forked from bargate-project/bargate
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path__init__.py
263 lines (209 loc) · 8.21 KB
/
__init__.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
#!/usr/bin/python
#
# This file is part of Bargate.
#
# Bargate is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Bargate is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Bargate. If not, see <http://www.gnu.org/licenses/>.
from flask import Flask
import logging
import os.path
from logging.handlers import SMTPHandler
from logging.handlers import RotatingFileHandler
from logging import Formatter
from bargate.fapp import BargateFlask
from datetime import timedelta
from ConfigParser import RawConfigParser
################################################################################
#### Default config options
## Debug mode. This engages the web-based debug mode
DEBUG = False
## Enable the debug toolbar. DO NOT DO THIS ON A PRODUCTION SYSTEM. EVER. It exposes SECRET_KEY and ENCRYPT_KEY.
DEBUG_TOOLBAR = False
## Many errors don't show a full stack trace as they show a redirected 'error popup'. Set this to True to disable that behaviour and show full errors.
DEBUG_FULL_ERRORS = True
## Session signing key
# Key used to sign/encrypt session data stored in cookies.
# If you've set up bargate behind a load balancer then this must match on all
# web servers.
SECRET_KEY = ''
## Secret password encryption key
# MUST BE EXACTLY 32 CHARACTERS LONG
# If you've set up bargate behind a load balancer then this must match on all
# web servers.
ENCRYPT_KEY = ''
## The 'workgroup' that SMBC should use for auth
SMB_WORKGROUP = 'MSHOME'
## Maximum file upload size
# 256MB by default
MAX_CONTENT_LENGTH = 256 * 1024 * 1024
## File 'types' we don't allow people to upload
BANNED_EXTENSIONS = set([
"ade", "adp", "bat", "chm", "cmd", "com", "cpl", "exe",
"hta", "ins", "isp", "jse", "lib", "mde", "msc", "msp",
"mst", "pif", "scr", "sct", "shb", "sys", "vb", "vbe",
"vbs", "vxd", "wsc", "wsf", "wsh"
])
## File logging
FILE_LOG=True
LOG_FILE='bargate.log'
LOG_DIR='/tmp'
LOG_FILE_MAX_SIZE=1 * 1024 * 1024
LOG_FILE_MAX_FILES=10
EMAIL_ALERTS=False
ADMINS=['root']
SMTP_SERVER='localhost'
EMAIL_FROM='root'
EMAIL_SUBJECT='Bargate Runtime Error'
## Redis
REDIS_ENABLED=True
REDIS_HOST='localhost'
REDIS_PORT=6379
## Disable the application or not
# Default to true if no config file to make sure a config file has been found.
DISABLE_APP=True
## Default bootstrap/bootswatch theme
THEME_DEFAULT='lumen'
## Bargate internal version number
VERSION='1.3'
## Flask defaults (changed to what we prefer)
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
PREFERRED_URL_SCHEME = 'https'
USE_X_SENDFILE = False
PERMANENT_SESSION_LIFETIME = timedelta(days=7)
## Shares config file
SHARES_CONFIG='/data/fwa/shares.conf'
SHARES_DEFAULT='personal'
## Local templates to override built in ones
LOCAL_TEMPLATE_DIR=False
# Name of the app to display everywhere
APP_DISPLAY_NAME='Filestore Web Access'
APP_DISPLAY_NAME_SHORT='FWA'
## What auth method. "ldap", "kerberos", 'krb5' (alias) or 'smb'
AUTH_TYPE='ldap'
## LDAP AUTH
LDAP_URI = 'ldaps://localhost.localdomain'
LDAP_SEARCH_BASE = ''
LDAP_USER_ATTRIBUTE = 'sAMAccountName' ## default to AD style as lets face it, sadly, most people use it :'(
LDAP_ANON_BIND = True
LDAP_BIND_USER = ''
LDAP_BIND_PW = ''
## LDAP homedir attribute support
# You MUST use AUTH_TYPE 'ldap' or this setting will be ignored
LDAP_HOMEDIR = False
LDAP_HOME_ATTRIBUTE = 'homeDirectory' ## default to AD style as lets face it, sadly, most people use it :'(
LDAP_HOMEDIR_IS_UNC = True
## KERBEROS AUTH
# you should probably use LDAP auth...
KRB5_SERVICE = 'krbtgt/localdomain'
KRB5_DOMAIN = 'localhost.localdomain'
## SMB AUTH
# only use this if you don't have LDAP or kerberos
SMB_AUTH_URI = "smb://yourdomain.tld/NETLOGON/"
