midoks
/
mdserver-web
mirror of https://github.com/midoks/mdserver-web
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #248 from midoks/dev

Browse Source 
安全入口功能优化
pull/253/head
Mr Chen 3 years ago committed by GitHub
parent 10db90764f 902e8a91ee
commit f0ed396701
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 79 additions and 55 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 32
      class/core/config_api.py
  2. 20
      plugins/mysql/index.py
  3. 6
      plugins/openresty/install.sh
  4. 2
      plugins/phpmyadmin/index.py
  5. 2
      plugins/phpmyadmin/js/phpmyadmin.js
  6. 44
      route/static/app/config.js
  7. 12
      scripts/init.d/mw.tpl
  8. 6
      setting.py

32
class/core/config_api.py
Unescape View File

@ -164,10 +164,12 @@ class config_api:
def setAdminPathApi(self):
admin_path = request.form.get('admin_path', '').strip()
admin_path_checks = ['/', '/close', '/login', '/do_login', '/site',
'/sites', '/download_file', '/control', '/crontab',
'/firewall', '/files', 'config', '/soft', '/system',
'/code', '/ssl', '/plugins']
admin_path_checks = ['/', '/close', '/login',
'/do_login', '/site', '/sites',
'/download_file', '/control', '/crontab',
'/firewall', '/files', 'config',
'/soft', '/system', '/code',
'/ssl', '/plugins', '/hook']
if admin_path == '':
admin_path = '/'
if admin_path != '/':
@ -176,16 +178,18 @@ class config_api:
if admin_path in admin_path_checks:
return mw.returnJson(False, '该入口已被面板占用,请使用其它入口!')
if not re.match("^/[\w\./-_]+$", admin_path):
return mw.returnJson(False, '入口地址格式不正确,示例: /my_panel')
else:
domain = mw.readFile('data/domain.conf')
if not domain:
domain = ''
limitip = mw.readFile('data/limitip.conf')
if not limitip:
limitip = ''
if not domain.strip() and not limitip.strip():
return mw.returnJson(False, '警告,关闭安全入口等于直接暴露你的后台地址在外网,十分危险,至少开启以下一种安全方式才能关闭:<a style="color:red;"><br>1、绑定访问域名<br>2、绑定授权IP</a>')
return mw.returnJson(False, '入口地址格式不正确,示例: /mw_rand')
# else:
# domain = mw.readFile('data/bind_domain.pl')
# if not domain:
# domain = ''
# limitip = mw.readFile('data/bind_limitip.pl')
# if not limitip:
# limitip = ''
# if not domain.strip() and not limitip.strip():
# return mw.returnJson(False,
# '警告,关闭安全入口等于直接暴露你的后台地址在外网,十分危险,至少开启以下一种安全方式才能关闭:<a
# style="color:red;"><br>1、绑定访问域名<br>2、绑定授权IP</a>')
admin_path_file = 'data/admin_path.pl'
admin_path_old = '/'

