update
This commit is contained in:
parent
4130d113ba
commit
15a80a883c
@ -3,5 +3,6 @@ services:
|
||||
app:
|
||||
build: .
|
||||
volumes:
|
||||
- ./users.txt:/usr/share/app/users.txt
|
||||
- ./data:/usr/share/app/data
|
||||
- ./production_eleves:/usr/share/app/python_app/modules
|
||||
network_mode: "host"
|
||||
|
@ -2,33 +2,59 @@
|
||||
|
||||
|
||||
HOME_BASE="/usr/share/app/python_app/modules"
|
||||
|
||||
# Check we got users
|
||||
if [ ! -f 'users.txt' ] ; then
|
||||
echo "Missing file users.txt"
|
||||
exit 1
|
||||
fi
|
||||
USERS_LIST="/usr/share/app/data/users.txt"
|
||||
PASSWD_LIST="/usr/share/app/data/passwords.txt"
|
||||
CUSTOM_SCRIPT="/usr/share/app/data/init.sh"
|
||||
|
||||
# Must be ascii for cut
|
||||
separator="="
|
||||
forbidden_chars=". /"
|
||||
|
||||
# Check we got users
|
||||
if [ ! -f "$USERS_LIST" ] && [ ! -f "$PASSWD_LIST" ] ; then
|
||||
echo "Les fichiers des utilisateurs ou des passwords n’ont pas étés trouvées."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
for c in $forbidden_chars ; do
|
||||
for file in "$USERS_LIST" "$PASSWD_LIST" ; do
|
||||
if [ -n "$(cat "$USERS_LIST" | grep -F $c)" ] ; then
|
||||
echo "Le fichier « $file » ne doit pas contenir le caractère « $c » !"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
done
|
||||
|
||||
# Generate passwords if not done yet
|
||||
genPassowrd () {
|
||||
tr -dc A-Za-z0-9 </dev/urandom | head -c $1
|
||||
}
|
||||
if [ ! -f 'passwords.txt' ] ; then
|
||||
for user in $(cat users.txt) ; do
|
||||
echo "$user$separator$(genPassowrd 10)" >> passwords.txt
|
||||
if [ ! -f $PASSWD_LIST ] ; then
|
||||
for user in $(cat "$USERS_LIST") ; do
|
||||
echo "$user$separator$(genPassowrd 10)" >> $PASSWD_LIST
|
||||
done
|
||||
fi
|
||||
|
||||
# Create users
|
||||
for line in $(cat passwords.txt) ; do
|
||||
for line in $(cat $PASSWD_LIST) ; do
|
||||
name="$(echo "$line" | cut -d "$separator" -f 1)"
|
||||
pass="$(echo "$line" | cut -d "$separator" -f 2)"
|
||||
echo "$pass\n$pass" | useradd --home-dir "$HOME_BASE/$name" --create-home --no-user-group -G eleve "$name"
|
||||
home="$HOME_BASE/$name"
|
||||
mkdir -p "$home"
|
||||
#useradd --home-dir "$home" --no-user-group -G eleve --shell /bin/bash --root "$home" "$name"
|
||||
useradd --home-dir "$home" --no-user-group -G eleve --shell /bin/bash "$name"
|
||||
echo "$pass\n$pass" | passwd "$name" &> /dev/null
|
||||
chown "$name":eleve "$home"
|
||||
done
|
||||
|
||||
# Custom script
|
||||
if [ -f "$CUSTOM_SCRIPT" ] ; then
|
||||
if [ ! -x "$CUSTOM_SCRIPT" ] ; then
|
||||
chmod +x "$CUSTOM_SCRIPT"
|
||||
fi
|
||||
"$CUSTOM_SCRIPT"
|
||||
fi
|
||||
|
||||
# Nginx
|
||||
nginx -c '/etc/nginx/nginx.conf'
|
||||
|
||||
|
@ -4,6 +4,9 @@ import importlib
|
||||
# Get function args
|
||||
import inspect
|
||||
|
||||
# check file properties
|
||||
import os
|
||||
|
||||
# The directory where student work will be
|
||||
# not a real path, do not use ./ or stuff like this
|
||||
BASE_MODULE_PATH = 'python_app/modules'
|
||||
@ -13,60 +16,58 @@ if BASE_MODULE_PATH != '':
|
||||
|
||||
def application(env, start_response):
|
||||
""" Cette fonction est appellée à chaque requête HTTP et doit exécuter le bon code python. """
|
||||
# Find which python module and function will be called
|
||||
# And remove empty elements
|
||||
elements = tuple(e for e in env['PATH_INFO'].split('/') if e != '')
|
||||
print(env)
|
||||
|
||||
#m = importlib.import_module('python_app.modules.main')
|
||||
#f = getattr(m,'index')
|
||||
#if env['REQUEST_URI'] == '/':
|
||||
# return htmlresp(200, f(), start_response)
|
||||
|
||||
# Defaults
|
||||
path = ''
|
||||
module = 'main'
