# coding: utf-8
import time
import os
import sys
from urllib.parse import urlparse
import mw
import re
import json
import shutil
from flask import request
class site_api:
siteName = None # 网站名称
sitePath = None # 根目录
sitePort = None # 端口
phpVersion = None # PHP版本
setupPath = None # 安装路径
vhostPath = None
logsPath = None
passPath = None
rewritePath = None
redirectPath = None
sslDir = None # ssl目录
sslLetsDir = None # lets ssl目录
def __init__(self):
# nginx conf
self.setupPath = mw.getServerDir() + '/web_conf'
self.vhostPath = vhost = self.setupPath + '/nginx/vhost'
if not os.path.exists(vhost):
mw.execShell("mkdir -p " + vhost + " && chmod -R 755 " + vhost)
self.rewritePath = rewrite = self.setupPath + '/nginx/rewrite'
if not os.path.exists(rewrite):
mw.execShell("mkdir -p " + rewrite + " && chmod -R 755 " + rewrite)
self.passPath = passwd = self.setupPath + '/nginx/pass'
if not os.path.exists(passwd):
mw.execShell("mkdir -p " + passwd + " && chmod -R 755 " + passwd)
self.redirectPath = redirect = self.setupPath + '/nginx/redirect'
if not os.path.exists(redirect):
mw.execShell("mkdir -p " + redirect +
" && chmod -R 755 " + redirect)
self.proxyPath = proxy = self.setupPath + '/nginx/proxy'
if not os.path.exists(proxy):
mw.execShell("mkdir -p " + proxy + " && chmod -R 755 " + proxy)
self.logsPath = mw.getRootDir() + '/wwwlogs'
# ssl conf
self.sslDir = self.setupPath + '/ssl'
self.sslLetsDir = self.setupPath + '/letsencrypt'
if not os.path.exists(self.sslLetsDir):
mw.execShell("mkdir -p " + self.sslLetsDir +
" && chmod -R 755 " + self.sslLetsDir)
##### ----- start ----- ###
def listApi(self):
limit = request.form.get('limit', '10')
p = request.form.get('p', '1')
type_id = request.form.get('type_id', '')
start = (int(p) - 1) * (int(limit))
siteM = mw.M('sites')
if type_id != '' and type_id == '-1' and type_id == '0':
siteM.where('type_id=?', (type_id))
_list = siteM.field('id,name,path,status,ps,addtime,edate').limit(
(str(start)) + ',' + limit).order('id desc').select()
for i in range(len(_list)):
_list[i]['backup_count'] = mw.M('backup').where(
"pid=? AND type=?", (_list[i]['id'], 0)).count()
_ret = {}
_ret['data'] = _list
count = siteM.count()
_page = {}
_page['count'] = count
_page['tojs'] = 'getWeb'
_page['p'] = p
_page['row'] = limit
_ret['page'] = mw.getPage(_page)
return mw.getJson(_ret)
def setDefaultSiteApi(self):
name = request.form.get('name', '')
import time
# 清理旧的
default_site = mw.readFile('data/default_site.pl')
if default_site:
path = self.getHostConf(default_site)
if os.path.exists(path):
conf = mw.readFile(path)
rep = "listen\s+80.+;"
conf = re.sub(rep, 'listen 80;', conf, 1)
rep = "listen\s+443.+;"
conf = re.sub(rep, 'listen 443 ssl;', conf, 1)
mw.writeFile(path, conf)
path = self.getHostConf(name)
if os.path.exists(path):
conf = mw.readFile(path)
rep = "listen\s+80\s*;"
conf = re.sub(rep, 'listen 80 default_server;', conf, 1)
rep = "listen\s+443\s*ssl\s*\w*\s*;"
conf = re.sub(rep, 'listen 443 ssl default_server;', conf, 1)
mw.writeFile(path, conf)
mw.writeFile('data/default_site.pl', name)
mw.restartWeb()
return mw.returnJson(True, '设置成功!')
def getDefaultSiteApi(self):
data = {}
data['sites'] = mw.M('sites').field(
'name').order('id desc').select()
data['default_site'] = mw.readFile('data/default_site.pl')
return mw.getJson(data)
def setPsApi(self):
mid = request.form.get('id', '')
ps = request.form.get('ps', '')
if mw.M('sites').where("id=?", (mid,)).setField('ps', ps):
return mw.returnJson(True, '修改成功!')
return mw.returnJson(False, '修改失败!')
def stopApi(self):
mid = request.form.get('id', '')
name = request.form.get('name', '')
return self.stop(mid, name)
def stop(self, mid, name):
path = self.setupPath + '/stop'
if not os.path.exists(path):
os.makedirs(path)
default_text = 'The website has been closed!!!'
mw.writeFile(path + '/index.html', default_text)
binding = mw.M('binding').where('pid=?', (mid,)).field(
'id,pid,domain,path,port,addtime').select()
for b in binding:
bpath = path + '/' + b['path']
if not os.path.exists(bpath):
mw.execShell('mkdir -p ' + bpath)
mw.execShell('ln -sf ' + path +
'/index.html ' + bpath + '/index.html')
sitePath = mw.M('sites').where("id=?", (mid,)).getField('path')
# nginx
file = self.getHostConf(name)
conf = mw.readFile(file)
if conf:
conf = conf.replace(sitePath, path)
mw.writeFile(file, conf)
mw.M('sites').where("id=?", (mid,)).setField('status', '0')
mw.restartWeb()
msg = mw.getInfo('网站[{1}]已被停用!', (name,))
mw.writeLog('网站管理', msg)
return mw.returnJson(True, '站点已停用!')
def startApi(self):
mid = request.form.get('id', '')
name = request.form.get('name', '')
path = self.setupPath + '/stop'
sitePath = mw.M('sites').where("id=?", (mid,)).getField('path')
# nginx
file = self.getHostConf(name)
conf = mw.readFile(file)
if conf:
conf = conf.replace(path, sitePath)
mw.writeFile(file, conf)
mw.M('sites').where("id=?", (mid,)).setField('status', '1')
mw.restartWeb()
msg = mw.getInfo('网站[{1}]已被启用!', (name,))
mw.writeLog('网站管理', msg)
return mw.returnJson(True, '站点已启用!')
def getBackupApi(self):
limit = request.form.get('limit', '')
p = request.form.get('p', '')
mid = request.form.get('search', '')
find = mw.M('sites').where("id=?", (mid,)).field(
"id,name,path,status,ps,addtime,edate").find()
start = (int(p) - 1) * (int(limit))
_list = mw.M('backup').where('pid=?', (mid,)).field('id,type,name,pid,filename,size,addtime').limit(
(str(start)) + ',' + limit).order('id desc').select()
_ret = {}
_ret['data'] = _list
count = mw.M('backup').where("id=?", (mid,)).count()
info = {}
info['count'] = count
info['tojs'] = 'getBackup'
info['p'] = p
info['row'] = limit
_ret['page'] = mw.getPage(info)
_ret['site'] = find
return mw.getJson(_ret)
def toBackupApi(self):
mid = request.form.get('id', '')
find = mw.M('sites').where(
"id=?", (mid,)).field('name,path,id').find()
fileName = find['name'] + '_' + \
time.strftime('%Y%m%d_%H%M%S', time.localtime()) + '.zip'
backupPath = mw.getBackupDir() + '/site'
zipName = backupPath + '/' + fileName
if not (os.path.exists(backupPath)):
os.makedirs(backupPath)
tmps = mw.getRunDir() + '/tmp/panelExec.log'
execStr = "cd '" + find['path'] + "' && zip '" + \
zipName + "' -r ./* > " + tmps + " 2>&1"
# print execStr
mw.execShell(execStr)
if os.path.exists(zipName):
fsize = os.path.getsize(zipName)
else:
fsize = 0
sql = mw.M('backup').add('type,name,pid,filename,size,addtime',
(0, fileName, find['id'], zipName, fsize, mw.getDate()))
msg = mw.getInfo('备份网站[{1}]成功!', (find['name'],))
mw.writeLog('网站管理', msg)
return mw.returnJson(True, '备份成功!')
def delBackupApi(self):
mid = request.form.get('id', '')
filename = mw.M('backup').where(
"id=?", (mid,)).getField('filename')
if os.path.exists(filename):
os.remove(filename)
name = mw.M('backup').where("id=?", (mid,)).getField('name')
msg = mw.getInfo('删除网站[{1}]的备份[{2}]成功!', (name, filename))
mw.writeLog('网站管理', msg)
mw.M('backup').where("id=?", (mid,)).delete()
return mw.returnJson(True, '站点删除成功!')
def getPhpVersionApi(self):
return self.getPhpVersion()
def setPhpVersionApi(self):
siteName = request.form.get('siteName', '')
version = request.form.get('version', '')
# nginx
file = self.getHostConf(siteName)
conf = mw.readFile(file)
if conf:
rep = "enable-php-(.*)\.conf"
tmp = re.search(rep, conf).group()
conf = conf.replace(tmp, 'enable-php-' + version + '.conf')
mw.writeFile(file, conf)
msg = mw.getInfo('成功切换网站[{1}]的PHP版本为PHP-{2}', (siteName, version))
mw.writeLog("网站管理", msg)
mw.restartWeb()
return mw.returnJson(True, msg)
def getDomainApi(self):
pid = request.form.get('pid', '')
return self.getDomain(pid)
# 获取站点所有域名
def getSiteDomainsApi(self):
pid = request.form.get('id', '')
data = {}
domains = mw.M('domain').where(
'pid=?', (pid,)).field('name,id').select()
binding = mw.M('binding').where(
'pid=?', (pid,)).field('domain,id').select()
if type(binding) == str:
return binding
for b in binding:
tmp = {}
tmp['name'] = b['domain']
tmp['id'] = b['id']
domains.append(tmp)
data['domains'] = domains
data['email'] = mw.M('users').getField('email')
if data['email'] == 'midoks@163.com':
data['email'] = ''
return mw.returnJson(True, 'OK', data)
def getDirBindingApi(self):
mid = request.form.get('id', '')
path = mw.M('sites').where('id=?', (mid,)).getField('path')
if not os.path.exists(path):
checks = ['/', '/usr', '/etc']
if path in checks:
data = {}
data['dirs'] = []
data['binding'] = []
return mw.returnJson(True, 'OK', data)
os.system('mkdir -p ' + path)
os.system('chmod 755 ' + path)
os.system('chown www:www ' + path)
siteName = mw.M('sites').where(
'id=?', (get.id,)).getField('name')
mw.writeLog(
'网站管理', '站点[' + siteName + '],根目录[' + path + ']不存在,已重新创建!')
