selfprivacy-rest-api/main.py

522 lines
15 KiB
Python
Raw Normal View History

2021-01-01 17:28:34 +00:00
#!/usr/bin/env python3
from flask import Flask, jsonify, request, json
2020-12-28 11:55:33 +00:00
from flask_restful import Resource, Api, reqparse
2021-01-04 14:49:01 +00:00
import base64
2020-12-28 11:55:33 +00:00
import pandas as pd
import ast
import subprocess
import os
2021-05-29 19:35:40 +00:00
import fileinput
2020-12-28 11:55:33 +00:00
app = Flask(__name__)
api = Api(app)
2020-12-28 11:55:33 +00:00
@app.route("/systemVersion", methods=["GET"])
def uname():
uname = subprocess.check_output(["uname", "-arm"])
return jsonify(uname)
2020-12-28 11:55:33 +00:00
@app.route("/getDKIM", methods=["GET"])
def getDkimKey():
with open("/var/domain") as domainFile:
2021-01-01 18:38:10 +00:00
domain = domainFile.readline()
2021-01-01 18:42:03 +00:00
domain = domain.rstrip("\n")
2021-01-04 14:40:32 +00:00
catProcess = subprocess.Popen(["cat", "/var/dkim/" + domain + ".selector.txt"], stdout=subprocess.PIPE)
dkim = catProcess.communicate()[0]
2021-01-05 11:27:00 +00:00
dkim = base64.b64encode(dkim)
2021-01-05 11:35:33 +00:00
dkim = str(dkim, 'utf-8')
2021-01-05 11:31:22 +00:00
print(dkim)
response = app.response_class(
response=json.dumps(dkim),
status=200,
mimetype='application/json'
)
return response
2020-12-28 11:55:33 +00:00
@app.route("/pythonVersion", methods=["GET"])
def getPythonVersion():
pythonVersion = subprocess.check_output(["python","--version"])
return jsonify(pythonVersion)
@app.route("/system/configuration/apply", methods=["GET"])
2020-12-28 11:55:33 +00:00
def rebuildSystem():
rebuildResult = subprocess.Popen(["nixos-rebuild","switch"])
rebuildResult.communicate()[0]
return jsonify(
status=rebuildResult.returncode
)
@app.route("/system/configuration/rollback", methods=["GET"])
2020-12-28 11:55:33 +00:00
def rollbackSystem():
rollbackResult = subprocess.Popen(["nixos-rebuild","switch","--rollback"])
rollbackResult.communicate()[0]
return jsonify(rollbackResult.returncode)
@app.route("/system/upgrade", methods=["GET"])
2020-12-28 11:55:33 +00:00
def upgradeSystem():
upgradeResult = subprocess.Popen(["nixos-rebuild","switch","--upgrade"])
upgradeResult.communicate()[0]
return jsonify(
status=upgradeResult.returncode
)
@app.route("/users/create", methods=["POST"])
2020-12-28 11:55:33 +00:00
def createUser():
2021-10-07 15:53:17 +00:00
rawPassword = request.headers.get("X-Password")
passwordHashProcessDescriptor = subprocess.Popen(["mkpasswd", "-m", "sha-512", "\"", rawPassword, "\""], shell=True, stdout=subprocess.PIPE)
hashedPassword = passwordHashProcessDescriptor.communicate()[0]
print("[TRACE] {0}".format(hashedPassword))
print("[INFO] Opening /etc/nixos/users.nix...", sep="")
readOnlyFileDescriptor = open("/etc/nixos/users.nix", "r")
print("done")
2021-05-29 19:35:40 +00:00
fileContent = list()
index = int(0)
print("[INFO] Reading file content...", sep="")
2021-05-29 19:35:40 +00:00
while True:
line = readOnlyFileDescriptor.readline()
if not line:
break
else:
fileContent.append(line)
print("[DEBUG] Read line!")
