mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-rest-api.git
synced 2025-01-23 17:26:46 +00:00
Add SSH and system settings endpoints
This commit is contained in:
parent
eb4f25285d
commit
ec7ff62d59
|
@ -22,6 +22,8 @@ def create_app():
|
||||||
api = Api(app)
|
api = Api(app)
|
||||||
|
|
||||||
app.config["AUTH_TOKEN"] = os.environ.get("AUTH_TOKEN")
|
app.config["AUTH_TOKEN"] = os.environ.get("AUTH_TOKEN")
|
||||||
|
if app.config["AUTH_TOKEN"] is None:
|
||||||
|
raise ValueError("AUTH_TOKEN is not set")
|
||||||
app.config["ENABLE_SWAGGER"] = os.environ.get("ENABLE_SWAGGER", "0")
|
app.config["ENABLE_SWAGGER"] = os.environ.get("ENABLE_SWAGGER", "0")
|
||||||
|
|
||||||
# Check bearer token
|
# Check bearer token
|
||||||
|
@ -49,7 +51,7 @@ def create_app():
|
||||||
def spec():
|
def spec():
|
||||||
if app.config["ENABLE_SWAGGER"] == "1":
|
if app.config["ENABLE_SWAGGER"] == "1":
|
||||||
swag = swagger(app)
|
swag = swagger(app)
|
||||||
swag["info"]["version"] = "1.0.0"
|
swag["info"]["version"] = "1.1.0"
|
||||||
swag["info"]["title"] = "SelfPrivacy API"
|
swag["info"]["title"] = "SelfPrivacy API"
|
||||||
swag["info"]["description"] = "SelfPrivacy API"
|
swag["info"]["description"] = "SelfPrivacy API"
|
||||||
swag["securityDefinitions"] = {
|
swag["securityDefinitions"] = {
|
||||||
|
|
|
@ -24,7 +24,7 @@ class ApiVersion(Resource):
|
||||||
401:
|
401:
|
||||||
description: Unauthorized
|
description: Unauthorized
|
||||||
"""
|
"""
|
||||||
return {"version": "1.0.0"}
|
return {"version": "1.1.0"}
|
||||||
|
|
||||||
|
|
||||||
class DecryptDisk(Resource):
|
class DecryptDisk(Resource):
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
"""Bitwarden management module"""
|
"""Bitwarden management module"""
|
||||||
import json
|
|
||||||
import portalocker
|
|
||||||
from flask_restful import Resource
|
from flask_restful import Resource
|
||||||
|
|
||||||
from selfprivacy_api.resources.services import api
|
from selfprivacy_api.resources.services import api
|
||||||
|
from selfprivacy_api.utils import WriteUserData
|
||||||
|
|
||||||
|
|
||||||
class EnableBitwarden(Resource):
|
class EnableBitwarden(Resource):
|
||||||
|
@ -24,20 +23,10 @@ class EnableBitwarden(Resource):
|
||||||
401:
|
401:
|
||||||
description: Unauthorized
|
description: Unauthorized
|
||||||
"""
|
"""
|
||||||
with open(
|
with WriteUserData() as data:
|
||||||
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
|
if "bitwarden" not in data:
|
||||||
) as userdata_file:
|
data["bitwarden"] = {}
|
||||||
portalocker.lock(userdata_file, portalocker.LOCK_EX)
|
data["bitwarden"]["enable"] = True
|
||||||
try:
|
|
||||||
data = json.load(userdata_file)
|
|
||||||
if "bitwarden" not in data:
|
|
||||||
data["bitwarden"] = {}
|
|
||||||
data["bitwarden"]["enable"] = True
|
|
||||||
userdata_file.seek(0)
|
|
||||||
json.dump(data, userdata_file, indent=4)
|
|
||||||
userdata_file.truncate()
|
|
||||||
finally:
|
|
||||||
portalocker.unlock(userdata_file)
|
|
||||||
|
|
||||||
return {
|
return {
|
||||||
"status": 0,
|
"status": 0,
|
||||||
|
@ -62,20 +51,10 @@ class DisableBitwarden(Resource):
|
||||||
401:
|
401:
|
||||||
description: Unauthorized
|
description: Unauthorized
|
||||||
"""
|
"""
|
||||||
with open(
|
with WriteUserData() as data:
|
||||||
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
|
if "bitwarden" not in data:
|
||||||
) as userdata_file:
|
data["bitwarden"] = {}
|
||||||
portalocker.lock(userdata_file, portalocker.LOCK_EX)
|
data["bitwarden"]["enable"] = False
|
||||||
try:
|
|
||||||
data = json.load(userdata_file)
|
|
||||||
if "bitwarden" not in data:
|
|
||||||
data["bitwarden"] = {}
|
|
||||||
data["bitwarden"]["enable"] = False
|
|
||||||
userdata_file.seek(0)
|
|
||||||
json.dump(data, userdata_file, indent=4)
|
|
||||||
userdata_file.truncate()
|
|
||||||
finally:
|
|
||||||
portalocker.unlock(userdata_file)
|
|
||||||
|
|
||||||
return {
|
return {
|
||||||
"status": 0,
|
"status": 0,
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
"""Gitea management module"""
|
"""Gitea management module"""
|
||||||
import json
|
|
||||||
import portalocker
|
|
||||||
from flask_restful import Resource
|
from flask_restful import Resource
|
||||||
|
|
||||||
from selfprivacy_api.resources.services import api
|
from selfprivacy_api.resources.services import api
|
||||||
|
from selfprivacy_api.utils import WriteUserData
|
||||||
|
|
||||||
|
|
||||||
class EnableGitea(Resource):
|
class EnableGitea(Resource):
|
||||||
|
@ -24,20 +23,10 @@ class EnableGitea(Resource):
|
||||||
401:
|
401:
|
||||||
description: Unauthorized
|
description: Unauthorized
|
||||||
"""
|
"""
|
||||||
with open(
|
with WriteUserData() as data:
|
||||||
