selfprivacy-rest-api/selfprivacy_api/resources/services/ssh.py

#!/usr/bin/env python3
"""SSH management module"""
import json
import portalocker
from flask_restful import Resource, reqparse

from selfprivacy_api.resources.services import api


class EnableSSH(Resource):
    """Enable SSH"""

    def post(self):
        """
        Enable SSH
        ---
        tags:
            - SSH
        security:
            - bearerAuth: []
        responses:
            200:
                description: SSH enabled
            401:
                description: Unauthorized
        """
        with open(
            "/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
        ) as userdata_file:
            portalocker.lock(userdata_file, portalocker.LOCK_EX)
            try:
                data = json.load(userdata_file)
                if "ssh" not in data:
                    data["ssh"] = {}
                data["ssh"]["enable"] = True
                userdata_file.seek(0)
                json.dump(data, userdata_file, indent=4)
                userdata_file.truncate()
            finally:
                portalocker.unlock(userdata_file)

        return {
            "status": 0,
            "message": "SSH enabled",
        }


class WriteSSHKey(Resource):
    """Write new SSH key"""

    def put(self):
        """
        Add a SSH root key
        ---
        consumes:
            - application/json
        tags:
            - SSH
        security:
            - bearerAuth: []
        parameters:
            - in: body
              name: body
              required: true
              description: Public key to add
              schema:
                type: object
                required:
                    - public_key
                properties:
                    public_key:
                        type: string
                        description: ssh-ed25519 public key.
        responses:
            201:
                description: Key added
            400:
                description: Bad request
            401:
                description: Unauthorized
            409:
                description: Key already exists
        """
        parser = reqparse.RequestParser()
        parser.add_argument(
            "public_key", type=str, required=True, help="Key cannot be blank!"
        )
        args = parser.parse_args()

        public_key = args["public_key"]

        with open(
            "/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
        ) as userdata_file:
            portalocker.lock(userdata_file, portalocker.LOCK_EX)
            try:
                data = json.load(userdata_file)
                if "ssh" not in data:
                    data["ssh"] = {}
                # Return 409 if key already in array
                for key in data["ssh"]["rootSshKeys"]:
                    if key == public_key:
                        return {
                            "error": "Key already exists",
                        }, 409
                data["ssh"]["rootSshKeys"].append(public_key)
                userdata_file.seek(0)
                json.dump(data, userdata_file, indent=4)
                userdata_file.truncate()
            finally:
                portalocker.unlock(userdata_file)

        return {
            "status": 0,
            "message": "New SSH key successfully written",
        }, 201


api.add_resource(EnableSSH, "/ssh/enable")
api.add_resource(WriteSSHKey, "/ssh/key/send")
Decomposition 2021-11-11 18:31:28 +00:00			`#!/usr/bin/env python3`
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`"""SSH management module"""`
Move to JSON controlled server settings 2021-11-15 13:49:06 +00:00			`import json`
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`import portalocker`
			`from flask_restful import Resource, reqparse`
Decomposition 2021-11-11 18:31:28 +00:00
			`from selfprivacy_api.resources.services import api`

Input sanitization, added swagger 2021-11-16 16:14:01 +00:00
Decomposition 2021-11-11 18:31:28 +00:00			`class EnableSSH(Resource):`
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`"""Enable SSH"""`

Decomposition 2021-11-11 18:31:28 +00:00			`def post(self):`
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`"""`
			`Enable SSH`
			`---`
			`tags:`
			`- SSH`
			`security:`
			`- bearerAuth: []`
			`responses:`
			`200:`
			`description: SSH enabled`
			`401:`
			`description: Unauthorized`
			`"""`
			`with open(`
			`"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"`
			`) as userdata_file:`
			`portalocker.lock(userdata_file, portalocker.LOCK_EX)`
Move to JSON controlled server settings 2021-11-15 13:49:06 +00:00			`try:`
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`data = json.load(userdata_file)`
Move to JSON controlled server settings 2021-11-15 13:49:06 +00:00			`if "ssh" not in data:`
			`data["ssh"] = {}`
			`data["ssh"]["enable"] = True`
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`userdata_file.seek(0)`
			`json.dump(data, userdata_file, indent=4)`
			`userdata_file.truncate()`
Move to JSON controlled server settings 2021-11-15 13:49:06 +00:00			`finally:`
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`portalocker.unlock(userdata_file)`
Decomposition 2021-11-11 18:31:28 +00:00
			`return {`
			`"status": 0,`
			`"message": "SSH enabled",`
			`}`


			`class WriteSSHKey(Resource):`
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`"""Write new SSH key"""`

Decomposition 2021-11-11 18:31:28 +00:00			`def put(self):`
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`"""`
			`Add a SSH root key`
			`---`
			`consumes:`
			`- application/json`
			`tags:`
			`- SSH`
			`security:`
			`- bearerAuth: []`
			`parameters:`
			`- in: body`
			`name: body`
			`required: true`
			`description: Public key to add`
			`schema:`
			`type: object`
			`required:`
			`- public_key`
			`properties:`
			`public_key:`
			`type: string`
			`description: ssh-ed25519 public key.`
			`responses:`
			`201:`
			`description: Key added`
			`400:`
			`description: Bad request`
			`401:`
			`description: Unauthorized`
			`409:`
			`description: Key already exists`
			`"""`
Fix ssh key add 2021-11-11 18:45:57 +00:00			`parser = reqparse.RequestParser()`
			`parser.add_argument(`
			`"public_key", type=str, required=True, help="Key cannot be blank!"`
			`)`
			`args = parser.parse_args()`
Decomposition 2021-11-11 18:31:28 +00:00
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`public_key = args["public_key"]`
Decomposition 2021-11-11 18:31:28 +00:00
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`with open(`
			`"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"`
			`) as userdata_file:`
			`portalocker.lock(userdata_file, portalocker.LOCK_EX)`
Move to JSON controlled server settings 2021-11-15 13:49:06 +00:00			`try:`
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`data = json.load(userdata_file)`
Move to JSON controlled server settings 2021-11-15 13:49:06 +00:00			`if "ssh" not in data:`
			`data["ssh"] = {}`
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`# Return 409 if key already in array`
Move to JSON controlled server settings 2021-11-15 13:49:06 +00:00			`for key in data["ssh"]["rootSshKeys"]:`
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`if key == public_key:`
Move to JSON controlled server settings 2021-11-15 13:49:06 +00:00			`return {`
			`"error": "Key already exists",`
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`}, 409`
			`data["ssh"]["rootSshKeys"].append(public_key)`
			`userdata_file.seek(0)`
			`json.dump(data, userdata_file, indent=4)`
			`userdata_file.truncate()`
Move to JSON controlled server settings 2021-11-15 13:49:06 +00:00			`finally:`
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`portalocker.unlock(userdata_file)`
Decomposition 2021-11-11 18:31:28 +00:00
			`return {`
			`"status": 0,`
Move to JSON controlled server settings 2021-11-15 13:49:06 +00:00			`"message": "New SSH key successfully written",`
Input sanitization, added swagger 2021-11-16 16:14:01 +00:00			`}, 201`
Decomposition 2021-11-11 18:31:28 +00:00

			`api.add_resource(EnableSSH, "/ssh/enable")`
			`api.add_resource(WriteSSHKey, "/ssh/key/send")`