cmdbox 0.5.3.1__py3-none-any.whl → 0.6.0__py3-none-any.whl

cmdbox/web/assets/cmdbox/signin.js

@@ -59,17 +59,22 @@ $(() => {
     const btn_google = $('.btn-google');
     const btn_github = $('.btn-github');
     const btn_azure = $('.btn-azure');
+    const btn_saml_azure = $('.btn-saml-azure');
     btn_google.off('click').on('click', async (event) => {
         const path = window.location.pathname.replace('/signin', '');
-        window.location.href = `../oauth2/google${path}?n=${cmdbox.randam_string(8)}`;
+        window.location.href = `../oauth2/google${path}?n=${cmdbox.random_string(8)}`;
     });
     btn_github.off('click').on('click', async (event) => {
         const path = window.location.pathname.replace('/signin', '');
-        window.location.href = `../oauth2/github${path}?n=${cmdbox.randam_string(8)}`;
+        window.location.href = `../oauth2/github${path}?n=${cmdbox.random_string(8)}`;
     });
     btn_azure.off('click').on('click', async (event) => {
         const path = window.location.pathname.replace('/signin', '');
-        window.location.href = `../oauth2/azure${path}?n=${cmdbox.randam_string(8)}`;
+        window.location.href = `../oauth2/azure${path}?n=${cmdbox.random_string(8)}`;
+    });
+    btn_saml_azure.off('click').on('click', async (event) => {
+        const path = window.location.pathname.replace('/signin', '');
+        window.location.href = `../saml/azure${path}?n=${cmdbox.random_string(8)}`;
     });
     oauth2_enabled().then((res) => {
         if (res.google) btn_google.show();
@@ -79,6 +84,10 @@ $(() => {
         if (res.azure) btn_azure.show();
         else btn_azure.hide();
     });
+    saml_enabled().then((res) => {
+        if (res.azure) btn_saml_azure.show();
+        else btn_saml_azure.hide();
+    });
 });
 const get_client_data = async () => {
     const res = await fetch('gui/get_client_data', {method: 'GET'});
@@ -91,4 +100,8 @@ const bbforce_cmd = async () => {
 const oauth2_enabled = async () => {
     const res = await fetch('../oauth2/enabled', {method: 'GET'});
     return await res.json();
+}
+const saml_enabled = async () => {
+    const res = await fetch('../saml/enabled', {method: 'GET'});
+    return await res.json();
 }

cmdbox/web/assets/cmdbox/users.js

@@ -63,7 +63,7 @@ users.users_list = async () => {
                 const row = $(modal.find('.row_content_template_choice').html()).appendTo(row_content);
                 row_content.find('.row_content_template_title').removeClass('row_content_template_title').text(col);
                 const select = row_content.find('.row_content_template_select').removeClass('row_content_template_select');
-                for (const h of ['', 'oauth2', 'plain', 'md5', 'sha1', 'sha256']) {
+                for (const h of ['', 'oauth2', 'saml', 'plain', 'md5', 'sha1', 'sha256']) {
                     $('<option>').text(h).val(h).appendTo(select);
                 }
                 select.attr('name', col).val(user && user[col] ? user[col] : '');

