m26508134
/
docklet
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add CsrfProtect

This commit is contained in:
zhuyj17 2018-12-10 01:14:28 +08:00
parent 11f0fe14d3
commit 186a9003b2
17 changed files with 36 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
prepare.sh
View File

@ -23,6 +23,7 @@ apt-get install -y nodejs nodejs-legacy npm
apt-get install -y etcd apt-get install -y etcd
apt-get install -y glusterfs-client attr apt-get install -y glusterfs-client attr
apt-get install -y nginx apt-get install -y nginx
pip3 install Flask-WTF
#add ip forward #add ip forward
echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf

4
web/templates/addCluster.html
View File

@ -38,7 +38,7 @@
</div> </div>
<div class="box-body"> <div class="box-body">
<form id="form" class="form-horizontal" action="/workspace/{{masterips[0].split("@")[0]}}/add/" method="POST"> <form id="form" class="form-horizontal" action="/workspace/{{masterips[0].split("@")[0]}}/add/" method="POST">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="form-group"><label class="col-sm-2 control-label">Workspace Name</label> <div class="form-group"><label class="col-sm-2 control-label">Workspace Name</label>
<div class="col-sm-10"><input type="text" class="form-control" name="clusterName" id="clusterName"></div> <div class="col-sm-10"><input type="text" class="form-control" name="clusterName" id="clusterName"></div>
</div> </div>
@ -94,7 +94,7 @@
<td>{{image['name']}}</td> <td>{{image['name']}}</td>
<td>public</td> <td>public</td>
<td>{{p_user}}</td> <td>{{p_user}}</td>
<td>{{image['size_format']}}</td> <td>{{image['size_format']}}</td>
<td><a href="/image/{{masterips[0].split("@")[0]}}/description/{{image['name']}}_{{p_user}}_public/" target="_blank">{{image['description']}}</a></td> <td><a href="/image/{{masterips[0].split("@")[0]}}/description/{{image['name']}}_{{p_user}}_public/" target="_blank">{{image['description']}}</a></td>
<td><div class="i-checks"><label><input type="radio" name="image" value="{{image['name']}}_{{p_user}}_public" onchange="setMinDiskSize({{image['size_in_mb']}})"></label></div></td> <td><div class="i-checks"><label><input type="radio" name="image" value="{{image['name']}}_{{p_user}}_public" onchange="setMinDiskSize({{image['size_in_mb']}})"></label></div></td>
</tr> </tr>

4
web/templates/base_AdminLTE.html
View File

@ -117,6 +117,7 @@
<ul class="dropdown-menu"> <ul class="dropdown-menu">
<!-- The user image in the menu --> <!-- The user image in the menu -->
<form action="/bug/report/" method="POST"> <form action="/bug/report/" method="POST">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<textarea id="bugmessage" name="bugmessage" style="width:250px; height:200px"></textarea> <textarea id="bugmessage" name="bugmessage" style="width:250px; height:200px"></textarea>
<li class="user-footer" style="background-color:#e6e6e6"> <li class="user-footer" style="background-color:#e6e6e6">
<div class="pull-right"> <div class="pull-right">
@ -290,6 +291,9 @@
</script> </script>
<script type="text/javascript"> <script type="text/javascript">
$.ajaxSetup({
headers: {'X-CSRFToken':'{{ csrf_token() }}'},
});
var ajaxCfg = { var ajaxCfg = {
type : "post", type : "post",
url : '/notification/query_self/', url : '/notification/query_self/',

1
web/templates/beansapplication.html
View File

@ -48,6 +48,7 @@
</div> </div>
<div class="modal-body"> <div class="modal-body">
<form action="/beans/apply/" method="POST" id="beansapplyForm"> <form action="/beans/apply/" method="POST" id="beansapplyForm">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="form-group"> <div class="form-group">
<label>Number</label><small class="font-bold"> How many beans do you need?</small> <label>Number</label><small class="font-bold"> How many beans do you need?</small>
<input type="number" class="form-control" placeholder="100-5000" name="number" id="number" min="100" max="5000" required /> <input type="number" class="form-control" placeholder="100-5000" name="number" id="number" min="100" max="5000" required />

