[Dockerapi] Some minor changes
This commit is contained in:
parent
53333f3b4d
commit
23e3bdfe5a
@ -74,7 +74,6 @@ class container_post(Resource):
|
|||||||
|
|
||||||
if request.json['cmd'] == 'mailq':
|
if request.json['cmd'] == 'mailq':
|
||||||
if 'items' in request.json:
|
if 'items' in request.json:
|
||||||
# Check if queue id is valid
|
|
||||||
r = re.compile("^[0-9a-fA-F]+$")
|
r = re.compile("^[0-9a-fA-F]+$")
|
||||||
filtered_qids = filter(r.match, request.json['items'])
|
filtered_qids = filter(r.match, request.json['items'])
|
||||||
if filtered_qids:
|
if filtered_qids:
|
||||||
@ -84,10 +83,7 @@ class container_post(Resource):
|
|||||||
try:
|
try:
|
||||||
for container in docker_client.containers.list(filters={"id": container_id}):
|
for container in docker_client.containers.list(filters={"id": container_id}):
|
||||||
postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
|
postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
|
||||||
if postsuper_r.exit_code == 0:
|
return exec_run_handler('generic', postsuper_r)
|
||||||
return jsonify(type='success', msg='command completed successfully')
|
|
||||||
else:
|
|
||||||
return jsonify(type='danger', msg=str(postsuper_r.output))
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return jsonify(type='danger', msg=str(e))
|
return jsonify(type='danger', msg=str(e))
|
||||||
if request.json['task'] == 'hold':
|
if request.json['task'] == 'hold':
|
||||||
@ -96,10 +92,7 @@ class container_post(Resource):
|
|||||||
try:
|
try:
|
||||||
for container in docker_client.containers.list(filters={"id": container_id}):
|
for container in docker_client.containers.list(filters={"id": container_id}):
|
||||||
postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
|
postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
|
||||||
if postsuper_r.exit_code == 0:
|
return exec_run_handler('generic', postsuper_r)
|
||||||
return jsonify(type='success', msg='command completed successfully')
|
|
||||||
else:
|
|
||||||
return jsonify(type='danger', msg=str(postsuper_r.output))
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return jsonify(type='danger', msg=str(e))
|
return jsonify(type='danger', msg=str(e))
|
||||||
if request.json['task'] == 'unhold':
|
if request.json['task'] == 'unhold':
|
||||||
@ -108,10 +101,7 @@ class container_post(Resource):
|
|||||||
try:
|
try:
|
||||||
for container in docker_client.containers.list(filters={"id": container_id}):
|
for container in docker_client.containers.list(filters={"id": container_id}):
|
||||||
postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
|
postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
|
||||||
if postsuper_r.exit_code == 0:
|
return exec_run_handler('generic', postsuper_r)
|
||||||
return jsonify(type='success', msg='command completed successfully')
|
|
||||||
else:
|
|
||||||
return jsonify(type='danger', msg=str(postsuper_r.output))
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return jsonify(type='danger', msg=str(e))
|
return jsonify(type='danger', msg=str(e))
|
||||||
if request.json['task'] == 'deliver':
|
if request.json['task'] == 'deliver':
|
||||||
@ -128,31 +118,21 @@ class container_post(Resource):
|
|||||||
try:
|
try:
|
||||||
for container in docker_client.containers.list(filters={"id": container_id}):
|
for container in docker_client.containers.list(filters={"id": container_id}):
|
||||||
mailq_return = container.exec_run(["/usr/sbin/postqueue", "-j"], user='postfix')
|
mailq_return = container.exec_run(["/usr/sbin/postqueue", "-j"], user='postfix')
|
||||||
if mailq_return.exit_code == 0:
|
return exec_run_handler('utf8_text_only', mailq_return)
|
||||||
# We want plain text content from Postfix
|
|
||||||
r = Response(response=mailq_return.output, status=200, mimetype="text/plain")
|
|
||||||
r.headers["Content-Type"] = "text/plain; charset=utf-8"