## login background random int.
LOGIN_IMAGE_RANDOM_MAX = 17
## TOTP 2-factor auth
TOTP_ENABLED = False
TOTP_IDENT = 'bargate'
## REMEMBER_ME_ENABLED - "Remember me on this computer" enabled or not.
REMEMBER_ME_ENABLED = True
################################################################################
# set up our application
app = BargateFlask(__name__)
# load default config
app.config.from_object(__name__)
# try to load config from various paths
if os.path.isfile('/etc/bargate.conf'):
app.config.from_pyfile('/etc/bargate.conf')
elif os.path.isfile('/etc/bargate/bargate.conf'):
app.config.from_pyfile('/etc/bargate/bargate.conf')
elif os.path.isfile('/data/fwa/bargate.conf'):
app.config.from_pyfile('/data/fwa/bargate.conf')
elif os.path.isfile('/data/bargate/bargate.conf'):
app.config.from_pyfile('/data/bargate/bargate.conf')
## Set up logging to file
if app.config['FILE_LOG'] == True:
file_handler = RotatingFileHandler(app.config['LOG_DIR'] + '/' + app.config['LOG_FILE'], 'a', app.config['LOG_FILE_MAX_SIZE'], app.config['LOG_FILE_MAX_FILES'])
file_handler.setFormatter(logging.Formatter('%(asctime)s %(levelname)s: %(message)s [in %(pathname)s:%(lineno)d]'))
app.logger.addHandler(file_handler)
## Set up the max log level
if app.debug:
app.logger.setLevel(logging.DEBUG)
file_handler.setLevel(logging.DEBUG)
else:
app.logger.setLevel(logging.INFO)
file_handler.setLevel(logging.INFO)
# load user defined templates
app.load_user_templates()
## Output some startup info
app.logger.info('bargate version ' + app.config['VERSION'] + ' initialised')
app.logger.info('bargate debug status: ' + str(app.config['DEBUG']))
## Log if the app is disabled at startup
if app.config['DISABLE_APP']:
app.logger.info('bargate is currently disabled')
# set up e-mail alert logging
if app.config['EMAIL_ALERTS'] == True:
## Log to file where e-mail alerts are going to
app.logger.info('bargate e-mail alerts are enabled and being sent to: ' + str(app.config['ADMINS']))
## Create the mail handler
mail_handler = SMTPHandler(app.config['SMTP_SERVER'], app.config['EMAIL_FROM'], app.config['ADMINS'], app.config['EMAIL_SUBJECT'])
## Set the minimum log level (errors) and set a formatter
mail_handler.setLevel(logging.ERROR)
mail_handler.setFormatter(Formatter("""
A fatal error occured in Bargate.
Message type: %(levelname)s
Location: %(pathname)s:%(lineno)d
Module: %(module)s
Function: %(funcName)s
Time: %(asctime)s
Logger Name: %(name)s
Process ID: %(process)d
Further Details:
%(message)s
"""))
app.logger.addHandler(mail_handler)
## Debug Toolbar
if app.config['DEBUG_TOOLBAR']:
app.debug = True
from flask_debugtoolbar import DebugToolbarExtension
toolbar = DebugToolbarExtension(app)
app.logger.info('bargate debug toolbar enabled - DO NOT USE THIS ON PRODUCTION SYSTEMS!')
# load core functions
import bargate.core
# import modules
import bargate.smb
import bargate.errors
import bargate.views
import bargate.smb_views
import bargate.mime
import bargate.settings
if app.config['TOTP_ENABLED']:
if app.config['REDIS_ENABLED']:
import bargate.totp
else:
app.logger.error("Cannot enable TOTP 2-factor auth because REDIS is not enabled")
# load anti csrf function reference into template engine
app.jinja_env.globals['csrf_token'] = core.generate_csrf_token
app.jinja_env.globals['get_user_theme'] = settings.get_user_theme
app.jinja_env.globals['get_user_navbar'] = settings.get_user_navbar
app.jinja_env.globals['getrandnum'] = core.getrandnum
# load jinja functions into scope
app.jinja_env.globals.update(poperr_get=bargate.core.poperr_get)
## Get the sections of the config file
app.load_share_config()
sharesList = app.sharesConfig.sections()
for section in sharesList:
app.logger.debug("Creating share entry '" + str(section) + "'")
app.add_url_rule(app.sharesConfig.get(section,'url'),endpoint=section,view_func=bargate.smb.share_handler,methods=['GET','POST'], defaults={'path': ''})
app.add_url_rule(app.sharesConfig.get(section,'url') + '/<path:path>/',endpoint=section,view_func=bargate.smb.share_handler,methods=['GET','POST'])
app.sharesList = sharesList