dirnames = []
for filename in os.listdir(path):
try:
filePath = path + '/' + filename
if os.path.islink(filePath):
continue
if os.path.isdir(filePath):
dirnames.append(filename)
except:
pass
data = {}
data['dirs'] = dirnames
data['binding'] = mw.M('binding').where('pid=?', (mid,)).field(
'id,pid,domain,path,port,addtime').select()
return mw.returnJson(True, 'OK', data)
def getDirUserIniApi(self):
mid = request.form.get('id', '')
path = mw.M('sites').where('id=?', (mid,)).getField('path')
name = mw.M('sites').where("id=?", (mid,)).getField('name')
data = {}
data['logs'] = self.getLogsStatus(name)
data['runPath'] = self.getSiteRunPath(mid)
data['userini'] = False
if os.path.exists(path + '/.user.ini'):
data['userini'] = True
if data['runPath']['runPath'] != '/':
if os.path.exists(path + data['runPath']['runPath'] + '/.user.ini'):
data['userini'] = True
data['pass'] = self.getHasPwd(name)
data['path'] = path
data['name'] = name
return mw.returnJson(True, 'OK', data)
def setDirUserIniApi(self):
path = request.form.get('path', '')
runPath = request.form.get('runPath', '')
filename = path + '/.user.ini'
if os.path.exists(filename):
self.delUserInI(path)
mw.execShell("which chattr && chattr -i " + filename)
os.remove(filename)
return mw.returnJson(True, '已清除防跨站设置!')
self.setDirUserINI(path, runPath)
mw.execShell("which chattr && chattr +i " + filename)
return mw.returnJson(True, '已打开防跨站设置!')
def setRewriteApi(self):
data = request.form.get('data', '')
path = request.form.get('path', '')
encoding = request.form.get('encoding', '')
if not os.path.exists(path):
mw.writeFile(path, '')
mw.backFile(path)
mw.writeFile(path, data)
isError = mw.checkWebConfig()
if(type(isError) == str):
mw.restoreFile(path)
return mw.returnJson(False, 'ERROR:
' + isError.replace("\n", '
') + '')
mw.restartWeb()
return mw.returnJson(True, '设置成功!')
def setRewriteTplApi(self):
data = request.form.get('data', '')
name = request.form.get('name', '')
path = mw.getRunDir() + "/rewrite/nginx/" + name + ".conf"
if os.path.exists(path):
return mw.returnJson(False, '模版已经存在!')
if data == "":
return mw.returnJson(False, '模版内容不能为空!')
ok = mw.writeFile(path, data)
if not ok:
return mw.returnJson(False, '模版保持失败!')
return mw.returnJson(True, '设置模板成功!')
def logsOpenApi(self):
mid = request.form.get('id', '')
name = mw.M('sites').where("id=?", (mid,)).getField('name')
# NGINX
filename = self.getHostConf(name)
if os.path.exists(filename):
conf = mw.readFile(filename)
rep = self.logsPath + "/" + name + ".log"
if conf.find(rep) != -1:
conf = conf.replace(rep + " main", "off")
else:
conf = conf.replace('access_log off',
'access_log ' + rep + " main")
mw.writeFile(filename, conf)
mw.restartWeb()
return mw.returnJson(True, '操作成功!')
def getCertListApi(self):
try:
vpath = self.sslDir
if not os.path.exists(vpath):
os.system('mkdir -p ' + vpath)
data = []
for d in os.listdir(vpath):
# keyPath = self.sslDir + siteName + '/privkey.pem'
# certPath = self.sslDir + siteName + '/fullchain.pem'
keyPath = vpath + '/' + d + '/privkey.pem'
certPath = vpath + '/' + d + '/fullchain.pem'
if os.path.exists(keyPath) and os.path.exists(certPath):
self.saveCert(keyPath, certPath)
mpath = vpath + '/' + d + '/info.json'
if not os.path.exists(mpath):
continue
tmp = mw.readFile(mpath)
if not tmp:
continue
tmp1 = json.loads(tmp)
data.append(tmp1)
return mw.returnJson(True, 'OK', data)
except:
return mw.returnJson(True, 'OK', [])
def deleteSslApi(self):
site_name = request.form.get('site_name', '')
ssl_type = request.form.get('ssl_type', '')
path = self.sslDir + '/' + site_name
csr_path = path + '/fullchain.pem' # 生成证书路径
file = self.getHostConf(site_name)
content = mw.readFile(file)
key_text = 'ssl_certificate'
status = True
if content.find(key_text) == -1:
status = False
if ssl_type == 'now':
if status:
return mw.returnJson(False, '使用中,先关闭再删除')
if os.path.exists(path):
mw.execShell('rm -rf ' + path)
else:
return mw.returnJson(False, '还未申请!')
elif ssl_type == 'lets':
ssl_lets_dir = self.sslLetsDir + '/' + site_name
csr_lets_path = ssl_lets_dir + '/fullchain.pem' # 生成证书路径
if mw.md5(mw.readFile(csr_lets_path)) == mw.md5(mw.readFile(csr_path)):
return mw.returnJson(False, '使用中,先关闭再删除')
mw.execShell('rm -rf ' + ssl_lets_dir)
elif ssl_type == 'acme':
ssl_acme_dir = mw.getAcmeDir() + '/' + site_name
csr_acme_path = ssl_acme_dir + '/fullchain.cer' # 生成证书路径
if mw.md5(mw.readFile(csr_acme_path)) == mw.md5(mw.readFile(csr_path)):
return mw.returnJson(False, '使用中,先关闭再删除')
mw.execShell('rm -rf ' + ssl_acme_dir)
# mw.restartWeb()
return mw.returnJson(True, '删除成功')
def getSslApi(self):
site_name = request.form.get('site_name', '')
ssl_type = request.form.get('ssl_type', '')
path = self.sslDir + '/' + site_name
file = self.getHostConf(site_name)
content = mw.readFile(file)
key_text = 'ssl_certificate'
status = True
stype = 0
if content.find(key_text) == -1:
status = False
stype = -1
to_https = self.isToHttps(site_name)
sid = mw.M('sites').where("name=?", (site_name,)).getField('id')
domains = mw.M('domain').where("pid=?", (sid,)).field('name').select()
csr_path = path + '/fullchain.pem' # 生成证书路径
key_path = path + '/privkey.pem' # 密钥文件路径
cert_data = None
if ssl_type == 'lets':
csr_path = self.sslLetsDir + '/' + site_name + '/fullchain.pem' # 生成证书路径
key_path = self.sslLetsDir + '/' + site_name + '/privkey.pem' # 密钥文件路径
elif ssl_type == 'acme':
csr_path = mw.getAcmeDir() + '/' + site_name + '/fullchain.cer' # 生成证书路径
key_path = mw.getAcmeDir() + '/' + site_name + '/' + \
site_name + '.key' # 密钥文件路径
key = mw.readFile(key_path)
csr = mw.readFile(csr_path)
cert_data = self.getCertName(csr_path)
data = {
'status': status,
'domain': domains,
'key': key,
'csr': csr,
'type': stype,
'httpTohttps': to_https,
'cert_data': cert_data,
}
return mw.returnJson(True, 'OK', data)
def setSslApi(self):
siteName = request.form.get('siteName', '')
key = request.form.get('key', '')
csr = request.form.get('csr', '')
path = self.sslDir + '/' + siteName
if not os.path.exists(path):
mw.execShell('mkdir -p ' + path)
csrpath = path + "/fullchain.pem" # 生成证书路径
keypath = path + "/privkey.pem" # 密钥文件路径
if(key.find('KEY') == -1):
return mw.returnJson(False, '秘钥错误,请检查!')
if(csr.find('CERTIFICATE') == -1):
return mw.returnJson(False, '证书错误,请检查!')
mw.writeFile('/tmp/cert.pl', csr)
if not mw.checkCert('/tmp/cert.pl'):
return mw.returnJson(False, '证书错误,请粘贴正确的PEM格式证书!')
mw.backFile(keypath)
mw.backFile(csrpath)
mw.writeFile(keypath, key)
mw.writeFile(csrpath, csr)
# 写入配置文件
result = self.setSslConf(siteName)
if not result['status']:
return mw.getJson(result)
isError = mw.checkWebConfig()
if(type(isError) == str):
mw.restoreFile(keypath)
mw.restoreFile(csrpath)
return mw.returnJson(False, 'ERROR:
' + isError.replace("\n", '
') + '')
mw.writeLog('网站管理', '证书已保存!')
mw.restartWeb()
return mw.returnJson(True, '证书已保存!')
def setCertToSiteApi(self):
certName = request.form.get('certName', '')
siteName = request.form.get('siteName', '')
try:
path = self.sslDir + '/' + siteName.strip()
if not os.path.exists(path):
return mw.returnJson(False, '证书不存在!')
result = self.setSslConf(siteName)
if not result['status']:
return mw.getJson(result)
mw.restartWeb()
mw.writeLog('网站管理', '证书已部署!')
return mw.returnJson(True, '证书已部署!')
except Exception as ex:
return mw.returnJson(False, '设置错误:' + str(ex))
def removeCertApi(self):
certName = request.form.get('certName', '')
try:
path = self.sslDir + '/' + certName
if not os.path.exists(path):
return mw.returnJson(False, '证书已不存在!')
os.system("rm -rf " + path)
return mw.returnJson(True, '证书已删除!')
except:
return mw.returnJson(False, '删除失败!')
def closeSslConfApi(self):
siteName = request.form.get('siteName', '')
file = self.getHostConf(siteName)
conf = mw.readFile(file)
if conf:
rep = "\n\s*#HTTP_TO_HTTPS_START(.|\n){1,300}#HTTP_TO_HTTPS_END"
conf = re.sub(rep, '', conf)
rep = "\s+ssl_certificate\s+.+;\s+ssl_certificate_key\s+.+;"
conf = re.sub(rep, '', conf)
rep = "\s+ssl_protocols\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\s+ssl_ciphers\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\s+ssl_prefer_server_ciphers\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\s+ssl_session_cache\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\s+ssl_session_timeout\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\s+ssl_ecdh_curve\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\s+ssl_session_tickets\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\s+ssl_stapling\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\s+ssl_stapling_verify\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\s+add_header\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\s+add_header\s+.+;\n"
conf = re.sub(rep, '', conf)
rep = "\s+ssl\s+on;"
conf = re.sub(rep, '', conf)
rep = "\s+error_page\s497.+;"
conf = re.sub(rep, '', conf)
rep = "\s+if.+server_port.+\n.+\n\s+\s*}"
conf = re.sub(rep, '', conf)
rep = "\s+listen\s+443.*;"
conf = re.sub(rep, '', conf)
rep = "\s+listen\s+\[\:\:\]\:443.*;"
conf = re.sub(rep, '', conf)
mw.writeFile(file, conf)
msg = mw.getInfo('网站[{1}]关闭SSL成功!', (siteName,))
mw.writeLog('网站管理', msg)
mw.restartWeb()
return mw.returnJson(True, 'SSL已关闭!')
def deploySslApi(self):
site_name = request.form.get('site_name', '')
ssl_type = request.form.get('ssl_type', '')
path = self.sslDir + '/' + site_name
csr_path = path + '/fullchain.pem' # 生成证书路径
key_path = path + '/privkey.pem' # 生成证书路径
if ssl_type == 'lets':
ssl_lets_dir = self.sslLetsDir + '/' + site_name
lets_csrpath = ssl_lets_dir + '/fullchain.pem'
lets_keypath = ssl_lets_dir + '/privkey.pem'
if mw.md5(mw.readFile(lets_csrpath)) == mw.md5(mw.readFile(csr_path)):
return mw.returnJson(False, '已部署Lets')
else:
mw.buildSoftLink(lets_csrpath, csr_path, True)
mw.buildSoftLink(lets_keypath, key_path, True)
mw.execShell('echo "lets" > "' + path + '/README"')
elif ssl_type == 'acme':
ssl_acme_dir = mw.getAcmeDir() + '/' + site_name
acme_csrpath = ssl_acme_dir + '/fullchain.cer'
acme_keypath = ssl_acme_dir + '/' + site_name + '.key'
if mw.md5(mw.readFile(acme_csrpath)) == mw.md5(mw.readFile(csr_path)):
return mw.returnJson(False, '已部署ACME')
else:
mw.buildSoftLink(acme_csrpath, csr_path, True)
mw.buildSoftLink(acme_keypath, key_path, True)
mw.execShell('echo "lets" > "' + path + '/README"')
result = self.setSslConf(siteName)
if not result['status']:
return mw.getJson(result)
return mw.returnJson(True, '部署成功')
def getLetLogsApi(self):
log_file = mw.getRunDir() + '/logs/letsencrypt.log'
if not os.path.exists(log_file):
mw.execShell('touch ' + log_file)
return mw.returnJson(True, 'OK', log_file)
def createLetApi(self):
siteName = request.form.get('siteName', '')
domains = request.form.get('domains', '')
force = request.form.get('force', '')
renew = request.form.get('renew', '')
email_args = request.form.get('email', '')
domains = json.loads(domains)
email = mw.M('users').getField('email')
if email_args.strip() != '':
mw.M('users').setField('email', email_args)
email = email_args
if not len(domains):
return mw.returnJson(False, '请选择域名')
file = self.getHostConf(siteName)
if os.path.exists(file):
siteConf = mw.readFile(file)
if siteConf.find('301-END') != -1:
return mw.returnJson(False, '检测到您的站点做了301重定向设置,请先关闭重定向!')
