From c91928c55f78b5cbcf770193dfb5768c1ceb3fad Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Tue, 3 Dec 2024 23:26:15 +0800 Subject: [PATCH] update --- {web/misc/version => version}/r3.6.txt | 0 {web/misc/version => version}/r3.7.txt | 0 web/admin/task/__init__.py | 3 +- web/admin/user_login_check.py | 13 +++ web/misc/test/api/mw_api.php | 87 +++++++++++++++++ web/misc/test/api/mw_api.py | 57 +++++++++++ web/misc/version/api/mw_api.php | 94 ------------------- web/misc/version/api/mw_api.py | 125 ------------------------- web/misc/version/info.json | 22 ----- web/static/app/public.js | 29 +++--- web/thisdb/app.py | 3 + 11 files changed, 174 insertions(+), 259 deletions(-) rename {web/misc/version => version}/r3.6.txt (100%) rename {web/misc/version => version}/r3.7.txt (100%) create mode 100755 web/misc/test/api/mw_api.php create mode 100755 web/misc/test/api/mw_api.py delete mode 100755 web/misc/version/api/mw_api.php delete mode 100755 web/misc/version/api/mw_api.py delete mode 100644 web/misc/version/info.json diff --git a/web/misc/version/r3.6.txt b/version/r3.6.txt similarity index 100% rename from web/misc/version/r3.6.txt rename to version/r3.6.txt diff --git a/web/misc/version/r3.7.txt b/version/r3.7.txt similarity index 100% rename from web/misc/version/r3.7.txt rename to version/r3.7.txt diff --git a/web/admin/task/__init__.py b/web/admin/task/__init__.py index 66d389b7f..cd387a4fb 100644 --- a/web/admin/task/__init__.py +++ b/web/admin/task/__init__.py @@ -26,8 +26,7 @@ blueprint = Blueprint('task', __name__, url_prefix='/task', template_folder='../ @blueprint.route('/count', endpoint='task_count') @panel_login_required def task_count(): - return str(thisdb.getTaskUnexecutedCount()) - + return mw.returnData(True, 'ok',thisdb.getTaskUnexecutedCount()) @blueprint.route('/list', endpoint='list', methods=['POST']) @panel_login_required diff --git a/web/admin/user_login_check.py b/web/admin/user_login_check.py index c2ba5b1dd..7d7bc2e44 100644 --- a/web/admin/user_login_check.py +++ b/web/admin/user_login_check.py @@ -11,6 +11,7 @@ from flask import render_template from flask import Response +from flask import request from functools import wraps @@ -23,6 +24,18 @@ def panel_login_required(func): @wraps(func) def wrapper(*args, **kwargs): + # 面板API调用检查 + app_id = request.headers.get('App-Id','') + app_secret = request.headers.get('App-Secret','') + if app_id != '' and app_secret != '': + panel_api = thisdb.getOptionByJson('panel_api', default={"open":True}) + if panel_api['open']: + return_code = 404 + info = thisdb.getAppByAppId(app_id) + if app_secret != info['app_secret']: + return Response(status=int(return_code)) + return func(*args, **kwargs) + if not isLogined(): unauthorized_status = thisdb.getOption('unauthorized_status') if unauthorized_status == '0': diff --git a/web/misc/test/api/mw_api.php b/web/misc/test/api/mw_api.php new file mode 100755 index 000000000..76f5db522 --- /dev/null +++ b/web/misc/test/api/mw_api.php @@ -0,0 +1,87 @@ +MW_PANEL = $mw_panel; + } + + if ($app_id) { + $this->MW_APP_ID = $app_id; + } + + if ($app_secret) { + $this->MW_APP_SERECT = $app_secret; + } + } + + /** + * 发起POST请求 + * @param String $url 目标网填,带http:// + * @param Array|String $data 欲提交的数据 + * @return string + */ + private function httpPost($url, $data, $timeout = 60) { + + $ch = curl_init(); + // 设置头部信息 + $headers = [ + 'app-id: ' . $this->MW_APP_ID, + 'app-secret: ' . $this->MW_APP_SERECT, + ]; + curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); + curl_setopt($ch, CURLOPT_URL, $url); + curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); + curl_setopt($ch, CURLOPT_POST, 1); + curl_setopt($ch, CURLOPT_POSTFIELDS, $data); + curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file); + curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file); + curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); + curl_setopt($ch, CURLOPT_HEADER, 0); + curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); + curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); + $output = curl_exec($ch); + curl_close($ch); + return $output; + } + + public function panel($endpoint, $data) { + $url = $this->MW_PANEL . $endpoint; + return $this->httpPost($url, $data); + } + + //示例取面板日志 + public function getLogsList() { + $post_data['p'] = '1'; + $post_data['limit'] = 10; + + //请求面板接口 + $data = $this->panel('/logs/get_log_list', $post_data); + + //解析JSON数据 + // $data = json_decode($result, true); + return $data; + } + +} + +//实例化对象 +$api = new mwApi(); +//获取面板日志 +$rdata = $api->getLogsList(); + +// var_dump($rdata); +//输出JSON数据到浏览器 +echo json_encode($rdata); + +?> \ No newline at end of file diff --git a/web/misc/test/api/mw_api.py b/web/misc/test/api/mw_api.py new file mode 100755 index 000000000..9c490e01f --- /dev/null +++ b/web/misc/test/api/mw_api.py @@ -0,0 +1,57 @@ +# coding: utf-8 +# +----------------------------------------------------------------------------------- +# | MW Linux面板 +# +----------------------------------------------------------------------------------- +# | Copyright (c) 2015-2099 MW(http://github.com/midoks/mdserver) All rights reserved. +# +----------------------------------------------------------------------------------- +# | Author: midoks +# +----------------------------------------------------------------------------------- + +#------------------------------ +# API-Demo of Python +#------------------------------ +import time +import hashlib +import sys +import os +import json + + +class mwApi: + __MW_PANEL = 'http://127.0.0.1:64307' + __MW_APP_ID = 'hC6XArWzRY' + __MW_APP_SERECT = 'NSGaFhMWyaN5Yi3ftTkZ' + + # 如果希望多台面板,可以在实例化对象时,将面板地址与密钥传入 + def __init__(self, panel_url=None, app_id=None, app_serect=None): + if panel_url: + self.__MW_PANEL = panel_url + self.__MW_APP_ID = app_id + self.__MW_APP_SERECT = app_serect + + def post(self, endpoint, request_data): + import requests + url = self.__MW_PANEL + endpoint + post_data = requests.post(url, data=request_data, headers={ + 'app-id':self.__MW_APP_ID, + 'app-secret':self.__MW_APP_SERECT + }) + try: + return post_data.json() + except Exception as e: + return post_data.text + # 取面板日志 + def getLogs(self): + result = self.post('/logs/get_log_list',{'limit':10,'p':1}) + return result + + +if __name__ == '__main__': + # 实例化MW-API对象 + api = mwApi() + + # 调用get_logs方法 + rdata = api.getLogs() + + # 打印响应数据 + print(rdata) diff --git a/web/misc/version/api/mw_api.php b/web/misc/version/api/mw_api.php deleted file mode 100755 index 4096d8fdf..000000000 --- a/web/misc/version/api/mw_api.php +++ /dev/null @@ -1,94 +0,0 @@ -MW_PANEL = $mw_panel; - } - - if ($mw_key) { - $this->MW_KEY = $mw_key; - } - } - - /** - * 发起POST请求 - * @param String $url 目标网填,带http:// - * @param Array|String $data 欲提交的数据 - * @return string - */ - private function httpPostCookie($url, $data, $timeout = 60) { - //定义cookie保存位置 - $cookie_file = './' . md5($this->MW_PANEL) . '.cookie'; - if (!file_exists($cookie_file)) { - $fp = fopen($cookie_file, 'w+'); - fclose($fp); - } - - $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL, $url); - curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); - curl_setopt($ch, CURLOPT_POST, 1); - curl_setopt($ch, CURLOPT_POSTFIELDS, $data); - curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie_file); - curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie_file); - curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); - curl_setopt($ch, CURLOPT_HEADER, 0); - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); - $output = curl_exec($ch); - curl_close($ch); - return $output; - } - - /** - * 构造带有签名的关联数组 - */ - private function getKeyData() { - $now_time = time(); - $ready_data = array( - 'request_token' => md5($now_time . '' . md5($this->MW_KEY)), - 'request_time' => $now_time, - ); - return $ready_data; - } - - //示例取面板日志 - public function getLogsList() { - //拼接URL地址 - $url = $this->MW_PANEL . '/api/firewall/get_log_list'; - - //准备POST数据 - $post_data = $this->getKeyData(); //取签名 - $post_data['p'] = '1'; - $post_data['limit'] = 10; - - //请求面板接口 - $result = $this->httpPostCookie($url, $post_data); - - //解析JSON数据 - $data = json_decode($result, true); - return $data; - } - -} - -//实例化对象 -$api = new mwApi(); -//获取面板日志 -$rdata = $api->getLogsList(); - -// var_dump($rdata); -//输出JSON数据到浏览器 -echo json_encode($rdata); - -?> \ No newline at end of file diff --git a/web/misc/version/api/mw_api.py b/web/misc/version/api/mw_api.py deleted file mode 100755 index 3748e1a8b..000000000 --- a/web/misc/version/api/mw_api.py +++ /dev/null @@ -1,125 +0,0 @@ -# coding: utf-8 -# +----------------------------------------------------------------------------------- -# | MW Linux面板 -# +----------------------------------------------------------------------------------- -# | Copyright (c) 2015-2099 MW(http://github.com/midoks/mdserver) All rights reserved. -# +----------------------------------------------------------------------------------- -# | Author: midoks -# +----------------------------------------------------------------------------------- - -#------------------------------ -# API-Demo of Python -#------------------------------ -import time -import hashlib -import sys -import os -import json - - -class mwApi: - __MW_KEY = 'uATE5NrKDWIlZuDcYpvLVhoUo1c7A1Pk' - __MW_PANEL = 'http://127.0.0.1:7200' - - # 如果希望多台面板,可以在实例化对象时,将面板地址与密钥传入 - def __init__(self, mw_panel=None, mw_key=None): - if mw_panel: - self.__MW_PANEL = mw_panel - self.__MW_KEY = mw_key - - # 计算MD5 - def __get_md5(self, s): - m = hashlib.md5() - m.update(s.encode('utf-8')) - return m.hexdigest() - - # 构造带有签名的关联数组 - def __get_key_data(self): - now_time = int(time.time()) - ready_data = { - 'request_token': self.__get_md5(str(now_time) + '' + self.__get_md5(self.__MW_KEY)), - 'request_time': now_time - } - return ready_data - - # 发送POST请求并保存Cookie - #@url 被请求的URL地址(必需) - #@data POST参数,可以是字符串或字典(必需) - #@timeout 超时时间默认1800秒 - # return string - def __http_post_cookie(self, url, p_data, timeout=1800): - cookie_file = '/tmp/' + self.__get_md5(self.__MW_PANEL) + '.cookie' - if sys.version_info[0] == 2: - # Python2 - import urllib - import urllib2 - import ssl - import cookielib - - # 创建cookie对象 - cookie_obj = cookielib.MozillaCookieJar(cookie_file) - - # 加载已保存的cookie - if os.path.exists(cookie_file): - cookie_obj.load(cookie_file, ignore_discard=True, - ignore_expires=True) - - ssl._create_default_https_context = ssl._create_unverified_context - - data = urllib.urlencode(p_data) - req = urllib2.Request(url, data) - opener = urllib2.build_opener( - urllib2.HTTPCookieProcessor(cookie_obj)) - response = opener.open(req, timeout=timeout) - - # 保存cookie - cookie_obj.save(ignore_discard=True, ignore_expires=True) - return response.read() - else: - # Python3 - import urllib.request - import ssl - import http.cookiejar - cookie_obj = http.cookiejar.MozillaCookieJar(cookie_file) - # 加载已保存的cookie - if os.path.exists(cookie_file): - cookie_obj.load(cookie_file, ignore_discard=True, - ignore_expires=True) - - handler = urllib.request.HTTPCookieProcessor(cookie_obj) - data = urllib.parse.urlencode(p_data).encode('utf-8') - req = urllib.request.Request(url, data) - opener = urllib.request.build_opener(handler) - response = opener.open(req, timeout=timeout) - cookie_obj.save(ignore_discard=True, ignore_expires=True) - result = response.read() - if type(result) == bytes: - result = result.decode('utf-8') - return result - - # 取面板日志 - def getLogs(self): - # 拼接URL地址 - url = self.__MW_PANEL + '/api/logs/get_log_list' - - # 准备POST数据 - post_data = self.