def __check_mysql_path(self):
try:
#获取datadir路径
mypath = '/etc/my.cnf'
if not os.path.exists(mypath): return False
public.set_mode(mypath, 644)
mycnf = public.readFile(mypath)
tmp = re.findall('datadir\s*=\s*(.+)', mycnf)
if not tmp: return False
datadir = tmp[0]
#可以被启动的权限
accs = ['755', '777']
#处理data目录权限
mode_info = public.get_mode_and_user(datadir)
if not mode_info['mode'] in accs or mode_info['user'] != 'mysql':
public.ExecShell('chmod 755 ' + datadir)
public.ExecShell('chown -R mysql:mysql ' + datadir)
#递归处理父目录权限
datadir = os.path.dirname(datadir)
while datadir != '/':
if datadir == '/': break
mode_info = public.get_mode_and_user(datadir)
if not mode_info['mode'] in accs:
public.ExecShell('chmod 755 ' + datadir)
datadir = os.path.dirname(datadir)
except:
pass
def mypass(self, act):
conf_file = '/etc/my.cnf'
conf_file_bak = '/etc/my.cnf.bak'
if os.path.getsize(conf_file) > 2:
public.writeFile(conf_file_bak, public.readFile(conf_file))
public.set_mode(conf_file_bak, 600)
public.set_own(conf_file_bak, 'mysql')
elif os.path.getsize(conf_file_bak) > 2:
public.writeFile(conf_file, public.readFile(conf_file_bak))
public.set_mode(conf_file, 600)
public.set_own(conf_file, 'mysql')
public.ExecShell("sed -i '/user=root/d' {}".format(conf_file))
public.ExecShell("sed -i '/password=/d' {}".format(conf_file))
if act:
password = public.M('config').where('id=?',
(1, )).getField('mysql_root')
mycnf = public.readFile(conf_file)
if not mycnf: return False
src_dump_re = r"\[mysqldump\][^.]"
sub_dump = "[mysqldump]\nuser=root\npassword=\"{}\"\n".format(
password)
mycnf = re.sub(src_dump_re, sub_dump, mycnf)
if len(mycnf) > 100: public.writeFile(conf_file, mycnf)
return True
return True
def set_pma_access():
try:
pma_path = get_pma_path()
if not pma_path: return False
if not os.path.exists(pma_path): return False
pma_tmp = pma_path + '/tmp'
if not os.path.exists(pma_tmp):
os.makedirs(pma_tmp)
nginx_file = '/www/server/nginx/conf/nginx.conf'
if os.path.exists(nginx_file):
nginx_conf = public.readFile(nginx_file)
if nginx_conf.find('/tmp/') == -1:
r_conf = '''/www/server/phpmyadmin;
location ~ /tmp/ {
return 403;
}'''
nginx_conf = nginx_conf.replace('/www/server/phpmyadmin;',r_conf)
public.writeFile(nginx_file,nginx_conf)
public.serviceReload()
apa_pma_tmp = pma_tmp + '/.htaccess'
if not os.path.exists(apa_pma_tmp):
r_conf = '''order allow,deny
deny from all'''
public.writeFile(apa_pma_tmp,r_conf)
public.set_mode(apa_pma_tmp,755)
public.set_own(apa_pma_tmp,'root')
public.ExecShell("chmod -R 700 {}".format(pma_tmp))
public.ExecShell("chown -R www:www {}".format(pma_tmp))
return True
except:
return False
def __init__(self):
if not os.path.exists(self._save_path):
os.makedirs(self._save_path, 384)
if not os.path.exists(self._pass_file):
public.writeFile(self._pass_file, public.GetRandomString(16))
public.set_mode(self._pass_file, 600)
if not self._pass_str:
self._pass_str = public.readFile(self._pass_file)
def upload(self, args):
if sys.version_info[0] == 2:
args.f_name = args.f_name.encode('utf-8')
args.f_path = args.f_path.encode('utf-8')
if args.f_name.find('./') != -1 or args.f_path.find('./') != -1:
return public.returnMsg(False, '错误的参数')
if not os.path.exists(args.f_path):
os.makedirs(args.f_path, 493)
if not 'dir_mode' in args or not 'file_mode' in args:
self.set_mode(args.f_path)
save_path = os.path.join(
args.f_path,
args.f_name + '.' + str(int(args.f_size)) + '.upload.tmp')
d_size = 0
if os.path.exists(save_path): d_size = os.path.getsize(save_path)
if d_size != int(args.f_start): return d_size
upload_files = request.files.getlist("blob")
f = open(save_path, 'ab')
for tmp_f in upload_files:
f.write(tmp_f.read())
f.close()
f_size = os.path.getsize(save_path)
if f_size != int(args.f_size): return f_size
new_name = os.path.join(args.f_path, args.f_name)
if os.path.exists(new_name):
if new_name.find('.user.ini') != -1:
public.ExecShell("chattr -i " + new_name)
os.remove(new_name)
os.renames(save_path, new_name)
if 'dir_mode' in args and 'file_mode' in args:
mode_tmp1 = args.dir_mode.split(',')
public.set_mode(args.f_path, mode_tmp1[0])
public.set_own(args.f_path, mode_tmp1[1])
mode_tmp2 = args.file_mode.split(',')
public.set_mode(new_name, mode_tmp2[0])
public.set_own(new_name, mode_tmp2[1])
else:
self.set_mode(new_name)
if new_name.find('.user.ini') != -1:
public.ExecShell("chattr +i " + new_name)
public.WriteLog('TYPE_FILE', 'FILE_UPLOAD_SUCCESS',
(args.f_name, args.f_path))
return public.returnMsg(True, 'Upload Success!')
