Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2026-05-06 18:26:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

push changes

Browse Source
This commit is contained in:
Michael Ramsey
2019-10-08 10:53:02 -04:00
parent 0695e9c9d0
commit bd71b39d31
1802 changed files with 170876 additions and 50904 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
api/urls.py
View File

@@ -10,7 +10,9 @@ urlpatterns = [
url(r'^loginAPI', views.loginAPI, name='loginAPI'),
url(r'^getUserInfo$', views.getUserInfo, name='getUserInfo'),
url(r'^changeUserPassAPI', views.changeUserPassAPI, name='changeUserPassAPI'),
url(r'^changePackageAPI', views.changePackageAPI, name='changePackageAPI'),
url(r'^fetchSSHkey', views.fetchSSHkey, name='fetchSSHkey'),
url(r'^remoteTransfer', views.remoteTransfer, name='remoteTransfer'),
@@ -19,11 +21,7 @@ urlpatterns = [
url(r'^cancelRemoteTransfer', views.cancelRemoteTransfer, name='cancelRemoteTransfer'),
url(r'^cyberPanelVersion', views.cyberPanelVersion, name='cyberPanelVersion'),
url(r'^putSSHkey', views.putSSHkey, name='putSSHkey'),
url(r'^changeAdminPassword', views.changeAdminPassword, name='changeAdminPassword'),
url(r'^runAWSBackups$', views.runAWSBackups, name='runAWSBackups'),
]

376
api/views.py
View File

@@ -6,21 +6,21 @@ from django.http import HttpResponse
from loginSystem.models import Administrator
from plogical.virtualHostUtilities import virtualHostUtilities
from plogical import hashPassword
from plogical.installUtilities import installUtilities
from packages.models import Package
from baseTemplate.views import renderBase
from random import randint
from websiteFunctions.models import Websites,ChildDomains
from websiteFunctions.models import Websites
import os
from baseTemplate.models import version
import subprocess
import shlex
import re
from plogical.mailUtilities import mailUtilities
from websiteFunctions.website import WebsiteManager
from s3Backups.s3Backups import S3Backups
from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging
from plogical.processUtilities import ProcessUtilities
from django.views.decorators.csrf import csrf_exempt
# Create your views here.
@csrf_exempt
def verifyConn(request):
try:
if request.method == 'POST':
@@ -31,6 +31,11 @@ def verifyConn(request):
admin = Administrator.objects.get(userName=adminUser)
if admin.api == 0:
data_ret = {"verifyConn": 0, 'error_message': "API Access Disabled."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
if hashPassword.check_password(admin.password, adminPass):
data_ret = {"verifyConn": 1}
json_data = json.dumps(data_ret)
@@ -45,7 +50,23 @@ def verifyConn(request):
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
@csrf_exempt
def createWebsite(request):
data = json.loads(request.body)
adminUser = data['adminUser']
admin = Administrator.objects.get(userName=adminUser)
if admin.api == 0:
data_ret = {"existsStatus": 0, 'createWebSiteStatus': 0,
'error_message': "API Access Disabled."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
wm = WebsiteManager()
return wm.createWebsiteAPI(json.loads(request.body))
@csrf_exempt
def getUserInfo(request):
try:
if request.method == 'POST':
@@ -53,74 +74,44 @@ def createWebsite(request):
adminUser = data['adminUser']
adminPass = data['adminPass']
domain = data['domainName']
adminEmail = data['ownerEmail']
packageName = data['packageName']
websiteOwner = data['websiteOwner']
ownerPassword = data['ownerPassword']
externalApp = "".join(re.findall("[a-zA-Z]+", domain))[:7]
data['ssl'] = 0
data['dkimCheck'] = 0
data['openBasedir'] = 1
phpSelection = "PHP 7.0"
username = data['username']
admin = Administrator.objects.get(userName=adminUser)
if admin.api == 0:
data_ret = {"status": 0, 'error_message': "API Access Disabled."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
if hashPassword.check_password(admin.password, adminPass):
pass
else:
data_ret = {"existsStatus": 0, 'createWebSiteStatus': 0,
data_ret = {"status": 0,
'error_message': "Could not authorize access to API"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
if adminEmail is None:
adminEmail = "usman@cyberpersons.com"
try:
websiteOwn = Administrator(userName=websiteOwner, password=hashPassword.hash_password(ownerPassword),
email=adminEmail, type=3, owner=admin.pk,
initWebsitesLimit=1)
websiteOwn.save()
except BaseException,msg:
pass
## Create Configurations
numberOfWebsites = str(Websites.objects.count() + ChildDomains.objects.count())
sslpath = "/home/" + domain + "/public_html"
## Create Configurations
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py"
execPath = execPath + " createVirtualHost --virtualHostName " + domain + \
" --administratorEmail " + adminEmail + " --phpVersion '" + phpSelection + \
"' --virtualHostUser " + externalApp + " --numberOfSites " + numberOfWebsites + \
" --ssl " + str(data['ssl']) + " --sslPath " + sslpath + " --dkimCheck " + str(data['dkimCheck']) \
+ " --openBasedir " + str(data['openBasedir']) + ' --websiteOwner ' + websiteOwner \
+ ' --package ' + packageName
output = subprocess.check_output(shlex.split(execPath))
if output.find("1,None") > -1:
