From 4ac60ee54192d0058bdd0edf241ed78057a85516 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?=
 <mateusz.gruszczynski@firma.interia.pl>
Date: Sat, 8 Mar 2025 15:23:56 +0100
Subject: [PATCH] fixy/nowe funkcje

---
 alters.txt              |   5 +-
 app.py                  | 113 ++++++++++++++++++++++++----------------
 templates/404.html      |   8 +++
 templates/settings.html |  12 ++++-
 4 files changed, 92 insertions(+), 46 deletions(-)
 create mode 100644 templates/404.html

diff --git a/alters.txt b/alters.txt
index e3a5a5e..8d511d5 100644
--- a/alters.txt
+++ b/alters.txt
@@ -23,4 +23,7 @@ ALTER TABLE host
 ALTER TABLE Host ADD COLUMN preferred_hostfile_id INTEGER;
 ALTER TABLE Host 
 ADD COLUMN preferred_hostfile_id INTEGER 
-  REFERENCES host_file(id);
\ No newline at end of file
+  REFERENCES host_file(id);
+
+ALTER TABLE user_settings ADD COLUMN global_ssh_key TEXT;
+ALTER TABLE user_settings ADD COLUMN global_key_passphrase VARCHAR(200);
\ No newline at end of file
diff --git a/app.py b/app.py
index e3fd7a2..3444790 100644
--- a/app.py
+++ b/app.py
@@ -28,7 +28,6 @@ class User(db.Model):
     hosts = db.relationship('Host', backref='user', lazy=True)
     hostfiles = db.relationship('HostFile', backref='user', lazy=True)
     settings = db.relationship('UserSettings', backref='user', uselist=False)
-
 class Host(db.Model):
     id = db.Column(db.Integer, primary_key=True)
     hostname = db.Column(db.String(255), nullable=False)
@@ -47,7 +46,6 @@ class Host(db.Model):
     use_daemon = db.Column(db.Boolean, default=False)
     daemon_url = db.Column(db.String(255), nullable=True)
     daemon_token = db.Column(db.String(255), nullable=True)
-
     @property
     def resolved_hostname(self):
         try:
@@ -78,6 +76,8 @@ class UserSettings(db.Model):
     last_deploy_time = db.Column(db.DateTime, nullable=True)
     regex_deploy_enabled = db.Column(db.Boolean, default=True)
     backup_retention_days = db.Column(db.Integer, default=0)
+    global_ssh_key = db.Column(db.Text, nullable=True)
+    global_key_passphrase = db.Column(db.String(200), nullable=True)
 class Backup(db.Model):
     id = db.Column(db.Integer, primary_key=True)
     user_id = db.Column(db.Integer, db.ForeignKey('user.id'), nullable=False)
@@ -126,11 +126,21 @@ def wrap_content_with_comments(content):
 def open_ssh_connection(host_obj):
     ssh = paramiko.SSHClient()
     ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
-    if host_obj.auth_method == 'ssh_key' and host_obj.private_key:
-        key_file_obj = io.StringIO(host_obj.private_key)
-        passphrase = host_obj.key_passphrase if host_obj.key_passphrase else None
+    if host_obj.auth_method in ['ssh_key', 'global_key']:
+        if host_obj.auth_method == 'ssh_key':
+            key_str = host_obj.private_key
+            key_passphrase = host_obj.key_passphrase if host_obj.key_passphrase else None
+        else:  # global_key
+            # Pobieramy globalny klucz z ustawień użytkownika
+            user_settings = UserSettings.query.filter_by(user_id=host_obj.user_id).first()
+            if not user_settings or not user_settings.global_ssh_key:
+                raise Exception("Globalny klucz SSH nie został ustawiony w ustawieniach.")
+            key_str = user_settings.global_ssh_key
+            key_passphrase = user_settings.global_key_passphrase if user_settings.global_key_passphrase else None
+
+        key_file_obj = io.StringIO(key_str)
         try:
-            pkey = paramiko.RSAKey.from_private_key(key_file_obj, password=passphrase)
+            pkey = paramiko.RSAKey.from_private_key(key_file_obj, password=key_passphrase)
         except paramiko.SSHException as e:
             raise Exception(f"Error reading private key: {str(e)}")
         ssh.connect(
@@ -138,8 +148,8 @@ def open_ssh_connection(host_obj):
             port=host_obj.port,
             username=host_obj.username,
             pkey=pkey,
-            timeout=10,               # TCP connection timeout
-            banner_timeout=30         # Wait longer for SSH banner
+            timeout=10,
+            banner_timeout=30
         )
     else:
         ssh.connect(
@@ -171,23 +181,24 @@ def automated_backup_for_host(host):
     try:
         if host.use_daemon and host.type == 'linux':
             import requests
-            # pobieramy /etc/hosts z demona:
             url = host.daemon_url.rstrip('/') + '/hosts'
-            # Zmiana: jeśli demon wymaga nagłówka Bearer:
             headers = {"Authorization": host.daemon_token}
-
             resp = requests.get(url, headers=headers, timeout=10, verify=False)
             if resp.status_code != 200:
                 raise Exception(f"Daemon GET error: {resp.status_code} - {resp.text}")
             data = resp.json()
             content = data.get("hosts", "")
+            # Wyodrębnienie adresu IP z daemon_url (bez portu)
+            daemon_str = host.daemon_url.split("://")[-1]
+            daemon_ip = daemon_str.split(":")[0]
+            backup_info = f"[BACKUP] Automatic backup created for server {host.hostname} (Daemon IP: {daemon_ip})"
         else:
-            # standard:
             if host.type == 'mikrotik':
                 ssh = open_ssh_connection(host)
                 stdin, stdout, stderr = ssh.exec_command("/ip dns static export")
                 content = stdout.read().decode('utf-8')
                 ssh.close()
+                backup_info = f"[BACKUP] Automatic backup created for server {host.hostname}"
             else:
                 ssh = open_ssh_connection(host)
                 sftp = ssh.open_sftp()
@@ -195,27 +206,25 @@ def automated_backup_for_host(host):
                     content = remote_file.read().decode('utf-8')
                 sftp.close()
                 ssh.close()
-
+                backup_info = f"[BACKUP] Automatic backup created for server {host.hostname}"
+        
         backup = Backup(
             user_id=host.user_id,
             host_id=host.id,
             content=content,
-            description=f'Automated backup from {host.hostname} at {datetime.now(timezone.utc).isoformat()}'
+            description=f'Backup from server {host.hostname} at {datetime.now(timezone.utc).isoformat()}'
         )
         db.session.add(backup)
         db.session.commit()
 
