[Dockerapi] Some minor changes

data/Dockerfiles/dockerapi/server.py

@@ -74,7 +74,6 @@ class container_post(Resource):
 
         if request.json['cmd'] == 'mailq':
           if 'items' in request.json:
-            # Check if queue id is valid
             r = re.compile("^[0-9a-fA-F]+$")
             filtered_qids = filter(r.match, request.json['items'])
             if filtered_qids:
@@ -84,10 +83,7 @@ class container_post(Resource):
                 try:
                   for container in docker_client.containers.list(filters={"id": container_id}):
                     postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-                    if postsuper_r.exit_code == 0:
+                    return exec_run_handler('generic', postsuper_r)
-                      return jsonify(type='success', msg='command completed successfully')
-                    else:
-                      return jsonify(type='danger', msg=str(postsuper_r.output))
                 except Exception as e:
                   return jsonify(type='danger', msg=str(e))
               if request.json['task'] == 'hold':
@@ -96,10 +92,7 @@ class container_post(Resource):
                 try:
                   for container in docker_client.containers.list(filters={"id": container_id}):
                     postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-                    if postsuper_r.exit_code == 0:
+                    return exec_run_handler('generic', postsuper_r)
-                      return jsonify(type='success', msg='command completed successfully')
-                    else:
-                      return jsonify(type='danger', msg=str(postsuper_r.output))
                 except Exception as e:
                   return jsonify(type='danger', msg=str(e))
               if request.json['task'] == 'unhold':
@@ -108,10 +101,7 @@ class container_post(Resource):
                 try:
                   for container in docker_client.containers.list(filters={"id": container_id}):
                     postsuper_r = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postsuper " + sanitized_string])
-                    if postsuper_r.exit_code == 0:
+                    return exec_run_handler('generic', postsuper_r)
-                      return jsonify(type='success', msg='command completed successfully')
-                    else:
-                      return jsonify(type='danger', msg=str(postsuper_r.output))
                 except Exception as e:
                   return jsonify(type='danger', msg=str(e))
               if request.json['task'] == 'deliver':
@@ -128,31 +118,21 @@ class container_post(Resource):
             try:
               for container in docker_client.containers.list(filters={"id": container_id}):
                 mailq_return = container.exec_run(["/usr/sbin/postqueue", "-j"], user='postfix')
-                if mailq_return.exit_code == 0:
+                return exec_run_handler('utf8_text_only', mailq_return)
-                  # We want plain text content from Postfix
-                  r = Response(response=mailq_return.output, status=200, mimetype="text/plain")
-                  r.headers["Content-Type"] = "text/plain; charset=utf-8"
-                  return r
             except Exception as e:
               return jsonify(type='danger', msg=str(e))
           elif request.json['task'] == 'flush':
             try:
               for container in docker_client.containers.list(filters={"id": container_id}):
                 postqueue_r = container.exec_run(["/usr/sbin/postqueue", "-f"], user='postfix')
-                if postqueue_r.exit_code == 0:
+                return exec_run_handler('generic', postqueue_r)
-                  return jsonify(type='success', msg='command completed successfully')
-                else:
-                  return jsonify(type='danger', msg=str(postqueue_r.output))
             except Exception as e:
               return jsonify(type='danger', msg=str(e))
           elif request.json['task'] == 'super_delete':
             try:
               for container in docker_client.containers.list(filters={"id": container_id}):
                 postsuper_r = container.exec_run(["/usr/sbin/postsuper", "-d", "ALL"])
-                if postsuper_r.exit_code == 0:
+                return exec_run_handler('generic', postsuper_r)
-                  return jsonify(type='success', msg='command completed successfully')
-                else:
-                  return jsonify(type='danger', msg=str(postsuper_r.output))
             except Exception as e:
               return jsonify(type='danger', msg=str(e))
 