data_ret = {'createWebSiteStatus': 1, 'error_message': "None", "existsStatus": 0}
user = Administrator.objects.get(userName=username)
data_ret = {'status': 0,
'firstName': user.firstName,
'lastName': user.lastName,
'email': user.email,
'adminStatus': user.acl.adminStatus,
'error_message': "None"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {'createWebSiteStatus': 0, 'error_message': output, "existsStatus": 0}
except:
data_ret = {'status': 0, 'error_message': "User does not exists."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException, msg:
data_ret = {'createWebSiteStatus': 0, 'error_message': str(msg), "existsStatus": 0}
data_ret = {'status': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
@csrf_exempt
def changeUserPassAPI(request):
try:
if request.method == 'POST':
@@ -130,11 +121,17 @@ def changeUserPassAPI(request):
websiteOwner = data['websiteOwner']
ownerPassword = data['ownerPassword']
adminUser = data['adminUser']
adminPass = data['adminPass']
admin = Administrator.objects.get(userName=adminUser)
if admin.api == 0:
data_ret = {"changeStatus": 0, 'error_message': "API Access Disabled."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
if hashPassword.check_password(admin.password, adminPass):
pass
else:
@@ -159,6 +156,7 @@ def changeUserPassAPI(request):
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
@csrf_exempt
def changePackageAPI(request):
try:
if request.method == 'POST':
@@ -172,6 +170,11 @@ def changePackageAPI(request):
admin = Administrator.objects.get(userName=adminUser)
if admin.api == 0:
data_ret = {"changePackage": 0, 'error_message': "API Access Disabled."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
if hashPassword.check_password(admin.password, adminPass):
pass
else:
@@ -198,16 +201,24 @@ def changePackageAPI(request):
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
@csrf_exempt
def deleteWebsite(request):
try:
if request.method == 'POST':
data = json.loads(request.body)
websiteName = data['domainName']
adminUser = data['adminUser']
adminPass = data['adminPass']
admin = Administrator.objects.get(userName=adminUser)
if admin.api == 0:
data_ret = {"websiteDeleteStatus": 0, 'error_message': "API Access Disabled."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
data['websiteName'] = data['domainName']
if hashPassword.check_password(admin.password, adminPass):
pass
else:
@@ -216,44 +227,40 @@ def deleteWebsite(request):
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
website = Websites.objects.get(domain=websiteName)
website = Websites.objects.get(domain=data['websiteName'])
websiteOwner = website.admin
if admin.websites_set.all().count() == 0:
websiteOwner.delete()
try:
if admin.websites_set.all().count() == 0:
websiteOwner.delete()
except:
pass
## Deleting master domain
numberOfWebsites = str(Websites.objects.count() + ChildDomains.objects.count())
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/virtualHostUtilities.py"
execPath = execPath + " deleteVirtualHostConfigurations --virtualHostName " + websiteName + \
" --numberOfSites " + numberOfWebsites
subprocess.check_output(shlex.split(execPath))
data_ret = {'websiteDeleteStatus': 1, 'error_message': "None"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
wm = WebsiteManager()
return wm.submitWebsiteDeletion(admin.pk, data)
except BaseException, msg:
data_ret = {'websiteDeleteStatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
@csrf_exempt
def submitWebsiteStatus(request):
try:
if request.method == 'POST':
data = json.loads(request.body)
websiteName = data['websiteName']
state = data['state']
adminUser = data['adminUser']
adminPass = data['adminPass']
admin = Administrator.objects.get(userName=adminUser)
if admin.api == 0:
data_ret = {"websiteStatus": 0, 'error_message': "API Access Disabled."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
if hashPassword.check_password(admin.password, adminPass):
pass
else:
@@ -262,50 +269,39 @@ def submitWebsiteStatus(request):
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
website = Websites.objects.get(domain=websiteName)
if state == "Suspend":
virtualHostUtilities.suspendVirtualHost(websiteName)
installUtilities.reStartLiteSpeed()
website.state = 0
else:
virtualHostUtilities.UnsuspendVirtualHost(websiteName)
installUtilities.reStartLiteSpeed()
website.state = 1
website.save()
data_ret = {'websiteStatus': 1, 'error_message': "None"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
wm = WebsiteManager()
return wm.submitWebsiteStatus(admin.pk, json.loads(request.body))
except BaseException, msg:
data_ret = {'websiteStatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
@csrf_exempt
def loginAPI(request):
try:
if request.method == "POST":
username = request.POST['username']
password = request.POST['password']
username = request.POST['username']
password = request.POST['password']
admin = Administrator.objects.get(userName=username)
admin = Administrator.objects.get(userName=username)
if hashPassword.check_password(admin.password, password):
request.session['userID'] = admin.pk
return redirect(renderBase)
else:
return HttpResponse("Invalid Credentials.")