__get_key_data() # 取签名 - post_data['limit'] = 10 - post_data['p'] = '1' - - # 请求面板接口 - result = self.__http_post_cookie(url, post_data) - - # 解析JSON数据 - return json.loads(result) - - -if __name__ == '__main__': - # 实例化MW-API对象 - api = mwApi() - - # 调用get_logs方法 - rdata = api.getLogs() - - # 打印响应数据 - print(rdata) diff --git a/web/misc/version/info.json b/web/misc/version/info.json deleted file mode 100644 index f56145cde..000000000 --- a/web/misc/version/info.json +++ /dev/null @@ -1,22 +0,0 @@ -[ - { - "version": "0.9.9", - "content": "* 目标版本。", - }, - { - "version": "0.9.2", - "content": "* 批量域名添加修复。
* 常用命令说明。", - "path": "https://github.com/midoks/mdserver-web/releases/download/0.9.2/mdserver-web.zip" - }, - { - "version": "0.9.1", - "content": "* 菜单修复。
* 更新修复", - "path": "https://github.com/midoks/mdserver-web/releases/download/0.9.1/mdserver-web.zip", - "purge":"https://purge.jsdelivr.net/gh/midoks/mdserver-web@latest/scripts/update.sh" - }, - { - "version": "0.9.0", - "content": "* 主流系统支持。
* 插件支持更多参数。
* MySQL主从支持GTID和经典模式。
* MariaDB主从支持GTID和经典模式。
* Rsyncd更新。
* 添加网站统计的插件。
* 添加varnish插件。", - "path": "https://github.com/midoks/mdserver-web/releases/download/0.9.0/mdserver-web.zip" - } -] \ No newline at end of file diff --git a/web/static/app/public.js b/web/static/app/public.js index 511978807..9d6b6675c 100755 --- a/web/static/app/public.js +++ b/web/static/app/public.js @@ -940,9 +940,9 @@ function removeTask(b) { //获取任务总数 function getTaskCount() { - $.get("/task/count", "", function(a) { - $(".task").text(a); - }); + $.get("/task/count", '', function(data) { + $(".task").text(data.data); + },'json'); } getTaskCount(); setInterval(function(){ @@ -1342,7 +1342,6 @@ function remind(a){ $.post("/task/list", "table=tasks&result=2,4,6,8&limit=10&p=" + a, function(g) { var e = ''; var f = false; - var task_count = 0; for(var d = 0; d < g.data.length; d++) { var status = g.data[d].status; var status_text = '已经完成'; @@ -1387,12 +1386,10 @@ function remind(a){ \
\ '; - - $(".task_count").text(task_count); - $(".msg_count").text(g.count); $(".taskcon").html(con); - $("#taskPage").html(g.page); + $(".msg_count").text(g.count); + $("#taskPage").html(g.page); $("#Rs-checkAll").click(function(){ if($(this).prop("checked")){ $("#remind").find("input").prop("checked",true); @@ -1427,17 +1424,15 @@ function getReloads() { $(".cmdlist").html('当前没有任务!'); return; } - var b = ""; - var d = ""; - $("#task").text(h.count); - $(".task_count").text(h.task.length); + var b = ''; + var d = ''; for(var g = 0; g < h.task.length; g++) { if(h.task[g].status == "-1") { if(h.task[g].type != "download") { var c = ""; var f = h.msg.split("\n"); for(var e = 0; e < f.length; e++) { - c += f[e] + "
" + c += f[e] + "
"; } if(h.task[g].name.indexOf("扫描") != -1) { b = "
  • \ @@ -1457,14 +1452,16 @@ function getReloads() { b = "
  • \
    \ " + h.task[g].name + "" + (toSize(h.msg.used) + "/" + toSize(h.msg.total)) + "\ - " + h.msg.pre + "%\ - 下载中 | "+lan.public.close+"\ + " + h.msg.pre + "%\ + 下载中 | "+lan.public.close+"\
    • " } } else { d += "
  • " + h.task[g].name + "等待 | 删除
    • ' } } + $("#task").text(h.count); + $(".task_count").text(h.count); $(".cmdlist").html(b + d); $(".cmd").html(c); try{ @@ -1530,7 +1527,7 @@ function tasklist(a){ } - $(".task_count").text(g.count); + // $(".task_count").text(g.count); $(".cmdlist").html(b + c); getReloads(); return f diff --git a/web/thisdb/app.py b/web/thisdb/app.py index a3c38e9d2..27fbd0e4e 100644 --- a/web/thisdb/app.py +++ b/web/thisdb/app.py @@ -40,6 +40,9 @@ def getAppList(page=1,size=10): def getAppById(aid): return mw.M('app').field(__FIELD).where("id=?", (aid,)).find() +def getAppByAppId(app_id): + return mw.M('app').field(__FIELD).where("app_id=?", (app_id,)).find() + def deleteAppById(aid): return mw.M('app').where("id=?", (aid,)).delete()