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
|
if "gitea" not in data:
|
||||||
) as userdata_file:
|
data["gitea"] = {}
|
||||||
portalocker.lock(userdata_file, portalocker.LOCK_EX)
|
data["gitea"]["enable"] = True
|
||||||
try:
|
|
||||||
data = json.load(userdata_file)
|
|
||||||
if "gitea" not in data:
|
|
||||||
data["gitea"] = {}
|
|
||||||
data["gitea"]["enable"] = True
|
|
||||||
userdata_file.seek(0)
|
|
||||||
json.dump(data, userdata_file, indent=4)
|
|
||||||
userdata_file.truncate()
|
|
||||||
finally:
|
|
||||||
portalocker.unlock(userdata_file)
|
|
||||||
|
|
||||||
return {
|
return {
|
||||||
"status": 0,
|
"status": 0,
|
||||||
|
@ -62,20 +51,10 @@ class DisableGitea(Resource):
|
||||||
401:
|
401:
|
||||||
description: Unauthorized
|
description: Unauthorized
|
||||||
"""
|
"""
|
||||||
with open(
|
with WriteUserData() as data:
|
||||||
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
|
if "gitea" not in data:
|
||||||
) as userdata_file:
|
data["gitea"] = {}
|
||||||
portalocker.lock(userdata_file, portalocker.LOCK_EX)
|
data["gitea"]["enable"] = False
|
||||||
try:
|
|
||||||
data = json.load(userdata_file)
|
|
||||||
if "gitea" not in data:
|
|
||||||
data["gitea"] = {}
|
|
||||||
data["gitea"]["enable"] = False
|
|
||||||
userdata_file.seek(0)
|
|
||||||
json.dump(data, userdata_file, indent=4)
|
|
||||||
userdata_file.truncate()
|
|
||||||
finally:
|
|
||||||
portalocker.unlock(userdata_file)
|
|
||||||
|
|
||||||
return {
|
return {
|
||||||
"status": 0,
|
"status": 0,
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
"""Nextcloud management module"""
|
"""Nextcloud management module"""
|
||||||
import json
|
|
||||||
import portalocker
|
|
||||||
from flask_restful import Resource
|
from flask_restful import Resource
|
||||||
|
|
||||||
from selfprivacy_api.resources.services import api
|
from selfprivacy_api.resources.services import api
|
||||||
|
from selfprivacy_api.utils import WriteUserData
|
||||||
|
|
||||||
|
|
||||||
class EnableNextcloud(Resource):
|
class EnableNextcloud(Resource):
|
||||||
|
@ -24,20 +23,10 @@ class EnableNextcloud(Resource):
|
||||||
401:
|
401:
|
||||||
description: Unauthorized
|
description: Unauthorized
|
||||||
"""
|
"""
|
||||||
with open(
|
with WriteUserData() as data:
|
||||||
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
|
if "nextcloud" not in data:
|
||||||
) as userdata_file:
|
data["nextcloud"] = {}
|
||||||
portalocker.lock(userdata_file, portalocker.LOCK_EX)
|
data["nextcloud"]["enable"] = True
|
||||||
try:
|
|
||||||
data = json.load(userdata_file)
|
|
||||||
if "nextcloud" not in data:
|
|
||||||
data["nextcloud"] = {}
|
|
||||||
data["nextcloud"]["enable"] = True
|
|
||||||
userdata_file.seek(0)
|
|
||||||
json.dump(data, userdata_file, indent=4)
|
|
||||||
userdata_file.truncate()
|
|
||||||
finally:
|
|
||||||
portalocker.unlock(userdata_file)
|
|
||||||
|
|
||||||
return {
|
return {
|
||||||
"status": 0,
|
"status": 0,
|
||||||
|
@ -62,20 +51,10 @@ class DisableNextcloud(Resource):
|
||||||
401:
|
401:
|
||||||
description: Unauthorized
|
description: Unauthorized
|
||||||
"""
|
"""
|
||||||
with open(
|
with WriteUserData() as data:
|
||||||
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
|
if "nextcloud" not in data:
|
||||||
) as userdata_file:
|
data["nextcloud"] = {}
|
||||||
portalocker.lock(userdata_file, portalocker.LOCK_EX)
|
data["nextcloud"]["enable"] = False
|
||||||
try:
|
|
||||||
data = json.load(userdata_file)
|
|
||||||
if "nextcloud" not in data:
|
|
||||||
data["nextcloud"] = {}
|
|
||||||
data["nextcloud"]["enable"] = False
|
|
||||||
userdata_file.seek(0)
|
|
||||||
json.dump(data, userdata_file, indent=4)
|
|
||||||
userdata_file.truncate()
|
|
||||||
finally:
|
|
||||||
portalocker.unlock(userdata_file)
|
|
||||||
|
|
||||||
return {
|
return {
|
||||||
"status": 0,
|
"status": 0,
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
"""OpenConnect VPN server management module"""
|
"""OpenConnect VPN server management module"""
|
||||||
import json
|
|
||||||
import portalocker
|
|
||||||
from flask_restful import Resource
|
from flask_restful import Resource
|
||||||
|
|
||||||
from selfprivacy_api.resources.services import api
|
from selfprivacy_api.resources.services import api
|
||||||
|
from selfprivacy_api.utils import WriteUserData
|
||||||
|
|
||||||
|
|
||||||
class EnableOcserv(Resource):
|
class EnableOcserv(Resource):
|
||||||
|
@ -24,20 +23,10 @@ class EnableOcserv(Resource):
|
||||||
401:
|
401:
|
||||||
description: Unauthorized
|
description: Unauthorized
|
||||||
"""
|
"""
|
||||||
with open(
|
with WriteUserData() as data:
|
||||||
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
|
if "ocserv" not in data:
|
||||||
) as userdata_file:
|
