File manager

File manager - Edit - /usr/local/CyberCP/cyberpanel/api/views.py

Back
# -- coding: utf-8 -- import json from django.shortcuts import redirect from django.http import HttpResponse from loginSystem.models import Administrator from plogical.virtualHostUtilities import virtualHostUtilities from plogical import hashPassword from packages.models import Package from baseTemplate.views import renderBase from random import randint from websiteFunctions.models import Websites import os from baseTemplate.models import version from plogical.mailUtilities import mailUtilities from websiteFunctions.website import WebsiteManager from packages.packagesManager import PackagesManager from s3Backups.s3Backups import S3Backups from plogical.CyberCPLogFileWriter import CyberCPLogFileWriter as logging from plogical.processUtilities import ProcessUtilities from django.views.decorators.csrf import csrf_exempt from userManagment.views import submitUserCreation as suc from userManagment.views import submitUserDeletion as duc # Create your views here. @csrf_exempt def verifyConn(request): try: if request.method == 'POST': data = json.loads(request.body) adminUser = data['adminUser'] adminPass = data['adminPass'] admin = Administrator.objects.get(userName=adminUser) if admin.api == 0: data_ret = {"verifyConn": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) if hashPassword.check_password(admin.password, adminPass): data_ret = {"verifyConn": 1} json_data = json.dumps(data_ret) return HttpResponse(json_data) else: data_ret = {"verifyConn": 0} json_data = json.dumps(data_ret) return HttpResponse(json_data) except BaseException as msg: data_ret = {'verifyConn': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) return HttpResponse(json_data) @csrf_exempt def createWebsite(request): data = json.loads(request.body) adminUser = data['adminUser'] admin = Administrator.objects.get(userName=adminUser) if os.path.exists(ProcessUtilities.debugPath): logging.writeToFile(f'Create website payload in API {str(data)}') if admin.api == 0: data_ret = {"existsStatus": 0, 'createWebSiteStatus': 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) wm = WebsiteManager() return wm.createWebsiteAPI(json.loads(request.body)) @csrf_exempt def getPackagesListAPI(request): data = json.loads(request.body) adminUser = data['adminUser'] adminPass = data['adminPass'] admin = Administrator.objects.get(userName=adminUser) if admin.api == 0: data_ret = {"existsStatus": 0, 'listPackages': [], 'error_message': "API Access Disabled."} return HttpResponse(json.dumps(data_ret)) if hashPassword.check_password(admin.password, adminPass): pm = PackagesManager() return pm.listPackagesAPI(data) else: data_ret = {"status": 0, 'error_message': "Could not authorize access to API"} json_data = json.dumps(data_ret) return HttpResponse(json_data) @csrf_exempt def getUserInfo(request): try: if request.method == 'POST': data = json.loads(request.body) adminUser = data['adminUser'] adminPass = data['adminPass'] username = data['username'] admin = Administrator.objects.get(userName=adminUser) if admin.api == 0: data_ret = {"status": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) if hashPassword.check_password(admin.password, adminPass): pass else: data_ret = {"status": 0, 'error_message': "Could not authorize access to API"} json_data = json.dumps(data_ret) return HttpResponse(json_data) try: user = Administrator.objects.get(userName=username) data_ret = {'status': 1, 'firstName': user.firstName, 'lastName': user.lastName, 'email': user.email, 'adminStatus': user.acl.adminStatus, 'error_message': "None"} json_data = json.dumps(data_ret) return HttpResponse(json_data) except: data_ret = {'status': 0, 'error_message': "User does not exists."} json_data = json.dumps(data_ret) return HttpResponse(json_data) except BaseException as msg: data_ret = {'status': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) return HttpResponse(json_data) @csrf_exempt def changeUserPassAPI(request): try: if request.method == 'POST': data = json.loads(request.body) websiteOwner = data['websiteOwner'] ownerPassword = data['ownerPassword'] adminUser = data['adminUser'] adminPass = data['adminPass'] admin = Administrator.objects.get(userName=adminUser) if admin.api == 0: data_ret = {"changeStatus": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) if hashPassword.check_password(admin.password, adminPass): pass else: data_ret = {"changeStatus": 0, 'error_message': "Could not authorize access to API"} json_data = json.dumps(data_ret) return HttpResponse(json_data) websiteOwn = Administrator.objects.get(userName=websiteOwner) websiteOwn.password = hashPassword.hash_password(ownerPassword) websiteOwn.save() data_ret = {'changeStatus': 1, 'error_message': "None"} json_data = json.dumps(data_ret) return HttpResponse(json_data) except BaseException as msg: data_ret = {'changeStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) return HttpResponse(json_data) @csrf_exempt def submitUserDeletion(request): try: if request.method == 'POST': data = json.loads(request.body) adminUser = data['adminUser'] adminPass = data['adminPass'] admin = Administrator.objects.get(userName=adminUser) if admin.api == 0: data_ret = {"status": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) if hashPassword.check_password(admin.password, adminPass): request.session['userID'] = admin.pk return duc(request) else: data_ret = {"status": 0, 'error_message': "Could not authorize access to API"} json_data = json.dumps(data_ret) return HttpResponse(json_data) except BaseException as msg: data_ret = {'submitUserDeletion': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) return HttpResponse(json_data) @csrf_exempt def changePackageAPI(request): try: if request.method == 'POST': data = json.loads(request.body) websiteName = data['websiteName'] packageName = data['packageName'] adminUser = data['adminUser'] adminPass = data['adminPass'] admin = Administrator.objects.get(userName=adminUser) if admin.api == 0: data_ret = {"changePackage": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) if hashPassword.check_password(admin.password, adminPass): pass else: data_ret = {"changePackage": 0, 'error_message': "Could not authorize access to API"} json_data = json.dumps(data_ret) return HttpResponse(json_data) website = Websites.objects.get(domain=websiteName) pack = Package.objects.get(packageName=packageName) website.package = pack website.save() data_ret = {'changePackage': 1, 'error_message': "None"} json_data = json.dumps(data_ret) return HttpResponse(json_data) except BaseException as msg: data_ret = {'changePackage': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) return HttpResponse(json_data) @csrf_exempt def deleteWebsite(request): try: if request.method == 'POST': data = json.loads(request.body) adminUser = data['adminUser'] adminPass = data['adminPass'] admin = Administrator.objects.get(userName=adminUser) if admin.api == 0: data_ret = {"websiteDeleteStatus": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) data['websiteName'] = data['domainName'] if hashPassword.check_password(admin.password, adminPass): pass else: data_ret = {"websiteDeleteStatus": 0, 'error_message': "Could not authorize access to API"} json_data = json.dumps(data_ret) return HttpResponse(json_data) website = Websites.objects.get(domain=data['websiteName']) websiteOwner = website.admin try: if admin.websites_set.all().count() == 0: websiteOwner.delete() except: pass ## Deleting master domain wm = WebsiteManager() return wm.submitWebsiteDeletion(admin.pk, data) except BaseException as msg: data_ret = {'websiteDeleteStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) return HttpResponse(json_data) @csrf_exempt def submitWebsiteStatus(request): try: if request.method == 'POST': data = json.loads(request.body) adminUser = data['adminUser'] adminPass = data['adminPass'] admin = Administrator.objects.get(userName=adminUser) if admin.api == 0: data_ret = {"websiteStatus": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) if hashPassword.check_password(admin.password, adminPass): pass else: data_ret = {"websiteStatus": 0, 'error_message': "Could not authorize access to API"} json_data = json.dumps(data_ret) return HttpResponse(json_data) wm = WebsiteManager() return wm.submitWebsiteStatus(admin.pk, json.loads(request.body)) except BaseException as msg: data_ret = {'websiteStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) return HttpResponse(json_data) @csrf_exempt def loginAPI(request): try: username = request.POST['username'] password = request.POST['password'] admin = Administrator.objects.get(userName=username) if admin.api == 0: data_ret = {"userID": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) if hashPassword.check_password(admin.password, password): request.session['userID'] = admin.pk return redirect(renderBase) else: return HttpResponse("Invalid Credentials.") except BaseException as msg: data = {'userID': 0, 'loginStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data) return HttpResponse(json_data) @csrf_exempt def fetchSSHkey(request): try: if request.method == "POST": data = json.loads(request.body) username = data['username'] password = data['password'] admin = Administrator.objects.get(userName=username) if admin.api == 0: data_ret = {"status": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) if