# 检测存在反向代理
data_path = self.getProxyDataPath(siteName)
data_content = mw.readFile(data_path)
if data_content != False:
try:
data = json.loads(data_content)
except:
pass
for proxy in data:
proxy_dir = "{}/{}".format(self.proxyPath, siteName)
proxy_dir_file = proxy_dir + '/' + proxy['id'] + '.conf'
if os.path.exists(proxy_dir_file):
return mw.returnJson(False, '检测到您的站点做了反向代理设置,请先关闭反向代理!')
auth_to = self.getSitePath(siteName)
to_args = {
'domains': domains,
'auth_type': 'http',
'auth_to': auth_to,
}
import cert_api
data = cert_api.cert_api().applyCertApi(to_args)
if not data['status']:
msg = data['msg']
if type(data['msg']) != str:
msg = data['msg'][0]
emsg = data['msg'][1]['challenges'][0]['error']
msg = msg + '响应状态:' + str(emsg['status']) + '
错误类型:' + emsg[
'type'] + '
错误代码:' + emsg['detail'] + '
'
return mw.returnJson(data['status'], msg, data['msg'])
src_letpath = mw.getServerDir() + '/web_conf/letsencrypt/' + siteName
src_csrpath = src_letpath + "/fullchain.pem" # 生成证书路径
src_keypath = src_letpath + "/privkey.pem" # 密钥文件路径
dst_letpath = self.sslDir + '/' + siteName
dst_csrpath = dst_letpath + '/fullchain.pem'
dst_keypath = dst_letpath + '/privkey.pem'
if not os.path.exists(dst_letpath):
mw.execShell('mkdir -p ' + dst_letpath)
mw.execShell('ln -sf "' + src_csrpath + '" "' + dst_csrpath + '"')
mw.execShell('ln -sf "' + src_keypath + '" "' + dst_keypath + '"')
mw.execShell('echo "let" > "' + dst_letpath + '/README"')
# 写入配置文件
result = self.setSslConf(siteName)
if not result['status']:
return mw.getJson(result)
result['csr'] = mw.readFile(src_csrpath)
result['key'] = mw.readFile(src_keypath)
return mw.returnJson(data['status'], data['msg'], result)
def getAcmeLogsApi(self):
log_file = mw.getRunDir() + '/logs/acme.log'
if not os.path.exists(log_file):
mw.execShell('touch ' + log_file)
return mw.returnJson(True, 'OK', log_file)
def createAcmeApi(self):
siteName = request.form.get('siteName', '')
domains = request.form.get('domains', '')
force = request.form.get('force', '')
renew = request.form.get('renew', '')
email_args = request.form.get('email', '')
domains = json.loads(domains)
email = mw.M('users').getField('email')
if email_args.strip() != '':
mw.M('users').setField('email', email_args)
email = email_args
if not len(domains):
return mw.returnJson(False, '请选择域名')
file = self.getHostConf(siteName)
if os.path.exists(file):
siteConf = mw.readFile(file)
if siteConf.find('301-END') != -1:
return mw.returnJson(False, '检测到您的站点做了301重定向设置,请先关闭重定向!')
# 检测存在反向代理
data_path = self.getProxyDataPath(siteName)
data_content = mw.readFile(data_path)
if data_content != False:
try:
data = json.loads(data_content)
except:
pass
for proxy in data:
proxy_dir = "{}/{}".format(self.proxyPath, siteName)
proxy_dir_file = proxy_dir + '/' + proxy['id'] + '.conf'
if os.path.exists(proxy_dir_file):
return mw.returnJson(False, '检测到您的站点做了反向代理设置,请先关闭反向代理!')
siteInfo = mw.M('sites').where(
'name=?', (siteName,)).field('id,name,path').find()
path = self.getSitePath(siteName)
srcPath = siteInfo['path']
# 检测acme是否安装
acme_dir = mw.getAcmeDir()
if not os.path.exists(acme_dir):
try:
mw.execShell("curl -sS curl https://get.acme.sh | sh")
except:
pass
if not os.path.exists(acme_dir):
return mw.returnJson(False, '尝试自动安装ACME失败,请通过以下命令尝试手动安装安装命令: curl https://get.acme.sh | sh
')
# 避免频繁执行
checkAcmeRun = mw.execShell('ps -ef|grep acme.sh |grep -v grep')
if checkAcmeRun[0] != '':
return mw.returnJson(False, '正在申请或更新SSL中...')
if force == 'true':
force_bool = True
if renew == 'true':
execStr = acme_dir + "/acme.sh --renew --yes-I-know-dns-manual-mode-enough-go-ahead-please"
else:
execStr = acme_dir + "/acme.sh --issue --force"
# 确定主域名顺序
domainsTmp = []
if siteName in domains:
domainsTmp.append(siteName)
for domainTmp in domains:
if domainTmp == siteName:
continue
domainsTmp.append(domainTmp)
domains = domainsTmp
domainCount = 0
for domain in domains:
if mw.checkIp(domain):
continue
if domain.find('*.') != -1:
return mw.returnJson(False, '泛域名不能使用【文件验证】的方式申请证书!')
execStr += ' -w ' + path
execStr += ' -d ' + domain
domainCount += 1
if domainCount == 0:
return mw.returnJson(False, '请选择域名(不包括IP地址与泛域名)!')
log_file = mw.getRunDir() + '/logs/acme.log'
mw.writeFile(log_file, "开始ACME申请...\n", "wb+")
cmd = 'export ACCOUNT_EMAIL=' + email + ' && ' + \
execStr + ' >> ' + log_file
# print(domains)
# print(cmd)
result = mw.execShell(cmd)
src_path = acme_dir + '/' + domains[0]
src_cert = src_path + '/fullchain.cer'
src_key = src_path + '/' + domains[0] + '.key'
msg = '签发失败,您尝试申请证书的失败次数已达上限!1、检查域名是否绑定到对应站点
\
2、检查域名是否正确解析到本服务器,或解析还未完全生效
\
3、如果您的站点设置了反向代理,或使用了CDN,请先将其关闭
\
4、如果您的站点设置了301重定向,请先将其关闭
\
5、如果以上检查都确认没有问题,请尝试更换DNS服务商
'
if not os.path.exists(src_cert.replace("\*", "*")):
data = {}
data['err'] = result
data['out'] = result[0]
data['msg'] = msg
data['result'] = {}
if result[1].find('new-authz error:') != -1:
data['result'] = json.loads(
re.search("{.+}", result[1]).group())
if data['result']['status'] == 429:
data['msg'] = msg
data['status'] = False
return mw.getJson(data)
dst_path = self.sslDir + '/' + siteName
dst_cert = dst_path + "/fullchain.pem" # 生成证书路径
dst_key = dst_path + "/privkey.pem" # 密钥文件路径
if not os.path.exists(dst_path):
mw.execShell("mkdir -p " + dst_path)
mw.execShell('ln -sf "' + src_cert + '" "' + dst_cert + '"')
mw.execShell('ln -sf "' + src_key + '" "' + dst_key + '"')
mw.execShell('echo "acme" > "' + dst_path + '/README"')
# 写入配置文件
result = self.setSslConf(siteName)
if not result['status']:
return mw.getJson(result)
result['csr'] = mw.readFile(src_cert)
result['key'] = mw.readFile(src_key)
mw.restartWeb()
return mw.returnJson(True, '证书已更新!', result)
def httpToHttpsApi(self):
siteName = request.form.get('siteName', '')
file = self.getHostConf(siteName)
conf = mw.readFile(file)
if conf:
if conf.find('ssl_certificate') == -1:
return mw.returnJson(False, '当前未开启SSL')
to = """#error_page 404/404.html;
# HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
# HTTP_TO_HTTPS_END"""
conf = conf.replace('#error_page 404/404.html;', to)
mw.writeFile(file, conf)
mw.restartWeb()
return mw.returnJson(True, '设置成功!证书也要设置好哟!')
def closeToHttpsApi(self):
siteName = request.form.get('siteName', '')
file = self.getHostConf(siteName)
conf = mw.readFile(file)
if conf:
rep = "\n\s*#HTTP_TO_HTTPS_START(.|\n){1,300}#HTTP_TO_HTTPS_END"
conf = re.sub(rep, '', conf)
rep = "\s+if.+server_port.+\n.+\n\s+\s*}"
conf = re.sub(rep, '', conf)
mw.writeFile(file, conf)
mw.restartWeb()
return mw.returnJson(True, '关闭HTTPS跳转成功!')
def getIndexApi(self):
sid = request.form.get('id', '')
data = {}
index = self.getIndex(sid)
data['index'] = index
return mw.getJson(data)
def setIndexApi(self):
sid = request.form.get('id', '')
index = request.form.get('index', '')
return self.setIndex(sid, index)
def getLimitNetApi(self):
sid = request.form.get('id', '')
return self.getLimitNet(sid)
def saveLimitNetApi(self):
sid = request.form.get('id', '')
perserver = request.form.get('perserver', '')
perip = request.form.get('perip', '')
limit_rate = request.form.get('limit_rate', '')
return self.saveLimitNet(sid, perserver, perip, limit_rate)
def closeLimitNetApi(self):
sid = request.form.get('id', '')
return self.closeLimitNet(sid)
def getSecurityApi(self):
sid = request.form.get('id', '')
name = request.form.get('name', '')
return self.getSecurity(sid, name)
def setSecurityApi(self):
fix = request.form.get('fix', '')
domains = request.form.get('domains', '')
status = request.form.get('status', '')
name = request.form.get('name', '')
sid = request.form.get('id', '')
return self.setSecurity(sid, name, fix, domains, status)
def getLogsApi(self):
siteName = request.form.get('siteName', '')
return self.getLogs(siteName)
def getErrorLogsApi(self):
siteName = request.form.get('siteName', '')
return self.getErrorLogs(siteName)
def getSitePhpVersionApi(self):
siteName = request.form.get('siteName', '')
return self.getSitePhpVersion(siteName)
def getHostConfApi(self):
siteName = request.form.get('siteName', '')
host = self.getHostConf(siteName)
return mw.getJson({'host': host})
def getRewriteConfApi(self):
siteName = request.form.get('siteName', '')
rewrite = self.getRewriteConf(siteName)
return mw.getJson({'rewrite': rewrite})
def getRewriteTplApi(self):
tplname = request.form.get('tplname', '')
file = mw.getRunDir() + '/rewrite/nginx/' + tplname + '.conf'
if not os.path.exists(file):
return mw.returnJson(False, '模版不存在!')