data["ocserv"] = {}
|
||||||
portalocker.lock(userdata_file, portalocker.LOCK_EX)
|
data["ocserv"]["enable"] = True
|
||||||
try:
|
|
||||||
data = json.load(userdata_file)
|
|
||||||
if "ocserv" not in data:
|
|
||||||
data["ocserv"] = {}
|
|
||||||
data["ocserv"]["enable"] = True
|
|
||||||
userdata_file.seek(0)
|
|
||||||
json.dump(data, userdata_file, indent=4)
|
|
||||||
userdata_file.truncate()
|
|
||||||
finally:
|
|
||||||
portalocker.unlock(userdata_file)
|
|
||||||
|
|
||||||
return {
|
return {
|
||||||
"status": 0,
|
"status": 0,
|
||||||
|
@ -62,20 +51,10 @@ class DisableOcserv(Resource):
|
||||||
401:
|
401:
|
||||||
description: Unauthorized
|
description: Unauthorized
|
||||||
"""
|
"""
|
||||||
with open(
|
with WriteUserData() as data:
|
||||||
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
|
if "ocserv" not in data:
|
||||||
) as userdata_file:
|
data["ocserv"] = {}
|
||||||
portalocker.lock(userdata_file, portalocker.LOCK_EX)
|
data["ocserv"]["enable"] = False
|
||||||
try:
|
|
||||||
data = json.load(userdata_file)
|
|
||||||
if "ocserv" not in data:
|
|
||||||
data["ocserv"] = {}
|
|
||||||
data["ocserv"]["enable"] = False
|
|
||||||
userdata_file.seek(0)
|
|
||||||
json.dump(data, userdata_file, indent=4)
|
|
||||||
userdata_file.truncate()
|
|
||||||
finally:
|
|
||||||
portalocker.unlock(userdata_file)
|
|
||||||
|
|
||||||
return {
|
return {
|
||||||
"status": 0,
|
"status": 0,
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
"""Pleroma management module"""
|
"""Pleroma management module"""
|
||||||
import json
|
|
||||||
import portalocker
|
|
||||||
from flask_restful import Resource
|
from flask_restful import Resource
|
||||||
|
|
||||||
from selfprivacy_api.resources.services import api
|
from selfprivacy_api.resources.services import api
|
||||||
|
from selfprivacy_api.utils import WriteUserData
|
||||||
|
|
||||||
|
|
||||||
class EnablePleroma(Resource):
|
class EnablePleroma(Resource):
|
||||||
|
@ -24,20 +23,10 @@ class EnablePleroma(Resource):
|
||||||
401:
|
401:
|
||||||
description: Unauthorized
|
description: Unauthorized
|
||||||
"""
|
"""
|
||||||
with open(
|
with WriteUserData() as data:
|
||||||
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
|
if "pleroma" not in data:
|
||||||
) as userdata_file:
|
data["pleroma"] = {}
|
||||||
portalocker.lock(userdata_file, portalocker.LOCK_EX)
|
data["pleroma"]["enable"] = True
|
||||||
try:
|
|
||||||
data = json.load(userdata_file)
|
|
||||||
if "pleroma" not in data:
|
|
||||||
data["pleroma"] = {}
|
|
||||||
data["pleroma"]["enable"] = True
|
|
||||||
userdata_file.seek(0)
|
|
||||||
json.dump(data, userdata_file, indent=4)
|
|
||||||
userdata_file.truncate()
|
|
||||||
finally:
|
|
||||||
portalocker.unlock(userdata_file)
|
|
||||||
|
|
||||||
return {
|
return {
|
||||||
"status": 0,
|
"status": 0,
|
||||||
|
@ -62,20 +51,10 @@ class DisablePleroma(Resource):
|
||||||
401:
|
401:
|
||||||
description: Unauthorized
|
description: Unauthorized
|
||||||
"""
|
"""
|
||||||
with open(
|
with WriteUserData() as data:
|
||||||
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
|
if "pleroma" not in data:
|
||||||
) as userdata_file:
|
data["pleroma"] = {}
|
||||||
portalocker.lock(userdata_file, portalocker.LOCK_EX)
|
data["pleroma"]["enable"] = False
|
||||||
try:
|
|
||||||
data = json.load(userdata_file)
|
|
||||||
if "pleroma" not in data:
|
|
||||||
data["pleroma"] = {}
|
|
||||||
data["pleroma"]["enable"] = False
|
|
||||||
userdata_file.seek(0)
|
|
||||||
json.dump(data, userdata_file, indent=4)
|
|
||||||
userdata_file.truncate()
|
|
||||||
finally:
|
|
||||||
portalocker.unlock(userdata_file)
|
|
||||||
|
|
||||||
return {
|
return {
|
||||||
"status": 0,
|
"status": 0,
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
"""SSH management module"""
|
"""SSH management module"""
|
||||||
import json
|
|
||||||
import portalocker
|
|
||||||
from flask_restful import Resource, reqparse
|
from flask_restful import Resource, reqparse
|
||||||
|
|
||||||
from selfprivacy_api.resources.services import api
|
from selfprivacy_api.resources.services import api
|
||||||
|
from selfprivacy_api.utils import WriteUserData, ReadUserData
|
||||||
|
|
||||||
|
|
||||||
class EnableSSH(Resource):
|
class EnableSSH(Resource):
|
||||||
|
@ -24,20 +23,10 @@ class EnableSSH(Resource):
|
||||||
401:
|
401:
|
||||||
description: Unauthorized
|
description: Unauthorized
|
||||||
"""
|
"""
|
||||||
with open(
|
with WriteUserData() as data:
|
||||||
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
|
if "ssh" not in data:
|
||||||
) as userdata_file:
|
data["ssh"] = {}
|
||||||
portalocker.lock(userdata_file, portalocker.LOCK_EX)
|
data["ssh"]["enable"] = True
|
||||||
try:
