HEX

File: //proc/676643/root/usr/local/CyberCP/api/__pycache__/views.cpython-310.pyc
o

��h	��@s6ddlZddlmZddlmZddlmZddlmZddl	m
Z
ddlmZddl
mZdd	lmZdd
lmZddlZddlmZddlmZdd
lmZddlmZddlmZddlmZ ddl!m"Z"ddl#m$Z$ddl%m&Z'ddl%m(Z)dLdd�Z*e$dd��Z+e$dd��Z,e$dd��Z-e$dd��Z.e$d d!��Z/e$d"d#��Z(e$d$d%��Z0e$d&d'��Z1e$d(d)��Z2e$d*d+��Z3e$d,d-��Z4e$d.d/��Z5e$d0d1��Z6e$d2d3��Z7e$d4d5��Z8e$d6d7��Z9e$d8d9��Z:e$d:d;��Z&e$d<d=��Z;e$d>d?��Z<e$d@dA��Z=e$dBdC��Z>e$dDdE��Z?e$dFdG��Z@e$dHdI��ZAdJdK�ZBdS)M�N)�redirect)�HttpResponse)�
Administrator)�virtualHostUtilities)�hashPassword)�Package)�
renderBase)�randint)�Websites)�version)�
mailUtilities)�WebsiteManager)�PackagesManager)�	S3Backups)�CyberCPLogFileWriter)�ProcessUtilities)�csrf_exempt)�submitUserCreation)�submitUserDeletion�fieldcCs>t|t�sdSgd�}|D]}||vrd|�d�fSq
dS)z}
    Validate API input for security threats while allowing legitimate data
    Returns tuple: (is_valid, error_message)
    )TN)�;z&&z||�|�`�$z../z../../�
�
z<scriptz	</script>zjavascript:zeval(zexec(zsystem(zshell_exec(Fz) contains invalid characters or patterns.)�
isinstance�str)�input_value�
field_name�dangerous_patterns�pattern�r"�/usr/local/CyberCP/api/views.py�validate_api_inputs
�r$c
Cs�z�|jdkr�z+t�|j�}|d}|d}t|d�\}}|s0d|d�}t�|�}t|dd�WWSWn&tjtfyW}zddd�}t�|�}t|dd�WYd}~WSd}~wwz	t	j
j|d	�}	Wnt	jy|dd
d�}t�|�}t|dd�YWSw|	j
dkr�ddd�}t�|�}t|d
d�WSt�|	j|�r�ddi}t�|�}t|�WSddd�}t�|�}t|dd�WSddd�}t�|�}t|dd�WSty�}
zddt|
���d�}t�|�}t|dd�WYd}
~
Sd}
~
ww)N�POST�	adminUser�	adminPassr)�
verifyConn�
error_message���statusz3Invalid JSON or missing adminUser/adminPass fields.��userName�Administrator not found.��API Access Disabled.�r(�zInvalid password.i��Only POST method allowed.��Internal server error: ��)�method�json�loads�bodyr$�dumpsr�JSONDecodeError�KeyErrorr�objects�get�DoesNotExist�apir�check_password�password�	Exceptionr)�request�datar&r'�is_valid�	error_msg�data_ret�	json_data�e�admin�msgr"r"r#r(1sZ


�

��

�









��r(c

Csz�|jdkrdddd�}t�|�}t|dd�WSzJt�|j�}|d}t|d�\}}|s?dd|d�}t�|�}t|dd�WWSd	|vrat|d	d	�\}}|sadd|d�}t�|�}t|dd�WWSWntjtfy�ddd
d�}t�|�}t|dd�YWSwz	t	j
j|d�}Wnt	jy�dddd�}t�|�}t|d
d�YWSwt
j�tj�r�t�dt|����|jdkr�dddd�}t�|�}t|dd�WSt�}|�|�WSty�}	zdddt|	���d�}t�|�}t|dd�WYd}	~	Sd}	~	ww)Nr%rr4)�existsStatus�createWebSiteStatusr)r5r+r&r*�
domainNamez(Invalid JSON or missing adminUser field.r-r/r0zCreate website payload in API r1r2r6r7)r8r9r<rr:r;r$r=r>rr?r@rA�os�path�existsr�	debugPath�logging�writeToFilerrBr
�createWebsiteAPIrE)
rFrJrKrGr&rHrIrM�wmrNr"r"r#�
createWebsitedsp
�


��
��
�
�
�
��rZcCs�t�|j�}|d}|d}tjj|d�}|jdkr'dgdd�}tt�|��St	�
|j|�r6t�}|�
|�Sddd�}t�|�}t|�S)	Nr&r'r-rr1)rO�listPackagesr)�!Could not authorize access to API�r,r))r9r:r;rr?r@rBrr<rrCrDr�listPackagesAPI)rFrGr&r'rMrJ�pmrKr"r"r#�getPackagesListAPI�s
�


r`c

CsHz�|jdkrt�|j�}|d}|d}|d}tjj|d�}|jdkr3ddd�}t�|�}t	|�WSt
�|j|�r;ndd	d�}t�|�}t	|�WSz tjj|d�}d
|j
|j|j|jjdd�}t�|�}t	|�WWSdd
d�}t�|�}t	|�YWSWdSty�}	zdt|	�d�}t�|�}t	|�WYd}	~	Sd}	~	ww)Nr%r&r'�usernamer-rr1r]r\r3�None)r,�	firstName�lastName�email�adminStatusr)zUser does not exists.)r8r9r:r;rr?r@rBr<rrrCrDrcrdre�aclrf�
BaseExceptionr)
rFrGr&r'rarMrJrK�userrNr"r"r#�getUserInfo�sP




�

�


�&
��rjc
Cs&zp|jdkrnt�|j�}|d}|d}|d}|d}tjj|d�}|jdkr7ddd	�}t�|�}t	|�WSt
�|j|�r?ndd
d	�}t�|�}t	|�WStjj|d�}	t
�
|�|	_|	��ddd	�}t�|�}t	|�WSWdSty�}
zdt|
�d	�}t�|�}t	|�WYd}
~
Sd}
~
ww)
Nr%�websiteOwner�
ownerPasswordr&r'r-rr1��changeStatusr)r\r3rb)r8r9r:r;rr?r@rBr<rrrCrD�
hash_password�saverhr)rFrGrkrlr&r'rMrJrK�
websiteOwnrNr"r"r#�changeUserPassAPI�s@




�




�!
��rrc
C��zR|jdkrPt�|j�}|d}|d}tjj|d�}|jdkr/ddd�}t�|�}t	|�WSt
�|j|�rA|j
|jd<t|�WSdd	d�}t�|�}t	|�WSWdStyt}zdt|�d
�}t�|�}t	|�WYd}~Sd}~ww)Nr%r&r'r-rr1r]�userIDr\�rr))r8r9r:r;rr?r@rBr<rrrCrD�pk�session�ducrhr�rFrGr&r'rMrJrKrNr"r"r#r�2





�

�
��rc
Cs.zt|jdkrrt�|j�}|d}|d}|d}|d}tjj|d�}|jdkr7ddd	�}t�|�}t	|�WSt
�|j|�r?ndd
d	�}t�|�}t	|�WSt
jj|d�}	tjj|d�}
|
|	_|	��d
dd	�}t�|�}t	|�WSWdSty�}zdt|�d	�}t�|�}t	|�WYd}~Sd}~ww)Nr%�websiteName�packageNamer&r'r-rr1)�
changePackager)r\��domain)r|r3rb)r8r9r:r;rr?r@rBr<rrrCrDr
r�packagerprhr)rFrGr{r|r&r'rMrJrK�website�packrNr"r"r#�changePackageAPI+sB




�




�"
��r�c
Cs8zy|jdkrwt�|j�}|d}|d}tjj|d�}|jdkr/ddd�}t�|�}t	|�WS|d|d	<t
�|j|�r=ndd
d�}t�|�}t	|�WSt
jj|d	d�}|j}z|j����dkrf|��WnYt�}	|	�|j|�WSWdSty�}
zdt|
�d�}t�|�}t	|�WYd}
~
Sd}
~
ww)Nr%r&r'r-rr1)�websiteDeleteStatusr)rQr{r\r~)r8r9r:r;rr?r@rBr<rrrCrDr
rM�websites_set�all�count�deleter
�submitWebsiteDeletionrvrhr)rFrGr&r'rMrJrKr�rkrYrNr"r"r#�
deleteWebsiteVsF




�

��%
��r�c	
Cs�zW|jdkrUt�|j�}|d}|d}tjj|d�}|jdkr/ddd�}t�|�}t	|�WSt
�|j|�r7nddd�}t�|�}t	|�WSt
�}|�|jt�|j��WSWdStyy}zdt|�d�}t�|�}t	|�WYd}~Sd}~ww)	Nr%r&r'r-rr1)�
websiteStatusr)r\)r8r9r:r;rr?r@rBr<rrrCrDr
�submitWebsiteStatusrvrhr)	rFrGr&r'rMrJrKrYrNr"r"r#r��s4




�

�
��r�c
Cs�z<|jd}|jd}tjj|d�}|jdkr&ddd�}t�|�}t|�WSt�	|j
|�r8|j|jd<t
t�WStd�WSty_}zddt|�d	�}t�|�}t|�WYd}~Sd}~ww)
NrarDr-rr1)rtr)rtzInvalid Credentials.)rt�loginStatusr))r%rr?r@rBr9r<rrrCrDrvrwrrrhr)rFrarDrMrJrKrNrGr"r"r#�loginAPI�s$








