555 lines
22 KiB
Python
555 lines
22 KiB
Python
# app.py
|
|
from flask import (Flask, render_template, request, redirect, url_for, session,
|
|
send_file, jsonify, send_from_directory, Response)
|
|
from flask_caching import Cache
|
|
import requests.auth
|
|
import os
|
|
import base64
|
|
from typing import Dict, Any, Tuple, Union
|
|
import sys
|
|
import redis
|
|
import json
|
|
import mysql.connector
|
|
import re
|
|
import threading
|
|
|
|
from lib.datetime import filter_accounts_next_30_days, filter_accounts_expired
|
|
from lib.reqs import (get_urls, get_user_accounts, add_user_account,
|
|
delete_user_account, get_stream_names)
|
|
from config import DevelopmentConfig, ProductionConfig
|
|
|
|
|
|
os.environ["OMP_NUM_THREADS"] = "1"
|
|
os.environ["MKL_NUM_THREADS"] = "1"
|
|
|
|
app = Flask(__name__)
|
|
|
|
if os.environ.get("FLASK_ENV") == "production":
|
|
app.config.from_object(ProductionConfig)
|
|
else:
|
|
app.config.from_object(DevelopmentConfig)
|
|
|
|
# Check for Redis availability and configure cache
|
|
redis_url = app.config["REDIS_URL"]
|
|
cache_config = {"CACHE_TYPE": "redis", "CACHE_REDIS_URL": redis_url}
|
|
try:
|
|
# Use a short timeout to prevent hanging
|
|
r = redis.from_url(redis_url, socket_connect_timeout=1)
|
|
r.ping()
|
|
except redis.exceptions.ConnectionError as e:
|
|
print(
|
|
f"WARNING: Redis connection failed: {e}. Falling back to SimpleCache. "
|
|
"This is not recommended for production with multiple workers.",
|
|
file=sys.stderr,
|
|
)
|
|
cache_config = {"CACHE_TYPE": "SimpleCache"}
|
|
|
|
cache = Cache(app, config=cache_config)
|
|
|
|
app.config["OCR_ENABLED"] = False
|
|
|
|
app.config["SESSION_COOKIE_SECURE"] = not app.config["DEBUG"]
|
|
app.config['SESSION_COOKIE_HTTPONLY'] = True
|
|
app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'
|
|
app.config['PERMANENT_SESSION_LIFETIME'] = 60 * 60 * 24 * 365 # 1 year
|
|
|
|
def get_version() -> str:
|
|
"""Retrieves the application version from the VERSION file.
|
|
|
|
Returns:
|
|
The version string, or 'dev' if the file is not found.
|
|
"""
|
|
try:
|
|
with open('VERSION', 'r') as f:
|
|
return f.read().strip()
|
|
except FileNotFoundError:
|
|
return 'dev'
|
|
|
|
@app.context_processor
|
|
def inject_version() -> Dict[str, str]:
|
|
"""Injects the version into all templates."""
|
|
return dict(version=get_version(), config=app.config, session=session)
|
|
|
|
def make_cache_key(*args, **kwargs):
|
|
"""Generate a cache key based on the user's session and request path."""
|
|
username = session.get('username', 'anonymous')
|
|
path = request.path
|
|
return f"view/{username}/{path}"
|
|
|
|
@app.before_request
|
|
def make_session_permanent() -> None:
|
|
"""Makes the user session permanent."""
|
|
session.permanent = True
|
|
|
|
@app.route('/site.webmanifest')
|
|
def serve_manifest() -> Response:
|
|
"""Serves the site manifest file."""
|
|
return send_from_directory(
|
|
os.path.join(app.root_path, 'static'),
|
|
'site.webmanifest',
|
|
mimetype='application/manifest+json'
|
|
)
|
|
|
|
@app.route("/favicon.ico")
|
|
def favicon() -> Response:
|
|
"""Serves the favicon."""
|
|
return send_from_directory(
|
|
os.path.join(app.root_path, "static"),
|
|
"favicon.ico",
|
|
mimetype="image/vnd.microsoft.icon",
|
|
)
|
|
|
|
@app.route("/")
|
|
def index() -> Union[Response, str]:
|
|
"""Renders the index page or redirects to home if logged in."""