|
|
||||||
data = json.load(userdata_file)
|
|
||||||
if "ssh" not in data:
|
|
||||||
data["ssh"] = {}
|
|
||||||
data["ssh"]["enable"] = True
|
|
||||||
userdata_file.seek(0)
|
|
||||||
json.dump(data, userdata_file, indent=4)
|
|
||||||
userdata_file.truncate()
|
|
||||||
finally:
|
|
||||||
portalocker.unlock(userdata_file)
|
|
||||||
|
|
||||||
return {
|
return {
|
||||||
"status": 0,
|
"status": 0,
|
||||||
|
@ -45,6 +34,82 @@ class EnableSSH(Resource):
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
class SSHSettings(Resource):
|
||||||
|
"""Enable/disable SSH"""
|
||||||
|
|
||||||
|
def get(self):
|
||||||
|
"""
|
||||||
|
Get current SSH settings
|
||||||
|
---
|
||||||
|
tags:
|
||||||
|
- SSH
|
||||||
|
security:
|
||||||
|
- bearerAuth: []
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
description: SSH settings
|
||||||
|
400:
|
||||||
|
description: Bad request
|
||||||
|
"""
|
||||||
|
with ReadUserData() as data:
|
||||||
|
if "ssh" not in data:
|
||||||
|
return {"enable": True, "passwordAuthentication": True}
|
||||||
|
if "enable" not in data["ssh"]:
|
||||||
|
data["ssh"]["enable"] = True
|
||||||
|
if "passwordAuthentication" not in data["ssh"]:
|
||||||
|
data["ssh"]["passwordAuthentication"] = True
|
||||||
|
return {
|
||||||
|
"enable": data["ssh"]["enable"],
|
||||||
|
"passwordAuthentication": data["ssh"]["passwordAuthentication"],
|
||||||
|
}
|
||||||
|
|
||||||
|
def put(self):
|
||||||
|
"""
|
||||||
|
Change SSH settings
|
||||||
|
---
|
||||||
|
tags:
|
||||||
|
- SSH
|
||||||
|
security:
|
||||||
|
- bearerAuth: []
|
||||||
|
parameters:
|
||||||
|
- name: sshSettings
|
||||||
|
in: body
|
||||||
|
required: true
|
||||||
|
description: SSH settings
|
||||||
|
schema:
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- enable
|
||||||
|
- passwordAuthentication
|
||||||
|
properties:
|
||||||
|
enable:
|
||||||
|
type: boolean
|
||||||
|
passwordAuthentication:
|
||||||
|
type: boolean
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
description: New settings saved
|
||||||
|
400:
|
||||||
|
description: Bad request
|
||||||
|
"""
|
||||||
|
parser = reqparse.RequestParser()
|
||||||
|
parser.add_argument("enable", type=bool, required=False)
|
||||||
|
parser.add_argument("passwordAuthentication", type=bool, required=False)
|
||||||
|
args = parser.parse_args()
|
||||||
|
enable = args["enable"]
|
||||||
|
password_authentication = args["passwordAuthentication"]
|
||||||
|
|
||||||
|
with WriteUserData() as data:
|
||||||
|
if "ssh" not in data:
|
||||||
|
data["ssh"] = {}
|
||||||
|
if enable is not None:
|
||||||
|
data["ssh"]["enable"] = enable
|
||||||
|
if password_authentication is not None:
|
||||||
|
data["ssh"]["passwordAuthentication"] = password_authentication
|
||||||
|
|
||||||
|
return "SSH settings changed"
|
||||||
|
|
||||||
|
|
||||||
class WriteSSHKey(Resource):
|
class WriteSSHKey(Resource):
|
||||||
"""Write new SSH key"""
|
"""Write new SSH key"""
|
||||||
|
|
||||||
|
@ -89,28 +154,26 @@ class WriteSSHKey(Resource):
|
||||||
|
|
||||||
public_key = args["public_key"]
|
public_key = args["public_key"]
|
||||||
|
|
||||||
with open(
|
# Validate SSH public key
|
||||||
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
|
# It may be ssh-ed25519 or ssh-rsa
|
||||||
) as userdata_file:
|
if not public_key.startswith("ssh-ed25519"):
|
||||||
portalocker.lock(userdata_file, portalocker.LOCK_EX)
|
if not public_key.startswith("ssh-rsa"):
|
||||||
try:
|
return {
|
||||||
data = json.load(userdata_file)
|
"error": "Invalid key type. Only ssh-ed25519 and ssh-rsa are supported.",
|
||||||
if "ssh" not in data:
|
}, 400
|
||||||
data["ssh"] = {}
|
|
||||||
if "rootKeys" not in data["ssh"]:
|
with WriteUserData() as data:
|
||||||
data["ssh"]["rootKeys"] = []
|
if "ssh" not in data:
|
||||||
# Return 409 if key already in array
|
data["ssh"] = {}
|
||||||
for key in data["ssh"]["rootKeys"]:
|
if "rootKeys" not in data["ssh"]:
|
||||||
if key == public_key:
|
data["ssh"]["rootKeys"] = []
|
||||||
return {
|
# Return 409 if key already in array
|
||||||
"error": "Key already exists",
|
for key in data["ssh"]["rootKeys"]:
|
||||||
}, 409
|
if key == public_key:
|
||||||
data["ssh"]["rootKeys"].append(public_key)
|
return {
|
||||||
userdata_file.seek(0)
|
"error": "Key already exists",
|
||||||
json.dump(data, userdata_file, indent=4)
|
}, 409
|
||||||
userdata_file.truncate()
|
data["ssh"]["rootKeys"].append(public_key)
|
||||||
finally:
|
|
||||||
portalocker.unlock(userdata_file)
|
|
||||||
|
|
||||||
return {
|
return {
|
||||||
"status": 0,
|
"status": 0,
|
||||||
|
@ -118,5 +181,225 @@ class WriteSSHKey(Resource):
|
||||||
}, 201
|
}, 201
|
||||||
|
|
||||||
|
|
||||||
|
class SSHKeys(Resource):
