def setup_redis(app: web.Application, config_redis: dict): setup_cache(app, cache_type="redis", backend_config=RedisConfig(host=config_redis.get( 'host', 'localhost'), port=config_redis.get('port', 6379)))
def build_application( cache_type="memory", key_pattern=DEFAULT_KEY_PATTERN, encrypt_key=True, ) -> web.Application: app = web.Application() if cache_type == "memory": setup_cache( app, key_pattern=key_pattern, encrypt_key=encrypt_key, ) elif cache_type == "redis": url = yarl.URL(env.str("CACHE_URL", default="redis://localhost:6379/0")) redis_config = RedisConfig(db=int(url.path[1:]), host=url.host, port=url.port) setup_cache( app, cache_type=cache_type, backend_config=redis_config, key_pattern=key_pattern, encrypt_key=encrypt_key, ) else: raise ValueError("cache_type should be `memory` or `redis`") app.router.add_post("/", some_long_running_view) return app
async def factory(): app = web.Application(middlewares=[ session_middleware(EncryptedCookieStorage(SESSION_SECRET)) ]) setup_cache(app) routes(app) return app
async def create_app() -> (web.Application, str, str): app = web.Application() setup_routes(app) setup_cache(app) setup_cleanup_ctx(app, [init_jinja, init_web_client]) return app
async def factory(): logging.basicConfig(level=logging.DEBUG, format='%(asctime)s %(levelname)s %(message)s') app = web.Application(loop=loop) app.router.add_route('GET', '/', index) app.router.add_route('GET', '/autocomplete', autocomplete) setup_cache(app) return app
def start(foreground, root, config_file): """Run the Wazuh API. If another Wazuh API is running, this function fails. This function exits with 0 if successful or 1 if failed because the API was already running. Arguments --------- foreground : bool If the API must be daemonized or not root : bool If true, the daemon is run as root. Normally not recommended for security reasons config_file : str Path to the API config file """ import asyncio import logging import os import ssl import connexion import uvloop from aiohttp_cache import setup_cache import wazuh.security from api import __path__ as api_path # noinspection PyUnresolvedReferences from api import validator from api.api_exception import APIError from api.constants import CONFIG_FILE_PATH from api.middlewares import set_user_name, security_middleware, response_postprocessing, request_logging, \ set_secure_headers from api.uri_parser import APIUriParser from api.util import to_relative_path from wazuh.core import pyDaemonModule configuration.api_conf.update( configuration.read_yaml_config(config_file=config_file)) api_conf = configuration.api_conf security_conf = configuration.security_conf log_path = api_conf['logs']['path'] # Set up logger set_logging(log_path=log_path, debug_mode=api_conf['logs']['level'], foreground_mode=foreground) logger = logging.getLogger('wazuh-api') # Set correct permissions on api.log file if os.path.exists(os.path.join(common.wazuh_path, log_path)): os.chown(os.path.join(common.wazuh_path, log_path), common.wazuh_uid(), common.wazuh_gid()) os.chmod(os.path.join(common.wazuh_path, log_path), 0o660) # Configure https ssl_context = None if api_conf['https']['enabled']: try: # Generate SSL if it does not exist and HTTPS is enabled if not os.path.exists( api_conf['https']['key']) or not os.path.exists( api_conf['https']['cert']): logger.info( 'HTTPS is enabled but cannot find the private key and/or certificate. ' 'Attempting to generate them') private_key = configuration.generate_private_key( api_conf['https']['key']) logger.info( f"Generated private key file in WAZUH_PATH/{to_relative_path(api_conf['https']['key'])}" ) configuration.generate_self_signed_certificate( private_key, api_conf['https']['cert']) logger.info( f"Generated certificate file in WAZUH_PATH/{to_relative_path(api_conf['https']['cert'])}" ) # Load SSL context allowed_ssl_ciphers = { 'tls': ssl.PROTOCOL_TLS, 'tlsv1': ssl.PROTOCOL_TLSv1, 'tlsv1.1': ssl.PROTOCOL_TLSv1_1, 'tlsv1.2': ssl.PROTOCOL_TLSv1_2 } try: ssl_cipher = allowed_ssl_ciphers[api_conf['https'] ['ssl_cipher'].lower()] except (KeyError, AttributeError): # KeyError: invalid string value # AttributeError: invalid boolean value logger.error( str( APIError( 2003, details='SSL cipher is not valid. Allowed values: ' 'TLS, TLSv1, TLSv1.1, TLSv1.2'))) sys.exit(1) ssl_context = ssl.SSLContext(protocol=ssl_cipher) if api_conf['https']['use_ca']: ssl_context.verify_mode = ssl.CERT_REQUIRED ssl_context.load_verify_locations(api_conf['https']['ca']) ssl_context.load_cert_chain(certfile=api_conf['https']['cert'], keyfile=api_conf['https']['key']) except ssl.SSLError: logger.error( str( APIError( 2003, details= 'Private key does not match with the certificate'))) sys.exit(1) except IOError as e: if e.errno == 22: logger.error( str(APIError(2003, details='PEM phrase is not correct'))) elif e.errno == 13: logger.error( str( APIError( 2003, details= 'Ensure the certificates have the correct permissions' ))) else: print( 'Wazuh API SSL ERROR. Please, ensure if path to certificates is correct in the configuration ' f'file WAZUH_PATH/{to_relative_path(CONFIG_FILE_PATH)}') sys.exit(1) # Drop privileges to wazuh if not root: if api_conf['drop_privileges']: os.setgid(common.wazuh_gid()) os.setuid(common.wazuh_uid()) else: print(f"Starting API as root") # Foreground/Daemon if not foreground: pyDaemonModule.pyDaemon() pyDaemonModule.create_pid('wazuh-apid', os.getpid()) else: print(f"Starting API in foreground") # Load the SPEC file into memory to use as a reference for future calls wazuh.security.load_spec() # Set up API asyncio.set_event_loop_policy(uvloop.EventLoopPolicy()) app = connexion.AioHttpApp(__name__, host=api_conf['host'], port=api_conf['port'], specification_dir=os.path.join( api_path[0], 'spec'), options={ "swagger_ui": False, 'uri_parser_class': APIUriParser }, only_one_api=True) app.add_api('spec.yaml', arguments={ 'title': 'Wazuh API', 'protocol': 'https' if api_conf['https']['enabled'] else 'http', 'host': api_conf['host'], 'port': api_conf['port'] }, strict_validation=True, validate_responses=False, pass_context_arg_name='request', options={ "middlewares": [ response_postprocessing, set_user_name, security_middleware, request_logging, set_secure_headers ] }) # Enable CORS if api_conf['cors']['enabled']: import aiohttp_cors cors = aiohttp_cors.setup( app.app, defaults={ api_conf['cors']['source_route']: aiohttp_cors.ResourceOptions( expose_headers=api_conf['cors']['expose_headers'], allow_headers=api_conf['cors']['allow_headers'], allow_credentials=api_conf['cors']['allow_credentials']) }) # Configure CORS on all endpoints. for route in list(app.app.router.routes()): cors.add(route) # Enable cache plugin if api_conf['cache']['enabled']: setup_cache(app.app) # API configuration logging logger.debug(f'Loaded API configuration: {api_conf}') logger.debug(f'Loaded security API configuration: {security_conf}') # Start API app.run(port=api_conf['port'], host=api_conf['host'], ssl_context=ssl_context, access_log_class=alogging.AccessLogger, use_default_access_log=True)
from aiohttp import web if __name__ == '__main__': import os import sys parent_dir = os.path.dirname(os.path.dirname(os.path.join("..", os.path.abspath(__file__)))) sys.path.insert(1, parent_dir) import aiohttp_cache __package__ = str("aiohttp_cache") from aiohttp_cache import cache, setup_cache @cache() async def example_1(request): return web.Response(text="Example") app = web.Application() app.router.add_route('GET', "/", example_1) setup_cache(app, cache_type="memory") web.run_app(app, host="127.0.0.1")
import os from aiohttp import web from aiohttp_cache import cache, setup_cache DEBUG = bool(os.environ.get("DEBUG", False)) @cache(expires=5, unless=DEBUG) # <-- Disable the Cache if we're in DEBUG mode async def example_1(request): return web.Response(text="Example") app = web.Application() app.router.add_route('GET', "/", example_1) setup_cache(app) web.run_app(app, host="127.0.0.1")
from aiohttp import web if __name__ == '__main__': import os import sys parent_dir = os.path.dirname( os.path.dirname(os.path.join("..", os.path.abspath(__file__)))) sys.path.insert(1, parent_dir) import aiohttp_cache __package__ = str("aiohttp_cache") from aiohttp_cache import cache, setup_cache @cache() async def example_1(request): return web.Response(text="Example") app = web.Application() app.router.add_route('GET', "/", example_1) setup_cache(app, cache_type="memory") web.run_app(app, host="127.0.0.1")