1
web/templates/cloud.html
View File

@ -55,6 +55,7 @@
</div> </div>
<div class="box-body table-responsive"> <div class="box-body table-responsive">
<form action="/cloud/{{master.split("@")[0]}}/setting/modify/" method="POST"> <form action="/cloud/{{master.split("@")[0]}}/setting/modify/" method="POST">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<textarea id="setting" name="setting" class="form-control" rows="20">{{ info['result'] }}</textarea> <textarea id="setting" name="setting" class="form-control" rows="20">{{ info['result'] }}</textarea>
<button type="submit" class="btn btn-primary">Save</button> <button type="submit" class="btn btn-primary">Save</button>
</form> </form>

4
web/templates/config.html
View File

@ -74,6 +74,7 @@
<div class="modal-body"> <div class="modal-body">
<div class="form-group"> <div class="form-group">
<form action="/workspace/{{master.split("@")[0]}}/scaleout/{{ clustername }}/" method="POST" > <form action="/workspace/{{master.split("@")[0]}}/scaleout/{{ clustername }}/" method="POST" >
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<table class="table table-striped table-bordered table-hover table-image"> <table class="table table-striped table-bordered table-hover table-image">
<thead> <thead>
<tr> <tr>
@ -199,6 +200,7 @@
<div class="modal-body"> <div class="modal-body">
<div class="form-group"> <div class="form-group">
<form action="/workspace/{{master.split("@")[0]}}/save/{{ clustername }}/{{ container['containername'] }}/" method="POST" id="saveImage"> <form action="/workspace/{{master.split("@")[0]}}/save/{{ clustername }}/{{ container['containername'] }}/" method="POST" id="saveImage">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<label>Image Name</label> <label>Image Name</label>
<input type="text" placeholder="Enter Image Name" class="form-control" name="ImageName" id="ImageName"/> <input type="text" placeholder="Enter Image Name" class="form-control" name="ImageName" id="ImageName"/>
<br/> <br/>
@ -249,6 +251,7 @@
</div> </div>
<div class="modal-body"> <div class="modal-body">
<form action="/port_mapping/add/{{master.split("@")[0]}}/" method="POST" id="AddportsmappingForm"> <form action="/port_mapping/add/{{master.split("@")[0]}}/" method="POST" id="AddportsmappingForm">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="form-group"> <div class="form-group">
<label>Cluster Name</label> <label>Cluster Name</label>
<input type = "text" value="{{ clustername }}" class="form-control" name="clustername" readonly="readonly"> <input type = "text" value="{{ clustername }}" class="form-control" name="clustername" readonly="readonly">
@ -376,6 +379,7 @@
</div> </div>
<div class="modal-body"> <div class="modal-body">
<form action="/image/{{master.split("@")[0]}}/copy/{{image['name']}}/" method="POST" id="CopyImageForm"> <form action="/image/{{master.split("@")[0]}}/copy/{{image['name']}}/" method="POST" id="CopyImageForm">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<table class="table table-striped table-bordered table-hover table-image"> <table class="table table-striped table-bordered table-hover table-image">
<thead> <thead>
<tr> <tr>

1
web/templates/create_notification.html
View File

@ -37,6 +37,7 @@
<div class="box-body"> <div class="box-body">
<form id="notificationForm" class="form-horizontal" action="/notification/create/" method="post"> <form id="notificationForm" class="form-horizontal" action="/notification/create/" method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="form-group"> <div class="form-group">
<label class="col-sm-2 control-label">Title</label> <label class="col-sm-2 control-label">Title</label>
<div class="col-sm-10"> <div class="col-sm-10">

1
web/templates/listcontainer.html
View File

@ -76,6 +76,7 @@
<div class="modal-body"> <div class="modal-body">
<div class="form-group"> <div class="form-group">
<form action="/cluster/save/{{ clustername }}/{{ container['containername'] }}/" method="GET" id="saveImage"> <form action="/cluster/save/{{ clustername }}/{{ container['containername'] }}/" method="GET" id="saveImage">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<label>Image Name</label> <label>Image Name</label>
<input type="text" placeholder="Enter image name" class="form-control" name="ImageName" id="ImageName"/> <input type="text" placeholder="Enter image name" class="form-control" name="ImageName" id="ImageName"/>
<div class="modal-footer"> <div class="modal-footer">