2021-05-29 19:35:40 +00:00
2021-05-29 19:35:40 +00:00
userTemplate = """
#begin
2021-05-29 19:35:40 +00:00
\"{0}\" = {{
isNormalUser = true;
hashedPassword = \"{1}\";
}};
#end
""".format(request.headers.get("X-User"), request.headers.get("X-Password"))
2021-10-07 15:53:17 +00:00
mailUserTemplate = """
\"{0}@{2}\" = {
hashedPassword =
\"{1}\";
catchAll = [ \"{2}\" ];
sieveScript = ''
require [\"fileinto\", \"mailbox\"];
if header :contains \"Chat-Version\" \"1.0\"
{
fileinto :create \"DeltaChat\";
stop;
}
'';
};
"""
2021-05-29 19:35:40 +00:00
for line in fileContent:
2021-07-02 15:45:57 +00:00
index += 1
if line.startswith(" #begin"):
print("[DEBUG] Found user configuration snippet match!")
print("[INFO] Writing new user configuration snippet to memory...", sep="")
2021-07-02 15:45:57 +00:00
fileContent.insert(index-1, userTemplate)
print("done")
2021-07-02 15:55:22 +00:00
break
2021-05-29 19:35:40 +00:00
print("[INFO] Writing data from memory to file...", sep="")
readWriteFileDescriptor = open("/etc/nixos/users.nix", "w")
2021-10-07 15:53:17 +00:00
userConfigurationWriteOperationResult = readWriteFileDescriptor.writelines(fileContent)
print("done")
readOnlyFileDescriptor.close()
readWriteFileDescriptor.close()
print("[INFO] Opening /etc/nixos/mailserver/system/mailserver.nix.nix for reading...", sep="")
readOnlyFileDescriptor = open("/etc/nixos/mailserver/system/mailserver.nix")
print("done")
2021-05-29 19:35:40 +00:00
2021-10-07 15:53:17 +00:00
fileContent = list()
2021-10-07 16:17:24 +00:00
index = int(0)
2021-10-07 15:53:17 +00:00
while True:
line = readOnlyFileDescriptor.readline()
if not line:
break
else:
fileContent.append(line)
print("[DEBUG] Read line!")
for line in fileContent:
index += 1
if line.startswith(" loginAccounts = {"):
print("[DEBUG] Found mailuser configuration snippet match!")
print("[INFO] Writing new user configuration snippet to memory...", sep="")
fileContent.insert(index-1, "\n")
fileContent.insert(index, mailUserTemplate)
print("done")
break
readWriteFileDescriptor = open("/etc/nixos/mailserver/system/mailserver.nix", "w")
mailUserConfigurationWriteOperationResult = readWriteFileDescriptor.writelines(fileContent)
2021-05-29 19:35:40 +00:00
return jsonify(
result=0,
2021-10-07 15:53:17 +00:00
descriptor0 = userConfigurationWriteOperationResult,
descriptor1 = mailUserConfigurationWriteOperationResult
2021-05-29 19:35:40 +00:00
)
2020-12-28 11:55:33 +00:00
@app.route("/deleteUser", methods=["DELETE"])
def deleteUser():
user = subprocess.Popen(["userdel",request.headers.get("X-User")])
user.communicate()[0]
return jsonify(user.returncode)
@app.route("/services/status", methods=["GET"])
2020-12-28 11:55:33 +00:00
def getServiceStatus():
imapService = subprocess.Popen(["systemctl", "status", "dovecot2.service"])
imapService.communicate()[0]
smtpService = subprocess.Popen(["systemctl", "status", "postfix.service"])
smtpService.communicate()[0]
httpService = subprocess.Popen(["systemctl", "status", "nginx.service"])
httpService.communicate()[0]
bitwardenService = subprocess.Popen(["systemctl", "status", "bitwarden_rs.service"])
bitwardenService.communicate()[0]
giteaService = subprocess.Popen(["systemctl", "status", "gitea.service"])
giteaService.communicate()[0]
nextcloudService = subprocess.Popen(["systemctl", "status", "phpfpm-nextcloud.service"])
nextcloudService.communicate()[0]
ocservService = subprocess.Popen(["systemctl", "status", "ocserv.service"])
ocservService.communicate()[0]
2021-09-14 14:29:56 +00:00
pleromaService = subprocess.Popen(["systemctl", "status", "pleroma.service"])
pleromaService.communicate()[0]
2020-12-28 11:55:33 +00:00
return jsonify(
imap=imapService.returncode,
smtp=smtpService.returncode,
http=httpService.returncode,
bitwarden=bitwardenService.returncode,