return mw.returnJson(True, 'OK', file)
def getRewriteListApi(self):
rlist = self.getRewriteList()
return mw.getJson(rlist)
def getRootDirApi(self):
data = {}
data['dir'] = mw.getWwwDir()
return mw.getJson(data)
def setEndDateApi(self):
sid = request.form.get('id', '')
edate = request.form.get('edate', '')
return self.setEndDate(sid, edate)
def addApi(self):
webname = request.form.get('webinfo', '')
ps = request.form.get('ps', '')
path = request.form.get('path', '')
version = request.form.get('version', '')
port = request.form.get('port', '')
return self.add(webname, port, ps, path, version)
def checkWebStatusApi(self):
'''
创建站点检查web服务
'''
if not mw.isInstalledWeb():
return mw.returnJson(False, '请安装并启动OpenResty服务!')
# 这个快点
pid = mw.getServerDir() + '/openresty/nginx/logs/nginx.pid'
if not os.path.exists(pid):
return mw.returnJson(False, '请启动OpenResty服务!')
# path = mw.getServerDir() + '/openresty/init.d/openresty'
# data = mw.execShell(path + " status")
# if data[0].strip().find('stopped') != -1:
# return mw.returnJson(False, '请启动OpenResty服务!')
# import plugins_api
# data = plugins_api.plugins_api().run('openresty', 'status')
# if data[0].strip() == 'stop':
# return mw.returnJson(False, '请启动OpenResty服务!')
return mw.returnJson(True, 'OK')
def addDomainApi(self):
isError = mw.checkWebConfig()
if isError != True:
return mw.returnJson(False, 'ERROR: 检测到配置文件有错误,请先排除后再操作
' + isError.replace("\n", '
') + '')
domain = request.form.get('domain', '')
webname = request.form.get('webname', '')
pid = request.form.get('id', '')
return self.addDomain(domain, webname, pid)
def addDomain(self, domain, webname, pid):
if len(domain) < 3:
return mw.returnJson(False, '域名不能为空!')
domains = domain.split(',')
for domain in domains:
if domain == "":
continue
domain = domain.split(':')
# print domain
domain_name = self.toPunycode(domain[0])
domain_port = '80'
reg = "^([\w\-\*]{1,100}\.){1,4}([\w\-]{1,24}|[\w\-]{1,24}\.[\w\-]{1,24})$"
if not re.match(reg, domain_name):
return mw.returnJson(False, '域名格式不正确!')
if len(domain) == 2:
domain_port = domain[1]
if domain_port == "":
domain_port = "80"
if not mw.checkPort(domain_port):
return mw.returnJson(False, '端口范围不合法!')
opid = mw.M('domain').where(
"name=? AND (port=? OR pid=?)", (domain, domain_port, pid)).getField('pid')
if opid:
if mw.M('sites').where('id=?', (opid,)).count():
return mw.returnJson(False, '指定域名已绑定过!')
mw.M('domain').where('pid=?', (opid,)).delete()
if mw.M('binding').where('domain=?', (domain,)).count():
return mw.returnJson(False, '您添加的域名已存在!')
self.nginxAddDomain(webname, domain_name, domain_port)
mw.restartWeb()
msg = mw.getInfo('网站[{1}]添加域名[{2}]成功!', (webname, domain_name))
mw.writeLog('网站管理', msg)
mw.M('domain').add('pid,name,port,addtime',
(pid, domain_name, domain_port, mw.getDate()))
return mw.returnJson(True, '域名添加成功!')
def addDirBindApi(self):
pid = request.form.get('id', '')
domain = request.form.get('domain', '')
dirName = request.form.get('dirName', '')
tmp = domain.split(':')
domain = tmp[0]
port = '80'
if len(tmp) > 1:
port = tmp[1]
if dirName == '':
mw.returnJson(False, '目录不能为空!')
reg = "^([\w\-\*]{1,100}\.){1,4}(\w{1,10}|\w{1,10}\.\w{1,10})$"
if not re.match(reg, domain):
return mw.returnJson(False, '主域名格式不正确!')
siteInfo = mw.M('sites').where(
"id=?", (pid,)).field('id,path,name').find()
webdir = siteInfo['path'] + '/' + dirName
if mw.M('binding').where("domain=?", (domain,)).count() > 0:
return mw.returnJson(False, '您添加的域名已存在!')
if mw.M('domain').where("name=?", (domain,)).count() > 0:
return mw.returnJson(False, '您添加的域名已存在!')
filename = self.getHostConf(siteInfo['name'])
conf = mw.readFile(filename)
if conf:
rep = "enable-php-([0-9]{2,3})\.conf"
tmp = re.search(rep, conf).groups()
version = tmp[0]
source_dirbind_tpl = mw.getRunDir() + '/data/tpl/nginx_dirbind.conf'
content = mw.readFile(source_dirbind_tpl)
content = content.replace('{$PORT}', port)
content = content.replace('{$PHPVER}', version)
content = content.replace('{$DIRBIND}', domain)
content = content.replace('{$ROOT_DIR}', webdir)
content = content.replace('{$SERVER_MAIN}', siteInfo['name'])
content = content.replace('{$OR_REWRITE}', self.rewritePath)
content = content.replace('{$LOGPATH}', mw.getLogsDir())
conf += "\r\n" + content
shutil.copyfile(filename, '/tmp/backup.conf')
mw.writeFile(filename, conf)
conf = mw.readFile(filename)
# 检查配置是否有误
isError = mw.checkWebConfig()
if isError != True:
shutil.copyfile('/tmp/backup.conf', filename)
return mw.returnJson(False, 'ERROR:
' + isError.replace("\n", '
') + '')
mw.M('binding').add('pid,domain,port,path,addtime',
(pid, domain, port, dirName, mw.getDate()))
msg = mw.getInfo('网站[{1}]子目录[{2}]绑定到[{3}]',
(siteInfo['name'], dirName, domain))
mw.writeLog('网站管理', msg)
mw.restartWeb()
return mw.returnJson(True, '添加成功!')
def delDirBindApi(self):
mid = request.form.get('id', '')
binding = mw.M('binding').where(
"id=?", (mid,)).field('id,pid,domain,path').find()
siteName = mw.M('sites').where(
"id=?", (binding['pid'],)).getField('name')
filename = self.getHostConf(siteName)
conf = mw.readFile(filename)
if conf:
rep = "\s*.+BINDING-" + \
binding['domain'] + \
"-START(.|\n)+BINDING-" + binding['domain'] + "-END"
conf = re.sub(rep, '', conf)
mw.writeFile(filename, conf)
mw.M('binding').where("id=?", (mid,)).delete()
filename = self.getDirBindRewrite(siteName, binding['path'])
if os.path.exists(filename):
os.remove(filename)
mw.restartWeb()
msg = mw.getInfo('删除网站[{1}]子目录[{2}]绑定',
(siteName, binding['path']))
mw.writeLog('网站管理', msg)
return mw.returnJson(True, '删除成功!')
# 取子目录Rewrite
def getDirBindRewriteApi(self):
mid = request.form.get('id', '')
add = request.form.get('add', '0')
find = mw.M('binding').where(
"id=?", (mid,)).field('id,pid,domain,path').find()
site = mw.M('sites').where(
"id=?", (find['pid'],)).field('id,name,path').find()
filename = self.getDirBindRewrite(site['name'], find['path'])
if add == '1':
mw.writeFile(filename, '')
file = self.getHostConf(site['name'])
conf = mw.readFile(file)
domain = find['domain']
rep = "\n#BINDING-" + domain + \
"-START(.|\n)+BINDING-" + domain + "-END"
tmp = re.search(rep, conf).group()
dirConf = tmp.replace('rewrite/' + site['name'] + '.conf;', 'rewrite/' + site[
'name'] + '_' + find['path'] + '.conf;')
conf = conf.replace(tmp, dirConf)
mw.writeFile(file, conf)
data = {}
data['rewrite_dir'] = self.rewritePath
data['status'] = False
if os.path.exists(filename):
data['status'] = True
data['data'] = mw.readFile(filename)
data['rlist'] = []
for ds in os.listdir(self.rewritePath):
if ds == 'list.txt':
continue
data['rlist'].append(ds[0:len(ds) - 5])
data['filename'] = filename
return mw.getJson(data)
# 修改物理路径
def setPathApi(self):
mid = request.form.get('id', '')
path = request.form.get('path', '')
path = self.getPath(path)
if path == "" or mid == '0':
return mw.returnJson(False, "目录不能为空!")
import files_api
if not files_api.files_api().checkDir(path):
return mw.returnJson(False, "不能以系统关键目录作为站点目录")
siteFind = mw.M("sites").where(
"id=?", (mid,)).field('path,name').find()
if siteFind["path"] == path:
return mw.returnJson(False, "与原路径一致,无需修改!")
file = self.getHostConf(siteFind['name'])
conf = mw.readFile(file)
if conf:
conf = conf.replace(siteFind['path'], path)
mw.writeFile(file, conf)
# 创建basedir
# userIni = path + '/.user.ini'
# if os.path.exists(userIni):
# mw.execShell("chattr -i " + userIni)
# mw.writeFile(userIni, 'open_basedir=' + path + '/:/tmp/:/proc/')
# mw.execShell('chmod 644 ' + userIni)
# mw.execShell('chown root:root ' + userIni)
# mw.execShell('chattr +i ' + userIni)
mw.restartWeb()
mw.M("sites").where("id=?", (mid,)).setField('path', path)
msg = mw.getInfo('修改网站[{1}]物理路径成功!', (siteFind['name'],))
mw.writeLog('网站管理', msg)
return mw.returnJson(True, "设置成功!")
# 设置当前站点运行目录
def setSiteRunPathApi(self):
mid = request.form.get('id', '')
runPath = request.form.get('runPath', '')
siteName = mw.M('sites').where('id=?', (mid,)).getField('name')
sitePath = mw.M('sites').where('id=?', (mid,)).getField('path')
newPath = sitePath + runPath
# 处理Nginx
filename = self.getHostConf(siteName)
if os.path.exists(filename):
conf = mw.readFile(filename)
rep = '\s*root\s*(.+);'
path = re.search(rep, conf).groups()[0]
conf = conf.replace(path, newPath)
mw.writeFile(filename, conf)
self.setDirUserINI(sitePath, runPath)
mw.restartWeb()
return mw.returnJson(True, '设置成功!')
