Merge pull request #106 from george-e-shaw-iv/master

Secure account credentials, track a server admin email/name for use in auto-generated emails to clients
This commit is contained in:
George Shaw 2017-12-07 15:34:50 -06:00 committed by GitHub
commit 7c35770f26
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 231 additions and 18 deletions

3
.gitignore vendored
View file

@ -15,3 +15,6 @@ bundles/*
# IGNORE OSX FINDER FILES
**.DS_Store
# IGNORE GOLAND IDE DIRECTORY
.idea/

View file

@ -104,8 +104,9 @@ func Create(res http.ResponseWriter, req *http.Request, logger *log.Logger, bund
}
var defaultBundleUser database.Struct_Users
var tempPass = encryption.RandomString(16)
defaultBundleUser.Pass, err = encryption.HashPassword("root")
defaultBundleUser.Pass, err = encryption.HashPassword(tempPass)
if err != nil {
logger.Println(req.URL.Path + "::" + err.Error())
http.Error(res, err.Error(), http.StatusInternalServerError)
@ -135,6 +136,7 @@ func Create(res http.ResponseWriter, req *http.Request, logger *log.Logger, bund
defer ds.Close()
var smtpSettings database.Struct_SMTP
var adminSettings database.Struct_Admin
err = ds.Get(database.BUCKET_GENERAL, []byte("smtp"), &smtpSettings)
if err != nil {
@ -143,6 +145,13 @@ func Create(res http.ResponseWriter, req *http.Request, logger *log.Logger, bund
return false
}
err = ds.Get(database.BUCKET_GENERAL, []byte("admin"), &adminSettings)
if err != nil {
logger.Println(req.URL.Path + "::" + err.Error())
http.Error(res, err.Error(), http.StatusInternalServerError)
return false
}
mail, err := emailer.New(smtpSettings.Type, emailer.Credentials{
Username: smtpSettings.Username,
Password: smtpSettings.Password,
@ -159,7 +168,9 @@ func Create(res http.ResponseWriter, req *http.Request, logger *log.Logger, bund
"Account Port: " + strconv.Itoa(createBundleRequestData.AccPort) + "\r\n" +
"Public Port: " + strconv.Itoa(createBundleRequestData.PubPort) + "\r\n\n" +
"Default account username: root\r\n" +
"Default account password: root")
"Default account password: " + tempPass + "\r\n\n" +
"Any questions, comments, or concerns can be directed toward your server administrator " + adminSettings.Name +
" at " + adminSettings.Email)
err = mail.SendSimple(createBundleRequestData.Email, "New gPanel Bundle - "+createBundleRequestData.Name, msg)
if err != nil {
@ -168,6 +179,13 @@ func Create(res http.ResponseWriter, req *http.Request, logger *log.Logger, bund
return false
}
err = mail.SendSimple(adminSettings.Email, "New gPanel Bundle - "+createBundleRequestData.Name, msg)
if err != nil {
logger.Println(req.URL.Path + "::" + err.Error())
http.Error(res, err.Error(), http.StatusInternalServerError)
return false
}
res.WriteHeader(http.StatusOK)
res.Write([]byte(createBundleRequestData.Name))

View file

@ -0,0 +1,45 @@
package settings
import (
"net/http"
"strconv"
"log"
"github.com/Ennovar/gPanel/pkg/database"
"encoding/json"
)
func GetAdmin(res http.ResponseWriter, req *http.Request, logger *log.Logger, dir string) bool {
if req.Method != "GET" {
logger.Println(req.URL.Path + "::" + req.Method + "::" + strconv.Itoa(http.StatusMethodNotAllowed) + "::" + http.StatusText(http.StatusMethodNotAllowed))
http.Error(res, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
return false
}
ds, err := database.Open(dir + database.DB_SETTINGS)
if err != nil || ds == nil {
logger.Println(req.URL.Path + "::" + err.Error())
http.Error(res, err.Error(), http.StatusInternalServerError)
return false
}
defer ds.Close()
var adminSettings database.Struct_Admin
err = ds.Get(database.BUCKET_GENERAL, []byte("admin"), &adminSettings)
if err != nil {
logger.Println(req.URL.Path + "::" + err.Error())
http.Error(res, err.Error(), http.StatusInternalServerError)
return false
}
b, err := json.Marshal(adminSettings)
if err != nil {
logger.Println(req.URL.Path + "::" + err.Error())
http.Error(res, err.Error(), http.StatusInternalServerError)
return false
}
res.WriteHeader(http.StatusOK)
res.Write(b)
return true
}