|
||||||
|
"""List SSH keys"""
|
||||||
|
|
||||||
|
def get(self, username):
|
||||||
|
"""
|
||||||
|
List SSH keys
|
||||||
|
---
|
||||||
|
tags:
|
||||||
|
- SSH
|
||||||
|
security:
|
||||||
|
- bearerAuth: []
|
||||||
|
parameters:
|
||||||
|
- in: path
|
||||||
|
name: username
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
description: User to list keys for
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
description: SSH keys
|
||||||
|
401:
|
||||||
|
description: Unauthorized
|
||||||
|
"""
|
||||||
|
with ReadUserData() as data:
|
||||||
|
if username == "root":
|
||||||
|
if "ssh" not in data:
|
||||||
|
data["ssh"] = {}
|
||||||
|
if "rootKeys" not in data["ssh"]:
|
||||||
|
data["ssh"]["rootKeys"] = []
|
||||||
|
return data["ssh"]["rootKeys"]
|
||||||
|
if username == data["username"]:
|
||||||
|
if "sshKeys" not in data:
|
||||||
|
data["sshKeys"] = []
|
||||||
|
return data["sshKeys"]
|
||||||
|
else:
|
||||||
|
if "users" not in data:
|
||||||
|
data["users"] = []
|
||||||
|
for user in data["users"]:
|
||||||
|
if user["name"] == username:
|
||||||
|
if "sshKeys" not in user:
|
||||||
|
user["sshKeys"] = []
|
||||||
|
return user["ssh"]["sshKeys"]
|
||||||
|
return {
|
||||||
|
"error": "User not found",
|
||||||
|
}, 404
|
||||||
|
|
||||||
|
def post(self, username):
|
||||||
|
"""
|
||||||
|
Add SSH key to the user
|
||||||
|
---
|
||||||
|
tags:
|
||||||
|
- SSH
|
||||||
|
security:
|
||||||
|
- bearerAuth: []
|
||||||
|
parameters:
|
||||||
|
- in: body
|
||||||
|
required: true
|
||||||
|
name: public_key
|
||||||
|
schema:
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- public_key
|
||||||
|
properties:
|
||||||
|
public_key:
|
||||||
|
type: string
|
||||||
|
- in: path
|
||||||
|
name: username
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
description: User to add keys for
|
||||||
|
responses:
|
||||||
|
201:
|
||||||
|
description: SSH key added
|
||||||
|
401:
|
||||||
|
description: Unauthorized
|
||||||
|
404:
|
||||||
|
description: User not found
|
||||||
|
409:
|
||||||
|
description: Key already exists
|
||||||
|
"""
|
||||||
|
parser = reqparse.RequestParser()
|
||||||
|
parser.add_argument(
|
||||||
|
"public_key", type=str, required=True, help="Key cannot be blank!"
|
||||||
|
)
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
if username == "root":
|
||||||
|
return {
|
||||||
|
"error": "Use /ssh/key/send to add root keys",
|
||||||
|
}, 400
|
||||||
|
|
||||||
|
# Validate SSH public key
|
||||||
|
# It may be ssh-ed25519 or ssh-rsa
|
||||||
|
if not args["public_key"].startswith("ssh-ed25519"):
|
||||||
|
if not args["public_key"].startswith("ssh-rsa"):
|
||||||
|
return {
|
||||||
|
"error": "Invalid key type. Only ssh-ed25519 and ssh-rsa are supported.",
|
||||||
|
}, 400
|
||||||
|
|
||||||
|
with WriteUserData() as data:
|
||||||
|
if username == data["username"]:
|
||||||
|
if "sshKeys" not in data:
|
||||||
|
data["sshKeys"] = []
|
||||||
|
data["sshKeys"].append(args["public_key"])
|
||||||
|
return {
|
||||||
|
"message": "New SSH key successfully written",
|
||||||
|
}, 201
|
||||||
|
|
||||||
|
if "users" not in data:
|
||||||
|
data["users"] = []
|
||||||
|
for user in data["users"]:
|
||||||
|
if user["username"] == username:
|
||||||
|
if "sshKeys" not in user:
|
||||||
|
user["sshKeys"] = []
|
||||||
|
# Return 409 if key already in array
|
||||||
|
for key in user["sshKeys"]:
|
||||||
|
if key == args["public_key"]:
|
||||||
|
return {
|
||||||
|
"error": "Key already exists",
|
||||||
|
}, 409
|
||||||
|
user["sshKeys"].append(args["public_key"])
|
||||||
|
return {
|
||||||
|
"message": "New SSH key successfully written",
|
||||||
|
}, 201
|
||||||
|
return {
|
||||||
|
"error": "User not found",
|
||||||
|
}, 404
|
||||||
|
|
||||||
|
def delete(self, username):
|
||||||
|
"""
|
||||||
|
Delete SSH key
|
||||||
|
---
|
||||||
|
tags:
|
||||||
|
- SSH
|
||||||
|
security:
|
||||||
|
- bearerAuth: []
|
||||||
|
parameters:
|
||||||
|
- in: body
|
||||||
|
name: public_key
|
||||||
|
required: true
|
||||||
|
description: Key to delete
|
||||||
|
schema:
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- public_key
|
||||||
|
properties:
|
||||||
|
public_key:
|
||||||
|
type: string
|
||||||
|
- in: path
|
||||||
|
name: username
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
description: User to delete keys for
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
description: SSH key deleted
|
||||||
|
401:
|
||||||
|
description: Unauthorized
|
||||||
|
404:
|
||||||
|
description: Key not found
|
||||||
|
"""
|
||||||
|
parser = reqparse.RequestParser()
|
||||||
|
parser.add_argument(
|
||||||
|
"public_key", type=str, required=True, help="Key cannot be blank!"