# 设置目录加密
def setHasPwdApi(self):
username = request.form.get('username', '')
password = request.form.get('password', '')
siteName = request.form.get('siteName', '')
mid = request.form.get('id', '')
if len(username.strip()) == 0 or len(password.strip()) == 0:
return mw.returnJson(False, '用户名或密码不能为空!')
if siteName == '':
siteName = mw.M('sites').where('id=?', (mid,)).getField('name')
# self.closeHasPwd(get)
filename = self.passPath + '/' + siteName + '.pass'
# print(filename)
passconf = username + ':' + mw.hasPwd(password)
if siteName == 'phpmyadmin':
configFile = self.getHostConf('phpmyadmin')
else:
configFile = self.getHostConf(siteName)
# 处理Nginx配置
conf = mw.readFile(configFile)
if conf:
rep = '#error_page 404 /404.html;'
if conf.find(rep) == -1:
rep = '#error_page 404/404.html;'
data = '''
# AUTH_START
auth_basic "Authorization";
auth_basic_user_file %s;
# AUTH_END''' % (filename,)
conf = conf.replace(rep, rep + data)
mw.writeFile(configFile, conf)
# 写密码配置
passDir = self.passPath
if not os.path.exists(passDir):
mw.execShell('mkdir -p ' + passDir)
mw.writeFile(filename, passconf)
mw.restartWeb()
msg = mw.getInfo('设置网站[{1}]为需要密码认证!', (siteName,))
mw.writeLog("网站管理", msg)
return mw.returnJson(True, '设置成功!')
# 取消目录加密
def closeHasPwdApi(self):
siteName = request.form.get('siteName', '')
mid = request.form.get('id', '')
if siteName == '':
siteName = mw.M('sites').where('id=?', (mid,)).getField('name')
if siteName == 'phpmyadmin':
configFile = self.getHostConf('phpmyadmin')
else:
configFile = self.getHostConf(siteName)
if os.path.exists(configFile):
conf = mw.readFile(configFile)
rep = "\n\s*#AUTH_START(.|\n){1,200}#AUTH_END"
conf = re.sub(rep, '', conf)
mw.writeFile(configFile, conf)
mw.restartWeb()
msg = mw.getInfo('清除网站[{1}]的密码认证!', (siteName,))
mw.writeLog("网站管理", msg)
return mw.returnJson(True, '设置成功!')
def delDomainApi(self):
domain = request.form.get('domain', '')
webname = request.form.get('webname', '')
port = request.form.get('port', '')
pid = request.form.get('id', '')
find = mw.M('domain').where("pid=? AND name=?",
(pid, domain)).field('id,name').find()
domain_count = mw.M('domain').where("pid=?", (pid,)).count()
if domain_count == 1:
return mw.returnJson(False, '最后一个域名不能删除!')
file = self.getHostConf(webname)
conf = mw.readFile(file)
if conf:
# 删除域名
rep = "server_name\s+(.+);"
tmp = re.search(rep, conf).group()
newServerName = tmp.replace(' ' + domain + ';', ';')
newServerName = newServerName.replace(' ' + domain + ' ', ' ')
conf = conf.replace(tmp, newServerName)
# 删除端口
rep = "listen\s+([0-9]+);"
tmp = re.findall(rep, conf)
port_count = mw.M('domain').where(
'pid=? AND port=?', (pid, port)).count()
if mw.inArray(tmp, port) == True and port_count < 2:
rep = "\n*\s+listen\s+" + port + ";"
conf = re.sub(rep, '', conf)
# 保存配置
mw.writeFile(file, conf)
mw.M('domain').where("id=?", (find['id'],)).delete()
msg = mw.getInfo('网站[{1}]删除域名[{2}]成功!', (webname, domain))
mw.writeLog('网站管理', msg)
mw.restartWeb()
return mw.returnJson(True, '站点删除成功!')
def deleteApi(self):
sid = request.form.get('id', '')
webname = request.form.get('webname', '')
path = request.form.get('path', '0')
return self.delete(sid, webname, path)
# 操作 重定向配置
def operateRedirectConf(self, siteName, method='start'):
vhost_file = self.vhostPath + '/' + siteName + '.conf'
content = mw.readFile(vhost_file)
cnf_301 = '''
# 301-START
include %s/*.conf;
# 301-END
''' % (self.getRedirectPath( siteName))
cnf_301_source = '''
# 301-START
'''
# print('operateRedirectConf', content.find('#301-END'))
if content.find('#301-END') != -1:
if method == 'stop':
rep = '#301-START(\n|.){1,500}#301-END'
content = re.sub(rep, '#301-START', content)
else:
if method == 'start':
content = re.sub(cnf_301_source, cnf_301, content)
mw.writeFile(vhost_file, content)
# get_redirect_status
def getRedirectApi(self):
_siteName = request.form.get("siteName", '')
# read data base
data_path = self.getRedirectDataPath(_siteName)
data_content = mw.readFile(data_path)
if data_content == False:
mw.execShell("mkdir {}/{}".format(self.redirectPath, _siteName))
return mw.returnJson(True, "", {"result": [], "count": 0})
# get
# conf_path = "{}/{}/*.conf".format(self.redirectPath, siteName)
# conf_list = glob.glob(conf_path)
# if conf_list == []:
# return mw.returnJson(True, "", {"result": [], "count": 0})
try:
data = json.loads(data_content)
except:
mw.execShell("rm -rf {}/{}".format(self.redirectPath, _siteName))
return mw.returnJson(True, "", {"result": [], "count": 0})
# 处理301信息
return mw.returnJson(True, "ok", {"result": data, "count": len(data)})
def getRedirectConfApi(self):
_siteName = request.form.get("siteName", '')
_id = request.form.get("id", '')
if _id == '' or _siteName == '':
return mw.returnJson(False, "必填项不能为空!")
data = mw.readFile(
"{}/{}/{}.conf".format(self.redirectPath, _siteName, _id))
if data == False:
return mw.returnJson(False, "获取失败!")
return mw.returnJson(True, "ok", {"result": data})
def saveRedirectConfApi(self):
_siteName = request.form.get("siteName", '')
_id = request.form.get("id", '')
_config = request.form.get("config", "")
if _id == '' or _siteName == '':
return mw.returnJson(False, "必填项不能为空!")
_old_config = mw.readFile(
"{}/{}/{}.conf".format(self.redirectPath, _siteName, _id))
if _old_config == False:
return mw.returnJson(False, "非法操作")
mw.writeFile("{}/{}/{}.conf".format(self.redirectPath,
_siteName, _id), _config)
rule_test = mw.checkWebConfig()
if rule_test != True:
mw.writeFile("{}/{}/{}.conf".format(self.redirectPath,
_siteName, _id), _old_config)
return mw.returnJson(False, "OpenResty 配置测试不通过, 请重试: {}".format(rule_test))
self.operateRedirectConf(_siteName, 'start')
mw.restartWeb()
return mw.returnJson(True, "ok")
# get redirect status
def setRedirectApi(self):
_siteName = request.form.get("siteName", '')
# from (example.com / /test/)
_from = request.form.get("from", '')
_to = request.form.get("to", '') # redirect to
_type = request.form.get("type", '') # path / domain
_rType = request.form.get("r_type", '') # redirect type
_keepPath = request.form.get("keep_path", '') # keep path
if _siteName == '' or _from == '' or _to == '' or _type == '' or _rType == '':
return mw.returnJson(False, "必填项不能为空!")
data_path = self.getRedirectDataPath(_siteName)
data_content = mw.readFile(
data_path) if os.path.exists(data_path) else ""
data = json.loads(data_content) if data_content != "" else []
_rTypeCode = 0 if _rType == "301" else 1
_typeCode = 0 if _type == "path" else 1
_keepPath = 1 if _keepPath == "1" else 0
# check if domain exists in site
if _typeCode == 1:
pid = mw.M('domain').where("name=?", (_siteName,)).field(
'id,pid,name,port,addtime').select()
site_domain_lists = mw.M('domain').where("pid=?", (pid[0]['pid'],)).field(
'name').select()
found = False
for item in site_domain_lists:
if item['name'] == _from:
found = True
break
if found == False:
return mw.returnJson(False, "域名不存在!")
file_content = ""
# path
if _typeCode == 0:
redirect_type = "permanent" if _rTypeCode == 0 else "redirect"
if not _from.startswith("/"):
_from = "/{}".format(_from)
if _keepPath == 1:
_to = "{}$1".format(_to)
_from = "{}(.*)".format(_from)
file_content = "rewrite ^{} {} {};".format(
_from, _to, redirect_type)
# domain
else:
if _keepPath == 1:
_to = "{}$request_uri".format(_to)
redirect_type = "301" if _rTypeCode == 0 else "302"
_if = "if ($host ~ '^{}')".format(_from)
_return = "return {} {}; ".format(redirect_type, _to)
file_content = _if + "{\r\n " + _return + "\r\n}"
_id = mw.md5("{}+{}".format(file_content, _siteName))
# 防止规则重复
for item in data:
if item["r_from"] == _from:
return mw.returnJson(False, "重复的规则!")
rep = "http(s)?\:\/\/([a-zA-Z0-9][-a-zA-Z0-9]{0,62}\.)+([a-zA-Z0-9][a-zA-Z0-9]{0,62})+.?"
if not re.match(rep, _to):
return mw.returnJson(False, "错误的目标地址")
# write data json file
data.append({"r_from": _from, "type": _typeCode, "r_type": _rTypeCode,
"r_to": _to, 'keep_path': _keepPath, 'id': _id})
mw.writeFile(data_path, json.dumps(data))
mw.writeFile(
"{}/{}.conf".format(self.getRedirectPath(_siteName), _id), file_content)
self.operateRedirectConf(_siteName, 'start')
mw.restartWeb()
return mw.returnJson(True, "ok")
# 删除指定重定向
def delRedirectApi(self):
_siteName = request.form.get("siteName", '')
_id = request.form.get("id", '')
if _id == '' or _siteName == '':
return mw.returnJson(False, "必填项不能为空!")
try:
data_path = self.getRedirectDataPath(_siteName)
data_content = mw.readFile(
data_path) if os.path.exists(data_path) else ""
data = json.loads(data_content) if data_content != "" else []
for item in data:
if item["id"] == _id:
data.remove(item)
break
# write database
mw.writeFile(data_path, json.dumps(data))
# data is empty ,should stop
if len(data) == 0:
self.operateRedirectConf(_siteName, 'stop')
# remove conf file
mw.execShell(
"rm -rf {}/{}.conf".format(self.getRedirectPath(_siteName), _id))
except:
return mw.returnJson(False, "删除失败!")
return mw.returnJson(True, "删除成功!")