-        log_entry = DeployLog(details=f'[BACKUP] Automatic backup created for server {host.hostname}',
-                              user_id=host.user_id)
+        log_entry = DeployLog(details=backup_info, user_id=host.user_id)
         db.session.add(log_entry)
         db.session.commit()
 
-        print(f'Automated backup for host {host.hostname} created successfully.')
-
+        print(f'Automated backup for server {host.hostname} created successfully.')
     except Exception as e:
         print(f'Error creating automated backup for server {host.hostname}: {str(e)}')
 
-
 def automated_backups():
     with app.app_context():
         now = datetime.now(timezone.utc)
@@ -243,7 +252,6 @@ def automated_backups():
                 automated_backup_for_host(host)
                 db.session.commit()
 
-
 def wrap_content_with_comments(content):
     now_str = datetime.now(timezone.utc).strftime("%Y-%m-%d %H:%M:%S UTC")
     header_comment = f"# Auto-hosts upload: {now_str}\n"
@@ -380,7 +388,7 @@ def add_server():
     if 'user_id' not in session:
         return redirect(url_for('login'))
     
-    # Pobieramy wszystkie HostFile tego użytkownika, np. do wyświetlenia w <select>
+    # Pobieramy wszystkie pliki hosts dla użytkownika (do wyboru preferowanego)
     user_hostfiles = HostFile.query.filter_by(user_id=session['user_id']).all()
 
     if request.method == 'POST':
@@ -397,14 +405,22 @@ def add_server():
         except ValueError:
             port = 22
 
-        # Czy ma używać demona?
+        # Używamy danych dla demona, jeśli checkbox zaznaczony
         use_daemon = bool(request.form.get('use_daemon'))
         daemon_url = request.form.get('daemon_url', '').strip()
         daemon_token = request.form.get('daemon_token', '').strip()
 