cmdbox/web/assets/filer/filer.js

@@ -145,7 +145,8 @@ fsapi.filer = (svpath, is_local) => {
         opt['capture_maxsize'] = 1024**3*10;
         //opt['svpath'] = event.originalEvent.dataTransfer.getData('path');
         jobs.push(cmdbox.sv_exec_cmd(opt).then(async res => {
-          if(!res[0] || !res[0]['success']) {
+          if (res && res['success']) res = [res];
+          if (!res[0] || !res[0]['success']) {
             fsapi.download_now ++;
             cmdbox.progress(0, list_downloads.length, fsapi.download_now, '', true, false)
             cmdbox.message(res);
@@ -276,6 +277,7 @@ fsapi.tree = (target, svpath, current_ul_elem, is_local) => {
         res[0]['success']['_'] = fsapi.treemem;
       }
     }
+    if (res && res['success']) res = [res];
     if(!res[0] || !res[0]['success']) {
       cmdbox.message(res);
       target.find('.file-list').html('');
@@ -420,7 +422,7 @@ fsapi.tree = (target, svpath, current_ul_elem, is_local) => {
               const opt = cmdbox.get_server_opt(false, fsapi.right);
               const thum_size = "0";
               const constr = btoa(`${opt['host']}\t${opt['port']}\t${opt['svname']}\t${opt['password']}\t${encodeURIComponent(_p)}\t${opt['scope']}\t${thum_size}`);
-              fsapi.viewer(_p, res['data'], `filer/download/${constr}?r=${cmdbox.randam_string(8)}`, _mime);
+              fsapi.viewer(_p, res['data'], `filer/download/${constr}?r=${cmdbox.random_string(8)}`, _mime);
             }
           }).finally(() => {
             cmdbox.hide_loading();

cmdbox/web/signin.html

@@ -115,16 +115,20 @@
             <button class="btn btn-primary w-100 py-2" type="submit">Sign in</button>
             <div class="mt-3">
                 <button class="btn btn-outline-primary w-100 py-2 mb-3 btn-azure" type="button" style="display:none;">
-                    <svg class="bi my-1 theme-icon-active" fill="currentColor" width="16" height="16"><use href="#azure"></use></svg>
-                    Sign in with Microsoft
+                    <svg class="bi my-1 theme-icon-active me-2" fill="currentColor" width="16" height="16"><use href="#azure"></use></svg>
+                    Sign in with Microsoft OAuth2
                 </button>
                 <button class="btn btn-outline-primary w-100 py-2 mb-3 btn-google" type="button" style="display:none;">
-                    <svg class="bi my-1 theme-icon-active" fill="currentColor" width="16" height="16"><use href="#google"></use></svg>
-                    Sign in with Google
+                    <svg class="bi my-1 theme-icon-active me-2" fill="currentColor" width="16" height="16"><use href="#google"></use></svg>
+                    Sign in with Google OAuth2
                 </button>
                 <button class="btn btn-outline-primary w-100 py-2 mb-3 btn-github" type="button" style="display:none;">
-                    <svg class="bi my-1 theme-icon-active" fill="currentColor" width="16" height="16"><use href="#github"></use></svg>
-                    Sign in with Github
+                    <svg class="bi my-1 theme-icon-active me-2" fill="currentColor" width="16" height="16"><use href="#github"></use></svg>
+                    Sign in with Github OAuth2
+                </button>
+                <button class="btn btn-outline-primary w-100 py-2 mb-3 btn-saml-azure" type="button" style="display:none;">
+                    <svg class="bi my-1 theme-icon-active me-2" fill="currentColor" width="16" height="16"><use href="#azure"></use></svg>
+                    Sign in with Microsoft SAML
                 </button>
             </div>
         </form>

{cmdbox-0.5.3.1.dist-info → cmdbox-0.6.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cmdbox
-Version: 0.5.3.1
+Version: 0.6.0
 Summary: cmdbox: It is a command line application with a plugin mechanism.
 Home-page: https://github.com/hamacom2004jp/cmdbox
 Download-URL: https://github.com/hamacom2004jp/cmdbox
@@ -22,6 +22,7 @@ Requires-Python: >=3.8
 Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: argcomplete
+Requires-Dist: async-timeout
 Requires-Dist: cryptography
 Requires-Dist: fastapi
 Requires-Dist: gevent
@@ -37,6 +38,7 @@ Requires-Dist: pycryptodome
 Requires-Dist: questionary
 Requires-Dist: redis
 Requires-Dist: requests
+Requires-Dist: rich
 Requires-Dist: six
 Requires-Dist: tabulate
 Requires-Dist: uvicorn[standard]
@@ -55,18 +57,48 @@ Requires-Dist: wheel
 # Install
 
