cphipps/NetAlertX
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔃 Sync Hub v0.53

Browse Source
This commit is contained in:
jokob-sk
2024-06-04 19:58:48 +10:00
parent 2c8c998a97
commit bac8ac30aa
5 changed files with 63 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Dockerfile
View File

@@ -13,7 +13,7 @@ ENV PATH="/opt/venv/bin:$PATH"
COPY . ${INSTALL_DIR}/ COPY . ${INSTALL_DIR}/
RUN pip install requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython cryptography python3-dev \ RUN pip install requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython cryptography \
&& bash -c "find ${INSTALL_DIR} -type d -exec chmod 750 {} \;" \ && bash -c "find ${INSTALL_DIR} -type d -exec chmod 750 {} \;" \
&& bash -c "find ${INSTALL_DIR} -type f -exec chmod 640 {} \;" \ && bash -c "find ${INSTALL_DIR} -type f -exec chmod 640 {} \;" \
&& bash -c "find ${INSTALL_DIR} -type f \( -name '*.sh' -o -name '*.py' -o -name 'speedtest-cli' \) -exec chmod 750 {} \;" && bash -c "find ${INSTALL_DIR} -type f \( -name '*.sh' -o -name '*.py' -o -name 'speedtest-cli' \) -exec chmod 750 {} \;"
@@ -39,8 +39,8 @@ ENV S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0
RUN apk update --no-cache \ RUN apk update --no-cache \
&& apk add --no-cache bash zip lsblk gettext-envsubst sudo mtr tzdata s6-overlay \ && apk add --no-cache bash zip lsblk gettext-envsubst sudo mtr tzdata s6-overlay \
&& apk add --no-cache curl arp-scan iproute2 iproute2-ss nmap nmap-scripts traceroute net-tools net-snmp-tools bind-tools awake ca-certificates \ && apk add --no-cache curl arp-scan iproute2 iproute2-ss nmap nmap-scripts traceroute net-tools net-snmp-tools bind-tools awake ca-certificates \
&& apk add --no-cache sqlite php83 php83-fpm php83-cgi php83-curl php83-sqlite3 php83-session php83-openssl \ && apk add --no-cache sqlite php83 php83-fpm php83-cgi php83-curl php83-sqlite3 php83-session \
&& apk add --no-cache python3 nginx \ && apk add --no-cache python3 nginx \
&& ln -s /usr/bin/awake /usr/bin/wakeonlan \ && ln -s /usr/bin/awake /usr/bin/wakeonlan \
&& bash -c "install -d -m 750 -o nginx -g www-data ${INSTALL_DIR} ${INSTALL_DIR}" \ && bash -c "install -d -m 750 -o nginx -g www-data ${INSTALL_DIR} ${INSTALL_DIR}" \
&& rm -f /etc/nginx/http.d/default.conf && rm -f /etc/nginx/http.d/default.conf

2
Dockerfile.debian
View File

@@ -43,7 +43,7 @@ RUN phpenmod -v 8.2 sqlite3
RUN apt-get install -y python3-venv RUN apt-get install -y python3-venv
RUN python3 -m venv myenv RUN python3 -m venv myenv
RUN /bin/bash -c "source myenv/bin/activate && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 && pip3 install requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython cryptography python3-dev" RUN /bin/bash -c "source myenv/bin/activate && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 && pip3 install requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython cryptography "
# Create a buildtimestamp.txt to later check if a new version was released # Create a buildtimestamp.txt to later check if a new version was released
RUN date +%s > ${INSTALL_DIR}/front/buildtimestamp.txt RUN date +%s > ${INSTALL_DIR}/front/buildtimestamp.txt

