diff --git a/Errors.py b/Errors.py
deleted file mode 100644
index 56a4f266..00000000
--- a/Errors.py
+++ /dev/null
@@ -1,115 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-
-###################
-# This package implements a web server to run scripts or executables
-# from the command line and display the result in a web interface.
-# Copyright (C) 2021, 2022, 2023 Maurice Lambert
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-###################
-
-"""
-This tool runs CLI scripts and displays output in a Web Interface.
-
-This file contains WebScripts exception classes.
-"""
-
-__version__ = "0.0.2"
-__author__ = "Maurice Lambert"
-__author_email__ = "mauricelambert434@gmail.com"
-__maintainer__ = "Maurice Lambert"
-__maintainer_email__ = "mauricelambert434@gmail.com"
-__description__ = """
-This tool runs CLI scripts and displays output in a Web Interface.
-
-This file contains WebScripts exception classes.
-"""
-__license__ = "GPL-3.0 License"
-__url__ = "https://github.com/mauricelambert/WebScripts"
-
-copyright = """
-WebScripts Copyright (C) 2021, 2022, 2023 Maurice Lambert
-This program comes with ABSOLUTELY NO WARRANTY.
-This is free software, and you are welcome to redistribute it
-under certain conditions.
-"""
-license = __license__
-__copyright__ = copyright
-
-__all__ = [
- "WebScriptsError",
- "WebScriptsConfigurationError",
- "WebScriptsArgumentError",
- "ScriptConfigurationError",
- "MissingAttributesError",
- "WebScriptsConfigurationTypeError",
- "WebScriptsSecurityError",
-]
-
-
-class WebScriptsError(Exception):
- """
- To raise WebScripts errors
- """
-
- pass
-
-
-class WebScriptsConfigurationError(WebScriptsError):
- """
- To raise Configuration Error.
- """
-
- pass
-
-
-class WebScriptsConfigurationTypeError(WebScriptsConfigurationError):
- """
- To raise Configuration Error.
- """
-
- pass
-
-
-class WebScriptsArgumentError(WebScriptsError):
- """
- To raise Argument Error.
- """
-
- pass
-
-
-class ScriptConfigurationError(WebScriptsConfigurationError):
- """
- To raise Script Configuration Error.
- """
-
- pass
-
-
-class MissingAttributesError(WebScriptsError):
- """
- To raise Missing Attributes Error.
- """
-
- pass
-
-
-class WebScriptsSecurityError(WebScriptsError):
- """
- To raise Security Error in WebScripts services.
- """
-
- pass
diff --git a/Pages.py b/Pages.py
deleted file mode 100644
index bc5592fd..00000000
--- a/Pages.py
+++ /dev/null
@@ -1,1098 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-
-###################
-# This tool runs CLI scripts and displays output in a Web Interface.
-# Copyright (C) 2021, 2022, 2023 Maurice Lambert
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-###################
-
-"""
-This tool runs CLI scripts and displays output in a Web Interface.
-
-This file implement Pages (Api and Web system), script execution and right
-system.
-"""
-
-__version__ = "2.0.4"
-__author__ = "Maurice Lambert"
-__author_email__ = "mauricelambert434@gmail.com"
-__maintainer__ = "Maurice Lambert"
-__maintainer_email__ = "mauricelambert434@gmail.com"
-__description__ = """
-This tool runs CLI scripts and displays output in a Web Interface.
-
-This file implement Pages (Api and Web system), script execution and right
-system.
-"""
-license = "GPL-3.0 License"
-__url__ = "https://github.com/mauricelambert/WebScripts"
-
-copyright = """
-WebScripts Copyright (C) 2021, 2022, 2023 Maurice Lambert
-This program comes with ABSOLUTELY NO WARRANTY.
-This is free software, and you are welcome to redistribute it
-under certain conditions.
-"""
-__license__ = license
-__copyright__ = copyright
-
-__all__ = ["Pages"]
-
-from typing import Tuple, List, Dict, TypeVar, Iterable, Union
-from subprocess import Popen, PIPE, TimeoutExpired # nosec
-from os import _Environ, path, environ as base_environ
-from base64 import urlsafe_b64encode
-from contextlib import suppress
-from secrets import token_bytes
-from json import dumps, loads
-from string import printable
-from fnmatch import fnmatch
-from threading import Timer
-from html import escape
-from time import time
-
-Server = TypeVar("Server")
-
-try:
- from .commons import (
- Argument,
- User,
- ScriptConfig,
- CallableFile,
- TokenCSRF,
- Blacklist,
- Session,
- JsonValue,
- ServerConfiguration,
- DefaultNamespace,
- get_ini_dict,
- lib_directory,
- current_directory,
- log_trace,
- get_ip,
- Logs,
- get_file_content,
- get_arguments_count,
- # doRollover,
- # rotator,
- # namer,
- # Handler,
- get_real_path,
- get_encodings,
- WebScriptsSecurityError,
- WebScriptsArgumentError,
- WebScriptsConfigurationError,
- WebScriptsConfigurationTypeError,
- logger_debug,
- logger_info,
- logger_auth,
- logger_access,
- logger_response,
- logger_command,
- logger_warning,
- logger_error,
- logger_critical,
- check_file_permission,
- )
-except ImportError:
- from commons import (
- Argument,
- User,
- ScriptConfig,
- CallableFile,
- TokenCSRF,
- Blacklist,
- Session,
- JsonValue,
- ServerConfiguration,
- DefaultNamespace,
- get_ini_dict,
- lib_directory,
- current_directory,
- log_trace,
- get_ip,
- Logs,
- get_file_content,
- get_arguments_count,
- # doRollover,
- # rotator,
- # namer,
- # Handler,
- get_real_path,
- get_encodings,
- WebScriptsSecurityError,
- WebScriptsArgumentError,
- WebScriptsConfigurationError,
- WebScriptsConfigurationTypeError,
- logger_debug,
- logger_info,
- logger_auth,
- logger_access,
- logger_response,
- logger_command,
- logger_warning,
- logger_error,
- logger_critical,
- check_file_permission,
- )
-
-
-@log_trace
-def execute_scripts(
- script_name: str,
- user: User,
- environ: _Environ,
- arguments: List[str],
- inputs: List[str],
- is_auth: bool = False,
-) -> Tuple[bytes, bytes, str, int, str]:
- """
- This function execute script from script name and return output and
- errors.
- """
-
- script = Pages.scripts.get(script_name)
-
- if script is None:
- return None, b"404", None, -1, "Not Found"
-
- if not is_auth and not check_right(user, script):
- return None, b"403", None, -1, "Forbidden"
-
- arguments.insert(0, script.path)
-
- launcher = script.launcher
- if launcher is not None:
- arguments.insert(0, launcher)
-
- script_env = get_environ(environ, user, script)
-
- process = Popen(
- arguments,
- stdin=PIPE,
- stdout=PIPE,
- stderr=PIPE,
- shell=False,
- env=script_env,
- ) # nosec
-
- stdout, stderr, key, error, code = start_process(
- script, process, user, inputs
- )
-
- execution_logs(script, user, process, stderr)
- return stdout, stderr, key, code, error
-
-
-@log_trace
-def start_process(
- script: ScriptConfig, process: Popen, user: User, inputs: List[str]
-) -> Tuple[bytes, bytes, str, str, int]:
- """
- This function starts a process.
- """
-
- error = "No errors"
-
- if getattr(script, "print_real_time", None):
- key = urlsafe_b64encode(token_bytes(40)).decode()
- process_ = Pages.processes[key] = Process(process, script, user, key)
- process_.send_inputs(inputs)
- logger_debug(
- "Create key and process, sent inputs and get the first line."
- )
- return b"", b"", key, None, None
-
- try:
- stdout, stderr = process.communicate(
- input="\n".join(inputs).encode("latin-1"),
- timeout=script.timeout,
- )
- except TimeoutExpired:
- logger_error(f"TimeoutExpired on {script.name} for {user.name}")
- process.kill()
-
- stdout, stderr = process.communicate()
- error = "TimeoutError"
-
- return stdout, stderr, None, error, process.returncode
-
-
-@log_trace
-def anti_XSS(json_value: JsonValue) -> JsonValue:
- """
- This function clean a JSON object.
- """
-
- if isinstance(json_value, str):
- return escape(json_value)
- elif isinstance(json_value, int):
- return json_value
- elif isinstance(json_value, list):
- return [anti_XSS(value) for value in json_value]
- elif isinstance(json_value, dict):
- return {
- attribut: anti_XSS(value) for attribut, value in json_value.items()
- }
- elif json_value is None:
- return json_value
- else:
- raise NotImplementedError(
- f"type({type(json_value)}) is not implemented, supported types "
- "are: \n\t - str\n\t - int\n\t - list\n\t - dict\n\t - NoneType"
- )
-
-
-@log_trace
-def execution_logs(
- script: ScriptConfig, user: User, process: Popen, stderr: bytes
-) -> None:
- """
- This function logs the script execution.
- """
-
- if script.no_password:
- logger_command(f"Command: {process.args}")
-
- if process.returncode or stderr:
- logger_error(
- f"SCRIPT ERROR: script {script.name!r} user {user.name!r} code "
- f"{process.returncode} STDERR {decode_output(stderr)}"
- )
- else:
- logger_debug(
- f"SCRIPT {script.name!r} executed without error for "
- f"user named {user.name!r}."
- )
-
-
-@log_trace
-def get_environ(
- environ: _Environ, user: User, script: ScriptConfig
-) -> Dict[str, str]:
- """
- This function builds the environment variables for the new process.
- """
-
- for var_name, value in environ.items():
- if var_name not in base_environ:
- environ
-
- script_env = {
- key: (
- (
- str(value)
- if key in base_environ
- else "".join(x for x in str(value) if x in printable)
- )
- if key != "wsgi.version"
- else ".".join([str(version) for version in value])
- )
- for key, value in environ.items()
- if key
- not in (
- "wsgi.run_once",
- "wsgi.input",
- "wsgi.errors",
- "wsgi.file_wrapper",
- )
- }
-
- user_dict = user.get_dict()
- user_dict.pop("csrf", None)
- user_dict.pop("check_csrf", None)
- script_env["USER"] = dumps(user_dict)
- script_env["SCRIPT_CONFIG"] = dumps(script.get_JSON_API())
-
- return script_env
-
-
-@log_trace
-def check_right(user: User, configuration: ScriptConfig) -> bool:
- """
- This function check rights for script/user and return boolean.
- """
-
- if (
- user.groups
- and configuration.access_groups
- and any(group in user.groups for group in configuration.access_groups)
- ):
- return check_categories_scripts_access(user, configuration)
- elif configuration.access_users and user.id in configuration.access_users:
- return check_categories_scripts_access(user, configuration)
- elif isinstance(configuration.minimum_access, int) and any(
- group >= configuration.minimum_access for group in user.groups
- ):
- return check_categories_scripts_access(user, configuration)
- elif all(
- v is None
- for v in (
- configuration.minimum_access,
- configuration.access_users,
- configuration.access_groups,
- )
- ):
- return check_categories_scripts_access(user, configuration)
- else:
- logger_error(
- f"HTTP 403: Access denied for {user.name} on {configuration.name}"
- )
- return False
-
-
-@log_trace
-def check_categories_scripts_access(
- user: User, configuration: ScriptConfig
-) -> bool:
- """
- This function check access on script and categories.
- """
-
- if any(
- [fnmatch(configuration.category, access) for access in user.categories]
- ):
- logger_info(
- f"{user.name} get access to category {configuration.category}"
- f" ({user.categories})"
- )
- return True
- elif any([fnmatch(configuration.name, access) for access in user.scripts]):
- logger_info(
- f"{user.name} get access to script {configuration.name}"
- f" ({user.scripts})"
- )
- return True
- else:
- logger_error(
- f"HTTP 403: {user.name} doesn't match with category "
- f"({configuration.category}) and script ({configuration.name})"
- )
- return False
-
-
-@log_trace
-def decode_output(data: bytes) -> str:
- """
- This function decodes outputs (try somes encoding).
- """
-
- output = None
- encodings = get_encodings()
- encoding = next(encodings)
-
- while encoding is not None:
- with suppress(UnicodeDecodeError):
- output = data.decode(encoding)
- return output
-
- encoding = next(encodings)
-
-
-class Process:
- """
- This class implements a running processus.
- """
-
- def __init__(
- self, process: Popen, script: ScriptConfig, user: User, key: str
- ):
- logger_debug("Process creation...")
- self.process = process
- self.script = script
- self.user = user
- self.key = key
- self.start_time = time()
- self.timeout = script.timeout
-
- self.error = "No errors"
-
- if script.timeout is not None:
- logger_info("Timeout detected, make timer and start it.")
- self.timer = Timer(script.timeout, self.get_line, args=(False,))
- self.stop_max_time = self.start_time + self.timeout
- self.timer.start()
-
- def get_line(self, read: bool = True) -> Tuple[bytes, bytes, str]:
- """
- This function gets a new line from the script execution.
- """
-
- self.process.stdout.flush()
- if self.process.poll() is not None:
- if self.key in Pages.processes:
- del Pages.processes[self.key]
-
- self.timer.cancel()
-
- stdout = self.process.stdout
- stderr = self.process.stderr
-
- out = stdout.read()
- error = stderr.read()
-
- stdout.close()
- stderr.close()
-
- return (
- out,
- error,
- self.error,
- )
-
- elif self.timeout is None or time() <= self.stop_max_time:
- data = self.process.stdout.readline()
- logger_debug(
- f"Get new line on {self.script.name} for {self.user.name}"
- )
- return data, b"", ""
- else:
- logger_error(
- f"TimeoutExpired on {self.script.name} for {self.user.name}"
- )
- self.process.kill()
-
- if read:
- fdout = self.process.stdout
- fderr = self.process.stderr
- stdout = fdout.read()
- stderr = fderr.read()
- fdout.close()
- fderr.close()
- del Pages.processes[self.key]
- else:
- self.timer = Timer(300, self.get_line)
- # delete the process 5 minutes after the timeout
- self.timer.start()
- stdout = b""
- stderr = b""
-
- self.error = "TimeoutError"
- logger_debug("Get the stdout and the stderr of the killed process")
-
- return stdout, stderr, self.error
-
- def send_inputs(self, inputs: List[str]) -> None:
- """
- This function send inputs to the child process.
- """
-
- self.process.stdin.flush()
- for input_ in inputs:
- self.process.stdin.write(f"{input_}\n".encode("latin-1"))
- self.process.stdin.flush()
-
- self.process.stdin.close()
- logger_debug(
- "Inputs are sent to the child process and the stdin is closed."
- )
-
-
-class Script:
- """
- This class groups script functions.
- """
-
- @log_trace
- def get(
- self,
- environ: _Environ,
- user: User,
- server: Server,
- filename: str,
- command: List[str],
- inputs: List[str],
- csrf_token: str = None,
- ) -> Tuple[str, Dict[str, str], Union[str, bytes]]:
- """
- This method send a new line of script execution in API response.
- """
-
- process = Pages.processes.get(filename)
-
- if process is None:
- logger_error(
- f"HTTP 404 for {user.name} on " f"/api/script/get/{filename}"
- )
- return "404", {}, b""
-
- if process.user.id != user.id:
- logger_error(
- f"HTTP 403 for {user.name} on "
- f"/api/script/get/{process.script.name}"
- )
- return "403", {}, b""
-
- stdout, stderr, error = process.get_line()
- code = process.process.returncode
-
- response_object = {
- "stdout": decode_output(stdout) if stdout else "",
- "stderr": decode_output(stderr) if stderr else "",
- "code": code,
- "Content-Type": process.script.content_type,
- "Stderr-Content-Type": (process.script.stderr_content_type),
- "error": error,
- }
-
- if code is None:
- response_object["key"] = filename
-
- return (
- "200 OK",
- {"Content-Type": "application/json; charset=utf-8"},
- dumps(response_object),
- )
-
-
-class Api:
- """
- This class groups API functions.
- """
-
- script: Script = Script()
-
- @log_trace
- def __call__(
- self,
- environ: _Environ,
- user: User,
- server: Server,
- filename: str,
- command: List[str],
- inputs: List[str],
- csrf_token: str = None,
- ) -> Tuple[str, Dict[str, str], str]:
- """
- This function return a json string with script informations and
- arguments.
- """
-
- server_configuration = server.configuration
-
- has_auth = (
- server_configuration.auth_script
- and server_configuration.active_auth
- )
- unauthenticated_not_accepted = (
- not server_configuration.accept_unknow_user and user.id == 1
- ) or (
- not server_configuration.accept_unauthenticated_user
- and user.id == 0
- )
-
- if has_auth:
- auth_script = Pages.scripts[
- server_configuration.auth_script
- ].get_JSON_API()
- auth_script["name"] = "/auth/"
- auth_script["category"] = "Authentication"
-
- scripts = {"/auth/": auth_script}
- else:
- scripts = {}
-
- if unauthenticated_not_accepted:
- return (
- "200 OK",
- {"Content-Type": "application/json; charset=utf-8"},
- dumps(scripts),
- )
-
- for name, script in Pages.scripts.items():
- if name == server_configuration.auth_script:
- continue
-
- if check_right(user, script):
- scripts[name] = script.get_JSON_API()
-
- return (
- "200 OK",
- {"Content-Type": "application/json; charset=utf-8"},
- dumps(scripts),
- )
-
- @log_trace
- def scripts(
- self,
- environ: _Environ,
- user: User,
- server: Server,
- filename: str,
- command: List[str],
- inputs: List[str],
- csrf_token: str = None,
- ) -> Tuple[str, Dict[str, str], Union[str, bytes]]:
- """
- This function execute scripts with command line,
- get output, build the response error, headers and body
- and return it as json.
- """
-
- server_configuration = server.configuration
-
- if filename == server_configuration.auth_script:
- logger_error(
- f"HTTP 404 for {user.name} on /api/scripts/{filename}"
- " (auth script)"
- )
- return "404", {}, b""
-
- environ_getter = environ.get
- if user.check_csrf and not TokenCSRF.check_csrf(
- user,
- csrf_token,
- getattr(server_configuration, "csrf_max_time", 300),
- environ_getter("HTTP_REFERER"),
- server.get_baseurl(environ_getter, environ),
- ):
- logger_error(
- f"HTTP 403 for {user.name} on /api/scripts/{filename}"
- " (CSRF Token invalid)"
- )
- return "403", {}, b""
-
- stdout, stderr, key, code, error = execute_scripts(
- filename, user, environ, command, inputs
- )
-
- if stdout is None:
- error_HTTP = stderr.decode()
- logger_error(
- f"HTTP {error_HTTP} for {user.name} on "
- f"/api/scripts/{filename}"
- )
- return error_HTTP, {}, b""
-
- script = Pages.scripts[filename]
-
- response_object = {
- "stdout": decode_output(stdout) if stdout else "",
- "stderr": decode_output(stderr) if stderr else "",
- "code": code,
- "Content-Type": script.content_type,
- "Stderr-Content-Type": (script.stderr_content_type),
- "error": error,
- }
-
- if key:
- response_object["key"] = key
-
- if user.check_csrf:
- response_object["csrf"] = TokenCSRF.build_token(user)
-
- return (
- "200 OK",
- {"Content-Type": "application/json; charset=utf-8"},
- dumps(response_object),
- )
-
-
-class Web:
- """
- This class groups Web Pages functions.
- """
-
- @log_trace
- def __call__(
- self,
- environ: _Environ,
- user: User,
- server: Server,
- filename: str,
- command: List[str],
- inputs: List[str],
- csrf_token: str = None,
- ) -> Tuple[str, Dict[str, str], str]:
- """
- This function return the index page (error code, headers, content).