def term_open():
comReturn = comm.local()
if comReturn: return comReturn
args = get_input()
if 'get_ssh_info' in args:
key = 'ssh_' + args['host']
if key in session:
return public.getJson(session[key]),json_header
return public.returnMsg(False,'Acquisition failed!')
session['ssh_info'] = json.loads(args.data)
key = 'ssh_' + session['ssh_info']['host']
session[key] = session['ssh_info']
s_file = '/www/server/panel/config/t_info.json'
if 'is_save' in session['ssh_info']:
public.writeFile(s_file,public.de_hexb(json.dumps(session['ssh_info'])))
public.set_mode(s_file,600)
else:
if os.path.exists(s_file): os.remove(s_file)
return public.returnJson(True,'Successful setup!');
def apple_lest_cert(self, get):
data = {}
data['siteName'] = get.siteName
data['domains'] = json.loads(get.domains)
data['email'] = get.email
data['dnssleep'] = get.dnssleep
if len(data['domains']) <= 0:
return public.returnMsg(False, '申请域名列表不能为空.')
data['first_domain'] = data['domains'][0]
path = self.setupPath + '/panel/vhost/cert/' + data['siteName']
if not os.path.exists(path): os.makedirs(path)
# 检查是否自定义证书
partnerOrderId = path + '/partnerOrderId'
if os.path.exists(partnerOrderId): os.remove(partnerOrderId)
#清理续签key
re_key = path + '/account_key.key'
if os.path.exists(re_key): os.remove(re_key)
re_password = path + '/password'
if os.path.exists(re_password): os.remove(re_password)
data['account_key'] = None
if hasattr(get, 'dnsapi'):
if not 'app_root' in get: get.app_root = '0'
data['app_root'] = get.app_root
domain_list = data['domains']
if data['app_root'] == '1':
domain_list = []
data['first_domain'] = self.get_root_domain(
data['first_domain'])
for domain in data['domains']:
rootDoamin = self.get_root_domain(domain)
if not rootDoamin in domain_list:
domain_list.append(rootDoamin)
if not "*." + rootDoamin in domain_list:
domain_list.append("*." + rootDoamin)
data['domains'] = domain_list
if get.dnsapi == 'dns':
domain_path = path + '/domain_txt_dns_value.json'
if hasattr(get, 'renew'): #验证
data['renew'] = True
dns = json.loads(public.readFile(domain_path))
data['dns'] = dns
certificate = self.crate_let_by_oper(data)
else:
#手动解析提前返回
result = self.crate_let_by_oper(data)
if 'status' in result and not result['status']:
return result
result['status'] = True
public.writeFile(domain_path, json.dumps(result))
result['msg'] = '获取成功,请手动解析域名'
result['code'] = 2
return result
elif get.dnsapi == 'dns_bt':
data['dnsapi'] = get.dnsapi
certificate = self.crate_let_by_dns(data)
else:
data['dnsapi'] = get.dnsapi
data['dns_param'] = get.dns_param.split('|')
certificate = self.crate_let_by_dns(data)
else:
#文件验证
data['site_dir'] = get.site_dir
certificate = self.crate_let_by_file(data)
if not certificate['status']:
return public.returnMsg(False, certificate['msg'])
#保存续签
cpath = self.setupPath + '/panel/vhost/cert/crontab.json'
config = {}
if os.path.exists(cpath):
config = json.loads(public.readFile(cpath))
config[data['siteName']] = data
public.writeFile(cpath, json.dumps(config))
public.set_mode(cpath, 600)
#存储证书
public.writeFile(path + "/privkey.pem", certificate['key'])
public.writeFile(path + "/fullchain.pem",
certificate['cert'] + certificate['ca_data'])
public.writeFile(path + "/account_key.key",
certificate['account_key']) #续签KEY
#转为IIS证书
p12 = self.dump_pkcs12(certificate['key'],
certificate['cert'] + certificate['ca_data'],
certificate['ca_data'], data['first_domain'])
pfx_buffer = p12.export()
public.writeFile(path + "/fullchain.pfx", pfx_buffer, 'wb+')
public.writeFile(path + "/README", "let")
#计划任务续签
self.set_crond()
return public.returnMsg(True, '申请成功.')
