mirror of
https://github.com/bunkerity/bunkerweb
synced 2026-05-24 09:28:37 +00:00
Add pro folders and logic to the back
This commit is contained in:
Théophile Diot
parent
243f641074
commit
e270995c3a
23 changed files with 236 additions and 480 deletions
|
|
@ -67,8 +67,8 @@ RUN apk add --no-cache pcre bash python3 yajl && \
|
|||
mkdir -p /var/www/html && \
|
||||
mkdir -p /etc/bunkerweb && \
|
||||
mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
|
||||
for dir in $(echo "configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
|
||||
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
|
||||
for dir in $(echo "pro configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
|
||||
for dir in $(echo "pro/plugins configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
|
||||
chown -R root:nginx /data /etc/nginx /var/cache/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /usr/bin/bwcli && \
|
||||
chmod -R 770 /data /etc/nginx /var/cache/bunkerweb /var/tmp/bunkerweb /var/log/bunkerweb /var/run/bunkerweb && \
|
||||
chmod 750 cli/main.py gen/main.py helpers/*.sh entrypoint.sh /usr/bin/bwcli deps/python/bin/* && \
|
||||
|
|
|
|||
|
|
@ -128,6 +128,8 @@ api.global.POST["^/confs$"] = function(self)
|
|||
destination = "/etc/bunkerweb/configs"
|
||||
elseif self.ctx.bw.uri == "/plugins" then
|
||||
destination = "/etc/bunkerweb/plugins"
|
||||
elseif self.ctx.bw.uri == "/pro_plugins" then
|
||||
destination = "/etc/bunkerweb/pro/plugins"
|
||||
end
|
||||
local form, err = upload:new(4096)
|
||||
if not form then
|
||||
|
|
@ -175,6 +177,8 @@ api.global.POST["^/custom_configs$"] = api.global.POST["^/confs$"]
|
|||
|
||||
api.global.POST["^/plugins$"] = api.global.POST["^/confs$"]
|
||||
|
||||
api.global.POST["^/pro_plugins$"] = api.global.POST["^/confs$"]
|
||||
|
||||
api.global.POST["^/unban$"] = function(self)
|
||||
read_body()
|
||||
local data = get_body_data()
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ resolver {{ DNS_RESOLVERS }} {% if USE_IPV6 == "no" %}ipv6=off{% endif %};
|
|||
port_in_redirect off;
|
||||
|
||||
# lua configs
|
||||
lua_package_path "/usr/share/bunkerweb/lua/?.lua;/usr/share/bunkerweb/core/?.lua;/etc/bunkerweb/plugins/?.lua;/usr/share/bunkerweb/deps/lib/lua/?.lua;;";
|
||||
lua_package_path "/usr/share/bunkerweb/lua/?.lua;/usr/share/bunkerweb/core/?.lua;/etc/bunkerweb/plugins/?.lua;/etc/bunkerweb/pro/plugins/?.lua;/usr/share/bunkerweb/deps/lib/lua/?.lua;;";
|
||||
lua_package_cpath "/usr/share/bunkerweb/deps/lib/?.so;/usr/share/bunkerweb/deps/lib/lua/?.so;;";
|
||||
lua_ssl_trusted_certificate "/usr/share/bunkerweb/misc/root-ca.pem";
|
||||
lua_ssl_verify_depth 2;
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ init_by_lua_block {
|
|||
-- Load plugins into the datastore
|
||||
logger:log(NOTICE, "saving plugins into datastore ...")
|
||||
local plugins = {}
|
||||
local plugin_paths = { "/usr/share/bunkerweb/core", "/etc/bunkerweb/plugins" }
|
||||
local plugin_paths = { "/usr/share/bunkerweb/core", "/etc/bunkerweb/plugins", "/etc/bunkerweb/pro/plugins" }
|
||||
for i, plugin_path in ipairs(plugin_paths) do
|
||||
local paths = popen("find -L " .. plugin_path .. " -maxdepth 1 -type d ! -path " .. plugin_path)
|
||||
for path in paths:lines() do
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ init_by_lua_block {
|
|||
-- Load plugins into the datastore
|
||||
logger:log(NOTICE, "saving plugins into datastore ...")
|
||||
local plugins = {}
|
||||
local plugin_paths = { "/usr/share/bunkerweb/core", "/etc/bunkerweb/plugins" }
|
||||
local plugin_paths = { "/usr/share/bunkerweb/core", "/etc/bunkerweb/plugins", "/etc/bunkerweb/pro/plugins" }
|
||||
for i, plugin_path in ipairs(plugin_paths) do
|
||||
local paths = popen("find -L " .. plugin_path .. " -maxdepth 1 -type d ! -path " .. plugin_path)
|
||||
for path in paths:lines() do
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ resolver_timeout 30s;
|
|||
tcp_nodelay on;
|
||||
|
||||
# lua path and dicts
|
||||
lua_package_path "/usr/share/bunkerweb/lua/?.lua;/usr/share/bunkerweb/core/?.lua;/etc/bunkerweb/plugins/?.lua;/usr/share/bunkerweb/deps/lib/lua/?.lua;;";
|
||||
lua_package_path "/usr/share/bunkerweb/lua/?.lua;/usr/share/bunkerweb/core/?.lua;/etc/bunkerweb/plugins/?.lua;/etc/bunkerweb/pro/plugins/?.lua;/usr/share/bunkerweb/deps/lib/lua/?.lua;;";
|
||||
lua_package_cpath "/usr/share/bunkerweb/deps/lib/?.so;/usr/share/bunkerweb/deps/lib/lua/?.so;;";
|
||||
lua_ssl_trusted_certificate "/usr/share/bunkerweb/misc/root-ca.pem";
|
||||
lua_ssl_verify_depth 2;
|
||||
|
|
|
|||
|
|
@ -294,6 +294,7 @@ class Database:
|
|||
.with_entities(
|
||||
Metadata.custom_configs_changed,
|
||||
Metadata.external_plugins_changed,
|
||||
Metadata.pro_plugins_changed,
|
||||
Metadata.config_changed,
|
||||
Metadata.instances_changed,
|
||||
)
|
||||
|
|
@ -304,6 +305,7 @@ class Database:
|
|||
return dict(
|
||||
custom_configs_changed=metadata is not None and metadata.custom_configs_changed,
|
||||
external_plugins_changed=metadata is not None and metadata.external_plugins_changed,
|
||||
pro_plugins_changed=metadata is not None and metadata.pro_plugins_changed,
|
||||
config_changed=metadata is not None and metadata.config_changed,
|
||||
instances_changed=metadata is not None and metadata.instances_changed,
|
||||
)
|
||||
|
|
@ -316,6 +318,7 @@ class Database:
|
|||
"config",
|
||||
"custom_configs",
|
||||
"external_plugins",
|
||||
"pro_plugins",
|
||||
"instances",
|
||||
]
|
||||
with self.__db_session() as session:
|
||||
|
|
@ -333,6 +336,8 @@ class Database:
|
|||
metadata.custom_configs_changed = value
|
||||
if "external_plugins" in changes:
|
||||
metadata.external_plugins_changed = value
|
||||
if "pro_plugins" in changes:
|
||||
metadata.pro_plugins_changed = value
|
||||
if "instances" in changes:
|
||||
metadata.instances_changed = value
|
||||
session.commit()
|
||||
|
|
@ -1121,11 +1126,11 @@ class Database:
|
|||
|
||||
return ""
|
||||
|
||||
def update_external_plugins(self, plugins: List[Dict[str, Any]], *, delete_missing: bool = True) -> str:
|
||||
def update_external_plugins(self, plugins: List[Dict[str, Any]], *, _type: Literal["external", "pro"] = "external", delete_missing: bool = True) -> str:
|
||||
"""Update external plugins from the database"""
|
||||
to_put = []
|
||||
with self.__db_session() as session:
|
||||
db_plugins = session.query(Plugins).with_entities(Plugins.id).filter_by(type="external").all()
|
||||
db_plugins = session.query(Plugins).with_entities(Plugins.id).filter_by(type=_type).all()
|
||||
|
||||
db_ids = []
|
||||
if delete_missing and db_plugins:
|
||||
|
|
@ -1141,7 +1146,7 @@ class Database:
|
|||
settings = plugin.pop("settings", {})
|
||||
jobs = plugin.pop("jobs", [])
|
||||
page = plugin.pop("page", False)
|
||||
plugin["type"] = "external"
|
||||
plugin["type"] = _type
|
||||
db_plugin = (
|
||||
session.query(Plugins)
|
||||
.with_entities(
|
||||
|
|
@ -1159,9 +1164,9 @@ class Database:
|
|||
)
|
||||
|
||||
if db_plugin is not None:
|
||||
if db_plugin.type != "external":
|
||||
if db_plugin.type not in ("external", "pro"):
|
||||
self.__logger.warning(
|
||||
f"Plugin \"{plugin['id']}\" is not external, skipping update (updating a non-external plugin is forbidden for security reasons)",
|
||||
f"Plugin \"{plugin['id']}\" is not {_type}, skipping update (updating a non-external or non-pro plugin is forbidden for security reasons)",
|
||||
)
|
||||
continue
|
||||
|
||||
|
|
@ -1188,6 +1193,9 @@ class Database:
|
|||
if plugin.get("checksum") != db_plugin.checksum:
|
||||
updates[Plugins.checksum] = plugin.get("checksum")
|
||||
|
||||
if plugin.get("type") != db_plugin.type:
|
||||
updates[Plugins.type] = plugin.get("type")
|
||||
|
||||
if updates:
|
||||
session.query(Plugins).filter(Plugins.id == plugin["id"]).update(updates)
|
||||
|
||||
|
|
@ -1377,7 +1385,7 @@ class Database:
|
|||
description=plugin["description"],
|
||||
version=plugin["version"],
|
||||
stream=plugin["stream"],
|
||||
type="external",
|
||||
type=_type,
|
||||
method=plugin["method"],
|
||||
data=plugin.get("data"),
|
||||
checksum=plugin.get("checksum"),
|
||||
|
|
@ -1477,7 +1485,10 @@ class Database:
|
|||
with suppress(ProgrammingError, OperationalError):
|
||||
metadata = session.query(Metadata).get(1)
|
||||
if metadata is not None:
|
||||
metadata.external_plugins_changed = True
|
||||
if _type == "external":
|
||||
metadata.external_plugins_changed = True
|
||||
elif _type == "pro":
|
||||
metadata.pro_plugins_changed = True
|
||||
|
||||
try:
|
||||
session.add_all(to_put)
|
||||
|
|
|
|||
|
|
@ -66,7 +66,6 @@ class Settings(Base):
|
|||
__table_args__ = (
|
||||
PrimaryKeyConstraint("id", "name"),
|
||||
UniqueConstraint("id"),
|
||||
UniqueConstraint("name"),
|
||||
)
|
||||
|
||||
id = Column(String(256), primary_key=True)