def start(foreground, root, config_file): """ Run the Wazuh API. If another Wazuh API is running, this function fails. The `stop` command should be used first. This function exits with 0 if success or 2 if failed because the API was already running. Arguments --------- foreground : bool If the API must be daemonized or not root : bool If true, the daemon is run as root. Normally not recommended for security reasons config_file : str Path to the API config file """ pids = get_wazuh_apid_pids() if pids: print( f"Cannot start API while other processes are running. Kill these before {pids}" ) sys.exit(2) configuration.api_conf.update( configuration.read_yaml_config(config_file=args.config_file)) api_conf = configuration.api_conf cors = api_conf['cors'] log_path = api_conf['logs']['path'] ssl_context = None if api_conf['https']['enabled'] and os.path.exists(api_conf['https']['key']) and \ os.path.exists(api_conf['https']['cert']): try: ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS) if api_conf['https']['use_ca']: ssl_context.verify_mode = ssl.CERT_REQUIRED ssl_context.load_verify_locations(api_conf['https']['ca']) ssl_context.load_cert_chain(certfile=api_conf['https']['cert'], keyfile=api_conf['https']['key']) except ssl.SSLError as e: raise APIException( 2003, details='Private key does not match with the certificate') except OSError as e: if e.errno == 22: raise APIException(2003, details='PEM phrase is not correct') # Foreground/Daemon if not foreground: print(f"Starting API in background") pyDaemonModule.pyDaemon() # Drop privileges to ossec if not root: if api_conf['drop_privileges']: os.setgid(common.ossec_gid()) os.setuid(common.ossec_uid()) set_logging(log_path=log_path, debug_mode=api_conf['logs']['level'], foreground_mode=args.foreground) # set correct permissions on api.log file if os.path.exists(os.path.join(common.ossec_path, log_path)): os.chown(os.path.join(common.ossec_path, log_path), common.ossec_uid(), common.ossec_gid()) os.chmod(os.path.join(common.ossec_path, log_path), 0o660) asyncio.set_event_loop_policy(uvloop.EventLoopPolicy()) app = connexion.AioHttpApp(__name__, host=api_conf['host'], port=api_conf['port'], specification_dir=os.path.join( api_path[0], 'spec'), options={"swagger_ui": False}) app.add_api('spec.yaml', arguments={ 'title': 'Wazuh API', 'protocol': 'https' if api_conf['https']['enabled'] else 'http', 'host': api_conf['host'], 'port': api_conf['port'] }, strict_validation=True, validate_responses=True, pass_context_arg_name='request', options={"middlewares": [set_user_name, check_experimental]}) # Enable CORS if cors['enabled']: cors = aiohttp_cors.setup( app.app, defaults={ cors['source_route']: aiohttp_cors.ResourceOptions( expose_headers=cors['expose_headers'], allow_headers=cors['allow_headers'], allow_credentials=cors['allow_credentials']) }) # Configure CORS on all endpoints. for route in list(app.app.router.routes()): cors.add(route) # Enable cache plugin setup_cache(app.app) # Enable swagger UI plugin setup_swagger(app.app, ui_version=3, swagger_url='/ui', swagger_from_file=os.path.join(app.specification_dir, 'spec.yaml')) # Configure https if api_conf['https']['enabled']: # Generate SSC if it does not exist and HTTPS is enabled if not os.path.exists(api_conf['https']['key']) or \ not os.path.exists(api_conf['https']['cert']): logger = logging.getLogger('wazuh') logger.info( 'HTTPS is enabled but cannot find the private key and/or certificate. ' 'Attempting to generate them.') private_key = generate_private_key(api_conf['https']['key']) logger.info( f"Generated private key file in WAZUH_PATH/{to_relative_path(api_conf['https']['key'])}." ) generate_self_signed_certificate(private_key, api_conf['https']['cert']) logger.info( f"Generated certificate file in WAZUH_PATH/{to_relative_path(api_conf['https']['cert'])}." ) if ssl_context is None: try: ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS) if api_conf['https']['use_ca']: ssl_context.verify_mode = ssl.CERT_REQUIRED ssl_context.load_verify_locations(api_conf['https']['ca']) ssl_context.load_cert_chain(certfile=api_conf['https']['cert'], keyfile=api_conf['https']['key']) except ssl.SSLError as e: raise APIException( 2003, details='Private key does not match with the certificate') except IOError as e: raise APIException( 2003, details= 'Please, ensure if path to certificates is correct in the configuration ' f'file WAZUH_PATH/{to_relative_path(CONFIG_FILE_PATH)}') app.run(port=api_conf['port'], host=api_conf['host'], ssl_context=ssl_context, access_log_class=alogging.AccessLogger, use_default_access_log=True)
