mirror of
https://github.com/usmannasir/cyberpanel.git
synced 2025-11-06 13:25:51 +01:00
583 lines
20 KiB
Python
Executable File
583 lines
20 KiB
Python
Executable File
# -*- coding: utf-8 -*-
|
|
from __future__ import unicode_literals
|
|
import json
|
|
from django.shortcuts import redirect
|
|
from django.http import HttpResponse
|
|
from loginSystem.models import Administrator
|
|
from plogical.virtualHostUtilities import virtualHostUtilities
|
|
from plogical import hashPassword
|
|
from packages.models import Package
|
|
from baseTemplate.views import renderBase
|
|
from random import randint
|
|
from websiteFunctions.models import Websites
|
|
import os
|
|
from baseTemplate.models import version
|
|
from plogical.mailUtilities import mailUtilities
|
|
from plogical.website import WebsiteManager
|
|
from loginSystem.models import ACL
|
|
from plogical.acl import ACLManager
|
|
from firewall.models import FirewallRules
|
|
from s3Backups.s3Backups import S3Backups
|
|
from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging
|
|
from plogical.processUtilities import ProcessUtilities
|
|
# Create your views here.
|
|
|
|
|
|
def verifyConn(request):
|
|
try:
|
|
if request.method == 'POST':
|
|
|
|
data = json.loads(request.body)
|
|
adminUser = data['adminUser']
|
|
adminPass = data['adminPass']
|
|
|
|
admin = Administrator.objects.get(userName=adminUser)
|
|
|
|
if admin.api == 0:
|
|
data_ret = {"verifyConn": 0, 'error_message': "API Access Disabled."}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
if hashPassword.check_password(admin.password, adminPass):
|
|
data_ret = {"verifyConn": 1}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
else:
|
|
data_ret = {"verifyConn": 0}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException, msg:
|
|
data_ret = {'verifyConn': 0, 'error_message': str(msg)}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
def createWebsite(request):
|
|
data = json.loads(request.body)
|
|
adminUser = data['adminUser']
|
|
admin = Administrator.objects.get(userName=adminUser)
|
|
|
|
if admin.api == 0:
|
|
data_ret = {"existsStatus": 0, 'createWebSiteStatus': 0,
|
|
'error_message': "API Access Disabled."}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
wm = WebsiteManager()
|
|
return wm.createWebsiteAPI(json.loads(request.body))
|
|
|
|
def getUserInfo(request):
|
|
try:
|
|
if request.method == 'POST':
|
|
|
|
data = json.loads(request.body)
|
|
|
|
adminUser = data['adminUser']
|
|
adminPass = data['adminPass']
|
|
username = data['username']
|
|
|
|
admin = Administrator.objects.get(userName=adminUser)
|
|
|
|
if admin.api == 0:
|
|
data_ret = {"status": 0, 'error_message': "API Access Disabled."}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
if hashPassword.check_password(admin.password, adminPass):
|
|
pass
|
|
else:
|
|
data_ret = {"status": 0,
|
|
'error_message': "Could not authorize access to API"}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
try:
|
|
user = Administrator.objects.get(userName=username)
|
|
data_ret = {'status': 0,
|
|
'firstName': user.firstName,
|
|
'lastName': user.lastName,
|
|
'email': user.email,
|
|
'adminStatus': user.acl.adminStatus,
|
|
'error_message': "None"}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
except:
|
|
data_ret = {'status': 0, 'error_message': "User does not exists."}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException, msg:
|
|
data_ret = {'status': 0, 'error_message': str(msg)}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
def changeUserPassAPI(request):
|
|
try:
|
|
if request.method == 'POST':
|
|
|
|
data = json.loads(request.body)
|
|
|
|
|
|
websiteOwner = data['websiteOwner']
|
|
ownerPassword = data['ownerPassword']
|
|
|
|
adminUser = data['adminUser']
|
|
adminPass = data['adminPass']
|
|
|
|
admin = Administrator.objects.get(userName=adminUser)
|
|
|
|
if admin.api == 0:
|
|
data_ret = {"changeStatus": 0, 'error_message': "API Access Disabled."}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
if hashPassword.check_password(admin.password, adminPass):
|
|
pass
|
|
else:
|
|
data_ret = {"changeStatus": 0,
|
|