gitea=giteaService.returncode,
nextcloud=nextcloudService.returncode,
ocserv=ocservService.returncode,
pleroma=pleromaService.returncode
2020-12-28 11:55:33 +00:00
)
2021-04-13 13:54:30 +00:00
@app.route("/decryptDisk", methods=["POST"])
def requestDiskDecryption():
decryptionCommand = '''
echo -n {0} | cryptsetup luksOpen /dev/sdb decryptedVar'''.format(request.headers.get("X-Decryption-Key"))
decryptionService = subprocess.Popen(decryptionCommand, shell=True, stdout=subprocess.PIPE)
decryptionService.communicate()
2021-04-13 13:54:30 +00:00
return jsonify(
status=decryptionService.returncode
)
2021-08-23 13:34:29 +00:00
@app.route("/services/ssh/enable", methods=["POST"])
def enableSSH():
readOnlyFileDescriptor = open("/etc/nixos/configuration.nix", "rt")
2021-08-26 09:11:21 +00:00
2021-08-26 09:11:21 +00:00
fileContent = readOnlyFileDescriptor.read()
2021-08-26 09:15:55 +00:00
fileContent = fileContent.replace("enable = false;", "enable = true;")
readOnlyFileDescriptor.close()
2021-08-26 09:11:21 +00:00
readWriteFileDescriptor = open("/etc/nixos/configuration.nix", "wt")
2021-08-26 09:30:22 +00:00
writeOperationDescriptor = readWriteFileDescriptor.write(fileContent)
2021-08-26 09:11:21 +00:00
readWriteFileDescriptor.close()
return jsonify(
2021-08-26 09:30:22 +00:00
status=0,
descriptor=writeOperationDescriptor
)
2021-08-25 06:38:30 +00:00
# Bitwarden
@app.route("/services/bitwarden/enable", methods=["POST"])
2021-08-20 14:59:12 +00:00
def enableBitwarden():
readOnlyFileDescriptor = open("/etc/nixos/passmgr/bitwarden.nix", "rt")
2021-08-26 09:30:22 +00:00
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = readOnlyFileDescriptor.read()
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = fileContent.replace("enable = false;", "enable = true;")
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor.close()
2021-08-26 09:30:22 +00:00
readWriteFileDescriptor = open("/etc/nixos/passmgr/bitwarden.nix", "wt")
writeOperationDescriptor = readWriteFileDescriptor.write(fileContent)
readWriteFileDescriptor.close()
2021-08-20 14:59:12 +00:00
return jsonify(
2021-08-26 09:30:22 +00:00
status=0,
descriptor=writeOperationDescriptor
2021-08-20 14:59:12 +00:00
)
@app.route("/services/bitwarden/disable", methods=["POST"])
2021-08-20 14:59:12 +00:00
def disableBitwarden():
2021-08-26 09:30:22 +00:00
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor = open("/etc/nixos/passmgr/bitwarden.nix", "rt")
2021-08-26 09:30:22 +00:00
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = readOnlyFileDescriptor.read()
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = fileContent.replace("enable = true;", "enable = false;")
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor.close()
2021-08-26 09:30:22 +00:00
readWriteFileDescriptor = open("/etc/nixos/passmgr/bitwarden.nix", "wt")
writeOperationDescriptor = readWriteFileDescriptor.write(fileContent)
readWriteFileDescriptor.close()
2021-08-20 14:59:12 +00:00
return jsonify(
2021-08-26 09:30:22 +00:00
status=0,
descriptor=writeOperationDescriptor
2021-08-20 14:59:12 +00:00
)
2021-08-26 09:30:22 +00:00
2021-08-20 14:59:12 +00:00
#Gitea
@app.route("/services/gitea/disable", methods=["POST"])
2021-08-20 14:59:12 +00:00
2021-08-23 13:34:29 +00:00
def disableGitea():
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor = open("/etc/nixos/git/gitea.nix", "rt")
2021-08-26 09:30:22 +00:00
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = readOnlyFileDescriptor.read()
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = fileContent.replace("enable = true;", "enable = false;")
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor.close()
2021-08-26 09:30:22 +00:00
readWriteFileDescriptor = open("/etc/nixos/git/gitea.nix", "wt")
