From 35518e960ff94badde9b7a17441c8036eb6bc0a1 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Thu, 16 Jun 2022 09:52:21 -0400 Subject: [PATCH 1/3] Fix username capital issues once and for all --- app/classes/web/api_handler.py | 2 +- app/classes/web/panel_handler.py | 4 ++-- app/classes/web/routes/api/users/index.py | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/app/classes/web/api_handler.py b/app/classes/web/api_handler.py index ae525dbb..43af4ae8 100644 --- a/app/classes/web/api_handler.py +++ b/app/classes/web/api_handler.py @@ -338,7 +338,7 @@ class CreateUser(ApiHandler): self.access_denied(user) return - new_username = self.get_argument("username") + new_username = self.get_argument("username").lower() new_pass = self.get_argument("password") if new_username: diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py index ed8f3a73..94cd12a7 100644 --- a/app/classes/web/panel_handler.py +++ b/app/classes/web/panel_handler.py @@ -1774,7 +1774,7 @@ class PanelHandler(BaseHandler): "system user is not editable" ) user_id = bleach.clean(self.get_argument("id", None)) - username = bleach.clean(self.get_argument("username", None)) + username = bleach.clean(self.get_argument("username", None).lower()) password0 = bleach.clean(self.get_argument("password0", None)) password1 = bleach.clean(self.get_argument("password1", None)) email = bleach.clean(self.get_argument("email", "default@example.com")) @@ -1943,7 +1943,7 @@ class PanelHandler(BaseHandler): self.finish() elif page == "add_user": - username = bleach.clean(self.get_argument("username", None)) + username = bleach.clean(self.get_argument("username", None).lower()) if username.lower() == "system": self.redirect( "/panel/error?error=Unauthorized access: " diff --git a/app/classes/web/routes/api/users/index.py b/app/classes/web/routes/api/users/index.py index 4c5a85a2..3e4cfdab 100644 --- a/app/classes/web/routes/api/users/index.py +++ b/app/classes/web/routes/api/users/index.py @@ -95,6 +95,7 @@ class ApiUsersIndexHandler(BaseApiHandler): ) username = data["username"] + username = str(username).lower() password = data["password"] email = data.get("email", "default@example.com") enabled = data.get("enabled", True) From c0006e47f4752a65aa5714e04d45b0aedae9d1cc Mon Sep 17 00:00:00 2001 From: Zedifus Date: Thu, 16 Jun 2022 16:45:08 +0100 Subject: [PATCH 2/3] Add version inheretence & config check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also add pretty colours Also config check will always return true but meh 🤷‍♂️ If api key location changes it will be accurate --- docker_launcher.sh | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/docker_launcher.sh b/docker_launcher.sh index ec842f4c..3e2cfd6c 100644 --- a/docker_launcher.sh +++ b/docker_launcher.sh @@ -2,7 +2,7 @@ # Check if config exists taking one from image if needed. if [ ! "$(ls -A --ignore=.gitkeep ./app/config)" ]; then - echo "Wrapper | 🏗️ Config not found, pulling defaults..." + echo "\033[36mWrapper | \033[33m🏗️ Config not found, pulling defaults..." mkdir ./app/config/ 2> /dev/null cp -r ./app/config_original/* ./app/config/ @@ -10,11 +10,24 @@ if [ ! "$(ls -A --ignore=.gitkeep ./app/config)" ]; then # We're running as root; # Look for files & dirs that require group permissions to be fixed # This will do the full /crafty dir, so will take a miniute. - echo "Wrapper | 📋 Looking for problem bind mount permissions globally..." + echo "\033[36mWrapper | \033[35m📋 Looking for problem bind mount permissions globally..." find . ! -group root -exec chgrp root {} \; find . ! -perm g+rw -exec chmod g+rw {} \; find . -type d ! -perm g+s -exec chmod g+s {} \; fi +else + # Keep version file up to date with image + cp -f ./app/config_original/version.json ./app/config/version.json + + # Compare if user's config is different from image, and show differences. + echo "\033[36mWrapper | \033[35m🏗️ Checking for config.json changes..." + cp -f ./app/config_original/config.json ./app/config/config_image_template + if [ "$(diff -q ./app/config/config.json ./app/config/config_image_template)" ]; then + echo "\033[36mWrapper | \033[33m👷 We've found differences in your local config, please review!," + echo "\033[36m | \033[33m (This could be an outdated config.json)" + else + echo "\033[36mWrapper | \033[32m✅ Config good! Proceeding..." + fi fi @@ -24,21 +37,21 @@ if [ $(id -u) -eq 0 ]; then # If we find files in import directory, we need to ensure all dirs are owned by the root group, # This fixes bind mounts that may have incorrect perms. if [ "$(ls -A --ignore=.gitkeep ./import)" ]; then - echo "Wrapper | 📋 Files present in import, checking/fixing permissions..." - echo "Wrapper | ⏳ Please be paitent for larger servers..." + echo "\033[36mWrapper | \033[35m📋 Files present in import directory, checking/fixing permissions..." + echo "\033[36mWrapper | \033[33m⏳ Please be paitent for larger servers..." find . ! -group root -exec chgrp root {} \; find . ! -perm g+rw -exec chmod g+rw {} \; find . -type d ! -perm g+s -exec chmod g+s {} \; - echo "Wrapper | ✅ Permissions Fixed! (This will happen every boot until /import is empty!)" + echo "\033[36mWrapper | \033[32m✅ Permissions Fixed! (This will happen every boot until /import is empty!)" fi # Switch user, activate our prepared venv and lauch crafty args="$@" - echo "Wrapper | 🚀 Launching crafty with [$args]" + echo "\033[36mWrapper | \033[32m🚀 Launching crafty with [\033[34m$args\033[32m]" exec sudo -u crafty bash -c "source ./.venv/bin/activate && exec python3 main.py $args" else # Activate our prepared venv - echo "Wrapper | 🚀 Non-root host detected, using normal exec" + echo "\033[36mWrapper | \033[32m🚀 Non-root host detected, using normal exec" . ./.venv/bin/activate # Use exec as our perms are already correct # This is likely if using Kubernetes/OpenShift etc From e3d289e6fdb6672f45333c92ad0b376d9ea86e76 Mon Sep 17 00:00:00 2001 From: amcmanu3 Date: Thu, 16 Jun 2022 12:11:21 -0400 Subject: [PATCH 3/3] Fix support logs download issues --- app/classes/shared/main_controller.py | 15 +++++++++++++-- app/classes/web/panel_handler.py | 2 -- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/app/classes/shared/main_controller.py b/app/classes/shared/main_controller.py index f1515031..39db11cd 100644 --- a/app/classes/shared/main_controller.py +++ b/app/classes/shared/main_controller.py @@ -82,8 +82,16 @@ class Controller: if exec_user["preparing"]: return self.users.set_prepare(exec_user["user_id"]) - # Delete previous instace of logs - self.del_support_file(exec_user["support_logs"]) + logger.info("Checking for previous support logs.") + if exec_user["support_logs"] != "": + logger.info( + f"Found previous support log request at {exec_user['support_logs']}" + ) + if self.helper.validate_traversal( + tempfile.gettempdir(), exec_user["support_logs"] + ): + logger.debug("No transversal detected. Going for the delete.") + self.del_support_file(exec_user["support_logs"]) # pausing so on screen notifications can run for user time.sleep(7) self.helper.websocket_helper.broadcast_user( @@ -177,6 +185,9 @@ class Controller: def del_support_file(self, temp_zip_storage): try: FileHelpers.del_file(temp_zip_storage) + logger.info( + f"Old support logs successfully deleted from {temp_zip_storage}" + ) except FileNotFoundError: logger.info("No temp file found. Assuming it's already been cleaned up") except PermissionError: diff --git a/app/classes/web/panel_handler.py b/app/classes/web/panel_handler.py index ed8f3a73..cf28316a 100644 --- a/app/classes/web/panel_handler.py +++ b/app/classes/web/panel_handler.py @@ -1223,8 +1223,6 @@ class PanelHandler(BaseHandler): elif page == "download_support_package": temp_zip_storage = exec_user["support_logs"] - # We'll reset the support path for this user now. - self.controller.users.set_support_path(exec_user["user_id"], "") self.set_header("Content-Type", "application/octet-stream") self.set_header(