failed_servers.remove(item) - self.controller.remove_unloaded_server(server_id) - def check_server_id(self, server_id, page_name): if server_id is None: logger.warning( From c0381da880a3da0963d1f5b4266bdd2c39853223 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Wed, 1 Mar 2023 14:59:30 -0500 Subject: [PATCH 06/37] Fix bug with unloaded server delete --- app/classes/web/routes/api/servers/server/index.py | 1 + 1 file changed, 1 insertion(+) diff --git a/app/classes/web/routes/api/servers/server/index.py b/app/classes/web/routes/api/servers/server/index.py index 1d68b2e8..a3623beb 100644 --- a/app/classes/web/routes/api/servers/server/index.py +++ b/app/classes/web/routes/api/servers/server/index.py @@ -138,6 +138,7 @@ class ApiServersServerIndexHandler(BaseApiHandler): for item in self.controller.servers.failed_servers[:]: if item["server_id"] == int(server_id): self.controller.servers.failed_servers.remove(item) + failed = True if failed: self.controller.remove_unloaded_server(server_id) From d473a6ccf408feba499ff8fc0482e8ec98f29c17 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Wed, 1 Mar 2023 15:25:28 -0500 Subject: [PATCH 07/37] Add server order to api call --- app/classes/controllers/users_controller.py | 1 + app/frontend/templates/panel/dashboard.html | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/app/classes/controllers/users_controller.py b/app/classes/controllers/users_controller.py index b9c019e8..667e01b4 100644 --- a/app/classes/controllers/users_controller.py +++ b/app/classes/controllers/users_controller.py @@ -89,6 +89,7 @@ class UsersController: }, }, "hints": {"type": "boolean"}, + "server_order": {"type": "string"}, } # ********************************************************************************** diff --git a/app/frontend/templates/panel/dashboard.html b/app/frontend/templates/panel/dashboard.html index a1c25231..f781cf7a 100644 --- a/app/frontend/templates/panel/dashboard.html +++ b/app/frontend/templates/panel/dashboard.html @@ -1042,12 +1042,12 @@ const token = getCookie("_xsrf") $.ajax({ - type: "POST", + type: "PATCH", headers: { 'X-XSRFToken': token }, - url: '/ajax/send_order?order=' + id_string, - data: { - order: id_string, - }, + url: `/api/v2/users/@me`, + data: JSON.stringify({ + server_order: id_string, + }), success: function (data) { console.log("got response:"); console.log(data); From 81e4e7e450208111214c25ab77b1f7c3ca54052b Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Thu, 2 Mar 2023 13:24:07 -0500 Subject: [PATCH 08/37] Fix command sends to server --- .../panel/server_admin_controls.html | 34 +++++++++++-------- app/frontend/templates/panel/server_term.html | 4 +-- 2 files changed, 22 insertions(+), 16 deletions(-) diff --git a/app/frontend/templates/panel/server_admin_controls.html b/app/frontend/templates/panel/server_admin_controls.html index 02e28356..ff7ef83d 100644 --- a/app/frontend/templates/panel/server_admin_controls.html +++ b/app/frontend/templates/panel/server_admin_controls.html @@ -14,7 +14,8 @@

- {{ translate('serverDetails', 'serverDetails', data['lang']) }} - {{ data['server_stats']['server_id']['server_name'] }} + {{ translate('serverDetails', 'serverDetails', data['lang']) }} - {{ + data['server_stats']['server_id']['server_name'] }}
UUID: {{ data['server_stats']['server_id']['server_uuid'] }}

@@ -76,10 +77,14 @@

  • {{ player }}

    - - - - + + + +
    • {% end %} @@ -136,21 +141,22 @@ }); - function send_command_to_server(command) { + async function send_command_to_server(command) { console.log(command) var token = getCookie("_xsrf") console.log('sending command: ' + command) - $.ajax({ - type: "POST", - headers: { 'X-XSRFToken': token }, - url: '/ajax/send_command?id=' + serverId, - data: { command }, - success: function (data) { - console.log("got response:"); - console.log(data); + let res = await fetch(`/api/v2/servers/${serverId}/stdin`, { + method: 'POST', + headers: { + 'X-XSRFToken': token }, + body: command, }); + + let responseData = await res.text(); + console.log("got response:"); + console.log(responseData); } diff --git a/app/frontend/templates/panel/server_term.html b/app/frontend/templates/panel/server_term.html index 965d14ab..9dc1d7a5 100644 --- a/app/frontend/templates/panel/server_term.html +++ b/app/frontend/templates/panel/server_term.html @@ -311,12 +311,12 @@ formdata.append('command', serverCommand) console.log('sending command: ' + serverCommand) - let res = await fetch("/ajax/send_command?id=" + serverId, { + let res = await fetch(`/api/v2/servers/${serverId}/stdin`, { method: 'POST', headers: { 'X-XSRFToken': token }, - body: formdata, + body: serverCommand, }); let responseData = await res.text(); From a373943ae64a3474e0555e0ec3654a7107bde1a1 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Thu, 2 Mar 2023 13:24:49 -0500 Subject: [PATCH 09/37] Cleanup ajax handler send audit log entry on stdin call --- app/classes/web/ajax_handler.py | 8 +------- app/classes/web/routes/api/servers/server/stdin.py | 8 +++++++- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/app/classes/web/ajax_handler.py b/app/classes/web/ajax_handler.py index 750badd3..317267b2 100644 --- a/app/classes/web/ajax_handler.py +++ b/app/classes/web/ajax_handler.py @@ -281,13 +281,7 @@ class AjaxHandler(BaseHandler): exec_user["user_id"], server_id ) - if page == "send_order": - self.controller.users.update_server_order( - exec_user["user_id"], bleach.clean(self.get_argument("order")) - ) - return - - elif page == "select_photo": + if page == "select_photo": if exec_user["superuser"]: photo = urllib.parse.unquote(self.get_argument("photo", "")) opacity = self.get_argument("opacity", 100) diff --git a/app/classes/web/routes/api/servers/server/stdin.py b/app/classes/web/routes/api/servers/server/stdin.py index b6bd0c3c..117fe188 100644 --- a/app/classes/web/routes/api/servers/server/stdin.py +++ b/app/classes/web/routes/api/servers/server/stdin.py @@ -35,7 +35,13 @@ class ApiServersServerStdinHandler(BaseApiHandler): "Please report this to the devs" ) return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) - + decoded = self.request.body.decode("utf-8") + self.controller.management.add_to_audit_log( + auth_data[4]["user_id"], + f"Sent command ({decoded}) to terminal", + server_id=0, + source_ip=self.get_remote_ip(), + ) if svr.send_command(self.request.body.decode("utf-8")): return self.finish_json( 200, From 317ed3e66704ce78d541570083c60b114a33ba31 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Fri, 3 Mar 2023 17:16:20 -0500 Subject: [PATCH 10/37] only allow basic users rights to edit some fields --- .../web/routes/api/servers/server/index.py | 66 ++++++++++++++++++- 1 file changed, 63 insertions(+), 3 deletions(-) diff --git a/app/classes/web/routes/api/servers/server/index.py b/app/classes/web/routes/api/servers/server/index.py index a3623beb..35fe7980 100644 --- a/app/classes/web/routes/api/servers/server/index.py +++ b/app/classes/web/routes/api/servers/server/index.py @@ -1,5 +1,6 @@ import logging import json +import shlex from jsonschema import validate from jsonschema.exceptions import ValidationError from playhouse.shortcuts import model_to_dict @@ -13,11 +14,11 @@ server_patch_schema = { "type": "object", "properties": { "server_name": {"type": "string", "minLength": 1}, - "path": {"type": "string", "minLength": 1}, "backup_path": {"type": "string"}, "executable": {"type": "string"}, "log_path": {"type": "string", "minLength": 1}, "execution_command": {"type": "string", "minLength": 1}, + "java_selection": {"type": "string"}, "auto_start": {"type": "boolean"}, "auto_start_delay": {"type": "integer"}, "crash_detection": {"type": "boolean"}, @@ -25,8 +26,27 @@ server_patch_schema = { "executable_update_url": {"type": "string", "minLength": 1}, "server_ip": {"type": "string", "minLength": 1}, "server_port": {"type": "integer"}, + "shutdown_timeout": {"type": "integer"}, "logs_delete_after": {"type": "integer"}, - "type": {"type": "string", "minLength": 1}, + "ignored_exits": {"type": "string"}, + "show_status": {"type": "boolean"}, + }, + "additionalProperties": False, + "minProperties": 1, +} +basic_server_patch_schema = { + "type": "object", + "properties": { + "server_name": {"type": "string", "minLength": 1}, + "executable": {"type": "string"}, + "java_selection": {"type": "string"}, + "auto_start": {"type": "boolean"}, + "auto_start_delay": {"type": "integer"}, + "crash_detection": {"type": "boolean"}, + "stop_command": {"type": "string"}, + "shutdown_timeout": {"type": "integer"}, + "logs_delete_after": {"type": "integer"}, + "ignored_exits": {"type": "string"}, }, "additionalProperties": False, "minProperties": 1, @@ -63,8 +83,12 @@ class ApiServersServerIndexHandler(BaseApiHandler): ) try: - validate(data, server_patch_schema) + if auth_data[4]["superuser"]: + validate(data, server_patch_schema) + else: + validate(data, basic_server_patch_schema) except ValidationError as e: + print(e) return self.finish_json( 400, { @@ -88,9 +112,45 @@ class ApiServersServerIndexHandler(BaseApiHandler): return self.finish_json(400, {"status": "error", "error": "NOT_AUTHORIZED"}) server_obj = self.controller.servers.get_server_obj(server_id) + java_flag = False for key in data: # If we don't validate the input there could be security issues + if key == "java_selection" and data[key] != "none": + java_flag = True + try: + if self.helper.is_os_windows(): + execution_list = shlex.split( + server_obj.execution_command, posix=False + ) + else: + execution_list = shlex.split( + server_obj.execution_command, posix=True + ) + except ValueError: + return self.finish_json( + 200, {"status": "error", "error": "INVALID EXECUTION COMMAND"} + ) + if ( + not any( + data[key] in path for path in self.helper.find_java_installs() + ) + and data[key] != "java" + ): + return + if data[key] != "java": + if self.helper.is_os_windows(): + execution_list[0] = '"' + data[key] + '/bin/java"' + else: + execution_list[0] = '"' + data[key] + '"' + else: + execution_list[0] = "java" + execution_command = "" + for item in execution_list: + execution_command += item + " " + setattr(server_obj, "execution_command", execution_command) if key != "path": + if key == "execution_command" and java_flag: + continue setattr(server_obj, key, data[key]) self.controller.servers.update_server(server_obj) From 40bbc2e79006b879c32e82d80fa862b7c340b031 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Fri, 3 Mar 2023 17:16:44 -0500 Subject: [PATCH 11/37] Remove print statement --- app/classes/web/routes/api/servers/server/index.py | 1 - 1 file changed, 1 deletion(-) diff --git a/app/classes/web/routes/api/servers/server/index.py b/app/classes/web/routes/api/servers/server/index.py index 35fe7980..aa0c26fd 100644 --- a/app/classes/web/routes/api/servers/server/index.py +++ b/app/classes/web/routes/api/servers/server/index.py @@ -88,7 +88,6 @@ class ApiServersServerIndexHandler(BaseApiHandler): else: validate(data, basic_server_patch_schema) except ValidationError as e: - print(e) return self.finish_json( 400, { From 342f2376bc431850fffaaa7de7decdaa0e8352db Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Fri, 3 Mar 2023 17:16:53 -0500 Subject: [PATCH 12/37] Send server config form through API --- .../templates/panel/server_config.html | 82 +++++++++++++++++-- 1 file changed, 77 insertions(+), 5 deletions(-) diff --git a/app/frontend/templates/panel/server_config.html b/app/frontend/templates/panel/server_config.html index 500322ec..e15f88af 100644 --- a/app/frontend/templates/panel/server_config.html +++ b/app/frontend/templates/panel/server_config.html @@ -43,10 +43,7 @@
    -
    - {% raw xsrf_form_html() %} - - +
    @@ -127,7 +124,7 @@ -
    @@ -234,8 +231,99 @@ return r ? r[1] : undefined; } + function replacer(key, value) { + if (key != "start_time" && key != "cron_string" && key != "interval_type") { + if (typeof value == "boolean") { + return value + } else { + return (isNaN(value) ? value : +value); + } + } else { + if (value === "" && key == "start_time"){ + return "00:00"; + }else{ + return value; + } + } + } + + const serverId = new URLSearchParams(document.location.search).get('id'); + const schId = new URLSearchParams(document.location.search).get('sch_id'); $(document).ready(function () { console.log("ready!"); + $("#new_schedule_form").on("submit", async function (e) { + e.preventDefault(); + var token = getCookie("_xsrf") + let schForm = document.getElementById("new_schedule_form"); + + let formData = new FormData(schForm); + formData.delete("difficulty"); + //Create an object from the form data entries + let formDataObject = Object.fromEntries(formData.entries()); + //We need to make sure these are sent regardless of whether or not they're checked + formDataObject.enabled = $("#enabled").prop('checked'); + formDataObject.one_time = $("#one_time").prop('checked'); + if ($("#difficulty").val() == "reaction"){ + formDataObject.interval_type = "reaction"; + } + if (formDataObject.cron_string != ""){ + formDataObject.interval_type = ''; + } + console.log(formDataObject); + // Format the plain form data as JSON + let formDataJsonString = JSON.stringify(formDataObject, replacer); + + console.log(formDataJsonString); + + let res = await fetch(`/api/v2/servers/${serverId}/tasks/`, { + method: 'POST', + headers: { + 'X-XSRFToken': token + }, + body: formDataJsonString, + }); + let responseData = await res; + if (responseData.statusText === "OK") { + window.location.href = `/panel/server_detail?id=${serverId}&subpage=schedules`; + } + }); + + $("#schedule_form").on("submit", async function (e) { + e.preventDefault(); + var token = getCookie("_xsrf") + let schForm = document.getElementById("schedule_form"); + + let formData = new FormData(schForm); + formData.delete("difficulty"); + //Create an object from the form data entries + let formDataObject = Object.fromEntries(formData.entries()); + //We need to make sure these are sent regardless of whether or not they're checked + formDataObject.enabled = $("#enabled").prop('checked'); + formDataObject.one_time = $("#one_time").prop('checked'); + if ($("#difficulty").val() == "reaction"){ + formDataObject.interval_type = "reaction"; + } + if (formDataObject.cron_string != ""){ + formDataObject.interval_type = ''; + } + console.log(formDataObject); + // Format the plain form data as JSON + let formDataJsonString = JSON.stringify(formDataObject, replacer); + + console.log(formDataJsonString); + + let res = await fetch(`/api/v2/servers/${serverId}/tasks/${schId}`, { + method: 'PATCH', + headers: { + 'X-XSRFToken': token + }, + body: formDataJsonString, + }); + let responseData = await res; + if (responseData.statusText === "OK") { + window.location.href = `/panel/server_detail?id=${serverId}&subpage=schedules`; + } + }); }); @@ -265,6 +353,7 @@ document.getElementById("parent").required = true; document.getElementById("interval").required = false; document.getElementById("time").required = false; + $("#cron").val(""); } else { document.getElementById("ifAdvanced").style.display = "none"; @@ -274,6 +363,7 @@ document.getElementById("parent").required = false; document.getElementById("interval").required = true; document.getElementById("time").required = true; + $("#cron").val(""); } } function ifDays() { @@ -286,20 +376,6 @@ } } - async function del_task(sch_id, id) { - var token = getCookie("_xsrf") - - let res = await fetch(`/api/v2/servers/${id}/tasks/${sch_id}`, { - method: 'DELETE', - headers: { - 'token': token, - }, - }); - let responseData = await res; - if (responseData.statusText === "OK") { - window.location.reload(); - } - } function startup() { try { document.getElementById("{{ data['schedule']['interval_type'] }}").setAttribute('selected', true); diff --git a/app/frontend/templates/panel/server_schedules.html b/app/frontend/templates/panel/server_schedules.html index 5d776bbd..9f92fc6e 100644 --- a/app/frontend/templates/panel/server_schedules.html +++ b/app/frontend/templates/panel/server_schedules.html @@ -90,7 +90,7 @@

    {{schedule.command}}

    - {% if schedule.interval != '' %} + {% if schedule.interval_type != '' and schedule.interval_type != 'reaction' %}

    {{ translate('serverSchedules', 'every', data['lang']) }}

    {{schedule.interval}} {{schedule.interval_type}}

    {% elif schedule.interval_type == 'reaction' %} From 1804d35156b171c6f80d9507894836c1469010c2 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Sat, 4 Mar 2023 22:45:31 -0500 Subject: [PATCH 22/37] Add error checking on cron validation --- .../routes/api/servers/server/tasks/index.py | 17 +++++++++++ .../api/servers/server/tasks/task/index.py | 15 ++++++++++ .../templates/panel/server_config.html | 12 ++++++-- .../templates/panel/server_schedule_edit.html | 30 ++++++++++++++----- app/translations/en_EN.json | 5 ++-- 5 files changed, 66 insertions(+), 13 deletions(-) diff --git a/app/classes/web/routes/api/servers/server/tasks/index.py b/app/classes/web/routes/api/servers/server/tasks/index.py index 10f09ea7..cf35ad9f 100644 --- a/app/classes/web/routes/api/servers/server/tasks/index.py +++ b/app/classes/web/routes/api/servers/server/tasks/index.py @@ -3,6 +3,7 @@ import json import logging +from croniter import croniter from jsonschema import ValidationError, validate from app.classes.models.server_permissions import EnumPermissionsServer from app.classes.web.base_api_handler import BaseApiHandler @@ -89,6 +90,22 @@ class ApiServersServerTasksIndexHandler(BaseApiHandler): data["server_id"] = server_id if not data.get("start_time"): data["start_time"] = "00:00" + + # validate cron string + if data["cron_string"] != "" and not croniter.is_valid(data["cron_string"]): + return self.finish_json( + 405, + { + "status": "error", + "error": self.helper.translation.translate( + "error", + "cronFormat", + self.controller.users.get_user_lang_by_id( + auth_data[4]["user_id"] + ), + ), + }, + ) task_id = self.tasks_manager.schedule_job(data) self.controller.management.add_to_audit_log( diff --git a/app/classes/web/routes/api/servers/server/tasks/task/index.py b/app/classes/web/routes/api/servers/server/tasks/task/index.py index a9a1f5d9..1db5ccf1 100644 --- a/app/classes/web/routes/api/servers/server/tasks/task/index.py +++ b/app/classes/web/routes/api/servers/server/tasks/task/index.py @@ -3,6 +3,7 @@ import json import logging +from croniter import croniter from jsonschema import ValidationError, validate from app.classes.models.server_permissions import EnumPermissionsServer @@ -135,6 +136,20 @@ class ApiServersServerTasksTaskIndexHandler(BaseApiHandler): data["parent"] = None data["server_id"] = server_id + if data["cron_string"] != "" and not croniter.is_valid(data["cron_string"]): + return self.finish_json( + 405, + { + "status": "error", + "error": self.helper.translation.translate( + "error", + "cronFormat", + self.controller.users.get_user_lang_by_id( + auth_data[4]["user_id"] + ), + ), + }, + ) self.tasks_manager.update_job(task_id, data) self.controller.management.add_to_audit_log( diff --git a/app/frontend/templates/panel/server_config.html b/app/frontend/templates/panel/server_config.html index e15f88af..cc8d9a0c 100644 --- a/app/frontend/templates/panel/server_config.html +++ b/app/frontend/templates/panel/server_config.html @@ -622,10 +622,16 @@ }, body: formDataJsonString, }); - let responseData = await res; - if (responseData.statusText === "OK") { + let responseData = await res.json(); + if (responseData.status === "ok") { window.location.reload(); - } + } else { + + bootbox.alert({ + title: responseData.status, + message: responseData.error + }); + } }); }); diff --git a/app/frontend/templates/panel/server_schedule_edit.html b/app/frontend/templates/panel/server_schedule_edit.html index 9e535d67..9bd8d8da 100644 --- a/app/frontend/templates/panel/server_schedule_edit.html +++ b/app/frontend/templates/panel/server_schedule_edit.html @@ -278,14 +278,21 @@ let res = await fetch(`/api/v2/servers/${serverId}/tasks/`, { method: 'POST', headers: { - 'X-XSRFToken': token + 'X-XSRFToken': token, + "Content-Type": "application/json", }, body: formDataJsonString, }); - let responseData = await res; - if (responseData.statusText === "OK") { + let responseData = await res.json(); + if (responseData.status === "ok") { window.location.href = `/panel/server_detail?id=${serverId}&subpage=schedules`; - } + } else { + + bootbox.alert({ + title: responseData.status, + message: responseData.error + }); + } }); $("#schedule_form").on("submit", async function (e) { @@ -315,14 +322,21 @@ let res = await fetch(`/api/v2/servers/${serverId}/tasks/${schId}`, { method: 'PATCH', headers: { - 'X-XSRFToken': token + 'X-XSRFToken': token, + "Content-Type": "application/json", }, body: formDataJsonString, }); - let responseData = await res; - if (responseData.statusText === "OK") { + let responseData = await res.json(); + if (responseData.status === "ok") { window.location.href = `/panel/server_detail?id=${serverId}&subpage=schedules`; - } + } else { + + bootbox.alert({ + title: responseData.status, + message: responseData.error + }); + } }); }); diff --git a/app/translations/en_EN.json b/app/translations/en_EN.json index de5da99a..907ecedf 100644 --- a/app/translations/en_EN.json +++ b/app/translations/en_EN.json @@ -186,7 +186,8 @@ "terribleFailure": "What a Terrible Failure!", "superError": "You must be a super user to complete this action.", "fileError": "File type must be an image.", - "migration": "Crafty's main server storage is being mirgated to a new location. All server starts have been suspended during this time. Please wait while we finish this migration" + "migration": "Crafty's main server storage is being mirgated to a new location. All server starts have been suspended during this time. Please wait while we finish this migration", + "cronFormat": "Invalid Cron format detected" }, "footer": { "allRightsReserved": "All rights reserved", @@ -614,4 +615,4 @@ "manager": "Manager", "selectManager": "Select Manager for User" } -} +} \ No newline at end of file From d06de3ef76ef8929e03f6bddbf9790e864fc566f Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Sat, 4 Mar 2023 22:45:45 -0500 Subject: [PATCH 23/37] Remove un-needed imports --- app/classes/web/panel_handler.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py index 9adec950..1a00e79c 100644 --- a/app/classes/web/panel_handler.py +++ b/app/classes/web/panel_handler.py @@ -6,7 +6,6 @@ import typing as t import json import logging import threading -import shlex import urllib.parse import bleach import requests @@ -17,7 +16,6 @@ from tornado import iostream # TZLocal is set as a hidden import on win pipeline from tzlocal import get_localzone from tzlocal.utils import ZoneInfoNotFoundError -from croniter import croniter from app.classes.models.servers import Servers from app.classes.models.server_permissions import EnumPermissionsServer From 89307cecd55e547e2caf806645f75a09a482f035 Mon Sep 17 00:00:00 2001 From: Andrew Date: Thu, 9 Mar 2023 11:06:55 -0500 Subject: [PATCH 24/37] Fix get server users --- app/classes/controllers/servers_controller.py | 3 +-- app/classes/models/users.py | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/app/classes/controllers/servers_controller.py b/app/classes/controllers/servers_controller.py index 608a1ced..a9d7a511 100644 --- a/app/classes/controllers/servers_controller.py +++ b/app/classes/controllers/servers_controller.py @@ -275,11 +275,10 @@ class ServersController(metaclass=Singleton): for role in roles_list: role_users = HelperUsers.get_users_from_role(role.role_id) for user_role in role_users: - user_ids.add(user_role.user_id) + user_ids.add(user_role.user_id.user_id) for user_id in HelperUsers.get_super_user_list(): user_ids.add(user_id) - return user_ids def get_all_servers_stats(self): diff --git a/app/classes/models/users.py b/app/classes/models/users.py index 496e8d2c..b0612017 100644 --- a/app/classes/models/users.py +++ b/app/classes/models/users.py @@ -386,7 +386,7 @@ class HelperUsers: @staticmethod def get_users_from_role(role_id): - UserRoles.select().where(UserRoles.role_id == role_id).execute() + return UserRoles.select().where(UserRoles.role_id == role_id).execute() # ********************************************************************************** # ApiKeys Methods From 4729588e319b5e045ab11cc4de827641976c5d76 Mon Sep 17 00:00:00 2001 From: Andrew Date: Fri, 10 Mar 2023 18:25:26 -0500 Subject: [PATCH 25/37] Fix server config update_url --- app/classes/web/routes/api/servers/server/index.py | 2 +- app/frontend/templates/panel/server_config.html | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/classes/web/routes/api/servers/server/index.py b/app/classes/web/routes/api/servers/server/index.py index 1335fd21..0b7dcc98 100644 --- a/app/classes/web/routes/api/servers/server/index.py +++ b/app/classes/web/routes/api/servers/server/index.py @@ -22,7 +22,7 @@ server_patch_schema = { "auto_start_delay": {"type": "integer"}, "crash_detection": {"type": "boolean"}, "stop_command": {"type": "string"}, - "executable_update_url": {"type": "string", "minLength": 1}, + "executable_update_url": {"type": "string"}, "server_ip": {"type": "string", "minLength": 1}, "server_port": {"type": "integer"}, "shutdown_timeout": {"type": "integer"}, diff --git a/app/frontend/templates/panel/server_config.html b/app/frontend/templates/panel/server_config.html index cc8d9a0c..3dd95674 100644 --- a/app/frontend/templates/panel/server_config.html +++ b/app/frontend/templates/panel/server_config.html @@ -580,7 +580,7 @@ } function replacer(key, value) { if (key != "ignored_exits") { - if (typeof value == "boolean") { + if (typeof value == "boolean" || key === "executable_update_url") { return value } else { return (isNaN(value) ? value : +value); @@ -628,8 +628,8 @@ } else { bootbox.alert({ - title: responseData.status, - message: responseData.error + title: responseData.error, + message: responseData.error_data }); } }); From d1b2955fcc0d9f86bfba928f55ceb0b9d2762478 Mon Sep 17 00:00:00 2001 From: Andrew Date: Fri, 10 Mar 2023 18:28:40 -0500 Subject: [PATCH 26/37] Better errors for schedules --- app/frontend/templates/panel/server_schedule_edit.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/frontend/templates/panel/server_schedule_edit.html b/app/frontend/templates/panel/server_schedule_edit.html index 9bd8d8da..02a55f92 100644 --- a/app/frontend/templates/panel/server_schedule_edit.html +++ b/app/frontend/templates/panel/server_schedule_edit.html @@ -333,8 +333,8 @@ } else { bootbox.alert({ - title: responseData.status, - message: responseData.error + title: responseData.error, + message: responseData.error_data }); } }); From d6b57203a1ccfdb71529a0d2d12e08e99d7da5d5 Mon Sep 17 00:00:00 2001 From: Andrew Date: Fri, 10 Mar 2023 18:55:13 -0500 Subject: [PATCH 27/37] Fix auto start delay patch --- app/classes/web/routes/api/servers/server/index.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/classes/web/routes/api/servers/server/index.py b/app/classes/web/routes/api/servers/server/index.py index 0b7dcc98..138cb817 100644 --- a/app/classes/web/routes/api/servers/server/index.py +++ b/app/classes/web/routes/api/servers/server/index.py @@ -19,7 +19,7 @@ server_patch_schema = { "execution_command": {"type": "string", "minLength": 1}, "java_selection": {"type": "string"}, "auto_start": {"type": "boolean"}, - "auto_start_delay": {"type": "integer"}, + "auto_start_delay": {"type": "integer", "minimum": 0}, "crash_detection": {"type": "boolean"}, "stop_command": {"type": "string"}, "executable_update_url": {"type": "string"}, @@ -40,7 +40,7 @@ basic_server_patch_schema = { "executable": {"type": "string"}, "java_selection": {"type": "string"}, "auto_start": {"type": "boolean"}, - "auto_start_delay": {"type": "integer"}, + "auto_start_delay": {"type": "integer", "minimum": 0}, "crash_detection": {"type": "boolean"}, "stop_command": {"type": "string"}, "shutdown_timeout": {"type": "integer"}, From 3f3ba0ad81c16fa9f931b52c9098743e296fb725 Mon Sep 17 00:00:00 2001 From: Andrew Date: Fri, 10 Mar 2023 18:58:19 -0500 Subject: [PATCH 28/37] Fix minimums --- app/classes/web/routes/api/servers/server/index.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/classes/web/routes/api/servers/server/index.py b/app/classes/web/routes/api/servers/server/index.py index 138cb817..afe02a0b 100644 --- a/app/classes/web/routes/api/servers/server/index.py +++ b/app/classes/web/routes/api/servers/server/index.py @@ -25,8 +25,8 @@ server_patch_schema = { "executable_update_url": {"type": "string"}, "server_ip": {"type": "string", "minLength": 1}, "server_port": {"type": "integer"}, - "shutdown_timeout": {"type": "integer"}, - "logs_delete_after": {"type": "integer"}, + "shutdown_timeout": {"type": "integer", "minimum": 0}, + "logs_delete_after": {"type": "integer", "minimum": 0}, "ignored_exits": {"type": "string"}, "show_status": {"type": "boolean"}, }, @@ -44,7 +44,7 @@ basic_server_patch_schema = { "crash_detection": {"type": "boolean"}, "stop_command": {"type": "string"}, "shutdown_timeout": {"type": "integer"}, - "logs_delete_after": {"type": "integer"}, + "logs_delete_after": {"type": "integer", "minimum": 0}, "ignored_exits": {"type": "string"}, }, "additionalProperties": False, From 0b1d2d5dc6d1ee8823ade6b9cc659611615e2456 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Mon, 13 Mar 2023 13:54:59 -0400 Subject: [PATCH 29/37] Fix roles manager