|
|
if session.get("logged_in"):
|
|
return redirect(url_for("home"))
|
|
return render_template("index.html")
|
|
|
|
@app.route('/vapid-public-key', methods=['GET'])
|
|
def proxy_vapid_public_key():
|
|
"""Proxies the request for the VAPID public key to the backend."""
|
|
backend_url = f"{app.config['BACKEND_URL']}/vapid-public-key"
|
|
try:
|
|
response = requests.get(backend_url)
|
|
return Response(response.content, status=response.status_code, mimetype=response.headers['Content-Type'])
|
|
except requests.exceptions.RequestException as e:
|
|
return jsonify({"error": str(e)}), 502
|
|
|
|
@app.route('/save-subscription', methods=['POST'])
|
|
def proxy_save_subscription():
|
|
"""Proxies the request to save a push subscription to the backend."""
|
|
if not session.get("logged_in"):
|
|
return jsonify({'error': 'Unauthorized'}), 401
|
|
|
|
backend_url = f"{app.config['BACKEND_URL']}/save-subscription"
|
|
credentials = base64.b64decode(session["auth_credentials"]).decode()
|
|
username, password = credentials.split(":", 1)
|
|
|
|
try:
|
|
response = requests.post(
|
|
backend_url,
|
|
auth=requests.auth.HTTPBasicAuth(username, password),
|
|
json=request.get_json()
|
|
)
|
|
return Response(response.content, status=response.status_code, mimetype=response.headers['Content-Type'])
|
|
except requests.exceptions.RequestException as e:
|
|
return jsonify({"error": str(e)}), 502
|
|
|
|
@app.route('/send-test-notification', methods=['POST'])
|
|
def send_test_notification():
|
|
"""Proxies the request to send a test notification to the backend."""
|
|
if not session.get("logged_in"):
|
|
return jsonify({'error': 'Unauthorized'}), 401
|
|
|
|
backend_url = f"{app.config['BACKEND_URL']}/send-test-notification"
|
|
credentials = base64.b64decode(session["auth_credentials"]).decode()
|
|
username, password = credentials.split(":", 1)
|
|
|
|
try:
|
|
response = requests.post(
|
|
backend_url,
|
|
auth=requests.auth.HTTPBasicAuth(username, password),
|
|
json={}
|
|
)
|
|
return Response(response.content, status=response.status_code, mimetype=response.headers['Content-Type'])
|
|
except requests.exceptions.RequestException as e:
|
|
return jsonify({"error": str(e)}), 502
|
|
|
|
@app.route("/home")
|
|
@cache.cached(timeout=60, key_prefix=make_cache_key)
|
|
def home() -> str:
|
|
"""Renders the home page with account statistics."""
|
|
if session.get("logged_in"):
|
|
base_url = app.config["BACKEND_URL"]
|
|
all_accounts = get_user_accounts(base_url, session["auth_credentials"])
|
|
return render_template(
|
|
"home.html",
|
|
username=session["username"],
|
|
accounts=len(all_accounts),
|
|
current_month_accounts=filter_accounts_next_30_days(all_accounts),
|
|
expired_accounts=filter_accounts_expired(all_accounts),
|
|
)
|
|
return render_template("index.html")
|
|
|
|
@app.route("/login", methods=["POST"])
|
|
def login() -> Union[Response, str]:
|
|
"""Handles user login."""
|
|
username = request.form["username"]
|
|
password = request.form["password"]
|
|
credentials = f"{username}:{password}"
|
|
encoded_credentials = base64.b64encode(credentials.encode()).decode()
|
|
base_url = app.config["BACKEND_URL"]
|
|
login_url = f"{base_url}/Login"
|
|
|
|
try:
|
|
response = requests.get(
|
|
login_url, auth=requests.auth.HTTPBasicAuth(username, password)
|
|
)
|
|
response.raise_for_status()
|
|
response_data = response.json()
|
|
if response_data.get("auth") == "Success":
|
|
session["logged_in"] = True
|
|
session["username"] = response_data.get("username", username)
|
|
session["user_id"] = response_data.get("user_id")
|
|
session["auth_credentials"] = encoded_credentials
|
|
next_url = request.args.get("next")
|
|
if next_url:
|
|
return redirect(next_url)
|
|
return redirect(url_for("home", loggedin=True))
|
|
except requests.exceptions.RequestException:
|
|
pass # Fall through to error
|
|
|
|
error = "Invalid username or password. Please try again."
