Add admin status git revision. (#244)

Adds a line in admin_home which displays the currently active git revision. Current methodology is via manually parsing files in .git. Consider revising if the application ever has access to `git` shell, which would obviate some minor security concerns around directory traversal attacks.
2022-05-05 04:46:20 -04:00 · 2022-05-05 04:46:20 -04:00 · a0cfc7bf1c
parent 110278d87f
commit a0cfc7bf1c
2 changed files with 28 additions and 2 deletions
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@ -1,4 +1,5 @@
 import time
+import re
 from os import remove
 from PIL import Image as IMAGE

@ -520,8 +521,28 @@ def admin_home(v):
 	else: response = requests.get(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/settings/security_level', headers=CF_HEADERS, timeout=5).json()['result']['value']
 	under_attack = response == 'under_attack'

-	return render_template("admin/admin_home.html", v=v, under_attack=under_attack, site_settings=app.config['SETTINGS'])
+	gitref = admin_git_head()
+	
+	return render_template("admin/admin_home.html", v=v, 
+		under_attack=under_attack, 
+		site_settings=app.config['SETTINGS'],
+		gitref=gitref)

+def admin_git_head():
+	short_len = 12
+	# Note: doing zero sanitization. Git branch names are extremely permissive.
+	# However, they forbid '..', so I don't see an obvious dir traversal attack.
+	# Also, a malicious branch name would mean someone already owned the server
+	# or repo, so I think this isn't a weak link.
+	try:
+		with open('.git/HEAD') as head_f:
+			head_txt = head_f.read()
+			head_path = re.match('ref: (refs/.+)', head_txt).group(1)
+			with open('.git/' + head_path) as ref_f:
+				gitref = ref_f.read()[0:short_len]
+	except:
+		return '<unable to read>'
+	return gitref

@app.post("/admin/site_settings/<setting>")
@admin_level_required(3)
--- a/files/templates/admin/admin_home.html
+++ b/files/templates/admin/admin_home.html
@ -85,7 +85,12 @@
 		<label class="custom-control-label" for="under_attack">Under attack mode</label>
 	</div>

-	<button class="btn btn-primary mt-3" onclick="post_toast(this,'/admin/purge_cache');">PURGE CACHE</button>
+	<button class="btn btn-primary mt-3" onclick="post_toast(this,'/admin/purge_cache');" style="margin-bottom: 2em;">PURGE CACHE</button>
 {% endif %}

+<h4>Server Status</h4>
+<div>
+	Live Revision: <code>{{ gitref }}</code> <br>
+</div>
+
 {% endblock %}