if admin.api == 0:
data_ret = {"userID": 0, 'error_message': "API Access Disabled."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
if hashPassword.check_password(admin.password, password):
request.session['userID'] = admin.pk
return redirect(renderBase)
else:
return HttpResponse("Invalid Credentials.")
except BaseException, msg:
data = {'userID': 0, 'loginStatus': 0, 'error_message': str(msg)}
json_data = json.dumps(data)
return HttpResponse(json_data)
@csrf_exempt
def fetchSSHkey(request):
try:
if request.method == "POST":
@@ -315,13 +311,19 @@ def fetchSSHkey(request):
admin = Administrator.objects.get(userName=username)
if admin.api == 0:
data_ret = {"status": 0, 'error_message': "API Access Disabled."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
if hashPassword.check_password(admin.password, password):
pubKey = os.path.join("/root",".ssh",'cyberpanel.pub')
execPath = "sudo cat " + pubKey
data = subprocess.check_output(shlex.split(execPath))
execPath = "cat " + pubKey
data = ProcessUtilities.outputExecutioner(execPath)
data_ret = {
'status': 1,
'pubKeyStatus': 1,
'error_message': "None",
'pubKey':data
@@ -330,6 +332,7 @@ def fetchSSHkey(request):
return HttpResponse(json_data)
else:
data_ret = {
'status' : 0,
'pubKeyStatus': 0,
'error_message': "Could not authorize access to API."
}
@@ -337,10 +340,11 @@ def fetchSSHkey(request):
return HttpResponse(json_data)
except BaseException, msg:
data = {'pubKeyStatus': 0,'error_message': str(msg)}
data = {'status' : 0, 'pubKeyStatus': 0,'error_message': str(msg)}
json_data = json.dumps(data)
return HttpResponse(json_data)
@csrf_exempt
def remoteTransfer(request):
try:
if request.method == "POST":
@@ -348,11 +352,18 @@ def remoteTransfer(request):
data = json.loads(request.body)
username = data['username']
password = data['password']
ipAddress = data['ipAddress']
accountsToTransfer = data['accountsToTransfer']
admin = Administrator.objects.get(userName=username)
if admin.api == 0:
data_ret = {"transferStatus": 0, 'error_message': "API Access Disabled."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
ipAddress = data['ipAddress']
accountsToTransfer = data['accountsToTransfer']
if hashPassword.check_password(admin.password, password):
dir = str(randint(1000, 9999))
@@ -368,9 +379,9 @@ def remoteTransfer(request):
## Accounts to transfer is a path to file, containing accounts.
execPath = "sudo python " + virtualHostUtilities.cyberPanel + "/plogical/remoteTransferUtilities.py"
execPath = "/usr/local/CyberCP/bin/python2 " + virtualHostUtilities.cyberPanel + "/plogical/remoteTransferUtilities.py"
execPath = execPath + " remoteTransfer --ipAddress " + ipAddress + " --dir " + dir + " --accountsToTransfer " + path
subprocess.Popen(shlex.split(execPath))
ProcessUtilities.popenExecutioner(execPath)
return HttpResponse(json.dumps({"transferStatus": 1, "dir": dir}))
@@ -385,6 +396,7 @@ def remoteTransfer(request):
json_data = json.dumps(data)
return HttpResponse(json_data)
@csrf_exempt
def fetchAccountsFromRemoteServer(request):
try:
if request.method == "POST":
@@ -393,6 +405,12 @@ def fetchAccountsFromRemoteServer(request):
password = data['password']
admin = Administrator.objects.get(userName=username)
if admin.api == 0:
data_ret = {"fetchStatus": 0, 'error_message': "API Access Disabled."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
if hashPassword.check_password(admin.password, password):
records = Websites.objects.all()
@@ -428,7 +446,7 @@ def fetchAccountsFromRemoteServer(request):
json_data = json.dumps(data)
return HttpResponse(json_data)
@csrf_exempt
def FetchRemoteTransferStatus(request):
try:
if request.method == "POST":
@@ -436,13 +454,20 @@ def FetchRemoteTransferStatus(request):
username = data['username']
password = data['password']
admin = Administrator.objects.get(userName=username)
if admin.api == 0:
data_ret = {"fetchStatus": 0, 'error_message': "API Access Disabled."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
dir = "/home/backup/transfer-"+str(data['dir'])+"/backup_log"
try:
command = "sudo cat "+ dir
status = subprocess.check_output(shlex.split(command))
command = "cat "+ dir
status = ProcessUtilities.outputExecutioner(command)