def save_api_config(self, data):
public.WriteFile(self.save_path, json.dumps(data))
public.set_mode(self.save_path, '600')
return True
def apple_lest_cert(self, get):
data = {}
data['siteName'] = get.siteName
data['domains'] = json.loads(get.domains)
data['email'] = get.email
data['dnssleep'] = get.dnssleep
self.write_log("Ready to apply for SSL, domain name {}".format(
data['domains']))
self.write_log("=" * 50)
if len(data['domains']) <= 0:
return public.returnMsg(
False, 'The list of applied domain names cannot be empty.')
data['first_domain'] = data['domains'][0]
path = self.setupPath + '/panel/vhost/cert/' + data['siteName']
if not os.path.exists(path): os.makedirs(path)
# 检查是否自定义证书
partnerOrderId = path + '/partnerOrderId'
if os.path.exists(partnerOrderId): os.remove(partnerOrderId)
#清理续签key
re_key = path + '/account_key.key'
if os.path.exists(re_key): os.remove(re_key)
re_password = path + '/password'
if os.path.exists(re_password): os.remove(re_password)
data['account_key'] = None
if hasattr(get, 'dnsapi'):
if not 'app_root' in get: get.app_root = '0'
data['app_root'] = get.app_root
domain_list = data['domains']
if data['app_root'] == '1':
public.writeFile(self.log_file, '')
domain_list = []
data['first_domain'] = self.get_root_domain(
data['first_domain'])
for domain in data['domains']:
rootDoamin = self.get_root_domain(domain)
if not rootDoamin in domain_list:
domain_list.append(rootDoamin)
if not "*." + rootDoamin in domain_list:
domain_list.append("*." + rootDoamin)
data['domains'] = domain_list
if get.dnsapi == 'dns':
domain_path = path + '/domain_txt_dns_value.json'
if hasattr(get, 'renew'): #验证
data['renew'] = True
dns = json.loads(public.readFile(domain_path))
data['dns'] = dns
certificate = self.crate_let_by_oper(data)
else:
public.writeFile(self.log_file, '')
#手动解析提前返回
result = self.crate_let_by_oper(data)
if 'status' in result and not result['status']:
return result
result['status'] = True
public.writeFile(domain_path, json.dumps(result))
result[
'msg'] = 'Get successful, please manually resolve the domain name'
result['code'] = 2
return result
elif get.dnsapi == 'dns_bt':
public.writeFile(self.log_file, '')
data['dnsapi'] = get.dnsapi
certificate = self.crate_let_by_dns(data)
else:
public.writeFile(self.log_file, '')
data['dnsapi'] = get.dnsapi
data['dns_param'] = get.dns_param.split('|')
certificate = self.crate_let_by_dns(data)
else:
#文件验证
public.writeFile(self.log_file, '')
data['site_dir'] = get.site_dir
certificate = self.crate_let_by_file(data)
if not certificate['status']:
return public.returnMsg(False, certificate['msg'])
#保存续签
self.write_log("|-Saving certificate..")
cpath = self.setupPath + '/panel/vhost/cert/crontab.json'
config = {}
if os.path.exists(cpath):
try:
config = json.loads(public.readFile(cpath))
except:
pass
config[data['siteName']] = data
public.writeFile(cpath, json.dumps(config))
public.set_mode(cpath, 600)
#存储证书
public.writeFile(path + "/privkey.pem", certificate['key'])
public.writeFile(path + "/fullchain.pem",
certificate['cert'] + certificate['ca_data'])
public.writeFile(path + "/account_key.key",
certificate['account_key']) #续签KEY
#转为IIS证书
p12 = self.dump_pkcs12(certificate['key'],
certificate['cert'] + certificate['ca_data'],
certificate['ca_data'], data['first_domain'])
pfx_buffer = p12.export()
public.writeFile(path + "/fullchain.pfx", pfx_buffer, 'wb+')
public.writeFile(path + "/README", "let")
#计划任务续签
self.write_log("|-Setting up auto-renewal configuration..")
self.set_crond()
self.write_log(
"|-The application is successful and it is being automatically deployed to the website!"