|
|
return render_template("index.html", error=error)
|
|
|
|
@app.route("/urls", methods=["GET"])
|
|
@cache.cached(timeout=300, key_prefix=make_cache_key)
|
|
def urls() -> Union[Response, str]:
|
|
"""Renders the URLs page."""
|
|
if not session.get("logged_in"):
|
|
return redirect(url_for("home"))
|
|
base_url = app.config["BACKEND_URL"]
|
|
return render_template(
|
|
"urls.html", urls=get_urls(base_url, session["auth_credentials"])
|
|
)
|
|
|
|
@app.route("/accounts", methods=["GET"])
|
|
@cache.cached(timeout=60, key_prefix=make_cache_key)
|
|
def user_accounts() -> Union[Response, str]:
|
|
"""Renders the user accounts page."""
|
|
if not session.get("logged_in"):
|
|
return redirect(url_for("home"))
|
|
base_url = app.config["BACKEND_URL"]
|
|
user_accounts_data = get_user_accounts(base_url, session["auth_credentials"])
|
|
return render_template(
|
|
"user_accounts.html",
|
|
username=session["username"],
|
|
user_accounts=user_accounts_data,
|
|
auth=session["auth_credentials"],
|
|
)
|
|
|
|
@app.route("/share", methods=["GET"])
|
|
def share() -> Response:
|
|
"""Handles shared text from PWA."""
|
|
if not session.get("logged_in"):
|
|
return redirect(url_for("index", next=request.url))
|
|
shared_text = request.args.get("text")
|
|
return redirect(url_for("add_account", shared_text=shared_text))
|
|
|
|
@app.route("/accounts/add", methods=["GET", "POST"])
|
|
def add_account() -> Union[Response, str]:
|
|
"""Handles adding a new user account."""
|
|
if not session.get("logged_in"):
|
|
return redirect(url_for("index", next=request.url))
|
|
base_url = app.config["BACKEND_URL"]
|
|
shared_text = request.args.get('shared_text')
|
|
|
|
if request.method == "POST":
|
|
username = request.form["username"]
|
|
password = request.form["password"]
|
|
stream = request.form["stream"]
|
|
if add_user_account(
|
|
base_url, session["auth_credentials"], username, password, stream
|
|
):
|
|
cache.delete_memoized(user_accounts, key_prefix=make_cache_key)
|
|
# Run the NPM config update in a background thread
|
|
thread = threading.Thread(target=_update_npm_config_in_background)
|
|
thread.start()
|
|
return redirect(url_for("user_accounts"))
|
|
|
|
return render_template(
|
|
"add_account.html",
|
|
text_input_enabled=app.config.get("TEXT_INPUT_ENABLED"),
|
|
shared_text=shared_text
|
|
)
|
|
|
|
@app.route("/accounts/delete", methods=["POST"])
|
|
def delete_account() -> Response:
|
|
"""Handles deleting a user account."""
|
|
stream = request.form.get("stream")
|
|
username = request.form.get("username")
|
|
base_url = app.config["BACKEND_URL"]
|
|
delete_user_account(base_url, session["auth_credentials"], stream, username)
|
|
cache.delete_memoized(user_accounts, key_prefix=make_cache_key)
|
|
return redirect(url_for("user_accounts"))
|
|
|
|
@app.route("/validateAccount", methods=["POST"])
|
|
def validate_account() -> Tuple[Response, int]:
|
|
"""Forwards account validation requests to the backend."""
