Ejemplo n.º 1
0
 def check_login(*args, **kwargs):
     if 'code' not in args[1].params.keys():
         raise RError(5)
     db = RDataBase()
     if not db.query("SELECT * FROM invite_codes WHERE code = %s AND used = %s", (args[1].params['code'], used)):
         raise RError(6)
     func(*args, code=args[1].params['code'], **kwargs)
Ejemplo n.º 2
0
class RUser:
    def __init__(self):
        self.db = RDataBase()

    @utils.require_login
    @utils.require_domain_owner
    def on_get(self, req, resp, domain_id, user):
        req.context["result"] = {
            "result": self.db.query("SELECT id, domain_id, email FROM virtual_users WHERE domain_id = %s", (domain_id,))
        }
        resp.status = falcon.HTTP_200

    @utils.require_login
    @utils.require_domain_owner
    def on_post(self, req, resp, domain_id, user):
        if "request" not in req.context.keys():
            raise RError(16)
        request = req.context["request"]
        if "username" not in request.keys():
            raise RError(20)
        if not re.match("^[a-z0-9A-Z][a-z0-9A-Z_\+\.]{0,60}$", request["username"]):
            raise RError(13)
        if "password" not in request.keys():
            raise RError(14)
        domain = self.db.query("SELECT name FROM virtual_domains WHERE id = %s", (domain_id,))
        if self.db.query(
            "SELECT * FROM virtual_users WHERE email = %s", ((request["username"] + "@" + domain[0]["name"]),)
        ):
            raise RError(17)
        self.db.execute(
            "INSERT INTO virtual_users (domain_id,password, email) VALUES "
            "(%s, ENCRYPT(%s, CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), %s)",
            (domain_id, request["password"], (request["username"] + "@" + domain[0]["name"])),
        )
        resp.status = falcon.HTTP_200
Ejemplo n.º 3
0
class RTransport:
    def __init__(self):
        self.db = RDataBase()

    @utils.require_login
    @utils.require_domain_owner
    def on_get(self, req, resp, user, domain_id):
        result = self.db.query("SELECT id,source,destination,region FROM transport_domains WHERE domain_id=%s",
                               (domain_id,))
        req.context['result'] = {"result": result}

    @utils.require_login
    @utils.require_domain_owner
    @utils.require_level(5)
    def on_post(self, req, resp, user, domain_id):
        if 'request' not in req.context.keys():
            raise RError(16)
        request = req.context['request']
        if 'source' not in request.keys():
            raise RError(20)
        if 'destination' not in request.keys():
            raise RError(20)
        if 'region' not in request.keys():
            raise RError(20)
        if not (re.match('^[a-z0-9A-Z_\+\.]{1,60}@$', request['source']) or request['source'] == ""):
            raise RError(13)
        domain = self.db.query("SELECT * FROM virtual_domains WHERE id = %s", (domain_id,))
        self.db.execute("INSERT INTO transport_domains(domain_id, source, destination, region) VALUES (%s,%s,%s,%s)",
                        (domain_id, (request['source'] + domain[0]['name']), request['destination'],
                         request['region']))
Ejemplo n.º 4
0
class RTransportDefaultModify:
    def __init__(self):
        self.db = RDataBase()

    @utils.require_login
    @utils.require_domain_owner
    def on_post(self, req, resp, user, domain_id, operate_id):
        if operate_id == "1":
            if 'request' not in req.context.keys():
                raise RError(16)
            request = req.context['request']
            if 'id' not in request.keys():
                raise RError(20)
            server = self.db.query("SELECT * FROM mynetworks WHERE id = %s", (str(request['id']),) )
            domain = self.db.query("SELECT * FROM virtual_domains WHERE id = %s", (domain_id,))
            if not server:
                raise RError(30)
            cursor = self.db.begin()
            cursor.execute("DELETE FROM transport_domains WHERE domain_id = %s", (domain_id,))
            cursor.execute(
                "INSERT INTO transport_domains(domain_id, source, destination, region) VALUES (%s, %s, %s, '0default')",
                (domain_id, domain[0]['name'], "smtp:[" + server[0]['domain_name'] + "]"))
            cursor.execute(
                "INSERT INTO transport_domains(domain_id, source, destination, region) VALUES( %s, %s, %s, %s)",
                (domain_id, domain[0]['name'], "lmtp:unix:private/dovecot-lmtp", server[0]['server_mark']))
            cursor.commit()
        else:
            raise RError(31)
Ejemplo n.º 5
0
 def check_owner(*args, **kwargs):
     if 'user' not in kwargs.keys():
         raise RError(22)
     user = kwargs['user']
     if 'domain_id' not in kwargs.keys():
         raise RError(23)
     if user.info.level == 100:
         return func(*args, **kwargs)
     db = RDataBase()
     if not db.query("SELECT * FROM virtual_domains WHERE id = %s AND admin_user_id = %s",
                     (kwargs['domain_id'], kwargs['user'].info.id)):
         raise RError(24)
     func(*args, **kwargs)
Ejemplo n.º 6
0
 def __init__(self, token=''):
     self.sessions = RMemorySessionStore()
     self.utils = RUtils()
     self.database = RDataBase()
     self.data = None
     if token != '':
         self.restore_from_token(token)
Ejemplo n.º 7
0
class RServer:
    def __init__(self):
        self.db = RDataBase()