20
plugins/mysql/index.py
Unescape View File

@ -406,22 +406,21 @@ def initMysqlPwd():
serverdir = getServerDir()
myconf = serverdir + "/etc/my.cnf"
pwd = mw.getRandomString(16)
# cmd_pass = serverdir + '/bin/mysqladmin -uroot password ' + pwd
# cmd_pass = "insert into mysql.user(Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Reload_priv,Shutdown_priv,Process_priv,File_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Show_db_priv,Super_priv,Create_tmp_table_priv,Lock_tables_priv,Execute_priv,Repl_slave_priv,Repl_client_priv,Create_view_priv,Show_view_priv,Create_routine_priv,Alter_routine_priv,Create_user_priv,Event_priv,Trigger_priv,Create_tablespace_priv,User,Password,host)values('Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','root',password('" + pwd + "'),'127.0.0.1')"
# cmd_pass = cmd_pass + \
# "insert into mysql.user(Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Reload_priv,Shutdown_priv,Process_priv,File_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Show_db_priv,Super_priv,Create_tmp_table_priv,Lock_tables_priv,Execute_priv,Repl_slave_priv,Repl_client_priv,Create_view_priv,Show_view_priv,Create_routine_priv,Alter_routine_priv,Create_user_priv,Event_priv,Trigger_priv,Create_tablespace_priv,User,Password,host)values('Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','root',password('" + pwd + "'),'localhost')"
# cmd_pass = cmd_pass + \
# "UPDATE mysql.user SET password=PASSWORD('" + \
# pwd + "') WHERE user='root'"
cmd_pass = serverdir + '/bin/mysql -uroot -e'
cmd_pass = cmd_pass + "\"UPDATE mysql.user SET password=PASSWORD('" + \
cmd_pass = cmd_pass + \
'"UPDATE mysql.user SET password=PASSWORD(\'' + \
pwd + "') WHERE user='root';"
cmd_pass = cmd_pass + "flush privileges;\""
cmd_pass = cmd_pass + 'flush privileges;"'
data = mw.execShell(cmd_pass)
# print(cmd_pass)
# print(data)
# 删除空账户
drop_empty_user = serverdir + '/bin/mysql -uroot -p' + \
pwd + ' -e "use mysql;delete from user where USER=\'\'"'
mw.execShell(drop_empty_user)
# 删除测试数据库
drop_test_db = serverdir + '/bin/mysql -uroot -p' + \
pwd + ' -e "drop database test";'
@ -1392,7 +1391,6 @@ def setDbAccess():
def fixDbAccess(version):
try:
pdb = pMysqlDb()
psdb = pSqliteDb('databases')
data = pdb.query('show databases')
isError = isSqlError(data)
if isError != None:

6
plugins/openresty/install.sh
Unescape View File

@ -42,6 +42,10 @@ Install_openresty()
else
cpuCore="1"
fi
if [ "$cpuCore" -gt "1" ];then
cpuCore=`echo "$cpuCore" | awk '{printf("%.2f",($1)*0.8)}' | awk -F '.' '{print $1}'`
fi
# ----- cpu end ------
mkdir -p ${openrestyDir}
@ -63,6 +67,7 @@ Install_openresty()
--with-http_ssl_module \
--with-http_slice_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_realip_module
# --without-luajit-gc64
# --with-debug
@ -79,6 +84,7 @@ Install_openresty()
#初始化
cd ${rootPath} && python3 ${rootPath}/plugins/openresty/index.py start
cd ${rootPath} && python3 ${rootPath}/plugins/openresty/index.py initd_install
rm -rf $openrestyDir
fi
echo '安装完成' > $install_tmp
}

2
plugins/phpmyadmin/index.py
Unescape View File

@ -145,7 +145,7 @@ def initCfg():
if not os.path.exists(cfg):
data = {}
data['port'] = '888'
data['choose'] = ''
data['choose'] = 'mysql'
data['path'] = ''
data['username'] = 'admin'
data['password'] = 'admin'

2
plugins/phpmyadmin/js/phpmyadmin.js
Unescape View File

@ -107,7 +107,7 @@ function safeConf() {
<span class="tname">访问切换</span>\
<select id="access_choose" class="bt-input-text mr20" name="choose" style="width:110px">\
<option value="mariadb" '+(cfg['choose']=="mariadb"?"selected='selected'":"")+'>MariaDB</option>\
<option value="mysql" '+ (cfg['choose']==""?"selected='selected'":"")+'>MySQL</option>\
<option value="mysql" '+ (cfg['choose']=="mysql"?"selected='selected'":"")+'>MySQL</option>\
</select>\
<button class="btn btn-success btn-sm" onclick="setPmaChoose()">保存</button>\
</div>\