|
||||
|
|
@ -274,6 +273,7 @@ class Metadata(Base):
|
|||
scheduler_first_start = Column(Boolean, nullable=True)
|
||||
custom_configs_changed = Column(Boolean, default=False, nullable=True)
|
||||
external_plugins_changed = Column(Boolean, default=False, nullable=True)
|
||||
pro_plugins_changed = Column(Boolean, default=False, nullable=True)
|
||||
config_changed = Column(Boolean, default=False, nullable=True)
|
||||
instances_changed = Column(Boolean, default=False, nullable=True)
|
||||
integration = Column(INTEGRATIONS_ENUM, default="Unknown", nullable=False)
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ class Configurator:
|
|||
settings: str,
|
||||
core: str,
|
||||
external_plugins: Union[str, List[Dict[str, Any]]],
|
||||
pro_plugins: Union[str, List[Dict[str, Any]]],
|
||||
variables: Union[str, Dict[str, Any]],
|
||||
logger: Logger,
|
||||
):
|
||||
|
|
@ -46,6 +47,12 @@ class Configurator:
|
|||
else:
|
||||
self.__external_plugins = external_plugins
|
||||
|
||||
if isinstance(pro_plugins, str):
|
||||
self.__pro_plugins = []
|
||||
self.__load_plugins(pro_plugins, "pro")
|
||||
else:
|
||||
self.__pro_plugins = pro_plugins
|
||||
|
||||
if isinstance(variables, str):
|
||||
self.__variables = self.__load_variables(variables)
|
||||
else:
|
||||
|
|
@ -58,11 +65,13 @@ class Configurator:
|
|||
return self.__settings
|
||||
|
||||
def get_plugins(self, _type: Literal["core", "external", "pro"]) -> List[Dict[str, Any]]:
|
||||
return self.__core_plugins if _type == "core" else self.__external_plugins
|
||||
return {"core": self.__core_plugins, "external": self.__external_plugins, "pro": self.__pro_plugins}[_type]
|
||||
|
||||
def get_plugins_settings(self, _type: Union[Literal["core"], Literal["external"]]) -> Dict[str, Any]:
|
||||
def get_plugins_settings(self, _type: Literal["core", "external", "pro"]) -> Dict[str, Any]:
|
||||
if _type == "core":
|
||||
plugins = self.__core_plugins
|
||||
elif _type == "pro":
|
||||
plugins = self.__pro_plugins
|
||||
else:
|
||||
plugins = self.__external_plugins
|
||||
plugins_settings = {}
|
||||
|
|
@ -78,9 +87,7 @@ class Configurator:
|
|||
servers = {}
|
||||
for server_name in self.__variables["SERVER_NAME"].strip().split(" "):
|
||||
if not re_search(self.__settings["SERVER_NAME"]["regex"], server_name):
|
||||
self.__logger.warning(
|
||||
f"Ignoring server name {server_name} because regex is not valid",
|
||||
)
|
||||
self.__logger.warning(f"Ignoring server name {server_name} because regex is not valid")
|
||||
continue
|
||||
names = [server_name]
|
||||
if f"{server_name}_SERVER_NAME" in self.__variables:
|
||||
|
|
@ -88,9 +95,7 @@ class Configurator:
|
|||
self.__settings["SERVER_NAME"]["regex"],
|
||||
self.__variables[f"{server_name}_SERVER_NAME"],
|
||||
):
|
||||
self.__logger.warning(
|
||||
f"Ignoring {server_name}_SERVER_NAME because regex is not valid",
|
||||
)
|
||||
self.__logger.warning(f"Ignoring {server_name}_SERVER_NAME because regex is not valid")
|
||||
else:
|
||||
names = self.__variables[f"{server_name}_SERVER_NAME"].strip().split(" ")
|
||||
|
||||
|
|
@ -100,7 +105,7 @@ class Configurator:
|
|||
def __load_settings(self, path: str) -> Dict[str, Any]:
|
||||
return loads(Path(path).read_text())
|
||||
|
||||
def __load_plugins(self, path: str, _type: str = "core"):
|
||||
def __load_plugins(self, path: str, _type: Literal["core", "external", "pro"] = "core"):
|
||||
threads = []
|
||||
for file in glob(join(path, "*", "plugin.json")):
|
||||
thread = Thread(target=self.__load_plugin, args=(file, _type))
|
||||
|
|
@ -110,32 +115,26 @@ class Configurator:
|
|||
for thread in threads:
|
||||
thread.join()
|
||||
|
||||
def __load_plugin(self, file: str, _type: str = "core"):
|
||||
def __load_plugin(self, file: str, _type: Literal["core", "external", "pro"] = "core"):
|
||||
self.__semaphore.acquire(timeout=60)
|
||||
try:
|
||||
data = self.__load_settings(file)
|
||||
|
||||
resp, msg = self.__validate_plugin(data)
|
||||
if not resp:
|
||||
self.__logger.warning(
|
||||
f"Ignoring plugin {file} : {msg}",
|
||||
)
|
||||
self.__logger.warning(f"Ignoring {_type} plugin {file} : {msg}")
|
||||
return
|
||||
|
||||
if _type == "external":
|
||||
if _type != "core":
|
||||
plugin_content = BytesIO()
|
||||
with tar_open(fileobj=plugin_content, mode="w:gz", compresslevel=9) as tar:
|
||||
tar.add(
|
||||
dirname(file),
|
||||
arcname=basename(dirname(file)),
|
||||
recursive=True,
|
||||
)
|
||||
tar.add(dirname(file), arcname=basename(dirname(file)), recursive=True)
|
||||
plugin_content.seek(0, 0)
|
||||
value = plugin_content.getvalue()
|
||||
|
||||
data.update(
|
||||
{
|
||||
"type": "external",
|
||||
"type": _type,
|
||||
"page": "ui" in listdir(dirname(file)),
|
||||
"method": "manual",
|
||||
"data": value,
|
||||
|
|
@ -144,14 +143,15 @@ class Configurator:
|
|||
)
|
||||
|
||||
with self.__thread_lock:
|
||||
self.__external_plugins.append(data)
|
||||
if _type == "pro":
|
||||
self.__pro_plugins.append(data)
|
||||
else:
|
||||
self.__external_plugins.append(data)
|
||||
else:
|
||||
with self.__thread_lock:
|
||||
self.__core_plugins.append(data)
|
||||
except:
|
||||
self.__logger.error(
|
||||
f"Exception while loading JSON from {file} : {format_exc()}",
|
||||
)
|
||||
self.__logger.error(f"Exception while loading JSON from {file} : {format_exc()}")
|
||||
self.__semaphore.release()
|
||||
|
||||
def __load_variables(self, path: str) -> Dict[str, Any]:
|
||||
|
|
@ -173,6 +173,7 @@ class Configurator:
|
|||
self.__settings,
|
||||
self.get_plugins_settings("core"),
|
||||
self.get_plugins_settings("external"),
|
||||
self.get_plugins_settings("pro"),
|
||||
]
|
||||
for settings in default_settings:
|
||||
for setting, data in settings.items():
|
||||
|
|
@ -226,10 +227,7 @@ class Configurator:
|
|||
if not where:
|
||||
return False, f"variable name {variable} doesn't exist"
|
||||
elif not re_search(where[real_var]["regex"], value):
|
||||
return (
|
||||
False,
|
||||
f"value {value} doesn't match regex {where[real_var]['regex']}",
|
||||
)
|
||||
return (False, f"value {value} doesn't match regex {where[real_var]['regex']}")
|
||||
return True, "ok"
|
||||
# MULTISITE=yes
|
||||
prefixed, real_var = self.__var_is_prefixed(variable)
|
||||
|
|
@ -239,10 +237,7 @@ class Configurator:
|
|||
elif prefixed and where[real_var]["context"] != "multisite":
|
||||
return False, f"context of {variable} isn't multisite"
|
||||
elif not re_search(where[real_var]["regex"], value):
|
||||
return (
|
||||
False,
|
||||
f"value {value} doesn't match regex {where[real_var]['regex']}",
|
||||
)
|
||||
return (False, f"value {value} doesn't match regex {where[real_var]['regex']}")
|
||||
return True, "ok"
|
||||
|
||||
def __find_var(self, variable: str) -> Tuple[Optional[Dict[str, Any]], str]:
|
||||
|
|
@ -250,6 +245,7 @@ class Configurator:
|
|||
self.__settings,
|
||||
self.get_plugins_settings("core"),
|
||||
self.get_plugins_settings("external"),
|
||||
self.get_plugins_settings("pro"),
|
||||
]
|
||||
for target in targets:
|
||||
if variable in target:
|
||||
|
|
@ -267,120 +263,57 @@ class Configurator:
|
|||
|
||||
def __validate_plugin(self, plugin: dict) -> Tuple[bool, str]:
|
||||
if not all(key in plugin for key in ("id", "name", "description", "version", "stream", "settings")):
|
||||
return (
|
||||
False,
|
||||
f"Missing mandatory keys for plugin {plugin.get('id', 'unknown')} (id, name, description, version, stream, settings)",
|
||||
)
|
||||
return (False, f"Missing mandatory keys for plugin {plugin.get('id', 'unknown')} (id, name, description, version, stream, settings)")
|
||||
|
||||
if not self.__plugin_id_rx.match(plugin["id"]):
|
||||
return (
|
||||
False,
|
||||
f"Invalid id for plugin {plugin['id']} (Can only contain numbers, letters, underscores and hyphens (min 1 characters and max 64))",
|
||||
)
|
||||
return (False, f"Invalid id for plugin {plugin['id']} (Can only contain numbers, letters, underscores and hyphens (min 1 characters and max 64))")
|
||||
elif len(plugin["name"]) > 128:
|
||||
return (
|
||||
False,
|
||||
f"Invalid name for plugin {plugin['id']} (Max 128 characters)",
|
||||
)
|
||||
return (False, f"Invalid name for plugin {plugin['id']} (Max 128 characters)")
|
||||
elif len(plugin["description"]) > 256:
|
||||
return (
|
||||
False,
|
||||
f"Invalid description for plugin {plugin['id']} (Max 256 characters)",
|
||||
)
|
||||
return (False, f"Invalid description for plugin {plugin['id']} (Max 256 characters)")
|
||||
elif not self.__plugin_version_rx.match(plugin["version"]):
|
||||
return (
|
||||
False,
|
||||
f"Invalid version for plugin {plugin['id']} (Must be in format \\d+\\.\\d+(\\.\\d+)?)",
|
||||
)
|
||||
return (False, f"Invalid version for plugin {plugin['id']} (Must be in format \\d+\\.\\d+(\\.\\d+)?)")