1
web/templates/login.html
View File

@ -32,6 +32,7 @@
<p class="login-box-msg">An easy and quick way to launch your DISTRIBUTED applications!</p> <p class="login-box-msg">An easy and quick way to launch your DISTRIBUTED applications!</p>
<form action="" method="POST"> <form action="" method="POST">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="form-group has-feedback"> <div class="form-group has-feedback">
<input type="text" class="form-control" placeholder="Username" name="username"> <input type="text" class="form-control" placeholder="Username" name="username">
<span class="glyphicon glyphicon-user form-control-feedback"></span> <span class="glyphicon glyphicon-user form-control-feedback"></span>

2
web/templates/notification.html
View File

@ -111,6 +111,7 @@
</div> </div>
<div class="modal-body"> <div class="modal-body">
<form id="modifyNotificationForm_{{ notify['id'] }}" action="/notification/modify/" method="post"> <form id="modifyNotificationForm_{{ notify['id'] }}" action="/notification/modify/" method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="form-group"> <div class="form-group">
<label>Title</label> <label>Title</label>
<input type="text" class="form-control" name="title" value="{{ notify['title'] }}"> <input type="text" class="form-control" name="title" value="{{ notify['title'] }}">
@ -184,6 +185,7 @@
<div class="modal-body"> <div class="modal-body">
<strong class="text-center">Are you sure to do this?</strong> <strong class="text-center">Are you sure to do this?</strong>
<form id="deleteNotificationForm_{{ notify['id'] }}" style="display: none" action="/notification/delete/" method="post"> <form id="deleteNotificationForm_{{ notify['id'] }}" style="display: none" action="/notification/delete/" method="post">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<input type="text" class="form-control" name="notify_id" style="display: none" value="{{ notify['id'] }}"> <input type="text" class="form-control" name="notify_id" style="display: none" value="{{ notify['id'] }}">
</form> </form>
</div> </div>

1
web/templates/register.html
View File

@ -29,6 +29,7 @@
<div class="login-box-body"> <div class="login-box-body">
<p class="login-box-msg">An easy and quick way to launch your DISTRIBUTED applications!</p> <p class="login-box-msg">An easy and quick way to launch your DISTRIBUTED applications!</p>
<form class="m-t" role="form" action="" id="activateForm" method="POST"> <form class="m-t" role="form" action="" id="activateForm" method="POST">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="form-group"> <div class="form-group">
<input type="text" class="form-control" placeholder="username" required="" name="username"> <input type="text" class="form-control" placeholder="username" required="" name="username">
</div> </div>

1
web/templates/saveconfirm.html
View File

@ -23,6 +23,7 @@
{% block content %} {% block content %}
<div class="box-body text-center p-md"> <div class="box-body text-center p-md">
<form action="/workspace/{{masterip}}/save/{{ clustername }}/{{ containername }}/force/" method="POST"> <form action="/workspace/{{masterip}}/save/{{ clustername }}/{{ containername }}/force/" method="POST">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<label>Image:</label> <label>Image:</label>
<input type="text" name="ImageName" id="ImageName" readonly="true" value="{{ image }}"/> <input type="text" name="ImageName" id="ImageName" readonly="true" value="{{ image }}"/>
<label> exists, are you sure to overwrite it?</label> <label> exists, are you sure to overwrite it?</label>