44
route/static/app/config.js
Unescape View File

@ -49,38 +49,50 @@ function debugMode(){
function modifyAuthPath() {
var auth_path = $("#admin_path").val();
btn = "<button type='button' class='btn btn-success btn-sm' onclick=\"bindBTName(1,'b')\">确定</button>";
layer.open({
type: 1,
area: "500px",
title: "修改安全入口",
closeBtn: 1,
shift: 5,
btn:['提交','关闭'],
shadeClose: false,
content: '<div class="bt-form bt-form pd20 pb70">\
content: '<div class="bt-form bt-form pd20">\
<div class="line ">\
<span class="tname">入口地址</span>\
<div class="info-r">\
<input name="auth_path_set" class="bt-input-text mr5" type="text" style="width: 311px" value="'+ auth_path+'">\
</div></div>\
<div class="bt-form-submit-btn">\
<button type="button" class= "btn btn-sm btn-danger" onclick="layer.closeAll()"> 关闭</button>\
<button type="button" class="btn btn-sm btn-success" onclick="setAuthPath();">提交</button>\
</div></div>'
});
}
function setAuthPath() {
<input name="auth_path_set" class="bt-input-text mr5" type="text" style="width: 311px" value="' + auth_path + '">\
</div>\
</div>\
</div>',
yes:function(index){
var auth_path = $("input[name='auth_path_set']").val();
if (auth_path == '/' || auth_path == ''){
layer.confirm('警告,关闭安全入口等于直接暴露你的后台地址在外网,十分危险, 您真的要这样更改吗?',{title:'安全入口修改',closeBtn:1,icon:13,
cancel:function(){
}}, function() {
var loadT = layer.msg(lan.config.config_save, { icon: 16, time: 0, shade: [0.3, '#000'] });
$.post('/config/set_admin_path', { admin_path: auth_path }, function (rdata) {
showMsg(rdata.msg, function(){
layer.close(index);
layer.close(loadT);
if (rdata.status) {
layer.closeAll();
$("#admin_path").val(auth_path);
}
setTimeout(function () { layer.msg(rdata.msg, { icon: rdata.status ? 1 : 2 }); }, 200);
},{ icon: rdata.status ? 1 : 2 }, 2000);
},'json');
});
return;
} else {
var loadT = layer.msg(lan.config.config_save, { icon: 16, time: 0, shade: [0.3, '#000'] });
$.post('/config/set_admin_path', { admin_path: auth_path }, function (rdata) {
showMsg(rdata.msg, function(){
layer.close(index);
layer.close(loadT);
$("#admin_path").val(auth_path);
},{ icon: rdata.status ? 1 : 2 }, 2000);
},'json');
}
}
});
}
function setPassword(a) {

12
scripts/init.d/mw.tpl
Unescape View File

@ -239,9 +239,9 @@ case "$1" in
v6=$(python3 $mw_path/tools.py getServerIp 6)
if [ "$v4" != "" ] && [ "$v6" != "" ]; then
address="MW-Panel-Url-Ipv4: http://$v4:$port$auth_path \nMW-Panel-Url-Ipv6: http://[$v6]:$port$auth_path"
address="MW-Panel-Url-Ipv4: http://$v4:$port/$auth_path \nMW-Panel-Url-Ipv6: http://[$v6]:$port/$auth_path"
elif [ "$v4" != "" ]; then
address="MW-Panel-Url: http://$v4:$port$auth_path"
address="MW-Panel-Url: http://$v4:$port/$auth_path"
elif [ "$v6" != "" ]; then
if [ ! -f $mw_path/data/ipv6.pl ];then
@ -250,14 +250,12 @@ case "$1" in
mw_start
echo 'True' > $mw_path/data/ipv6.pl
fi
address="MW-Panel-Url: http://[$v6]:$port$auth_path"
address="MW-Panel-Url: http://[$v6]:$port/$auth_path"
else
address="MW-Panel-Url: http://you-network-ip:$port$auth_path"
address="MW-Panel-Url: http://you-network-ip:$port/$auth_path"
fi
else
address="MW-Panel-Url: http://$address:$port$auth_path"
address="MW-Panel-Url: http://$address:$port/$auth_path"
fi
show_panel_ip="$port|"

6
setting.py
Unescape View File

@ -47,6 +47,12 @@ if os.path.exists('data/ipv6.pl'):
else:
bind.append('0.0.0.0:%s' % mw_port)
# 初始安装时,自动生成安全路径
if not os.path.exists('data/admin_path.pl'):
admin_path = mw.getRandomString(8)
mw.writeFile('data/admin_path.pl', admin_path)
if workers > 2:
workers = 2

Write Preview
Loading…
Cancel
Save