��r�c

Cszj|jdkrht�|j�}|d}|d}tjj|d�}|jdkr/ddd�}t�|�}t	|�WSt
�|j|�rXt
j�dd	d
�}d|}t�|�}ddd
|d�}t�|�}t	|�WSdddd�}t�|�}t	|�WSWdSty�}	zddt|	�d�}t�|�}t	|�WYd}	~	Sd}	~	ww)Nr%rarDr-rr1r]z/rootz.sshzcyberpanel.pub�cat r3rb)r,�pubKeyStatusr)�pubKey�"Could not authorize access to API.)r,r�r))r8r9r:r;rr?r@rBr<rrrCrDrRrS�joinr�outputExecutionerrhr)
rFrGrarDrMrJrKr��execPathrNr"r"r#�fetchSSHkey�sD





�

�

�#
��r�c
Cs�z�|jdkr�t�|j�}|d}|d}tjj|d�}|jdkr/ddd�}t�|�}t	|�WS|d}|d	}|d
}	t
�dt|	��t
�|j|�r�ttdd
��}
d}t|d�}|�|	�|��t��dttdd
��}
t|
d�}|D]	}|�|d�qv|��dtjd}|d|�d�d|
d|
}t�|�tj�d�r�t
�dt|��t	t�d|
d���WSddd�}t�|�}t	|�WSWdSty�}zdt|�d�}t�|�}t	|�WYd}~Sd}~ww)Nr%rarDr-rr1)�transferStatusr)�	ipAddress�accountsToTransfer�portz!port on server B-------------- %si�i'z/home/cyberpanel/remote_port�wz/home/cyberpanel/accounts-rz/usr/local/CyberCP/bin/python z$/plogical/remoteTransferUtilities.pyz remoteTransfer --ipAddress z --dir z --accountsToTransfer z/usr/local/CyberCP/debugzRepor of %sr3)r��dirr�) r8r9r:r;rr?r@rBr<rrVrWrrrCrDr	�open�
writelines�closer�	checkHomer�
cyberPanel�rstripr�popenExecutionerrRrSrT�reprrh)rFrGrarDrMrJrKr�r�r�r��portpathrWrS�itemsr�rNr"r"r#�remoteTransfer�sT







"



�5
��r�c

CsZz�|jdkr�t�|j�}|d}|d}tjj|d�}|jdkr/ddd�}t�|�}t	|�WSt
�|j|�ryt
j��}d}d}|D]%}	|	j|	j|	jj|	jd	�}
|dkr]|t�|
�}d
}qA|dt�|
�}qA|d}t�d
d
|d��}t	|�WSddd�}t�|�}t	|�WSWdSty�}zdt|�d�}t�|�}t	|�WYd}~Sd}~ww)Nr%rarDr-rr1��fetchStatusr)�[)r��phpr�rer3�,�]rb)r�r)rG�Invalid Credentials)r8r9r:r;rr?r@rBr<rrrCrDr
r�r�phpSelectionr�r|�
adminEmailrhr)
rFrGrarDrMrJrK�records�checkerr��dic�
final_jsonrNr"r"r#�fetchAccountsFromRemoteServer'sJ





�



�*
��r�c
CsDz|jdkr}t�|j�}|d}|d}tjj|d�}|jdkr/ddd�}t�|�}t	|�WSdt
|d	�d
}z0t�|j
|�rZd|��}t�|�}	t�dd
|	d��}
t	|
�WWSddd�}t�|�}t	|�WWSt�dd
dd��}
t	|
�YWSWdSty�}zdt
|�d�}t�|�}t	|�WYd}~Sd}~ww)Nr%rarDr-rr1r��/home/backup/transfer-r�z/backup_logr�r3rb)r�r)r,r�zJust started..)r8r9r:r;rr?r@rBr<rrrrCrDrr�rh)rFrGrarDrMrJrKr��commandr,r�rNr"r"r#�FetchRemoteTransferStatusZs<








�
��r�c
Cs@z}|jdkr{t�|j�}|d}|d}tjj|d�}|jdkr/ddd�}t�|�}t	|�WSdt
|d	�}t�|j
|�rl|d
}d|}	t�|	�}
d|
}	t�|	�d
|}	t�|	�ddd�}t�|�}t	|�WSddd�}t�|�}t	|�WSWdSty�}zdt
|�d�}t�|�}t	|�WYd}~Sd}~ww)Nr%rarDr-rr1)�cancelStatusr)r�r�z/pidr�zkill -KILL zrm -rf r3rbr�)r8r9r:r;rr?r@rBr<rrrrCrDrr��executionerrh)rFrGrarDrMrJrKr�rSr��pidrNr"r"r#�cancelRemoteTransfer�s@