9
web/templates/settings.html
View File

@ -51,6 +51,7 @@
<div class="modal-body"> <div class="modal-body">
<form action="/group/add/" method="POST" id="addGroupForm"> <form action="/group/add/" method="POST" id="addGroupForm">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="form-group"> <div class="form-group">
<label>Name</label> <label>Name</label>
<input type="text" placeholder="Enter Name" class="form-control" name="groupname"/> <input type="text" placeholder="Enter Name" class="form-control" name="groupname"/>
@ -87,6 +88,7 @@
<div class="modal-body"> <div class="modal-body">
<form action="/quota/add/" method="POST" id="addQuotaForm"> <form action="/quota/add/" method="POST" id="addQuotaForm">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="form-group"> <div class="form-group">
<label>Name</label> <label>Name</label>
<input type="text" placeholder="Enter Name" class="form-control" name="quotaname"/> <input type="text" placeholder="Enter Name" class="form-control" name="quotaname"/>
@ -121,6 +123,7 @@
</div> </div>
<div class="modal-body"> <div class="modal-body">
<form action="/quota/chdefault/" method="POST" id="chDefaultForm"> <form action="/quota/chdefault/" method="POST" id="chDefaultForm">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="form-group"> <div class="form-group">
<label>Default Group</label> <label>Default Group</label>
<select class="form-control" name="defaultgroup" value={{ defaultgroup }} /> <select class="form-control" name="defaultgroup" value={{ defaultgroup }} />
@ -176,6 +179,7 @@
<small class="font-bold">Modify a group in Docklet</small> <small class="font-bold">Modify a group in Docklet</small>
</div> </div>
<form action="/group/modify/{{group['name']}}/" method="POST" > <form action="/group/modify/{{group['name']}}/" method="POST" >
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="modal-body"> <div class="modal-body">
<div class="form-group"> <div class="form-group">
<label>Name</label> <label>Name</label>
@ -276,6 +280,7 @@
</div> </div>
<div class="box-body"> <div class="box-body">
<form id="chlxcsetting" class="form-horizontal" action="/quota/chlxcsetting/" method="POST"> <form id="chlxcsetting" class="form-horizontal" action="/quota/chlxcsetting/" method="POST">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="form-group"> <div class="form-group">
<label class="control-label col-sm-2">CPU</label> <label class="control-label col-sm-2">CPU</label>
<div class="col-sm-8"><input type="number" class="form-control" name="lxcCpu" id="lxcCpu" value={{lxcsetting['cpu']}} />CORE</div> <div class="col-sm-8"><input type="number" class="form-control" name="lxcCpu" id="lxcCpu" value={{lxcsetting['cpu']}} />CORE</div>
@ -305,6 +310,7 @@
</div> </div>
<div class="box-body"> <div class="box-body">
<form role="form" action="/settings/update/" method="POST" > <form role="form" action="/settings/update/" method="POST" >
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="box-body"> <div class="box-body">
<div class="form-group"> <div class="form-group">
<label for="ADMIN_EMAIL_ADDRESS">Admin Email Address</label> <label for="ADMIN_EMAIL_ADDRESS">Admin Email Address</label>
@ -415,6 +421,7 @@
<h4>Sure to set <strong> {{ parm["parm"] }} </strong>to <strong>{{ history }} </strong>?</h4> <h4>Sure to set <strong> {{ parm["parm"] }} </strong>to <strong>{{ history }} </strong>?</h4>
</div> </div>
<form action="/system/modify/" method="POST"> <form action="/system/modify/" method="POST">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div style="display:none"> <div style="display:none">
<input type="text" placeholder="" class="" name="field" value={{field}} /> <input type="text" placeholder="" class="" name="field" value={{field}} />
</div> </div>
@ -473,6 +480,7 @@
<small class="font-bold">Modify a parameter in Docklet</small> <small class="font-bold">Modify a parameter in Docklet</small>
</div> </div>
<form action="/system/modify/" method="POST" > <form action="/system/modify/" method="POST" >
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div style="display:none"> <div style="display:none">
<input type="text" placeholder="" class="" name="field" value={{field}} /> <input type="text" placeholder="" class="" name="field" value={{field}} />
</div> </div>
@ -515,6 +523,7 @@
<h4>Sure to set <strong> {{ parm["parm"] }} </strong> to <strong> {{ parm["default"] }} </strong> ?</h4> <h4>Sure to set <strong> {{ parm["parm"] }} </strong> to <strong> {{ parm["default"] }} </strong> ?</h4>
</div> </div>
<form action="/system/modify/" method="POST"> <form action="/system/modify/" method="POST">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div style="display:none"> <div style="display:none">
<input type="text" placeholder="" class="" name="field" value={{field}} /> <input type="text" placeholder="" class="" name="field" value={{field}} />
</div> </div>

