def return_interface(cls):
with open('interface.html', 'r') as interface:
html = interface.read()
html = html.replace('{{waf_state}}', database.get('state', 'WAF'))
if database.get('state', 'WAF') == 'on':
action = 'stop'
else:
action = 'start'
html = html.replace('{{waf_action}}', action)
return 200, html
def startup_modules(cls):
for module_name in cls.modules:
if cls.modules[module_name].enable:
if hasattr(cls.modules[module_name].obj, 'startup_entrypoint'):
os.chdir(cls.modules[module_name].path)
cls.modules[module_name].obj.startup_entrypoint()
os.chdir(database.get('base_directory'))
def return_html(self, status, content, cookie_to_set=None):
if not isinstance(status, int):
status = 500
self.send_response(status)
self.send_header('Content-type', 'text/html; charset=UTF-8')
if cookie_to_set != None:
cookie_data = cookie_to_set.split('=')
cookie = http.cookies.SimpleCookie()
cookie[cookie_data[0]] = cookie_data[1]
self.send_header("Set-Cookie", cookie.output(header='', sep=''))
self.end_headers()
content = content.replace('{{title}}', 'Firedoor v4.0 - {}'.format(database.get('server')))
content = content.replace('{{server_name}}', database.get('server'))
content = content.replace('{{firedoor_version}}', 'v'+str(database.get('firedoor_version')))
self.wfile.write(content.encode('utf-8'))
return
def do_POST(self):
parameters = self.parse_GET()
post = self.parse_POST()
if len(parameters) == 0 and len(post) > 0:
if 'action' in post:
if post['action'] == 'login' and 'password' in post:
if hashlib.sha512(post['password'].encode('utf-8')).hexdigest() == database.get('password'):
token = os.urandom(32).hex()
sessions[token] = {}
sessions[token]['timestamp'] = time.time()
session_cookie = 'session={}'.format(token)
self.return_html(200, '<script>document.location = "/";</script>', session_cookie)
else:
event = {}
event['type'] = 'report_ip'
event['data'] = {}
event['data']['ip'] = self.client_address[0]
event['data']['level'] = 35
event['data']['comment'] = 'Firedoor login attempt'
modules_manager.broadcast_event(event)
self.return_html(200, self.return_loginpage().replace('<!---->', 'Access denied'))
return
self.return_html(200, self.return_loginpage())
elif self.check_auth():
status, content = modules_manager.run_web_module(self, parameters[0], parameters[1:], post)
self.return_html(status, content)
else:
self.return_html(200, 'Access denied')
def check_auth(self):
if self.read_cookie('session') in sessions:
session_token = self.read_cookie('session')
if sessions[session_token]['timestamp'] > (time.time() - database.get('session_timeout')):
return True
else:
del sessions[session_token]
return False
def __init__(self, directory, module_name, required=False):
if os.path.isdir(directory + '/' + module_name):
self.name = module_name
self.required = required
self.path = database.get(
'base_directory') + '/' + directory + '/' + module_name
sys.path.insert(0, self.path)
module = __import__(module_name)
self.obj = getattr(module, module_name)
self.enable = self.is_enable()
def run_on():
print('\n')
print('/-----------------------------------\\')
print('| Starting Firedoor on port {} |'.format(
str(database.get('web_interface_port')).rjust(5, ' ')))
print('\\-----------------------------------/')
print('\n')
server_address = ('', database.get('web_interface_port'))
httpd = HTTPServer(server_address, request_handler)
if database.get('TLS'):
if os.path.exists(database.get('cert_path')) and os.path.exists(
database.get('key_path')):
httpd.socket = ssl.wrap_socket(httpd.socket,
keyfile=database.get('key_path'),
certfile=database.get('cert_path'),
server_side=True)
httpd.serve_forever()
def run_web_module(cls, request_handler, module_name, get, post):
if module_name in cls.modules:
if cls.modules[module_name].enable:
if hasattr(cls.modules[module_name].obj, 'web_entrypoint'):
os.chdir(cls.modules[module_name].path)
client_ip = request_handler.client_address[0]
status, content = cls.modules[
module_name].obj.web_entrypoint(client_ip, get, post)
os.chdir(database.get('base_directory'))
return status, content
else:
msg = 'Module "{}" does not have web interface'.format(
module_name)
return 404, msg
else:
msg = 'Module "{}" disabled'.format(module_name)
return 404, msg
else:
msg = 'Module "{}" does no exist'.format(module_name)
return 404, msg
def startup_entrypoint(cls):
if database.get('state', 'WAF') == 'on':
cls.start()
print('ok')