|
||||||
|
)
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
with WriteUserData() as data:
|
||||||
|
if username == "root":
|
||||||
|
if "ssh" not in data:
|
||||||
|
data["ssh"] = {}
|
||||||
|
if "rootKeys" not in data["ssh"]:
|
||||||
|
data["ssh"]["rootKeys"] = []
|
||||||
|
# Return 404 if key not in array
|
||||||
|
for key in data["ssh"]["rootKeys"]:
|
||||||
|
if key == args["public_key"]:
|
||||||
|
data["ssh"]["rootKeys"].remove(key)
|
||||||
|
return {
|
||||||
|
"message": "SSH key deleted",
|
||||||
|
}, 200
|
||||||
|
return {
|
||||||
|
"error": "Key not found",
|
||||||
|
}, 404
|
||||||
|
if username == data["username"]:
|
||||||
|
if "sshKeys" not in data:
|
||||||
|
data["sshKeys"] = []
|
||||||
|
# Return 404 if key not in array
|
||||||
|
for key in data["sshKeys"]:
|
||||||
|
if key == args["public_key"]:
|
||||||
|
data["sshKeys"].remove(key)
|
||||||
|
return {
|
||||||
|
"message": "SSH key deleted",
|
||||||
|
}, 200
|
||||||
|
return {
|
||||||
|
"error": "Key not found",
|
||||||
|
}, 404
|
||||||
|
if "users" not in data:
|
||||||
|
data["users"] = []
|
||||||
|
for user in data["users"]:
|
||||||
|
if user["username"] == username:
|
||||||
|
if "sshKeys" not in user:
|
||||||
|
user["sshKeys"] = []
|
||||||
|
# Return 404 if key not in array
|
||||||
|
for key in user["sshKeys"]:
|
||||||
|
if key == args["public_key"]:
|
||||||
|
user["sshKeys"].remove(key)
|
||||||
|
return {
|
||||||
|
"message": "SSH key successfully deleted",
|
||||||
|
}, 200
|
||||||
|
return {
|
||||||
|
"error": "Key not found",
|
||||||
|
}, 404
|
||||||
|
return {
|
||||||
|
"error": "User not found",
|
||||||
|
}, 404
|
||||||
|
|
||||||
|
|
||||||
api.add_resource(EnableSSH, "/ssh/enable")
|
api.add_resource(EnableSSH, "/ssh/enable")
|
||||||
|
api.add_resource(SSHSettings, "/ssh")
|
||||||
|
|
||||||
api.add_resource(WriteSSHKey, "/ssh/key/send")
|
api.add_resource(WriteSSHKey, "/ssh/key/send")
|
||||||
|
api.add_resource(SSHKeys, "/ssh/keys/<string:username>")
|
||||||
|
|
|
@ -1,13 +1,149 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
"""System management module"""
|
"""System management module"""
|
||||||
import subprocess
|
import subprocess
|
||||||
|
import pytz
|
||||||
from flask import Blueprint
|
from flask import Blueprint
|
||||||
from flask_restful import Resource, Api
|
from flask_restful import Resource, Api, reqparse
|
||||||
|
|
||||||
|
from selfprivacy_api.utils import WriteUserData, ReadUserData
|
||||||
|
|
||||||
api_system = Blueprint("system", __name__, url_prefix="/system")
|
api_system = Blueprint("system", __name__, url_prefix="/system")
|
||||||
api = Api(api_system)
|
api = Api(api_system)
|
||||||
|
|
||||||
|
|
||||||
|
class Timezone(Resource):
|
||||||
|
"""Change timezone of NixOS"""
|
||||||
|
|
||||||
|
def get(self):
|
||||||
|
"""
|
||||||
|
Get current system timezone
|
||||||
|
---
|
||||||
|
tags:
|
||||||
|
- System
|
||||||
|
security:
|
||||||
|
- bearerAuth: []
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
description: Timezone
|
||||||
|
400:
|
||||||
|
description: Bad request
|
||||||
|
"""
|
||||||
|
with ReadUserData() as data:
|
||||||
|
if "timezone" not in data:
|
||||||
|
return "Europe/Uzhgorod"
|
||||||
|
return data["timezone"]
|
||||||
|
|
||||||
|
def put(self):
|
||||||
|
"""
|
||||||
|
Change system timezone
|
||||||
|
---
|
||||||
|
tags:
|
||||||
|
- System
|
||||||
|
security:
|
||||||
|
- bearerAuth: []
|
||||||
|
parameters:
|
||||||
|
- name: timezone
|
||||||
|
in: body
|
||||||
|
required: true
|
||||||
|
description: Timezone to set
|
||||||
|
schema:
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- timezone
|
||||||
|
properties:
|
||||||
|
timezone:
|
||||||
|
type: string
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
description: Timezone changed
|
||||||
|
400:
|
||||||
|
description: Bad request
|
||||||
|
"""
|
||||||
|
parser = reqparse.RequestParser()
|
||||||
|
parser.add_argument("timezone", type=str, required=True)
|
||||||
|
timezone = parser.parse_args()["timezone"]
|
||||||
|
|
||||||
|
# Check if timezone is a valid tzdata string
|
||||||
|
if timezone not in pytz.all_timezones:
|
||||||
|
return {"error": "Invalid timezone"}, 400
|
||||||
|
|
||||||
|
with WriteUserData() as data:
|
||||||
|
data["timezone"] = timezone
|
||||||
|
return "Timezone changed"
|
||||||
|
|
||||||
|
|
||||||
|
class AutoUpgrade(Resource):
|
||||||
|
"""Enable/disable automatic upgrades and reboots"""
|
||||||
|
|
||||||
|
def get(self):
|
||||||
|
"""
|
||||||
|
Get current system autoupgrade settings
|
||||||
|
---
|
||||||
|
tags:
|
||||||
|
- System
|
||||||
|
security:
|
||||||
|
- bearerAuth: []
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