|
||||
elif plugin["stream"] not in ("yes", "no", "partial"):
|
||||
return (
|
||||
False,
|
||||
f"Invalid stream for plugin {plugin['id']} (Must be yes, no or partial)",
|
||||
)
|
||||
return (False, f"Invalid stream for plugin {plugin['id']} (Must be yes, no or partial)")
|
||||
|
||||
for setting, data in plugin["settings"].items():
|
||||
if not all(key in data.keys() for key in ("context", "default", "help", "id", "label", "regex", "type")):
|
||||
return (
|
||||
False,
|
||||
f"missing keys for setting {setting} in plugin {plugin['id']}, must have context, default, help, id, label, regex and type",
|
||||
)
|
||||
return (False, f"missing keys for setting {setting} in plugin {plugin['id']}, must have context, default, help, id, label, regex and type")
|
||||
|
||||
if not self.__setting_id_rx.match(setting):
|
||||
return (
|
||||
False,
|
||||
f"Invalid setting name for setting {setting} in plugin {plugin['id']} (Can only contain capital letters and underscores (min 1 characters and max 256))",
|
||||
)
|
||||
return (False, f"Invalid setting name for setting {setting} in plugin {plugin['id']} (Can only contain capital letters and underscores (min 1 characters and max 256))")
|
||||
elif data["context"] not in ("global", "multisite"):
|
||||
return (
|
||||
False,
|
||||
f"Invalid context for setting {setting} in plugin {plugin['id']} (Must be global or multisite)",
|
||||
)
|
||||
return (False, f"Invalid context for setting {setting} in plugin {plugin['id']} (Must be global or multisite)")
|
||||
elif len(data["default"]) > 4096:
|
||||
return (
|
||||
False,
|
||||
f"Invalid default for setting {setting} in plugin {plugin['id']} (Max 4096 characters)",
|
||||
)
|
||||
return (False, f"Invalid default for setting {setting} in plugin {plugin['id']} (Max 4096 characters)")
|
||||
elif len(data["help"]) > 512:
|
||||
return (
|
||||
False,
|
||||
f"Invalid help for setting {setting} in plugin {plugin['id']} (Max 512 characters)",
|
||||
)
|
||||
return (False, f"Invalid help for setting {setting} in plugin {plugin['id']} (Max 512 characters)")
|
||||
elif len(data["label"]) > 256:
|
||||
return (
|
||||
False,
|
||||
f"Invalid label for setting {setting} in plugin {plugin['id']} (Max 256 characters)",
|
||||
)
|
||||
return (False, f"Invalid label for setting {setting} in plugin {plugin['id']} (Max 256 characters)")
|
||||
elif len(data["regex"]) > 1024:
|
||||
return (
|
||||
False,
|
||||
f"Invalid regex for setting {setting} in plugin {plugin['id']} (Max 1024 characters)",
|
||||
)
|
||||
return (False, f"Invalid regex for setting {setting} in plugin {plugin['id']} (Max 1024 characters)")
|
||||
elif data["type"] not in ("password", "text", "check", "select"):
|
||||
return (
|
||||
False,
|
||||
f"Invalid type for setting {setting} in plugin {plugin['id']} (Must be password, text, check or select)",
|
||||
)
|
||||
return (False, f"Invalid type for setting {setting} in plugin {plugin['id']} (Must be password, text, check or select)")
|
||||
|
||||
if "multiple" in data:
|
||||
if not self.__name_rx.match(data["multiple"]):
|
||||
return (
|
||||
False,
|
||||
f"Invalid multiple for setting {setting} in plugin {plugin['id']} (Can only contain numbers, letters, underscores and hyphens (min 1 characters and max 128))",
|
||||
)
|
||||
return (False, f"Invalid multiple for setting {setting} in plugin {plugin['id']} (Can only contain numbers, letters, underscores and hyphens (min 1 characters and max 128))")
|
||||
|
||||
for select in data.get("select", []):
|
||||
if len(select) > 256:
|
||||
return (
|
||||
False,
|
||||
f"Invalid select value {select} for setting {setting} in plugin {plugin['id']} (Max 256 characters)",
|
||||
)
|
||||
return (False, f"Invalid select value {select} for setting {setting} in plugin {plugin['id']} (Max 256 characters)")
|
||||
|
||||
for job in plugin.get("jobs", []):
|
||||
if not all(key in job.keys() for key in ("name", "file", "every", "reload")):
|
||||
return (
|
||||
False,
|
||||
f"missing keys for job {job['name']} in plugin {plugin['id']}, must have name, file, every and reload",
|
||||
)
|
||||
return (False, f"missing keys for job {job['name']} in plugin {plugin['id']}, must have name, file, every and reload")
|
||||
|
||||
if not self.__name_rx.match(job["name"]):
|
||||
return (
|
||||
False,
|
||||
f"Invalid name for job {job['name']} in plugin {plugin['id']}",
|
||||
)
|
||||
return (False, f"Invalid name for job {job['name']} in plugin {plugin['id']}")
|
||||
elif not self.__job_file_rx.match(job["file"]):
|
||||
return (
|
||||
False,
|
||||
f"Invalid file for job {job['name']} in plugin {plugin['id']} (Can only contain numbers, letters, underscores, hyphens and slashes (min 1 characters and max 256))",
|
||||
)
|
||||
return (False, f"Invalid file for job {job['name']} in plugin {plugin['id']} (Can only contain numbers, letters, underscores, hyphens and slashes (min 1 characters and max 256))")
|
||||
elif job["every"] not in ("once", "minute", "hour", "day", "week"):
|
||||
return (
|
||||
False,
|
||||
f"Invalid every for job {job['name']} in plugin {plugin['id']} (Must be once, minute, hour, day or week)",
|
||||
)
|
||||
return (False, f"Invalid every for job {job['name']} in plugin {plugin['id']} (Must be once, minute, hour, day or week)")
|
||||
elif job["reload"] is not True and job["reload"] is not False:
|
||||
return (
|
||||
False,
|
||||
f"Invalid reload for job {job['name']} in plugin {plugin['id']} (Must be true or false)",
|
||||
)
|
||||
return (False, f"Invalid reload for job {job['name']} in plugin {plugin['id']} (Must be true or false)")
|
||||
|
||||
return True, "ok"
|
||||
|
|
|
|||
|
|
@ -16,18 +16,11 @@ from jinja2 import Environment, FileSystemLoader
|
|||
|
||||
|
||||
class Templator:
|
||||
def __init__(
|
||||
self,
|
||||
templates: str,
|
||||
core: str,
|
||||
plugins: str,
|
||||
output: str,
|
||||
target: str,
|
||||
config: Dict[str, Any],
|
||||
):
|
||||
def __init__(self, templates: str, core: str, plugins: str, pro_plugins: str, output: str, target: str, config: Dict[str, Any]):
|
||||
self.__templates = templates
|
||||
self.__core = core
|
||||
self.__plugins = plugins
|
||||
self.__pro_plugins = pro_plugins
|
||||
self.__output = output
|
||||
self.__target = target
|
||||
self.__config = config
|
||||
|
|
@ -43,14 +36,10 @@ class Templator:
|
|||
|
||||
def __load_jinja_env(self) -> Environment:
|
||||
searchpath = [self.__templates]
|
||||
for subpath in glob(join(self.__core, "*")) + glob(join(self.__plugins, "*")):
|
||||
for subpath in glob(join(self.__core, "*")) + glob(join(self.__plugins, "*")) + glob(join(self.__pro_plugins, "*")):
|
||||
if Path(subpath).is_dir():
|
||||
searchpath.append(join(subpath, "confs"))
|
||||
return Environment(
|
||||
loader=FileSystemLoader(searchpath=searchpath),
|
||||
lstrip_blocks=True,
|
||||
trim_blocks=True,
|
||||
)
|
||||
return Environment(loader=FileSystemLoader(searchpath=searchpath), lstrip_blocks=True, trim_blocks=True)
|
||||
|
||||
def __find_templates(self, contexts) -> List[str]:
|
||||
templates = []
|
||||
|
|
|
|||
|
|
@ -28,47 +28,14 @@ if __name__ == "__main__":
|
|||
try:
|
||||
# Parse arguments
|
||||
parser = ArgumentParser(description="BunkerWeb config generator")
|
||||
parser.add_argument(
|
||||
"--settings",
|
||||
default=join(sep, "usr", "share", "bunkerweb", "settings.json"),
|
||||
type=str,
|
||||
help="file containing the main settings",