# 操作 反向代理配置
def operateProxyConf(self, siteName, method='start'):
vhost_file = self.vhostPath + '/' + siteName + '.conf'
content = mw.readFile(vhost_file)
proxy_cnf = '''
# PROXY-START
include %s/*.conf;
# PROXY-END
''' % (self.getProxyPath(siteName))
proxy_cnf_source = '''
# PROXY-START
'''
if content.find('#PROXY-END') != -1:
if method == 'stop':
rep = '#PROXY-START(\n|.){1,500}#PROXY-END'
content = re.sub(rep, '#PROXY-START', content)
else:
if method == 'start':
content = re.sub(proxy_cnf_source, proxy_cnf, content)
mw.writeFile(vhost_file, content)
def getProxyConfApi(self):
_siteName = request.form.get("siteName", '')
_id = request.form.get("id", '')
if _id == '' or _siteName == '':
return mw.returnJson(False, "必填项不能为空!")
conf_file = "{}/{}/{}.conf".format(self.proxyPath, _siteName, _id)
if not os.path.exists(conf_file):
conf_file = "{}/{}/{}.conf.txt".format(
self.proxyPath, _siteName, _id)
data = mw.readFile(conf_file)
if data == False:
return mw.returnJson(False, "获取失败!")
return mw.returnJson(True, "ok", {"result": data})
def setProxyStatusApi(self):
_siteName = request.form.get("siteName", '')
_status = request.form.get("status", '')
_id = request.form.get("id", '')
if _status == '' or _siteName == '' or _id == '':
return mw.returnJson(False, "必填项不能为空!")
conf_file = "{}/{}/{}.conf".format(self.proxyPath, _siteName, _id)
conf_txt = "{}/{}/{}.conf.txt".format(self.proxyPath, _siteName, _id)
if _status == '1':
mw.execShell('mv ' + conf_txt + ' ' + conf_file)
else:
mw.execShell('mv ' + conf_file + ' ' + conf_txt)
mw.restartWeb()
return mw.returnJson(True, "OK")
def saveProxyConfApi(self):
_siteName = request.form.get("siteName", '')
_id = request.form.get("id", '')
_config = request.form.get("config", "")
if _id == '' or _siteName == '':
return mw.returnJson(False, "必填项不能为空!")
_old_config = mw.readFile(
"{}/{}/{}.conf".format(self.proxyPath, _siteName, _id))
if _old_config == False:
return mw.returnJson(False, "非法操作")
mw.writeFile("{}/{}/{}.conf".format(self.proxyPath,
_siteName, _id), _config)
rule_test = mw.checkWebConfig()
if rule_test != True:
mw.writeFile("{}/{}/{}.conf".format(self.proxyPath,
_siteName, _id), _old_config)
return mw.returnJson(False, "OpenResty 配置测试不通过, 请重试: {}".format(rule_test))
self.operateRedirectConf(_siteName, 'start')
mw.restartWeb()
return mw.returnJson(True, "ok")
# 读取 网站 反向代理列表
def getProxyListApi(self):
_siteName = request.form.get('siteName', '')
data_path = self.getProxyDataPath(_siteName)
data_content = mw.readFile(data_path)
# not exists
if data_content == False:
mw.execShell("mkdir {}/{}".format(self.proxyPath, _siteName))
return mw.returnJson(True, "", {"result": [], "count": 0})
try:
data = json.loads(data_content)
except:
mw.execShell("rm -rf {}/{}".format(self.proxyPath, _siteName))
return mw.returnJson(True, "", {"result": [], "count": 0})
tmp = []
for proxy in data:
proxy_dir = "{}/{}".format(self.proxyPath, _siteName)
proxy_dir_file = proxy_dir + '/' + proxy['id'] + '.conf'
if os.path.exists(proxy_dir_file):
proxy['status'] = True
else:
proxy['status'] = False
tmp.append(proxy)
return mw.returnJson(True, "ok", {"result": data, "count": len(data)})
# 设置 网站 反向代理列表
def setProxyApi(self):
_siteName = request.form.get('siteName', '')
_from = request.form.get('from', '')
_to = request.form.get('to', '')
_host = request.form.get('host', '')
_open_proxy = request.form.get('open_proxy', '')
if _siteName == "" or _from == "" or _to == "" or _host == "":
return mw.returnJson(False, "必填项不能为空")
data_path = self.getProxyDataPath(_siteName)
data_content = mw.readFile(
data_path) if os.path.exists(data_path) else ""
data = json.loads(data_content) if data_content != "" else []
rep = "http(s)?\:\/\/([a-zA-Z0-9][-a-zA-Z0-9]{0,62}\.)+([a-zA-Z0-9][a-zA-Z0-9]{0,62})+.?"
if not re.match(rep, _to):
return mw.returnJson(False, "错误的目标地址!")
# _to = _to.strip("/")
# get host from url
try:
if _host == "$host":
host_tmp = urlparse(_to)
_host = host_tmp.netloc
except:
return mw.returnJson(False, "错误的目标地址")
# location ~* ^{from}(.*)$ {
tpl = """
# PROXY-START/
location ^~ {from} {
proxy_pass {to};
proxy_set_header Host {host};
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
add_header X-Cache $upstream_cache_status;
proxy_ignore_headers Set-Cookie Cache-Control expires;
add_header Cache-Control no-cache;
set $static_files_app 0;
if ( $uri ~* "\.(gif|png|jpg|css|js|woff|woff2)$" )
{
set $static_files_app 1;
expires 12h;
}
if ( $static_files_app = 0 )
{
add_header Cache-Control no-cache;
}
}
# PROXY-END/
"""
# replace
if _from[0] != '/':
_from = '/' + _from
tpl = tpl.replace("{from}", _from, 999)
tpl = tpl.replace("{to}", _to)
tpl = tpl.replace("{host}", _host, 999)
_id = mw.md5("{}+{}+{}".format(_from, _to, _siteName))
for item in data:
if item["id"] == _id:
return mw.returnJson(False, "已存在该规则!")
if item["from"] == _from:
return mw.returnJson(False, "代理目录已存在!")
data.append({
"from": _from,
"to": _to,
"host": _host,
"id": _id
})
conf_file = "{}/{}.conf".format(self.getProxyPath(_siteName), _id)
if _open_proxy != 'on':
conf_file = "{}/{}.conf.txt".format(
self.getProxyPath(_siteName), _id)
mw.writeFile(data_path, json.dumps(data))
mw.writeFile(conf_file, tpl)
self.operateProxyConf(_siteName, 'start')
mw.restartWeb()
return mw.returnJson(True, "ok", {"hash": _id})
def delProxyApi(self):
_siteName = request.form.get("siteName", '')
_id = request.form.get("id", '')
if _id == '' or _siteName == '':
return mw.returnJson(False, "必填项不能为空!")
try:
data_path = self.getProxyDataPath(_siteName)
data_content = mw.readFile(
data_path) if os.path.exists(data_path) else ""
data = json.loads(data_content) if data_content != "" else []
for item in data:
if item["id"] == _id:
data.remove(item)
break
# write database
mw.writeFile(data_path, json.dumps(data))
# data is empty,should stop
if len(data) == 0:
self.operateProxyConf(_siteName, 'stop')
# remove conf file
cmd = "rm -rf {}/{}.conf*".format(
self.getProxyPath(_siteName), _id)
mw.execShell(cmd)
except:
return mw.returnJson(False, "删除失败!")
mw.restartWeb()
return mw.returnJson(True, "删除成功!")
def getSiteTypesApi(self):
# 取网站分类
data = mw.M("site_types").field("id,name").order("id asc").select()
data.insert(0, {"id": 0, "name": "默认分类"})
return mw.getJson(data)
def getSiteDocApi(self):
stype = request.form.get('type', '0').strip()
vlist = []
vlist.append('')
vlist.append(mw.getServerDir() +
'/openresty/nginx/html/index.html')
vlist.append(mw.getServerDir() + '/openresty/nginx/html/404.html')
vlist.append(mw.getServerDir() +
'/openresty/nginx/html/index.html')
vlist.append(mw.getServerDir() + '/web_conf/stop/index.html')
data = {}
data['path'] = vlist[int(stype)]
return mw.returnJson(True, 'ok', data)
def addSiteTypeApi(self):
name = request.form.get('name', '').strip()
if not name:
return mw.returnJson(False, "分类名称不能为空")
if len(name) > 18:
return mw.returnJson(False, "分类名称长度不能超过6个汉字或18位字母")
if mw.M('site_types').count() >= 10:
return mw.returnJson(False, '最多添加10个分类!')
if mw.M('site_types').where('name=?', (name,)).count() > 0:
return mw.returnJson(False, "指定分类名称已存在!")
mw.M('site_types').add("name", (name,))
return mw.returnJson(True, '添加成功!')
def removeSiteTypeApi(self):
mid = request.form.get('id', '')
if mw.M('site_types').where('id=?', (mid,)).count() == 0:
return mw.returnJson(False, "指定分类不存在!")
mw.M('site_types').where('id=?', (mid,)).delete()
mw.M("sites").where("type_id=?", (mid,)).save("type_id", (0,))
return mw.returnJson(True, "分类已删除!")
def modifySiteTypeNameApi(self):
# 修改网站分类名称
name = request.form.get('name', '').strip()
mid = request.form.get('id', '')
if not name:
return mw.returnJson(False, "分类名称不能为空")
if len(name) > 18:
return mw.returnJson(False, "分类名称长度不能超过6个汉字或18位字母")
if mw.M('site_types').where('id=?', (mid,)).count() == 0:
return mw.returnJson(False, "指定分类不存在!")
mw.M('site_types').where('id=?', (mid,)).setField('name', name)
return mw.returnJson(True, "修改成功!")
def setSiteTypeApi(self):
# 设置指定站点的分类
site_ids = request.form.get('site_ids', '')
mid = request.form.get('id', '')
site_ids = json.loads(site_ids)
for sid in site_ids:
print(mw.M('sites').where('id=?', (sid,)).setField('type_id', mid))
return mw.returnJson(True, "设置成功!")
##### ----- end ----- ###
# 域名编码转换
def toPunycode(self, domain):
import re
if sys.version_info[0] == 2:
domain = domain.encode('utf8')
tmp = domain.split('.')
newdomain = ''
for dkey in tmp:
# 匹配非ascii字符
match = re.search(u"[\x80-\xff]+", dkey)
if not match:
newdomain += dkey + '.'
else:
newdomain += 'xn--' + \
dkey.decode('utf-8').encode('punycode') + '.'