def start(foreground: bool, root: bool, config_file: str): """Run the Wazuh API. If another Wazuh API is running, this function fails. This function exits with 0 if successful or 1 if failed because the API was already running. Arguments --------- foreground : bool If the API must be daemonized or not root : bool If true, the daemon is run as root. Normally not recommended for security reasons config_file : str Path to the API config file """ import logging import os from api import alogging, configuration from wazuh.core import pyDaemonModule, common, utils def set_logging(log_path='logs/api.log', foreground_mode=False, debug_mode='info'): for logger_name in ('connexion.aiohttp_app', 'connexion.apis.aiohttp_api', 'wazuh-api'): api_logger = alogging.APILogger( log_path=log_path, foreground_mode=foreground_mode, logger_name=logger_name, debug_level='info' if logger_name != 'wazuh-api' and debug_mode != 'debug2' else debug_mode) api_logger.setup_logger() if config_file is not None: configuration.api_conf.update( configuration.read_yaml_config(config_file=config_file)) api_conf = configuration.api_conf security_conf = configuration.security_conf # Set up logger set_logging(log_path=API_LOG_FILE_PATH, debug_mode=api_conf['logs']['level'], foreground_mode=foreground) logger = logging.getLogger('wazuh-api') import asyncio import ssl import connexion import uvloop from aiohttp_cache import setup_cache from api import __path__ as api_path # noinspection PyUnresolvedReferences from api import validator from api.api_exception import APIError from api.constants import CONFIG_FILE_PATH from api.middlewares import set_user_name, security_middleware, response_postprocessing, request_logging, \ set_secure_headers from api.signals import modify_response_headers from api.uri_parser import APIUriParser from api.util import to_relative_path from wazuh.rbac.orm import create_rbac_db # Check deprecated options. To delete after expected versions if 'use_only_authd' in api_conf: del api_conf['use_only_authd'] logger.warning( "'use_only_authd' option was deprecated on v4.3.0. Wazuh Authd will always be used" ) if 'path' in api_conf['logs']: del api_conf['logs']['path'] logger.warning( "Log 'path' option was deprecated on v4.3.0. Default path will always be used: " f"{API_LOG_FILE_PATH}") # Set correct permissions on api.log file if os.path.exists(os.path.join(common.wazuh_path, API_LOG_FILE_PATH)): os.chown(os.path.join(common.wazuh_path, API_LOG_FILE_PATH), common.wazuh_uid(), common.wazuh_gid()) os.chmod(os.path.join(common.wazuh_path, API_LOG_FILE_PATH), 0o660) # Configure https ssl_context = None if api_conf['https']['enabled']: try: # Generate SSL if it does not exist and HTTPS is enabled if not os.path.exists( api_conf['https']['key']) or not os.path.exists( api_conf['https']['cert']): logger.info( 'HTTPS is enabled but cannot find the private key and/or certificate. ' 'Attempting to generate them') private_key = configuration.generate_private_key( api_conf['https']['key']) logger.info( f"Generated private key file in WAZUH_PATH/{to_relative_path(api_conf['https']['key'])}" ) configuration.generate_self_signed_certificate( private_key, api_conf['https']['cert']) logger.info( f"Generated certificate file in WAZUH_PATH/{to_relative_path(api_conf['https']['cert'])}" ) # Load SSL context allowed_ssl_protocols = { 'tls': ssl.PROTOCOL_TLS, 'tlsv1': ssl.PROTOCOL_TLSv1, 'tlsv1.1': ssl.PROTOCOL_TLSv1_1, 'tlsv1.2': ssl.PROTOCOL_TLSv1_2 } ssl_protocol = allowed_ssl_protocols[api_conf['https'] ['ssl_protocol'].lower()] ssl_context = ssl.SSLContext(protocol=ssl_protocol) if api_conf['https']['use_ca']: ssl_context.verify_mode = ssl.CERT_REQUIRED ssl_context.load_verify_locations(api_conf['https']['ca']) ssl_context.load_cert_chain(certfile=api_conf['https']['cert'], keyfile=api_conf['https']['key']) # Load SSL ciphers if any has been specified if api_conf['https']['ssl_ciphers']: ssl_ciphers = api_conf['https']['ssl_ciphers'].upper() try: ssl_context.set_ciphers(ssl_ciphers) except ssl.SSLError: error = APIError(2003, details='SSL ciphers cannot be selected') logger.error(error) raise error except ssl.SSLError: error = APIError( 2003, details='Private