@@ -161,9 +141,7 @@ class container_post(Resource):
             if 'dir' in request.json:
               try:
                 for container in docker_client.containers.list(filters={"id": container_id}):
-                  # Should be changed to be able to validate a path
+                  df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H '" + request.json['dir'].replace("'", "'\\''") + "' | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
-                  directory = re.sub('[^0-9a-zA-Z/]+', '', request.json['dir'])
-                  df_return = container.exec_run(["/bin/bash", "-c", "/bin/df -H " + directory + " | /usr/bin/tail -n1 | /usr/bin/tr -s [:blank:] | /usr/bin/tr ' ' ','"], user='nobody')
                   if df_return.exit_code == 0:
                     return df_return.output.rstrip()
                   else:
@@ -175,34 +153,22 @@ class container_post(Resource):
           if request.json['task'] == 'dovecot':
             try:
               for container in docker_client.containers.list(filters={"id": container_id}):
-                # Should be changed to be able to validate a path
                 reload_return = container.exec_run(["/bin/bash", "-c", "/usr/local/sbin/dovecot reload"])
-                if reload_return.exit_code == 0:
+                return exec_run_handler('generic', reload_return)
-                  return jsonify(type='success', msg='command completed successfully')
-                else:
-                  return jsonify(type='danger', msg='command failed: ' + reload_return.output)
             except Exception as e:
               return jsonify(type='danger', msg=str(e))
           if request.json['task'] == 'postfix':
             try:
               for container in docker_client.containers.list(filters={"id": container_id}):
-                # Should be changed to be able to validate a path
                 reload_return = container.exec_run(["/bin/bash", "-c", "/usr/sbin/postfix reload"])
-                if reload_return.exit_code == 0:
+                return exec_run_handler('generic', reload_return)
-                  return jsonify(type='success', msg='command completed successfully')
-                else:
-                  return jsonify(type='danger', msg='command failed: ' + reload_return.output)
             except Exception as e:
               return jsonify(type='danger', msg=str(e))
           if request.json['task'] == 'nginx':
             try:
               for container in docker_client.containers.list(filters={"id": container_id}):
-                # Should be changed to be able to validate a path
                 reload_return = container.exec_run(["/bin/sh", "-c", "/usr/sbin/nginx -s reload"])
-                if reload_return.exit_code == 0:
+                return exec_run_handler('generic', reload_return)
-                  return jsonify(type='success', msg='command completed successfully')
-                else:
-                  return jsonify(type='danger', msg='command failed: ' + reload_return.output)
             except Exception as e:
               return jsonify(type='danger', msg=str(e))
 
@@ -212,9 +178,7 @@ class container_post(Resource):
               try:
                 for container in docker_client.containers.list(filters={"id": container_id}):
                   sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve list -u '" + request.json['username'].replace("'", "'\\''") + "'"])
-                  r = Response(response=sieve_return.output, status=200, mimetype="text/plain")
+                  return exec_run_handler('utf8_text_only', sieve_return)
-                  r.headers["Content-Type"] = "text/plain; charset=utf-8"
-                  return r
               except Exception as e:
                 return jsonify(type='danger', msg=str(e))
           elif request.json['task'] == 'print':
@@ -222,43 +186,10 @@ class container_post(Resource):
               try:
                 for container in docker_client.containers.list(filters={"id": container_id}):
                   sieve_return = container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm sieve get -u '" + request.json['username'].replace("'", "'\\''") + "' '" + request.json['script_name'].replace("'", "'\\''") + "'"])
-                  r = Response(response=sieve_return.output, status=200, mimetype="text/plain")
+                  return exec_run_handler('utf8_text_only', sieve_return)
-                  r.headers["Content-Type"] = "text/plain; charset=utf-8"
-                  return r
               except Exception as e:
                 return jsonify(type='danger', msg=str(e))
 
-        # elif request.json['cmd'] == 'mail_crypt_generate' and request.json['username'] and request.json['old_password'] and request.json['new_password']:
-          # try:
-            # for container in docker_client.containers.list(filters={"id": container_id}):
-              # # create if missing
-              # crypto_generate = container.exec_run(["/bin/bash", "-c", "/usr/local/bin/doveadm mailbox cryptokey generate -u '" + request.json['username'].replace("'", "'\\''") + "' -URf"], user='vmail')
-              # if crypto_generate.exit_code == 0:
-                # # open a shell, bind stdin and return socket
-                # cryptokey_shell = container.exec_run(["/bin/bash"], stdin=True, socket=True, user='vmail')
-                # # command to be piped to shell
-                # cryptokey_cmd = "/usr/local/bin/doveadm mailbox cryptokey password -u '" + request.json['username'].replace("'", "'\\''") + "' -n '" + request.json['new_password'].replace("'", "'\\''") + "' -o '" + request.json['old_password'].replace("'", "'\\''") + "'\n"
-                # # socket is .output
-                # cryptokey_socket = cryptokey_shell.output;
-                # try :
-                  # # send command utf-8 encoded
-                  # cryptokey_socket.sendall(cryptokey_cmd.encode('utf-8'))
-                  # # we won't send more data than this
-                  # cryptokey_socket.shutdown(socket.SHUT_WR)
-                # except socket.error:
-                  # # exit on socket error
-                  # return jsonify(type='danger', msg=str('socket error'))
-                # # read response
-                # cryptokey_response = recv_socket_data(cryptokey_socket)
-                # crypto_error = re.search('dcrypt_key_load_private.+failed.+error', cryptokey_response)
-                # if crypto_error is not None:
-                  # return jsonify(type='danger', msg=str("dcrypt_key_load_private error"))
-                # return jsonify(type='success', msg=str("key pair generated"))
-              # else:
-                # return jsonify(type='danger', msg=str(crypto_generate.output))
-          # except Exception as e:
-            # return jsonify(type='danger', msg=str(e))
-
         elif request.json['cmd'] == 'maildir':
           if request.json['task'] == 'cleanup':
             if 'maildir' in request.json:
@@ -266,10 +197,7 @@ class container_post(Resource):
                 for container in docker_client.containers.list(filters={"id": container_id}):
                   sane_name = re.sub(r'\W+', '', request.json['maildir'])
                   maildir_cleanup = container.exec_run(["/bin/bash", "-c", "if [[ -d '/var/vmail/" + request.json['maildir'].replace("'", "'\\''") + "' ]]; then /bin/mv '/var/vmail/" + request.json['maildir'].replace("'", "'\\''") + "' '/var/vmail/_garbage/" + str(int(time.time())) + "_" + sane_name + "'; fi"], user='vmail')
-                  if maildir_cleanup.exit_code == 0:
+                  return exec_run_handler('generic', maildir_cleanup)
-                    return jsonify(type='success', msg=str("moved to garbage"))
-                  else:
-                    return jsonify(type='danger', msg=str(maildir_cleanup.output))
               except Exception as e:
                 return jsonify(type='danger', msg=str(e))
 