    @utils.require_login
    def on_get(self, req, resp, user):
        result = self.db.query("SELECT domain_name, server_mark, region_mark, default_mark FROM mynetworks", ())
        req.context['result'] = {"result": result}
Ejemplo n.º 8
0
 def __init__(self, token=None):
     self.session = RMemorySessionStore()
     self.db = RDataBase()
     self.info = RAdminUserInfo()
     self.config = RConfig()
     if token:
         self.info.token = token
     if self.info.token != "":
         self.login_by_token()
Ejemplo n.º 9
0
class RAliasModify:
    def __init__(self):
        self.db = RDataBase()

    @utils.require_login
    @utils.require_domain_owner
    def on_get(self, req, resp, user, domain_id, alias_id):
        result = self.db.query("SELECT id,source,destination FROM virtual_aliases WHERE id = %s AND domain_id = %s",
                               (alias_id, domain_id))
        if not result:
            raise RError(29)
        req.context['result'] = {"result": result[0]}

    @utils.require_login
    @utils.require_domain_owner
    @utils.require_level(5)
    def on_delete(self, req, resp, user, domain_id, alias_id):
        result = self.db.execute("DELETE FROM virtual_aliases WHERE id = %s AND domain_id = %s", (alias_id, domain_id))
        if not result:
            raise RError(18)
Ejemplo n.º 10
0
class RBccModify:
    def __init__(self):
        self.db = RDataBase()

    @utils.require_login
    @utils.require_domain_owner
    def on_get(self, req, resp, user, domain_id, bcc_id):
        result = self.db.query(
            "SELECT id,source,destination,region FROM recipient_bcc WHERE id = %s AND domain_id = %s",
            (bcc_id, domain_id))
        if not result:
            raise RError(32)
        req.context['result'] = {"result": result[0]}

    @utils.require_login
    @utils.require_domain_owner
    @utils.require_level(5)
    def on_delete(self, req, resp, user, domain_id, bcc_id):
        result = self.db.execute("DELETE FROM recipient_bcc WHERE id = %s AND domain_id = %s", (bcc_id, domain_id))
        if not result:
            raise RError(18)
Ejemplo n.º 11
0
class RDomain:
    def __init__(self):
        self.db = RDataBase()

    @utils.require_login
    def on_get(self, req, resp, user):
        if user.info.level == 100:
            result = self.db.query("SELECT id, name FROM virtual_domains", ())
        else:
            result = self.db.query("SELECT id, name FROM virtual_domains WHERE admin_user_id = %s", (user.info.id,))
        req.context['result'] = {'result': result}
        resp.status = falcon.HTTP_200


    @utils.require_login
    def on_post(self, req, resp, user):
        if 'request' not in req.context.keys():
            raise RError(16)
        request = req.context['request']
        if 'domain' not in request.keys():
            raise RError(7)
        if self.db.query("SELECT id FROM virtual_domains WHERE name = %s", (request['domain'],)):
            raise RError(8)
        if not re.match('^([a-zA-Z0-9][-a-zA-Z0-9]{0,62}\.){1,5}[a-zA-Z0-9][-a-zA-Z0-9]{0,62}$', request['domain']):
            raise RError(9)
        self.db.execute("INSERT INTO virtual_domains (name, admin_user_id) VALUES (%s, %s)",
                        (request['domain'], user.info.id))
        req.context['result'] = {'result': self.db.query('SELECT id, name FROM virtual_domains WHERE name = %s',
                                                         (request['domain'],))[0]}
        resp.status = falcon.HTTP_200
Ejemplo n.º 12
0
class RUserModify:
    def __init__(self):
        self.db = RDataBase()

