ok

Mini Shell

Direktori : /opt/imunify360/venv/lib/python3.11/site-packages/im360/subsys/
Upload File :
Current File : //opt/imunify360/venv/lib/python3.11/site-packages/im360/subsys/remoteip.py

import ipaddress
from typing import Optional

from defence360agent.subsys.panels.base import PanelException

from defence360agent.subsys import web_server
from .panels.base import RemoteIPInterface
from .panels.hosting_panel import HostingPanel

_REMOTEIP_NOT_SUPPORTED = (
    "Automatic mod_remoteip  installation is not supported on this system"
)


class RemoteIPError(Exception):
    pass


class LiteSpeedRemoteIP(RemoteIPInterface):
    async def remoteip_activated(self) -> bool:
        content = open(web_server.LITESPEED_CONF_PATH, "rb").read()
        config = web_server.LiteSpeedConfig(content)
        proxyIP = config.client_ip_in_header()
        allowed = config.access_control_allowed_list()
        if proxyIP == config.CLIENT_IP_IN_HEADER_DISABLED:
            return False
        if proxyIP == config.CLIENT_IP_IN_HEADER_ENABLED:
            return True
        if proxyIP == config.CLIENT_IP_IN_HEADER_TRUSTED_IP_ONLY:
            localhost = ipaddress.IPv4Address("127.0.0.1")
            for item, trusted in allowed:
                if trusted:
                    if item == "ALL":
                        return True
                    try:
                        item_network = ipaddress.ip_network(item)
                    except ValueError:
                        continue
                    else:
                        if localhost in item_network:  # NOSONAR pylint:S134
                            return True
            return False
        raise PanelException("Unknown value for client ip in header option")

    async def remoteip_install(self) -> Optional[str]:
        content = open(web_server.LITESPEED_CONF_PATH, "rb").read()
        config = web_server.LiteSpeedConfig(content)
        allowed = config.access_control_allowed_list()
        config.set_client_ip_in_header(
            config.CLIENT_IP_IN_HEADER_TRUSTED_IP_ONLY
        )
        allowed.add(("127.0.0.1", True))
        config.set_access_control_allowed_list(allowed)
        with open(web_server.LITESPEED_CONF_PATH, "wb") as config_file:
            config_file.write(config.tostring())
        await web_server.graceful_restart()
        return None


class ModRemoteIp:
    """Manages mod_remoteip or similar functionality"""

    NAME = "mod_remoteip"

    def __init__(self):
        self.__interface = None
        panel = HostingPanel()
        if panel.remoteip_supported():
            if web_server.litespeed_running():
                self.__interface = LiteSpeedRemoteIP()
            else:
                self.__interface = panel

    def is_supported(self):
        return self.__interface is not None

    async def is_installed(self) -> bool:
        try:
            return await self.__interface.remoteip_activated()
        except PanelException as exc:
            raise RemoteIPError from exc

    async def install(self):
        try:
            return await self.__interface.remoteip_install()
        except PanelException as exc:
            raise RemoteIPError() from exc

    async def customize_logging(self):
        if self.is_supported:
            await self.__interface.remoteip_customize_logging()

Zerion Mini Shell 1.0