-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathapp.py
327 lines (264 loc) · 9.94 KB
/
app.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
from flask import Flask, render_template, request, jsonify
from flask_babel import Babel
from flask_babel import gettext as _
import json
import requests
import subprocess
import os
from time import sleep
from install_procedure import steps
DYNDNS_DOMAINS = ["nohost.me", "noho.st", "ynh.fr"]
AVAILABLE_LANGUAGES = ["en"] + os.listdir("translations")
# Copypasta from https://stackoverflow.com/a/36033627
class PrefixMiddleware(object):
def __init__(self, app, prefix=""):
self.app = app
self.prefix = prefix
def __call__(self, environ, start_response):
if environ["PATH_INFO"].startswith(self.prefix):
environ["PATH_INFO"] = environ["PATH_INFO"][len(self.prefix) :]
environ["SCRIPT_NAME"] = self.prefix
return self.app(environ, start_response)
else:
start_response("404", [("Content-Type", "text/plain")])
return ["This url does not belong to the app.".encode()]
steps = [step.__name__ for step in steps]
app = Flask(__name__, static_folder="assets")
app.wsgi_app = PrefixMiddleware(app.wsgi_app, prefix="/install")
babel = Babel(app)
@babel.localeselector
def get_locale():
# try to guess the language from the user accept
# header the browser transmits. We support de/fr/en in this
# example. The best match wins.
return request.accept_languages.best_match(AVAILABLE_LANGUAGES)
@app.route("/", methods=["POST", "GET"])
def main():
if not os.path.exists("/etc/yunohost/internetcube_to_be_installed"):
return "The InternetCube is already installed"
# We need this here because gettext (_) gotta be called when user makes the
# request to know their language ... (or at least not sure how to do this
# another way ... we can have a loop but that will probably hide what
# strings are needed and therefore we won't be able to easily collect them
# for translation generation)
# But the consequence is : this gotta be kept in sync with the step list
steps_with_i18n = [
("upgrade", _("System upgrade")),
("postinstall", _("Server initialization")),
("install_vpnclient", _("VPN installation")),
("configure_vpnclient", _("VPN configuration")),
("install_hotspot", _("WiFi Hotspot installation")),
("cleanup", _("Cleaning")),
]
translated_steps = [step for step, _ in steps_with_i18n]
assert set(translated_steps) == set(steps)
if request.method == "GET":
if not os.path.exists("./data/install_params.json"):
return render_template("form.html")
else:
install_params = json.loads(open("./data/install_params.json").read())
return render_template(
"status.html", steps=steps_with_i18n, install_params=install_params
)
if request.method == "POST":
form_data = {k: v for k, v in request.form.items()}
try:
validate(form_data)
except Exception as e:
return str(e), 400
return start_install(form_data)
@app.route("/retry", methods=["POST"])
def retry():
return start_install(json.loads(open("./data/install_params.json").read()))
@app.route("/fullreset", methods=["POST"])
def fullreset():
cwd = os.path.dirname(os.path.realpath(__file__))
return os.system("bash %s/deploy/fullreset.sh" % cwd) == 0
def start_install(form_data={}):
form_data["enable_vpn"] = form_data.get("enable_vpn") in ["true", True]
form_data["enable_wifi"] = form_data.get("enable_wifi") in ["true", True]
form_data["use_dyndns_domain"] = any(
form_data.get("main_domain").endswith("." + dyndns_domain)
for dyndns_domain in DYNDNS_DOMAINS
)
form_data["request_host"] = request.host
os.system("mkdir -p ./data/")
os.system("chown root:root ./data/")
os.system("chmod o-rwx ./data/")
if form_data:
with open("./data/install_params.json", "w") as f:
f.write(json.dumps(form_data))
os.system(
"systemctl reset-failed internetcube_install.service &>/dev/null || true "
)
cwd = os.path.dirname(os.path.realpath(__file__))
start_status = os.system(
"systemd-run --unit=internetcube_install %s/venv/bin/python3 %s/install_procedure.py"
% (cwd, cwd)
)
sleep(3)
status = (
subprocess.check_output(
"systemctl is-active internetcube_install.service || true", shell=True
)
.strip()
.decode("utf-8")
)
if status == "active":
return "", 200
elif start_status != 0:
return (
"Failed to start the install script ... maybe the app ain't started as root ?",
500,
)
else:
status = (
subprocess.check_output(
"journalctl --no-pager --no-hostname -n 20 -u internetcube_install.service || true",
shell=True,
)
.strip()
.decode("utf-8")
)
return (
"The install script was started but is still not active ... \n<pre style='text-align:left;'>"
+ status
+ "</pre>",
500,
)
def validate(form):
# Connected to the internet ?
try:
requests.get("https://wikipedia.org", timeout=15)
except Exception as e:
raise Exception(
_("It looks like the board is not connected to the internet !?")