|
|
||||||
return r
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return jsonify(type='danger', msg=str(e))
|
return jsonify(type='danger', msg=str(e))
|
||||||
elif request.json['task'] == 'flush':
|
elif request.json['task'] == 'flush':
|
||||||
try:
|
try:
|
||||||
for container in docker_client.containers.list(filters={"id": container_id}):
|
for container in docker_client.containers.list(filters={"id": container_id}):
|
||||||
postqueue_r = container.exec_run(["/usr/sbin/postqueue", "-f"], user='postfix')
|
postqueue_r = container.exec_run(["/usr/sbin/postqueue", "-f"], user='postfix')
|
||||||
if postqueue_r.exit_code == 0:
|
return exec_run_handler('generic', postqueue_r)
|
||||||
return jsonify(type='success', msg='command completed successfully')
|
|
||||||
else:
|
|
||||||
return jsonify(type='danger', msg=str(postqueue_r.output))
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return jsonify(type='danger', msg=str(e))
|
return jsonify(type='danger', msg=str(e))
|
||||||
elif request.json['task'] == 'super_delete':
|
elif request.json['task'] == 'super_delete':
|
||||||
try:
|
try:
|
||||||
for container in docker_client.containers.list(filters={"id": container_id}):
|
for container in docker_client.containers.list(filters={"id": container_id}):
|
||||||
postsuper_r = container.exec_run(["/usr/sbin/postsuper", "-d", "ALL"])
|
postsuper_r = container.exec_run(["/usr/sbin/postsuper", "-d", "ALL"])
|
||||||
if postsuper_r.exit_code == 0:
|
return exec_run_handler('generic', postsuper_r)
|
||||||
return jsonify(type='success', msg='command completed successfully')
|
|
||||||
else:
|
|
||||||
return jsonify(type='danger', msg=str(postsuper_r.output))
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return jsonify(type='danger', msg=str(e))
|
return jsonify(type='danger', msg=str(e))
|
||||||
|
|
||||||
@ -161,9 +141,7 @@ class container_post(Resource):
|
|||||||
if 'dir' in request.json:
|
if 'dir' in request.json:
|
||||||
try:
|
try:
|
||||||
for container in docker_client.containers.list(filters={"id": container_id}):
|
for container in docker_client.containers.list(filters={"id": container_id}):
|
||||||
# Should be changed to be able to validate a path
|
df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H '" + request.json['dir'].replace("'", "'\\''") + "' | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
|
||||||
directory = re.sub('[^0-9a-zA-Z/]+', '', request.json['dir'])
|
|
||||||
df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H " + directory + " | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
|
|
||||||
if df_return.exit_code == 0:
|
if df_return.exit_code == 0:
|
||||||
return df_return.output.rstrip()
|
return df_return.output.rstrip()
|
||||||
else:
|
else:
|
||||||
@ -175,34 +153,22 @@ class container_post(Resource):
|
|||||||
if request.json['task'] == 'dovecot':
|
if request.json['task'] == 'dovecot':
|
||||||
try:
|
try:
|
||||||
for container in docker_client.containers.list(filters={"id": container_id}):
|
for container in docker_client.containers.list(filters={"id": container_id}):
|
||||||
# Should be changed to be able to validate a path
|
|
||||||
reload_return = container.exec_run(["/bin/bash", "-c", "/usr/local/sbin/dovecot reload"])
|
reload_return = container.exec_run(["/bin/bash", "-c", "/usr/local/sbin/dovecot reload"])
|
||||||
if reload_return.exit_code == 0:
|
return exec_run_handler('generic', reload_return)
|
||||||
return jsonify(type='success', msg='command completed successfully')
|
|
||||||
else:
|
|
||||||
return jsonify(type='danger', msg='command failed: ' + reload_return.output)
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return jsonify(type='danger', msg=str(e))
|
return jsonify(type='danger', msg=str(e))
|
||||||
if request.json['task'] == 'postfix':
|