return newdomain[0:-1]
# 中文路径处理
def toPunycodePath(self, path):
if sys.version_info[0] == 2:
path = path.encode('utf-8')
if os.path.exists(path):
return path
import re
match = re.search(u"[\x80-\xff]+", path)
if not match:
return path
npath = ''
for ph in path.split('/'):
npath += '/' + self.toPunycode(ph)
return npath.replace('//', '/')
# 路径处理
def getPath(self, path):
if path[-1] == '/':
return path[0:-1]
return path
def getSitePath(self, siteName):
file = self.getHostConf(siteName)
if os.path.exists(file):
conf = mw.readFile(file)
rep = '\s*root\s*(.+);'
path = re.search(rep, conf).groups()[0]
return path
return ''
# 取当站点前运行目录
def getSiteRunPath(self, mid):
siteName = mw.M('sites').where('id=?', (mid,)).getField('name')
sitePath = mw.M('sites').where('id=?', (mid,)).getField('path')
path = sitePath
filename = self.getHostConf(siteName)
if os.path.exists(filename):
conf = mw.readFile(filename)
rep = '\s*root\s*(.+);'
path = re.search(rep, conf).groups()[0]
data = {}
if sitePath == path:
data['runPath'] = '/'
else:
data['runPath'] = path.replace(sitePath, '')
dirnames = []
dirnames.append('/')
for filename in os.listdir(sitePath):
try:
filePath = sitePath + '/' + filename
if os.path.islink(filePath):
continue
if os.path.isdir(filePath):
dirnames.append('/' + filename)
except:
pass
data['dirs'] = dirnames
return data
def getHostConf(self, siteName):
return self.vhostPath + '/' + siteName + '.conf'
def getRewriteConf(self, siteName):
return self.rewritePath + '/' + siteName + '.conf'
def getRedirectDataPath(self, siteName):
return "{}/{}/data.json".format(self.redirectPath, siteName)
def getRedirectPath(self, siteName):
return "{}/{}".format(self.redirectPath, siteName)
def getProxyDataPath(self, siteName):
return "{}/{}/data.json".format(self.proxyPath, siteName)
def getProxyPath(self, siteName):
return "{}/{}".format(self.proxyPath, siteName)
def getDirBindRewrite(self, siteName, dirname):
return self.rewritePath + '/' + siteName + '_' + dirname + '.conf'
def getIndexConf(self):
return mw.getServerDir() + '/openresty/nginx/conf/nginx.conf'
def getDomain(self, pid):
_list = mw.M('domain').where("pid=?", (pid,)).field(
'id,pid,name,port,addtime').select()
return mw.getJson(_list)
def getLogs(self, siteName):
logPath = mw.getLogsDir() + '/' + siteName + '.log'
if not os.path.exists(logPath):
return mw.returnJson(False, '日志为空')
return mw.returnJson(True, mw.getLastLine(logPath, 100))
def getErrorLogs(self, siteName):
logPath = mw.getLogsDir() + '/' + siteName + '.error.log'
if not os.path.exists(logPath):
return mw.returnJson(False, '日志为空')
return mw.returnJson(True, mw.getLastLine(logPath, 100))
# 取日志状态
def getLogsStatus(self, siteName):
filename = self.getHostConf(siteName)
conf = mw.readFile(filename)
if conf.find('#ErrorLog') != -1:
return False
if conf.find("access_log off") != -1:
return False
return True
# 取目录加密状态
def getHasPwd(self, siteName):
filename = self.getHostConf(siteName)
conf = mw.readFile(filename)
if conf.find('#AUTH_START') != -1:
return True
return False
def getSitePhpVersion(self, siteName):
conf = mw.readFile(self.getHostConf(siteName))
rep = "enable-php-(.*)\.conf"
tmp = re.search(rep, conf).groups()
data = {}
data['phpversion'] = tmp[0]
return mw.getJson(data)
def getIndex(self, sid):
siteName = mw.M('sites').where("id=?", (sid,)).getField('name')
file = self.getHostConf(siteName)
conf = mw.readFile(file)
rep = "\s+index\s+(.+);"
tmp = re.search(rep, conf).groups()
return tmp[0].replace(' ', ',')
def setIndex(self, sid, index):
if index.find('.') == -1:
return mw.returnJson(False, '默认文档格式不正确,例:index.html')
index = index.replace(' ', '')
index = index.replace(',,', ',')
if len(index) < 3:
return mw.returnJson(False, '默认文档不能为空!')
siteName = mw.M('sites').where("id=?", (sid,)).getField('name')
index_l = index.replace(",", " ")
file = self.getHostConf(siteName)
conf = mw.readFile(file)
if conf:
rep = "\s+index\s+.+;"
conf = re.sub(rep, "\n\tindex " + index_l + ";", conf)
mw.writeFile(file, conf)
mw.writeLog('TYPE_SITE', 'SITE_INDEX_SUCCESS', (siteName, index_l))
return mw.returnJson(True, '设置成功!')
def getLimitNet(self, sid):
siteName = mw.M('sites').where("id=?", (sid,)).getField('name')
filename = self.getHostConf(siteName)
# 站点总并发
data = {}
conf = mw.readFile(filename)
try:
rep = "\s+limit_conn\s+perserver\s+([0-9]+);"
tmp = re.search(rep, conf).groups()
data['perserver'] = int(tmp[0])
# IP并发限制
rep = "\s+limit_conn\s+perip\s+([0-9]+);"
tmp = re.search(rep, conf).groups()
data['perip'] = int(tmp[0])
# 请求并发限制
rep = "\s+limit_rate\s+([0-9]+)\w+;"
tmp = re.search(rep, conf).groups()
data['limit_rate'] = int(tmp[0])
except:
data['perserver'] = 0
data['perip'] = 0
data['limit_rate'] = 0
return mw.getJson(data)
def checkIndexConf(self):
limit = self.getIndexConf()
nginxConf = mw.readFile(limit)
limitConf = "limit_conn_zone $binary_remote_addr zone=perip:10m;\n\t\tlimit_conn_zone $server_name zone=perserver:10m;"
nginxConf = nginxConf.replace(
"#limit_conn_zone $binary_remote_addr zone=perip:10m;", limitConf)
mw.writeFile(limit, nginxConf)
def saveLimitNet(self, sid, perserver, perip, limit_rate):
str_perserver = 'limit_conn perserver ' + perserver + ';'
str_perip = 'limit_conn perip ' + perip + ';'
str_limit_rate = 'limit_rate ' + limit_rate + 'k;'
siteName = mw.M('sites').where("id=?", (sid,)).getField('name')
filename = self.getHostConf(siteName)
conf = mw.readFile(filename)
if(conf.find('limit_conn perserver') != -1):
# 替换总并发
rep = "limit_conn\s+perserver\s+([0-9]+);"
conf = re.sub(rep, str_perserver, conf)
# 替换IP并发限制
rep = "limit_conn\s+perip\s+([0-9]+);"
conf = re.sub(rep, str_perip, conf)
# 替换请求流量限制
rep = "limit_rate\s+([0-9]+)\w+;"
conf = re.sub(rep, str_limit_rate, conf)
else:
conf = conf.replace('#error_page 404/404.html;', "#error_page 404/404.html;\n " +
str_perserver + "\n " + str_perip + "\n " + str_limit_rate)
mw.writeFile(filename, conf)
mw.restartWeb()
mw.writeLog('TYPE_SITE', 'SITE_NETLIMIT_OPEN_SUCCESS', (siteName,))
return mw.returnJson(True, '设置成功!')
def closeLimitNet(self, sid):
siteName = mw.M('sites').where("id=?", (sid,)).getField('name')
filename = self.getHostConf(siteName)
conf = mw.readFile(filename)
# 清理总并发
rep = "\s+limit_conn\s+perserver\s+([0-9]+);"
conf = re.sub(rep, '', conf)
# 清理IP并发限制
rep = "\s+limit_conn\s+perip\s+([0-9]+);"
conf = re.sub(rep, '', conf)
# 清理请求流量限制
rep = "\s+limit_rate\s+([0-9]+)\w+;"
conf = re.sub(rep, '', conf)
mw.writeFile(filename, conf)
mw.restartWeb()
mw.writeLog(
'TYPE_SITE', 'SITE_NETLIMIT_CLOSE_SUCCESS', (siteName,))
return mw.returnJson(True, '已关闭流量限制!')
def getSecurity(self, sid, name):
filename = self.getHostConf(name)
conf = mw.readFile(filename)
data = {}
if conf.find('SECURITY-START') != -1:
rep = "#SECURITY-START(\n|.){1,500}#SECURITY-END"
tmp = re.search(rep, conf).group()
data['fix'] = re.search(
"\(.+\)\$", tmp).group().replace('(', '').replace(')$', '').replace('|', ',')
data['domains'] = ','.join(re.search(
"valid_referers\s+none\s+blocked\s+(.+);\n", tmp).groups()[0].split())
data['status'] = True
else:
data['fix'] = 'jpg,jpeg,gif,png,js,css'
domains = mw.M('domain').where(
'pid=?', (sid,)).field('name').select()
tmp = []
for domain in domains:
tmp.append(domain['name'])
data['domains'] = ','.join(tmp)
data['status'] = False
return mw.getJson(data)
def setSecurity(self, sid, name, fix, domains, status):
if len(fix) < 2:
return mw.returnJson(False, 'URL后缀不能为空!')
file = self.getHostConf(name)
if os.path.exists(file):
conf = mw.readFile(file)
if conf.find('SECURITY-START') != -1:
rep = "\s{0,4}#SECURITY-START(\n|.){1,500}#SECURITY-END\n?"
conf = re.sub(rep, '', conf)
mw.writeLog('网站管理', '站点[' + name + ']已关闭防盗链设置!')
else:
pre_path = self.setupPath + "/php/conf"
re_path = "include\s+" + pre_path + "/enable-php-"
rconf = '''#SECURITY-START 防盗链配置
location ~ .*\.(%s)$
{
expires 30d;
access_log /dev/null;
valid_referers none blocked %s;
if ($invalid_referer){
return 404;
}
}
# SECURITY-END
include %s/enable-php-''' % (fix.strip().replace(',', '|'), domains.strip().replace(',', ' '), pre_path)
conf = re.sub(re_path, rconf, conf)
mw.writeLog('网站管理', '站点[' + name + ']已开启防盗链!')
mw.writeFile(file, conf)
mw.restartWeb()
return mw.returnJson(True, '设置成功!')
def getPhpVersion(self):
phpVersions = ('00', '52', '53', '54', '55',
'56', '70', '71', '72', '73', '74', '80', '81', '82')
data = []
for val in phpVersions:
tmp = {}
if val == '00':
tmp['version'] = '00'
tmp['name'] = '纯静态'
data.append(tmp)
# 标准判断
checkPath = mw.getServerDir() + '/php/' + val + '/bin/php'
if os.path.exists(checkPath):
tmp['version'] = val
tmp['name'] = 'PHP-' + val
data.append(tmp)
# 其他PHP安装类型
conf_dir = mw.getServerDir() + "/web_conf/php/conf"
conf_list = os.listdir(conf_dir)
l = len(conf_list)
rep = "enable-php-(.*?)\.conf"
for name in conf_list:
tmp = {}
try:
matchVer = re.search(rep, name).groups()[0]
except Exception as e:
continue
if matchVer in phpVersions:
continue
tmp['version'] = matchVer
tmp['name'] = 'PHP-' + matchVer
data.append(tmp)
return mw.getJson(data)
# 是否跳转到https
def isToHttps(self, siteName):
file = self.getHostConf(siteName)
conf = mw.readFile(file)
if conf:
# if conf.find('HTTP_TO_HTTPS_START') != -1:
# return True
if conf.find('$server_port !~ 443') != -1:
return True
return False
def getRewriteList(self):
rewriteList = {}
rewriteList['rewrite'] = []
rewriteList['rewrite'].append('0.当前')
for ds in os.listdir('rewrite/nginx'):
rewriteList['rewrite'].append(ds[0:len(ds) - 5])
rewriteList['rewrite'] = sorted(rewriteList['rewrite'])
return rewriteList
def createRootDir(self, path):
autoInit = False
if not os.path.exists(path):
autoInit = True
os.makedirs(path)
if not mw.isAppleSystem():
mw.execShell('chown -R www:www ' + path)
if autoInit:
mw.writeFile(path + '/index.html', 'Work has started!!!')
