mirror of
https://github.com/usmannasir/cyberpanel.git
synced 2025-11-08 14:26:16 +01:00
secMiddleware.py
secMiddleware.py This needs testing, if this change will mess up anything else. @usmannasir Can you try this?
This commit is contained in:
Master3395
@@ -1,8 +1,7 @@
|
|||||||
# coding=utf-8
|
# coding=utf-8
|
||||||
from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging
|
|
||||||
import json
|
import json
|
||||||
from django.shortcuts import HttpResponse, render
|
|
||||||
import re
|
import re
|
||||||
|
from django.shortcuts import HttpResponse, render
|
||||||
from loginSystem.models import Administrator
|
from loginSystem.models import Administrator
|
||||||
|
|
||||||
class secMiddleware:
|
class secMiddleware:
|
||||||
@@ -23,7 +22,7 @@ class secMiddleware:
|
|||||||
try:
|
try:
|
||||||
uID = request.session['userID']
|
uID = request.session['userID']
|
||||||
admin = Administrator.objects.get(pk=uID)
|
admin = Administrator.objects.get(pk=uID)
|
||||||
ipAddr = get_client_ip(request)
|
ipAddr = self.get_client_ip(request)
|
||||||
|
|
||||||
if ipAddr.find('.') > -1:
|
if ipAddr.find('.') > -1:
|
||||||
if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
|
if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
|
||||||
@@ -31,19 +30,17 @@ class secMiddleware:
|
|||||||
else:
|
else:
|
||||||
del request.session['userID']
|
del request.session['userID']
|
||||||
del request.session['ipAddr']
|
del request.session['ipAddr']
|
||||||
logging.writeToFile(get_client_ip(request))
|
|
||||||
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
|
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
|
||||||
"errorMessage": "Session reuse detected, IPAddress logged."}
|
"errorMessage": "Session reuse detected, IPAddress logged."}
|
||||||
final_json = json.dumps(final_dic)
|
final_json = json.dumps(final_dic)
|
||||||
return HttpResponse(final_json)
|
return HttpResponse(final_json)
|
||||||
else:
|
else:
|
||||||
ipAddr = get_client_ip(request).split(':')[:3]
|
ipAddr = self.get_client_ip(request).split(':')[:3]
|
||||||
if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
|
if request.session['ipAddr'] == ipAddr or admin.securityLevel == secMiddleware.LOW:
|
||||||
pass
|
pass
|
||||||
else:
|
else:
|
||||||
del request.session['userID']
|
del request.session['userID']
|
||||||
del request.session['ipAddr']
|
del request.session['ipAddr']
|
||||||
logging.writeToFile(get_client_ip(request))
|
|
||||||
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
|
final_dic = {'error_message': "Session reuse detected, IPAddress logged.",
|
||||||
"errorMessage": "Session reuse detected, IPAddress logged."}
|
"errorMessage": "Session reuse detected, IPAddress logged."}
|
||||||
final_json = json.dumps(final_dic)
|
final_json = json.dumps(final_dic)
|
||||||
@@ -53,7 +50,6 @@ class secMiddleware:
|
|||||||
|
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
try:
|
try:
|
||||||
#logging.writeToFile(request.body)
|
|
||||||
data = json.loads(request.body)
|
data = json.loads(request.body)
|
||||||
for key, value in data.items():
|
for key, value in data.items():
|
||||||
if request.path.find('gitNotify') > -1:
|
if request.path.find('gitNotify') > -1:
|
||||||
@@ -62,17 +58,10 @@ class secMiddleware:
|
|||||||
pass
|
pass
|
||||||
elif type(value) == list:
|
elif type(value) == list:
|
||||||
for items in value:
|
for items in value:
|
||||||
if items.find('- -') > -1 or items.find('\n') > -1 or items.find(';') > -1 or items.find(
|
if any(char in items for char in ['$','&','(',')','[',']','{','}',';','‘','<','>']):
|
||||||
'&&') > -1 or items.find('|') > -1 or items.find('...') > -1 \
|
|
||||||
or items.find("`") > -1 or items.find("$") > -1 or items.find(
|
|
||||||
"(") > -1 or items.find(")") > -1 \