|
||||
)
|
||||
parser.add_argument(
|
||||
"--templates",
|
||||
default=join(sep, "usr", "share", "bunkerweb", "confs"),
|
||||
type=str,
|
||||
help="directory containing the main template files",
|
||||
)
|
||||
parser.add_argument(
|
||||
"--core",
|
||||
default=join(sep, "usr", "share", "bunkerweb", "core"),
|
||||
type=str,
|
||||
help="directory containing the core plugins",
|
||||
)
|
||||
parser.add_argument(
|
||||
"--plugins",
|
||||
default=join(sep, "etc", "bunkerweb", "plugins"),
|
||||
type=str,
|
||||
help="directory containing the external plugins",
|
||||
)
|
||||
parser.add_argument(
|
||||
"--output",
|
||||
default=join(sep, "etc", "nginx"),
|
||||
type=str,
|
||||
help="where to write the rendered files",
|
||||
)
|
||||
parser.add_argument(
|
||||
"--target",
|
||||
default=join(sep, "etc", "nginx"),
|
||||
type=str,
|
||||
help="where nginx will search for configurations files",
|
||||
)
|
||||
parser.add_argument(
|
||||
"--variables",
|
||||
type=str,
|
||||
help="path to the file containing environment variables",
|
||||
)
|
||||
parser.add_argument("--settings", default=join(sep, "usr", "share", "bunkerweb", "settings.json"), type=str, help="file containing the main settings")
|
||||
parser.add_argument("--templates", default=join(sep, "usr", "share", "bunkerweb", "confs"), type=str, help="directory containing the main template files")
|
||||
parser.add_argument("--core", default=join(sep, "usr", "share", "bunkerweb", "core"), type=str, help="directory containing the core plugins")
|
||||
parser.add_argument("--plugins", default=join(sep, "etc", "bunkerweb", "plugins"), type=str, help="directory containing the external plugins")
|
||||
parser.add_argument("--pro-plugins", default=join(sep, "etc", "bunkerweb", "pro", "plugins"), type=str, help="directory containing the pro plugins")
|
||||
parser.add_argument("--output", default=join(sep, "etc", "nginx"), type=str, help="where to write the rendered files")
|
||||
parser.add_argument("--target", default=join(sep, "etc", "nginx"), type=str, help="where nginx will search for configurations files")
|
||||
parser.add_argument("--variables", type=str, help="path to the file containing environment variables")
|
||||
parser.add_argument("--no-linux-reload", action="store_true", help="disable linux reload")
|
||||
args = parser.parse_args()
|
||||
|
||||
|
|
@ -76,6 +43,7 @@ if __name__ == "__main__":
|
|||
templates_path = Path(normpath(args.templates))
|
||||
core_path = Path(normpath(args.core))
|
||||
plugins_path = Path(normpath(args.plugins))
|
||||
pro_plugins_path = Path(normpath(args.pro_plugins))
|
||||
output_path = Path(normpath(args.output))
|
||||
target_path = Path(normpath(args.target))
|
||||
|
||||
|
|
@ -84,6 +52,7 @@ if __name__ == "__main__":
|
|||
logger.info(f"Templates : {templates_path}")
|
||||
logger.info(f"Core : {core_path}")
|
||||
logger.info(f"Plugins : {plugins_path}")
|
||||
logger.info(f"Pro plugins : {pro_plugins_path}")
|
||||
logger.info(f"Output : {output_path}")
|
||||
logger.info(f"Target : {target_path}")
|
||||
|
||||
|
|
@ -110,7 +79,7 @@ if __name__ == "__main__":
|
|||
# Check existences and permissions
|
||||
logger.info("Checking arguments ...")
|
||||
files = [settings_path, variables_path]
|
||||
paths_rx = [core_path, plugins_path, templates_path]
|
||||
paths_rx = [core_path, plugins_path, pro_plugins_path, templates_path]
|
||||
paths_rwx = [output_path]
|
||||
for file in files:
|
||||
if not file.is_file():
|
||||
|
|
@ -137,13 +106,7 @@ if __name__ == "__main__":
|
|||
|
||||
# Compute the config
|
||||
logger.info("Computing config ...")
|
||||
config: Dict[str, Any] = Configurator(
|
||||
str(settings_path),
|
||||
str(core_path),
|
||||
str(plugins_path),
|
||||
str(variables_path),
|
||||
logger,
|
||||
).get_config()
|
||||
config: Dict[str, Any] = Configurator(str(settings_path), str(core_path), str(plugins_path), str(pro_plugins_path), str(variables_path), logger).get_config()
|
||||
else:
|
||||
if join(sep, "usr", "share", "bunkerweb", "db") not in sys_path:
|
||||
sys_path.append(join(sep, "usr", "share", "bunkerweb", "db"))
|
||||
|
|
@ -168,14 +131,7 @@ if __name__ == "__main__":
|
|||
|
||||
# Render the templates
|
||||
logger.info("Rendering templates ...")
|
||||
templator = Templator(
|
||||
str(templates_path),
|
||||
str(core_path),
|
||||
str(plugins_path),
|
||||
str(output_path),
|
||||
str(target_path),
|
||||
config,
|
||||
)
|
||||
templator = Templator(str(templates_path), str(core_path), str(plugins_path), str(pro_plugins_path), str(output_path), str(target_path), config)
|
||||
templator.render()
|
||||
|
||||
if integration not in ("Autoconf", "Swarm", "Kubernetes", "Docker") and not args.no_linux_reload:
|
||||
|
|
|
|||
|
|
@ -79,55 +79,26 @@ if __name__ == "__main__":
|
|||
try:
|
||||
# Parse arguments
|
||||
parser = ArgumentParser(description="BunkerWeb config saver")
|
||||
parser.add_argument(
|
||||
"--settings",
|
||||
default=join(sep, "usr", "share", "bunkerweb", "settings.json"),
|
||||
type=str,
|
||||
help="file containing the main settings",
|
||||
)
|
||||
parser.add_argument(
|
||||
"--core",
|
||||
default=join(sep, "usr", "share", "bunkerweb", "core"),
|
||||
type=str,
|
||||
help="directory containing the core plugins",
|
||||
)
|
||||
parser.add_argument(
|
||||
"--plugins",
|
||||
default=join(sep, "etc", "bunkerweb", "plugins"),
|
||||
type=str,
|
||||
help="directory containing the external plugins",
|
||||
)
|
||||
parser.add_argument(
|
||||
"--variables",
|
||||
type=str,
|
||||
help="path to the file containing environment variables",
|
||||
)
|
||||
parser.add_argument(
|
||||
"--init",
|
||||
action="store_true",
|
||||
help="Only initialize the database",
|
||||
)
|
||||
parser.add_argument(
|
||||
"--method",
|
||||
default="scheduler",
|
||||
type=str,
|
||||
help="The method that is used to save the config",
|
||||
)
|
||||
parser.add_argument(
|
||||
"--no-check-changes",
|
||||
action="store_true",
|
||||
help="Set the changes to checked in the database",
|
||||
)
|
||||
parser.add_argument("--settings", default=join(sep, "usr", "share", "bunkerweb", "settings.json"), type=str, help="file containing the main settings")
|
||||
parser.add_argument("--core", default=join(sep, "usr", "share", "bunkerweb", "core"), type=str, help="directory containing the core plugins")
|
||||
parser.add_argument("--plugins", default=join(sep, "etc", "bunkerweb", "plugins"), type=str, help="directory containing the external plugins")
|
||||
parser.add_argument("--pro-plugins", default=join(sep, "etc", "bunkerweb", "pro", "plugins"), type=str, help="directory containing the pro plugins")
|
||||
parser.add_argument("--variables", type=str, help="path to the file containing environment variables")
|
||||
parser.add_argument("--init", action="store_true", help="Only initialize the database")
|
||||
parser.add_argument("--method", default="scheduler", type=str, help="The method that is used to save the config")
|
||||
parser.add_argument("--no-check-changes", action="store_true", help="Set the changes to checked in the database")
|
||||
args = parser.parse_args()
|
||||
|
||||
settings_path = Path(normpath(args.settings))
|
||||
core_path = Path(normpath(args.core))
|
||||
plugins_path = Path(normpath(args.plugins))
|
||||
pro_plugins_path = Path(normpath(args.pro_plugins))
|
||||
|
||||
logger.info("Save config started ...")