if request.json['task'] == 'postfix':
|
||||||
try:
|
try:
|
||||||
for container in docker_client.containers.list(filters={"id": container_id}):
|
for container in docker_client.containers.list(filters={"id": container_id}):
|
||||||
# Should be changed to be able to validate a path
|
|
||||||
reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postfix reload"])
|
reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postfix reload"])
|
||||||
if reload_return.exit_code == 0:
|
return exec_run_handler('generic', reload_return)
|
||||||
return jsonify(type='success', msg='command completed successfully')
|
|
||||||
else:
|
|
||||||
return jsonify(type='danger', msg='command failed: ' + reload_return.output)
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return jsonify(type='danger', msg=str(e))
|
return jsonify(type='danger', msg=str(e))
|
||||||
if request.json['task'] == 'nginx':
|
if request.json['task'] == 'nginx':
|
||||||
try:
|
try:
|
||||||
for container in docker_client.containers.list(filters={"id": container_id}):
|
for container in docker_client.containers.list(filters={"id": container_id}):
|
||||||
# Should be changed to be able to validate a path
|
|
||||||
reload_return = container.exec_run(["/bin/sh", "-c", "/usr/sbin/nginx -s reload"])
|
reload_return = container.exec_run(["/bin/sh", "-c", "/usr/sbin/nginx -s reload"])
|
||||||
if reload_return.exit_code == 0:
|
return exec_run_handler('generic', reload_return)
|
||||||
return jsonify(type='success', msg='command completed successfully')
|
|
||||||
else:
|
|
||||||
return jsonify(type='danger', msg='command failed: ' + reload_return.output)
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return jsonify(type='danger', msg=str(e))
|
return jsonify(type='danger', msg=str(e))
|
||||||
|
|
||||||
@ -212,9 +178,7 @@ class container_post(Resource):
|
|||||||
try:
|
try:
|
||||||
for container in docker_client.containers.list(filters={"id": container_id}):
|
for container in docker_client.containers.list(filters={"id": container_id}):
|
||||||
sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve list -u '" + request.json['username'].replace("'", "'\\''") + "'"])
|
sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve list -u '" + request.json['username'].replace("'", "'\\''") + "'"])
|
||||||
r = Response(response=sieve_return.output, status=200, mimetype="text/plain")
|
return exec_run_handler('utf8_text_only', sieve_return)
|
||||||
r.headers["Content-Type"] = "text/plain; charset=utf-8"
|
|
||||||
return r
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return jsonify(type='danger', msg=str(e))
|
return jsonify(type='danger', msg=str(e))
|
||||||
elif request.json['task'] == 'print':
|
elif request.json['task'] == 'print':
|
||||||
@ -222,43 +186,10 @@ class container_post(Resource):
|
|||||||
try:
|
try:
|
||||||
for container in docker_client.containers.list(filters={"id": container_id}):
|
for container in docker_client.containers.list(filters={"id": container_id}):
|
||||||
sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve get -u '" + request.json['username'].replace("'", "'\\''") + "' '" + request.json['script_name'].replace("'", "'\\''") + "'"])
|
sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve get -u '" + request.json['username'].replace("'", "'\\''") + "' '" + request.json['script_name'].replace("'", "'\\''") + "'"])
|
||||||
r = Response(response=sieve_return.output, status=200, mimetype="text/plain")
|
return exec_run_handler('utf8_text_only', sieve_return)
|
||||||
r.headers["Content-Type"] = "text/plain; charset=utf-8"
|
|
||||||
return r
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return jsonify(type='danger', msg=str(e))
|
return jsonify(type='danger', msg=str(e))
|
||||||
|
|
||||||
# elif request.json['cmd'] == 'mail_crypt_generate' and request.json['username'] and request.json['old_password'] and request.json['new_password']:
|