key does not match with the certificate') logger.error(error) raise error except IOError as exc: if exc.errno == 22: error = APIError(2003, details='PEM phrase is not correct') logger.error(error) raise error elif exc.errno == 13: error = APIError( 2003, details= 'Ensure the certificates have the correct permissions') logger.error(error) raise error else: msg = f'Wazuh API SSL ERROR. Please, ensure if path to certificates is correct in the configuration ' \ f'file WAZUH_PATH/{to_relative_path(CONFIG_FILE_PATH)}' print(msg) logger.error(msg) raise exc utils.check_pid('wazuh-apid') # Drop privileges to ossec if not root: if api_conf['drop_privileges']: os.setgid(common.wazuh_gid()) os.setuid(common.wazuh_uid()) else: print(f"Starting API as root") # Foreground/Daemon if not foreground: pyDaemonModule.pyDaemon() pid = os.getpid() pyDaemonModule.create_pid('wazuh-apid', pid) or register( pyDaemonModule.delete_pid, 'wazuh-apid', pid) else: print(f"Starting API in foreground") create_rbac_db() # Spawn child processes with their own needed imports if 'thread_pool' not in common.mp_pools.get(): loop = asyncio.get_event_loop() loop.run_until_complete( asyncio.wait([ loop.run_in_executor( pool, getattr(sys.modules[__name__], f'spawn_{name}')) for name, pool in common.mp_pools.get().items() ])) # Set up API asyncio.set_event_loop_policy(uvloop.EventLoopPolicy()) app = connexion.AioHttpApp(__name__, host=api_conf['host'], port=api_conf['port'], specification_dir=os.path.join( api_path[0], 'spec'), options={ "swagger_ui": False, 'uri_parser_class': APIUriParser }, only_one_api=True) app.add_api('spec.yaml', arguments={ 'title': 'Wazuh API', 'protocol': 'https' if api_conf['https']['enabled'] else 'http', 'host': api_conf['host'], 'port': api_conf['port'] }, strict_validation=True, validate_responses=False, pass_context_arg_name='request', options={ "middlewares": [ response_postprocessing, set_user_name, security_middleware, request_logging, set_secure_headers ] }) # Maximum body size that the API can accept (bytes) app.app._client_max_size = configuration.api_conf['max_upload_size'] # Enable CORS if api_conf['cors']['enabled']: import aiohttp_cors cors = aiohttp_cors.setup( app.app, defaults={ api_conf['cors']['source_route']: aiohttp_cors.ResourceOptions( expose_headers=api_conf['cors']['expose_headers'], allow_headers=api_conf['cors']['allow_headers'], allow_credentials=api_conf['cors']['allow_credentials']) }) # Configure CORS on all endpoints. for route in list(app.app.router.routes()): cors.add(route) # Enable cache plugin if api_conf['cache']['enabled']: setup_cache(app.app) # Add application signals app.app.on_response_prepare.append(modify_response_headers) # API configuration logging logger.debug(f'Loaded API configuration: {api_conf}') logger.debug(f'Loaded security API configuration: {security_conf}') # Start API try: app.run(port=api_conf['port'], host=api_conf['host'], ssl_context=ssl_context, access_log_class=alogging.AccessLogger, use_default_access_log=True) except OSError as exc: if exc.errno == 98: error = APIError(2010) logger.error(error) raise error else: logger.error(exc) raise exc
from aiohttp import web if __name__ == '__main__': import os import sys parent_dir = os.path.dirname(os.path.dirname(os.path.join("..", os.path.abspath(__file__)))) sys.path.insert(1, parent_dir) import aiohttp_cache __package__ = str("aiohttp_cache") from aiohttp_cache import cache, setup_cache, RedisConfig @cache() async def example_1(request): return web.Response(text="Example") app = web.Application() app.router.add_route('GET', "/", example_1) redis_config = RedisConfig(db=4, key_prefix="my_example") setup_cache(app, cache_type="redis") web.run_app(app, host="127.0.0.1")
from aiohttp import web if __name__ == '__main__': import os import sys parent_dir = os.path.dirname( os.path.dirname(os.path.join("..", os.path.abspath(__file__)))) sys.path.insert(1, parent_dir) import aiohttp_cache __package__ = str("aiohttp_cache") from aiohttp_cache import cache, setup_cache, RedisConfig @cache() async def example_1(request): return web.Response(text="Example") app = web.Application() app.router.add_route('GET', "/", example_1) redis_config = RedisConfig(db=4, key_prefix="my_example") setup_cache(app, cache_type="redis") web.run_app(app, host="127.0.0.1")