|
|
base_url = app.config["BACKEND_URL"]
|
|
validate_url = f"{base_url}/validateAccount"
|
|
credentials = base64.b64decode(session["auth_credentials"]).decode()
|
|
username, password = credentials.split(":", 1)
|
|
|
|
try:
|
|
response = requests.post(
|
|
validate_url,
|
|
auth=requests.auth.HTTPBasicAuth(username, password),
|
|
json=request.get_json()
|
|
)
|
|
response.raise_for_status()
|
|
response_data = response.json()
|
|
if response_data.get("message") == "Account is valid and updated":
|
|
cache.delete_memoized(user_accounts, key_prefix=make_cache_key)
|
|
# Run the NPM config update in a background thread
|
|
thread = threading.Thread(target=_update_npm_config_in_background)
|
|
thread.start()
|
|
return jsonify(response_data), response.status_code
|
|
except requests.exceptions.RequestException as e:
|
|
return jsonify({"error": str(e)}), 500
|
|
|
|
@app.route("/get_stream_names", methods=["GET"])
|
|
def stream_names() -> Union[Response, str]:
|
|
"""Fetches and returns stream names as JSON."""
|
|
if not session.get("logged_in"):
|
|
return redirect(url_for("home"))
|
|
base_url = app.config["BACKEND_URL"]
|
|
return jsonify(get_stream_names(base_url, session["auth_credentials"]))
|
|
|
|
|
|
@app.route('/config')
|
|
def config():
|
|
"""Handles access to the configuration page."""
|
|
if session.get('user_id') and int(session.get('user_id')) == 1:
|
|
return redirect(url_for('config_dashboard'))
|
|
return redirect(url_for('home'))
|
|
|
|
@app.route('/config/dashboard')
|
|
def config_dashboard():
|
|
"""Renders the configuration dashboard."""
|
|
if not session.get('user_id') or int(session.get('user_id')) != 1:
|
|
return redirect(url_for('home'))
|
|
return render_template('config_dashboard.html')
|
|
|
|
@app.route('/check-expiring-accounts', methods=['POST'])
|
|
def check_expiring_accounts():
|
|
"""Proxies the request to check for expiring accounts to the backend."""
|
|
if not session.get('user_id') or int(session.get('user_id')) != 1:
|
|
return jsonify({'error': 'Unauthorized'}), 401
|
|
|
|
backend_url = f"{app.config['BACKEND_URL']}/check-expiry"
|
|
try:
|
|
response = requests.post(backend_url)
|
|
return Response(response.content, status=response.status_code, mimetype=response.headers['Content-Type'])
|
|
except requests.exceptions.RequestException as e:
|
|
return jsonify({"error": str(e)}), 502
|
|
|
|
|
|
@app.route('/dns', methods=['GET', 'POST', 'DELETE'])
|
|
def proxy_dns():
|
|
"""Proxies DNS management requests to the backend."""
|
|
if not session.get('user_id') or int(session.get('user_id')) != 1:
|
|
return jsonify({'error': 'Unauthorized'}), 401
|
|
|
|
backend_url = f"{app.config['BACKEND_URL']}/dns"
|
|
credentials = base64.b64decode(session["auth_credentials"]).decode()
|
|
username, password = credentials.split(":", 1)
|
|
auth = requests.auth.HTTPBasicAuth(username, password)
|
|
|
|
try:
|
|
if request.method == 'GET':
|
|
response = requests.get(backend_url, auth=auth)
|
|
elif request.method == 'POST':
|
|
response = requests.post(backend_url, auth=auth, json=request.get_json())
|
|
if response.ok:
|
|
cache.clear()
|
|
elif request.method == 'DELETE':
|
|
response = requests.delete(backend_url, auth=auth, json=request.get_json())
|
|
if response.ok:
|
|
cache.clear()
|
|
|
|
return Response(response.content, status=response.status_code, mimetype=response.headers['Content-Type'])
|
|
except requests.exceptions.RequestException as e:
|
|
return jsonify({"error": str(e)}), 502
|
|
|
|
|
|
@app.route('/extra_urls', methods=['GET', 'POST', 'DELETE'])
|
|
def proxy_extra_urls():
|
|
"""Proxies extra URL management requests to the backend."""