 - Install cmdbox with the following command.
+- Also install the docker version of the redis server.
 
 ```bash
+docker run -p 6379:6379 --name redis -e REDIS_PASSWORD=password -it ubuntu/redis:latest
 pip install cmdbox
 cmdbox -v
 ```
 
-- Also install the docker version of the redis server.
+- When using SAML in web mode, install the modules with dependencies.
+```bash
+pip install xmlsec==1.3.13 python3-saml
+apt-get install -y pkg-config libxml2-dev libxmlsec1-dev libxmlsec1-openssl build-essential libopencv-dev
+```
+
+- When using `--agent use` in web mode, install the modules with dependencies.
+```bash
+pip install google-adk litellm
+```
+
+# Run
+
+- Run the cmdbox server.
+
+```bash
+cmdbox -m server -c start &
+```
+
+- Run the cmdbox web.
+
+```bash
+cmdbox -m web -c start --signin_file .cmdbox/user_list.yml &
+```
+
+- Run the cmdbox web with agent.
+- Below is an example of using Google vertexai.
+- Other available options include Azure OpenAI and Ollama.
 
 ```bash
-docker run -p 6379:6379 --name redis -it ubuntu/redis:latest
+cmdbox -m web -c start --signin_file .cmdbox/user_list.yml --agent use --llmprov vertexai --llmmodel gemini-2.0-flash --llmlocation us-central1 --llmsvaccountfile <account json file>
 ```
 