- """
-
- return (
- "200 OK",
- (
- {
- "Content-Security-Policy": (
- "default-src 'self'; navigate-to 'self'; worker-src 'none'"
- "; style-src-elem 'self'; style-src-attr 'none'; style-src"
- " 'self'; script-src-attr 'none'; object-src 'none'; "
- "media-src 'none'; manifest-src 'none'; frame-ancestors "
- "'none'; connect-src 'self'; font-src 'none'; img-src "
- "'self'; base-uri 'none'; child-src 'none'; form-action "
- "'none'; script-src 'self' 'require-trusted-types-for'"
- )
- }
- if server.security
- else {
- "Content-Security-Policy-Report-Only": (
- "default-src 'self'; navigate-to 'self'; worker-src "
- "'none'; style-src-elem 'self'; style-src-attr 'none';"
- " style-src 'self'; script-src-attr 'none'; object-src"
- " 'none'; media-src 'none'; manifest-src 'none'; "
- "frame-ancestors 'none'; connect-src 'self'; font-src"
- " 'none'; img-src 'self'; base-uri 'none'; child-src"
- " 'none'; form-action 'none'; script-src 'self' "
- "'require-trusted-types-for'; report-uri /csp/debug/"
- )
- }
- ),
- (
- CallableFile.template_index
- if server.security
- else CallableFile.template_index.replace(
- "Content-Security-Policy",
- "Content-Security-Policy-Report-Only",
- )
- )
- % {
- "footer": CallableFile.template_footer,
- "header": CallableFile.template_header,
- },
- )
-
- @log_trace
- def doc(
- self,
- environ: _Environ,
- user: User,
- server: Server,
- filename: str,
- command: List[str],
- inputs: List[str],
- csrf_token: str = None,
- ) -> Tuple[str, Dict[str, str], Union[str, bytes, Iterable[bytes]]]:
- """
- This function return Web Page with scripts documentation.
- """
-
- script = Pages.scripts.get(filename)
-
- if script is None:
- logger_error(f"HTTP 404 for {user.name} on /web/doc/{filename}")
- return "404", {}, b""
-
- if not check_right(user, script):
- logger_error(
- f"HTTP 403: Access denied for {user.name} on {filename} "
- "(/web/doc/ request)"
- )
- return "403", {}, b""
-
- command_template = script.command_generate_documentation
- if command_template is not None:
- command = command_template % script.get_dict()
- logger_command(f"Command for documentation: {command!r}")
- process = Popen( # nosec # nosemgrep
- command,
- env=get_environ(environ, user, script),
- shell=True, # nosec # nosemgrep
- ) # nosec # nosemgrep
- process.communicate()
-
- docfile = get_real_path(script.documentation_file)
- if docfile is not None and path.isfile(docfile):
- return (
- "200 OK",
- {
- "Content-Type": f"{script.documentation_content_type};"
- " charset=utf-8"
- },
- get_file_content(docfile, as_iterator=True),
- )
- else:
- doc = ScriptConfig.get_docfile_from_configuration(
- server.configuration, filename
- )
-
- if doc is not None:
- return (
- "200 OK",
- {
- "Content-Type": f"{script.documentation_content_type};"
- " charset=utf-8"
- },
- get_file_content(doc, as_iterator=True),
- )
-
- logger_error(f"HTTP 404 for {user.name} on /web/doc/{filename}")
- return "404", {}, b""
-
- @log_trace
- def scripts(
- self,
- environ: _Environ,
- user: User,
- server: Server,
- filename: str,
- command: List[str],
- inputs: List[str],
- csrf_token: str = None,
- ) -> Tuple[str, Dict[str, str], Union[bytes, str, Iterable[bytes]]]:
- """
- This function return Web (HTML) response
- (error code, headers and page) to call script
- and print script output
- """
-
- server_configuration = server.configuration
-
- if filename == server_configuration.auth_script:
- logger_error(
- f"HTTP 404 for {user.name} on /web/scripts/{filename}"
- " (auth script)"
- )
- return "404", {}, b""
-
- script = Pages.scripts.get(filename)
-
- if script is None:
- logger_error(
- f"HTTP 404 for {user.name} on /web/scripts/{filename}"
- )
- return "404", {}, b""
-
- if not check_right(user, script):
- logger_error(
- f"HTTP 403: Access denied for {user.name} on {filename}"
- " (/web/scripts/ request)"
- )
- return "403", {}, b""
-
- callable_file = CallableFile(
- "script", filename, filename, security=server.security
- )
-
- if callable_file is not None:
- return callable_file(user)
-
- logger_error(f"HTTP 404 for {user.name} on /web/scripts/{filename}")
- return "404", {}, b""
-
- @log_trace
- def auth(
- self,
- environ: _Environ,
- user: User,
- server: Server,
- filename: str,
- command: List[str],
- inputs: List[str],
- csrf_token: str = None,
- ) -> Tuple[str, Dict[str, str], Union[bytes, Iterable[bytes]]]:
- """
- This function returns authentication page (URL: /web/auth/).
- """
-
- server_configuration = server.configuration
-
- if server_configuration.active_auth:
- code, headers, content = CallableFile(
- "script", server_configuration.auth_script, "/auth/"
- )(user, environ["SUB_DIRECTORIES_NUMBER"])
- return code, headers, content
- else:
- logger_error(
- f"HTTP 404 for {user.name} on /web/auth/ (active_auth"
- " configuration is not True)"
- )
- return "404", {}, b""
-
-
-class Pages:
- """
- This class implement Web Pages for WebScripts server.
- """
-
- packages: DefaultNamespace
- scripts: Dict[str, ScriptConfig]
- js_paths: Dict[str, CallableFile]
- statics_paths: Dict[str, CallableFile]
- sessions: Dict[int, Session] = {}
- ip_blacklist: Dict[str, Blacklist] = {}
- user_blacklist: Dict[str, Blacklist] = {}
- processes: Dict[str, Process] = {}
- api = Api()
- web = Web()
-
- def __call__(
- self,
- environ: _Environ,
- user: User,
- server: Server,
- filename: str,
- command: List[str],
- inputs: List[str],
- csrf_token: str = None,
- ) -> Tuple[str, Dict[str, str], bytes]:
- """
- A redirect page (Error code 301, javascript redirect and redirect
- title) to /web/ or /api/.
- """
-
- subpath = "../" * environ["SUB_DIRECTORIES_NUMBER"]
-
- return (
- "301 Moved Permanently",
- {"Location": subpath + "web/"},
- (
- f""
- f'
Index page is {subpath}web/
Please click here'
- ).encode(),
- )
-
- @staticmethod
- @log_trace
- def webfile(
- files: Dict[str, CallableFile], user: User, filename: str, base: str
- ) -> Tuple[str, Dict[str, str], Union[bytes, Iterable[bytes]]]:
- """
- This function builds response for Web files.
- """
-
- callable_file = files.get(filename, None)
-
- if callable_file is not None:
- return callable_file(user)
-
- logger_error(f"HTTP 404 for {user.name!r} on /{base}/{filename}")
- return "404", {}, b""
-
- @log_trace
- def js(
- self,
- environ: _Environ,
- user: User,
- server: Server,
- filename: str,
- command: List[str],
- inputs: List[str],
- csrf_token: str = None,
- ) -> Tuple[str, Dict[str, str], Union[bytes, Iterable[bytes]]]:
- """
- This function get Javascripts Scripts and send it.
- """
-
- return self.webfile(Pages.js_paths, user, filename, "js")
-
- @log_trace
- def static(
- self,
- environ: _Environ,
- user: User,
- server: Server,
- filename: str,
- command: List[str],
- inputs: List[str],
- csrf_token: str = None,
- ) -> Tuple[str, Dict[str, str], Union[bytes, Iterable[bytes]]]:
- """
- This function get static file and send it.
- """
-
- return self.webfile(Pages.statics_paths, user, filename, "static")
-
- @log_trace
- def auth(
- self,
- environ: _Environ,
- user: User,
- server: Server,
- filename: str,
- command: List[str],
- inputs: List[str],
- csrf_token: str = None,
- ) -> Tuple[str, Dict[str, str], bytes]:
- """
- This function return check auth and return headers, error and page.
- """
-
- ip = environ["REMOTE_IP"]
- server_configuration = server.configuration
-
- if not server_configuration.active_auth:
- logger_error(
- f"HTTP 403: Access denied for {user.name} on /auth/ "
- "(active_auth configuration is not True)"
- )
- return "403", {}, b""
-
- logger_info("Run authentication script.")
- stdout, stderr, key, code, error = execute_scripts(
- server_configuration.auth_script,
- user,
- environ,
- command,
- inputs,
- is_auth=True,
- )
-
- if len(stderr) == 3:
- return stderr.decode(), {}, b""
-
- if code or stdout is None or stderr:
- return "500", {}, b""
-
- user = User.default_build(**anti_XSS(loads(stdout)))
-
- if user.id != 0:
- Pages.ip_blacklist[ip] = Blacklist(
- server_configuration, Pages.ip_blacklist.pop(ip, None)
- )
- if "--username" in command:
- user_index = command.index("--username") + 1
- username = command[user_index]
- Pages.user_blacklist[username] = Blacklist(
- server_configuration,
- Pages.user_blacklist.pop(username, None),
- )
- logger_auth(
- f"{user.name!r} ({user.id}) successfully authenticated"
- f" from {ip} on {environ['PATH_INFO']}"
- )
-
- cookie = Session.build_session(user, ip, Pages)
-
- return (
- "302 Found",
- {
- # "Location": "/web/",
- "Set-Cookie": f"SessionID={cookie}; Path=/; SameSite=Strict;"
- f""" Max-Age={getattr(
- server_configuration,
- 'session_max_time',
- 3600)}; Secure; HttpOnly""",
- },
- b"",
- )
-
- def reload(
- self,
- environ: _Environ,
- user: User,
- server: Server,
- filename: str,
- command: List[str],
- inputs: List[str],
- csrf_token: str = None,
- ) -> Tuple[str, Dict[str, str], str]:
- """
- This function is a simple URL to reload scripts
- (useful for developpers to add/modify a script).
- """
-
- pass
diff --git a/WebScripts.py b/WebScripts.py
deleted file mode 100644
index c4824226..00000000
--- a/WebScripts.py
+++ /dev/null
@@ -1,2178 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-
-###################
-# This tool runs CLI scripts and displays output in a Web Interface.
-# Copyright (C) 2021, 2022, 2023 Maurice Lambert
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-###################
-
-"""
-This tool runs CLI scripts and displays output in a Web Interface.
-
-This file is the "main" file of this package (implements the main function,
-the Server class and the Configuration class).
-"""
-
-__version__ = "1.0.7"
-__author__ = "Maurice Lambert"
-__author_email__ = "mauricelambert434@gmail.com"
-__maintainer__ = "Maurice Lambert"
-__maintainer_email__ = "mauricelambert434@gmail.com"
-__description__ = """
-This tool runs CLI scripts and displays output in a Web Interface.
-
-This file is the "main" file of this package (implements the main function,
-the Server class and the Configuration class).
-"""
-license = "GPL-3.0 License"
-__url__ = "https://github.com/mauricelambert/WebScripts"
-
-copyright = """
-WebScripts Copyright (C) 2021, 2022, 2023 Maurice Lambert
-This program comes with ABSOLUTELY NO WARRANTY.
-This is free software, and you are welcome to redistribute it
-under certain conditions.
-"""
-__license__ = license
-__copyright__ = copyright
-
-__all__ = ["Configuration", "Server", "main"]
-
-from os.path import basename, abspath, join, dirname, normpath, exists, isdir
-from types import SimpleNamespace, ModuleType, FunctionType, MethodType
-from typing import TypeVar, Tuple, List, Dict, Union, Set, Iterable
-from sys import exit, modules as sys_modules, argv
-from os import _Environ, mkdir, environ
-from collections.abc import Iterator, Callable
-from argparse import Namespace, ArgumentParser
-from traceback import print_exc, format_exc
-from json.decoder import JSONDecodeError
-from logging.config import fileConfig
-from collections import defaultdict
-from wsgiref import simple_server
-from urllib.parse import quote
-from threading import Thread
-from base64 import b64decode
-from platform import system
-from json import loads
-from glob import iglob
-import logging
-import sys
-
-if __package__:
- from .hardening import main as hardening
- from .Pages import (
- Pages,
- Argument,
- User,
- ScriptConfig,
- CallableFile,
- TokenCSRF,
- Blacklist,
- Session,
- JsonValue,
- DefaultNamespace,
- get_ini_dict,
- lib_directory as server_path,
- current_directory,
- log_trace,
- get_ip,
- Logs,
- get_environ,
- get_file_content,
- get_arguments_count,
- get_real_path,
- WebScriptsSecurityError,
- WebScriptsArgumentError,
- WebScriptsConfigurationError,
- WebScriptsConfigurationTypeError,
- logger_debug,
- logger_info,
- logger_access,
- logger_response,
- logger_command,
- logger_warning,
- logger_error,
- logger_critical,
- check_file_permission,
- )
-else:
- from hardening import main as hardening
- from Pages import (
- Pages,
- Argument,
- User,
- ScriptConfig,
- CallableFile,
- TokenCSRF,
- Blacklist,
- Session,
- JsonValue,
- DefaultNamespace,
- get_ini_dict,
- lib_directory as server_path,
- current_directory,
- log_trace,
- get_ip,
- Logs,
- get_environ,
- get_file_content,
- get_arguments_count,
- get_real_path,
- WebScriptsSecurityError,
- WebScriptsArgumentError,
- WebScriptsConfigurationError,
- WebScriptsConfigurationTypeError,
- logger_debug,
- logger_info,
- logger_access,
- logger_response,
- logger_command,
- logger_warning,
- logger_error,
- logger_critical,
- check_file_permission,
- )
-
-NameSpace = TypeVar("NameSpace", SimpleNamespace, Namespace)
-FunctionOrNone = TypeVar("FunctionOrNone", FunctionType, None)
-Content = TypeVar(
- "Content", List[Dict[str, JsonValue]], Dict[str, JsonValue], bytes
-)
-
-
-class Configuration(DefaultNamespace):
- """
- This class build the configuration from dict(s) with
- configuration files and arguments.
- """
-
- __defaults__ = {
- "interface": "127.0.0.1",
- "port": 8000,
- "urls": {},
- "modules": [],
- "js_path": [],
- "cgi_path": [],
- "log_level": 0,
- "statics_path": [],
- "scripts_path": [],
- "json_scripts_config": [],
- "ini_scripts_config": [],
- "modules_path": [],
- "exclude_auth_paths": ["/static/", "/js/"],
- "exclude_auth_pages": ["/api/", "/auth/", "/web/auth/"],
- "auth_script": None,
- "active_auth": False,
- "webproxy_number": None,
- "smtp_starttls": None,
- "smtp_ssl": None,
- "documentations_path": [],
- "accept_unknow_user": True,
- "force_file_permissions": True,
- "auth_failures_to_blacklist": None,
- "blacklist_time": None,
- "accept_unauthenticated_user": True,
- }
- __required__ = ("interface", "port")
- __optional__ = (
- "debug",
- "security",
- "active_auth",
- "auth_script",
- "accept_unknow_user",
- "accept_unauthenticated_user",
- "exclude_auth_paths",
- "exclude_auth_pages",
- "modules",
- "modules_path",
- "js_path",
- "statics_path",
- "documentations_path",
- "scripts_path",
- "json_scripts_config",
- "ini_scripts_config",
- "log_level",
- "log_filename",
- "log_level",
- "log_format",
- "log_date_format",
- "log_encoding",
- "auth_failures_to_blacklist",
- "blacklist_time",
- "webproxy_number",
- "base_url",
- "smtp_server",
- "smtp_starttls",
- "smtp_password",
- "smtp_port",
- "smtp_ssl",
- "admin_adresses",
- "notification_address",
- )
- __types__ = {
- "port": int,
- "debug": bool,
- "security": bool,
- "active_auth": bool,
- "accept_unknow_user": bool,
- "accept_unauthenticated_user": bool,
- "admin_groups": List[int],
- "modules": list,
- "modules_path": list,
- "js_path": list,
- "statics_path": list,
- "documentations_path": list,
- "exclude_auth_paths": list,
- "exclude_auth_pages": list,
- "scripts_path": list,
- "json_scripts_config": list,
- "ini_scripts_config": list,
- "auth_failures_to_blacklist": int,
- "blacklist_time": int,
- "smtp_starttls": bool,
- "smtp_port": int,
- "smtp_ssl": bool,
- "admin_adresses": list,
- "csrf_max_time": int,
- "session_max_time": int,
- }
-
- @log_trace
- def add_conf(self, **kwargs):
- """
- Add configurations from other configuration files found.
- """
-
- logger_info("Add configurations...")
-
- for key, value in kwargs.items():
- if value is not None:
- dict_ = self.__dict__
-
- logger_info(f"Add configuration {key}: {value}")
- default_value = dict_.get(key)
-
- if isinstance(default_value, list):
- if isinstance(value, str):
- logger_debug(
- "Add configuration list using INI/CFG syntax."
- )
- value = value.split(",")
-
- if isinstance(value, list):
- logger_debug(
- "Add configuration list using JSON syntax."
- )
- for value_ in value:
- if value_ not in dict_[key]:
- dict_[key].append(value_)
- else:
- logger_error(
- "Error in configuration: "
- "list should be a JSON list"
- " or INI/CFG comma separated string."
- f" (not: {value})"
- )
- raise WebScriptsConfigurationTypeError(
- f"Configuration list {key}: {value} can't be "
- f"add to {default_value}"
- )
-
- elif isinstance(default_value, dict):
- logger_debug(f"Add configuration dict... {key}={value}")
- dict_[key].update(value)
- else:
- logger_debug(f'Add "basic" configuration {key}={value}.')
- dict_[key] = value
-
-
-class Server:
- """
- This class implements the WebScripts server.
- """
-
- class CommonsClasses:
- Argument = Argument
- User = User
- ScriptConfig = ScriptConfig
- CallableFile = CallableFile
- TokenCSRF = TokenCSRF
- Blacklist = Blacklist
- Session = Session
- DefaultNamespace = DefaultNamespace
- Pages = Pages
-
- @log_trace
- def __init__(self, configuration: Configuration):
- self.configuration = configuration
- self.interface: str = configuration.interface
- self.port: int = configuration.port
-
- logger_debug("Create default value for WebScripts server...")
- self.unknow: Dict = {"id": 1, "name": "Unknow", "groups": [0, 1]}
- self.not_authenticated: Dict = {
- "id": 0,
- "name": "Not Authenticated",
- "groups": [0],
- }
- self.error: str = "200 OK"
- self.pages_cache = defaultdict(lambda: (None, None))
- self.pages = Pages()
- self.logs = Logs
- self.routing_url = configuration.urls
-
- self.send_mail = send_mail
-
- if configuration.webproxy_number is not None:
- configuration.webproxy_number += 1
-
- version = self.version = (
- sys_modules[__package__].__version__
- if __package__
- else __version__
- )
-
- logger_debug("Create default HTTP headers...")
- headers = self.headers = {
- "Server": f"WebScripts {version}",
- "Content-Type": "text/html; charset=utf-8",
- }
-
- logger_debug("Get security configuration...")
- self.debug = getattr(configuration, "debug", False)
- security = self.security = getattr(configuration, "security", True)
- self.loglevel = getattr(configuration, "log_level", "DEBUG")
-
- self.path = server_path
- self.research_filename = get_real_path
- self.research_file_content = get_file_content
- self.get_environ_strings = get_environ
- self.environ = environ
-
- self.set_default_headers(headers, security, configuration)
- self.add_module_or_package()
- self.add_paths()
-
- packages = Pages.packages
- packages = [getattr(packages, attr) for attr in dir(packages)]
- environ["WEBSCRIPTS_MODULES"] = ":".join(
- [
- package.__file__
- for package in packages
- if isinstance(package, ModuleType) and package.__file__
- ]
- )
-
- @staticmethod
- @log_trace
- def set_default_headers(
- headers: Dict[str, str], security: bool, configuration: Configuration
- ) -> None:
- """
- This function sets defaults headers.
- """
-
- logger_debug("Set defaults headers...")
-
- if security:
- headers["Strict-Transport-Security"] = (
- "max-age=63072000; includeSubDomains; preload"
- )
- headers["Content-Security-Policy"] = (
- "default-src 'self'; navigate-to 'self'; worker-src "
- "'none'; style-src-elem 'self'; style-src-attr 'none';"
- " style-src 'self'; script-src-attr 'none'; object-src"
- " 'none'; media-src 'none'; manifest-src 'none'; "
- "frame-ancestors 'none'; connect-src 'self'; font-src"
- " 'none'; img-src 'self'; base-uri 'none'; child-src"
- " 'none'; form-action 'none'; script-src 'self' "
- "'require-trusted-types-for'"
- )
- headers["X-Frame-Options"] = "deny"
- headers["X-XSS-Protection"] = "1; mode=block"
- headers["X-Content-Type-Options"] = "nosniff"
- headers["Referrer-Policy"] = "origin-when-cross-origin"
- headers["Cache-Control"] = (
- "no-cache, no-store, must-revalidate, private"
- )
- headers["Pragma"] = "no-cache"
- headers["Expires"] = "0"
- headers["Clear-Site-Data"] = '"cache", "executionContexts"'
- headers["Feature-Policy"] = (
- "payment 'none'; geolocation 'none'; "
- "microphone 'none'; camera 'none'"
- )
- headers["Permissions-Policy"] = (
- "microphone=(),camera=(),payment=(),geolocation=()"
- )
- headers["Cross-Origin-Embedder-Policy"] = "require-corp"
- headers["Cross-Origin-Opener-Policy"] = "same-origin"
- headers["Cross-Origin-Resource-Policy"] = "same-origin"
- headers["Sec-Fetch-Mode"] = "document"
- headers["Sec-Fetch-Site"] = "same-site"
- headers["Sec-Fetch-Mode"] = "navigate"
- headers["Sec-Fetch-User"] = "?1"
- headers["X-Server"] = "WebScripts"
- else:
- logger_warning(
- "Load insecure HTTP headers for development environment..."