mw.execShell('chmod -R 755 ' + path)
def nginxAddDomain(self, webname, domain, port):
file = self.getHostConf(webname)
conf = mw.readFile(file)
if not conf:
return
# 添加域名
rep = "server_name\s*(.*);"
tmp = re.search(rep, conf).group()
domains = tmp.split(' ')
if not mw.inArray(domains, domain):
newServerName = tmp.replace(';', ' ' + domain + ';')
conf = conf.replace(tmp, newServerName)
# 添加端口
rep = "listen\s+([0-9]+)\s*[default_server]*\s*;"
tmp = re.findall(rep, conf)
if not mw.inArray(tmp, port):
listen = re.search(rep, conf).group()
conf = conf.replace(
listen, listen + "\n\tlisten " + port + ';')
# 保存配置文件
mw.writeFile(file, conf)
return True
def nginxAddConf(self):
source_tpl = mw.getRunDir() + '/data/tpl/nginx.conf'
vhost_file = self.vhostPath + '/' + self.siteName + '.conf'
content = mw.readFile(source_tpl)
content = content.replace('{$PORT}', self.sitePort)
content = content.replace('{$SERVER_NAME}', self.siteName)
content = content.replace('{$ROOT_DIR}', self.sitePath)
content = content.replace('{$PHP_DIR}', self.setupPath + '/php')
content = content.replace('{$PHPVER}', self.phpVersion)
content = content.replace('{$OR_REWRITE}', self.rewritePath)
# content = content.replace('{$OR_REDIRECT}', self.redirectPath)
# content = content.replace('{$OR_PROXY}', self.proxyPath)
logsPath = mw.getLogsDir()
content = content.replace('{$LOGPATH}', logsPath)
mw.writeFile(vhost_file, content)
# 和反代配置冲突 && 默认伪静态为空
# rewrite_content = '''
# location /{
# if ($PHP_ENV != "1"){
# break;
# }
# if (!-e $request_filename) {
# rewrite ^(.*)$ /index.php/$1 last;
# break;
# }
# }
# '''
rewrite_file = self.rewritePath + '/' + self.siteName + '.conf'
mw.writeFile(rewrite_file, '')
def add(self, webname, port, ps, path, version):
siteMenu = json.loads(webname)
self.siteName = self.toPunycode(
siteMenu['domain'].strip().split(':')[0]).strip()
self.sitePath = self.toPunycodePath(
self.getPath(path.replace(' ', '')))
self.sitePort = port.strip().replace(' ', '')
self.phpVersion = version
if mw.M('sites').where("name=?", (self.siteName,)).count():
return mw.returnJson(False, '您添加的站点已存在!')
# 写入数据库
pid = mw.M('sites').add('name,path,status,ps,edate,addtime,type_id',
(self.siteName, self.sitePath, '1', ps, '0000-00-00', mw.getDate(), 0,))
opid = mw.M('domain').where("name=?", (self.siteName,)).getField('pid')
if opid:
if mw.M('sites').where('id=?', (opid,)).count():
return mw.returnJson(False, '您添加的域名已存在!')
mw.M('domain').where('pid=?', (opid,)).delete()
self.createRootDir(self.sitePath)
self.nginxAddConf()
# 添加更多域名
for domain in siteMenu['domainlist']:
self.addDomain(domain, self.siteName, pid)
mw.M('domain').add('pid,name,port,addtime',
(pid, self.siteName, self.sitePort, mw.getDate()))
data = {}
data['siteStatus'] = False
mw.restartWeb()
return mw.returnJson(True, '添加成功')
def deleteWSLogs(self, webname):
assLogPath = mw.getLogsDir() + '/' + webname + '.log'
errLogPath = mw.getLogsDir() + '/' + webname + '.error.log'
confFile = self.setupPath + '/nginx/vhost/' + webname + '.conf'
rewriteFile = self.setupPath + '/nginx/rewrite/' + webname + '.conf'
passFile = self.setupPath + '/nginx/pass/' + webname + '.conf'
keyPath = self.sslDir + webname + '/privkey.pem'
certPath = self.sslDir + webname + '/fullchain.pem'
logs = [assLogPath,
errLogPath,
confFile,
rewriteFile,
passFile,
keyPath,
certPath]
for i in logs:
mw.deleteFile(i)
# 重定向目录
redirectDir = self.setupPath + '/nginx/redirect/' + webname
if os.path.exists(redirectDir):
mw.execShell('rm -rf ' + redirectDir)
# 代理目录
proxyDir = self.setupPath + '/nginx/proxy/' + webname
if os.path.exists(proxyDir):
mw.execShell('rm -rf ' + proxyDir)
def delete(self, sid, webname, path):
self.deleteWSLogs(webname)
if path == '1':
rootPath = mw.getWwwDir() + '/' + webname
mw.execShell('rm -rf ' + rootPath)
# ssl
ssl_dir = self.sslDir + '/' + webname
if os.path.exists(ssl_dir):
mw.execShell('rm -rf ' + ssl_dir)
ssl_lets_dir = self.sslLetsDir + '/' + webname
if os.path.exists(ssl_lets_dir):
mw.execShell('rm -rf ' + ssl_lets_dir)
ssl_acme_dir = mw.getAcmeDir() + '/' + webname
if os.path.exists(ssl_acme_dir):
mw.execShell('rm -rf ' + ssl_acme_dir)
mw.M('sites').where("id=?", (sid,)).delete()
mw.restartWeb()
return mw.returnJson(True, '站点删除成功!')
def setEndDate(self, sid, edate):
result = mw.M('sites').where(
'id=?', (sid,)).setField('edate', edate)
siteName = mw.M('sites').where('id=?', (sid,)).getField('name')
mw.writeLog('TYPE_SITE', '设置成功,站点到期后将自动停止!', (siteName, edate))
return mw.returnJson(True, '设置成功,站点到期后将自动停止!')
# ssl相关方法 start
def setSslConf(self, siteName):
file = self.getHostConf(siteName)
conf = mw.readFile(file)
keyPath = self.sslDir + '/' + siteName + '/privkey.pem'
certPath = self.sslDir + '/' + siteName + '/fullchain.pem'
if conf:
if conf.find('ssl_certificate') == -1:
sslStr = """#error_page 404/404.html;
ssl_certificate %s;
ssl_certificate_key %s;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
""" % (certPath, keyPath)
if(conf.find('ssl_certificate') != -1):
return mw.returnData(True, 'SSL开启成功!')
conf = conf.replace('#error_page 404/404.html;', sslStr)
rep = "listen\s+([0-9]+)\s*[default_server]*;"
tmp = re.findall(rep, conf)
if not mw.inArray(tmp, '443'):
listen = re.search(rep, conf).group()
http_ssl = "\n\tlisten 443 ssl http2;"
http_ssl = http_ssl + "\n\tlisten [::]:443 ssl http2;"
conf = conf.replace(listen, listen + http_ssl)
mw.backFile(file)
mw.writeFile(file, conf)
isError = mw.checkWebConfig()
if(isError != True):
mw.restoreFile(file)
return mw.returnData(False, '证书错误:
' + isError.replace("\n", '
') + '')
self.saveCert(keyPath, certPath)
msg = mw.getInfo('网站[{1}]开启SSL成功!', siteName)
mw.writeLog('网站管理', msg)
mw.restartWeb()
return mw.returnData(True, 'SSL开启成功!')
def saveCert(self, keyPath, certPath):
try:
certInfo = self.getCertName(certPath)
if not certInfo:
return mw.returnData(False, '证书解析失败!')
vpath = self.sslDir + '/' + certInfo['subject'].strip()
if not os.path.exists(vpath):
os.system('mkdir -p ' + vpath)
mw.writeFile(vpath + '/privkey.pem', mw.readFile(keyPath))
mw.writeFile(vpath + '/fullchain.pem', mw.readFile(certPath))
mw.writeFile(vpath + '/info.json', json.dumps(certInfo))
return mw.returnData(True, '证书保存成功!')
except Exception as e:
return mw.returnData(False, '证书保存失败!')
# 转换时间
def strfDate(self, sdate):
return time.strftime('%Y-%m-%d', time.strptime(sdate, '%Y%m%d%H%M%S'))
# 获取证书名称
def getCertName(self, certPath):
if not os.path.exists(certPath):
return None
try:
import OpenSSL
result = {}
x509 = OpenSSL.crypto.load_certificate(
OpenSSL.crypto.FILETYPE_PEM, mw.readFile(certPath))
# 取产品名称
issuer = x509.get_issuer()
result['issuer'] = ''
if hasattr(issuer, 'CN'):
result['issuer'] = issuer.CN
if not result['issuer']:
is_key = [b'0', '0']
issue_comp = issuer.get_components()
if len(issue_comp) == 1:
is_key = [b'CN', 'CN']
for iss in issue_comp:
if iss[0] in is_key:
result['issuer'] = iss[1].decode()
break
if not result['issuer']:
if hasattr(issuer, 'O'):
result['issuer'] = issuer.O
# 取到期时间
result['notAfter'] = self.strfDate(
bytes.decode(x509.get_notAfter())[:-1])
# 取申请时间
result['notBefore'] = self.strfDate(
bytes.decode(x509.get_notBefore())[:-1])
# 取可选名称
result['dns'] = []
for i in range(x509.get_extension_count()):
s_name = x509.get_extension(i)
if s_name.get_short_name() in [b'subjectAltName', 'subjectAltName']:
s_dns = str(s_name).split(',')
for d in s_dns:
result['dns'].append(d.split(':')[1])
subject = x509.get_subject().get_components()
# 取主要认证名称
if len(subject) == 1:
result['subject'] = subject[0][1].decode()
else:
if not result['dns']:
for sub in subject:
if sub[0] == b'CN':
result['subject'] = sub[1].decode()
break
if 'subject' in result:
result['dns'].append(result['subject'])
else:
result['subject'] = result['dns'][0]
result['endtime'] = int(int(time.mktime(time.strptime(
result['notAfter'], "%Y-%m-%d")) - time.time()) / 86400)
return result
except:
return None
# 清除多余user.ini
def delUserInI(self, path, up=0):
for p1 in os.listdir(path):
try:
npath = path + '/' + p1
if os.path.isdir(npath):
if up < 100:
self.delUserInI(npath, up + 1)
else:
continue
useriniPath = npath + '/.user.ini'
if not os.path.exists(useriniPath):
continue
mw.execShell('which chattr && chattr -i ' + useriniPath)
mw.execShell('rm -f ' + useriniPath)
except:
continue
return True
# 设置目录防御
def setDirUserINI(self, sitePath, runPath):
newPath = sitePath + runPath
filename = newPath + '/.user.ini'
if os.path.exists(filename):
mw.execShell("chattr -i " + filename)
os.remove(filename)
return mw.returnJson(True, '已清除防跨站设置!')
self.delUserInI(newPath)
openPath = 'open_basedir={}/:{}/'.format(newPath, sitePath)
if runPath == '/':
openPath = 'open_basedir={}/'.format(sitePath)
mw.writeFile(filename, openPath + ':/www/server/php:/tmp/:/proc/')
mw.execShell("chattr +i " + filename)
return mw.returnJson(True, '已打开防跨站设置!')
# 转换时间
def strfToTime(self, sdate):
import time
return time.strftime('%Y-%m-%d', time.strptime(sdate, '%b %d %H:%M:%S %Y %Z'))
# ssl相关方法 end