|
|
||||||
or items.find("'") > -1 or items.find("[") > -1 or items.find(
|
|
||||||
"]") > -1 or items.find("{") > -1 or items.find("}") > -1 \
|
|
||||||
or items.find(":") > -1 or items.find("<") > -1 or items.find(">") > -1:
|
|
||||||
logging.writeToFile(request.body)
|
|
||||||
final_dic = {
|
final_dic = {
|
||||||
'error_message': "Data supplied is not accepted, following characters are not allowed in the input ` $ & ( ) [ ] { } ; : ‘ < >.",
|
'error_message': "Data supplied is not accepted, following characters are not allowed in the input `$ & ( ) [ ] { } ; : ‘ < >.",
|
||||||
"errorMessage": "Data supplied is not accepted, following characters are not allowed in the input ` $ & ( ) [ ] { } ; : ‘ < >."}
|
"errorMessage": "Data supplied is not accepted, following characters are not allowed in the input `$ & ( ) [ ] { } ; : ‘ < >."}
|
||||||
final_json = json.dumps(final_dic)
|
final_json = json.dumps(final_dic)
|
||||||
return HttpResponse(final_json)
|
return HttpResponse(final_json)
|
||||||
else:
|
else:
|
||||||
@@ -80,7 +69,6 @@ class secMiddleware:
|
|||||||
|
|
||||||
if key == 'backupDestinations':
|
if key == 'backupDestinations':
|
||||||
if re.match('^[a-z|0-9]+:[a-z|0-9|\.]+\/?[A-Z|a-z|0-9|\.]*$', value) == None and value != 'local':
|
if re.match('^[a-z|0-9]+:[a-z|0-9|\.]+\/?[A-Z|a-z|0-9|\.]*$', value) == None and value != 'local':
|
||||||
logging.writeToFile(request.body)
|
|
||||||
final_dic = {'error_message': "Data supplied is not accepted.",
|
final_dic = {'error_message': "Data supplied is not accepted.",
|
||||||
"errorMessage": "Data supplied is not accepted."}
|
"errorMessage": "Data supplied is not accepted."}
|
||||||
final_json = json.dumps(final_dic)
|
final_json = json.dumps(final_dic)
|
||||||
@@ -88,7 +76,7 @@ class secMiddleware:
|
|||||||
|
|
||||||
if request.build_absolute_uri().find(
|
if request.build_absolute_uri().find(
|
||||||
'api/remoteTransfer') > -1 or request.build_absolute_uri().find(
|
'api/remoteTransfer') > -1 or request.build_absolute_uri().find(
|
||||||
'api/verifyConn') > -1 or request.build_absolute_uri().find(
|
'api/verifyConn') >-1 or request.build_absolute_uri().find(
|
||||||
'webhook') > -1 or request.build_absolute_uri().find(
|
'webhook') > -1 or request.build_absolute_uri().find(
|
||||||
'saveSpamAssassinConfigurations') > -1 or request.build_absolute_uri().find(
|
'saveSpamAssassinConfigurations') > -1 or request.build_absolute_uri().find(
|
||||||
'docker') > -1 or request.build_absolute_uri().find(
|
'docker') > -1 or request.build_absolute_uri().find(
|
||||||
@@ -108,10 +96,9 @@ class secMiddleware:
|
|||||||
or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find(
|
or value.find("'") > -1 or value.find("[") > -1 or value.find("]") > -1 or value.find(
|
||||||
"{") > -1 or value.find("}") > -1 \
|
"{") > -1 or value.find("}") > -1 \
|
||||||
or value.find(":") > -1 or value.find("<") > -1 or value.find(">") > -1:
|
or value.find(":") > -1 or value.find("<") > -1 or value.find(">") > -1:
|
||||||
logging.writeToFile(request.body)
|
|
||||||
final_dic = {
|
final_dic = {
|
||||||
'error_message': "Data supplied is not accepted, following characters are not allowed in the input ` $ & ( ) [ ] { } ; : ‘ < >.",
|
'error_message': "Data supplied is not accepted, following characters are not allowed in the input `$ & ( ) [ ] { } ; : ‘ < >.",
|
||||||
"errorMessage": "Data supplied is not accepted, following characters are not allowed in the input ` $ & ( ) [ ] { } ; : ‘ < >."}
|
"errorMessage": "Data supplied is not accepted, following characters are not allowed in the input `$ & ( ) [ ] { } ; : ‘ < >."}
|
||||||
final_json = json.dumps(final_dic)
|
final_json = json.dumps(final_dic)
|
||||||
return HttpResponse(final_json)