|
|
if not session.get('user_id') or int(session.get('user_id')) != 1:
|
|
return jsonify({'error': 'Unauthorized'}), 401
|
|
|
|
backend_url = f"{app.config['BACKEND_URL']}/extra_urls"
|
|
credentials = base64.b64decode(session["auth_credentials"]).decode()
|
|
username, password = credentials.split(":", 1)
|
|
auth = requests.auth.HTTPBasicAuth(username, password)
|
|
|
|
try:
|
|
if request.method == 'GET':
|
|
response = requests.get(backend_url, auth=auth)
|
|
elif request.method == 'POST':
|
|
response = requests.post(backend_url, auth=auth, json=request.get_json())
|
|
if response.ok:
|
|
cache.clear()
|
|
elif request.method == 'DELETE':
|
|
response = requests.delete(backend_url, auth=auth, json=request.get_json())
|
|
if response.ok:
|
|
cache.clear()
|
|
|
|
return Response(response.content, status=response.status_code, mimetype=response.headers['Content-Type'])
|
|
except requests.exceptions.RequestException as e:
|
|
return jsonify({"error": str(e)}), 502
|
|
|
|
|
|
class NginxProxyManager:
|
|
def __init__(self, host, email, password):
|
|
self.host = host
|
|
self.email = email
|
|
self.password = password
|
|
self.token = None
|
|
|
|
def login(self):
|
|
url = f"{self.host}/api/tokens"
|
|
payload = {
|
|
"identity": self.email,
|
|
"secret": self.password
|
|
}
|
|
headers = {
|
|
"Content-Type": "application/json"
|
|
}
|
|
response = requests.post(url, headers=headers, data=json.dumps(payload))
|
|
if response.status_code == 200:
|
|
self.token = response.json()["token"]
|
|
print("Login successful.")
|
|
else:
|
|
print(f"Failed to login: {response.text}")
|
|
exit(1)
|
|
|
|
def get_proxy_host(self, host_id):
|
|
if not self.token:
|
|
self.login()
|
|
|
|
url = f"{self.host}/api/nginx/proxy-hosts/{host_id}"
|
|
headers = {
|
|
"Authorization": f"Bearer {self.token}"
|
|
}
|
|
response = requests.get(url, headers=headers)
|
|
if response.status_code == 200:
|
|
return response.json()
|
|
else:
|
|
print(f"Failed to get proxy host {host_id}: {response.text}")
|
|
return None
|
|
|
|
def update_proxy_host_config(self, host_id, config):
|
|
if not self.token:
|
|
self.login()
|
|
|
|
url = f"{self.host}/api/nginx/proxy-hosts/{host_id}"
|
|
|
|
original_host_data = self.get_proxy_host(host_id)
|
|
if not original_host_data:
|
|
return
|
|
|
|
# Construct a new payload with only the allowed fields for an update
|
|
update_payload = {
|
|
"domain_names": original_host_data.get("domain_names", []),
|
|
"forward_scheme": original_host_data.get("forward_scheme", "http"),
|
|
"forward_host": original_host_data.get("forward_host"),
|
|
"forward_port": original_host_data.get("forward_port"),
|
|
"access_list_id": original_host_data.get("access_list_id", 0),
|
|
"certificate_id": original_host_data.get("certificate_id", 0),
|
|
"ssl_forced": original_host_data.get("ssl_forced", False),
|
|
"hsts_enabled": original_host_data.get("hsts_enabled", False),
|
|
"hsts_subdomains": original_host_data.get("hsts_subdomains", False),
|
|
"http2_support": original_host_data.get("http2_support", False),
|
|
"block_exploits": original_host_data.get("block_exploits", False),
|
|
"caching_enabled": original_host_data.get("caching_enabled", False),
|
|
"allow_websocket_upgrade": original_host_data.get("allow_websocket_upgrade", False),
|
|
"advanced_config": config, # The updated advanced config
|
|
"meta": original_host_data.get("meta", {}),
|
|