'error_message': "Could not authorize access to API"}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
websiteOwn = Administrator.objects.get(userName=websiteOwner)
|
|
websiteOwn.password = hashPassword.hash_password(ownerPassword)
|
|
websiteOwn.save()
|
|
|
|
|
|
|
|
data_ret = {'changeStatus': 1, 'error_message': "None"}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException, msg:
|
|
data_ret = {'changeStatus': 0, 'error_message': str(msg)}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
def changePackageAPI(request):
|
|
try:
|
|
if request.method == 'POST':
|
|
|
|
data = json.loads(request.body)
|
|
|
|
websiteName = data['websiteName']
|
|
packageName = data['packageName']
|
|
adminUser = data['adminUser']
|
|
adminPass = data['adminPass']
|
|
|
|
admin = Administrator.objects.get(userName=adminUser)
|
|
|
|
if admin.api == 0:
|
|
data_ret = {"changePackage": 0, 'error_message': "API Access Disabled."}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
if hashPassword.check_password(admin.password, adminPass):
|
|
pass
|
|
else:
|
|
data_ret = {"changePackage": 0,
|
|
'error_message': "Could not authorize access to API"}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
website = Websites.objects.get(domain=websiteName)
|
|
pack = Package.objects.get(packageName=packageName)
|
|
|
|
website.package = pack
|
|
website.save()
|
|
|
|
|
|
|
|
data_ret = {'changePackage': 1, 'error_message': "None"}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException, msg:
|
|
data_ret = {'changePackage': 0, 'error_message': str(msg)}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
def deleteWebsite(request):
|
|
try:
|
|
if request.method == 'POST':
|
|
data = json.loads(request.body)
|
|
|
|
adminUser = data['adminUser']
|
|
adminPass = data['adminPass']
|
|
|
|
admin = Administrator.objects.get(userName=adminUser)
|
|
|
|
if admin.api == 0:
|
|
data_ret = {"websiteDeleteStatus": 0, 'error_message': "API Access Disabled."}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
data['websiteName'] = data['domainName']
|
|
|
|
if hashPassword.check_password(admin.password, adminPass):
|
|
pass
|
|
else:
|
|
data_ret = {"websiteDeleteStatus": 0,
|
|
'error_message': "Could not authorize access to API"}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
website = Websites.objects.get(domain=data['websiteName'])
|
|
websiteOwner = website.admin
|
|
|
|
try:
|
|
if admin.websites_set.all().count() == 0:
|
|
websiteOwner.delete()
|
|
except:
|
|
pass
|
|
|
|
## Deleting master domain
|
|
|
|
wm = WebsiteManager()
|
|
return wm.submitWebsiteDeletion(admin.pk, data)
|
|
|
|
except BaseException, msg:
|
|
data_ret = {'websiteDeleteStatus': 0, 'error_message': str(msg)}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
def submitWebsiteStatus(request):
|
|
try:
|
|
if request.method == 'POST':
|
|
data = json.loads(request.body)
|
|
adminUser = data['adminUser']
|
|
adminPass = data['adminPass']
|
|
|
|
admin = Administrator.objects.get(userName=adminUser)
|
|
|
|
if admin.api == 0:
|
|
data_ret = {"websiteStatus": 0, 'error_message': "API Access Disabled."}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
if hashPassword.check_password(admin.password, adminPass):
|
|
pass
|
|
else:
|
|
data_ret = {"websiteStatus": 0,
|
|
'error_message': "Could not authorize access to API"}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
wm = WebsiteManager()
|
|
return wm.submitWebsiteStatus(admin.pk, json.loads(request.body))
|
|
|
|
except BaseException, msg:
|
|
data_ret = {'websiteStatus': 0, 'error_message': str(msg)}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
def loginAPI(request):
|
|
try:
|
|
username = request.POST['username']
|
|
password = request.POST['password']
|
|
|
|
admin = Administrator.objects.get(userName=username)
|
|
|
|
if admin.api == 0:
|
|
data_ret = {"userID": 0, 'error_message': "API Access Disabled."}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
if hashPassword.check_password(admin.password, password):
|
|
request.session['userID'] = admin.pk
|
|
return redirect(renderBase)
|
|
else:
|
|
return HttpResponse("Invalid Credentials.")