View file

@ -1,11 +1,10 @@
package email
package settings
import (
"encoding/json"
"log"
"net/http"
"log"
"strconv"
"encoding/json"
"github.com/Ennovar/gPanel/pkg/database"
)

View file

@ -0,0 +1,44 @@
package settings
import (
"net/http"
"log"
"strconv"
"github.com/Ennovar/gPanel/pkg/database"
"encoding/json"
)
func SetAdmin(res http.ResponseWriter, req *http.Request, logger *log.Logger, dir string) bool {
if req.Method != "POST" {
logger.Println(req.URL.Path + "::" + req.Method + "::" + strconv.Itoa(http.StatusMethodNotAllowed) + "::" + http.StatusText(http.StatusMethodNotAllowed))
http.Error(res, http.StatusText(http.StatusMethodNotAllowed), http.StatusMethodNotAllowed)
return false
}
var adminSettingsRequestData database.Struct_Admin
err := json.NewDecoder(req.Body).Decode(&adminSettingsRequestData)
if err != nil {
logger.Println(req.URL.Path + "::" + err.Error())
http.Error(res, err.Error(), http.StatusBadRequest)
return false
}
ds, err := database.Open(dir + database.DB_SETTINGS)
if err != nil || ds == nil {
logger.Println(req.URL.Path + "::" + err.Error())
http.Error(res, err.Error(), http.StatusInternalServerError)
return false
}
defer ds.Close()
err = ds.Put(database.BUCKET_GENERAL, []byte("admin"), adminSettingsRequestData)
if err != nil {
logger.Println(req.URL.Path + "::" + err.Error())
http.Error(res, err.Error(), http.StatusInternalServerError)
return false
}
res.WriteHeader(http.StatusNoContent)
return true
}

View file

@ -1,13 +1,12 @@
package email
package settings
import (
"encoding/json"
"log"
"net/http"
"log"
"strconv"
"github.com/Ennovar/gPanel/pkg/database"
"encoding/json"
"github.com/Ennovar/gPanel/pkg/emailer"
"github.com/Ennovar/gPanel/pkg/database"
)
func SetSMTP(res http.ResponseWriter, req *http.Request, logger *log.Logger, dir string) bool {

View file

@ -7,3 +7,8 @@ type Struct_SMTP struct {
Server string `json:"server"`
Port int `json:"port"`
}
type Struct_Admin struct {
Name string `json:"name"`
Email string `json:"email"`
}

View file

@ -9,10 +9,10 @@ import (
"strings"
"github.com/Ennovar/gPanel/pkg/api/bundle"
"github.com/Ennovar/gPanel/pkg/api/email"
logapi "github.com/Ennovar/gPanel/pkg/api/log"
"github.com/Ennovar/gPanel/pkg/api/server"
"github.com/Ennovar/gPanel/pkg/api/user"
"github.com/Ennovar/gPanel/pkg/api/settings"
)
func (con *Controller) apiHandler(res http.ResponseWriter, req *http.Request) (bool, bool) {
@ -89,10 +89,14 @@ func (con *Controller) apiHandler(res http.ResponseWriter, req *http.Request) (b
return true, logapi.Read(res, req, con.APILogger, con.Directory)
case "/log/delete":
return true, logapi.Truncate(res, req, con.APILogger, con.Directory)
case "/email/set_smtp":
return true, email.SetSMTP(res, req, con.APILogger, con.Directory)
case "/email/get_smtp":
return true, email.GetSMTP(res, req, con.APILogger, con.Directory)
case "/settings/set_smtp":
return true, settings.SetSMTP(res, req, con.APILogger, con.Directory)
case "/settings/get_smtp":
return true, settings.GetSMTP(res, req, con.APILogger, con.Directory)
case "/settings/set_admin":
return true, settings.SetAdmin(res, req, con.APILogger, con.Directory)
case "/settings/get_admin":
return true, settings.GetAdmin(res, req, con.APILogger, con.Directory)
default:
return false, false
}