    @utils.require_login
    @utils.require_domain_owner
    def on_get(self, req, resp, domain_id, user_id, user):
        result = self.db.query(
            "SELECT id, domain_id, email FROM virtual_users WHERE id = %s AND domain_id = %s", (user_id, domain_id)
        )
        if not result:
            raise RError(26)
        req.context["result"] = {"result": result[0]}

    @utils.require_login
    @utils.require_domain_owner
    def on_put(self, req, resp, domain_id, user_id, user):
        if "request" not in req.context.keys():
            raise RError(16)
        request = req.context["request"]
        if not user_id:
            raise RError(15)
        if "password" not in request.keys():
            raise RError(14)
        if not self.db.execute(
            "UPDATE virtual_users SET password = ENCRYPT(%s, CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))) "
            "WHERE  domain_id = %s AND id = %s",
            (request["password"], domain_id, user_id),
        ):
            raise RError(18)
        resp.status = falcon.HTTP_200

    @utils.require_login
    @utils.require_domain_owner
    def on_delete(self, req, resp, domain_id, user_id, user):
        if not user_id:
            raise RError(15)
        if not self.db.execute("DELETE FROM virtual_users WHERE id = %s AND domain_id = %s", (user_id, domain_id)):
            raise RError(26)
        resp.status = falcon.HTTP_200
Ejemplo n.º 13
0
class RDomainModify():
    def __init__(self):
        self.db = RDataBase()

    @utils.require_login
    @utils.require_domain_owner
    def on_get(self, req, resp, domain_id, user):
        result = self.db.query('SELECT id, name FROM virtual_domains WHERE id = %s;', (domain_id, ))
        if not result:
            raise RError(24)
        req.context['result'] = {'result': result[0]}
        resp.status = falcon.HTTP_200


    @utils.require_login
    @utils.require_domain_owner
    def on_delete(self, req, resp, domain_id, user):
        result = self.db.execute("DELETE FROM virtual_users WHERE domain_id = %s;", (domain_id,))
        result = self.db.execute("DELETE FROM virtual_domains WHERE id = %s;", (domain_id,))
        if not result:
            raise RError(18)
        resp.status = falcon.HTTP_200
Ejemplo n.º 14
0
class RUser:
    def __init__(self, token=''):
        self.sessions = RMemorySessionStore()
        self.utils = RUtils()
        self.database = RDataBase()
        self.data = None
        if token != '':
            self.restore_from_token(token)

    def restore_from_token(self, token):
        if self.sessions.contains(token):
            self.data = self.sessions.get(token)
            return True
        else:
            result = self.database.query('SELECT * FROM token WHERE token = %s AND expired_time > now()',
                                         (token,))
            if result:
                self.data = UserData()
                self.data.id = result[0]['user_id']
                self.data.ifLogin = True
                self.reload()
                return True
        self.data = UserData()
        return False

    def reload(self):
        result = self.database.query('SELECT * FROM users WHERE id = %s', (self.data.id,))
        if not result:
            return False
        self.data.username = result[0]['username']
        self.data.status = result[0]['status']
        self.data.email = result[0]['email']
        return True

    def login(self, username, password):
        if self.data.ifLogin:
            return True
        result = self.database.query('SELECT * FROm users
Ejemplo n.º 15
0
class RAdminUser():
    def __init__(self, token=None):
        self.session = RMemorySessionStore()
        self.db = RDataBase()
        self.info = RAdminUserInfo()
        self.config = RConfig()
        if token:
            self.info.token = token
        if self.info.token != "":
            self.login_by_token()

    def login_by_token(self):
        if not self.info.token:
            return False
        if self.session.contains(self.info.token):
            self.info = self.session.get(self.info.token)
            if self.info.expired_time < time.time():
                self.info.ifLogin = False
                self.session.remove(self.info.token)
            if self.info.ifLogin:
                return True
        return False