|
|
|
|
except BaseException, msg:
|
|
data = {'userID': 0, 'loginStatus': 0, 'error_message': str(msg)}
|
|
json_data = json.dumps(data)
|
|
return HttpResponse(json_data)
|
|
|
|
def fetchSSHkey(request):
|
|
try:
|
|
if request.method == "POST":
|
|
data = json.loads(request.body)
|
|
username = data['username']
|
|
password = data['password']
|
|
|
|
admin = Administrator.objects.get(userName=username)
|
|
|
|
if admin.api == 0:
|
|
data_ret = {"status": 0, 'error_message': "API Access Disabled."}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
if hashPassword.check_password(admin.password, password):
|
|
|
|
pubKey = os.path.join("/root",".ssh",'cyberpanel.pub')
|
|
execPath = "sudo cat " + pubKey
|
|
data = ProcessUtilities.outputExecutioner(execPath)
|
|
|
|
data_ret = {
|
|
'status': 1,
|
|
'pubKeyStatus': 1,
|
|
'error_message': "None",
|
|
'pubKey':data
|
|
}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
else:
|
|
data_ret = {
|
|
'status' : 0,
|
|
'pubKeyStatus': 0,
|
|
'error_message': "Could not authorize access to API."
|
|
}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException, msg:
|
|
data = {'status' : 0, 'pubKeyStatus': 0,'error_message': str(msg)}
|
|
json_data = json.dumps(data)
|
|
return HttpResponse(json_data)
|
|
|
|
def remoteTransfer(request):
|
|
try:
|
|
if request.method == "POST":
|
|
|
|
data = json.loads(request.body)
|
|
username = data['username']
|
|
password = data['password']
|
|
|
|
|
|
admin = Administrator.objects.get(userName=username)
|
|
|
|
if admin.api == 0:
|
|
data_ret = {"transferStatus": 0, 'error_message': "API Access Disabled."}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
ipAddress = data['ipAddress']
|
|
accountsToTransfer = data['accountsToTransfer']
|
|
|
|
if hashPassword.check_password(admin.password, password):
|
|
dir = str(randint(1000, 9999))
|
|
|
|
##
|
|
|
|
mailUtilities.checkHome()
|
|
path = "/home/cyberpanel/accounts-" + str(randint(1000, 9999))
|
|
writeToFile = open(path,'w')
|
|
|
|
for items in accountsToTransfer:
|
|
writeToFile.writelines(items + "\n")
|
|
writeToFile.close()
|
|
|
|
## Accounts to transfer is a path to file, containing accounts.
|
|
|
|
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/remoteTransferUtilities.py"
|
|
execPath = execPath + " remoteTransfer --ipAddress " + ipAddress + " --dir " + dir + " --accountsToTransfer " + path
|
|
ProcessUtilities.popenExecutioner(execPath)
|
|
|
|
return HttpResponse(json.dumps({"transferStatus": 1, "dir": dir}))
|
|
|
|
##
|
|
else:
|
|
data_ret = {'transferStatus': 0, 'error_message': "Could not authorize access to API."}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException, msg:
|
|
data = {'transferStatus': 0,'error_message': str(msg)}
|
|
json_data = json.dumps(data)
|
|
return HttpResponse(json_data)
|
|
|
|
def fetchAccountsFromRemoteServer(request):
|
|
try:
|
|
if request.method == "POST":
|
|
data = json.loads(request.body)
|
|
username = data['username']
|
|
password = data['password']
|
|
|
|
admin = Administrator.objects.get(userName=username)
|
|
|
|
if admin.api == 0:
|
|
data_ret = {"fetchStatus": 0, 'error_message': "API Access Disabled."}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
if hashPassword.check_password(admin.password, password):
|
|
|
|
records = Websites.objects.all()
|
|
|
|
json_data = "["
|
|
checker = 0
|
|
|
|
for items in records:
|
|
dic = {
|
|
'website': items.domain,
|
|
'php': items.phpSelection,
|
|
'package': items.package.packageName,
|
|
'email': items.adminEmail,
|
|
}
|
|
|
|
if checker == 0:
|
|
json_data = json_data + json.dumps(dic)
|
|
checker = 1
|
|
else:
|
|
json_data = json_data + ',' + json.dumps(dic)
|
|
|
|
json_data = json_data + ']'
|
|
final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data})
|
|
|
|
return HttpResponse(final_json)
|
|
else:
|
|
data_ret = {'fetchStatus': 0, 'error_message': "Invalid Credentials"}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException, msg:
|
|
data = {'fetchStatus': 0,'error_message': str(msg)}
|
|
json_data = json.dumps(data)
|
|
return HttpResponse(json_data)
|
|
|
|
def FetchRemoteTransferStatus(request):
|
|
try:
|
|
if request.method == "POST":
|
|
data = json.loads(request.body)
|
|
username = data['username']
|
|
password = data['password']
|
|
|
|
admin = Administrator.objects.get(userName=username)
|
|
|
|
if admin.api == 0:
|
|
data_ret = {"fetchStatus": 0, 'error_message': "API Access Disabled."}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
dir = "/home/backup/transfer-"+str(data['dir'])+"/backup_log"
|
|
|
|
try:
|
|
command = "sudo cat "+ dir
|
|
status = ProcessUtilities.outputExecutioner(command)
|
|
|
|
|
|
if hashPassword.check_password(admin.password, password):
|
|
|
|
final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "status": status})
|
|
return HttpResponse(final_json)
|
|
else:
|
|
data_ret = {'fetchStatus': 0, 'error_message': "Invalid Credentials"}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
except:
|
|
final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "status": "Just started.."})
|
|
return HttpResponse(final_json)
|
|
|
|
|
|
|
|
except BaseException, msg:
|
|
data = {'fetchStatus': 0,'error_message': str(msg)}
|
|
json_data = json.dumps(data)
|
|
return HttpResponse(json_data)
|
|
|
|
def cancelRemoteTransfer(request):
|
|
try:
|
|
if request.method == "POST":
|
|
data = json.loads(request.body)
|
|
username = data['username']
|
|
password = data['password']
|
|
|
|
admin = Administrator.objects.get(userName=username)
|
|
|
|
if admin.api == 0:
|
|
data_ret = {"cancelStatus": 0, 'error_message': "API Access Disabled."}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
dir = "/home/backup/transfer-"+str(data['dir'])
|
|
|
|
|
|
|
|
if hashPassword.check_password(admin.password, password):
|
|
|
|
path = dir + "/pid"
|
|
|
|
command = "sudo cat " + path
|
|
pid = ProcessUtilities.outputExecutioner(command)
|
|
|
|
command = "sudo kill -KILL " + pid
|
|
ProcessUtilities.executioner(command)
|
|
|
|
command = "sudo rm -rf " + dir
|
|
ProcessUtilities.executioner(command)
|
|
|
|
data = {'cancelStatus': 1, 'error_message': "None"}
|
|
json_data = json.dumps(data)
|
|
return HttpResponse(json_data)
|
|
|
|
else:
|
|
data_ret = {'cancelStatus': 0, 'error_message': "Invalid Credentials"}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
|
|
except BaseException, msg:
|
|
data = {'cancelStatus': 1, 'error_message': str(msg)}
|
|
json_data = json.dumps(data)
|
|
return HttpResponse(json_data)
|
|
|
|
def cyberPanelVersion(request):
|
|
try:
|
|
if request.method == 'POST':
|
|
|
|
data = json.loads(request.body)
|
|
|
|
adminUser = data['username']
|
|
adminPass = data['password']
|
|
|
|
|
|
admin = Administrator.objects.get(userName=adminUser)
|
|
|
|
if admin.api == 0:
|
|
data_ret = {"getVersion": 0, 'error_message': "API Access Disabled."}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
if hashPassword.check_password(admin.password, adminPass):
|
|
|
|
Version = version.objects.get(pk=1)
|
|
|
|
data_ret = {
|
|
"getVersion": 1,
|
|
'error_message': "none",
|
|
'currentVersion':Version.currentVersion,
|
|
'build':Version.build
|
|
}
|
|
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
else:
|
|
data_ret = {
|
|
"getVersion": 0,
|
|
'error_message': "Could not authorize access to API."
|
|
}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
except BaseException, msg:
|
|
data_ret = {
|
|
"getVersion": 0,
|
|
'error_message': str(msg)
|
|
}
|
|
json_data = json.dumps(data_ret)
|
|
return HttpResponse(json_data)
|
|
|
|
def runAWSBackups(request):
|
|
try:
|
|
|
|
data = json.loads(request.body)
|
|
randomFile = data['randomFile']
|
|
|
|
if os.path.exists(randomFile):
|
|
s3 = S3Backups(request, None, 'runAWSBackups')
|
|
s3.start()
|
|
except BaseException, msg:
|
|
logging.writeToFile(str(msg) + ' [API.runAWSBackups]') |