description: Auto-upgrade settings
|
||||||
|
400:
|
||||||
|
description: Bad request
|
||||||
|
"""
|
||||||
|
with ReadUserData() as data:
|
||||||
|
if "autoUpgrade" not in data:
|
||||||
|
return {"enable": True, "allowReboot": False}
|
||||||
|
if "enable" not in data["autoUpgrade"]:
|
||||||
|
data["autoUpgrade"]["enable"] = True
|
||||||
|
if "allowReboot" not in data["autoUpgrade"]:
|
||||||
|
data["autoUpgrade"]["allowReboot"] = False
|
||||||
|
return data["autoUpgrade"]
|
||||||
|
|
||||||
|
def put(self):
|
||||||
|
"""
|
||||||
|
Change system auto upgrade settings
|
||||||
|
---
|
||||||
|
tags:
|
||||||
|
- System
|
||||||
|
security:
|
||||||
|
- bearerAuth: []
|
||||||
|
parameters:
|
||||||
|
- name: autoUpgrade
|
||||||
|
in: body
|
||||||
|
required: true
|
||||||
|
description: Auto upgrade settings
|
||||||
|
schema:
|
||||||
|
type: object
|
||||||
|
required:
|
||||||
|
- enable
|
||||||
|
- allowReboot
|
||||||
|
properties:
|
||||||
|
enable:
|
||||||
|
type: boolean
|
||||||
|
allowReboot:
|
||||||
|
type: boolean
|
||||||
|
responses:
|
||||||
|
200:
|
||||||
|
description: New settings saved
|
||||||
|
400:
|
||||||
|
description: Bad request
|
||||||
|
"""
|
||||||
|
parser = reqparse.RequestParser()
|
||||||
|
parser.add_argument("enable", type=bool, required=False)
|
||||||
|
parser.add_argument("allowReboot", type=bool, required=False)
|
||||||
|
args = parser.parse_args()
|
||||||
|
enable = args["enable"]
|
||||||
|
allow_reboot = args["allowReboot"]
|
||||||
|
|
||||||
|
with WriteUserData() as data:
|
||||||
|
if "autoUpgrade" not in data:
|
||||||
|
data["autoUpgrade"] = {}
|
||||||
|
if enable is not None:
|
||||||
|
data["autoUpgrade"]["enable"] = enable
|
||||||
|
if allow_reboot is not None:
|
||||||
|
data["autoUpgrade"]["allowReboot"] = allow_reboot
|
||||||
|
return "Auto-upgrade settings changed"
|
||||||
|
|
||||||
|
|
||||||
class RebuildSystem(Resource):
|
class RebuildSystem(Resource):
|
||||||
"""Rebuild NixOS"""
|
"""Rebuild NixOS"""
|
||||||
|
|
||||||
|
@ -145,6 +281,8 @@ class PythonVersion(Resource):
|
||||||
return subprocess.check_output(["python", "-V"]).decode("utf-8").strip()
|
return subprocess.check_output(["python", "-V"]).decode("utf-8").strip()
|
||||||
|
|
||||||
|
|
||||||
|
api.add_resource(Timezone, "/configuration/timezone")
|
||||||
|
api.add_resource(AutoUpgrade, "/configuration/autoUpgrade")
|
||||||
api.add_resource(RebuildSystem, "/configuration/apply")
|
api.add_resource(RebuildSystem, "/configuration/apply")
|
||||||
api.add_resource(RollbackSystem, "/configuration/rollback")
|
api.add_resource(RollbackSystem, "/configuration/rollback")
|
||||||
api.add_resource(UpgradeSystem, "/configuration/upgrade")
|
api.add_resource(UpgradeSystem, "/configuration/upgrade")
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
"""Users management module"""
|
"""Users management module"""
|
||||||
import subprocess
|
import subprocess
|
||||||
import json
|
|
||||||
import re
|
import re
|
||||||
import portalocker
|
|
||||||
from flask_restful import Resource, reqparse
|
from flask_restful import Resource, reqparse
|
||||||
|
|
||||||
|
from selfprivacy_api.utils import WriteUserData, ReadUserData
|
||||||
|
|
||||||
|
|
||||||
class Users(Resource):
|
class Users(Resource):
|
||||||
"""Users management"""
|
"""Users management"""
|
||||||
|
@ -24,17 +24,10 @@ class Users(Resource):
|
||||||
401:
|
401:
|
||||||
description: Unauthorized
|
description: Unauthorized
|
||||||
"""
|
"""
|
||||||
with open(
|
with ReadUserData() as data:
|
||||||
"/etc/nixos/userdata/userdata.json", "r", encoding="utf-8"
|
users = []
|
||||||
) as userdata_file:
|
for user in data["users"]:
|
||||||
portalocker.lock(userdata_file, portalocker.LOCK_SH)
|
users.append(user["username"])
|
||||||
try:
|
|
||||||
data = json.load(userdata_file)
|
|
||||||
users = []
|
|
||||||
for user in data["users"]:
|
|
||||||
users.append(user["username"])
|
|
||||||
finally:
|
|
||||||
portalocker.unlock(userdata_file)
|
|
||||||
return users
|
return users
|
||||||
|
|
||||||
def post(self):
|
def post(self):
|
||||||
|
@ -97,32 +90,21 @@ class Users(Resource):
|
||||||
if len(args["username"]) > 32:
|
if len(args["username"]) > 32:
|
||||||
return {"error": "username must be less than 32 characters"}, 400
|
return {"error": "username must be less than 32 characters"}, 400
|
||||||
|
|
||||||
with open(
|
with WriteUserData() as data:
|
||||||
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
|
if "users" not in data:
|
||||||
) as userdata_file:
|
data["users"] = []
|
||||||
portalocker.lock(userdata_file, portalocker.LOCK_EX)
|
|
||||||
try:
|
|
||||||
data = json.load(userdata_file)