|
return HttpResponse(final_json)
|
||||||
if key.find(';') > -1 or key.find('&&') > -1 or key.find('|') > -1 or key.find('...') > -1 \
|
if key.find(';') > -1 or key.find('&&') > -1 or key.find('|') > -1 or key.find('...') > -1 \
|
||||||
@@ -119,9 +106,8 @@ class secMiddleware:
|
|||||||
or key.find("'") > -1 or key.find("[") > -1 or key.find("]") > -1 or key.find(
|
or key.find("'") > -1 or key.find("[") > -1 or key.find("]") > -1 or key.find(
|
||||||
"{") > -1 or key.find("}") > -1 \
|
"{") > -1 or key.find("}") > -1 \
|
||||||
or key.find(":") > -1 or key.find("<") > -1 or key.find(">") > -1:
|
or key.find(":") > -1 or key.find("<") > -1 or key.find(">") > -1:
|
||||||
logging.writeToFile(request.body)
|
|
||||||
final_dic = {'error_message': "Data supplied is not accepted.",
|
final_dic = {'error_message': "Data supplied is not accepted.",
|
||||||
"errorMessage": "Data supplied is not accepted following characters are not allowed in the input ` $ & ( ) [ ] { } ; : ‘ < >."}
|
"errorMessage": "Data supplied is not accepted following characters are not allowed in the input `$ & ( ) [ ] { } ; : ‘ < >."}
|
||||||
final_json = json.dumps(final_dic)
|
final_json = json.dumps(final_dic)
|
||||||
return HttpResponse(final_json)
|
return HttpResponse(final_json)
|
||||||
|
|
||||||
@@ -129,14 +115,6 @@ class secMiddleware:
|
|||||||
logging.writeToFile(str(msg))
|
logging.writeToFile(str(msg))
|
||||||
response = self.get_response(request)
|
response = self.get_response(request)
|
||||||
return response
|
return response
|
||||||
# else:
|
|
||||||
# try:
|
|
||||||
# if request.path.find('cloudAPI/') > -1 or request.path.find('api/') > -1:
|
|
||||||
# pass
|
|
||||||
# else:
|
|
||||||
# uID = request.session['userID']
|
|
||||||
# except:
|
|
||||||
# return render(request, 'loginSystem/login.html', {})
|
|
||||||
|
|
||||||
response = self.get_response(request)
|
response = self.get_response(request)
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
{% extends "baseTemplate/index.html" %}
|
{% extends "baseTemplate/index.html" %}
|
||||||
{% load i18n %}
|
{% load i18n %}
|
||||||
{% block title %}{% trans "Version Management - CyberPanel" %}"{% endblock %}
|
{% block title %}{% trans "Version Management - CyberPanel" %}{% endblock %}
|
||||||
|
|
||||||
{% block content %}
|
{% block content %}
|
||||||
|
|
||||||
@@ -158,8 +158,8 @@
|
|||||||
// Log the response from the server
|
// Log the response from the server
|
||||||
console.log('Upgrade response:', data);
|
console.log('Upgrade response:', data);
|
||||||
|
|
||||||
// Check if the progress value is a finite number before setting it on the progress bar
|
// Check if the progress value is defined and a finite number before setting it on the progress bar
|
||||||
if (isFinite(data.progress)) {
|
if (typeof data.progress !== 'undefined' && isFinite(data.progress)) {
|
||||||
var upgradeProgressLog = document.getElementById("upgradeProgressLog");
|
var upgradeProgressLog = document.getElementById("upgradeProgressLog");
|
||||||
upgradeProgressLog.innerText = 'Upgrade Progress: ' + data.progress + '%';
|
upgradeProgressLog.innerText = 'Upgrade Progress: ' + data.progress + '%';
|
||||||
// You may also update other UI elements based on the response data
|
// You may also update other UI elements based on the response data
|
||||||
@@ -204,7 +204,7 @@
|
|||||||
// Log detailed error information
|
// Log detailed error information
|
||||||
console.error('Detailed error information:', error);
|
console.error('Detailed error information:', error);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function refreshPage() {
|
function refreshPage() {
|
||||||
location.reload();
|
location.reload();
|
||||||
|
|||||||
Reference in New Issue
Block a user