"locations": original_host_data.get("locations", []),
|
|
}
|
|
|
|
headers = {
|
|
"Authorization": f"Bearer {self.token}",
|
|
"Content-Type": "application/json"
|
|
}
|
|
|
|
response = requests.put(url, headers=headers, data=json.dumps(update_payload))
|
|
if response.status_code == 200:
|
|
print(f"Successfully updated proxy host {host_id}")
|
|
else:
|
|
print(f"Failed to update proxy host {host_id}: {response.text}")
|
|
|
|
|
|
|
|
def update_config_with_streams(config, streams):
|
|
# Get all stream names from the database
|
|
db_stream_names = {stream['streamName'] for stream in streams}
|
|
|
|
# Find all location blocks in the config
|
|
location_blocks = re.findall(r'location ~ \^/(\w+)\(\.\*\)\$ \{[^}]+\}', config)
|
|
|
|
# Remove location blocks that are not in the database
|
|
for stream_name in location_blocks:
|
|
if stream_name not in db_stream_names:
|
|
print(f"Removing location block for stream: {stream_name}")
|
|
pattern = re.compile(f'location ~ \\^/{re.escape(stream_name)}\\(\\.\\*\\)\\$ {{[^}}]+}}\\s*', re.DOTALL)
|
|
config = pattern.sub('', config)
|
|
|
|
# Update existing stream URLs
|
|
for stream in streams:
|
|
stream_name = stream['streamName']
|
|
stream_url = stream['streamURL']
|
|
if stream_url: # Ensure there is a URL to update to
|
|
# Use a more specific regex to avoid replacing parts of other URLs
|
|
pattern = re.compile(f'(location ~ \\^/{re.escape(stream_name)}\\(\\.\\*\\)\\$ {{\\s*return 302 )([^;]+)(;\\s*}})')
|
|
config = pattern.sub(f'\\1{stream_url}/$1$is_args$args\\3', config)
|
|
|
|
return config
|
|
|
|
def _update_npm_config():
|
|
"""Helper function to update the NPM config."""
|
|
if not session.get('user_id') or int(session.get('user_id')) != 1:
|
|
print("Unauthorized attempt to update NPM config.")
|
|
return
|
|
|
|
npm = NginxProxyManager(app.config['NPM_HOST'], app.config['NPM_EMAIL'], app.config['NPM_PASSWORD'])
|
|
npm.login()
|
|
host = npm.get_proxy_host(9)
|
|
if host:
|
|
current_config = host.get('advanced_config', '')
|
|
|
|
backend_url = f"{app.config['BACKEND_URL']}/get_all_stream_urls"
|
|
credentials = base64.b64decode(session["auth_credentials"]).decode()
|
|
username, password = credentials.split(":", 1)
|
|
auth = requests.auth.HTTPBasicAuth(username, password)
|
|
|
|
try:
|
|
response = requests.get(backend_url, auth=auth)
|
|
response.raise_for_status()
|
|
streams = response.json()
|
|
except requests.exceptions.RequestException as e:
|
|
print(f"Failed to fetch streams from backend: {e}")
|
|
return
|
|
|
|
if streams:
|
|
new_config = update_config_with_streams(current_config, streams)
|
|
npm.update_proxy_host_config(9, new_config)
|
|
print("NPM config updated successfully.")
|
|
else:
|
|
print("Failed to update NPM config.")
|
|
|
|
def _update_npm_config_in_background():
|
|
with app.app_context():
|
|
_update_npm_config()
|
|
|
|
@app.route('/update_host_9_config', methods=['POST'])
|
|
def update_host_9_config():
|
|
if not session.get('user_id') or int(session.get('user_id')) != 1:
|
|
return jsonify({'error': 'Unauthorized'}), 401
|
|
|
|
thread = threading.Thread(target=_update_npm_config_in_background)
|
|
thread.start()
|
|
|
|
return jsonify({'message': 'NPM config update started in the background.'}), 202
|
|
|
|
|
|
if __name__ == "__main__":
|
|
app.run(
|
|
debug=app.config["DEBUG"],
|
|
host=app.config["HOST"],
|
|
port=app.config["PORT"]
|
|
)
|