writeOperationDescriptor = readWriteFileDescriptor.write(fileContent)
readWriteFileDescriptor.close()
2021-08-20 14:59:12 +00:00
return jsonify(
2021-08-26 09:30:22 +00:00
status=0,
descriptor=writeOperationDescriptor
2021-08-20 14:59:12 +00:00
)
@app.route("/services/gitea/enable", methods=["POST"])
2021-08-20 14:59:12 +00:00
2021-08-23 13:34:29 +00:00
def enableGitea():
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor = open("/etc/nixos/git/gitea.nix", "rt")
2021-08-26 09:30:22 +00:00
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = readOnlyFileDescriptor.read()
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = fileContent.replace("enable = false;", "enable = true;")
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor.close()
2021-08-26 09:30:22 +00:00
readWriteFileDescriptor = open("/etc/nixos/git/gitea.nix", "wt")
writeOperationDescriptor = readWriteFileDescriptor.write(fileContent)
readWriteFileDescriptor.close()
2021-08-20 14:59:12 +00:00
return jsonify(
2021-08-26 09:30:22 +00:00
status=0,
descriptor=writeOperationDescriptor
2021-08-20 14:59:12 +00:00
)
#Nextcloud
@app.route("/services/nextcloud/disable", methods=["POST"])
2021-08-20 14:59:12 +00:00
2021-08-23 13:34:29 +00:00
def disableNextcloud():
2021-08-26 09:34:50 +00:00
readOnlyFileDescriptor = open("/etc/nixos/nextcloud/nextcloud.nix", "rt")
2021-08-26 09:30:22 +00:00
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = readOnlyFileDescriptor.read()
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = fileContent.replace("enable = true;", "enable = false;")
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor.close()
2021-08-26 09:34:50 +00:00
readWriteFileDescriptor = open("/etc/nixos/nextcloud/nextcloud.nix", "wt")
2021-08-26 09:30:22 +00:00
writeOperationDescriptor = readWriteFileDescriptor.write(fileContent)
readWriteFileDescriptor.close()
2021-08-20 14:59:12 +00:00
return jsonify(
2021-08-26 09:30:22 +00:00
status=0,
descriptor=writeOperationDescriptor
2021-08-20 14:59:12 +00:00
)
@app.route("/services/nextcloud/enable", methods=["POST"])
2021-08-20 14:59:12 +00:00
2021-08-23 13:34:29 +00:00
def enableNextcloud():
2021-08-26 09:34:50 +00:00
readOnlyFileDescriptor = open("/etc/nixos/nextcloud/nextcloud.nix", "rt")
2021-08-26 09:30:22 +00:00
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = readOnlyFileDescriptor.read()
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = fileContent.replace("enable = false;", "enable = true;")
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor.close()
2021-08-26 09:34:50 +00:00
readWriteFileDescriptor = open("/etc/nixos/nextcloud/nextcloud.nix", "wt")
2021-08-26 09:30:22 +00:00
writeOperationDescriptor = readWriteFileDescriptor.write(fileContent)
readWriteFileDescriptor.close()
2021-08-20 14:59:12 +00:00
return jsonify(
2021-08-26 09:30:22 +00:00
status=0,
descriptor=writeOperationDescriptor
2021-08-20 14:59:12 +00:00
)
#Pleroma
@app.route("/services/pleroma/disable", methods=["POST"])
2021-08-20 14:59:12 +00:00
2021-08-23 13:34:29 +00:00
def disablePleroma():
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor = open("/etc/nixos/social/pleroma.nix", "rt")
2021-08-26 09:30:22 +00:00
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = readOnlyFileDescriptor.read()
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = fileContent.replace("enable = true;", "enable = false;")
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor.close()
2021-08-26 09:30:22 +00:00
readWriteFileDescriptor = open("/etc/nixos/social/pleroma.nix", "wt")
writeOperationDescriptor = readWriteFileDescriptor.write(fileContent)
readWriteFileDescriptor.close()
2021-08-20 14:59:12 +00:00
return jsonify(
2021-08-26 09:30:22 +00:00
status=0,
descriptor=writeOperationDescriptor
2021-08-20 14:59:12 +00:00
)