)
# Dyndns domain is available ?
if any(
form["main_domain"].endswith("." + dyndns_domain)
for dyndns_domain in DYNDNS_DOMAINS
):
try:
r = requests.get(
"https://dyndns.yunohost.org/test/" + form["main_domain"], timeout=15
)
assert "is available" in r.text.strip()
except Exception as e:
raise Exception(
_(
"It looks like domain %(domain)s is not available.",
domain=form["main_domain"],
)
)
# .cube format ?
if form.get("enable_vpn") in ["true", True]:
try:
cube_config = json.loads(form["cubefile"])
except Exception as e:
raise Exception(
_(
"Could not load this file as json ... Is it a valid .cube file ?"
+ str(form["enable_vpn"])
)
)
# TODO : refine this ?
expected_fields = ["server_name", "server_port", "crt_server_ca", "dns0"]
if not all(field in cube_config for field in expected_fields):
raise Exception(
_(
"This cube file does not look valid because some fields are missing ?"
)
)
if cube_config.get("crt_client"):
read, write = os.pipe()
os.write(write, cube_config["crt_client"].replace("|", "\n").encode())
os.close(write)
try:
subprocess.check_call(
"openssl x509 -noout -checkend 0 >/dev/null", shell=True, stdin=read
)
except Exception as e:
raise Exception(
_(
"It looks like the user certificate in the .cube file is already expired ?!"
)
)
if form.get("enable_wifi") in ["true", True]:
# This doesnt work properly because of missing drivers
# so the interface doesn't show up
# Though we could maybe tweak something with lsusb (but that doesn't cover non-usb devices)
pass
# try:
# subprocess.check_call("/sbin/iw dev | grep -q Interface", shell=True)
# except Exception as e:
# raise Exception(_("The hotspot option can't enabled because it looks like no WiFi interface is available on the system ... did you forget to plug the antenna ?"))
return True
@app.route("/status", methods=["GET"])
def status():
def most_recent_info(log_path):
cmd = (
"tac %s | tail -n 50 | grep -m 1 ' INFO \| SUCCESS ' | cut -d ' ' -f 5-"
% log_path
)
message = subprocess.check_output(cmd, shell=True).strip().decode("utf-8")
if not message:
message = (
subprocess.check_output("tail -n 1 %s" % log_path, shell=True)
.strip()
.decode("utf-8")
)
return redact_passwords(message)
update_info_to_redact()
data = []
for step in steps:
status_path = "./data/%s.status" % step
logs_path = "./data/%s.logs" % step
data.append(
{
"id": step,
"status": open(status_path).read().strip()
if os.path.exists(status_path)
else "pending",
"message": most_recent_info(logs_path)
if os.path.exists(logs_path)
else None,
}
)
status = (
subprocess.check_output(
"systemctl is-active internetcube_install.service || true", shell=True
)
.strip()
.decode("utf-8")
)
return jsonify({"active": status == "active", "steps": data})
@app.route("/debug", methods=["GET"])
def debug():
update_info_to_redact()
data = []
for step in steps:
logs_path = "./data/%s.logs" % step
data.append(
{
"id": step,
"logs": redact_passwords(open(logs_path).read().strip())
if os.path.exists(logs_path)
else [],
}
)
return jsonify(data)
to_redact = []
def update_info_to_redact():
if not os.path.exists("./data/install_params.json"):
return
data = json.loads(open("./data/install_params.json").read())
global to_redact
to_redact = []
for key, value in data.items():
if value and "pass" in key:
to_redact.append(value)
def redact_passwords(content):
for value in to_redact:
content = content.replace(value, "[REDACTED]")
return content