-        # Jeśli auth_method == 'ssh_key'
-        stored_key = private_key if (auth_method == 'ssh_key' and private_key) else None
-        stored_passphrase = key_passphrase if (auth_method == 'ssh_key' and key_passphrase) else None
+        # Dla metod 'ssh_key' i 'global_key' dane są rozróżniane:
+        if auth_method == 'ssh_key':
+            stored_key = private_key if private_key else None
+            stored_passphrase = key_passphrase if key_passphrase else None
+        elif auth_method == 'global_key':
+            # W przypadku global_key dane lokalne nie są zapisywane – będą pobierane z ustawień użytkownika
+            stored_key = None
+            stored_passphrase = None
+        else:
+            stored_key = None
+            stored_passphrase = None
 
         # Obsługa preferowanego pliku hosts
         preferred_file_id_str = request.form.get('preferred_hostfile_id', '').strip()
@@ -416,7 +432,6 @@ def add_server():
             except ValueError:
                 chosen_file_id = None
 
-        # Tworzymy nowy obiekt Host
         host = Host(
             hostname=hostname,
             username=username,
@@ -427,13 +442,9 @@ def add_server():
             key_passphrase=stored_passphrase,
             port=port,
             user_id=session['user_id'],
-
-            # Obsługa demona tylko jeśli host_type=='linux' i checkbox zaznaczony
             use_daemon=use_daemon if host_type == 'linux' else False,
             daemon_url=daemon_url if (use_daemon and host_type == 'linux') else None,
             daemon_token=daemon_token if (use_daemon and host_type == 'linux') else None,
-
-            # Nowe pole preferowanego pliku
             preferred_hostfile_id=chosen_file_id
         )
 
@@ -442,10 +453,8 @@ def add_server():
         flash('Host added successfully', 'success')
         return redirect(url_for('server_list'))
 
-    # GET -> wyświetlamy formularz add_server, przekazując listę user_hostfiles
     return render_template('add_server.html', user_hostfiles=user_hostfiles)
 
-
 @app.route('/delete-server/<int:id>')
 def delete_server(id):
     if 'user_id' not in session:
@@ -475,7 +484,7 @@ def edit_server(id):
         flash('Server not found or unauthorized', 'danger')
         return redirect(url_for('server_list'))
 
-    # Lista plików usera do <select>:
+    # Pobieramy listę plików hosts dla użytkownika (do wyboru preferowanego)
     user_hostfiles = HostFile.query.filter_by(user_id=session['user_id']).all()
 
     if request.method == 'POST':
@@ -494,14 +503,18 @@ def edit_server(id):
         host.type = request.form.get('host_type', 'linux')
         host.auth_method = request.form.get('auth_method', 'password')
 
-        new_private_key = request.form.get('private_key', '').strip()
-        new_passphrase = request.form.get('key_passphrase', '').strip()
-        if host.auth_method == 'ssh_key' and new_private_key:
-            host.private_key = new_private_key
-        if host.auth_method == 'ssh_key' and new_passphrase:
-            host.key_passphrase = new_passphrase
+        if host.auth_method == 'ssh_key':
+            new_private_key = request.form.get('private_key', '').strip()
+            new_passphrase = request.form.get('key_passphrase', '').strip()
+            if new_private_key:
+                host.private_key = new_private_key
+            if new_passphrase:
+                host.key_passphrase = new_passphrase
+        elif host.auth_method == 'global_key':
+            # Dla global_key wyczyścimy lokalne pola – dane będą pobierane z ustawień
+            host.private_key = None
+            host.key_passphrase = None
 
-        # Demon:
         use_daemon = bool(request.form.get('use_daemon'))
         daemon_url = request.form.get('daemon_url', '').strip()
         daemon_token = request.form.get('daemon_token', '').strip()
@@ -514,7 +527,6 @@ def edit_server(id):
             host.daemon_url = None
             host.daemon_token = None
 
-        # Nowe pole: preferred_hostfile_id
         preferred_file_id_str = request.form.get('preferred_hostfile_id', '').strip()
         if preferred_file_id_str == '':
             host.preferred_hostfile_id = None
@@ -528,7 +540,6 @@ def edit_server(id):
         flash('Server updated successfully', 'success')
         return redirect(url_for('server_list'))
 
-    # GET -> renderuj z user_hostfiles
     return render_template('edit_server.html', host=host, user_hostfiles=user_hostfiles)
 