- )
- if "csp" not in configuration.modules:
- configuration.modules.append("csp")
- if "Configurations" not in configuration.modules:
- configuration.modules.append("Configurations")
- if "modules" not in configuration.modules_path:
- configuration.modules_path.append("modules")
- if "/csp/debug/" not in configuration.exclude_auth_pages:
- configuration.exclude_auth_pages.append("/csp/debug/")
-
- headers["Content-Security-Policy-Report-Only"] = (
- "default-src 'self'; navigate-to 'self'; worker-src "
- "'none'; style-src-elem 'self'; style-src-attr 'none';"
- " style-src 'self'; script-src-attr 'none'; object-src"
- " 'none'; media-src 'none'; manifest-src 'none'; "
- "frame-ancestors 'none'; connect-src 'self'; font-src"
- " 'none'; img-src 'self'; base-uri 'none'; child-src"
- " 'none'; form-action 'none'; script-src 'self' "
- "'require-trusted-types-for'; report-uri /csp/debug/"
- )
-
- logger_info("Default HTTP headers are set.")
-
- @log_trace
- def check_blacklist(self, user: User, ip: str) -> bool:
- """
- This function checks that the IP and the
- username are not in the blacklist.
- """
-
- logger_debug("Check blacklist...")
-
- pages = self.pages
- configuration = self.configuration
-
- logger_debug("Check user blacklist...")
- if user is not None:
- name = user.name
- user = pages.user_blacklist.get(user.id, None)
- if user is not None and user.is_blacklist(configuration):
- logger_critical(
- f"User {name} is blacklisted "
- f"({user.counter} attempt using IP {ip})"
- )
- return False
-
- logger_debug("Check ip blacklist...")
- ip_ = pages.ip_blacklist.get(ip, None)
- if ip_ is not None and ip_.is_blacklist(configuration):
- logger_critical(f"IP {ip} is blacklisted ({ip_.counter} attempt).")
- return False
-
- logger_info("IP and user not blacklisted.")
- return True
-
- @log_trace
- def get_session(self, cookies: List[str], ip: str) -> User:
- """
- This function return User from cookies.
- """
-
- for cookie in cookies:
- logger_debug("Analyze a new cookie...")
-
- if cookie.startswith("SessionID="):
- logger_debug("Session cookie is detected...")
- user = Session.check_session(
- cookie,
- self.pages,
- ip,
- None,
- getattr(self.configuration, "session_max_time", 3600),
- )
-
- if user is None:
- logger_warning("Session cookie is not valid.")
- continue
-
- if ip != user.ip:
- logger_warning("Session IP is not valid.")
- user = User.default_build(
- ip=ip, check_csrf=True, **self.unknow
- )
- else:
- logger_info("Valid session detected.")
- user.check_csrf = True
-
- return user
-
- @staticmethod
- @log_trace
- def use_basic_auth(
- credentials: str, pages: Pages, *args
- ) -> Tuple[str, Dict[str, str], str]:
- """
- This function decodes basic auth and
- authenticates user with it.
- """
-
- logger_debug("Basic Auth detected, decode credentials...")
- credentials = b64decode(credentials.split(" ", maxsplit=1)[1]).decode()
-
- if ":" in credentials:
- username, password = credentials.split(":", maxsplit=1)
-
- logger_info("Use authentication script...")
- return pages.auth(
- *args,
- ["--username", username, "--password", password],
- [],
- )
-
- logger_error(
- "Basic auth detected with invalid "
- "credentials (':' not in credentials)."
- )
-
- @log_trace
- def check_auth(self, environ: _Environ) -> Tuple[User, bool]:
- """
- This function check if user is authenticated and blacklisted.
- """
-
- environ_get = environ.get
- logger_debug("Check auth...")
- credentials = environ_get("HTTP_AUTHORIZATION")
- api_key = environ_get("HTTP_API_KEY")
- cookies = environ_get("HTTP_COOKIE")
- token = environ_get("HTTP_API_TOKEN")
- ip = environ_get("REMOTE_IP")
-
- pages = self.pages
- configuration = self.configuration
- not_authenticated = self.not_authenticated
- check_session = Session.check_session
- default_build = User.default_build
-
- user = None
- headers = None
-
- if cookies is not None:
- logger_debug("Cookie detected, try to get session...")
- user = self.get_session(cookies.split("; "), ip)
-
- elif token is not None:
- logger_debug("API token detected, try to get session...")
- user = check_session(
- token.split(";")[0],
- pages,
- ip,
- None,
- getattr(configuration, "session_max_time", 3600),
- )
-
- if (
- user is None
- and credentials is not None
- and credentials.startswith("Basic ")
- ):
- auth = self.use_basic_auth(
- credentials,
- pages,
- environ,
- default_build(ip=ip, **not_authenticated),
- self,
- configuration.auth_script,
- )
- code, headers, content = (
- auth if auth is not None else (None, None, None)
- )
-
- elif api_key is not None:
- logger_info("API key detected. Use authentication script...")
- code, headers, content = pages.auth(
- environ,
- default_build(ip=ip, **not_authenticated),
- self,
- configuration.auth_script,
- ["--api-key", api_key],
- [],
- )
-
- if headers is not None:
- logger_debug("Get user using new cookie...")
- cookie = headers.get("Set-Cookie", "").split("; ")[0]
- user = check_session(
- cookie,
- pages,
- ip,
- None,
- getattr(configuration, "session_max_time", 3600),
- )
-
- logger_debug("Blacklist check...")
- not_blacklisted = self.check_blacklist(user, ip)
-
- if user is None:
- logger_info("No user [valid authentication] detected.")
- return (
- default_build(ip=ip, **not_authenticated),
- not_blacklisted,
- )
- else:
- logger_info("Authenticated user detected.")
- return user, not_blacklisted
-
- @log_trace
- def add_module_or_package(self) -> None:
- """
- This function add packages and modules to build custom page.
- """
-
- modules_path = []
- configuration = self.configuration
- append = modules_path.append
- logger_info("Load modules and packages...")
-
- for module_path in configuration.modules_path[::-1]:
- path2 = join(server_path, module_path)
-
- append(module_path)
- append(path2)
- logger_debug(
- f'Add "{module_path}" and "{path2}" in python path...'
- )
-
- sys.path = modules_path + sys.path
-
- packages = Pages.packages = DefaultNamespace()
- for package in configuration.modules:
- logger_warning(f"Add package/module named: {package}")
-
- package = __import__(package)
- path_ = package._webscripts_filepath = normpath(package.__file__)
-
- if check_file_permission(configuration, path_, recursive=True):
- setattr(packages, package.__name__, package)
-
- logger_info("Remove new paths...")
- for path_ in modules_path:
- logger_debug(f"Remove {path_}")
- sys.path.remove(path_)
-
- @log_trace
- def add_paths(self) -> None:
- """
- This function add js, static and scripts paths.
- """
-
- configuration = self.configuration
- statics_paths = Pages.statics_paths = {}
- js_paths = Pages.js_paths = {}
-
- logger_debug("Add scripts in Web pages...")
- scripts = Pages.scripts = (
- ScriptConfig.build_scripts_from_configuration(
- configuration,
- )
- )
- logger_info("Scripts are in Web pages.")
-
- for dirname_ in (server_path, current_directory):
- logger_debug(f"Trying to find JS and static path in {dirname_}...")
-
- for globs, type_, type_name, dict_ in (
- (configuration.js_path, "js", "javascript", js_paths),
- (
- configuration.statics_path,
- "static",
- "static",
- statics_paths,
- ),
- ):
- for glob in globs:
- glob = join(dirname_, normpath(glob))
- logger_debug(
- f"Trying to find file matching with {glob}..."
- )
- for file in iglob(glob):
- filename = basename(file)
- file_path = abspath(file)
-
- Logs.info(f"Find a {type_name} file: {file_path}")
-
- dict_[filename] = CallableFile(
- type_, file_path, filename
- )
-
- if (
- configuration.active_auth
- and configuration.auth_script not in scripts.keys()
- ):
- logger_error("Auth script not found in configurations.")
- raise WebScriptsConfigurationError(
- "Auth script not found in configurations."
- )
-
- @log_trace
- def get_function_page(
- self, path: str, filename: str
- ) -> Tuple[FunctionOrNone, str, bool]:
- """
- This function find function from URL path.
- If the function is a WebScripts built-in function,
- return the function, filename and True. Else return the
- function, filename and False.
- """
-
- path = tuple(path.split("/")[1:-1])
- cache = self.pages_cache
-
- logger_debug("Trying to get function page from cache...")
- function, is_not_package = cache[path]
-
- if function:
- return function, filename, is_not_package
-
- get_attributes = self.get_attributes
- pages = self.pages
-
- logger_debug(
- "Trying to found function page from default WebScripts function..."
- )
- function, is_not_package = get_attributes(pages, path)
-
- if function is None:
- logger_debug("Trying to found function page from packages...")
- function, is_not_package = get_attributes(
- pages.packages, path, False
- )
-
- cache[path] = (function, is_not_package)
- return function, filename, is_not_package
-
- @log_trace
- def get_URLs(self) -> List[str]:
- """
- This function return a list of urls (scripts, documentation...)
- and the start of the URL of custom packages.
- """
-
- urls = ["/api/", "/web/", *self.routing_url.keys()]
- append = urls.append
- pages = self.pages
-
- if getattr(self.configuration, "active_auth", None):
- append("/auth/")
- append("/web/auth/")
-
- for script_name in pages.scripts.keys():
- append(f"/web/scripts/{script_name}")
- append(f"/api/scripts/{script_name}")
- append(f"/web/doc/{script_name}")
-
- for js_name in pages.js_paths.keys():
- append(f"/js/{js_name}")
-
- for static_name in pages.statics_paths.keys():
- append(f"/static/{static_name}")
-
- for package in dir(pages.packages):
- if isinstance(getattr(pages.packages, package), ModuleType):
- append(f"/{package}/...")
-
- return urls
-
- @staticmethod
- @log_trace
- def get_attributes(
- object_: object,
- attributes: List[str],
- is_not_package: bool = True,
- ) -> Tuple[FunctionOrNone, bool]:
- """
- This function get recursive attribute from object.
- """
-
- def check_argument_count():
- if isinstance(object_, FunctionType) or type(object_) is type:
- if arg_count == 7:
- logger_info(f"Function page found {object_}.")
- return object_, is_not_package
- else:
- return ValueError
- elif isinstance(object_, MethodType):
- if arg_count == 8:
- logger_info(f"Method page found {object_}.")
- return object_, is_not_package
- else:
- return ValueError
-
- for attribute in attributes:
- logger_debug(f"Trying to get {attribute} from {object_}")
- object_ = getattr(object_, attribute, None)
-
- if object_ is None:
- return None, is_not_package
-
- logger_debug("Get arguments length and check it...")
- arg_count = get_arguments_count(object_)
-
- function = check_argument_count()
- if function is None:
- if isinstance(object_, Callable):
- object_ = object_.__call__
- function = check_argument_count()
-
- if function is not None and function is not ValueError:
- return function
-
- logger_warning(
- "The function cannot be called with 7 "
- "arguments or the method cannot be called "
- "with 8 arguments."
- )
- return None, is_not_package
-
- @staticmethod
- @log_trace
- def get_inputs(
- arguments: List[Dict[str, JsonValue]]
- ) -> Tuple[List[str], List[str]]:
- """
- This function returns inputs and arguments from arguments.
- """
-
- inputs = []
- append = inputs.append
- remove = arguments.remove
-
- logger_debug("Extract inputs from WebScripts arguments...")
- for i, argument in enumerate(arguments):
- if argument["input"]:
- # To protect secrets, do not log arguments !
- append(argument)
-
- logger_debug("Remove inputs from arguments...")
- for i, input_ in enumerate(inputs):
- # To protect secrets, do not log arguments !
- remove(input_)
- inputs[i] = str(input_["value"])
-
- logger_debug("Extract value from WebScripts arguments...")
- for i, argument in enumerate(arguments):
- arguments[i] = argument["value"]
-
- return inputs, arguments
-
- @staticmethod
- @log_trace
- def get_content_length(environ: _Environ) -> int:
- """
- This function returns the content length.
- """
-
- content_length = environ.get("CONTENT_LENGTH", "0")
-
- if content_length.isdigit():
- logger_debug(f"Content-Length is valid ({content_length}).")
- return int(content_length)
- else:
- logger_warning(f"Content-Length is not valid ({content_length}).")
- return 0
-
- @staticmethod
- @log_trace
- def try_get_command(
- body: Dict[str, JsonValue]
- ) -> Union[None, Tuple[Content, str, bool]]:
- """
- This function returns arguments, CSRF token and True if is WebScripts
- request. If is not a WebScripts request because there's no "arguments"
- section in request content, this function returns None. If an error
- is raised in arguments parser, this function returns the JSON
- content, None and False.
- """
-
- body_get = body.get
- arguments_ = body_get("arguments")
- get_command = Argument.get_command
-
- arguments = []
-
- if arguments_ is not None:
- logger_debug('"arguments" section detected in request content.')
- try:
- for name, argument in arguments_.items():
- arguments += get_command(name, argument)
- except (WebScriptsArgumentError, TypeError, AttributeError):
- logger_error("Arguments detected is not in WebScripts format.")
- return body, None, False
-
- return arguments, body_get("csrf_token"), True
-
- @staticmethod
- @log_trace
- def get_baseurl(environ_getter: Callable, environ: _Environ) -> str:
- """
- This function returns URL base.
- """
-
- scheme = environ["wsgi.url_scheme"]
- port = environ["SERVER_PORT"]
-
- host = environ_getter("HTTP_HOST") or (
- environ["SERVER_NAME"]
- if (scheme == "https" and port == "443")
- or (scheme == "http" and port == "80")
- else f"{environ['SERVER_NAME']}:{port}"
- )
- return f"{scheme}://{host}"
-
- @staticmethod
- @log_trace
- def get_fullurl(environ: _Environ) -> str:
- """
- This function returns the full URL (based on the PEP 3333).
-
- Link: https://peps.python.org/pep-3333/
- """
-
- scheme = environ["wsgi.url_scheme"]
- url = scheme + "://"
-
- host = environ.get("HTTP_HOST")
- query = environ.get("QUERY_STRING")
-
- if host:
- url += host
- else:
- url += environ["SERVER_NAME"]
-
- if scheme == "https":
- if environ["SERVER_PORT"] != "443":
- url += ":" + environ["SERVER_PORT"]
- else:
- if environ["SERVER_PORT"] != "80":
- url += ":" + environ["SERVER_PORT"]
-
- url += quote(environ.get("SCRIPT_NAME", ""))
- url += quote(environ.get("PATH_INFO", ""))
-
- if query:
- url += "?" + query
-
- return url
-
- @staticmethod
- @log_trace
- def check_origin(environ_getter: Callable, environ: _Environ) -> bool:
- """
- This function checks Origin of POST methods.
- """
-
- logger_debug("Check origin...")
- origin = environ_getter("HTTP_ORIGIN")
- url = Server.get_baseurl(environ_getter, environ)
-
- if origin is None:
- logger_info("No origin detected, rejected request.")
- return False
-
- if origin.lstrip("htps") != url.lstrip("htps"):
- logger_warning(f"Bad Origin detected: {origin!r} != {url!r}")
- return False
-
- logger_info("Correct Origin detected.")
- return True
-
- @staticmethod
- @log_trace
- def get_json_content(body: bytes, content_type: str) -> JsonValue:
- """
- This functions returns the loaded JSON content.
- """
-
- logger_debug("Get JSON content...")
- if content_type.startswith("application/json"):
- try:
- return loads(body)
- except (JSONDecodeError, UnicodeDecodeError):
- logger_warning("Non-JSON content detected.")
- logger_info(
- "This request is not available for"
- " the default functions of WebScripts."
- )
-
- return None
-
- @log_trace
- def parse_body(self, environ: _Environ) -> Tuple[Content, str, bool]:
- """
- This function returns arguments from body.
- """
-
- environ_get = environ.get
-
- if not self.check_origin(environ_get, environ):
- logger_warning("Bad Origin detected (CSRF protection).")
- return [], None, False
-
- logger_debug("Read wsgi.input ...")
- content_length = self.get_content_length(environ)
- body = environ["wsgi.input"].read(content_length)
- content_type = environ["CONTENT_TYPE"]
- logger_debug("wsgi.input is read.")
-
- if content_length:
- json_content = self.get_json_content(body, content_type)
-
- if not json_content:
- return body, None, False
- else:
- body = json_content
-
- return_values = self.try_get_command(body)
- if return_values is not None:
- return return_values
-
- logger_warning(
- 'Section "arguments" is not defined in the JSON content.'
- )
- logger_info(
- "This request is not available for"
- " the default functions of WebScripts"
- )
- return body, None, False
-
- return [], None, True
-
- @log_trace
- def app(self, environ_: _Environ, respond: MethodType) -> List[bytes]:
- """
- This function get function page,
- return content page, catch errors and
- return HTTP errors.
- """
-
- environ = self.environ.copy()
- environ.update(environ_)
-
- base_url = getattr(self.configuration, "base_url", "").rstrip("/")
-
- environ["URL_PATH"] = path_info = environ["PATH_INFO"]
- environ["PATH_INFO"] = path_info = (
- path_info[len(base_url) :]
- if path_info.startswith(base_url)
- else path_info
- )
- environ["SUB_DIRECTORIES_NUMBER"] = len(path_info.split("/")) - 2
- method = environ["REQUEST_METHOD"]
- configuration = self.configuration
- port = environ.setdefault("REMOTE_PORT", "0")
- ip = environ["REMOTE_IP"] = get_ip(
- environ, configuration.webproxy_number
- )
- logger_access(
- f"Request ({method}) from {ip!r}:{port} on {path_info!r}."
- )
-
- if ip is None:
- logger_critical("IP Spoofing: Error 403.")
- return self.page_403(environ, self.unknow, "", None, respond)
-
- path_info_startswith = path_info.startswith
- path, filename = path_info.rsplit("/", 1)
- path += "/"
- is_head_method = method == "HEAD"
-
- new_url = self.routing_url.get(path)
- if new_url is not None:
- logger_info(f"Routing URL: {path_info!r} to {new_url!r}.")
- path = new_url
-
- logger_debug("Trying to get function page...")
- get_response, filename, is_not_package = self.get_function_page(
- path, filename
- )
-
- logger_debug("Check authentication...")
- user, not_blacklisted = self.check_auth(environ)
-
- if not not_blacklisted:
- logger_critical(
- f"Blacklist: Error 403 on {path_info!r} for "
- f"{user.name!r} (ID: {user.id})."
- )
- return self.page_403(environ, user, filename, None, respond)
-
- logger_info("User is not blacklisted.")
- logger_debug("Trying to get and parse body...")
-
- if method == "POST":
- arguments, csrf_token, is_webscripts_request = self.parse_body(
- environ
- )
- elif method == "GET" or is_head_method:
- arguments, csrf_token, is_webscripts_request = [], None, True
- else:
- return self.page_400(environ, user, filename, method, respond)
-
- arguments, inputs = self.return_inputs(
- arguments, is_webscripts_request
- )
-
- if is_not_package and not is_webscripts_request:
- logger_error(f"HTTP 406: for {user.name!r} on {path_info!r}")
- error = "406"
- else:
- logger_info("Request is not rejected as HTTP error 406.")
- error: str = None
-
- if (
- (
- (not configuration.accept_unknow_user and user.id == 1)
- or (
- not configuration.accept_unauthenticated_user
- and user.id == 0
- )
- )
- and configuration.active_auth
- ) and (
- path_info not in configuration.exclude_auth_pages
- and not any(
- path_info_startswith(x)
- for x in configuration.exclude_auth_paths
- )
- ):
- logger_warning(
- f"Unauthenticated try to get access to {path_info!r}"
- )
- self.send_headers(
- environ,
- respond,
- "302 Found",
- {
- "Location": environ["SUB_DIRECTORIES_NUMBER"] * "../"
- + "web/auth/"
- },
- )
- return [
- b"Authentication required:\n\t",
- b" - For API you can use Basic Auth",
- b"\n\t - For API you can use Api-Key",
- b"\n\t - For Web Interface (with Web Browser) use /web/auth/",
- ]
-
- if get_response is None:
- logger_info("Page 404, cause: no function page.")