|
||||||
# try:
|
|
||||||
# for container in docker_client.containers.list(filters={"id": container_id}):
|
|
||||||
# # create if missing
|
|
||||||
# crypto_generate = container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm mailbox cryptokey generate -u '" + request.json['username'].replace("'", "'\\''") + "' -URf"], user='vmail')
|
|
||||||
# if crypto_generate.exit_code == 0:
|
|
||||||
# # open a shell, bind stdin and return socket
|
|
||||||
# cryptokey_shell = container.exec_run(["/bin/bash"], stdin=True, socket=True, user='vmail')
|
|
||||||
# # command to be piped to shell
|
|
||||||
# cryptokey_cmd = "/usr/local/bin/doveadm mailbox cryptokey password -u '" + request.json['username'].replace("'", "'\\''") + "' -n '" + request.json['new_password'].replace("'", "'\\''") + "' -o '" + request.json['old_password'].replace("'", "'\\''") + "'\n"
|
|
||||||
# # socket is .output
|
|
||||||
# cryptokey_socket = cryptokey_shell.output;
|
|
||||||
# try :
|
|
||||||
# # send command utf-8 encoded
|
|
||||||
# cryptokey_socket.sendall(cryptokey_cmd.encode('utf-8'))
|
|
||||||
# # we won't send more data than this
|
|
||||||
# cryptokey_socket.shutdown(socket.SHUT_WR)
|
|
||||||
# except socket.error:
|
|
||||||
# # exit on socket error
|
|
||||||
# return jsonify(type='danger', msg=str('socket error'))
|
|
||||||
# # read response
|
|
||||||
# cryptokey_response = recv_socket_data(cryptokey_socket)
|
|
||||||
# crypto_error = re.search('dcrypt_key_load_private.+failed.+error', cryptokey_response)
|
|
||||||
# if crypto_error is not None:
|
|
||||||
# return jsonify(type='danger', msg=str("dcrypt_key_load_private error"))
|
|
||||||
# return jsonify(type='success', msg=str("key pair generated"))
|
|
||||||
# else:
|
|
||||||
# return jsonify(type='danger', msg=str(crypto_generate.output))
|
|
||||||
# except Exception as e:
|
|
||||||
# return jsonify(type='danger', msg=str(e))
|
|
||||||
|
|
||||||
elif request.json['cmd'] == 'maildir':
|
elif request.json['cmd'] == 'maildir':
|
||||||
if request.json['task'] == 'cleanup':
|
if request.json['task'] == 'cleanup':
|
||||||
if 'maildir' in request.json:
|
if 'maildir' in request.json:
|
||||||
@ -266,10 +197,7 @@ class container_post(Resource):
|
|||||||
for container in docker_client.containers.list(filters={"id": container_id}):
|
for container in docker_client.containers.list(filters={"id": container_id}):
|
||||||
sane_name = re.sub(r'\W+', '', request.json['maildir'])
|
sane_name = re.sub(r'\W+', '', request.json['maildir'])
|
||||||
maildir_cleanup = container.exec_run(["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request.json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request.json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"], user='vmail')
|
maildir_cleanup = container.exec_run(["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request.json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request.json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"], user='vmail')
|
||||||
if maildir_cleanup.exit_code == 0:
|
return exec_run_handler('generic', maildir_cleanup)
|
||||||
return jsonify(type='success', msg=str("moved to garbage"))
|
|
||||||
else:
|
|
||||||
return jsonify(type='danger', msg=str(maildir_cleanup.output))
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return jsonify(type='danger', msg=str(e))
|
return jsonify(type='danger', msg=str(e))
|
||||||
|
|
||||||
@ -303,18 +231,6 @@ class container_post(Resource):
|
|||||||
return jsonify(type='danger', msg='command did not complete')
|
return jsonify(type='danger', msg='command did not complete')
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return jsonify(type='danger', msg=str(e))
|
return jsonify(type='danger', msg=str(e))
|
||||||