@@ -303,18 +231,6 @@ class container_post(Resource):
                     return jsonify(type='danger', msg='command did not complete')
               except Exception as e:
                 return jsonify(type='danger', msg=str(e))
-        # elif request.json['cmd'] == 'mailman':
-          # if request.json['task'] == 'password':
-            # if request.json['email'] and request.json['passwd']:
-              # try:
-                # for container in docker_client.containers.list(filters={"id": container_id}):
-                  # add_su = container.exec_run(["/bin/bash", "-c", "/opt/mm_web/add_su.py '" + request.json['passwd'].replace("'", "'\\''") + "' '" + request.json['email'].replace("'", "'\\''") + "'"], user='mailman')
-                  # if add_su.exit_code == 0:
-                    # return jsonify(type='success', msg='command completed successfully')
-                  # else:
-                    # return jsonify(type='danger', msg='command did not complete, exit code was ' + int(add_su.exit_code))
-              # except Exception as e:
-                # return jsonify(type='danger', msg=str(e))
 
         else:
           return jsonify(type='danger', msg='Unknown command')
@@ -369,24 +285,46 @@ def recv_socket_data(c_socket, timeout=10):
       pass
   return ''.join(total_data)
 
+def exec_run_handler(type, output):
+  if type == 'generic':
+    if output.exit_code == 0:
+      return jsonify(type='success', msg='command completed successfully')
+    else:
+      return jsonify(type='danger', msg='command failed: ' + output.output)
+  if type == 'utf8_text_only':
+    r = Response(response=output.output, status=200, mimetype="text/plain")
+    r.headers["Content-Type"] = "text/plain; charset=utf-8"
+    return r
+
 def create_self_signed_cert():
-  pkey = crypto.PKey()
+  success = False
-  pkey.generate_key(crypto.TYPE_RSA, 2048)
+  while not success:
-  cert = crypto.X509()
+    try:
-  cert.get_subject().O = "mailcow"
+      pkey = crypto.PKey()
-  cert.get_subject().CN = "dockerapi"
+      pkey.generate_key(crypto.TYPE_RSA, 2048)
-  cert.set_serial_number(int(uuid.uuid4()))
+      cert = crypto.X509()
-  cert.gmtime_adj_notBefore(0)
+      cert.get_subject().O = "mailcow"
-  cert.gmtime_adj_notAfter(10*365*24*60*60)
+      cert.get_subject().CN = "dockerapi"
-  cert.set_issuer(cert.get_subject())
+      cert.set_serial_number(int(uuid.uuid4()))
-  cert.set_pubkey(pkey)
+      cert.gmtime_adj_notBefore(0)
-  cert.sign(pkey, 'sha512')
+      cert.gmtime_adj_notAfter(10*365*24*60*60)
-  cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
+      cert.set_issuer(cert.get_subject())
-  pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
+      cert.set_pubkey(pkey)
-  with os.fdopen(os.open('/cert.pem', os.O_WRONLY | os.O_CREAT, 0o644), 'w') as handle:
+      cert.sign(pkey, 'sha512')
-    handle.write(cert)
+      cert = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
-  with os.fdopen(os.open('/key.pem', os.O_WRONLY | os.O_CREAT, 0o600), 'w') as handle:
+      pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
-    handle.write(pkey)
+      with os.fdopen(os.open('/cert.pem', os.O_WRONLY | os.O_CREAT, 0o644), 'w') as handle:
+        handle.write(cert)
+      with os.fdopen(os.open('/key.pem', os.O_WRONLY | os.O_CREAT, 0o600), 'w') as handle:
+        handle.write(pkey)
+      success = True
+    except:
+      time.sleep(1)
+      try:
+        os.remove('/cert.pem')
+        os.remove('/key.pem')
+      except OSError:
+        pass
 
 api.add_resource(containers_get, '/containers/json')
 api.add_resource(container_get, '/containers/<string:container_id>/json')