|
||||
function = 'index'
|
||||
|
||||
# Get from url path
|
||||
if len(elements) == 1:
|
||||
module = elements[0]
|
||||
elif len(elements) == 2:
|
||||
module = elements[0]
|
||||
function = elements[1]
|
||||
elif len(elements) > 2:
|
||||
path = '/'.join(elements[0:-2])
|
||||
module = elements[-2]
|
||||
function = elements[-1]
|
||||
|
||||
path = env['PATH_INFO'][1:] # removing first slash
|
||||
# slash stuff
|
||||
if path != '':
|
||||
path += '/'
|
||||
if path.endswith('/'):
|
||||
path = path[:-1]
|
||||
path_elements = tuple(d for d in path.split('/') if d != '')
|
||||
path_minus_one = '/'.join(path_elements[:-1])
|
||||
|
||||
# Find which python module and function will be called
|
||||
if os.path.isfile(BASE_MODULE_PATH + path_minus_one):
|
||||
path = path_minus_one
|
||||
function = path_elements[-1]
|
||||
elif os.path.isfile(BASE_MODULE_PATH + path):
|
||||
function = 'index'
|
||||
elif os.path.isdir(BASE_MODULE_PATH + path):
|
||||
path += '/main'
|
||||
function = 'index'
|
||||
else:
|
||||
return htmlresp(404, 'Le dossier <em>{}</em> n’a pas été trouvé.'.format(path), start_response)
|
||||
|
||||
|
||||
|
||||
# Module full path
|
||||
module_path = BASE_MODULE_PATH + path + module
|
||||
module_path = BASE_MODULE_PATH + path
|
||||
module_path = module_path.replace('/', '.')
|
||||
|
||||
# Import the function
|
||||
try:
|
||||
m = importlib.import_module(module_path)
|
||||
except ModuleNotFoundError:
|
||||
print('Le fichier {} n’a pas été trouvé. {}'.format(module_path, str(elements)))
|
||||
return htmlresp(404, 'Le fichier <em>{}</em> n’a pas été trouvé.'.format(path + module), start_response)
|
||||
#print('Le fichier {} n’a pas été trouvé. {}'.format(module_path, str(path_elements)))
|
||||
return htmlresp(404, 'Le fichier <em>{}</em> n’a pas été trouvé.'.format(path), start_response)
|
||||
|
||||
# Find which parameters the function needs
|
||||
try:
|
||||
f = getattr(m,function)
|
||||
# Call the function with the rigth attributes
|
||||
except AttributeError:
|
||||
return htmlresp(404, 'La fonction <em>{}</em> n’a pas été trouvée.'.format(function), start_response)
|
||||
return htmlresp(404, 'La fonction <em>{}</em> n’a pas été trouvée dans {}'.format(function, module_path), start_response)
|
||||
|
||||
# Pass url parameters to the function
|
||||
try:
|
||||
params = {p:'' for p in list(inspect.getargspec(f).args)}
|
||||
#print(inspect.getargspec(f))
|
||||
#params = {p:(d if d is not None else '') for p,d in zip(inspect.getargspec(f).args, inspect.getargspec(f).defaults)}
|
||||
expected_params = inspect.getargspec(f).args
|
||||
params = {}
|
||||
# TODO POST params?
|
||||
for item in env['QUERY_STRING'].split('&'):
|
||||
if item == '':
|
||||
continue
|
||||
k,v = tuple(item.split('='))
|
||||
if k in params:
|
||||
if k in expected_params:
|
||||
params[k] = v
|
||||
except Exception:
|
||||
return htmlresp(400, 'La fonction <em>{}</em> demande les arguments suivants : {}. On a uniquement {}.'.format(function, params, ), start_response)
|
||||
@ -77,8 +78,8 @@ def application(env, start_response):
|
||||
return htmlresp(response[0], str(response[1]), start_response, False)
|
||||
else:
|
||||
return htmlresp(200, str(response), start_response, False)
|
||||
except Exception:
|
||||
return htmlresp(400, 'Erreur à l’exécution de la fonction <em>{}</em>.'.format(function), start_response)
|
||||
except Exception as e:
|
||||
return htmlresp(400, 'Erreur à l’exécution de la fonction <em>{}</em>.<pre style="color:#d90303;">{}</pre>'.format(function, e), start_response)
|
||||
|
||||
|
||||
def htmlresp(code, message, start_response, squelette=True):