|
||||
logger.info(f"Settings : {settings_path}")
|
||||
logger.info(f"Core : {core_path}")
|
||||
logger.info(f"Plugins : {plugins_path}")
|
||||
logger.info(f"Pro plugins : {pro_plugins_path}")
|
||||
logger.info(f"Init : {args.init}")
|
||||
|
||||
integration = "Linux"
|
||||
|
|
@ -154,14 +125,16 @@ if __name__ == "__main__":
|
|||
apis = []
|
||||
|
||||
external_plugins = args.plugins
|
||||
pro_plugins = args.pro_plugins
|
||||
if not Path(sep, "usr", "sbin", "nginx").exists() and args.method == "ui":
|
||||
db = Database(logger, pool=False)
|
||||
external_plugins = db.get_plugins()
|
||||
external_plugins = db.get_plugins(_type="external")
|
||||
pro_plugins = db.get_plugins(_type="pro")
|
||||
|
||||
# Check existences and permissions
|
||||
logger.info("Checking arguments ...")
|
||||
files = [settings_path] + ([Path(normpath(args.variables))] if args.variables else [])
|
||||
paths_rx = [core_path, plugins_path]
|
||||
paths_rx = [core_path, plugins_path, pro_plugins_path]
|
||||
for file in files:
|
||||
if not file.is_file():
|
||||
logger.error(f"Missing file : {file}")
|
||||
|
|
@ -174,9 +147,7 @@ if __name__ == "__main__":
|
|||
logger.error(f"Missing directory : {path}")
|
||||
sys_exit(1)
|
||||
if not access(path, R_OK | X_OK):
|
||||
logger.error(
|
||||
f"Missing RX rights on directory : {path}",
|
||||
)
|
||||
logger.error(f"Missing RX rights on directory : {path}")
|
||||
sys_exit(1)
|
||||
|
||||
if args.variables:
|
||||
|
|
@ -185,13 +156,7 @@ if __name__ == "__main__":
|
|||
|
||||
# Compute the config
|
||||
logger.info("Computing config ...")
|
||||
config = Configurator(
|
||||
str(settings_path),
|
||||
str(core_path),
|
||||
external_plugins,
|
||||
str(variables_path),
|
||||
logger,
|
||||
)
|
||||
config = Configurator(str(settings_path), str(core_path), external_plugins, pro_plugins, str(variables_path), logger)
|
||||
config_files = config.get_config()
|
||||
custom_confs = []
|
||||
for k, v in environ.items():
|
||||
|
|
@ -262,13 +227,7 @@ if __name__ == "__main__":
|
|||
# Compute the config
|
||||
if not config_files:
|
||||
logger.info("Computing config ...")
|
||||
config = Configurator(
|
||||
args.settings,
|
||||
args.core,
|
||||
external_plugins,
|
||||
tmp_config,
|
||||
logger,
|
||||
)
|
||||
config = Configurator(args.settings, args.core, external_plugins, pro_plugins, tmp_config, logger)
|
||||
config_files = config.get_config()
|
||||
|
||||
bunkerweb_version = Path(sep, "usr", "share", "bunkerweb", "VERSION").read_text().strip()
|
||||
|
|
@ -279,11 +238,7 @@ if __name__ == "__main__":
|
|||
"Database not initialized, initializing ...",
|
||||
)
|
||||
ret, err = db.init_tables(
|
||||
[
|
||||
config.get_settings(),
|
||||
config.get_plugins("core"),
|
||||
config.get_plugins("external"),
|
||||
],
|
||||
[config.get_settings(), config.get_plugins("core"), config.get_plugins("external"), config.get_plugins("pro")],
|
||||
bunkerweb_version,
|
||||
)
|
||||
|
||||
|
|
@ -303,11 +258,7 @@ if __name__ == "__main__":
|
|||
logger.info("Database is already initialized, checking for changes ...")
|
||||
|
||||
ret, err = db.init_tables(
|
||||
[
|
||||
config.get_settings(),
|
||||
config.get_plugins("core"),
|
||||
config.get_plugins("external"),
|
||||
],
|
||||
[config.get_settings(), config.get_plugins("core"), config.get_plugins("external"), config.get_plugins("pro")],
|
||||
bunkerweb_version,
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ log "$service" "ℹ️" "Setup and check /data folder ..."
|
|||
|
||||
# Create folders if missing and check permissions
|
||||
rwx_folders=("cache" "cache/letsencrypt" "lib")
|
||||
rx_folders=("configs" "configs/http" "configs/stream" "configs/server-http" "configs/server-stream" "configs/default-server-http" "configs/default-server-stream" "configs/modsec" "configs/modsec-crs" "plugins" "www")
|
||||
rx_folders=("pro" "pro/plugins" "configs" "configs/http" "configs/stream" "configs/server-http" "configs/server-stream" "configs/default-server-http" "configs/default-server-stream" "configs/modsec" "configs/modsec-crs" "plugins" "www")
|
||||
for folder in "${rwx_folders[@]}" ; do
|
||||
if [ ! -d "/data/${folder}" ] ; then
|
||||
mkdir -p "/data/${folder}"
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ RUN cp helpers/bwcli /usr/bin/ && \
|
|||
chmod 755 /usr/bin/bwcli && \
|
||||
mkdir -p /etc/bunkerweb/configs /etc/bunkerweb/plugins /var/cache/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /var/lib/bunkerweb /var/www/html && \
|
||||
echo "Linux" > INTEGRATION && \
|
||||
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
|
||||
for dir in $(echo "plugins pro/plugins configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
|
||||
find . -path deps -prune -o -type f -exec chmod 0740 {} \; && \
|
||||
find . -path deps -prune -o -type d -exec chmod 0750 {} \; && \
|
||||
chmod 755 /var/log/bunkerweb && \
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ RUN cp helpers/bwcli /usr/bin/ && \
|
|||
chmod 755 /usr/bin/bwcli && \
|
||||
mkdir -p /etc/bunkerweb/configs /etc/bunkerweb/plugins /var/cache/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /var/lib/bunkerweb /var/www/html && \
|
||||
echo "Linux" > INTEGRATION && \
|
||||
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
|
||||
for dir in $(echo "plugins pro/plugins configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
|
||||
find . -path deps -prune -o -type f -exec chmod 0740 {} \; && \
|
||||
find . -path deps -prune -o -type d -exec chmod 0750 {} \; && \
|
||||
chmod 755 /var/log/bunkerweb && \
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ RUN cp helpers/bwcli /usr/bin/ && \
|
|||
chmod 755 /usr/bin/bwcli && \
|
||||
mkdir -p /etc/bunkerweb/configs /etc/bunkerweb/plugins /var/cache/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /var/lib/bunkerweb /var/www/html && \
|
||||
echo "Linux" > INTEGRATION && \
|
||||
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
|
||||
for dir in $(echo "plugins pro/plugins configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
|
||||
find . -path deps -prune -o -type f -exec chmod 0740 {} \; && \
|
||||
find . -path deps -prune -o -type d -exec chmod 0750 {} \; && \
|
||||
chmod 755 /var/log/bunkerweb && \
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ RUN cp helpers/bwcli /usr/bin/ && \
|
|||
chmod 755 /usr/bin/bwcli && \
|
||||
mkdir -p /etc/bunkerweb/configs /etc/bunkerweb/plugins /var/cache/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /var/lib/bunkerweb /var/www/html && \
|
||||
echo "Linux" > INTEGRATION && \
|
||||
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
|
||||
for dir in $(echo "plugins pro/plugins configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
|
||||
find . -path deps -prune -o -type f -exec chmod 0740 {} \; && \
|
||||
find . -path deps -prune -o -type d -exec chmod 0750 {} \; && \
|
||||
chmod 755 /var/log/bunkerweb && \
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ RUN cp helpers/bwcli /usr/bin/ && \
|
|||
chmod 755 /usr/bin/bwcli && \
|
||||
mkdir -p /etc/bunkerweb/configs /etc/bunkerweb/plugins /var/cache/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /var/lib/bunkerweb /var/www/html && \
|
||||
echo "Linux" > INTEGRATION && \
|
||||
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
|
||||
for dir in $(echo "plugins pro/plugins configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
|
||||
find . -path deps -prune -o -type f -exec chmod 0740 {} \; && \
|
||||
find . -path deps -prune -o -type d -exec chmod 0750 {} \; && \
|
||||
chmod 755 /var/log/bunkerweb && \
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@ RUN cp helpers/bwcli /usr/bin/ && \
|
|||
chmod 755 /usr/bin/bwcli && \
|
||||
mkdir -p /etc/bunkerweb/configs /etc/bunkerweb/plugins /var/cache/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /var/lib/bunkerweb /var/www/html && \
|
||||
echo "Linux" > INTEGRATION && \
|
||||
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
|
||||
for dir in $(echo "plugins pro/plugins configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
|
||||
find . -path deps -prune -o -type f -exec chmod 0740 {} \; && \
|
||||
find . -path deps -prune -o -type d -exec chmod 0750 {} \; && \
|
||||
chmod 755 /var/log/bunkerweb && \
|
||||
|
|
|
|||
|
|
@ -62,8 +62,8 @@ RUN apk add --no-cache bash libgcc libstdc++ libpq openssl libmagic && \
|
|||
mkdir -p /etc/bunkerweb && \
|
||||
mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
|
||||
mkdir -p /data/lib && ln -s /data/lib /var/lib/bunkerweb && \
|
||||
for dir in $(echo "configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