 # -------------------
@@ -810,7 +821,10 @@ def server_backup(host_id):
                 raise Exception(f"Daemon GET error: {resp.status_code} - {resp.text}")
             data = resp.json()
             content = data.get("hosts", "")
-            description = f'Backup (daemon) from {host.hostname}'
+            # Wyodrębnienie adresu IP z daemon_url
+            daemon_str = host.daemon_url.split("://")[-1]
+            daemon_ip = daemon_str.split(":")[0]
+            description = f'Backup (daemon) from {host.hostname} (Daemon IP: {daemon_ip})'
         elif host.type == 'mikrotik':
             ssh = open_ssh_connection(host)
             stdin, stdout, stderr = ssh.exec_command("/ip dns static export")
@@ -1060,6 +1074,10 @@ def settings():
         backup_cron = request.form.get('backup_cron')
         enable_regex_entries = request.form.get('enable_regex_entries')
         retention_val = request.form.get('backup_retention_days', '0')
+        
+        # Pobierz wartości globalnego klucza SSH z formularza
+        global_ssh_key = request.form.get('global_ssh_key')
+        global_key_passphrase = request.form.get('global_key_passphrase')
 
         # Walidacja wyrażeń cron przy pomocy croniter
         try:
@@ -1083,13 +1101,16 @@ def settings():
         except ValueError:
             user_settings.backup_retention_days = 0
 
+        # Zapis globalnego klucza SSH i passphrase
+        user_settings.global_ssh_key = global_ssh_key
+        user_settings.global_key_passphrase = global_key_passphrase
+
         db.session.commit()
         flash('Settings updated', 'success')
         return redirect(url_for('settings'))
 
     return render_template('settings.html', settings=user_settings)
 
-
 @app.route('/delete-backup/<int:backup_id>', methods=['POST'])
 def delete_backup(backup_id):
     if 'user_id' not in session:
@@ -1575,6 +1596,10 @@ def scheduled_deployments():
                 db.session.commit()
 
 
+@app.errorhandler(404)
+def page_not_found(error):
+    return render_template("404.html", error=error), 404
+
 scheduler = BackgroundScheduler(timezone=get_localzone())
 scheduler.add_job(func=scheduled_deployments, trigger="interval", minutes=1, next_run_time=datetime.now())
 scheduler.add_job(func=automated_backups, trigger="interval", minutes=1, next_run_time=datetime.now())
diff --git a/templates/404.html b/templates/404.html
new file mode 100644
index 0000000..ac0d9fd
--- /dev/null
+++ b/templates/404.html
@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+{% block title %}404 - Strona nie znaleziona{% endblock %}
+{% block content %}
+<div class="container text-center mt-5">
+  <h1 class="display-4">404</h1>
+  <p class="lead">Przepraszamy, ale strona, której szukasz, nie została odnaleziona.</p>
+</div>
+{% endblock %}
diff --git a/templates/settings.html b/templates/settings.html
index f8d5cae..f90c9e8 100644
--- a/templates/settings.html
+++ b/templates/settings.html
@@ -48,6 +48,17 @@
         <label for="backup_retention_days" class="form-label">Ilość dni przechowywania backupów</label>
         <input type="number" class="form-control" id="backup_retention_days" name="backup_retention_days" value="{{ settings.backup_retention_days }}">
       </div>
+      <!-- Nowe pola dla globalnego klucza SSH -->
+      <div class="mb-3">
+        <label for="global_ssh_key" class="form-label">Globalny klucz SSH</label>
+        <textarea class="form-control" id="global_ssh_key" name="global_ssh_key" rows="4">{{ settings.global_ssh_key or '' }}</textarea>
+        <small class="text-muted">Wklej tutaj swój globalny klucz SSH, który będzie używany przez hosty z metodą "global_key".</small>
+      </div>
+      <div class="mb-3">
+        <label for="global_key_passphrase" class="form-label">Hasło globalnego klucza SSH</label>
+        <input type="password" class="form-control" id="global_key_passphrase" name="global_key_passphrase" value="{{ settings.global_key_passphrase or '' }}">
+        <small class="text-muted">Opcjonalnie: podaj hasło do globalnego klucza SSH, jeśli jest ustawione.</small>
+      </div>
       <button type="submit" class="btn btn-primary">Zapisz ustawienia</button>
     </form>
   </div>
@@ -129,4 +140,3 @@
     }
   </script>
 {% endblock %}
-