admin = Administrator.objects.get(userName=username)
if hashPassword.check_password(admin.password, password):
final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "status": status})
@@ -462,28 +487,37 @@ def FetchRemoteTransferStatus(request):
json_data = json.dumps(data)
return HttpResponse(json_data)
@csrf_exempt
def cancelRemoteTransfer(request):
try:
if request.method == "POST":
data = json.loads(request.body)
username = data['username']
password = data['password']
dir = "/home/backup/transfer-"+str(data['dir'])
admin = Administrator.objects.get(userName=username)
if admin.api == 0:
data_ret = {"cancelStatus": 0, 'error_message': "API Access Disabled."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
dir = "/home/backup/transfer-"+str(data['dir'])
if hashPassword.check_password(admin.password, password):
path = dir + "/pid"
command = "sudo cat " + path
pid = subprocess.check_output(shlex.split(command))
command = "cat " + path
pid = ProcessUtilities.outputExecutioner(command)
command = "sudo kill -KILL " + pid
subprocess.call(shlex.split(command))
command = "kill -KILL " + pid
ProcessUtilities.executioner(command)
command = "sudo rm -rf " + dir
subprocess.call(shlex.split(command))
command = "rm -rf " + dir
ProcessUtilities.executioner(command)
data = {'cancelStatus': 1, 'error_message': "None"}
json_data = json.dumps(data)
@@ -500,6 +534,7 @@ def cancelRemoteTransfer(request):
json_data = json.dumps(data)
return HttpResponse(json_data)
@csrf_exempt
def cyberPanelVersion(request):
try:
if request.method == 'POST':
@@ -512,6 +547,11 @@ def cyberPanelVersion(request):
admin = Administrator.objects.get(userName=adminUser)
if admin.api == 0:
data_ret = {"getVersion": 0, 'error_message': "API Access Disabled."}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
if hashPassword.check_password(admin.password, adminPass):
Version = version.objects.get(pk=1)
@@ -541,105 +581,15 @@ def cyberPanelVersion(request):
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
def putSSHkey(request):
try:
if request.method == 'POST':
data = json.loads(request.body)
adminUser = data['username']
adminPass = data['password']
pubKey = data['putSSHKey']
admin = Administrator.objects.get(userName=adminUser)
if hashPassword.check_password(admin.password, adminPass):
keyPath = "/home/cyberpanel/.ssh"
if not os.path.exists(keyPath):
os.makedirs(keyPath)
## writeKey
authorized_keys = keyPath+"/authorized_keys"
presenseCheck = 0
try:
data = open(authorized_keys, "r").readlines()
for items in data:
if items.find(pubKey) > -1:
presenseCheck = 1
except:
pass
if presenseCheck == 0:
writeToFile = open(authorized_keys, 'a')
writeToFile.writelines("#Added by CyberPanel\n")
writeToFile.writelines("\n")
writeToFile.writelines(pubKey)
writeToFile.writelines("\n")
writeToFile.close()
##
command = "sudo chmod g-w /home/cyberpanel"
cmd = shlex.split(command)
res = subprocess.call(cmd)
os.chmod(keyPath,0700)
os.chmod(authorized_keys, 0600)
data_ret = {"putSSHKey": 1,
'error_message': "None",}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {"putSSHKey": 0,
'error_message': "Could not authorize access to API"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
except BaseException, msg:
data_ret = {"putSSHKey": 0,
'error_message': str(msg)}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
def changeAdminPassword(request):
@csrf_exempt
def runAWSBackups(request):
try:
data = json.loads(request.body)
adminPass = data['password']
randomFile = data['randomFile']
if os.path.exists(randomFile):
os.remove(randomFile)
admin = Administrator.objects.get(userName="admin")
admin.password = hashPassword.hash_password(adminPass)
admin.save()
data_ret = {"changed": 1,
'error_message': "None"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
else:
data_ret = {"changed": 0,
'error_message': "Failed to authorize access to change password!"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
s3 = S3Backups(request, None, 'runAWSBackups')
s3.start()
except BaseException, msg:
data_ret = {"changed": 0,
'error_message': "Failed to authorize access to change password!"}
json_data = json.dumps(data_ret)
return HttpResponse(json_data)
logging.writeToFile(str(msg) + ' [API.runAWSBackups]')