1
web/templates/user/activate.html
View File

@ -29,6 +29,7 @@
<div class="login-box-body"> <div class="login-box-body">
<p class="login-box-msg">An easy and quick way to launch your DISTRIBUTED applications!</p> <p class="login-box-msg">An easy and quick way to launch your DISTRIBUTED applications!</p>
<form class="m-t" role="form" action="" id="activateForm" method="POST"> <form class="m-t" role="form" action="" id="activateForm" method="POST">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="form-group"> <div class="form-group">
<input type="email" class="form-control" placeholder="E-mail" required="" name="email" value="{{ info['e_mail'] }}"> <input type="email" class="form-control" placeholder="E-mail" required="" name="email" value="{{ info['e_mail'] }}">
</div> </div>

1
web/templates/user/info.html
View File

@ -91,6 +91,7 @@
<div class="modal-body"> <div class="modal-body">
<form action="/user/info/" method="POST" id="ChpasswordForm"> <form action="/user/info/" method="POST" id="ChpasswordForm">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="form-group"> <div class="form-group">
<label>Old password</label> <label>Old password</label>
<input type = "password" placeholder="Enter old password" class="form-control" name="o_password" id="o_password"> <input type = "password" placeholder="Enter old password" class="form-control" name="o_password" id="o_password">

3
web/templates/user_list.html
View File

@ -50,6 +50,7 @@
</div> </div>
<div class="modal-body"> <div class="modal-body">
<form action="/user/add/" method="POST" id="addUserForm"> <form action="/user/add/" method="POST" id="addUserForm">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="form-group"> <div class="form-group">
<label>User Name</label> <label>User Name</label>
<input type = "text" placeholder="Enter Username" class="form-control" name="username"> <input type = "text" placeholder="Enter Username" class="form-control" name="username">
@ -100,6 +101,7 @@
</div> </div>
<div class="modal-body"> <div class="modal-body">
<form action="/user/modify/" method="POST" id="modifyUserForm"> <form action="/user/modify/" method="POST" id="modifyUserForm">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="form-group"> <div class="form-group">
<label>User Name</label> <label>User Name</label>
<input type = "text" placeholder="Enter Username" class="form-control" name="username" id="mUsername" readonly="readonly"> <input type = "text" placeholder="Enter Username" class="form-control" name="username" id="mUsername" readonly="readonly">
@ -182,6 +184,7 @@
</div> </div>
<div class="modal-body"> <div class="modal-body">
<form action="/user/change/" method="POST" id="chpasswordForm"> <form action="/user/change/" method="POST" id="chpasswordForm">
<input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
<div class="form-group"> <div class="form-group">
<label>User Name</label> <label>User Name</label>
<input type = "text" placeholder="Enter Username" class="form-control" name="username" id="mpUsername" readonly="readonly"> <input type = "text" placeholder="Enter Username" class="form-control" name="username" id="mpUsername" readonly="readonly">

3
web/web.py
View File

@ -21,6 +21,7 @@ initlogging("docklet-web")
from webViews.log import logger from webViews.log import logger
from flask import Flask, request, session, render_template, redirect, send_from_directory, make_response, url_for, abort from flask import Flask, request, session, render_template, redirect, send_from_directory, make_response, url_for, abort
from flask_wtf.csrf import CsrfProtect
from webViews.dashboard import dashboardView from webViews.dashboard import dashboardView
from webViews.user.userlist import userlistView, useraddView, usermodifyView, userdataView, userqueryView from webViews.user.userlist import userlistView, useraddView, usermodifyView, userdataView, userqueryView
from webViews.notification.notification import CreateNotificationView, NotificationView, QuerySelfNotificationsView, \ from webViews.notification.notification import CreateNotificationView, NotificationView, QuerySelfNotificationsView, \
@ -61,7 +62,7 @@ if (external_login == 'True'):
app = Flask(__name__) app = Flask(__name__)
CsrfProtect(app)
@app.route("/", methods=['GET']) @app.route("/", methods=['GET'])