pci compliance headers

2025-11-17 18:51:04 +01:00 · 2019-11-05 14:07:37 +05:00
parent 95a953a0a8
commit e4a375f4f1
10 changed files with 55 additions and 28 deletions
--- a/CyberCP/secMiddleware.py
+++ b/CyberCP/secMiddleware.py
@@ -92,5 +92,12 @@ class secMiddleware:
                logging.writeToFile(str(msg))
                response = self.get_response(request)
                return response
+
+
        response = self.get_response(request)
+        
+        response['X-XSS-Protection'] = "1; mode=block"
+        response['Strict-Transport-Security'] = "max-age=31536000; includeSubDomains; preload"
+        response['X-Frame-Options'] = "DENY"
+
        return response
--- a/CyberCP/settings.py
+++ b/CyberCP/settings.py
@@ -127,7 +127,8 @@ DATABASES = {
 }

 DATABASE_ROUTERS = ['backup.backupRouter.backupRouter']
-
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True

 # Password validation
 # https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
--- a/WebTerminal/CPWebSocket.py
+++ b/WebTerminal/CPWebSocket.py
@@ -9,6 +9,8 @@ import threading as multi
 import time

 class SSHServer(multi.Thread):
+    OKGREEN = '\033[92m'
+    ENDC = '\033[0m'

    def loadPublicKey(self):
        pubkey = '/root/.ssh/cyberpanel.pub'
@@ -44,17 +46,25 @@ class SSHServer(multi.Thread):
        self.shell.settimeout(0)

        self.websocket = websocket
+        self.color = 0

    def recvData(self):
        while True:
            try:
                if os.path.exists(self.websocket.verifyPath):
+                    if self.websocket.filePassword == self.websocket.filePassword:
                        if self.shell.recv_ready():
+                            if self.color == 0:
+                                text = '%sEnjoy your accelerated Internet by CyberPanel and LiteSpeed%s' % (SSHServer.OKGREEN, SSHServer.ENDC)
+                                nText = 'Enjoy your accelerated Internet by CyberPanel'
+                                self.websocket.sendMessage(self.shell.recv(9000).decode("utf-8").replace(nText, text))
+                                self.color = 1
+                            else:
                                self.websocket.sendMessage(self.shell.recv(9000).decode("utf-8"))
                        else:
-                        time.sleep(0.1)
+                            time.sleep(0.01)
            except BaseException, msg:
-                time.sleep(2)
+                time.sleep(0.1)

    def run(self):
        try:
@@ -70,8 +80,11 @@ class WebTerminalServer(WebSocket):
           data = json.loads(self.data)
           if str(self.data).find('"tp":"init"') > -1:
               self.verifyPath = str(data['data']['verifyPath'])
+               self.password = str(data['data']['password'])
+               self.filePassword = open(self.verifyPath, 'r').read()
           else:
               if os.path.exists(self.verifyPath):
+                   if self.filePassword == self.filePassword:
                    self.shell.send(str(data['data']))
       except:
           pass
--- a/WebTerminal/static/WebTerminal/main.js
+++ b/WebTerminal/static/WebTerminal/main.js
@@ -67,14 +67,9 @@ function check() {
 function connect() {
    var remember = $("#remember").is(":checked");
    var options = {
-        host: $("#host").val(),
-        port: $("#port").val(),
-        username: $("#username").val(),
-        ispwd: $("input[name=ispwd]:checked").val(),
-        secret: $("#secret").val(),
-        verifyPath: $("#verifyPath").text()
-    }
-    console.debug(options);
+        verifyPath: $("#verifyPath").text(),
+        password: $("#password").text()
+    };
    if (remember) {
        store(options)
    }
--- a/WebTerminal/static/WebTerminal/ws.js
+++ b/WebTerminal/static/WebTerminal/ws.js
@@ -58,7 +58,7 @@ WSSHClient.prototype.sendInitData = function (options) {
 }

 WSSHClient.prototype.sendClientData = function (data) {
-    this._connection.send(JSON.stringify({"tp": "client", "data": data, 'verifyPath': $("#verifyPath").text()}))
+    this._connection.send(JSON.stringify({"tp": "client", "data": data, 'verifyPath': $("#verifyPath").text(), 'password': $("#password").text()}))
 }

 var client = new WSSHClient();
--- a/WebTerminal/templates/WebTerminal/WebTerminal.html
+++ b/WebTerminal/templates/WebTerminal/WebTerminal.html
@@ -42,6 +42,7 @@