- return self.page_404(environ, user, filename, path_info, respond)
-
- if error == "406":
- logger_debug("Send response (code 406).")
- return self.page_406(environ, user, filename, None, respond)
-
- logger_debug("Trying to execute function page...")
- try:
- error, headers, page = get_response(
- environ,
- user,
- self,
- filename,
- arguments,
- inputs,
- csrf_token=csrf_token,
- )
- except Exception as error:
- print_exc()
- error_text = format_exc()
- error = f"{error}\n{error_text}"
- Logs.error(error)
- return self.page_500(environ, user, filename, error_text, respond)
-
- if error == "404" and not page:
- logger_debug("Send response 404, cause: function page return 404.")
- return self.page_404(environ, user, filename, path_info, respond)
- elif error == "403" and not page:
- logger_debug("Send response 403, cause: function page return 403.")
- return self.page_403(environ, user, filename, None, respond)
- elif error == "500" and not page:
- logger_debug("Send response 500, cause: function page return 500.")
- return self.page_500(environ, user, filename, page, respond)
- elif not page:
- logger_debug(f"Get custom response for code {error}")
- (
- custom_error,
- custom_headers,
- custom_content,
- ) = self.send_custom_error(environ, user, filename, "", error)
- if custom_content is not None:
- logger_info(f"Get a response for code {error}")
- error = custom_error
- headers = custom_headers
- page = custom_content
-
- error, headers = self.set_default_values_for_response(error, headers)
-
- logger_debug("Send headers...")
- self.send_headers(environ, respond, error, headers)
- if is_head_method:
- logger_debug("Is HEAD method, return an empty response body...")
- return []
-
- return self.return_page(page)
-
- @log_trace
- def set_default_values_for_response(
- self, error: str, headers: Dict[str, str]
- ) -> Tuple[str, Dict[str, str]]:
- """
- This function returns default error if not defined and
- default headers updated with custom headers.
- """
-
- if not error:
- logger_debug("Set error code as default error code (200).")
- error = self.error
-
- logger_debug("Add default and custom headers to the response...")
- default_headers = self.headers.copy()
- default_headers.update(headers)
-
- return error, default_headers
-
- @staticmethod
- @log_trace
- def return_page(page: Union[bytes, str, Iterable[bytes]]) -> List[bytes]:
- """
- This function returns response as a list of bytes.
- """
-
- if isinstance(page, bytes):
- logger_debug("Send bytes response...")
- return [page]
- elif isinstance(page, str):
- logger_debug("Send str response (encode using utf-8)...")
- return [page.encode()]
- elif isinstance(page, Iterable):
- logger_debug("Send iterable response...")
- return page
-
- @log_trace
- def return_inputs(
- self,
- arguments: List[Dict[str, JsonValue]],
- is_webscripts_request: bool,
- ) -> Tuple[List[str], List[str]]:
- """
- This function returns inputs (using Server.get_inputs).
- """
-
- if is_webscripts_request:
- logger_debug("Trying to get inputs...")
- inputs, arguments = self.get_inputs(arguments)
- else:
- logger_info(
- "Is not a WebScripts request, inputs are "
- "defined as empty list."
- )
- inputs = []
-
- return arguments, inputs
-
- @log_trace
- def send_headers(
- self,
- environ: _Environ,
- respond: MethodType,
- error: str = None,
- headers: Dict[str, str] = None,
- ) -> None:
- """
- This function send error code, message and headers.
- """
-
- if error is None:
- logger_debug("Defined error as default error.")
- error = self.error
- if headers is None:
- logger_debug("Defined headers as default headers.")
- _headers = self.headers
- else:
- logger_debug("Update headers with custom headers...")
- _headers = self.headers.copy()
- _headers.update(headers)
-
- logger_response(
- f"Response {environ['REMOTE_IP']!r}:{environ['REMOTE_PORT']} "
- f"{environ['REQUEST_METHOD']} {environ['PATH_INFO']} {error!r}"
- )
- respond(error, [(k, v) for k, v in _headers.items()])
-
- @log_trace
- def page_500(
- self,
- environ: _Environ,
- user: User,
- filename: str,
- error: Union[str, bytes, Iterable[bytes]],
- respond: MethodType,
- ) -> List[bytes]:
- """
- This function return error 500 web page.
- """
-
- error_code = "500 Internal Error"
- logger_debug("Send 500 Internal Error...")
- return self.send_error_page(
- environ,
- user,
- filename,
- error_code,
- b"".join(self.return_page(error)),
- respond,
- )
-
- @log_trace
- def page_404(
- self,
- environ: _Environ,
- user: User,
- filename: str,
- url: str,
- respond: MethodType,
- ):
- """
- This function return error 404 web page.
- """
-
- error_code = "404 Not Found"
-
- logger_debug("Get URLs for 404 debug page...")
- urls = "\n\t - ".join(self.get_URLs())
- error = (
- f"This URL: {url}, doesn't exist"
- f" on this server.\nURLs:\n\t - {urls}"
- )
- logger_error(f"HTTP 404 on {url}")
- return self.send_error_page(
- environ, user, filename, error_code, error.encode(), respond
- )
-
- @log_trace
- def page_400(
- self,
- environ: _Environ,
- user: User,
- filename: str,
- method: str,
- respond: MethodType,
- ):
- """
- This function return error 400 web page.
- """
-
- error_code = "400 Bad Request"
- error = (
- "Bad method, method should be GET, "
- f"POST or HEAD not {method}".encode()
- )
- logger_debug("Send 400 Bad Request...")
- return self.send_error_page(
- environ, user, filename, error_code, error, respond
- )
-
- @log_trace
- def page_401(
- self,
- environ: _Environ,
- user: User,
- filename: str,
- error_description: str,
- respond: MethodType,
- ):
- """
- This function return error 401 web page.
- """
-
- error_code = "401 Unauthorized"
- error = b"Unauthorized (You don't have permissions)"
- logger_debug("Send 401 Unauthorized...")
- return self.send_error_page(
- environ, user, filename, error_code, error, respond
- )
-
- @log_trace
- def page_403(
- self,
- environ: _Environ,
- user: User,
- filename: str,
- error_description: str,
- respond: MethodType,
- ):
- """
- This function return error 403 web page.
- """
-
- error_code = "403 Forbidden"
- error = b"Forbidden (You don't have permissions)"
- logger_debug("Send 403 Forbidden...")
- return self.send_error_page(
- environ, user, filename, error_code, error, respond
- )
-
- @log_trace
- def page_406(
- self,
- environ: _Environ,
- user: User,
- filename: str,
- error_description: str,
- respond: MethodType,
- ):
- """
- This function return error 406 web page.
- """
-
- error_code = "406 Not Acceptable"
- error = (
- b"Not Acceptable, your request is not a valid WebScripts request."
- )
- logger_debug("Send 406 Not Acceptable...")
- return self.send_error_page(
- environ, user, filename, error_code, error, respond
- )
-
- @log_trace
- def send_error_page(
- self,
- environ: _Environ,
- user: User,
- filename: str,
- error: str,
- data: bytes,
- respond: MethodType,
- ) -> List[bytes]:
- """
- This function send HTTP errors.
- """
-
- code = error[:3]
- headers = {"Content-Type": "text/plain; charset=utf-8"}
- error_ = ""
-
- logger_debug("Trying to get custom error response...")
- try:
- custom_error, custom_headers, custom_data = self.send_custom_error(
- environ, user, filename, error, code
- )
- except Exception as exception:
- print_exc()
- error_ = (
- f"{exception.__class__.__name__}: {exception}\n{format_exc()}"
- )
- logger_error(error_)
- custom_data = None
-
- if self.debug:
- logger_warning("Send debug error page...")
- self.send_headers(environ, respond, error, headers)
- return [
- b"---------------\n",
- f"** ERROR {code} **\n".encode(),
- b"---------------\n",
- b"\n\n",
- data,
- error_.encode(),
- ]
-
- if custom_data is not None:
- logger_debug("Send custom error page...")
- self.send_headers(environ, respond, custom_error, custom_headers)
- return custom_data
-
- logger_debug("Send default error page...")
- self.send_headers(environ, respond, error, headers)
- return [
- b"---------------\n",
- f"** ERROR {code} **\n".encode(),
- b"---------------\n",
- ]
-
- def send_custom_error(
- self,
- environ: _Environ,
- user: User,
- filename: str,
- error: str,
- code: str,
- ) -> Tuple[
- Union[str, None], Union[Dict[str, str], None], Union[str, None]
- ]:
- """
- This function call custom errors pages.
- """
-
- logger_debug("Search custom error in packages...")
-
- cache = self.pages_cache
- function_name = "page_" + code
- function, _ = cache[function_name]
-
- if function is not None:
- logger_debug("Get custom error page (function) from cache.")
- return function(environ, user, self, filename, error)
-
- packages = self.pages.packages
- for package in dir(packages):
- package = getattr(packages, package)
-
- if isinstance(package, ModuleType):
- logger_debug(f"Check in {package}...")
- page = getattr(package, function_name, None)
-
- if page is not None:
- logger_info(
- f"Found the custom error page: {package}.page_{code}"
- )
- cache[function_name] = page, False
- return page(
- environ,
- user,
- self,
- filename,
- error,
- )
-
- return None, {}, None
-
-
-@log_trace
-def parse_args(argv: List[str] = argv) -> Namespace:
- """
- This function parse command line arguments.
- """
-
- parser = ArgumentParser(
- description="This package implements a web server to run scripts or "
- "executables from the command line and display the result "
- "in a web interface.",
- )
- parser.add_argument(
- "-i", "--interface", help="Interface to launch WebScripts server."
- )
- parser.add_argument(
- "-p", "--port", help="Port to launch WebScripts server.", type=int
- )
-
- parser.add_argument(
- "-c",
- "--config-cfg",
- help="Config filename (syntax config,ini).",
- action="extend",
- nargs="+",
- default=[],
- )
- parser.add_argument(
- "-j",
- "--config-json",
- help="Config filename (syntax json).",
- action="extend",
- nargs="+",
- default=[],
- )
-
- dev = parser.add_argument_group(
- "DEV",
- "Arguments for development and debugging [do NOT use these arguments "
- "in production !]",
- )
- dev.add_argument(
- "-d",
- "--debug",
- help="Debug (to get errors details).",
- action="store_true",
- default=None,
- )
- dev.add_argument(
- "-s",
- "--security",
- help="Remove HTTP security headers [Disable security],"
- " active the Content-Security-Policy-Report-Only header"
- ' and the CSP debug module (URL: "/csp/debug/")',
- action="store_false",
- default=None,
- )
-
- auth = parser.add_argument_group("AUTH", "authentication configurations")
- auth.add_argument(
- "-a",
- "--active-auth",
- help="Disable authentication page [Disable auth (force to accept "
- "unknow and unauthenticated user)].",
- action="store_false",
- default=None,
- )
- auth.add_argument("--auth-script", help="Script for authentication.")
- auth.add_argument(
- "--accept-unauthenticated-user",
- help="Accept unauthenticated user.",
- action="store_true",
- default=None,
- )
- auth.add_argument(
- "--accept-unknow-user",
- help="Accept unknow user.",
- action="store_true",
- default=None,
- )
- auth.add_argument(
- "-b",
- "--auth-failures-to-blacklist",
- type=int,
- help="Number of authentication failures to blacklist an IP or user.",
- )
- auth.add_argument(
- "-B",
- "--blacklist-time",
- type=int,
- help="Time (in seconds) to blacklist an IP or user.",
- )
- auth.add_argument(
- "--e-auth-paths",
- "--exclude-auth-paths",
- action="extend",
- nargs="+",
- default=[],
- help="Start of paths where the unauthenticated user gets access.",
- )
- auth.add_argument(
- "--e-auth-pages",
- "--exclude-auth-pages",
- action="extend",
- nargs="+",
- default=[],
- help="Specific page where the unauthenticated user has access.",
- )
-
- parser.add_argument(
- "-S",
- "--scripts-path",
- help="Add directory to search scripts",
- action="extend",
- nargs="+",
- default=[],
- )
- parser.add_argument(
- "-C",
- "--scripts-config",
- help="Add file for scripts configuration (glob syntax)",
- action="extend",
- nargs="+",
- default=[],
- )
- parser.add_argument(
- "-m",
- "--modules",
- help="Add modules to add urls.",
- nargs="+",
- action="extend",
- default=[],
- )
- parser.add_argument(
- "-I",
- "--modules-path",
- help="Add directory to search modules/packages",
- action="extend",
- nargs="+",
- default=[],
- )
- parser.add_argument(
- "-D",
- "--documentations-path",
- help="Add directory to search documentations",
- action="extend",
- nargs="+",
- default=[],
- )
- parser.add_argument(
- "-J",
- "--js-path",
- help="Add directory to get Javascript files.",
- action="extend",
- nargs="+",
- default=[],
- )
- parser.add_argument(
- "-T",
- "--statics-path",
- help="Add directory to get static files",
- action="extend",
- nargs="+",
- default=[],
- )
-
- logs = parser.add_argument_group("LOGS", "logs configurations")
- logs.add_argument(
- "-l",
- "--log-level",
- help="Log level for ROOT logger.",
- choices=["0", "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"],
- )
- logs.add_argument(
- "-f", "--log-filename", help="Log filename for ROOT logger."
- )
- logs.add_argument("--log-format", help="Format for ROOT logger.")
- logs.add_argument("--log-date-format", help="Date format for ROOT logger.")
- logs.add_argument("--log-encoding", help="Encoding for ROOT logger.")
-
- smtp = parser.add_argument_group(
- "SMTP", "SMTP configurations to send email notifications"
- )
- smtp.add_argument(
- "--smtp-server",
- "--s-server",
- help="The SMTP server to use to send email notification.",
- )
- smtp.add_argument(
- "--smtp-starttls",
- "--s-tls",
- help="Use STARTTLS to secure the connection.",
- action="store_true",
- default=None,
- )
- smtp.add_argument(
- "--smtp-password",
- "--s-password",
- help="The SMTP password to login the notification account.",
- )
- smtp.add_argument(
- "--smtp-port",
- "--s-port",
- help="The SMTP port to use to send email notification.",
- type=int,
- )
- smtp.add_argument(
- "--smtp-ssl",
- "--s-ssl",
- help="Use SSL to secure the connection",
- action="store_true",
- default=None,
- )
- smtp.add_argument(
- "--admin-adresses",
- "--a-adr",
- help="The admintrators email addresses to receive the email "
- "notifications.",
- nargs="+",
- action="extend",
- )
- smtp.add_argument(
- "--notification-address",
- "--n-adr",
- help="The email address to send notifications.",
- )
- return parser.parse_args(argv[1:])
-
-
-@log_trace
-def get_server_config(
- arguments: Namespace, secure: bool = False
-) -> Iterator[dict]:
- """
- This generator return configurations dict.
- """
-
- logger_debug("Get paths for server configuration...")
- paths = [
- join(current_directory, "config", "server.ini"),
- join(current_directory, "config", "server.json"),
- ]
- insert = paths.insert
-
- temp_config = Configuration()
- temp_config.force_file_permissions = secure
-
- if system() == "Windows":
- logger_debug("Add default server configuration for Windows...")
- insert(0, join(server_path, "config", "nt", "server.json"))
- insert(0, join(server_path, "config", "nt", "server.ini"))
- else:
- logger_debug("Add default server configuration for Unix...")
- insert(0, join(server_path, "config", "server.json"))
- insert(0, join(server_path, "config", "server.ini"))
-
- for filename in paths:
- logger_debug(f"Check {filename}...")
-
- if exists(filename) and check_file_permission(temp_config, filename):
- logger_warning(f"Configuration file detected: {filename}")
- if filename.endswith(".json"):
- yield loads(get_file_content(filename))
- elif filename.endswith(".ini"):
- yield get_ini_dict(filename)
- else:
- logger_info(f"Configuration named {filename} doesn't exists.")
-
- for filename in arguments.config_cfg:
- logger_debug("Check configuration file (cfg) added in arguments...")
-
- if exists(filename) and check_file_permission(temp_config, filename):
- logger_warning(
- f"Configuration file detected (type cfg): {filename}"
- )
- yield get_ini_dict(filename)
- else:
- logger_error(
- f"Configuration file {filename} doesn't exists "
- "(defined in arguments)."
- )
-
- for filename in arguments.config_json:
- logger_debug("Check configuration file (json) added in arguments...")
-
- if exists(filename) and check_file_permission(temp_config, filename):
- logger_warning(
- f"Configuration file detected (type json): {filename}"
- )
- yield loads(get_file_content(filename))
- else:
- logger_error(
- f"Configuration file {filename} doesn't exists "
- "(defined in arguments)."
- )
-
- args = arguments.__dict__
- del args["config_cfg"]
- del args["config_json"]
-
- yield {k: v for k, v in args.items() if v is not None}
-
-
-@log_trace
-def logs_configuration(configuration: NameSpace) -> None:
- """
- This function configure ROOT logger from
- configuration files and command line arguments.
- """
-
- log_config = {}
- log_level = getattr(configuration, "log_level", 0)
-
- if isinstance(log_level, str) and log_level.isdigit():
- configuration.log_level = int(log_level)
- elif isinstance(log_level, str):
- configuration.log_level = getattr(logging, log_level, 0)
- elif not isinstance(log_level, int):
- raise WebScriptsConfigurationError(
- "log_level configuration must be an integer or a "
- 'string in ["DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"]'
- )
-
- for attr, item in {
- "log_format": "format",
- "log_date_format": "datefmt",
- "log_encoding": "encoding",
- "log_level": "level",
- "log_filename": "filename",
- }.items():
- value = getattr(configuration, attr, None)
- if value is not None:
- log_config[item] = value
-
- if log_config:
- log_config["force"] = True
- Logs.config(**log_config)
-
-
-@log_trace
-def add_configuration(
- configuration: Configuration, config: Dict[str, JsonValue]
-) -> Configuration:
- """
- This function add configuration in ServerConfiguration.
- """
-
- current_configuration = Configuration()
- add_conf = current_configuration.add_conf
- have_server_conf = "server" in config.keys()
-
- if have_server_conf:
- logger_debug('"server" section detected in configuration.')
- server = config.pop("server")
-
- logger_debug("Adding other configuration in Configuration object...")
- add_conf(**config)
-
- if have_server_conf:
- logger_debug("Add server section in Configuration object...")
- add_conf(**server)
-
- logger_debug("Build type of configurations...")
-
- logs_configuration(current_configuration)
- current_configuration.build_types()
-
- config_dict = current_configuration.get_dict()
- logger_debug(
- "Add configurations in ServerConfiguration: " f"{config_dict}"
- )
- configuration.add_conf(**config_dict)
- return configuration
-
-
-def configure_logs_system(secure: bool = False) -> Tuple[Set[str], Set[str]]:
- """
- This function try to create the logs directory
- if not found and configure logs.
- """
-
- if not isdir("logs"):
- logger_info("./logs directory not found.")
- try:
- mkdir("logs")
- except PermissionError:
- logger_error(
- "Get a PermissionError to create "
- "the non-existent ./logs directory."
- )
- else:
- logger_info("./logs directory is created.")
-
- log_file = get_real_path(join("config", "loggers.ini"))
-
- temp_config = Configuration()
- temp_config.force_file_permissions = secure
-
- if not check_file_permission(temp_config, log_file):
- raise WebScriptsSecurityError(
- "Logs configuration file/directory permissions are"
- " insecure. Remote code execution can be exploited."
- )
-
- fileConfig(
- log_file,
- disable_existing_loggers=False,
- )
-
- Logs.log_response.handlers[0].baseFilename
-
- logs_path = set()
- log_files = set()
-
- logs_path_add = logs_path.add
- log_files_add = log_files.add
-
- for logger_ in (
- "log_trace",
- "log_response",
- "log_access",
- "log_command",
- "log_debug",
- "log_info",
- "log_warning",
- "log_error",
- "log_critical",
- "file",
- ):
- logger = getattr(Logs, logger_)
- handlers = logger.handlers
-
- for handler in handlers:
- filepath = getattr(handler, "baseFilename", None)
- if filepath is not None:
- logs_path_add(dirname(filepath))
- log_files_add(
- (logger_.split("_", 1)[1] if "_" in logger_ else "all")
- + "?"