�$
��r�c	
Csza|jdkr_t�|j�}|d}|d}tjj|d�}|jdkr/ddd�}t�|�}t	|�WSt
�|j|�rPt
jjdd	�}dd
|j|jd�}t�|�}t	|�WSddd�}t�|�}t	|�WSWdSty�}zdt|�d�}t�|�}t	|�WYd}~Sd}~ww)
Nr%rarDr-rr1)�
getVersionr)r3)rv�none)r�r)�currentVersion�buildr�)r8r9r:r;rr?r@rBr<rrrCrDrr�r�rhr)	rFrGr&r'rMrJrK�VersionrNr"r"r#�cyberPanelVersion�sB




�

�

�#�
��r�c
Cszz t�|j�}|d}tj�|�rt|dd�}|��WdSWdSty<}zt	�
t|�d�WYd}~dSd}~ww)N�
randomFile�
runAWSBackupsz [API.runAWSBackups])r9r:r;rRrSrTr�startrhrVrWr)rFrGr��s3rNr"r"r#r��s� ��r�c
Crs)Nr%r&r'r-rr1r]rtr\rm)r8r9r:r;rr?r@rBr<rrrCrDrvrw�sucrhrryr"r"r#r�rzrc

C�z\|jdkrZt�|j�}|d}|d}tjj|d�}|jdkr/ddd�}t�|�}t	|�WSt
�|j|�rKddl
m}|�}|�|jt�|j��WSdd	d�}t�|�}t	|�WSWdSty~}	zdt|	�d
�}t�|�}t	|�WYd}	~	Sd}	~	ww�Nr%r&r'r-rr1r])�FirewallManagerr\ru)r8r9r:r;rr?r@rBr<rrrCrD�firewall.firewallManagerr��addRulervrhr�
rFrGr&r'rMrJrKr��fmrNr"r"r#�addFirewallRule�4




�

�
��r�c

Cr�r�)r8r9r:r;rr?r@rBr<rrrCrDr�r��
deleteRulervrhrr�r"r"r#�deleteFirewallRule-r�r�c
C�jzddlm}||�WSty4}zt�dt|����ddi}tt�|�dd�WYd}~Sd}~ww)	z)AI Scanner worker authentication endpointr)�authenticate_workerz%[API] AI Scanner authenticate error: �errorz"Authentication service unavailabler7r+N)	�
aiScanner.apir�rErVrWrrr9r<)rFr�rLrJr"r"r#�aiScannerAuthenticateP�
��r�c
Cr�)	z AI Scanner file listing endpointr)�
list_filesz#[API] AI Scanner list files error: r�z File listing service unavailabler7r+N)	r�r�rErVrWrrr9r<)rFr�rLrJr"r"r#�aiScannerListFiles\r�r�c
Cr�)	z AI Scanner file content endpointr)�get_file_contentz)[API] AI Scanner get file content error: r�z File content service unavailabler7r+N)	r�r�rErVrWrrr9r<)rFr�rLrJr"r"r#�aiScannerGetFileContenthr�r�c
Cr�)	z,AI Scanner scan completion callback endpointr)�
scan_callbackz![API] AI Scanner callback error: r�zCallback service unavailabler7r+N)	r�r�rErVrWrrr9r<)rFr�rLrJr"r"r#�aiScannerCallbacktr�r�c
Cr�)	z,AI Scanner real-time status webhook endpointr)�receive_status_updatez'[API] AI Scanner status webhook error: r�z"Status webhook service unavailabler7r+N)	�aiScanner.status_apir�rErVrWrrr9r<)rFr�rLrJr"r"r#�aiScannerStatusWebhook�r�r�c
Cslzddlm}|||�WSty5}zt�dt|����ddi}tt�|�dd�WYd}~Sd}~ww)	z!AI Scanner live progress endpointr)�get_live_scan_progressz&[API] AI Scanner live progress error: r�z!Live progress service unavailabler7r+N)	r�r�rErVrWrrr9r<)rF�scan_idr�rLrJr"r"r#�aiScannerLiveProgress�s��r�)r)Cr9�django.shortcutsr�django.httpr�loginSystem.modelsr�plogical.virtualHostUtilitiesr�plogicalr�packages.modelsr�baseTemplate.viewsr�randomr	�websiteFunctions.modelsr
rR�baseTemplate.modelsr�plogical.mailUtilitiesr�websiteFunctions.websiter
�packages.packagesManagerr�s3Backups.s3Backupsr�plogical.CyberCPLogFileWriterrrV�plogical.processUtilitiesr�django.views.decorators.csrfr�userManagment.viewsrr�rrxr$r(rZr`rjrrr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r"r"r"r#�<module>s�

2
;

.
)

*
-


+
=
2
&
,
.


!
"