|
|
||||||
|
|
||||||
if "users" not in data:
|
# Return 400 if user already exists
|
||||||
data["users"] = []
|
for user in data["users"]:
|
||||||
|
if user["username"] == args["username"]:
|
||||||
|
return {"error": "User already exists"}, 409
|
||||||
|
|
||||||
# Return 400 if user already exists
|
data["users"].append(
|
||||||
for user in data["users"]:
|
{
|
||||||
if user["username"] == args["username"]:
|
"username": args["username"],
|
||||||
return {"error": "User already exists"}, 409
|
"hashedPassword": hashed_password,
|
||||||
|
}
|
||||||
data["users"].append(
|
)
|
||||||
{
|
|
||||||
"username": args["username"],
|
|
||||||
"hashedPassword": hashed_password,
|
|
||||||
}
|
|
||||||
)
|
|
||||||
userdata_file.seek(0)
|
|
||||||
json.dump(data, userdata_file, indent=4)
|
|
||||||
userdata_file.truncate()
|
|
||||||
finally:
|
|
||||||
portalocker.unlock(userdata_file)
|
|
||||||
|
|
||||||
return {"result": 0, "username": args["username"]}, 201
|
return {"result": 0, "username": args["username"]}, 201
|
||||||
|
|
||||||
|
@ -154,29 +136,18 @@ class User(Resource):
|
||||||
404:
|
404:
|
||||||
description: User not found
|
description: User not found
|
||||||
"""
|
"""
|
||||||
with open(
|
with WriteUserData() as data:
|
||||||
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
|
# Return 400 if username is not provided
|
||||||
) as userdata_file:
|
if username is None:
|
||||||
portalocker.lock(userdata_file, portalocker.LOCK_EX)
|
return {"error": "username is required"}, 400
|
||||||
try:
|
if username == data["username"]:
|
||||||
data = json.load(userdata_file)
|
return {"error": "Cannot delete root user"}, 400
|
||||||
# Return 400 if username is not provided
|
# Return 400 if user does not exist
|
||||||
if username is None:
|
for user in data["users"]:
|
||||||
return {"error": "username is required"}, 400
|
if user["username"] == username:
|
||||||
if username == data["username"]:
|
data["users"].remove(user)
|
||||||
return {"error": "Cannot delete root user"}, 400
|
break
|
||||||
# Return 400 if user does not exist
|
else:
|
||||||
for user in data["users"]:
|
return {"error": "User does not exist"}, 404
|
||||||
if user["username"] == username:
|
|
||||||
data["users"].remove(user)
|
|
||||||
break
|
|
||||||
else:
|
|
||||||
return {"error": "User does not exist"}, 404
|
|
||||||
|
|
||||||
userdata_file.seek(0)
|
|
||||||
json.dump(data, userdata_file, indent=4)
|
|
||||||
userdata_file.truncate()
|
|
||||||
finally:
|
|
||||||
portalocker.unlock(userdata_file)
|
|
||||||
|
|
||||||
return {"result": 0, "username": username}
|
return {"result": 0, "username": username}
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
#!/usr/bin/env python3
|
#!/usr/bin/env python3
|
||||||
"""Various utility functions"""
|
"""Various utility functions"""
|
||||||
|
import json
|
||||||
|
import portalocker
|
||||||
|
|
||||||
|
|
||||||
def get_domain():
|
def get_domain():
|
||||||
|
@ -7,3 +9,43 @@ def get_domain():
|
||||||
with open("/var/domain", "r", encoding="utf-8") as domain_file:
|
with open("/var/domain", "r", encoding="utf-8") as domain_file:
|
||||||
domain = domain_file.readline().rstrip()
|
domain = domain_file.readline().rstrip()
|
||||||
return domain
|
return domain
|
||||||
|
|
||||||
|
|
||||||
|
class WriteUserData(object):
|
||||||
|
"""Write userdata.json with lock"""
|
||||||
|
|
||||||
|
def __init__(self):
|
||||||
|
self.userdata_file = open(
|
||||||
|
"/etc/nixos/userdata/userdata.json", "r+", encoding="utf-8"
|
||||||
|
)
|
||||||
|
portalocker.lock(self.userdata_file, portalocker.LOCK_EX)
|
||||||
|
self.data = json.load(self.userdata_file)
|
||||||
|
|
||||||
|
def __enter__(self):
|
||||||
|
return self.data
|
||||||
|
|
||||||
|
def __exit__(self, exc_type, exc_value, traceback):
|
||||||
|
if exc_type is None:
|
||||||
|
self.userdata_file.seek(0)
|
||||||
|
json.dump(self.data, self.userdata_file, indent=4)
|
||||||
|
self.userdata_file.truncate()
|
||||||
|
portalocker.unlock(self.userdata_file)
|
||||||
|
self.userdata_file.close()
|
||||||
|
|
||||||
|
|
||||||
|
class ReadUserData(object):
|
||||||
|
"""Read userdata.json with lock"""
|
||||||
|
|
||||||
|
def __init__(self):
|
||||||
|
self.userdata_file = open(
|
||||||
|
"/etc/nixos/userdata/userdata.json", "r", encoding="utf-8"
|
||||||
|
)
|
||||||
|
portalocker.lock(self.userdata_file, portalocker.LOCK_SH)
|
||||||
|
self.data = json.load(self.userdata_file)
|
||||||
|
|
||||||
|
def __enter__(self):
|
||||||
|
return self.data
|
||||||
|
|
||||||
|
def __exit__(self, *args):
|
||||||
|
portalocker.unlock(self.userdata_file)
|
||||||
|
self.userdata_file.close()
|
||||||
|
|
Loading…
Reference in a new issue