- + filepath
- )
-
- environ["WEBSCRIPTS_LOGS_PATH"] = "|".join(logs_path)
- environ["WEBSCRIPTS_LOGS_FILES"] = "|".join(log_files)
- return logs_path, log_files
-
-
-def send_mail(*args, **kwargs) -> int:
- """
- This function send a mail to adminitrators
- using the error_pages modules.
-
- Return 0 if message is sent else 1.
- """
-
- logger_debug("Get module error_pages...")
- error_pages = getattr(Pages.packages, "error_pages", None)
- if error_pages:
- logger_debug("Start a Thread to send email...")
- Thread(
- target=error_pages.Request.send_mail,
- args=args,
- kwargs=kwargs,
- ).start()
- return 0
-
- logger_error("Module error_pages is not detected, can not send email.")
- return 1
-
-
-def default_configuration(
- argv: List[str] = argv, secure: bool = False
-) -> Configuration:
- """
- This function builds the default configuration.
- """
-
- log_paths, log_files = configure_logs_system(secure)
- environ["WEBSCRIPTS_PATH"] = server_path
- args = parse_args(argv)
-
- logger_debug("Load configurations...")
-
- configuration = Configuration()
- configuration.logs_path = list(log_paths)
- configuration.log_files = list(log_files)
- for config in get_server_config(args, secure):
- configuration = add_configuration(configuration, config)
-
- configuration = add_configuration(configuration, args.__dict__)
-
- logger_debug("Check and type configurations...")
- configuration.set_defaults()
- configuration.check_required()
- configuration.get_unexpecteds()
- configuration.build_types()
-
- urls_section = configuration.get("urls_section")
-
- if urls_section is not None:
- urls = getattr(configuration, urls_section, None)
-
- if urls is None:
- raise WebScriptsConfigurationError(
- f"The 'urls_section' ({urls_section!r}) " "does not exists."
- )
-
- if not isinstance(urls, dict) or not all(
- isinstance(k, str) and isinstance(v, str) for k, v in urls.items()
- ):
- raise WebScriptsConfigurationError(
- f"Key {urls_section!r} (the url section) should be a section"
- ' of strings (dict or JSON object {"string": "string"}).'
- )
-
- configuration.urls = urls
- else:
- configuration.urls = {}
-
- configuration.__types__["log_level"] = int
- configuration.data_dir = datapath = get_real_path(
- getattr(configuration, "data_dir", "data"), is_dir=True
- )
-
- environ["WEBSCRIPTS_DATA_PATH"] = datapath
- environ["WEBSCRIPTS_DOCUMENTATION_PATH"] = ":".join(
- configuration.documentations_path
- )
-
- logger_info("Configurations are loaded.")
-
- return configuration
-
-
-def prepare_server(secure: bool = True) -> Server:
- """
- This function prepares server to be launched securly.
- """
-
- configuration = default_configuration(argv, secure)
- debug = getattr(configuration, "debug", None)
-
- if debug:
- logger_debug("Debug mode detected: export configuration...")
- configuration.export_as_json()
-
- logger_debug("Build server with configurations...")
- server = Server(configuration)
-
- return server, debug
-
-
-def main() -> int:
- """
- Main function to build the
- configurations and launch the server.
- """
-
- if "--test-running" in argv:
- NO_START = True
- argv.remove("--test-running")
- else:
- NO_START = False
-
- secure: bool = "--security" not in argv and "-s" not in argv
-
- server, debug = prepare_server(secure)
- httpd = simple_server.make_server(
- server.interface, server.port, server.app
- )
- logger_info("Server is built.")
-
- logger_debug("Trying to send email notification...")
- send_mail(
- server.configuration,
- f"Server is up on http://{server.interface}:{server.port}/.",
- )
-
- logger_info("Check hardening of the WebScripts server...")
- if secure:
- hardening(server)
-
- if debug:
- # second export to get all configurations
- logger_debug("Debug mode detected: export configuration...")
- server.configuration.export_as_json()
-
- logger_warning(
- f"Starting server on http://{server.interface}:{server.port}/ ..."
- )
- print(copyright)
-
- if NO_START:
- logger_warning(
- "Detected as test only. Do not start"
- " the server. Exit with code 0."
- )
- return 0
-
- try:
- httpd.serve_forever()
- except KeyboardInterrupt:
- logger_critical("Server is down.")
- httpd.server_close()
-
- logger_debug("Trying to send email notification...")
- send_mail(
- server.configuration,
- f"Server is down on http://{server.interface}:{server.port}/.",
- )
- logger_debug("Exit with code 0.")
- return 0
-
-
-if __name__ == "__main__":
- exit(main())
diff --git a/WebScripts/__init__.py b/WebScripts/__init__.py
index 0962225e..5a5677cf 100644
--- a/WebScripts/__init__.py
+++ b/WebScripts/__init__.py
@@ -23,7 +23,7 @@
This tool runs CLI scripts and displays output in a Web Interface.
"""
-__version__ = "3.0.38"
+__version__ = "3.0.39"
__author__ = "Maurice Lambert"
__author_email__ = "mauricelambert434@gmail.com"
__maintainer__ = "Maurice Lambert"
diff --git a/WebScripts/__main__.py b/WebScripts/__main__.py
index de4c53e5..3aac887a 100644
--- a/WebScripts/__main__.py
+++ b/WebScripts/__main__.py
@@ -23,7 +23,7 @@
This tool runs CLI scripts and displays output in a Web Interface.
"""
-__version__ = "3.0.38"
+__version__ = "3.0.39"
__author__ = "Maurice Lambert"
__author_email__ = "mauricelambert434@gmail.com"
__maintainer__ = "Maurice Lambert"
diff --git a/WebScripts/harden.py b/WebScripts/harden.py
index 552617f7..89948ba9 100644
--- a/WebScripts/harden.py
+++ b/WebScripts/harden.py
@@ -25,7 +25,7 @@
This file hardens the WebScripts installation and configuration.
"""
-__version__ = "0.0.9"
+__version__ = "0.0.10"
__author__ = "Maurice Lambert"
__author_email__ = "mauricelambert434@gmail.com"
__maintainer__ = "Maurice Lambert"
@@ -323,7 +323,7 @@ def harden_script(self, section: dict, filename: str) -> None:
"""
logger_info("Hardens script " + repr(filename))
- logger_debug("Add the launcher")
+ logger_debug(f"Add launcher {executable!r} for {filename!r}")
section["launcher"] = executable
specific_config_file = section.get("configuration_file")
@@ -331,18 +331,28 @@ def harden_script(self, section: dict, filename: str) -> None:
specific_config_file = basename(specific_config_file)
script_name, _ = splitext(basename(filename))
- logger_info(f"Configure script named: {script_name}")
+ logger_info("Configure script named: " + repr(script_name))
for config_file in self.json_config_files:
if config_file.endswith(specific_config_file):
section["configuration_file"] = config_file
self.get_configurations(config_file, filename)
break
+ else:
+ logger_error(
+ "Configuration file not found for " + repr(filename)
+ )
for py_filename in self.py_scripts_files:
- if py_filename.endswith(filename):
- logger_debug("Add the script absolute path.")
+ py_basename = basename(py_filename)
+ if py_basename == filename:
+ logger_debug(
+ "Add the script absolute path"
+ f" {py_filename!r} for {filename!r}."
+ )
section["path"] = py_filename
break
+ else:
+ logger_error("Script file not found for " + repr(filename))
def linux_hardening_file_permissions(self) -> None:
"""
diff --git a/WebScripts/static/html/index.html b/WebScripts/static/html/index.html
index 233b61de..2110e910 100644
--- a/WebScripts/static/html/index.html
+++ b/WebScripts/static/html/index.html
@@ -6,7 +6,7 @@
This tool runs CLI scripts and displays output in a Web Interface.
diff --git a/__init__.py b/__init__.py
deleted file mode 100644
index 5a5677cf..00000000
--- a/__init__.py
+++ /dev/null
@@ -1,53 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-
-###################
-# This tool runs CLI scripts and displays output in a Web Interface.
-# Copyright (C) 2021, 2022, 2023, 2024 Maurice Lambert
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-###################
-
-"""
-This tool runs CLI scripts and displays output in a Web Interface.
-"""
-
-__version__ = "3.0.39"
-__author__ = "Maurice Lambert"
-__author_email__ = "mauricelambert434@gmail.com"
-__maintainer__ = "Maurice Lambert"
-__maintainer_email__ = "mauricelambert434@gmail.com"
-__description__ = (
- "This tool runs CLI scripts and displays output in a Web Interface."
-)
-__license__ = "GPL-3.0 License"
-__url__ = "https://github.com/mauricelambert/WebScripts"
-
-copyright = """
-WebScripts Copyright (C) 2021, 2022, 2023, 2024 Maurice Lambert
-This program comes with ABSOLUTELY NO WARRANTY.
-This is free software, and you are welcome to redistribute it
-under certain conditions.
-"""
-license = __license__
-__copyright__ = copyright
-
-print(copyright)
-
-__all__ = ["Configuration", "Server", "main"]
-
-if __package__:
- from .WebScripts import Configuration, Server, main
-else:
- from WebScripts import Configuration, Server, main
diff --git a/__main__.py b/__main__.py
deleted file mode 100644
index 3aac887a..00000000
--- a/__main__.py
+++ /dev/null
@@ -1,53 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-
-###################
-# This tool runs CLI scripts and displays output in a Web Interface.
-# Copyright (C) 2021, 2022, 2023, 2024 Maurice Lambert
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-###################
-
-"""
-This tool runs CLI scripts and displays output in a Web Interface.
-"""
-
-__version__ = "3.0.39"
-__author__ = "Maurice Lambert"
-__author_email__ = "mauricelambert434@gmail.com"
-__maintainer__ = "Maurice Lambert"
-__maintainer_email__ = "mauricelambert434@gmail.com"
-__description__ = (
- "This tool runs CLI scripts and displays output in a Web Interface."
-)
-__license__ = "GPL-3.0 License"
-__url__ = "https://github.com/mauricelambert/WebScripts"
-
-copyright = """
-WebScripts Copyright (C) 2021, 2022, 2023, 2024 Maurice Lambert
-This program comes with ABSOLUTELY NO WARRANTY.
-This is free software, and you are welcome to redistribute it
-under certain conditions.
-"""
-license = __license__
-__copyright__ = copyright
-
-__all__ = ["main"]
-
-if __package__:
- from .__init__ import main
-else:
- from __init__ import main
-
-main()
diff --git a/cgi-bin/hello.py b/cgi-bin/hello.py
deleted file mode 100644
index 7b6c2308..00000000
--- a/cgi-bin/hello.py
+++ /dev/null
@@ -1,116 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-
-###################
-# This tool run scripts and display the result in a Web Interface.
-# Copyright (C) 2021, 2022 Maurice Lambert
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-###################
-
-"""
-This tool run scripts and display the result in a Web Interface.
-
-This file implements a CGI script for example (parse arguments and body).
-"""
-
-__version__ = "1.0.0"
-__author__ = "Maurice Lambert"
-__author_email__ = "mauricelambert434@gmail.com"
-__maintainer__ = "Maurice Lambert"
-__maintainer_email__ = "mauricelambert434@gmail.com"
-__description__ = """
-This tool run scripts and display the result in a Web Interface.
-
-This file implements a CGI script for example (parse arguments and body).
-"""
-__license__ = "GPL-3.0 License"
-__url__ = "https://github.com/mauricelambert/WebScripts"
-
-copyright = """
-WebScripts Copyright (C) 2021, 2022 Maurice Lambert
-This program comes with ABSOLUTELY NO WARRANTY.
-This is free software, and you are welcome to redistribute it
-under certain conditions.
-"""
-license = __license__
-__copyright__ = copyright
-
-__all__ = ["parse_args"]
-
-from cgi import FieldStorage, parse, MiniFieldStorage
-from urllib.parse import unquote, parse_qs
-
-# from cgitb import enable
-from os import environ
-from sys import argv
-
-# enable() # debug mode
-
-
-def parse_args(*args, **kwargs) -> None:
-
- """
- This function parses arguments/body with
- differents functions/tools.
- """
-
- print("\t\t - Simple parsing:")
- if len(argv) == 2:
- arguments = unquote(argv[1])
- print(f"\t\t\t - Arguments: {argv[0]!r} {argv[1]!r}")
- else:
- arguments = parse_qs(
- environ["QUERY_STRING"], *args, **kwargs
- ) or parse(*args, **kwargs)
- for key, values in arguments.items():
- print(
- "\t\t\t - ",
- repr(key),
- "=",
- *[(repr(v) + ", ") for v in values],
- )
-
- print("\t\t - Complex parsing:")
- arguments = FieldStorage(*args, **kwargs)
- for argument_name in arguments.keys():
- value = arguments[argument_name]
- if isinstance(value, MiniFieldStorage):
- print(
- "\t\t\t - ",
- repr(argument_name),
- "=",
- repr(value.value) + ",",
- value,
- )
- elif isinstance(value, list):
- print(
- "\t\t\t - ",
- repr(argument_name),
- "=",
- [(repr(v.value) + ",") for v in value],
- *value,
- )
-
-
-print("Content-Type: text/plain")
-print()
-print("Hello world !")
-
-print("\t 1. Don't keep blank values: ")
-parse_args()
-print("\t 2. Keep blank values: ")
-parse_args(keep_blank_values=True)
-
-print("- WebScripts -")
diff --git a/cgi-bin/test.py b/cgi-bin/test.py
deleted file mode 100644
index 12a5cda1..00000000
--- a/cgi-bin/test.py
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-
-print("Content-Type: text/plain")
-print()
-print("Hello world !")
\ No newline at end of file
diff --git a/commons.py b/commons.py
deleted file mode 100644
index e9c19466..00000000
--- a/commons.py
+++ /dev/null
@@ -1,1199 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-
-###################
-# This tool runs CLI scripts and displays output in a Web Interface.
-# Copyright (C) 2021, 2022, 2023 Maurice Lambert
-
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see .
-###################
-
-"""
-This tool runs CLI scripts and displays output in a Web Interface.
-
-This file implements commons functions and class for WebScripts package.
-"""
-
-__version__ = "0.1.7"
-__author__ = "Maurice Lambert"
-__author_email__ = "mauricelambert434@gmail.com"
-__maintainer__ = "Maurice Lambert"
-__maintainer_email__ = "mauricelambert434@gmail.com"
-__description__ = """
-This tool runs CLI scripts and displays output in a Web Interface.
-
-This file implements commons functions and class for WebScripts package.
-"""
-license = "GPL-3.0 License"
-__url__ = "https://github.com/mauricelambert/WebScripts"
-
-copyright = """
-WebScripts Copyright (C) 2021, 2022, 2023 Maurice Lambert
-This program comes with ABSOLUTELY NO WARRANTY.
-This is free software, and you are welcome to redistribute it
-under certain conditions.
-"""
-__license__ = license
-__copyright__ = copyright
-
-__all__ = [
- "User",
- "Session",
- "Argument",
- "JsonValue",
- "TokenCSRF",
- "Blacklist",
- "ScriptConfig",
- "CallableFile",
- "ServerConfiguration",
-]
-
-
-from os.path import join, normcase, isfile, dirname, splitext, basename, split
-from typing import TypeVar, Tuple, List, Dict
-from secrets import token_bytes, token_hex
-from configparser import ConfigParser
-from collections.abc import Callable
-from subprocess import Popen, PIPE # nosec
-from types import SimpleNamespace
-from base64 import b64encode
-from re import fullmatch
-from glob import iglob
-from time import time
-from json import load
-
-if __package__:
- from .utils import (
- DefaultNamespace,
- get_ini_dict,
- server_path as lib_directory,
- working_directory as current_directory,
- log_trace,
- get_ip,
- Logs,
- get_file_content,
- get_arguments_count,
- # doRollover,
- # rotator,
- # namer,
- # Handler,
- get_real_path,
- get_encodings,
- WebScriptsConfigurationError,
- WebScriptsArgumentError,
- WebScriptsConfigurationTypeError,
- WebScriptsSecurityError,
- logger_debug,
- logger_info,
- logger_auth,
- logger_access,
- logger_response,
- logger_command,
- logger_warning,
- logger_error,
- logger_critical,
- IS_WINDOWS,
- check_file_permission,
- )
-else:
- from utils import (
- DefaultNamespace,
- get_ini_dict,
- server_path as lib_directory,
- working_directory as current_directory,
- log_trace,
- get_ip,
- Logs,
- get_file_content,
- get_arguments_count,
- # doRollover,
- # rotator,
- # namer,
- # Handler,
- get_real_path,
- get_encodings,
- WebScriptsConfigurationError,
- WebScriptsArgumentError,
- WebScriptsConfigurationTypeError,
- WebScriptsSecurityError,
- logger_debug,
- logger_info,
- logger_auth,
- logger_access,
- logger_response,
- logger_command,
- logger_warning,
- logger_error,
- logger_critical,
- IS_WINDOWS,
- check_file_permission,
- )
-
-JsonValue = TypeVar("JsonValue", str, int, bool, None, List[str], List[int])
-ServerConfiguration = TypeVar("ServerConfiguration")
-ScriptConfig = TypeVar("ScriptConfig")
-Blacklist = TypeVar("Blacklist")
-Pages = TypeVar("Pages")
-
-Configuration = TypeVar("Configuration", ServerConfiguration, SimpleNamespace)
-
-
-class Argument(DefaultNamespace):
- """
- This class build argument for script.
- """
-
- __required__ = ["name"]
- __optional__ = [
- "list",
- "input",
- "example",
- "html_type",
- "is_advanced",
- "description",
- "default_value",
- "predefined_values",
- "javascript_attributs",
- ]
- __defaults__ = {
- "javascript_attributs": {},
- "default_value": None,
- "is_advanced": False,
- "html_type": "text",
- "description": None,
- "example": None,
- "input": None,
- }
- __types__ = {
- "predefined_values": list,
- "is_advanced": bool,
- "input": bool,
- "list": bool,
- }
-
- @staticmethod
- @log_trace
- def get_command(
- name: str, argument: Dict[str, JsonValue]
- ) -> List[Dict[str, JsonValue]]:
- """
- This function return list for command line execution.
- """
-
- if name.startswith("-"):
- list_ = [{"value": name, "input": False}]
- argument["input"] = False
- else:
- list_ = []
-
- value = argument["value"]
-
- if value is None:
- return []
- elif isinstance(value, str):
- if value == "":
- return []
-
- list_.append(argument)
-
- elif isinstance(value, bool):
- if value is False:
- return []
- else:
- return [{"value": name, "input": False}]
-
- elif isinstance(value, (int, float)):
- list_.append({"value": str(value), "input": argument["input"]})
-
- elif isinstance(value, list):
- while "" in value:
- value.remove("")
-
- while None in value:
- value.remove(None)
-
- if len(value) == 0:
- return []
-
- for arg in value:
- if isinstance(arg, int):
- arg = str(arg)
-
- list_.append({"value": arg, "input": argument["input"]})
- else:
- raise WebScriptsArgumentError(
- "Argument type must be: list, str, float, int, bool or None."
- f" Not {type(value)} ({value})"
- )
-
- return list_
-
-
-class ScriptConfig(DefaultNamespace):
- """
- This class makes script configurations.
- """
-
- __required__ = ["name", "dirname"]
- __defaults__ = {
- "documentation_content_type": "text/html",
- "command_generate_documentation": None,
- "stderr_content_type": "text/plain",
- "content_type": "text/plain",
- "documentation_file": None,
- "print_real_time": False,
- "minimum_access": None,
- "access_groups": None,
- "access_users": None,
- "no_password": False,
- "description": None,
- "launcher": None,
- "timeout": None,
- "category": "",
- "path": "",
- "args": [],
- }
- __optional__ = [
- "command_generate_documentation",
- "documentation_content_type",
- "stderr_content_type",
- "documentation_file",
- "minimum_access",
- "access_groups",
- "content_type",
- "access_users",
- "no_password",
- "description",
- "category",
- "launcher",
- "timeout",
- "path",
- "args",
- ]
- __types__ = {
- "access_groups": List[int],
- "access_users": List[int],
- "minimum_access": int,
- "no_password": bool,
- "timeout": int,
- }
-
- @log_trace
- def build_args(self, configuration: Configuration):
- """
- This function build Arguments from self.args: List[Dict[str, str]]
- """
-
- args = []
- for arg in self.args:
- arg = Argument.default_build(**arg)
-
- javascript_section = arg.get("javascript_section")
- if javascript_section is not None:
- javascript_configuration = configuration.get(
- javascript_section
- )
-
- if not isinstance(javascript_configuration, dict):
- raise WebScriptsConfigurationError(
- f'"{javascript_section}" doesn\'t exist or '
- "is not a javascript object (a dictionnary)"
- )
-
- arg.javascript_attributs = javascript_configuration
-
- args.append(arg)
-
- self.args = args
-
- @classmethod
- @log_trace
- def build_scripts_from_configuration(
- cls, server_configuration: ServerConfiguration
- ) -> Dict[str, ScriptConfig]:
- """
- This function build scripts from server
- configuration and configurations files.
