forked from MarseyWorld/MarseyWorld
Add admin status git revision. (#244)
Adds a line in admin_home which displays the currently active git revision. Current methodology is via manually parsing files in .git. Consider revising if the application ever has access to `git` shell, which would obviate some minor security concerns around directory traversal attacks.master
TLSM
GitHub
parent
110278d87f
commit
a0cfc7bf1c
|
|
@ -1,4 +1,5 @@
|
||||||
import time
|
import time
|
||||||
|
import re
|
||||||
from os import remove
|
from os import remove
|
||||||
from PIL import Image as IMAGE
|
from PIL import Image as IMAGE
|
||||||
|
|
||||||
|
|
@ -520,8 +521,28 @@ def admin_home(v):
|
||||||
else: response = requests.get(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/settings/security_level', headers=CF_HEADERS, timeout=5).json()['result']['value']
|
else: response = requests.get(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/settings/security_level', headers=CF_HEADERS, timeout=5).json()['result']['value']
|
||||||
under_attack = response == 'under_attack'
|
under_attack = response == 'under_attack'
|
||||||
|
|
||||||
return render_template("admin/admin_home.html", v=v, under_attack=under_attack, site_settings=app.config['SETTINGS'])
|
gitref = admin_git_head()
|
||||||
|
|
||||||
|
return render_template("admin/admin_home.html", v=v,
|
||||||
|
under_attack=under_attack,
|
||||||
|
site_settings=app.config['SETTINGS'],
|
||||||
|
gitref=gitref)
|
||||||
|
|
||||||
|
def admin_git_head():
|
||||||
|
short_len = 12
|
||||||
|
# Note: doing zero sanitization. Git branch names are extremely permissive.
|
||||||
|
# However, they forbid '..', so I don't see an obvious dir traversal attack.
|
||||||
|
# Also, a malicious branch name would mean someone already owned the server
|
||||||
|
# or repo, so I think this isn't a weak link.
|
||||||
|
try:
|
||||||
|
with open('.git/HEAD') as head_f:
|
||||||
|
head_txt = head_f.read()
|
||||||
|
head_path = re.match('ref: (refs/.+)', head_txt).group(1)
|
||||||
|
with open('.git/' + head_path) as ref_f:
|
||||||
|
gitref = ref_f.read()[0:short_len]
|
||||||
|
except:
|
||||||
|
return '<unable to read>'
|
||||||
|
return gitref
|
||||||
|
|
||||||
@app.post("/admin/site_settings/<setting>")
|
@app.post("/admin/site_settings/<setting>")
|
||||||
@admin_level_required(3)
|
@admin_level_required(3)
|
||||||
|
|
|
||||||
|
|
@ -85,7 +85,12 @@
|
||||||
<label class="custom-control-label" for="under_attack">Under attack mode</label>
|
<label class="custom-control-label" for="under_attack">Under attack mode</label>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<button class="btn btn-primary mt-3" onclick="post_toast(this,'/admin/purge_cache');">PURGE CACHE</button>
|
<button class="btn btn-primary mt-3" onclick="post_toast(this,'/admin/purge_cache');" style="margin-bottom: 2em;">PURGE CACHE</button>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
<h4>Server Status</h4>
|
||||||
|
<div>
|
||||||
|
Live Revision: <code>{{ gitref }}</code> <br>
|
||||||
|
</div>
|
||||||
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
Loading…
Reference in New Issue