View file

@ -0,0 +1,60 @@
var adminSettingsModal = jQuery('.admin-settings-modal');
jQuery('._js_admin-settings').on('click', function(e){
e.preventDefault();
var xhr = new XMLHttpRequest();
xhr.open('GET', 'api/settings/get_admin', true);
xhr.send();
xhr.onloadend = function() {
if(xhr.status == 200) {
var resp = JSON.parse(xhr.response);
jQuery('#adminName').val(resp["name"]);
jQuery('#adminEmail').val(resp["email"]);
}
adminSettingsModal.modal('show');
}
});
jQuery('._js_admin-settings-form').on('submit', function(e){
e.preventDefault();
var flag = false;
jQuery(this).find('input').each(function(i){
if(jQuery(this) && jQuery(this).val()) return true;
else {
flag = true;
return false;
}
});
if(flag) {
alert('All inputs need to be filled out.');
return;
}
var requestData = {};
requestData["name"] = jQuery(this).find('#adminName').val();
requestData["email"] = jQuery(this).find('#adminEmail').val();
var xhr = new XMLHttpRequest();
xhr.open(jQuery(this).attr('method'), jQuery(this).attr('action'), true);
xhr.setRequestHeader('Content-Type', 'application/json; charset=UTF-8');
xhr.send(JSON.stringify(requestData));
xhr.onloadend = function() {
if(xhr.status == 204) {
alert('Administrator settings successfully set.');
}
else {
if(xhr.response != undefined && xhr.response.length != 0) {
alert('Error: ' + xhr.response);
}
else {
alert('An error has occurred, refresh and try again. If problem persists please contact your administrator.');
}
}
}
});

View file

@ -4,7 +4,7 @@ jQuery('._js_smtp-credentials').on('click', function(e){
e.preventDefault();
var xhr = new XMLHttpRequest();
xhr.open('GET', 'api/email/get_smtp', true);
xhr.open('GET', 'api/settings/get_smtp', true);
xhr.send();
xhr.onloadend = function() {

View file

@ -295,7 +295,7 @@
</button>
</div>
<div class="modal-body">
<form class="_js_smtp-settings-form" action="api/email/set_smtp" method="POST">
<form class="_js_smtp-settings-form" action="api/settings/set_smtp" method="POST">
<div class="form-group">
<label for="smtpType">Authentication Type</label>
<select class="form-control" id="smtpType">
@ -331,6 +331,40 @@
</div>
</div>
<!-- Administrator Settings Modal -->
<div class="modal fade admin-settings-modal" tabindex="-1" role="dialog" aria-labelledby="admin-settings-modal" aria-hidden="true">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">Administrator Settings</h5>
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
</div>
<div class="modal-body">
<form class="_js_admin-settings-form" action="api/settings/set_admin" method="POST">
<div class="form-group">
<label for="adminName">Administrator Name</label>
<input type="text" class="form-control" id="adminName" placeholder="Administrator Name" value="">
<small class="form-text text-muted">This will be used in auto-generated emails sent to bundle clients.</small>
</div>
<div class="form-group">
<label for="adminEmail">Administrator Email</label>
<input type="email" class="form-control" id="adminEmail" placeholder="admin@domain.com" value="">
<small class="form-text text-muted">A copy of each important email (auto-generated credentials, etc.) sent to bundle clients will also be sent to this email.</small>
</div>
<div class="btn-group" role="group">
<button type="submit" class="btn btn-primary">Set Administrator Settings</button>
</div>
</form>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-12">
@ -383,6 +417,7 @@
<h6 class="card-subtitle mb-4 text-muted">Set or update various settings, such as smtp credentials, that the server uses</h6>
<div class="btn-group" role="group">
<button type="button" class="btn btn-outline-primary _js_smtp-credentials">SMTP Credentials</button>
<button type="button" class="btn btn-outline-primary _js_admin-settings">Administrator Settings</button>
</div>
</div>
</div>
@ -436,6 +471,7 @@
<script type="text/javascript" src="assets/js/panelHandlers/users/new_password.js"></script>
<script type="text/javascript" src="assets/js/panelHandlers/settings/smtp.js"></script>
<script type="text/javascript" src="assets/js/panelHandlers/settings/admin.js"></script>
<!-- KEEP AT BOTTOM OF BODY TAGS -->
</body>
</html>