being none --- app/classes/web/routes/api/roles/role/index.py | 1 + 1 file changed, 1 insertion(+) diff --git a/app/classes/web/routes/api/roles/role/index.py b/app/classes/web/routes/api/roles/role/index.py index c0601b5e..28e07664 100644 --- a/app/classes/web/routes/api/roles/role/index.py +++ b/app/classes/web/routes/api/roles/role/index.py @@ -27,6 +27,7 @@ modify_role_schema = { "required": ["server_id", "permissions"], }, }, + "manager": {"type": ["integer", "null"]}, }, "additionalProperties": False, "minProperties": 1, From 7aa0776cb5eee19ed7088e056a11b7e2f44567ae Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Mon, 13 Mar 2023 15:54:44 -0400 Subject: [PATCH 30/37] Laying groundwork for roles patch --- .../web/routes/api/roles/role/index.py | 34 +++++++++++- .../templates/panel/panel_edit_role.html | 55 ++++++++++++++++++- 2 files changed, 85 insertions(+), 4 deletions(-) diff --git a/app/classes/web/routes/api/roles/role/index.py b/app/classes/web/routes/api/roles/role/index.py index 28e07664..20354722 100644 --- a/app/classes/web/routes/api/roles/role/index.py +++ b/app/classes/web/routes/api/roles/role/index.py @@ -33,6 +33,35 @@ modify_role_schema = { "minProperties": 1, } +basic_modify_role_schema = { + "type": "object", + "properties": { + "name": { + "type": "string", + "minLength": 1, + }, + "servers": { + "type": "array", + "items": { + "type": "object", + "properties": { + "server_id": { + "type": "integer", + "minimum": 1, + }, + "permissions": { + "type": "string", + "pattern": "^[01]{8}$", # 8 bits, see EnumPermissionsServer + }, + }, + "required": ["server_id", "permissions"], + }, + }, + }, + "additionalProperties": False, + "minProperties": 1, +} + class ApiRolesRoleIndexHandler(BaseApiHandler): def get(self, role_id: str): @@ -110,7 +139,10 @@ class ApiRolesRoleIndexHandler(BaseApiHandler): ) try: - validate(data, modify_role_schema) + if auth_data[4]["superuser"]: + validate(data, modify_role_schema) + else: + validate(data, basic_modify_role_schema) except ValidationError as e: return self.finish_json( 400, diff --git a/app/frontend/templates/panel/panel_edit_role.html b/app/frontend/templates/panel/panel_edit_role.html index 73958777..867a05c9 100644 --- a/app/frontend/templates/panel/panel_edit_role.html +++ b/app/frontend/templates/panel/panel_edit_role.html @@ -50,9 +50,6 @@
    - {% raw xsrf_form_html() %} - -
    @@ -321,9 +318,61 @@ return r ? r[1] : undefined; } + function gather_server_json() { + servers = []; + for (s = 0; s < page_servers.length; s++){ + mask = "" + + for (i = 0; i < permissions.length; i++){ + if ($(`permission_${page_servers[s].id}_${permissions[i]}`).prop('checked')){ + mask += "1" + }else{ + mask += "0" + } + } + servers.push(JSON.stringify({"id": page_servers[s].id, "permissions": mask})); + } + return servers; + } + $( document ).ready(function() { console.log( "ready!" ); }); + const roleId = new URLSearchParams(document.location.search).get('id'); + + $("#config_form").on("submit", async function (e) { + e.preventDefault(); + var token = getCookie("_xsrf") + let configForm = document.getElementById("config_form"); + + let formData = new FormData(configForm); + //Create an object from the form data entries + let formDataObject = Object.fromEntries(formData.entries()); + let send_object = Object() + send_object.servers = [] + send_object.name = formDataObject.role_name + + // Format the plain form data as JSON + let formDataJsonString = JSON.stringify(formDataObject, replacer); + + let res = await fetch(`/api/v2/roles/${roleId}`, { + method: 'PATCH', + headers: { + 'X-XSRFToken': token + }, + body: formDataJsonString, + }); + let responseData = await res.json(); + if (responseData.status === "ok") { + window.location.reload(); + } else { + + bootbox.alert({ + title: responseData.error, + message: responseData.error_data + }); + } + }); From 7721b0278699ae3e843da7b9427aaade0a15d94e Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Wed, 15 Mar 2023 11:17:39 -0400 Subject: [PATCH 31/37] Fix formatting --- .../templates/panel/panel_edit_role.html | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/app/frontend/templates/panel/panel_edit_role.html b/app/frontend/templates/panel/panel_edit_role.html index 867a05c9..2cffc37d 100644 --- a/app/frontend/templates/panel/panel_edit_role.html +++ b/app/frontend/templates/panel/panel_edit_role.html @@ -322,17 +322,16 @@ servers = []; for (s = 0; s < page_servers.length; s++){ mask = "" - - for (i = 0; i < permissions.length; i++){ - if ($(`permission_${page_servers[s].id}_${permissions[i]}`).prop('checked')){ - mask += "1" - }else{ - mask += "0" + for (i = 0; i < permissions.length; i++){ + if ($(`#permission_${page_servers[s].id}_${permissions[i]}`).prop('checked')){ + mask += "1" + }else{ + mask += "0" + } } + servers.push(JSON.stringify({"id": page_servers[s].id, "permissions": mask})); } - servers.push(JSON.stringify({"id": page_servers[s].id, "permissions": mask})); - } - return servers; + return servers; } $( document ).ready(function() { From 9b3c664d095cbc12e18abfb9b314eadcd95be151 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Sun, 7 May 2023 12:41:36 -0400 Subject: [PATCH 32/37] Revert xsrf remove --- app/frontend/templates/panel/panel_edit_role.html | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/frontend/templates/panel/panel_edit_role.html b/app/frontend/templates/panel/panel_edit_role.html index 2cffc37d..273bddec 100644 --- a/app/frontend/templates/panel/panel_edit_role.html +++ b/app/frontend/templates/panel/panel_edit_role.html @@ -50,6 +50,9 @@