- """
-
- scripts_config = cls.get_scripts_from_configuration(
- server_configuration, server_configuration
- )
-
- json_scripts_config = getattr(
- server_configuration, "json_scripts_config", []
- )
- ini_scripts_config = getattr(
- server_configuration, "ini_scripts_config", []
- )
- server_configuration.configuration_files = configuration_files = (
- getattr(server_configuration, "configuration_files", {})
- )
-
- for dirname_ in (lib_directory, current_directory):
- for config_path in ini_scripts_config:
- config_path = join(dirname_, normcase(config_path))
-
- for config_filename in iglob(config_path):
- if not check_file_permission(
- server_configuration, config_filename
- ):
- continue
-
- configuration = DefaultNamespace()
- temp_configurations = get_ini_dict(config_filename)
- configuration.update(**temp_configurations)
-
- scripts_config.update(
- cls.get_scripts_from_configuration(
- configuration, server_configuration
- )
- )
- configuration_files[get_real_path(config_filename)] = (
- temp_configurations
- )
-
- for config_path in json_scripts_config:
- config_path = join(dirname_, normcase(config_path))
-
- for config_filename in iglob(config_path):
- if not check_file_permission(
- server_configuration, config_filename
- ):
- continue
-
- configuration = DefaultNamespace()
-
- with open(config_filename) as file:
- temp_configurations = load(file)
- configuration.update(**temp_configurations)
-
- scripts_config.update(
- cls.get_scripts_from_configuration(
- configuration, server_configuration
- )
- )
- configuration_files[config_filename] = temp_configurations
-
- return scripts_config
-
- @classmethod
- @log_trace
- def get_scripts_from_configuration(
- cls,
- configuration: Configuration,
- server_configuration: ServerConfiguration,
- ) -> Dict[str, ScriptConfig]:
- """
- This function build scripts from ServerConfiguration.
- """
-
- scripts = getattr(configuration, "scripts", {})
- scripts_config = {}
-
- for name, section_config in scripts.items():
- script_section = getattr(configuration, section_config, None)
- logger_warning(
- f"Script found: {name!r} (section: {section_config!r})"
- )
-
- if script_section is None:
- raise WebScriptsConfigurationError(
- f"section {section_config!r} doesn't exist (to configure "
- f"script named {name!r})"
- )
- else:
- script_section = script_section.copy()
-
- (
- script_configuration,
- script_section,
- ) = cls.get_script_config_from_specific_file_config(
- script_section, configuration, server_configuration
- )
-
- script_section["args"] = cls.get_arguments_from_config(
- script_section.pop("args", None), script_configuration
- )
- script_section["documentation_file"] = (
- cls.get_documentation_from_configuration(
- script_section,
- name,
- getattr(server_configuration, "documentations_path", []),
- )
- )
- script_section["name"] = name
-
- path_ = script_section.get("path")
- script_section["path"] = script_path = get_real_path(path_)
- if script_path is None:
- script_path = script_section["path"] = cls.get_script_path(
- server_configuration, script_section
- )
- elif not isfile(script_path):
- raise WebScriptsConfigurationError(
- f"Location for script named {name!r} "
- f"({script_path!r}) doesn't exist."
- )
-
- if script_section.get("launcher") is None:
- script_section["launcher"] = (
- cls.get_Windows_default_script_launcher(script_section)
- )
-
- script_section["dirname"] = dirname(script_path)
-
- if not check_file_permission(
- server_configuration, script_path, executable=True
- ):
- continue
-
- build = scripts_config[name] = cls.default_build(**script_section)
- build.build_args(script_configuration)
-
- if path_ is None:
- build.path_is_defined = False
- else:
- build.path_is_defined = True
-
- return scripts_config
-
- @staticmethod
- @log_trace
- def get_Windows_default_script_launcher(
- script_config: Dict[str, JsonValue]
- ) -> str:
- """
- This function gets the Windows default launcher to execute a file.
- """
-
- if not IS_WINDOWS:
- return None
-
- logger_info(
- f"Research default launcher for script {script_config['name']}"
- )
- extension = splitext(script_config["path"])[1]
-
- if (
- fullmatch(r"[.]\w+", extension) is None
- ): # raise an error against command injection
- logger_critical(
- f'Security Error: this extension "{extension}" is a security '
- "risk (for security reason this extension is blocked)."
- )
- raise WebScriptsSecurityError(
- f"Invalid extension: {extension} (for security "
- "reason this extension is blocked)"
- )
-
- command = [
- r"C:\WINDOWS\system32\cmd.exe",
- "/c",
- "assoc",
- extension,
- ]
- logger_command("Get launcher from extension: " + repr(command))
-
- process = Popen(
- command, # protection against command injection
- stdout=PIPE,
- stderr=PIPE,
- text=True,
- ) # nosec
- stdout, stderr = process.communicate()
-
- if process.returncode != 0:
- return None
- filetype = stdout.split("=")[1] if "=" in stdout else ""
-
- command = [r"C:\WINDOWS\system32\cmd.exe", "/c", "ftype", filetype]
- logger_command("Get launcher from extension: " + repr(command))
-
- process = Popen(
- command,
- stdout=PIPE,
- stderr=PIPE,
- text=True,
- ) # nosec
- stdout, stderr = process.communicate()
-
- if process.returncode != 0:
- return None
- launcher = (
- stdout.split()[0].split("=")[1].replace('"', "")
- if "=" in stdout
- else None
- )
-
- if launcher is not None:
- logger_warning(
- f"Launcher found for {script_config['name']}: {launcher}"
- )
-
- return launcher
-
- @staticmethod
- @log_trace
- def get_script_path(
- server_configuration: ServerConfiguration,
- script_config: Dict[str, JsonValue],
- ) -> str:
- """
- This function return a script path from configuration.
- """
-
- for dirname_ in (lib_directory, current_directory):
- for directory in server_configuration.scripts_path:
- script_path = join(
- dirname_, normcase(directory), script_config["name"]
- )
- if isfile(script_path):
- logger_info(
- f"Found script named: {script_config['name']} in "
- f"location: {script_path}"
- )
- return script_path
-
- raise WebScriptsConfigurationError(
- f"No location found for script named {script_config['name']}"
- )
-
- @staticmethod
- @log_trace
- def get_documentation_from_configuration(
- script_config: Dict[str, JsonValue], name: str, paths: List[str]
- ) -> str:
- """
- This function get documentation from script configuration
- or search it in documentation path.
- """
-
- doc_file = script_config.get("documentation_file")
-
- if doc_file is None:
- for path_ in paths:
- doc_files = join(path_, f"{splitext(basename(name))[0]}.*")
- for doc_file in iglob(doc_files):
- logger_debug(f"Documentation file found for {name}")
- break
- else:
- logger_debug(f"Documentation file found for {name}")
-
- return doc_file
-
- @staticmethod
- @log_trace
- def get_arguments_from_config(
- arguments_section: str, configuration: Dict[str, Dict[str, JsonValue]]
- ) -> List[Dict[str, JsonValue]]:
- """
- This function get arguments list of script.
- """
-
- if arguments_section is not None:
- args_config = configuration.get(arguments_section)
-
- if args_config is None:
- raise WebScriptsConfigurationError(
- f"{arguments_section} "
- "section doesn't exist in configuration"
- )
-
- arguments_config = []
- for name, arg_section in args_config.items():
- arg_config = configuration.get(arg_section)
-
- if arg_config is None:
- raise WebScriptsConfigurationError(
- f"{arg_section} section doesn't exist "
- f'in configuration (for argument named "{name}")'
- )
-
- arg_config["name"] = name
- arguments_config.append(arg_config)
-
- logger_info(f"Argument named {name} found and configured.")
- else:
- arguments_config = []
-
- return arguments_config
-
- @staticmethod
- @log_trace
- def get_script_config_from_specific_file_config(
- script_config: Dict[str, JsonValue],
- configuration: Dict[str, JsonValue],
- server_configuration: Dict[str, JsonValue],
- ) -> Tuple[dict, dict]:
- """
- This function return all configuration and
- script configuration from configuration.
- """
-
- configuration_file = script_config.get("configuration_file")
-
- if configuration_file is not None:
- if configuration_file.endswith(".json"):
- file = get_file_content(configuration_file, as_iterator=True)
- configuration = load(file)
- file.close()
- else:
- config = ConfigParser(
- allow_no_value=True, inline_comment_prefixes="#"
- )
- config.read(configuration_file)
- configuration = config._sections
-
- script_config = configuration.get("script")
-
- if script_config is None:
- raise WebScriptsConfigurationError(
- f'Section "script" is not defined in {configuration_file}'
- )
-
- server_configuration.configuration_files = configuration_files = (
- getattr(server_configuration, "configuration_files", {})
- )
- configuration_files[get_real_path(configuration_file)] = (
- configuration
- )
-
- return configuration, script_config
-
- @log_trace
- def get_JSON_API(self) -> Dict:
- """
- This function return a dict for JSON API
- (visible configuration for user).
- """
-
- json_api = self.get_dict()
-
- for key in (
- "command_generate_documentation",
- "documentation_file",
- "print_real_time",
- "minimum_access",
- "access_groups",
- "access_users",
- "no_password",
- "launcher",
- "timeout",
- "dirname",
- "path",
- ):
- del json_api[key]
-
- if "secrets" in json_api.keys():
- del json_api["secrets"]
-
- arguments = json_api.pop("args")
- json_api["args"] = []
-
- for argument in arguments:
- json_api["args"].append(argument.get_dict())
-
- return json_api
-
- @staticmethod
- @log_trace
- def get_docfile_from_configuration(
- configuration: ServerConfiguration, filename: str
- ) -> str:
- """
- This method returns the script documentation
- path if it exists.
- """
-
- for dirname_ in (lib_directory, current_directory):
- for doc_glob in configuration.documentations_path:
- doc_glob = join(dirname_, normcase(doc_glob))
- for doc in iglob(doc_glob):
- doc_dirname, doc_filename = split(doc)
- no_extension, extension = splitext(doc_filename)
-
- if no_extension == splitext(basename(filename))[0]:
- return doc
-
-
-class User(DefaultNamespace):
- """
- This class implements User object.
- """
-
- __required__ = [
- "id",
- "name",
- "groups",
- "csrf",
- "ip",
- "categories",
- "scripts",
- "check_csrf",
- ]
- __types__ = {
- "id": int,
- "check_csrf": bool,
- "groups": List[int],
- "scripts": list,
- "categories": list,
- }
- __defaults__ = {
- "csrf": {},
- "groups": [],
- "scripts": ["*"],
- "categories": ["*"],
- "check_csrf": False,
- }
-
-
-class CallableFile(Callable):
- """
- This class build callable object to return
- Web files content or script output.
- """
-
- template_script_path: str = get_real_path("static/templates/script.html")
- template_header_path: str = get_real_path("static/templates/header.html")
- template_footer_path: str = get_real_path("static/templates/footer.html")
- template_index_path: str = get_real_path("static/templates/index.html")
-
- template_script: str = get_file_content(template_script_path)
- template_header: str = get_file_content(template_header_path)
- template_footer: str = get_file_content(template_footer_path)
- template_index: str = get_file_content(template_index_path)
-
- @log_trace
- def __init__(
- self,
- type_: str,
- path_: str,
- filename: str,
- config: dict = None,
- security: bool = True,
- ):
- self.path = path_
- self.type = type_
- self.config = config
- self.security = security
- self.filename = filename
- self.extension = splitext(path_)[1].lower()
-
- @log_trace
- def __call__(
- self, user: User, subdirectory: int = 2
- ) -> Tuple[str, Dict[str, str], List[bytes]]:
- if self.type == "js":
- return (
- "200 OK",
- {"Content-Type": "text/javascript; charset=utf-8"},
- get_file_content(self.path, as_iterator=True),
- )
- elif self.type == "static":
- if self.is_html():
- return (
- "200 OK",
- {"Content-Type": "text/html; charset=utf-8"},
- get_file_content(self.path, as_iterator=True),
- )
- elif self.extension == ".css":
- return (
- "200 OK",
- {"Content-Type": "text/css; charset=utf-8"},
- get_file_content(self.path, as_iterator=True),
- )
- elif self.extension == ".ico":
- return (
- "200 OK",
- {"Content-Type": "image/x-icon"},
- get_file_content(self.path, as_iterator=True),
- )
- elif self.extension == ".png":
- return (
- "200 OK",
- {"Content-Type": "image/png"},
- get_file_content(self.path, as_iterator=True),
- )
- elif self.is_jpeg():
- return (
- "200 OK",
- {"Content-Type": "image/jpeg"},
- get_file_content(self.path, as_iterator=True),
- )
- elif self.extension == ".gif":
- return (
- "200 OK",
- {"Content-Type": "image/gif"},
- get_file_content(self.path, as_iterator=True),
- )
- elif self.extension == ".json":
- return (
- "200 OK",
- {"Content-Type": "application/json; charset=utf-8"},
- get_file_content(self.path, as_iterator=True),
- )
- elif self.extension == ".txt":
- return (
- "200 OK",
- {"Content-Type": "text/plain; charset=utf-8"},
- get_file_content(self.path, as_iterator=True),
- )
- elif self.extension == ".pdf":
- return (
- "200 OK",
- {"Content-Type": "application/pdf; charset=utf-8"},
- get_file_content(self.path, as_iterator=True),
- )
- elif self.extension == ".csv":
- return (
- "200 OK",
- {"Content-Type": "text/csv; charset=utf-8"},
- get_file_content(self.path, as_iterator=True),
- )
- elif self.is_tiff():
- return (
- "200 OK",
- {"Content-Type": "image/tiff"},
- get_file_content(self.path, as_iterator=True),
- )
- elif self.is_xml():
- return (
- "200 OK",
- {"Content-Type": "application/xml; charset=utf-8"},
- get_file_content(self.path, as_iterator=True),
- )
- elif self.extension == ".svg":
- return (
- "200 OK",
- {"Content-Type": "image/svg+xml"},
- get_file_content(self.path, as_iterator=True),
- )
- else:
- return (
- "200 OK",
- {"Content-Type": "application/octet-stream"},
- get_file_content(self.path, as_iterator=True),
- )
- elif self.type == "script":
- nonce = token_hex(20)
- subpath = "../" * subdirectory
- template = CallableFile.template_script.replace(
- 'src="../js/', 'src="' + subpath + "js/"
- ).replace('href="../static/', 'href="' + subpath + "static/")
- return (
- "200 OK",
- {
- "Content-Type": "text/html; charset=utf-8",
- (
- "Content-Security-Policy"
- if self.security
- else "Content-Security-Policy-Report-Only"
- ): (
- "default-src 'self'; navigate-to 'self'; worker-src "
- "'none'; style-src-elem 'self'; style-src-attr 'none';"
- " style-src 'self'; script-src-attr 'none'; object-src"
- " 'none'; media-src 'none'; manifest-src 'none'; "
- "frame-ancestors 'none'; connect-src 'self'; font-src"
- " 'none'; img-src 'self'; base-uri 'none'; child-src"
- " 'none'; form-action 'none'; script-src 'self' "
- f"'nonce-{nonce}' 'require-trusted-types-for'"
- ),
- },
- (
- template
- if self.security
- else template.replace(
- "Content-Security-Policy",
- "Content-Security-Policy-Report-Only",
- )
- )
- % {
- "name": self.filename,
- "user": user.name,
- "csrf": TokenCSRF.build_token(user),
- "nonce": nonce,
- "header": self.template_header.replace(
- 'href="../web/', 'href="' + subpath + "web/"
- ),
- "footer": self.template_footer.replace(
- 'href="../static/', 'href="' + subpath + "static/"
- ),
- "subpath": subpath,
- },
- )
-
- def is_xml(self) -> bool:
- """
- This function compare extension with xml extensions.
- """
-
- return self.extension in (
- ".xml",
- ".xsd",
- ".xslt",
- ".tld",
- ".dtml",
- ".rss",
- ".opml",
- )
-
- def is_html(self) -> bool:
- """
- This function compare extension with html extensions.
- """
-
- return self.extension in (".html", ".htm", ".shtml", ".xhtml")
-
- def is_jpeg(self) -> bool:
- """
- This function compare extension with jpeg extensions.
- """
-
- return self.extension in (".jpg", ".jpeg", ".jpe")
-
- def is_tiff(self) -> bool:
- """
- This function compare extension with tif extensions.
- """
-
- return self.extension in (".tiff", ".tif")
-
-
-class Blacklist:
- """
- This class implement blacklist.
- """
-
- def __init__(
- self,
- configuration: ServerConfiguration,
- last_blacklist: Blacklist = None,
- ):
- logger_debug("New blacklist object...")
- self.time = time()
-
- blacklist_time = getattr(configuration, "blacklist_time", None)
-
- if blacklist_time is None:
- self.counter = 1
- logger_debug("Counter initialized, cause: no blacklist time.")
- else:
- if last_blacklist is None:
- self.counter = 1
- logger_debug("Counter initialized, cause: no blacklist.")
- else:
- if (
- last_blacklist.time + configuration.blacklist_time
- >= self.time
- ):
- counter = self.counter = last_blacklist.counter + 1
- logger_info(f"Counter increment: {counter}.")
- else:
- self.counter = 1
- logger_debug(
- "Counter initialized, cause: blacklist time exceeded."
- )
-
- @log_trace
- def is_blacklist(self, configuration: ServerConfiguration) -> bool:
- """
- This function return True if this object is blacklisted.
- """
-
- blacklist_time = getattr(configuration, "blacklist_time", None)
- auth_failures_to_blacklist = getattr(
- configuration, "auth_failures_to_blacklist", None
- )
-
- if auth_failures_to_blacklist is None:
- logger_debug(
- "Not blacklisted, cause: configuration "
- '"auth_failures_to_blacklist" is None.'
- )
- return False
-
- if self.counter > auth_failures_to_blacklist:
- if blacklist_time is None:
- logger_debug("Not blacklisted, cause: blacklist time is None")
- return False
-
- is_blacklisted = blacklist_time + self.time >= time()
- logger_info(f"Blacklist state: {is_blacklisted}")
- return is_blacklisted
- else:
- logger_debug(
- "Not blacklisted, cause: counter less than "
- 'configuration "auth_failures_to_blacklist".'
- )
- return False
-
- def __str__(self) -> str:
- """
- This function returns a string to represent the Blacklist object.
- """
-
- return (
- f"Blacklist(counter={self.counter}, "
- f"blacklist_time={time() - self.time})"
- )
-
-
-class TokenCSRF:
- """
- This class brings together the functions related to the CSRF token
- """
-
- @staticmethod
- @log_trace
- def build_token(user: User) -> str:
- """
- This function build a CSRF token for a user.
- """
-
- token = b64encode(token_bytes(48)).decode()
- user.csrf[token] = time()
- return token
-
- @staticmethod
- @log_trace
- def check_csrf(
- user: User,
- token: str,
- csrf_max_time: float = 300,
- referer: str = None,
- baseurl: str = None,
- ) -> bool:
- """
- This function check the validity of a csrf token.
- """
-
- max_time = time() - csrf_max_time
-
- if (
- referer
- and baseurl
- and not referer.lstrip("htps").startswith(baseurl.lstrip("htps"))
- ):
- logger_error(
- f"Referrer error: referer ({referer!r}) "
- f"do not start with baseurl ({baseurl!r})."
- )
- TokenCSRF.clean(user, max_time)
- return False
-
- timestamp = user.csrf.pop(token, 0)
-
- if timestamp >= max_time:
- return True
- else:
- logger_warning(
- f"CSRF Token has expired ({timestamp} >= {max_time})"
- )
- TokenCSRF.clean(user, max_time)
- return False
-
- @staticmethod
- @log_trace
- def clean(user: User, max_time: float) -> None:
- """
- This function clean all old CSRF tokens for a user.
- """
-
- to_delete = []
-
- for token, timestamp in user.csrf.items():
- if timestamp <= max_time:
- to_delete.append(token)
-
- for key in to_delete:
- del user.csrf[key]
-
-
-class Session:
- """
- Object to implement session.