@app.route("/services/pleroma/enable", methods=["POST"])
2021-08-20 14:59:12 +00:00
2021-08-23 13:34:29 +00:00
def enablePleroma():
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor = open("/etc/nixos/social/pleroma.nix", "rt")
2021-08-26 09:30:22 +00:00
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = readOnlyFileDescriptor.read()
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = fileContent.replace("enable = false;", "enable = true;")
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor.close()
2021-08-26 09:30:22 +00:00
readWriteFileDescriptor = open("/etc/nixos/social/pleroma.nix", "wt")
writeOperationDescriptor = readWriteFileDescriptor.write(fileContent)
readWriteFileDescriptor.close()
2021-08-20 14:59:12 +00:00
return jsonify(
2021-08-26 09:30:22 +00:00
status=0,
descriptor=writeOperationDescriptor
2021-08-20 14:59:12 +00:00
)
#Ocserv
@app.route("/services/ocserv/disable", methods=["POST"])
2021-08-20 14:59:12 +00:00
2021-08-23 13:34:29 +00:00
def disableOcserv():
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor = open("/etc/nixos/vpn/ocserv.nix", "rt")
2021-08-26 09:30:22 +00:00
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = readOnlyFileDescriptor.read()
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = fileContent.replace("enable = true;", "enable = false;")
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor.close()
2021-08-26 09:30:22 +00:00
readWriteFileDescriptor = open("/etc/nixos/vpn/ocserv.nix", "wt")
writeOperationDescriptor = readWriteFileDescriptor.write(fileContent)
readWriteFileDescriptor.close()
2021-08-20 14:59:12 +00:00
return jsonify(
2021-08-26 09:30:22 +00:00
status=0,
descriptor=writeOperationDescriptor
2021-08-20 14:59:12 +00:00
)
@app.route("/services/ocserv/enable", methods=["POST"])
2021-08-20 14:59:12 +00:00
2021-08-23 13:34:29 +00:00
def enableOcserv():
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor = open("/etc/nixos/vpn/ocserv.nix", "rt")
2021-08-26 09:30:22 +00:00
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = readOnlyFileDescriptor.read()
2021-08-20 14:59:12 +00:00
2021-08-26 09:30:22 +00:00
fileContent = fileContent.replace("enable = true;", "enable = false;")
2021-08-20 14:59:12 +00:00
readOnlyFileDescriptor.close()
2021-08-26 09:30:22 +00:00
readWriteFileDescriptor = open("/etc/nixos/vpn/ocserv.nix", "wt")
writeOperationDescriptor = readWriteFileDescriptor.write(fileContent)
readWriteFileDescriptor.close()
2021-08-20 14:59:12 +00:00
return jsonify(
2021-08-26 09:30:22 +00:00
status=0,
descriptor=writeOperationDescriptor
2021-08-20 14:59:12 +00:00
)
@app.route("/services/ssh/key/send", methods=["PUT"])
2021-08-23 13:34:29 +00:00
def readKey():
requestBody = request.get_json()
publicKey = requestBody.data(["public_key"])
print("[INFO] Opening /etc/nixos/configuration.nix...", sep="")
2021-08-25 04:51:24 +00:00
readOnlyFileDescriptor = open("/etc/nixos/configuration.nix", "r")
2021-08-23 13:34:29 +00:00
print("done")
fileContent = list()
index = int(0)
print("[INFO] Reading file content...", sep="")
while True:
line = readOnlyFileDescriptor.readline()
if not line:
break
else:
fileContent.append(line)
print("[DEBUG] Read line!")
for line in fileContent:
index += 1
if "openssh.authorizedKeys.keys = [" in line:
print("[DEBUG] Found SSH key configuration snippet match!")
print("[INFO] Writing new SSH key", sep="")
fileContent.append(index, "\n \"" + publicKey + "\"")
2021-08-23 13:34:29 +00:00
print("done")
break
print("[INFO] Writing data from memory to file...", sep="")
readWriteFileDescriptor = open("/etc/nixos/configuration.nix", "w")
print("done")
operationResult = readWriteFileDescriptor.writelines(fileContent)
return jsonify(
result=0,
descriptor = operationResult
)
if __name__ == '__main__':
app.run(port=5050, debug=False)