    + {% raw xsrf_form_html() %} + +
    From f22a6e77da6ca7b98e9614575a9e73a1207b6f48 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Sun, 7 May 2023 13:50:26 -0400 Subject: [PATCH 33/37] Remove del task from ajax. --- app/classes/web/ajax_handler.py | 6 ------ 1 file changed, 6 deletions(-) diff --git a/app/classes/web/ajax_handler.py b/app/classes/web/ajax_handler.py index 317267b2..0dde06a1 100644 --- a/app/classes/web/ajax_handler.py +++ b/app/classes/web/ajax_handler.py @@ -540,12 +540,6 @@ class AjaxHandler(BaseHandler): user_perms = self.controller.server_perms.get_user_id_permissions_list( exec_user["user_id"], server_id ) - if page == "del_task": - if not permissions["Schedule"] in user_perms: - self.redirect("/panel/error?error=Unauthorized access to Tasks") - else: - sch_id = self.get_argument("schedule_id", "-404") - self.tasks_manager.remove_job(sch_id) if page == "del_backup": if not permissions["Backup"] in user_perms: From 1ab409f5cb5a97a147d2f365b69b213f4329a7a0 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Sun, 7 May 2023 13:51:12 -0400 Subject: [PATCH 34/37] Add check for parent in schedules --- app/classes/web/routes/api/servers/server/tasks/index.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/classes/web/routes/api/servers/server/tasks/index.py b/app/classes/web/routes/api/servers/server/tasks/index.py index cf35ad9f..72f8def4 100644 --- a/app/classes/web/routes/api/servers/server/tasks/index.py +++ b/app/classes/web/routes/api/servers/server/tasks/index.py @@ -106,6 +106,8 @@ class ApiServersServerTasksIndexHandler(BaseApiHandler): ), }, ) + if "parent" not in data: + data["parent"] = None task_id = self.tasks_manager.schedule_job(data) self.controller.management.add_to_audit_log( From 6988ed31f65e7d0a6b0dc1569d9af6fedd43efe9 Mon Sep 17 00:00:00 2001 From: Andrew Date: Thu, 11 May 2023 21:48:25 -0400 Subject: [PATCH 35/37] Fix json schema type issues in schedules --- app/frontend/templates/panel/server_schedule_edit.html | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/app/frontend/templates/panel/server_schedule_edit.html b/app/frontend/templates/panel/server_schedule_edit.html index 02a55f92..94e2d948 100644 --- a/app/frontend/templates/panel/server_schedule_edit.html +++ b/app/frontend/templates/panel/server_schedule_edit.html @@ -235,7 +235,14 @@ if (key != "start_time" && key != "cron_string" && key != "interval_type") { if (typeof value == "boolean") { return value - } else { + } + console.log(key) + if (key === "interval" && value === ""){ + return 0; + } + if (key === "command" && typeof(value === "integer")){ + return value.toString(); + }else { return (isNaN(value) ? value : +value); } } else { From 984d4dbf94819b139a98580d563709114010df2c Mon Sep 17 00:00:00 2001 From: Andrew Date: Thu, 11 May 2023 21:56:31 -0400 Subject: [PATCH 36/37] Fix dom issue --- app/classes/web/panel_handler.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py index 1a00e79c..8e1f7bb0 100644 --- a/app/classes/web/panel_handler.py +++ b/app/classes/web/panel_handler.py @@ -1051,7 +1051,7 @@ class PanelHandler(BaseHandler): page_data["schedule"]["cron_string"] = "" page_data["schedule"]["delay"] = 0 page_data["schedule"]["time"] = "" - page_data["schedule"]["interval"] = "" + page_data["schedule"]["interval"] = 1 # we don't need to check difficulty here. # We'll just default to basic for new schedules page_data["schedule"]["difficulty"] = "basic" From bab5916e9656dcfc44e6b0b71e7ec0fcedbada09 Mon Sep 17 00:00:00 2001 From: Zedifus Date: Sun, 14 May 2023 20:08:47 +0100 Subject: [PATCH 37/37] Update changelog !565 --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1c84c26f..9466965d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ ## --- [4.1.0] - 2023/TBD ### New features TBD +### Refactor +- Frontend Ajax Refactor | Start using API to send Remote Comms to Server ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/565)) ### Bug fixes - Fix pipelines failing to build from gitlab pre-defined variable deprecation ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/582)) - Fix incompatible buildx provenance meta, causing digest issues on GL/DH container registries ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/582))