- """
-
- def __init__(self, user: User, ip: str):
- self.cookie = token_hex(64)
- self.time = time()
- self.user = user
- self.ip = ip
-
- def __str__(self) -> str:
- """
- This function returns a string to represent the Session object.
- """
-
- return (
- f"Session(Time={time() - self.time}, IP={self.ip}, "
- f"Cookie={self.cookie}, User={self.user})"
- )
-
- @classmethod
- @log_trace
- def build_session(cls, user: User, ip: str, Pages: Pages) -> str:
- """
- This function build and add session and return the cookie.
- """
-
- session: Session = cls(user, ip)
- Pages.sessions[user.id] = session
- return f"{user.id}:{session.cookie}"
-
- @staticmethod
- @log_trace
- def check_session(
- cookie: str,
- pages: Pages,
- ip: str,
- default_user: User,
- session_max_time: float = 3600,
- ) -> User:
- """
- This function check session validity and return user.
- """
-
- if cookie.startswith("SessionID="):
- cookie = cookie[10:]
- else:
- logger_error("Session cookie do not start with 'SessionID='.")
- return default_user
-
- if ":" in cookie:
- user_id, cookie_session = cookie.split(":", 1)
- else:
- logger_error("Invalid session cookie: ':' not in cookie")
- return default_user
-
- if user_id.isdigit():
- session = pages.sessions.get(int(user_id), None)
- else:
- logger_error("Cookie: UserID is not digit.")
- return default_user
-
- if session is None:
- logger_info("Session not found.")
- return default_user
-
- if (
- session.ip == ip
- and session.time + session_max_time >= time()
- and session.cookie == cookie_session
- ):
- return session.user
- else:
- logger_warning("Session: Bad IP or session expired or bad cookie.")
- return default_user
diff --git a/config/files/change_my_password.json b/config/files/change_my_password.json
deleted file mode 100644
index 224b5744..00000000
--- a/config/files/change_my_password.json
+++ /dev/null
@@ -1,32 +0,0 @@
-{
- "script": {
- "timeout": 15,
- "launcher": "/usr/bin/python3",
- "minimum_access": 50,
- "category": "My Account",
- "args": "change_my_password_args",
- "description": "This script can change your own password (for all authenticated users).",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\"",
- "path": "./scripts/account/change_my_password.py"
- },
- "change_my_password_args": {
- "old_password": "arg_old_password",
- "password": "arg_password",
- "password_confirmation": "arg_confirm_password"
- },
- "arg_old_password": {
- "example": "password",
- "html_type": "password",
- "description": "Your current password"
- },
- "arg_password": {
- "example": "password",
- "html_type": "password",
- "description": "New password value."
- },
- "arg_confirm_password": {
- "example": "password",
- "html_type": "password",
- "description": "New password value (confirmation)."
- }
-}
diff --git a/config/files/test_config.json b/config/files/test_config.json
deleted file mode 100644
index 54b67c9e..00000000
--- a/config/files/test_config.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
- "script": {
- "timeout": 25,
- "args": "arguments",
- "no_password": true,
- "launcher": "/usr/bin/python3",
- "path": "./scripts/py/test_config.py",
- "description": "This script test interrface, arguments and script configurations.",
- "print_real_time": true
- },
- "arguments": {
- "select": "select",
- "--timeout": "timeout",
- "password": "password",
- "--test-date": "--test-date",
- "test_file": "test_file",
- "test_input": "test_input",
- "test_number": "test_number",
- "select-input": "select-input"
- },
- "timeout": {
- "html_type": "checkbox",
- "description": "Test checkbox and the process timeout and optional argument without value."
- },
- "select": {
- "example": "password",
- "html_type": "password",
- "description": "Test select (listbox).",
- "default_value": "select",
- "predefined_values": [
- "",
- "test",
- "select",
- "arguments"
- ]
- },
- "password": {
- "list": true,
- "example": "password",
- "html_type": "password",
- "description": "Test password and list of values for one argument."
- },
- "test_input": {
- "example": "input",
- "description": "Test HTML input as argument."
- },
- "--test-date": {
- "html_type": "date",
- "description": "Test HTML input type date and optional argument with value."
- },
- "test_file": {
- "html_type": "file",
- "input": true,
- "description": "Test HTML input type file."
- },
- "test_number": {
- "html_type": "number",
- "description": "Test HTML input type number with specific javascript configurations.",
- "javascript_section": "js_section_number"
- },
- "js_section_number": {
- "step": "0.002"
- },
- "select-input": {
- "list": true,
- "input": true,
- "predefined_values": [
- "",
- "test",
- "select",
- "arguments"
- ],
- "description": "Test select with multiples selected values as input."
- }
-}
diff --git a/config/loggers.ini b/config/loggers.ini
deleted file mode 100644
index ff8565fc..00000000
--- a/config/loggers.ini
+++ /dev/null
@@ -1,194 +0,0 @@
-[loggers]
-keys=root,WebScripts.console,WebScripts.file,WebScripts.debug,WebScripts.info,WebScripts.warning,WebScripts.error,WebScripts.critical,WebScripts.trace,WebScripts.authentication,WebScripts.access,WebScripts.response,WebScripts.command
-
-[handlers]
-keys=root,console,file,debug,info,warning,error,critical,trace,authentication,access,response,command
-
-[formatters]
-keys=specificlevel,basic,root
-
-[logger_root]
-level=NOTSET
-handlers=root
-propagate=0
-formatter=root
-
-[logger_WebScripts.authentication]
-level=NOTSET
-handlers=authentication
-qualname=WebScripts.authentication
-formatter=specificlevel
-propagate=0
-
-[logger_WebScripts.access]
-level=NOTSET
-handlers=access
-qualname=WebScripts.access
-formatter=specificlevel
-propagate=0
-
-[logger_WebScripts.command]
-level=NOTSET
-handlers=command
-qualname=WebScripts.command
-formatter=specificlevel
-propagate=0
-
-[logger_WebScripts.response]
-level=NOTSET
-handlers=response
-qualname=WebScripts.response
-formatter=specificlevel
-propagate=0
-
-[logger_WebScripts.console]
-level=NOTSET
-handlers=console
-qualname=WebScripts.console
-formatter=basic
-propagate=0
-
-[logger_WebScripts.file]
-level=NOTSET
-handlers=file
-qualname=WebScripts.file
-formatter=basic
-propagate=0
-
-[logger_WebScripts.debug]
-level=DEBUG
-handlers=debug
-qualname=WebScripts.debug
-formatter=specificlevel
-propagate=0
-
-[logger_WebScripts.info]
-level=INFO
-handlers=info
-qualname=WebScripts.info
-formatter=specificlevel
-propagate=0
-
-[logger_WebScripts.warning]
-level=WARNING
-handlers=warning
-qualname=WebScripts.warning
-formatter=specificlevel
-propagate=0
-
-[logger_WebScripts.error]
-level=ERROR
-handlers=error
-qualname=WebScripts.error
-formatter=specificlevel
-propagate=0
-
-[logger_WebScripts.critical]
-level=CRITICAL
-handlers=critical
-qualname=WebScripts.critical
-formatter=specificlevel
-propagate=0
-
-[logger_WebScripts.trace]
-level=NOTSET
-handlers=trace
-qualname=WebScripts.trace
-formatter=specificlevel
-propagate=0
-
-[formatter_root]
-format=[%(asctime)s] %(levelname)-9s(%(levelno)s) {%(name)s - %(filename)s:%(lineno)d} %(message)s
-datefmt=%Y-%m-%d %H:%M:%S
-class=logging.Formatter
-
-[formatter_basic]
-format=[%(asctime)s] %(levelname)-9s(%(levelno)s) {%(filename)s:%(lineno)d} %(message)s
-datefmt=%Y-%m-%d %H:%M:%S
-class=logging.Formatter
-
-[formatter_specificlevel]
-format=[%(asctime)s] {%(filename)s:%(lineno)d} %(message)s
-datefmt=%Y-%m-%d %H:%M:%S
-class=logging.Formatter
-
-[handler_root]
-class=handlers.CustomLogHandler
-level=NOTSET
-formatter=root
-args=("logs/root.logs", "a", 10485760, 10485760,)
-
-[handler_console]
-class=StreamHandler
-level=NOTSET
-formatter=basic
-args=(sys.stdout,)
-
-[handler_authentication]
-class=handlers.CustomLogHandler
-level=NOTSET
-formatter=specificlevel
-args=("logs/24-auth.logs", "a", 10485760, 10485760,)
-
-[handler_access]
-class=handlers.CustomLogHandler
-level=NOTSET
-formatter=specificlevel
-args=("logs/25-access.logs", "a", 10485760, 10485760,)
-
-[handler_response]
-class=handlers.CustomLogHandler
-level=NOTSET
-formatter=specificlevel
-args=("logs/26-response.logs", "a", 10485760, 10485760,)
-
-[handler_command]
-class=handlers.CustomLogHandler
-level=NOTSET
-formatter=specificlevel
-args=("logs/27-command.logs", "a", 10485760, 10485760,)
-
-[handler_file]
-class=handlers.CustomLogHandler
-level=NOTSET
-formatter=basic
-args=("logs/00-server.logs", "a", 10485760, 10485760,)
-
-[handler_debug]
-class=handlers.CustomLogHandler
-level=DEBUG
-formatter=specificlevel
-args=("logs/10-debug.logs", "a", 10485760, 10485760,)
-
-[handler_info]
-class=handlers.CustomLogHandler
-level=INFO
-formatter=specificlevel
-args=("logs/20-info.logs", "a", 10485760, 10485760,)
-
-[handler_warning]
-class=handlers.CustomLogHandler
-level=WARNING
-formatter=specificlevel
-args=("logs/30-warning.logs", "a", 10485760, 10485760,)
-
-[handler_error]
-class=handlers.CustomLogHandler
-level=ERROR
-formatter=specificlevel
-args=("logs/40-error.logs", "a", 10485760, 10485760,)
-
-[handler_critical]
-class=handlers.CustomLogHandler
-filename=logs/critical.logs
-level=CRITICAL
-formatter=specificlevel
-args=("logs/50-critical.logs", "a", 10485760, 10485760,)
-
-[handler_trace]
-class=handlers.CustomLogHandler
-filename=logs/trace.logs
-level=NOTSET
-formatter=specificlevel
-args=("logs/05-trace.logs", "a", 10485760, 10485760,)
-
diff --git a/config/nt/files/change_my_password.ini b/config/nt/files/change_my_password.ini
deleted file mode 100644
index ca82d358..00000000
--- a/config/nt/files/change_my_password.ini
+++ /dev/null
@@ -1,28 +0,0 @@
-[script]
-timeout=15
-launcher=python
-minimum_access=50
-category=My Account
-args=change_my_password_args
-description=This script can change your own password (for all authenticated users).
-command_generate_documentation=python "%(dirname)s/../doc/py_doc.py" "%(path)s"
-
-[change_my_password_args]
-old_password=arg_old_password
-password=arg_password
-password_confirmation=arg_confirm_password
-
-[arg_old_password]
-example=password
-html_type=password
-description=Your current password
-
-[arg_password]
-example=password
-html_type=password
-description=New password value.
-
-[arg_confirm_password]
-example=password
-html_type=password
-description=New password value (confirmation).
diff --git a/config/nt/files/change_my_password.json b/config/nt/files/change_my_password.json
deleted file mode 100644
index e3221b01..00000000
--- a/config/nt/files/change_my_password.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
- "script": {
- "timeout": 15,
- "launcher": "python",
- "minimum_access": 50,
- "category": "My Account",
- "args": "change_my_password_args",
- "description": "This script can change your own password (for all authenticated users).",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "change_my_password_args": {
- "old_password": "arg_old_password",
- "password": "arg_password",
- "password_confirmation": "arg_confirm_password"
- },
-
- "arg_old_password": {
- "example": "password",
- "html_type": "password",
- "description": "Your current password"
- },
-
- "arg_password": {
- "example": "password",
- "html_type": "password",
- "description": "New password value."
- },
-
- "arg_confirm_password": {
- "example": "password",
- "html_type": "password",
- "description": "New password value (confirmation)."
- }
-}
\ No newline at end of file
diff --git a/config/nt/files/test_config.json b/config/nt/files/test_config.json
deleted file mode 100644
index d92e3156..00000000
--- a/config/nt/files/test_config.json
+++ /dev/null
@@ -1,75 +0,0 @@
-{
- "script": {
- "timeout": 25,
- "args": "arguments",
- "no_password": true,
- "launcher": "python",
- "path": "./scripts/py/test_config.py",
- "description": "This script test interrface, arguments and script configurations.",
- "print_real_time": true
- },
-
- "arguments": {
- "select": "select",
- "--timeout": "timeout",
- "password": "password",
- "--test-date": "--test-date",
- "test_file": "test_file",
- "test_input": "test_input",
- "test_number": "test_number",
- "select-input": "select-input"
- },
-
- "timeout": {
- "html_type": "checkbox",
- "description": "Test checkbox and the process timeout and optional argument without value."
- },
-
- "select": {
- "example": "password",
- "html_type": "password",
- "description": "Test select (listbox).",
- "default_value": "select",
- "predefined_values": ["", "test", "select", "arguments"]
- },
-
- "password": {
- "list": true,
- "example": "password",
- "html_type": "password",
- "description": "Test password and list of values for one argument."
- },
-
- "test_input": {
- "example": "input",
- "description": "Test HTML input as argument."
- },
-
- "--test-date": {
- "html_type": "date",
- "description": "Test HTML input type date and optional argument with value."
- },
-
- "test_file": {
- "html_type": "file",
- "input": true,
- "description": "Test HTML input type file."
- },
-
- "test_number": {
- "html_type": "number",
- "description": "Test HTML input type number with specific javascript configurations.",
- "javascript_section": "js_section_number"
- },
-
- "js_section_number": {
- "step": "0.002"
- },
-
- "select-input": {
- "list": true,
- "input": true,
- "predefined_values": ["", "test", "select", "arguments"],
- "description": "Test select with multiples selected values as input."
- }
-}
\ No newline at end of file
diff --git a/config/nt/scripts/default_admin_scripts.json b/config/nt/scripts/default_admin_scripts.json
deleted file mode 100644
index de48d1a7..00000000
--- a/config/nt/scripts/default_admin_scripts.json
+++ /dev/null
@@ -1,274 +0,0 @@
-{
- "scripts": {
- "add_user.py": "config_add_user",
- "add_group.py": "config_add_group",
- "view_users.py": "config_view_users",
- "get_apikey.py": "config_get_apikey",
- "view_groups.py": "config_view_groups",
- "delete_user.py": "config_delete_user",
- "delete_group.py": "config_delete_group",
- "api_view_users.py": "config_api_view_users",
- "api_view_groups.py": "config_api_view_groups",
- "change_user_password.py": "config_change_user_password",
- "my_user_informations.py": "config_my_user_informations"
- },
-
- "config_change_user_password": {
- "timeout": 15,
- "launcher": "python",
- "access_groups": [1000],
- "category": "Administration",
- "args": "args_change_user_password",
- "description": "This script reset a user password (for admin only)",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "args_change_user_password": {
- "user_id": "arg_id",
- "password": "arg_password"
- },
-
- "config_delete_user": {
- "timeout": 15,
- "access_users": [],
- "no_password": true,
- "launcher": "python",
- "access_groups": [1000],
- "content_type": "text/plain",
- "category": "Administration",
- "args": "config_delete_user_args",
- "documentation_content_type": "text/html",
- "path": "./scripts/account/delete_user.py",
- "documentation_file": "./doc/delete_user.html",
- "description": "This script delete user from ID.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "config_delete_user_args": {
- "id": "arg_id"
- },
-
- "arg_id": {
- "list": false,
- "input": false,
- "example": "55",
- "html_type": "number",
- "default_value": null,
- "predefined_values": null,
- "description": "User ID (must be unique)"
- },
-
- "config_add_user": {
- "timeout": 15,
- "launcher": "python",
- "access_groups": [1000],
- "content_type": "text/plain",
- "category": "Administration",
- "args": "config_add_user_args",
- "description": "This script add a new user.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
-
- },
-
- "config_add_user_args": {
- "username": "arg_username",
- "password": "arg_password",
- "--ips": "arg_ips",
- "--groups": "arg_group_ids",
- "--group-names": "arg_group_names",
- "--categories": "arg_categories",
- "--scripts": "arg_scripts"
- },
-
- "arg_username": {
- "list": false,
- "example": "user",
- "html_type": "text",
- "description": "Username for user (must be unique)"
- },
-
- "arg_group_ids": {
- "list": true,
- "example": "50",
- "html_type": "number",
- "description": "List of groups IDs to add permissions to the new user."
- },
-
- "arg_group_names": {
- "list": true,
- "example": "User",
- "description": "List of groups names to add permissions to the new user."
- },
-
- "arg_ips": {
- "list": true,
- "html_type": "text",
- "example": "127.0.*",
- "description": "List of glob syntax for authorized IPs."
- },
-
- "arg_password": {
- "example": "password",
- "html_type": "password",
- "description": "The user password"
- },
-
- "arg_scripts": {
- "list": true,
- "is_advanced": true,
- "example": "antivirus*.py",
- "description": "List of glob syntax for authorized scripts."
- },
-
- "arg_categories": {
- "list": true,
- "is_advanced": true,
- "example": "Admin*",
- "description": "List of glob syntax for authorized categories."
- },
-
- "config_view_users": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "access_groups": [1000],
- "args": "view_users_args",
- "content_type": "text/csv",
- "category": "Administration",
- "description": "This script list all users to get names, IDs and groups (access level).",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "config_api_view_users": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "access_groups": [1000],
- "args": "view_users_args",
- "content_type": "text/json",
- "category": "Administration",
- "description": "This script list all users to get names, IDs and groups (access level).",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "view_users_args": {
- "--ids": "arg_ids",
- "--names": "arg_names"
- },
-
- "arg_ids": {
- "list": true,
- "example": "5",
- "html_type": "number",
- "description": "List of IDs to display them only."
- },
-
- "arg_names": {
- "list": true,
- "example": "user",
- "html_type": "text",
- "description": "List of names to display them only."
- },
-
- "config_add_group": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "access_groups": [1000],
- "args": "add_group_args",
- "category": "Administration",
- "description": "This script can add group (to define new access level).",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "add_group_args": {
- "name": "arg_group_name",
- "access_level": "arg_group_level"
- },
-
- "arg_group_level": {
- "example": "group",
- "html_type": "text",
- "description": "Name of the new group (must be unique)."
- },
-
- "arg_group_name": {
- "example": "1000",
- "html_type": "number",
- "description": "Level of the new group (must be unique)."
- },
-
- "config_delete_group": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "access_groups": [1000],
- "args": "delete_group_args",
- "category": "Administration",
- "description": "This script can delete group from ID.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "delete_group_args": {
- "ID": "arg_group_id"
- },
-
- "arg_group_id": {
- "example": "5",
- "html_type": "number",
- "description": "Group ID to delete (you can get it with view_groups)."
- },
-
- "config_view_groups": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "access_groups": [1000],
- "args": "view_groups_args",
- "content_type": "text/csv",
- "category": "Administration",
- "description": "This script list all groups to get IDs, access level and names.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "config_api_view_groups": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "access_groups": [1000],
- "args": "view_groups_args",
- "content_type": "text/json",
- "category": "Administration",
- "description": "This script list all groups to get IDs, access level and names.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "view_groups_args": {
- "--ids": "arg_ids",
- "--names": "arg_names"
- },
-
- "config_get_apikey": {
- "timeout": 15,
- "launcher": "python",
- "minimum_access": 50,
- "category": "My Account",
- "args": "args_get_apikey",
- "description": "This script print the API key of the current user.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "args_get_apikey": {
- "password": "arg_password"
- },
-
- "config_my_user_informations": {
- "timeout": 15,
- "no_password": true,
- "minimum_access": 50,
- "launcher": "python",
- "category": "My Account",
- "description": "This script prints user informations.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- }
-}
\ No newline at end of file
diff --git a/config/nt/scripts/default_log_scripts.json b/config/nt/scripts/default_log_scripts.json
deleted file mode 100644
index 49ccb000..00000000
--- a/config/nt/scripts/default_log_scripts.json
+++ /dev/null
@@ -1,100 +0,0 @@
-{
- "scripts": {
- "log_viewer.py": "config_log_viewer",
- "log_analysis.py": "config_log_analysis"
- },
-
- "config_log_analysis": {
- "timeout": 120,
- "no_password": true,
- "launcher": "python",
- "category": "Security",
- "minimum_access": 1000,
- "content_type": "text/csv",
- "path": "./scripts/logs/log_analysis.py",
- "description": "This file displays an HTML table for log and activity analysis.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "config_log_viewer": {
- "timeout": 30,
- "no_password": true,
- "launcher": "python",
- "category": "Security",
- "minimum_access": 1000,
- "args": "args_log_viewer",
- "path": "./scripts/logs/log_viewer.py",
- "description": "This file can display the latest logs.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "args_log_viewer": {
- "length": "arg_length",
- "all": "arg_all",
- "INFO": "arg_INFO",
- "DEBUG": "arg_DEBUG",
- "ERROR": "arg_ERROR",
- "TRACE": "arg_TRACE",
- "ACCESS": "arg_ACCESS",
- "COMMAND": "arg_COMMAND",
- "WARNING": "arg_WARNING",
- "RESPONSE": "arg_RESPONSE",
- "CRITICAL": "arg_CRITICAL"
- },
-
- "arg_length": {
- "default_value": 10,
- "html_type": "number",
- "description": "Number of logs to print."