)
self.write_log("=" * 50)
return public.returnMsg(True, 'Application successful.')
def apple_lest_cert(self, get):
data = {}
data['siteName'] = get.siteName
data['domains'] = json.loads(get.domains)
data['email'] = get.email
data['dnssleep'] = get.dnssleep
if len(data['domains']) <= 0:
return public.returnMsg(False, '申请域名列表不能为空.')
data['first_domain'] = data['domains'][0]
path = self.setupPath + '/panel/vhost/cert/' + data['siteName']
if not os.path.exists(path): os.makedirs(path)
# 检查是否自定义证书
partnerOrderId = path + '/partnerOrderId'
if os.path.exists(partnerOrderId): os.remove(partnerOrderId)
#清理续签key
re_key = path + '/account_key.key'
if os.path.exists(re_key): os.remove(re_key)
re_password = path + '/password'
if os.path.exists(re_password): os.remove(re_password)
data['account_key'] = None
if hasattr(get, 'dnsapi'):
if not 'app_root' in get: get.app_root = '0'
data['app_root'] = get.app_root
domain_list = data['domains']
if data['app_root'] == '1':
domain_list = []
data['first_domain'] = self.get_root_domain(
data['first_domain'])
for domain in data['domains']:
rootDoamin = self.get_root_domain(domain)
if not rootDoamin in domain_list:
domain_list.append(rootDoamin)
if not "*." + rootDoamin in domain_list:
domain_list.append("*." + rootDoamin)
data['domains'] = domain_list
if get.dnsapi == 'dns':
domain_path = path + '/domain_txt_dns_value.json'
if hasattr(get, 'renew'): #验证
data['renew'] = True
dns = json.loads(public.readFile(domain_path))
data['dns'] = dns
certificate = self.crate_let_by_oper(data)
else:
#手动解析提前返回
result = self.crate_let_by_oper(data)
public.writeFile(domain_path, json.dumps(result))
result['code'] = 2
result['status'] = True
result['msg'] = '获取成功,请手动解析域名'
return result
elif get.dnsapi == 'dns_bt':
data['dnsapi'] = get.dnsapi
certificate = self.crate_let_by_dns(data)
else:
data['dnsapi'] = get.dnsapi
data['dns_param'] = get.dns_param.split('|')
certificate = self.crate_let_by_dns(data)
else:
#文件验证
data['site_dir'] = get.site_dir
certificate = self.crate_let_by_file(data)
if not certificate['status']:
return public.returnMsg(False, certificate['msg'])
#保存续签
cpath = self.setupPath + '/panel/vhost/cert/crontab.json'
config = {}
if os.path.exists(cpath):
config = json.loads(public.readFile(cpath))
config[data['siteName']] = data
public.writeFile(cpath, json.dumps(config))
public.set_mode(cpath, 600)
#存储证书
public.writeFile(path + "/privkey.pem", certificate['key'])
public.writeFile(path + "/fullchain.pem",
certificate['cert'] + certificate['ca_data'])
public.writeFile(path + "/account_key.key",
certificate['account_key']) #续签KEY
#转为IIS证书
p12 = self.dump_pkcs12(certificate['key'],
certificate['cert'] + certificate['ca_data'],
certificate['ca_data'], data['first_domain'])
pfx_buffer = p12.export()
public.writeFile(path + "/fullchain.pfx", pfx_buffer, 'wb+')
public.writeFile(path + "/README", "let")
#计划任务续签
echo = public.md5(public.md5('renew_lets_ssl_bt'))
crontab = public.M('crontab').where('echo=?', (echo, )).find()
if not crontab:
cronPath = public.GetConfigValue('setup_path') + '/cron/' + echo
shell = 'python %s/panel/class/panelLets.py renew_lets_ssl ' % (
self.setupPath)
public.writeFile(cronPath, shell)
public.M('crontab').add(
'name,type,where1,where_hour,where_minute,echo,addtime,status,save,backupTo,sType,sName,sBody,urladdress',
("续签Let's Encrypt证书", 'day', '', '0', '10', echo,
time.strftime('%Y-%m-%d %X', time.localtime()), 1, '',
'localhost', 'toShell', '', shell, ''))
return public.returnMsg(True, '申请成功.')