hashPassword.check_password(admin.password, password): pubKey = os.path.join("/root", ".ssh", 'cyberpanel.pub') execPath = "cat " + pubKey data = ProcessUtilities.outputExecutioner(execPath) data_ret = { 'status': 1, 'pubKeyStatus': 1, 'error_message': "None", 'pubKey': data } json_data = json.dumps(data_ret) return HttpResponse(json_data) else: data_ret = { 'status': 0, 'pubKeyStatus': 0, 'error_message': "Could not authorize access to API." } json_data = json.dumps(data_ret) return HttpResponse(json_data) except BaseException as msg: data = {'status': 0, 'pubKeyStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data) return HttpResponse(json_data) @csrf_exempt def remoteTransfer(request): try: if request.method == "POST": data = json.loads(request.body) username = data['username'] password = data['password'] admin = Administrator.objects.get(userName=username) if admin.api == 0: data_ret = {"transferStatus": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) ipAddress = data['ipAddress'] accountsToTransfer = data['accountsToTransfer'] port = data['port'] logging.writeToFile('port on server B-------------- %s' % str(port)) if hashPassword.check_password(admin.password, password): dir = str(randint(1000, 9999)) ##save this port into file portpath = "/home/cyberpanel/remote_port" writeToFile = open(portpath, 'w') writeToFile.writelines(port) writeToFile.close() mailUtilities.checkHome() path = "/home/cyberpanel/accounts-" + str(randint(1000, 9999)) writeToFile = open(path, 'w') for items in accountsToTransfer: writeToFile.writelines(items + "\n") writeToFile.close() ## Accounts to transfer is a path to file, containing accounts. execPath = "/usr/local/CyberCP/bin/python " + virtualHostUtilities.cyberPanel + "/plogical/remoteTransferUtilities.py" execPath = execPath + " remoteTransfer --ipAddress " + ipAddress.rstrip('\n') + " --dir " + dir + " --accountsToTransfer " + path ProcessUtilities.popenExecutioner(execPath) if os.path.exists('/usr/local/CyberCP/debug'): logging.writeToFile('Repor of %s' % repr(execPath)) return HttpResponse(json.dumps({"transferStatus": 1, "dir": dir})) ## else: data_ret = {'transferStatus': 0, 'error_message': "Could not authorize access to API."} json_data = json.dumps(data_ret) return HttpResponse(json_data) except BaseException as msg: data = {'transferStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data) return HttpResponse(json_data) @csrf_exempt def fetchAccountsFromRemoteServer(request): try: if request.method == "POST": data = json.loads(request.body) username = data['username'] password = data['password'] admin = Administrator.objects.get(userName=username) if admin.api == 0: data_ret = {"fetchStatus": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) if hashPassword.check_password(admin.password, password): records = Websites.objects.all() json_data = "[" checker = 0 for items in records: dic = { 'website': items.domain, 'php': items.phpSelection, 'package': items.package.packageName, 'email': items.adminEmail, } if checker == 0: json_data = json_data + json.dumps(dic) checker = 1 else: json_data = json_data + ',' + json.dumps(dic) json_data = json_data + ']' final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "data": json_data}) return HttpResponse(final_json) else: data_ret = {'fetchStatus': 0, 'error_message': "Invalid Credentials"} json_data = json.dumps(data_ret) return HttpResponse(json_data) except BaseException as msg: data = {'fetchStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data) return HttpResponse(json_data) @csrf_exempt def FetchRemoteTransferStatus(request): try: if request.method == "POST": data = json.loads(request.body) username = data['username'] password = data['password'] admin = Administrator.objects.get(userName=username) if admin.api == 0: data_ret = {"fetchStatus": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) dir = "/home/backup/transfer-"+str(data['dir'])+"/backup_log" try: if hashPassword.check_password(admin.password, password): command = f"cat {dir}" status = ProcessUtilities.outputExecutioner(command) final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "status": status}) return HttpResponse(final_json) else: data_ret = {'fetchStatus': 0, 'error_message': "Invalid Credentials"} json_data = json.dumps(data_ret) return HttpResponse(json_data) except: final_json = json.dumps({'fetchStatus': 1, 'error_message': "None", "status": "Just started.."