|
||||
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
|
||||
for dir in $(echo "pro configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
|
||||
for dir in $(echo "pro/plugins configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
|
||||
chown -R root:scheduler /data /etc/nginx /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb /usr/bin/bwcli && \
|
||||
chmod -R 770 /data /etc/nginx /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb && \
|
||||
find core/*/jobs/* -type f -exec chmod 750 {} \; && \
|
||||
|
|
|
|||
|
|
@ -77,15 +77,10 @@ class JobScheduler(ApiCaller):
|
|||
with self.__thread_lock:
|
||||
instances = self.__db.get_instances()
|
||||
for instance in instances:
|
||||
api = API(
|
||||
f"http://{instance['hostname']}:{instance['port']}",
|
||||
host=instance["server_name"],
|
||||
)
|
||||
api = API(f"http://{instance['hostname']}:{instance['port']}", host=instance["server_name"])
|
||||
apis.append(api)
|
||||
except:
|
||||
self.__logger.warning(
|
||||
f"Exception while getting jobs instances : {format_exc()}",
|
||||
)
|
||||
self.__logger.warning(f"Exception while getting jobs instances : {format_exc()}")
|
||||
return apis
|
||||
|
||||
def update_jobs(self):
|
||||
|
|
@ -93,7 +88,9 @@ class JobScheduler(ApiCaller):
|
|||
|
||||
def __get_jobs(self):
|
||||
jobs = {}
|
||||
for plugin_file in glob(join(sep, "usr", "share", "bunkerweb", "core", "*", "plugin.json")) + glob(join(sep, "etc", "bunkerweb", "plugins", "*", "plugin.json")): # core plugins # external plugins
|
||||
for plugin_file in (
|
||||
glob(join(sep, "usr", "share", "bunkerweb", "core", "*", "plugin.json")) + glob(join(sep, "etc", "bunkerweb", "plugins", "*", "plugin.json")) + glob(join(sep, "etc", "bunkerweb", "pro", "plugins", "*", "plugin.json"))
|
||||
): # core plugins # external plugins # pro plugins
|
||||
plugin_name = basename(dirname(plugin_file))
|
||||
jobs[plugin_name] = []
|
||||
try:
|
||||
|
|
@ -104,15 +101,7 @@ class JobScheduler(ApiCaller):
|
|||
plugin_jobs = plugin_data["jobs"]
|
||||
|
||||
for x, job in enumerate(deepcopy(plugin_jobs)):
|
||||
if not all(
|
||||
key in job.keys()
|
||||
for key in (
|
||||
"name",
|
||||
"file",
|
||||
"every",
|
||||
"reload",
|
||||
)
|
||||
):
|
||||
if not all(key in job.keys() for key in ("name", "file", "every", "reload")):
|
||||
self.__logger.warning(f"missing keys for job {job['name']} in plugin {plugin_name}, must have name, file, every and reload, ignoring job")
|
||||
plugin_jobs.pop(x)
|
||||
continue
|
||||
|
|
@ -140,9 +129,7 @@ class JobScheduler(ApiCaller):
|
|||
except FileNotFoundError:
|
||||
pass
|
||||
except:
|
||||
self.__logger.warning(
|
||||
f"Exception while getting jobs for plugin {plugin_name} : {format_exc()}",
|
||||
)
|
||||
self.__logger.warning(f"Exception while getting jobs for plugin {plugin_name} : {format_exc()}")
|
||||
return jobs
|
||||
|
||||
def __str_to_schedule(self, every: str) -> Job:
|
||||
|
|
@ -160,20 +147,12 @@ class JobScheduler(ApiCaller):
|
|||
reload = True
|
||||
if self.__integration not in ("Autoconf", "Swarm", "Kubernetes", "Docker"):
|
||||
self.__logger.info("Reloading nginx ...")
|
||||
proc = run(
|
||||
[join(sep, "usr", "sbin", "nginx"), "-s", "reload"],
|
||||
stdin=DEVNULL,
|
||||
stderr=PIPE,
|
||||
env=self.__env,
|
||||
check=False,
|
||||
)
|
||||
proc = run([join(sep, "usr", "sbin", "nginx"), "-s", "reload"], stdin=DEVNULL, stderr=PIPE, env=self.__env, check=False)
|
||||
reload = proc.returncode == 0
|
||||
if reload:
|
||||
self.__logger.info("Successfully reloaded nginx")
|
||||
else:
|
||||
self.__logger.error(
|
||||
f"Error while reloading nginx - returncode: {proc.returncode} - error: {proc.stderr.decode() if proc.stderr else 'Missing stderr'}",
|
||||
)
|
||||
self.__logger.error(f"Error while reloading nginx - returncode: {proc.returncode} - error: {proc.stderr.decode() if proc.stderr else 'Missing stderr'}")
|
||||
else:
|
||||
self.__logger.info("Reloading nginx ...")
|
||||
reload = self.send_to_apis("POST", "/reload")
|
||||
|
|
@ -184,33 +163,21 @@ class JobScheduler(ApiCaller):
|
|||
return reload
|
||||
|
||||
def __job_wrapper(self, path: str, plugin: str, name: str, file: str) -> int:
|
||||
self.__logger.info(
|
||||
f"Executing job {name} from plugin {plugin} ...",
|
||||
)
|
||||
self.__logger.info(f"Executing job {name} from plugin {plugin} ...")
|
||||
success = True
|
||||
ret = -1
|
||||
try:
|
||||
proc = run(
|
||||
join(path, "jobs", file),
|
||||
stdin=DEVNULL,
|
||||
stderr=STDOUT,
|
||||
env=self.__env,
|
||||
check=False,
|
||||
)
|
||||
proc = run(join(path, "jobs", file), stdin=DEVNULL, stderr=STDOUT, env=self.__env, check=False)
|
||||
ret = proc.returncode
|
||||
except BaseException:
|
||||
success = False
|
||||
self.__logger.error(
|
||||
f"Exception while executing job {name} from plugin {plugin} :\n{format_exc()}",
|
||||
)
|
||||
self.__logger.error(f"Exception while executing job {name} from plugin {plugin} :\n{format_exc()}")
|
||||
with self.__thread_lock:
|
||||
self.__job_success = False
|
||||
|
||||
if self.__job_success and ret >= 2:
|
||||
success = False
|
||||
self.__logger.error(
|
||||
f"Error while executing job {name} from plugin {plugin}",
|
||||
)
|
||||
self.__logger.error(f"Error while executing job {name} from plugin {plugin}")
|
||||
with self.__thread_lock:
|
||||
self.__job_success = False
|
||||
|
||||
|
|
@ -223,13 +190,9 @@ class JobScheduler(ApiCaller):
|
|||
err = self.__db.update_job(plugin, name, success)
|
||||
|
||||
if not err:
|
||||
self.__logger.info(
|
||||
f"Successfully updated database for the job {name} from plugin {plugin}",
|
||||
)
|
||||
self.__logger.info(f"Successfully updated database for the job {name} from plugin {plugin}")
|
||||
else:
|
||||
self.__logger.warning(
|
||||
f"Failed to update database for the job {name} from plugin {plugin}: {err}",
|
||||
)
|
||||
self.__logger.warning(f"Failed to update database for the job {name} from plugin {plugin}: {err}")
|
||||
|
||||
def setup(self):
|
||||
for plugin, jobs in self.__jobs.items():
|
||||
|
|
@ -242,9 +205,7 @@ class JobScheduler(ApiCaller):
|
|||
if every != "once":
|
||||
self.__str_to_schedule(every).do(self.__job_wrapper, path, plugin, name, file)
|
||||
except:
|
||||
self.__logger.error(
|
||||
f"Exception while scheduling jobs for plugin {plugin} : {format_exc()}",
|
||||
)
|
||||
self.__logger.error(f"Exception while scheduling jobs for plugin {plugin} : {format_exc()}")
|
||||
|
||||
def run_pending(self) -> bool:
|
||||
if self.__lock:
|
||||
|
|
@ -278,9 +239,7 @@ class JobScheduler(ApiCaller):
|
|||
success = False
|
||||
except:
|
||||
success = False
|
||||
self.__logger.error(
|
||||
f"Exception while reloading after job scheduling : {format_exc()}",
|
||||
)
|
||||
self.__logger.error(f"Exception while reloading after job scheduling : {format_exc()}")
|
||||
|
||||
if self.__lock:
|
||||
self.__lock.release()
|
||||
|
|
@ -332,8 +291,6 @@ class JobScheduler(ApiCaller):
|
|||
ret = self.run_once()
|
||||
self.setup()
|
||||
except:
|
||||
self.__logger.error(
|
||||
f"Exception while reloading scheduler {format_exc()}",
|
||||
)
|
||||
self.__logger.error(f"Exception while reloading scheduler {format_exc()}")
|
||||
return False
|
||||
return ret
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ from tarfile import open as tar_open
|
|||
from threading import Thread
|
||||
from time import sleep
|
||||
from traceback import format_exc
|
||||
from typing import Any, Dict, List, Optional, Union
|
||||
from typing import Any, Dict, List, Literal, Optional, Union
|
||||
|
||||
for deps_path in [join(sep, "usr", "share", "bunkerweb", *paths) for paths in (("deps", "python"), ("utils",), ("api",), ("db",))]:
|
||||
if deps_path not in sys_path:
|
||||
|
|
@ -34,6 +34,8 @@ RUN = True
|
|||
SCHEDULER: Optional[JobScheduler] = None
|
||||
INTEGRATION = "Linux"
|
||||
CACHE_PATH = join(sep, "var", "cache", "bunkerweb")
|
||||
EXTERNAL_PLUGINS_PATH = Path(sep, "etc", "bunkerweb", "plugins")
|
||||
PRO_PLUGINS_PATH = Path(sep, "etc", "bunkerweb", "pro", "plugins")
|
||||
SCHEDULER_TMP_ENV_PATH = Path(sep, "var", "tmp", "bunkerweb", "scheduler.env")
|
||||
SCHEDULER_TMP_ENV_PATH.parent.mkdir(parents=True, exist_ok=True)
|
||||
SCHEDULER_TMP_ENV_PATH.touch()
|
||||
|
|
@ -61,13 +63,9 @@ def handle_reload(signum, frame):
|
|||
else:
|
||||
logger.error("Reload failed")
|
||||
else:
|
||||
logger.warning(
|
||||
"Ignored reload operation because scheduler is not running ...",
|
||||
)
|
||||
logger.warning("Ignored reload operation because scheduler is not running ...")