- },
-
- "arg_all": {
- "html_type": "checkbox",
- "description": "View the latest logs."
- },
-
- "arg_TRACE": {
- "html_type": "checkbox",
- "description": "View the latest TRACE logs."
- },
-
- "arg_DEBUG": {
- "html_type": "checkbox",
- "description": "View the latest DEBUG logs."
- },
-
- "arg_INFO": {
- "html_type": "checkbox",
- "description": "View the latest INFO logs."
- },
-
- "arg_ACCESS": {
- "html_type": "checkbox",
- "description": "View the latest ACCESS logs."
- },
-
- "arg_RESPONSE": {
- "html_type": "checkbox",
- "description": "View the latest RESPONSE logs."
- },
-
- "arg_COMMAND": {
- "html_type": "checkbox",
- "description": "View the latest COMMAND logs."
- },
-
- "arg_WARNING": {
- "html_type": "checkbox",
- "description": "View the latest WARNING logs."
- },
-
- "arg_ERROR": {
- "html_type": "checkbox",
- "description": "View the latest ERROR logs."
- },
-
- "arg_CRITICAL": {
- "html_type": "checkbox",
- "description": "View the latest CRITICAL logs."
- }
-}
\ No newline at end of file
diff --git a/config/nt/scripts/default_password_scripts.json b/config/nt/scripts/default_password_scripts.json
deleted file mode 100644
index da103db1..00000000
--- a/config/nt/scripts/default_password_scripts.json
+++ /dev/null
@@ -1,73 +0,0 @@
-{
- "scripts": {
- "password_generator.py": "config_password_generator",
- "get_password_share.py": "config_get_password_share",
- "new_password_share.py": "config_new_password_share"
- },
-
- "config_password_generator": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "category": "Password",
- "path": "./scripts/passwords/password_generator.py",
- "description": "This script prints a random ASCII password.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "config_get_password_share": {
- "timeout": 15,
- "launcher": "python",
- "category": "Password",
- "args": "args_get_password_share",
- "path": "./scripts/passwords/get_password_share.py",
- "description": "This script decrypt and print a secure password share.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "args_get_password_share": {
- "token": "arg_token"
- },
-
- "arg_token": {
- "description": "Token to decrypt password.",
- "example": "255:MQYipDEHjuyrNrGOaMpRsNr5/WQ/jnRFu2MynY2VabzeiCy2mXzrhHO122/4SpwjTbttUMcdk3NQfD/Y"
- },
-
- "config_new_password_share": {
- "timeout": 15,
- "launcher": "python",
- "category": "Password",
- "content_type": "text/html",
- "args": "args_new_password_share",
- "path": "./scripts/passwords/new_password_share.py",
- "description": "This script share a password securely.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "args_new_password_share": {
- "password": "arg_password",
- "time_in_hours": "arg_time_in_hours",
- "maximum_number_of_views": "arg_maximum_number_of_views"
- },
-
- "arg_password": {
- "html_type": "password",
- "description": "Password to share."
- },
-
- "arg_time_in_hours": {
- "example": "1.5",
- "description": "Maximum time (in hours) to share the password.",
- "default_value": 1,
- "is_advanced": true
- },
-
- "arg_maximum_number_of_views": {
- "example": "5",
- "html_type": "number",
- "description": "Maximum number of requests for this password share.",
- "default_value": 3,
- "is_advanced": true
- }
-}
\ No newline at end of file
diff --git a/config/nt/scripts/default_requests_scripts.json b/config/nt/scripts/default_requests_scripts.json
deleted file mode 100644
index efef35a0..00000000
--- a/config/nt/scripts/default_requests_scripts.json
+++ /dev/null
@@ -1,53 +0,0 @@
-{
- "scripts": {
- "get_request.py": "config_get_request",
- "get_requests.py": "config_get_requests",
- "delete_request.py": "config_delete_request"
- },
-
- "config_get_request": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "access_groups": [1000],
- "args": "args_requests",
- "category": "User Requests",
- "path": "./scripts/request/get_request.py",
- "description": "This script prints a user request.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "config_get_requests": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "access_groups": [1000],
- "content_type": "text/html",
- "category": "User Requests",
- "path": "./scripts/request/get_requests.py",
- "description": "This script prints a HTML table of user requests.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "args_requests": {
- "ID": "arg_ID"
- },
-
- "arg_ID": {
- "description": "ID of the request.",
- "html_type": "number",
- "example": "25"
- },
-
- "config_delete_request": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "access_groups": [1000],
- "args": "args_requests",
- "category": "User Requests",
- "path": "./scripts/request/delete_request.py",
- "description": "This script deletes and prints a user request.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- }
-}
\ No newline at end of file
diff --git a/config/nt/scripts/default_rss_scripts.json b/config/nt/scripts/default_rss_scripts.json
deleted file mode 100644
index 7054810f..00000000
--- a/config/nt/scripts/default_rss_scripts.json
+++ /dev/null
@@ -1,64 +0,0 @@
-{
- "scripts": {
- "add_news.py": "config_add_news"
- },
-
- "config_add_news": {
- "timeout": 10,
- "no_password": true,
- "launcher": "python",
- "access_groups": [500, 750, 1000],
- "category": "RSS Feed",
- "args": "args_add_news",
- "description": "This script adds a news in the RSS feed",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "args_add_news": {
- "title": "arg_title",
- "link": "arg_link",
- "categories": "arg_categories",
- "--comments": "arg_comments",
- "--is-b64": "arg_is_b64",
- "description": "arg_description"
- },
-
- "arg_title": {
- "example": "What's new in WebScripts 3.0.0 ?",
- "description": "The news title"
- },
-
- "arg_link": {
- "example": "https://webscripts.local/static/WebScripts3.0.0New.html",
- "description": "Link to read the full article"
- },
-
- "arg_categories": {
- "list": true,
- "example": "WebScripts",
- "description": "The news categories"
- },
-
- "arg_comments": {
- "example": "Article written for WebScripts administrators to understand changes in the version 3.0.0",
- "description": "A comment for the news."
- },
-
- "arg_is_b64": {
- "html_type": "checkbox",
- "description": "Using base64 to upload the file.",
- "javascript_section": "javascript_b64",
- "is_advanced": true
- },
-
- "javascript_b64": {
- "disabled": true,
- "checked": true
- },
-
- "arg_description": {
- "input": true,
- "html_type": "file",
- "description": "The news content (article or description)."
- }
-}
\ No newline at end of file
diff --git a/config/nt/scripts/default_uploads_scripts.json b/config/nt/scripts/default_uploads_scripts.json
deleted file mode 100644
index fecb538c..00000000
--- a/config/nt/scripts/default_uploads_scripts.json
+++ /dev/null
@@ -1,247 +0,0 @@
-{
- "scripts": {
- "upload_file.py": "config_upload_file",
- "delete_file.py": "config_delete_file",
- "download_filename.py": "config_get_file",
- "HTML_visible_files.py": "config_get_files",
- "HTML_all_files.py": "config_get_all_files",
- "HTML_file_history.py": "config_get_history",
- "download_all_files.py": "config_get_any_file",
- "JSON_visible_files.py": "config_api_get_files",
- "JSON_all_files.py": "config_api_get_all_files",
- "JSON_file_history.py": "config_api_get_history",
- "HTML_uploads_properties.py": "config_web_upload_size",
- "JSON_uploads_properties.py": "config_api_upload_size"
- },
-
- "config_get_file": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "category": "Upload",
- "minimum_access": 50,
- "args": "args_get_file",
- "content_type": "text/html",
- "description": "This script returns a download link for a file.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "args_get_file": {
- "filename": "arg_filename"
- },
-
- "config_get_files": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "category": "Upload",
- "minimum_access": 50,
- "content_type": "text/html",
- "description": "This script returns a HTML table of uploaded files.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "arg_filename": {
- "example": "LICENSE.txt",
- "description": "The filename of the uploaded file."
- },
-
- "config_delete_file": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "category": "Upload",
- "minimum_access": 50,
- "args": "args_get_file",
- "description": "This script delete an uploaded file.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
-
- },
-
- "arg_read_permission": {
- "example": "255",
- "html_type": "number",
- "description": "The minimum group ID to read this file.",
- "is_advanced": true
- },
-
- "arg_write_permission": {
- "example": "255",
- "html_type": "number",
- "description": "The minimum group ID to write this file.",
- "is_advanced": true
- },
-
- "arg_delete_permission": {
- "example": "255",
- "html_type": "number",
- "description": "The minimum group ID to delete this file.",
- "is_advanced": true
- },
-
- "arg_hidden": {
- "html_type": "checkbox",
- "description": "Hide the uploaded file (not visible in the Web Interface).",
- "is_advanced": true
- },
-
- "arg_binary": {
- "html_type": "checkbox",
- "description": "The uploaded file is binary file (not human readable).",
- "is_advanced": true
- },
-
- "arg_is_b64": {
- "html_type": "checkbox",
- "description": "Using base64 to upload the file.",
- "javascript_section": "javascript_b64",
- "is_advanced": true
- },
-
- "javascript_b64": {
- "disabled": true,
- "checked": true
- },
-
- "arg_compression": {
- "html_type": "checkbox",
- "description": "Do not compress the file (use it for compressed file like ZIP, GZ, BZ2, XZ).",
- "is_advanced": true
- },
-
- "arg_content": {
- "input": true,
- "html_type": "file",
- "description": "Content of the uploaded file."
- },
-
- "config_get_history": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "category": "Upload",
- "args": "args_get_file",
- "access_groups": [1000],
- "content_type": "text/html",
- "description": "This script list all versions for an uploaded file.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "config_upload_file": {
- "timeout": 300,
- "no_password": true,
- "launcher": "python",
- "category": "Upload",
- "minimum_access": 50,
- "args": "args_upload_file",
- "description": "This script uploads a file on the WebScripts Server.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "args_upload_file": {
- "name": "arg_filename",
- "content": "arg_content",
- "--read-permission": "arg_read_permission",
- "--write-permission": "arg_write_permission",
- "--delete-permission": "arg_delete_permission",
- "--hidden": "arg_hidden",
- "--binary": "arg_binary",
- "--no-compression": "arg_compression",
- "--is-b64": "arg_is_b64"
- },
-
- "config_api_get_files": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "category": "Upload",
- "minimum_access": 50,
- "content_type": "text/json",
- "description": "This script returns a JSON object of uploaded files.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "config_get_all_files": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "category": "Upload",
- "access_groups": [1000],
- "content_type": "text/html",
- "description": "This script returns a HTML table of all uploaded files.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "config_api_get_history": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "category": "Upload",
- "access_groups": [1000],
- "args": "args_get_file",
- "content_type": "text/json",
- "description": "This script list all groups to get IDs, access level and names.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "config_api_get_all_files": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "category": "Upload",
- "access_groups": [1000],
- "content_type": "text/json",
- "description": "This script list all versions for an uploaded file.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "config_get_any_file": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "category": "Upload",
- "access_groups": [1000],
- "args": "args_get_any_file",
- "content_type": "text/html",
- "description": "This script returns a download link for any file (old version and without permission).",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "args_get_any_file": {
- "type": "arg_identifier_type",
- "identifier": "arg_identifier"
- },
-
- "arg_identifier_type": {
- "description": "Type o the identifier (ID or name).",
- "example": "name",
- "predefined_values": ["name", "ID"]
- },
-
- "arg_identifier": {
- "description": "The name of the file or the ID of the version.",
- "example": "LICENSE.txt"
- },
-
- "config_web_upload_size": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "category": "Upload",
- "access_groups": [1000],
- "content_type": "text/csv",
- "description": "This script prints a HTML table of uploaded file metadata.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- },
-
- "config_api_upload_size": {
- "timeout": 15,
- "no_password": true,
- "launcher": "python",
- "category": "Upload",
- "access_groups": [1000],
- "content_type": "text/json",
- "description": "This script returns a JSON object of uploaded file metadata.",
- "command_generate_documentation": "python \"%(dirname)s/../doc/py_doc.py\" \"%(path)s\""
- }
-}
\ No newline at end of file
diff --git a/config/nt/server.ini b/config/nt/server.ini
deleted file mode 100644
index aad9499a..00000000
--- a/config/nt/server.ini
+++ /dev/null
@@ -1,167 +0,0 @@
-[server]
-interface=127.0.0.1 # required value
-port=8000 # required value
-
-debug=false # Export the full server configuration and get error messages on HTTP errors pages [NEVER true in production]
-security=true # Add security HTTP headers
-force_file_permissions=true # Don't load file if permissions are not secure
-
-accept_unknow_user=false # Don't force a user to re-authenticate
-accept_unauthenticated_user=false # Don't force authentication for new user
-active_auth=true # Active auth page
-auth_script=auth.py # Change it to use a custom authentication script
-auth_failures_to_blacklist=3 # Number of authentication failures to blacklist an IP address or user
-blacklist_time=30 # Blacklist time in seconds
-admin_groups=1000 # Integer list to defines Adminitrators groups
-exclude_auth_paths=/static/,/js/ # Start of paths where the unauthenticated user gets access
-exclude_auth_pages=/api/,/auth/,/web/auth/ # Specific page where the unauthenticated user has access
-session_max_time=3600 # Maximum time in seconds of sessions (recommended value: 3600)
-csrf_max_time=300 # Maximum time in seconds of csrf tokens (recommended value: 300)
-
-urls_section=urls # Defined the URL routing section
-
-scripts_path=./scripts/rss,./scripts/account,./scripts/passwords,./scripts/uploads # Add scripts from location
-json_scripts_config=./config/scripts/*.json,./config/nt/scripts/*.json # Add server configuration (syntax: json)
-ini_scripts_config=./config/scripts/*.ini,./config/nt/scripts/*.ini # Add server configuration (syntax: cfg, ini)
-documentations_path=./doc/*.html # Add path to search documentation scripts
-# modules # Add custom modules (names) to the server
-# modules_path # Add directory to import custom modules
-modules=error_pages,share,cgi,rss,JsonRpc,notification
-modules_path=./modules
-js_path=./static/js/*.js # Add glob syntax files to get javascript files
-statics_path=./static/html/*.html,./static/css/*.css,./static/images/*.png,./static/images/*.jpg,./static/pdf/*.pdf # Add glob syntax files to get static files
-
-log_level=DEBUG # Set your custom log level {"DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"}
-log_filename=./logs/root.logs # Write your custom logs in this filename
-log_format=%(asctime)s %(levelname)s %(message)s (%(funcName)s -> %(filename)s:%(lineno)d) # Format for your custom logs (https://docs.python.org/3/library/logging.html#id2)
-log_date_format=%d/%m/%Y %H:%M:%S # Format date for your custom logs (https://docs.python.org/3/library/time.html#time.strftime)
-log_encoding=utf-8 # Encoding for your custom log file
-
-smtp_server # SMTP configuration is used to send notifications, the server name or the IP address of the SMTP server
-smtp_starttls=false # Using starttls to secure the connection
-smtp_password # Password for email account (username is the notification_address configuration), if password is None the client send email without authentication
-smtp_port=25 # SMTP port
-smtp_ssl=false # Using SSL (not starttls) to secure the connection
-admin_adresses=admin1@webscripts.local,admin2@webscripts.local # Administrators email addresses to receive the notification
-notification_address=notification@webscripts.local # Notification address to send the notification (the sender email address)
-
-webproxy_number=0 # Number of web proxies in front of the WebScripts server (this is the security configuration to block IP address spoofing: proxies add a header to send the client's IP address and proxies use different headers, there is no way to know which header is the right IP but it is possible to check the number of IPs in the headers). This configuration impact the bruteforce protection and the IP filtering authentication. Without this configuration the IP spoofing protection will be disabled (the bruteforce protection and IP filtering in authentication will be ineffective).
-
-base_url=/ # Base URL for the WebScripts server, if last character is not "/" it will be added by WebScripts, you can set the base URL configuration to use your server on non root URL, this is useful when you use multiples Web server on one host you could have the WebScripts web interface on /test/web/ with the base_url configuration set to "/test/" or "/test" and another Web server on the "/".
-
-data_dir=data # Configure data directory
-cgi_path=cgi-bin # CGI path to find scripts
-
-[urls]
-/authentication/=/web/auth/ # Routing the URL -> /authentication/ 'redirect' to /web/auth/
-/cgi-bin/=/cgi/bin/ # Routing the URL -> /cgi-bin/ 'redirect' to /cgi/bin/
-/cgi/=/cgi/bin/ # Routing the URL -> /cgi/ 'redirect' to /cgi/bin/
-/bin/=/cgi/bin/ # Routing the URL -> /bin/ 'redirect' to /cgi/bin/
-
-[scripts]
-auth.py=config_auth # Define the configuration section ("config_auth") for script named "auth.py"
-show_license.py=config_show_licence # Same as previous for "show_license.py" with "config_show_licence"
-change_my_password.py=config_change_my_password # Same as previous for "change_my_password.py" with "config_change_my_password"
-test_config.py=config_test_config # Little script to test arguments and script configurations
-
-[config_auth]
-launcher=python # Define the launcher for this script (if script is executable this line is not necessary)
-path=./scripts/account/auth.py # Only necessary if the location of the script is not in "scripts_path"
-documentation_file=./doc/auth.html # Only needed if the location of the documentation does not match the paths defined in "documentations_path"
-content_type=text/plain # Define the script output content-type (HTTP headers/javascript interpretation)
-documentation_content_type=text/html # Define the documentation content-type
-minimum_access=0 # If a user's group is greater than "minimum_access", the user can use this script
-access_groups=0,1 # If a user's group is in "access_groups", the user can use this script
-access_users=0,1,2 # If the user ID is in "access_users", the user can use this script
-args=auth_args # The arguments are defined in section named "auth_args"
-description=This script authenticates users. # Short description to help users
-category=My Account # Add a link on the index page in the "My Account" section
-timeout=15 # Timeout for process execution (in seconds)
-command_generate_documentation=python "%(dirname)s/../doc/py_doc.py" "%(path)s" # Command line to generate the documentation file
-
-# Script "auth.py" is in "./scripts/account" and this path is defined in "scripts_path" so is not necessary to add the "path" in configuration section
-# Documentation for "auth.py" is "./doc/auth.html" and this path match with "./doc/*.html" (defined in "documentations_path") so is not necessary to add "documentation_file" in configuration section
-# The default "Content-Type" is "text/plain" so is not necessary to add "content_type" in configuration section
-# The default "Content-Type" for documentation is "text/html" so is not necessary to add "documentation_content_type" in configuration section
-# You can add access to a script with:
-# - minimum_access: check all user groups, if a group is greater than "minimum_access", the user can use this script
-# - access_groups: check all user groups, if a group is in "access_groups", the user can use this script
-# - access_users: if the user ID is in "access_users", the user can use this script
-# - if script configuration don't have "minimum_access", "access_groups" and "access_users" anyone can use the script
-# The "args" configuration is not necessary if you have no arguments for this script
-# "description" is recommended but not required
-# If this script does not have a "category", this script will not be visible in the index page (WEB interface only)
-# Without "timeout", the script can run indefinitely
-# You can run a command line to generate the documentation before printing it, with the "command_generate_documentation" configuration
-
-[auth_args]
---username=arg_username # Add a configuration section ("arg_username") for the argument named "--username"
---password=arg_password # Add a configuration section ("arg_password") for the argument named "--password"
-
-# If the name of the argument starts with "-", it will be added in the command line otherwise only the value is added
-
-[arg_username]
-html_type=text # Define the HTML input type for this argument
-description=Your username (to log in) # Short description to help users
-default_value # Add default value
-predefined_values # To build a list box (