                    </div>
                    <div style="display: none" id="verifyPath">{{ verifyPath }}</div>
+                    <div style="display: none" id="password">{{ password }}</div>
                </div>
            </div>
        </div>
--- a/WebTerminal/views.py
+++ b/WebTerminal/views.py
@@ -11,6 +11,7 @@ from plogical.processUtilities import ProcessUtilities
 from plogical.firewallUtilities import FirewallUtilities
 from firewall.models import FirewallRules
 import json
+import plogical.randomPassword

 # Create your views here.

@@ -24,12 +25,13 @@ def terminal(request):
        else:
            return ACLManager.loadError()

+        password = plogical.randomPassword.generate_pass()
+
        verifyPath = "/home/cyberpanel/" + str(randint(100000, 999999))
        writeToFile = open(verifyPath, 'w')
-        writeToFile.writelines('code')
+        writeToFile.write(password)
        writeToFile.close()

-
        ## setting up ssh server
        path = '/etc/systemd/system/cpssh.service'
        curPath = '/usr/local/CyberCP/WebTerminal/cpssh.service'
@@ -46,7 +48,7 @@ def terminal(request):
            newFWRule = FirewallRules(name='terminal', proto='tcp', port='5678', ipAddress='0.0.0.0/0')
            newFWRule.save()

-        return render(request, 'WebTerminal/WebTerminal.html', {'verifyPath': verifyPath})
+        return render(request, 'WebTerminal/WebTerminal.html', {'verifyPath': verifyPath, 'password': password})
    except BaseException, msg:
        logging.writeToFile(str(msg))
        return redirect(loadLoginPage)
--- a/plogical/upgrade.py
+++ b/plogical/upgrade.py
@@ -1353,6 +1353,12 @@ class Upgrade:
                if items.find('WebTerminal') > -1:
                    WebTerminal = 0

+            SESSION_COOKIE_SECURE = 1
+
+            for items in data:
+                if items.find('SESSION_COOKIE_SECURE') > -1:
+                    SESSION_COOKIE_SECURE = 0
+
            Upgrade.stdOut('Restoring settings file!')

            writeToFile = open("/usr/local/CyberCP/CyberCP/settings.py", 'w')
@@ -1362,6 +1368,13 @@ class Upgrade:
                    if csrfCheck == 1:
                        writeToFile.writelines("    'django.middleware.csrf.CsrfViewMiddleware',\n")

+                if items.find('DATABASE_ROUTERS') > -1:
+                    if SESSION_COOKIE_SECURE == 1:
+                        con = """SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+"""
+                        writeToFile.writelines(con)
+
                elif items.find("'filemanager',") > -1:
                    writeToFile.writelines(items)
                    if pluginCheck == 1:
--- a/static/WebTerminal/main.js
+++ b/static/WebTerminal/main.js
@@ -67,14 +67,9 @@ function check() {
 function connect() {
    var remember = $("#remember").is(":checked");
    var options = {
-        host: $("#host").val(),
-        port: $("#port").val(),
-        username: $("#username").val(),
-        ispwd: $("input[name=ispwd]:checked").val(),
-        secret: $("#secret").val(),
-        verifyPath: $("#verifyPath").text()
-    }
-    console.debug(options);
+        verifyPath: $("#verifyPath").text(),
+        password: $("#password").text()
+    };
    if (remember) {
        store(options)
    }
--- a/static/WebTerminal/ws.js
+++ b/static/WebTerminal/ws.js
@@ -58,7 +58,7 @@ WSSHClient.prototype.sendInitData = function (options) {
 }

 WSSHClient.prototype.sendClientData = function (data) {
-    this._connection.send(JSON.stringify({"tp": "client", "data": data, 'verifyPath': $("#verifyPath").text()}))
+    this._connection.send(JSON.stringify({"tp": "client", "data": data, 'verifyPath': $("#verifyPath").text(), 'password': $("#password").text()}))
 }

 var client = new WSSHClient();