50
front/plugins/sync/hub.php
View File

@@ -4,25 +4,25 @@
require '/app/front/php/server/init.php'; require '/app/front/php/server/init.php';
function decrypt_data($encoded_data, $key) { // function decrypt_data($encoded_data, $key) {
// Base64 decode the encrypted data // // Base64 decode the encrypted data
$data = base64_decode($encoded_data); // $data = base64_decode($encoded_data);
// Extract the IV and the ciphertext // // Extract the IV and the ciphertext
$iv = substr($data, 0, 16); // $iv = substr($data, 0, 16);
$ciphertext = substr($data, 16); // $ciphertext = substr($data, 16);
// Derive the key using SHA-256 // // Derive the key using SHA-256
$key = hash('sha256', $key, true); // $key = hash('sha256', $key, true);
// Decrypt the ciphertext using AES-256-CBC // // Decrypt the ciphertext using AES-256-CBC
$decrypted_data = openssl_decrypt($ciphertext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv); // $decrypted_data = openssl_decrypt($ciphertext, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv);
// Remove padding // // Remove padding
$decrypted_data = rtrim($decrypted_data, "\0"); // $decrypted_data = rtrim($decrypted_data, "\0");
return $decrypted_data; // return $decrypted_data;
} // }
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Retrieve the authorization header // Retrieve the authorization header
@@ -43,14 +43,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$plugin_folder = $_POST['plugin_folder'] ?? ''; $plugin_folder = $_POST['plugin_folder'] ?? '';
$node_name = $_POST['node_name'] ?? ''; $node_name = $_POST['node_name'] ?? '';
$decoded_data = decrypt_data($data, getSettingValue('SYNC_encryption_key')); // $decoded_data = decrypt_data($data, getSettingValue('SYNC_encryption_key'));
if ($decoded_data === false or $decoded_data === null) { // if ($decoded_data === false or $decoded_data === null) {
write_notification("[Plugin: Sync hub API] Bad Request: Decryption failed", "alert"); // write_notification("[Plugin: Sync hub API] Bad Request: Decryption failed", "alert");
http_response_code(400); // http_response_code(400);
echo 'Bad Request: Decryption failed'; // echo 'Bad Request: Decryption failed';
exit; // exit;
} // }
$storage_path = "/app/front/plugins/{$plugin_folder}"; $storage_path = "/app/front/plugins/{$plugin_folder}";
@@ -64,14 +64,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Generate a unique file path to avoid overwriting existing files // Generate a unique file path to avoid overwriting existing files
$files = glob("{$storage_path}/last_result.{$node_name}.*.log"); $files = glob("{$storage_path}/last_result.{$node_name}.*.log");
$files = array_filter($files, function($file) { // $files = array_filter($files, function($file) {
return preg_match('/last_result\.\d+\.log$/', basename($file)); // return preg_match('/last_result\.\d+\.log$/', basename($file));
}); // });
$file_count = count($files) + 1; $file_count = count($files) + 1;
$file_path = "{$storage_path}/last_result.{$node_name}.{$file_count}.log"; $file_path = "{$storage_path}/last_result.{$node_name}.{$file_count}.log";
// Save the decoded data to the file // Save the decoded data to the file
file_put_contents($file_path, $decoded_data); file_put_contents($file_path, $data);
http_response_code(200); http_response_code(200);
echo 'Data received and stored successfully'; echo 'Data received and stored successfully';
} else { } else {

2
install/install_dependencies.debian.sh
View File

@@ -30,5 +30,5 @@ source myenv/bin/activate
update-alternatives --install /usr/bin/python python /usr/bin/python3 10 update-alternatives --install /usr/bin/python python /usr/bin/python3 10
# install packages thru pip3 # install packages thru pip3
pip3 install requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython cryptography python3-dev pip3 install requests paho-mqtt scapy cron-converter pytz json2table dhcp-leases pyunifi speedtest-cli chardet python-nmap dnspython cryptography

51
server/helper.py
View File

@@ -13,9 +13,7 @@ import json
import time import time
from pathlib import Path from pathlib import Path
import requests import requests
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes from cryptography.fernet import Fernet
from cryptography.hazmat.primitives import padding
from cryptography.hazmat.backends import default_backend
import base64 import base64
import hashlib import hashlib
@@ -803,25 +801,42 @@ def collect_lang_strings(json, pref, stringSqlParams):
return stringSqlParams return stringSqlParams
#-------------------------------------------------------------------------------
# Cryptography
#-------------------------------------------------------------------------------
def encrypt_data(data, key): def prepare_key(encryption_key):
""" if(len(encryption_key) < 32):
Encrypt the data using AES-256-CBC. encryption_key = (int((32 / len(encryption_key)))+1 )*encryption_key
key_bytearray = bytearray(encryption_key[:32], 'ASCII')
return base64.urlsafe_b64encode(key_bytearray)
:param data: The plaintext data to encrypt.
:param key: The encryption key. def encrypt_data(data, encryption_key):
:return: The base64 encoded ciphertext.
""" fernet = Fernet(prepare_key(encryption_key))
key = hashlib.sha256(key.encode()).digest()
iv = os.urandom(16) # Generate a random IV # then use the Fernet class instance
padder = padding.PKCS7(128).padder() # to encrypt the string string must
padded_data = padder.update(data.encode()) + padder.finalize() # be encoded to byte string before encryption
cipher = Cipher(algorithms.AES(key), modes.CBC(iv), backend=default_backend()) encrypted_data = fernet.encrypt(data.encode())
encryptor = cipher.encryptor()
ct = encryptor.update(padded_data) + encryptor.finalize()
encrypted_data = base64.b64encode(iv + ct).decode('utf-8')
return encrypted_data return encrypted_data
def decrypt_data(data, encryption_key):
fernet = Fernet(prepare_key(encryption_key))
# decrypt the encrypted string with the
# Fernet instance of the key,
# that was used for encrypting the string
# encoded byte string is returned by decrypt method,
# so decode it to string with decode methods
decrypted_data = fernet.decrypt(data).decode()
return decrypted_data
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------
# Misc # Misc
#------------------------------------------------------------------------------- #-------------------------------------------------------------------------------