# elif request.json['cmd'] == 'mailman':
|
|
||||||
# if request.json['task'] == 'password':
|
|
||||||
# if request.json['email'] and request.json['passwd']:
|
|
||||||
# try:
|
|
||||||
# for container in docker_client.containers.list(filters={"id": container_id}):
|
|
||||||
# add_su = container.exec_run(["/bin/bash", "-c", "/opt/mm_web/add_su.py '" + request.json['passwd'].replace("'", "'\\''") + "' '" + request.json['email'].replace("'", "'\\''") + "'"], user='mailman')
|
|
||||||
# if add_su.exit_code == 0:
|
|
||||||
# return jsonify(type='success', msg='command completed successfully')
|
|
||||||
# else:
|
|
||||||
# return jsonify(type='danger', msg='command did not complete, exit code was ' + int(add_su.exit_code))
|
|
||||||
# except Exception as e:
|
|
||||||
# return jsonify(type='danger', msg=str(e))
|
|
||||||
|
|
||||||
else:
|
else:
|
||||||
return jsonify(type='danger', msg='Unknown command')
|
return jsonify(type='danger', msg='Unknown command')
|
||||||
@ -369,24 +285,46 @@ def recv_socket_data(c_socket, timeout=10):
|
|||||||
pass
|
pass
|
||||||
return ''.join(total_data)
|
return ''.join(total_data)
|
||||||
|
|
||||||
|
def exec_run_handler(type, output):
|
||||||
|
if type == 'generic':
|
||||||
|
if output.exit_code == 0:
|
||||||
|
return jsonify(type='success', msg='command completed successfully')
|
||||||
|
else:
|
||||||
|
return jsonify(type='danger', msg='command failed: ' + output.output)
|
||||||
|
if type == 'utf8_text_only':
|
||||||
|
r = Response(response=output.output, status=200, mimetype="text/plain")
|
||||||
|
r.headers["Content-Type"] = "text/plain; charset=utf-8"
|
||||||
|
return r
|
||||||
|
|
||||||
def create_self_signed_cert():
|
def create_self_signed_cert():
|
||||||
pkey = crypto.PKey()
|
success = False
|
||||||
pkey.generate_key(crypto.TYPE_RSA, 2048)
|
while not success:
|
||||||
cert = crypto.X509()
|
try:
|
||||||
cert.get_subject().O = "mailcow"
|
pkey = crypto.PKey()
|
||||||
cert.get_subject().CN = "dockerapi"
|
pkey.generate_key(crypto.TYPE_RSA, 2048)
|
||||||
cert.set_serial_number(int(uuid.uuid4()))
|
cert = crypto.X509()
|
||||||
cert.gmtime_adj_notBefore(0)
|
cert.get_subject().O = "mailcow"
|
||||||
cert.gmtime_adj_notAfter(10*365*24*60*60)
|
cert.get_subject().CN = "dockerapi"
|
||||||
cert.set_issuer(cert.get_subject())
|
cert.set_serial_number(int(uuid.uuid4()))
|
||||||
cert.set_pubkey(pkey)
|
cert.gmtime_adj_notBefore(0)
|
||||||
cert.sign(pkey, 'sha512')
|
cert.gmtime_adj_notAfter(10*365*24*60*60)
|
||||||
cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
|
cert.set_issuer(cert.get_subject())
|
||||||
pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
|
cert.set_pubkey(pkey)
|
||||||
with os.fdopen(os.open('/cert.pem', os.O_WRONLY | os.O_CREAT, 0o644), 'w') as handle:
|
cert.sign(pkey, 'sha512')
|
||||||
handle.write(cert)
|
cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
|
||||||
with os.fdopen(os.open('/key.pem', os.O_WRONLY | os.O_CREAT, 0o600), 'w') as handle:
|
pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
|
||||||
handle.write(pkey)
|
with os.fdopen(os.open('/cert.pem', os.O_WRONLY | os.O_CREAT, 0o644), 'w') as handle:
|
||||||
|
handle.write(cert)
|
||||||
|
with os.fdopen(os.open('/key.pem', os.O_WRONLY | os.O_CREAT, 0o600), 'w') as handle:
|
||||||
|
handle.write(pkey)
|
||||||
|
success = True
|
||||||
|
except:
|
||||||
|
time.sleep(1)
|
||||||
|
try:
|
||||||
|
os.remove('/cert.pem')
|
||||||
|
os.remove('/key.pem')
|
||||||
|
except OSError:
|
||||||
|
pass
|
||||||
|
|
||||||
api.add_resource(containers_get, '/containers/json')
|
api.add_resource(containers_get, '/containers/json')
|
||||||
api.add_resource(container_get, '/containers/<string:container_id>/json')
|
api.add_resource(container_get, '/containers/<string:container_id>/json')
|
||||||
|
Loading…
Reference in New Issue
Block a user