}) return HttpResponse(final_json) except BaseException as msg: data = {'fetchStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data) return HttpResponse(json_data) @csrf_exempt def cancelRemoteTransfer(request): try: if request.method == "POST": data = json.loads(request.body) username = data['username'] password = data['password'] admin = Administrator.objects.get(userName=username) if admin.api == 0: data_ret = {"cancelStatus": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) dir = "/home/backup/transfer-"+str(data['dir']) if hashPassword.check_password(admin.password, password): path = dir + "/pid" command = "cat " + path pid = ProcessUtilities.outputExecutioner(command) command = "kill -KILL " + pid ProcessUtilities.executioner(command) command = "rm -rf " + dir ProcessUtilities.executioner(command) data = {'cancelStatus': 1, 'error_message': "None"} json_data = json.dumps(data) return HttpResponse(json_data) else: data_ret = {'cancelStatus': 0, 'error_message': "Invalid Credentials"} json_data = json.dumps(data_ret) return HttpResponse(json_data) except BaseException as msg: data = {'cancelStatus': 1, 'error_message': str(msg)} json_data = json.dumps(data) return HttpResponse(json_data) @csrf_exempt def cyberPanelVersion(request): try: if request.method == 'POST': data = json.loads(request.body) adminUser = data['username'] adminPass = data['password'] admin = Administrator.objects.get(userName=adminUser) if admin.api == 0: data_ret = {"getVersion": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) if hashPassword.check_password(admin.password, adminPass): Version = version.objects.get(pk=1) data_ret = { "getVersion": 1, 'error_message': "none", 'currentVersion': Version.currentVersion, 'build': Version.build } json_data = json.dumps(data_ret) return HttpResponse(json_data) else: data_ret = { "getVersion": 0, 'error_message': "Could not authorize access to API." } json_data = json.dumps(data_ret) return HttpResponse(json_data) except BaseException as msg: data_ret = { "getVersion": 0, 'error_message': str(msg) } json_data = json.dumps(data_ret) return HttpResponse(json_data) @csrf_exempt def runAWSBackups(request): try: data = json.loads(request.body) randomFile = data['randomFile'] if os.path.exists(randomFile): s3 = S3Backups(request, None, 'runAWSBackups') s3.start() except BaseException as msg: logging.writeToFile(str(msg) + ' [API.runAWSBackups]') @csrf_exempt def submitUserCreation(request): try: if request.method == 'POST': data = json.loads(request.body) adminUser = data['adminUser'] adminPass = data['adminPass'] admin = Administrator.objects.get(userName=adminUser) if admin.api == 0: data_ret = {"status": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) if hashPassword.check_password(admin.password, adminPass): request.session['userID'] = admin.pk return suc(request) else: data_ret = {"status": 0, 'error_message': "Could not authorize access to API"} json_data = json.dumps(data_ret) return HttpResponse(json_data) except BaseException as msg: data_ret = {'changeStatus': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) return HttpResponse(json_data) @csrf_exempt def addFirewallRule(request): try: if request.method == 'POST': data = json.loads(request.body) adminUser = data['adminUser'] adminPass = data['adminPass'] admin = Administrator.objects.get(userName=adminUser) if admin.api == 0: data_ret = {"status": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) if hashPassword.check_password(admin.password, adminPass): from firewall.firewallManager import FirewallManager fm = FirewallManager() return fm.addRule(admin.pk, json.loads(request.body)) else: data_ret = {"status": 0, 'error_message': "Could not authorize access to API"} json_data = json.dumps(data_ret) return HttpResponse(json_data) except BaseException as msg: data_ret = {'submitUserDeletion': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) return HttpResponse(json_data) @csrf_exempt def deleteFirewallRule(request): try: if request.method == 'POST': data = json.loads(request.body) adminUser = data['adminUser'] adminPass = data['adminPass'] admin = Administrator.objects.get(userName=adminUser) if admin.api == 0: data_ret = {"status": 0, 'error_message': "API Access Disabled."} json_data = json.dumps(data_ret) return HttpResponse(json_data) if hashPassword.check_password(admin.password, adminPass): from firewall.firewallManager import FirewallManager fm = FirewallManager() return fm.deleteRule(admin.pk, json.loads(request.body)) else: data_ret = {"status": 0, 'error_message': "Could not authorize access to API"} json_data = json.dumps(data_ret) return HttpResponse(json_data) except BaseException as msg: data_ret = {'submitUserDeletion': 0, 'error_message': str(msg)} json_data = json.dumps(data_ret) return HttpResponse(json_data)

| ver. 1.4 | Github | . | PHP 8.2.28 | Generation time: 0.02 | proxy | phpinfo | Settings