|
||||
except:
|
||||
logger.error(
|
||||
f"Exception while reloading scheduler : {format_exc()}",
|
||||
)
|
||||
logger.error(f"Exception while reloading scheduler : {format_exc()}")
|
||||
|
||||
|
||||
signal(SIGHUP, handle_reload)
|
||||
|
|
@ -79,11 +77,7 @@ def stop(status):
|
|||
_exit(status)
|
||||
|
||||
|
||||
def generate_custom_configs(
|
||||
configs: List[Dict[str, Any]],
|
||||
*,
|
||||
original_path: Union[Path, str] = join(sep, "etc", "bunkerweb", "configs"),
|
||||
):
|
||||
def generate_custom_configs(configs: List[Dict[str, Any]], *, original_path: Union[Path, str] = join(sep, "etc", "bunkerweb", "configs")):
|
||||
if not isinstance(original_path, Path):
|
||||
original_path = Path(original_path)
|
||||
|
||||
|
|
@ -113,21 +107,16 @@ def generate_custom_configs(
|
|||
ret = SCHEDULER.send_files(original_path, "/custom_configs")
|
||||
|
||||
if not ret:
|
||||
logger.error(
|
||||
"Sending custom configs failed, configuration will not work as expected...",
|
||||
)
|
||||
logger.error("Sending custom configs failed, configuration will not work as expected...")
|
||||
|
||||
|
||||
def generate_external_plugins(
|
||||
plugins: List[Dict[str, Any]],
|
||||
*,
|
||||
original_path: Union[Path, str] = join(sep, "etc", "bunkerweb", "plugins"),
|
||||
):
|
||||
def generate_external_plugins(plugins: List[Dict[str, Any]], *, original_path: Union[Path, str] = EXTERNAL_PLUGINS_PATH):
|
||||
if not isinstance(original_path, Path):
|
||||
original_path = Path(original_path)
|
||||
pro = original_path.as_posix().endswith("/pro/plugins")
|
||||
|
||||
# Remove old external plugins files
|
||||
logger.info("Removing old external plugins files ...")
|
||||
# Remove old external/pro plugins files
|
||||
logger.info(f"Removing old {'pro ' if pro else ''}external plugins files ...")
|
||||
for file in glob(str(original_path.joinpath("*"))):
|
||||
file = Path(file)
|
||||
if file.is_symlink() or file.is_file():
|
||||
|
|
@ -136,7 +125,7 @@ def generate_external_plugins(
|
|||
rmtree(file, ignore_errors=True)
|
||||
|
||||
if plugins:
|
||||
logger.info("Generating new external plugins ...")
|
||||
logger.info(f"Generating new {'pro ' if pro else ''}external plugins ...")
|
||||
original_path.mkdir(parents=True, exist_ok=True)
|
||||
for plugin in plugins:
|
||||
tmp_path = original_path.joinpath(plugin["id"], f"{plugin['name']}.tar.gz")
|
||||
|
|
@ -151,13 +140,11 @@ def generate_external_plugins(
|
|||
chmod(job_file, st.st_mode | S_IEXEC)
|
||||
|
||||
if SCHEDULER and SCHEDULER.apis:
|
||||
logger.info("Sending plugins to BunkerWeb")
|
||||
ret = SCHEDULER.send_files(original_path, "/plugins")
|
||||
logger.info(f"Sending {'pro ' if pro else ''}external plugins to BunkerWeb")
|
||||
ret = SCHEDULER.send_files(original_path, "/pro_plugins" if original_path.as_posix().endswith("/pro/plugins") else "/plugins")
|
||||
|
||||
if not ret:
|
||||
logger.error(
|
||||
"Sending plugins failed, configuration will not work as expected...",
|
||||
)
|
||||
logger.error(f"Sending {'pro ' if pro else ''}external plugins failed, configuration will not work as expected...")
|
||||
|
||||
|
||||
def dict_to_frozenset(d):
|
||||
|
|
@ -181,9 +168,7 @@ if __name__ == "__main__":
|
|||
# Don't execute if pid file exists
|
||||
pid_path = Path(sep, "var", "run", "bunkerweb", "scheduler.pid")
|
||||
if pid_path.is_file():
|
||||
logger.error(
|
||||
"Scheduler is already running, skipping execution ...",
|
||||
)
|
||||
logger.error("Scheduler is already running, skipping execution ...")
|
||||
_exit(1)
|
||||
|
||||
# Write pid to file
|
||||
|
|
@ -193,11 +178,7 @@ if __name__ == "__main__":
|
|||
|
||||
# Parse arguments
|
||||
parser = ArgumentParser(description="Job scheduler for BunkerWeb")
|
||||
parser.add_argument(
|
||||
"--variables",
|
||||
type=str,
|
||||
help="path to the file containing environment variables",
|
||||
)
|
||||
parser.add_argument("--variables", type=str, help="path to the file containing environment variables")
|
||||
args = parser.parse_args()
|
||||
|
||||
integration_path = Path(sep, "usr", "share", "bunkerweb", "INTEGRATION")
|
||||
|
|
@ -226,21 +207,13 @@ if __name__ == "__main__":
|
|||
)
|
||||
env = {}
|
||||
|
||||
if INTEGRATION in (
|
||||
"Swarm",
|
||||
"Kubernetes",
|
||||
"Autoconf",
|
||||
):
|
||||
if INTEGRATION in ("Swarm", "Kubernetes", "Autoconf"):
|
||||
while not db.is_initialized():
|
||||
logger.warning(
|
||||
"Database is not initialized, retrying in 5s ...",
|
||||
)
|
||||
logger.warning("Database is not initialized, retrying in 5s ...")
|
||||
sleep(5)
|
||||
|
||||
while not db.is_autoconf_loaded():
|
||||
logger.warning(
|
||||
"Autoconf is not loaded yet in the database, retrying in 5s ...",
|
||||
)
|
||||
logger.warning("Autoconf is not loaded yet in the database, retrying in 5s ...")
|
||||
sleep(5)
|
||||
|
||||
env = db.get_config()
|
||||
|
|
@ -259,21 +232,15 @@ if __name__ == "__main__":
|
|||
check=False,
|
||||
)
|
||||
if proc.returncode != 0:
|
||||
logger.error(
|
||||
"Config saver failed, configuration will not work as expected...",
|
||||
)
|
||||
logger.error("Config saver failed, configuration will not work as expected...")
|
||||
|
||||
while not db.is_initialized():
|
||||
logger.warning(
|
||||
"Database is not initialized, retrying in 5s ...",
|
||||
)
|
||||
logger.warning("Database is not initialized, retrying in 5s ...")
|
||||
sleep(5)
|
||||
|
||||
env = db.get_config()
|
||||
while not db.is_first_config_saved() or not env:
|
||||
logger.warning(
|
||||
"Database doesn't have any config saved yet, retrying in 5s ...",
|
||||
)
|
||||
logger.warning("Database doesn't have any config saved yet, retrying in 5s ...")
|
||||
sleep(5)
|
||||
env = db.get_config()
|
||||
else:
|
||||
|
|
@ -290,9 +257,7 @@ if __name__ == "__main__":
|
|||
SCHEDULER.auto_setup()
|
||||
|
||||
if not SCHEDULER.apis:
|
||||
logger.warning(
|
||||
"No BunkerWeb API found, retrying in 5s ...",
|
||||
)
|
||||
logger.warning("No BunkerWeb API found, retrying in 5s ...")