    def login_by_password(self, username="", password="", token=""):
        if username == "" or password == "" or token == "":
            raise RError(20)
        password = hashlib.sha512(password + self.config.password_salt).hexdigest()[0: 64]
        result = self.db.query("SELECT * FROM admin_user WHERE username=%s AND password=%s", (username, password))
        if not result:
            raise RError(25)
        self.info.id = result[0]['id']
        self.info.ifLogin = True
        self.info.token = token
        return self.sync_from_mysql()

    def logout(self):
        if not self.info.ifLogin:
            return True
        if self.info.token == "":
            return True
        self.session.remove(self.info.token)
        self.info.ifLogin = False
        return True

    def sync_from_mysql(self):
        if not self.info.ifLogin:
            return False
        if self.info.id <= 0:
            return False
        result = self.db.query("SELECT * FROM admin_user WHERE  id = %s", (self.info.id,))
        if not result:
            return False
        self.info.username = result[0]['username']
        self.info.invite_code_id = result[0]['invite_code_id']
        self.info.level = result[0]['level']
        self.session.push(self.info.token, self.info)
        return True

    def register(self, code="", username="", password=""):
        if code == "" or password == "" or username == "":
            raise RError(20)
        password = hashlib.sha512(password + self.config.password_salt).hexdigest()[0: 64]
        if self.db.query("SELECT * FROM admin_user WHERE username = %s", (username,)):
            raise RError(19)
        result = self.db.execute(
            "INSERT INTO admin_user(username, password, level, invite_code_id) "
            "VALUES(%s,%s,1, (SELECT id FROM invite_codes WHERE code = %s))", (username, password, code))
        if not result:
            raise RError(0)
        result = self.db.execute("UPDATE invite_codes SET used = 1 WHERE code = %s", (code,))
        return True

    def reset_password(self, code="", password=""):
        if code == "" or password == "":
            raise RError(20)
        password = hashlib.sha512(password + self.config.password_salt).hexdigest()[0: 64]
        result = self.db.execute(
            "UPDATE admin_user SET password = %s WHERE invite_code_id in (SELECT id FROM invite_codes WHERE code = %s)",
            (password, code))
        return True
Ejemplo n.º 16
0
 def __init__(self):
     self.db = RDataBase()
Ejemplo n.º 17
0
class RDKIM:
    def __init__(self):
        self.db = RDataBase()

    @utils.require_login
    @utils.require_domain_owner
    def on_get(self, req, resp, user, domain_id):
        domain = self.db.query("SELECT * FROM virtual_domains WHERE id = %s", (domain_id,))
        opendkim_id = self.db.query("SELECT * FROM opendkim_signings WHERE author = %s", (domain[0]['name'],))
        if not opendkim_id:
            return
        opendkim_key = self.db.query("SELECT * FROM opendkim_keys WHERE  id =%s", (opendkim_id[0]['dkim_id'],))
        if not opendkim_key:
            return
        req.context['result'] = {"domain": opendkim_key[0]['domain_name'], "selector": opendkim_key[0]['selector'],

                                 "key_sha512": hashlib.sha512(opendkim_key[0]['private_key']).hexdigest()}

    @utils.require_login
    @utils.require_domain_owner
    def on_put(self, req, resp, user, domain_id):
        if 'request' not in req.context.keys():
            raise RError(16)
        request = req.context['request']
        if 'selector' not in request.keys():
            raise RError(20)
        if 'private_key' not in request.keys():
            raise RError(20)
        domain = self.db.query("SELECT * FROM virtual_domains WHERE id = %s", (domain_id,))
        opendkim_id = self.db.query("SELECT * FROM opendkim_signings WHERE author = %s", (domain[0]['name'],))
        if not opendkim_id:
            self.db.execute("INSERT INTO opendkim_keys(domain_name, selector, private_key) VALUES (%s,%s,%s)",
                            (domain[0]['name'], request['selector'], request['private_key']))
            self.db.execute(
                "INSERT INTO opendkim_signings(author, dkim_id) "
                "VALUES (%s, (SELECT id FROM opendkim_keys WHERE domain_name = %s))",
                (domain[0]['name'], domain[0]['name']))
        else:
            self.db.execute("UPDATE opendkim_keys SET selector=%s, private_key=%s WHERE domain_name = %s",
                            (request['selector'], request['private_key'], domain[0]['name']))