From 75e3718e70fd43252ecec1782757418ff159fc4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?= Date: Tue, 4 Nov 2025 10:07:55 +0100 Subject: [PATCH] rewrite --- routes/main_routes.py | 278 +++++------------------------------------- 1 file changed, 33 insertions(+), 245 deletions(-) diff --git a/routes/main_routes.py b/routes/main_routes.py index 525e75d..e601e91 100644 --- a/routes/main_routes.py +++ b/routes/main_routes.py @@ -1,251 +1,39 @@ -from flask import Blueprint, render_template, request -import subprocess -from auth.auth_middleware import requires_auth -from utils.haproxy_config import update_haproxy_config, count_frontends_and_backends +"""Main routes - Dashboard, Home""" + +from flask import Blueprint, render_template, redirect, url_for, session +from database.models import VirtualHost +from routes.auth_routes import login_required +import logging main_bp = Blueprint('main', __name__) +logger = logging.getLogger(__name__) -def reload_haproxy(): - """Reload HAProxy by killing it - supervisord restarts automatically""" - try: - # Validate config first - result = subprocess.run( - ['haproxy', '-c', '-V', '-f', '/etc/haproxy/haproxy.cfg'], - stdout=subprocess.PIPE, - stderr=subprocess.STDOUT, - text=True, - timeout=10 - ) - - if result.returncode != 0: - return False, f"Config validation failed: {result.stdout}" - - # Kill haproxy - supervisord will restart it automatically - result = subprocess.run( - ['pkill', '-f', 'haproxy'], - stdout=subprocess.PIPE, - stderr=subprocess.STDOUT, - text=True, - timeout=10 - ) - - if result.returncode == 0 or 'No such process' in result.stdout: - print("[HAPROXY] Process killed, supervisord will restart", flush=True) - return True, "HAProxy restarted successfully" - else: - print(f"[HAPROXY] pkill failed: {result.stdout}", flush=True) - return False, f"pkill failed: {result.stdout}" - except Exception as e: - print(f"[HAPROXY] Error: {e}", flush=True) - return False, f"Error: {str(e)}" -@main_bp.route('/', methods=['GET', 'POST']) -@requires_auth +@main_bp.route('/') def index(): - if request.method == 'POST': - # Frontend IP i port - frontend_ip = request.form['frontend_ip'] - frontend_port = request.form['frontend_port'] - frontend_hostname = request.form.get('frontend_hostname', '').strip() - - lb_method = request.form['lb_method'] - protocol = request.form['protocol'] - backend_name = request.form['backend_name'] - - # Header options - add_header = 'add_header' in request.form - header_name = request.form.get('header_name', '') if add_header else '' - header_value = request.form.get('header_value', '') if add_header else '' - - # Server header removal - del_server_header = 'del_server_header' in request.form - - backend_ssl_redirect = 'backend_ssl_redirect' in request.form - ssl_redirect_backend_name = request.form.get('ssl_redirect_backend_name', '').strip() if backend_ssl_redirect else '' - ssl_redirect_port = request.form.get('ssl_redirect_port', '80') # ✅ POBIERA PORT Z FORMU - - # Backend servers - backend_server_names = request.form.getlist('backend_server_names[]') - backend_server_ips = request.form.getlist('backend_server_ips[]') - backend_server_ports = request.form.getlist('backend_server_ports[]') - backend_server_maxconns = request.form.getlist('backend_server_maxconns[]') - - # Custom ACL - add_custom_acl = 'add_custom_acl' in request.form - custom_acl_name = request.form.get('custom_acl_name', '').strip() if add_custom_acl else '' - custom_acl_type = request.form.get('custom_acl_type', 'path_beg') if add_custom_acl else '' - custom_acl_value = request.form.get('custom_acl_value', '').strip() if add_custom_acl else '' - custom_acl_action = request.form.get('custom_acl_action', 'route') if add_custom_acl else '' - custom_acl_backend = request.form.get('custom_acl_backend', '').strip() if add_custom_acl else '' - custom_acl_redirect_url = request.form.get('custom_acl_redirect_url', '').strip() if add_custom_acl else '' - - # SSL - use_ssl = 'ssl_checkbox' in request.form - ssl_cert_path = request.form.get('ssl_cert_path', '/app/ssl/haproxy-configurator.pem') - https_redirect = 'ssl_redirect_checkbox' in request.form - - # DOS Protection - is_dos = 'add_dos' in request.form - ban_duration = request.form.get('ban_duration', '30m') - limit_requests = request.form.get('limit_requests', '100') - - # Forward For - forward_for = 'forward_for_check' in request.form - - # SQL Injection - sql_injection_check = 'sql_injection_check' in request.form - - # XSS - is_xss = 'xss_check' in request.form - - # Remote uploads - is_remote_upload = 'remote_uploads_check' in request.form - - # Webshells - is_webshells = 'webshells_check' in request.form - - # Path-based redirects (legacy) - add_path_based = 'add_path_based' in request.form - redirect_domain_name = request.form.get('redirect_domain_name', '') - root_redirect = request.form.get('root_redirect', '') - redirect_to = request.form.get('redirect_to', '') - - # Forbidden paths (legacy) - is_forbidden_path = 'add_acl_path' in request.form - forbidden_name = request.form.get('forbidden_name', '') - allowed_ip = request.form.get('allowed_ip', '') - forbidden_path = request.form.get('forbidden_path', '') - - # Build backend_servers list - backend_servers = [] - for i in range(len(backend_server_ips)): - name = backend_server_names[i] if i < len(backend_server_names) else f"server{i+1}" - ip = backend_server_ips[i] if i < len(backend_server_ips) else '' - port = backend_server_ports[i] if i < len(backend_server_ports) else '' - maxconn = backend_server_maxconns[i] if i < len(backend_server_maxconns) else None - if ip and port: - backend_servers.append((name, ip, port, maxconn)) - - # Health checks - health_check = False - health_check_link = "" - if protocol == 'http': - health_check = 'health_check' in request.form - if health_check: - health_check_link = request.form.get('health_check_link', '/') - - health_check_tcp = False - if protocol == 'tcp': - health_check_tcp = 'health_check2' in request.form - - # Sticky session - sticky_session = False - sticky_session_type = "" - if 'sticky_session' in request.form: - sticky_session = True - sticky_session_type = request.form.get('sticky_session_type', 'cookie') - - # Legacy ACL (unused, kept for compatibility) - is_acl = False - acl_name = '' - acl_action = '' - acl_backend_name = '' - - # Frontend name (None - will be generated) - frontend_name = None - - # Call update_haproxy_config - message = update_haproxy_config( - frontend_name=frontend_name, - frontend_ip=frontend_ip, - frontend_port=frontend_port, - lb_method=lb_method, - protocol=protocol, - backend_name=backend_name, - backend_servers=backend_servers, - health_check=health_check, - health_check_tcp=health_check_tcp, - health_check_link=health_check_link, - sticky_session=sticky_session, - add_header=add_header, - header_name=header_name, - header_value=header_value, - sticky_session_type=sticky_session_type, - is_acl=is_acl, - acl_name=acl_name, - acl_action=acl_action, - acl_backend_name=acl_backend_name, - use_ssl=use_ssl, - ssl_cert_path=ssl_cert_path, - https_redirect=https_redirect, - is_dos=is_dos, - ban_duration=ban_duration, - limit_requests=limit_requests, - forward_for=forward_for, - is_forbidden_path=is_forbidden_path, - forbidden_name=forbidden_name, - allowed_ip=allowed_ip, - forbidden_path=forbidden_path, - sql_injection_check=sql_injection_check, - is_xss=is_xss, - is_remote_upload=is_remote_upload, - add_path_based=add_path_based, - redirect_domain_name=redirect_domain_name, - root_redirect=root_redirect, - redirect_to=redirect_to, - is_webshells=is_webshells, - del_server_header=del_server_header, - backend_ssl_redirect=backend_ssl_redirect, - ssl_redirect_backend_name=ssl_redirect_backend_name, - ssl_redirect_port=ssl_redirect_port, - frontend_hostname=frontend_hostname, - add_custom_acl=add_custom_acl, - custom_acl_name=custom_acl_name, - custom_acl_type=custom_acl_type, - custom_acl_value=custom_acl_value, - custom_acl_action=custom_acl_action, - custom_acl_backend=custom_acl_backend, - custom_acl_redirect_url=custom_acl_redirect_url - ) - - # ===== DETERMINE MESSAGE TYPE ===== - message_type = "success" # Default - - # Check for ERROR conditions - if "error" in message.lower(): - message_type = "danger" - elif "failed" in message.lower(): - message_type = "danger" - elif "already exists" in message.lower(): - message_type = "danger" - elif "cannot add" in message.lower(): - message_type = "danger" - # SUCCESS conditions - elif "configuration updated successfully" in message.lower(): - message_type = "success" - elif "backend added to existing" in message.lower(): - message_type = "success" - - # ===== RELOAD HAPROXY (JEŚLI SUCCESS) ===== - if message_type == "success": - reload_ok, reload_msg = reload_haproxy() - if reload_ok: - message = message + " ✓ " + reload_msg - message_type = "success" - else: - message = message + " ⚠ " + reload_msg - message_type = "warning" - - return render_template('index.html', - message=message, - message_type=message_type) + """Dashboard - list vhosts""" + if 'user_id' not in session: + return redirect(url_for('auth.login')) - # GET request - display stats - frontend_count, backend_count, acl_count, layer7_count, layer4_count = count_frontends_and_backends() - - return render_template('index.html', - frontend_count=frontend_count, - backend_count=backend_count, - acl_count=acl_count, - layer7_count=layer7_count, - layer4_count=layer4_count) + return render_template('dashboard.html') + + +@main_bp.route('/home') +@login_required +def home(): + """Home - alias for dashboard""" + return redirect(url_for('main.index')) + + +@main_bp.route('/display_logs') +@login_required +def display_logs(): + """Display HAProxy logs""" + return render_template('logs.html') + + +@main_bp.route('/display_haproxy_stats') +@login_required +def display_haproxy_stats(): + """Display HAProxy statistics""" + return render_template('statistics.html')