|
||||
sleep(5)
|
||||
db.update_instances([api_to_instance(api) for api in SCHEDULER.apis])
|
||||
|
||||
|
|
@ -337,73 +302,66 @@ if __name__ == "__main__":
|
|||
if changes:
|
||||
err = db.save_custom_configs(custom_configs, "manual")
|
||||
if err:
|
||||
logger.error(
|
||||
f"Couldn't save some manually created custom configs to database: {err}",
|
||||
)
|
||||
logger.error(f"Couldn't save some manually created custom configs to database: {err}")
|
||||
|
||||
if (scheduler_first_start and db_configs) or changes:
|
||||
Thread(
|
||||
target=generate_custom_configs,
|
||||
args=(db.get_custom_configs(),),
|
||||
kwargs={"original_path": configs_path},
|
||||
).start()
|
||||
Thread(target=generate_custom_configs, args=(db.get_custom_configs(),), kwargs={"original_path": configs_path}).start()
|
||||
|
||||
del custom_configs, db_configs
|
||||
|
||||
# Check if any external plugin has been added by the user
|
||||
external_plugins = []
|
||||
db_plugins = db.get_plugins(_type="external")
|
||||
plugins_dir = Path(sep, "etc", "bunkerweb", "plugins")
|
||||
for filename in glob(str(plugins_dir.joinpath("*", "plugin.json"))):
|
||||
with open(filename, "r", encoding="utf-8") as f:
|
||||
_dir = dirname(filename)
|
||||
plugin_content = BytesIO()
|
||||
with tar_open(fileobj=plugin_content, mode="w:gz", compresslevel=9) as tar:
|
||||
tar.add(_dir, arcname=basename(_dir), recursive=True)
|
||||
plugin_content.seek(0, 0)
|
||||
value = plugin_content.getvalue()
|
||||
def check_plugin_changes(_type: Literal["external", "pro"] = "external"):
|
||||
# Check if any external or pro plugin has been added by the user
|
||||
external_plugins = []
|
||||
db_plugins = db.get_plugins(_type=_type)
|
||||
for filename in glob(str((EXTERNAL_PLUGINS_PATH if _type == "external" else PRO_PLUGINS_PATH).joinpath("*", "plugin.json"))):
|
||||
with open(filename, "r", encoding="utf-8") as f:
|
||||
_dir = dirname(filename)
|
||||
plugin_content = BytesIO()
|
||||
with tar_open(fileobj=plugin_content, mode="w:gz", compresslevel=9) as tar:
|
||||
tar.add(_dir, arcname=basename(_dir), recursive=True)
|
||||
plugin_content.seek(0, 0)
|
||||
value = plugin_content.getvalue()
|
||||
|
||||
external_plugins.append(
|
||||
json_load(f)
|
||||
| {
|
||||
"external": True,
|
||||
"page": Path(_dir, "ui").exists(),
|
||||
"method": "manual",
|
||||
"data": value,
|
||||
"checksum": sha256(value).hexdigest(),
|
||||
}
|
||||
external_plugins.append(
|
||||
json_load(f)
|
||||
| {
|
||||
"type": _type,
|
||||
"page": Path(_dir, "ui").exists(),
|
||||
"method": "manual",
|
||||
"data": value,
|
||||
"checksum": sha256(value).hexdigest(),
|
||||
}
|
||||
)
|
||||
|
||||
tmp_external_plugins = []
|
||||
for external_plugin in deepcopy(external_plugins):
|
||||
external_plugin.pop("data", None)
|
||||
external_plugin.pop("checksum", None)
|
||||
external_plugin.pop("jobs", None)
|
||||
external_plugin.pop("method", None)
|
||||
tmp_external_plugins.append(external_plugin)
|
||||
|
||||
tmp_db_plugins = []
|
||||
for db_plugin in db_plugins.copy():
|
||||
db_plugin.pop("method", None)
|
||||
tmp_db_plugins.append(db_plugin)
|
||||
|
||||
changes = {hash(dict_to_frozenset(d)) for d in tmp_external_plugins} != {hash(dict_to_frozenset(d)) for d in tmp_db_plugins}
|
||||
|
||||
if changes:
|
||||
err = db.update_external_plugins(external_plugins, _type=_type, delete_missing=True)
|
||||
if err:
|
||||
logger.error(f"Couldn't save some manually added {_type} plugins to database: {err}")
|
||||
|
||||
if (scheduler_first_start and db_plugins) or changes:
|
||||
generate_external_plugins(
|
||||
db.get_plugins(_type=_type, with_data=True),
|
||||
original_path=EXTERNAL_PLUGINS_PATH if _type == "external" else PRO_PLUGINS_PATH,
|
||||
)
|
||||
SCHEDULER.update_jobs()
|
||||
|
||||
tmp_external_plugins = []
|
||||
for external_plugin in deepcopy(external_plugins):
|
||||
external_plugin.pop("data", None)
|
||||
external_plugin.pop("checksum", None)
|
||||
external_plugin.pop("jobs", None)
|
||||
external_plugin.pop("method", None)
|
||||
tmp_external_plugins.append(external_plugin)
|
||||
|
||||
tmp_db_plugins = []
|
||||
for db_plugin in db_plugins.copy():
|
||||
db_plugin.pop("method", None)
|
||||
tmp_db_plugins.append(db_plugin)
|
||||
|
||||
changes = {hash(dict_to_frozenset(d)) for d in tmp_external_plugins} != {hash(dict_to_frozenset(d)) for d in tmp_db_plugins}
|
||||
|
||||
if changes:
|
||||
err = db.update_external_plugins(external_plugins, delete_missing=True)
|
||||
if err:
|
||||
logger.error(
|
||||
f"Couldn't save some manually added plugins to database: {err}",
|
||||
)
|
||||
|
||||
if (scheduler_first_start and db_plugins) or changes:
|
||||
generate_external_plugins(
|
||||
db.get_plugins(_type="external", with_data=True),
|
||||
original_path=plugins_dir,
|
||||
)
|
||||
SCHEDULER.update_jobs()
|
||||
|
||||
del tmp_external_plugins, external_plugins, db_plugins
|
||||
check_plugin_changes("external")
|
||||
check_plugin_changes("pro")
|
||||
|
||||
logger.info("Executing scheduler ...")
|
||||
|
||||
|
|
@ -426,9 +384,7 @@ if __name__ == "__main__":
|
|||
logger.info(f"Sending {join(sep, 'etc', 'nginx')} folder ...")
|
||||
ret = SCHEDULER.send_files(join(sep, "etc", "nginx"), "/confs")
|
||||
if not ret:
|
||||
logger.error(
|
||||
"Sending nginx configs failed, configuration will not work as expected...",
|
||||
)
|
||||
logger.error("Sending nginx configs failed, configuration will not work as expected...")
|
||||
|
||||
def send_nginx_cache():
|
||||
logger.info(f"Sending {CACHE_PATH} folder ...")
|
||||
|
|
@ -498,14 +454,9 @@ if __name__ == "__main__":
|
|||
)
|
||||
|
||||
if proc.returncode != 0:
|
||||
logger.error(
|
||||
"Config generator failed, configuration will not work as expected...",
|
||||
)
|
||||
logger.error("Config generator failed, configuration will not work as expected...")
|
||||
else:
|
||||
copy(
|
||||
str(nginx_variables_path),
|
||||
join(sep, "var", "tmp", "bunkerweb", "variables.env"),
|
||||
)
|
||||
copy(str(nginx_variables_path), join(sep, "var", "tmp", "bunkerweb", "variables.env"))
|
||||
|
||||
if SCHEDULER.apis:
|
||||
# send nginx configs
|
||||
|
|
@ -542,15 +493,14 @@ if __name__ == "__main__":
|
|||
else:
|
||||
logger.warning("No BunkerWeb instance found, skipping nginx reload ...")
|
||||
except:
|
||||
logger.error(
|
||||
f"Exception while reloading after running jobs once scheduling : {format_exc()}",
|
||||
)
|
||||
logger.error(f"Exception while reloading after running jobs once scheduling : {format_exc()}")
|
||||
|
||||
NEED_RELOAD = False
|
||||
RUN_JOBS_ONCE = False
|
||||
CONFIG_NEED_GENERATION = False
|
||||
CONFIGS_NEED_GENERATION = False
|
||||
PLUGINS_NEED_GENERATION = False
|
||||
PRO_PLUGINS_NEED_GENERATION = False
|
||||
INSTANCES_NEED_GENERATION = False
|
||||
|
||||
# infinite schedule for the jobs
|
||||
|
|
@ -567,6 +517,11 @@ if __name__ == "__main__":
|
|||
stop(1)
|
||||
|
||||
# check if the plugins have changed since last time
|
||||
if changes["pro_plugins_changed"]:
|
||||
logger.info("Pro plugins changed, generating ...")
|
||||
changes["external_plugins_changed"] = True
|
||||
PRO_PLUGINS_NEED_GENERATION = True
|
||||
|
||||
if changes["external_plugins_changed"]:
|
||||
logger.info("External plugins changed, generating ...")
|
||||
|
||||
|
|
@ -650,10 +605,12 @@ if __name__ == "__main__":
|
|||
|
||||
if PLUGINS_NEED_GENERATION:
|
||||
CHANGES.append("external_plugins")
|
||||
generate_external_plugins(
|
||||
db.get_plugins(_type="external", with_data=True),
|
||||
original_path=plugins_dir,
|
||||
)
|
||||
generate_external_plugins(db.get_plugins(_type="external", with_data=True))
|
||||
SCHEDULER.update_jobs()
|
||||
|
||||
if PRO_PLUGINS_NEED_GENERATION:
|
||||
CHANGES.append("pro_plugins")
|
||||
generate_external_plugins(db.get_plugins(_type="pro", with_data=True), original_path=PRO_PLUGINS_PATH)
|
||||
SCHEDULER.update_jobs()
|
||||
|
||||
if CONFIG_NEED_GENERATION:
|
||||
|
|
@ -662,7 +619,5 @@ if __name__ == "__main__":
|
|||
env["DATABASE_URI"] = db.database_uri
|
||||
|
||||
except:
|
||||
logger.error(
|
||||
f"Exception while executing scheduler : {format_exc()}",
|
||||
)
|
||||
logger.error(f"Exception while executing scheduler : {format_exc()}")
|
||||
stop(1)
|
||||
|
|
|
|||
|
|
@ -57,8 +57,8 @@ RUN apk add --no-cache bash && \
|
|||
mkdir -p /data/cache && ln -s /data/cache /var/cache/bunkerweb && \
|
||||
mkdir -p /data/lib && ln -s /data/lib /var/lib/bunkerweb && \
|
||||
mkdir -p /var/log/bunkerweb/ && \
|
||||
for dir in $(echo "configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
|
||||
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
|
||||
for dir in $(echo "pro configs plugins") ; do mkdir -p "/data/${dir}" && ln -s "/data/${dir}" "/etc/bunkerweb/${dir}" ; done && \
|
||||
for dir in $(echo "pro/plugins configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir "/data/${dir}" ; done && \
|
||||
chown -R root:ui /data && \
|
||||
chmod -R 770 /data && \
|
||||
chown -R root:ui INTEGRATION /var/cache/bunkerweb /var/lib/bunkerweb /etc/bunkerweb /var/tmp/bunkerweb /var/run/bunkerweb /var/log/bunkerweb && \
|
||||
|
|
|
|||
Loading…
Reference in a new issue