|
||||
|
@ -1,116 +0,0 @@
|
||||
# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
|
||||
|
||||
# This is the sshd server system-wide configuration file. See
|
||||
# sshd_config(5) for more information.
|
||||
|
||||
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
|
||||
|
||||
# The strategy used for options in the default sshd_config shipped with
|
||||
# OpenSSH is to specify options with their default value where
|
||||
# possible, but leave them commented. Uncommented options override the
|
||||
# default value.
|
||||
|
||||
#Port 22
|
||||
#AddressFamily any
|
||||
#ListenAddress 0.0.0.0
|
||||
#ListenAddress ::
|
||||
|
||||
#HostKey /etc/ssh/ssh_host_rsa_key
|
||||
#HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
#HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
|
||||
# Ciphers and keying
|
||||
#RekeyLimit default none
|
||||
|
||||
# Logging
|
||||
#SyslogFacility AUTH
|
||||
#LogLevel INFO
|
||||
|
||||
# Authentication:
|
||||
|
||||
#LoginGraceTime 2m
|
||||
#PermitRootLogin prohibit-password
|
||||
#StrictModes yes
|
||||
#MaxAuthTries 6
|
||||
#MaxSessions 10
|
||||
|
||||
#PubkeyAuthentication yes
|
||||
|
||||
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
|
||||
# but this is overridden so installations will only check .ssh/authorized_keys
|
||||
AuthorizedKeysFile .ssh/authorized_keys
|
||||
|
||||
#AuthorizedPrincipalsFile none
|
||||
|
||||
#AuthorizedKeysCommand none
|
||||
#AuthorizedKeysCommandUser nobody
|
||||
|
||||
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
|
||||
#HostbasedAuthentication no
|
||||
# Change to yes if you don't trust ~/.ssh/known_hosts for
|
||||
# HostbasedAuthentication
|
||||
#IgnoreUserKnownHosts no
|
||||
# Don't read the user's ~/.rhosts and ~/.shosts files
|
||||
#IgnoreRhosts yes
|
||||
|
||||
# To disable tunneled clear text passwords, change to no here!
|
||||
#PasswordAuthentication yes
|
||||
#PermitEmptyPasswords no
|
||||
|
||||
# Change to no to disable s/key passwords
|
||||
ChallengeResponseAuthentication no
|
||||
|
||||
# Kerberos options
|
||||
#KerberosAuthentication no
|
||||
#KerberosOrLocalPasswd yes
|
||||
#KerberosTicketCleanup yes
|
||||
#KerberosGetAFSToken no
|
||||
|
||||
# GSSAPI options
|
||||
#GSSAPIAuthentication no
|
||||
#GSSAPICleanupCredentials yes
|
||||
|
||||
# Set this to 'yes' to enable PAM authentication, account processing,
|
||||
# and session processing. If this is enabled, PAM authentication will
|
||||
# be allowed through the ChallengeResponseAuthentication and
|
||||
# PasswordAuthentication. Depending on your PAM configuration,
|
||||
# PAM authentication via ChallengeResponseAuthentication may bypass
|
||||
# the setting of "PermitRootLogin without-password".
|
||||
# If you just want the PAM account and session checks to run without
|
||||
# PAM authentication, then enable this but set PasswordAuthentication
|
||||
# and ChallengeResponseAuthentication to 'no'.
|
||||
UsePAM yes
|
||||
|
||||
#AllowAgentForwarding yes
|
||||
#AllowTcpForwarding yes
|
||||
#GatewayPorts no
|
||||
#X11Forwarding no
|
||||
#X11DisplayOffset 10
|
||||
#X11UseLocalhost yes
|
||||
#PermitTTY yes
|
||||
PrintMotd no # pam does that
|
||||
#PrintLastLog yes
|
||||
#TCPKeepAlive yes
|
||||
#PermitUserEnvironment no
|
||||
#Compression delayed
|
||||
#ClientAliveInterval 0
|
||||
#ClientAliveCountMax 3
|
||||
#UseDNS no
|
||||
#PidFile /run/sshd.pid
|
||||
#MaxStartups 10:30:100
|
||||
#PermitTunnel no
|
||||
#ChrootDirectory none
|
||||
#VersionAddendum none
|
||||
|
||||
# no default banner path
|
||||
#Banner none
|
||||
|
||||
# override default of no subsystems
|
||||
Subsystem sftp /usr/lib/ssh/sftp-server
|
||||
|
||||
# Example of overriding settings on a per-user basis
|
||||
#Match User anoncvs
|
||||
# X11Forwarding no
|
||||
# AllowTcpForwarding no
|
||||
# PermitTTY no
|
||||
# ForceCommand cvs server
|
@ -1,2 +0,0 @@
|
||||
218.amine
|
||||
218.chems
|
Loading…
Reference in New Issue
Block a user