+
 # Tutorial
 
 - Open the ```.sample/sample_project``` folder in the current directory with VSCode.
@@ -287,29 +319,47 @@ aliases:                                # Specify the alias for the specified co
                                         #   e.g. /{1}_exec
         move:                           # Specify whether to move the regular expression group of the source to the target.
                                         #   e.g. true
-  audit:
-    enabled: true                       # Specify whether to enable the audit function.
-    write:
-      mode: audit                       # Specify the mode of the feature to be writed.
-      cmd: write                        # Specify the command to be writed.
-    search:
-      mode: audit                       # Specify the mode of the feature to be searched.
-      cmd: search                       # Specify the command to be searched.
-    options:                            # Specify the options for the audit function.
-      host: localhost                   # Specify the service host of the audit Redis server.However, if it is specified as a command line argument, it is ignored.
-      port: 6379                        # Specify the service port of the audit Redis server.However, if it is specified as a command line argument, it is ignored.
-      password: password                # Specify the access password of the audit Redis server.However, if it is specified as a command line argument, it is ignored.
-      svname: server                    # Specify the audit service name of the inference server.However, if it is specified as a command line argument, it is ignored.
-      retry_count: 3                    # Specifies the number of reconnections to the audit Redis server.If less than 0 is specified, reconnection is forever.
-      retry_interval: 1                 # Specifies the number of seconds before reconnecting to the audit Redis server.
-      timeout: 15                       # Specify the maximum waiting time until the server responds.
-      pg_enabled: False                 # Specify True if using the postgresql database server.
-      pg_host: localhost                # Specify the postgresql host.
-      pg_port: 5432                     # Specify the postgresql port.
-      pg_user: postgres                 # Specify the postgresql user name.
-      pg_password: password             # Specify the postgresql password.
-      pg_dbname: audit                  # Specify the postgresql database name.
-      retention_period_days: 365        # Specify the number of days to retain audit logs.
+agentrule:                              # Specifies a list of rules that determine which commands the agent can execute.
+  policy: deny                          # Specify the default policy for the rule. The value can be allow or deny.
+  rules:                                # Specify the rules for the commands that the agent can execute according to the group to which the user belongs.
+  - mode: audit                         # Specify the "mode" as the condition for applying the rule.
+    cmds: [search, write]               # Specify the "cmd" to which the rule applies. Multiple items can be specified in a list.
+    rule: allow                         # Specifies whether the specified command is allowed or not. Values are allow or deny.
+  - mode: client
+    cmds: [file_copy, file_download, file_list, file_mkdir, file_move, file_remove, file_rmdir, file_upload, server_info]
+    rule: allow
+  - mode: cmd
+    cmds: [list, load]
+    rule: allow
+  - mode: server
+    cmds: [list]
+    rule: allow
+  - mode: web
+    cmds: [gencert, genpass, group_list, user_list]
+    rule: allow
+audit:
+  enabled: true                         # Specify whether to enable the audit function.
+  write:
+    mode: audit                         # Specify the mode of the feature to be writed.
+    cmd: write                          # Specify the command to be writed.
+  search:
+    mode: audit                         # Specify the mode of the feature to be searched.
+    cmd: search                         # Specify the command to be searched.
+  options:                              # Specify the options for the audit function.
+    host: localhost                     # Specify the service host of the audit Redis server.However, if it is specified as a command line argument, it is ignored.
+    port: 6379                          # Specify the service port of the audit Redis server.However, if it is specified as a command line argument, it is ignored.
+    password: password                  # Specify the access password of the audit Redis server.However, if it is specified as a command line argument, it is ignored.
+    svname: cmdbox                      # Specify the audit service name of the inference server.However, if it is specified as a command line argument, it is ignored.
+    retry_count: 3                      # Specifies the number of reconnections to the audit Redis server.If less than 0 is specified, reconnection is forever.
+    retry_interval: 1                   # Specifies the number of seconds before reconnecting to the audit Redis server.
+    timeout: 15                         # Specify the maximum waiting time until the server responds.
+    pg_enabled: False                   # Specify True if using the postgresql database server.
+    pg_host: localhost                  # Specify the postgresql host.
+    pg_port: 5432                       # Specify the postgresql port.
+    pg_user: postgres                   # Specify the postgresql user name.
+    pg_password: password               # Specify the postgresql password.
+    pg_dbname: audit                    # Specify the postgresql database name.
+    retention_period_days: 365          # Specify the number of days to retain audit logs.
 
 ```
 
@@ -323,25 +373,25 @@ aliases:                                # Specify the alias for the specified co
 users:                         # A list of users, each of which is a map that contains the following fields.
 - uid: 1                       # An ID that identifies a user. No two users can have the same ID.
   name: admin                  # A name that identifies the user. No two users can have the same name.
-  password: XXXXXXXXXXX        # The user's password. The value is hashed with the hash function specified in the next hash field.
-  hash: plain                  # The hash function used to hash the password, which can be plain, md5, sha1, or sha256, or oauth2.
+  password: XXXXXXXXXXXXXXXX   # The user's password. The value is hashed with the hash function specified in the next hash field.
+  hash: plain                  # The hash function used to hash the password, which can be plain, md5, sha1, or sha256, or oauth2, or saml.
   groups: [admin]              # A list of groups to which the user belongs, as specified in the groups field.
-  email: admin@aaa.bbb.jp      # The email address of the user, used when authenticating using the provider specified in the oauth2 field.
+  email: admin@aaa.bbb.jp      # The email address of the user, used when authenticating using the provider specified in the oauth2 or saml field.
 - uid: 101
   name: user01
-  password: XXXXXXXXXXX
+  password: XXXXXXXXXXXXXXXX
   hash: md5
   groups: [user]
   email: user01@aaa.bbb.jp
 - uid: 102
   name: user02
-  password: XXXXXXXXXXX
+  password: XXXXXXXXXXXXXXXX
   hash: sha1
   groups: [readonly]
   email: user02@aaa.bbb.jp
 - uid: 103
   name: user03
-  password: XXXXXXXXXXX
+  password: XXXXXXXXXXXXXXXX
   hash: sha256
   groups: [editor]
   email: user03@aaa.bbb.jp
@@ -371,6 +421,10 @@ cmdrule:                       # A list of command rules, Specify a rule that de
     mode: server
     cmds: [list]
     rule: allow
+  - groups: [user, guest]
+    mode: audit
+    cmds: [write]
+    rule: allow
   - groups: [user, guest]
     mode: web
     cmds: [genpass]
@@ -391,7 +445,8 @@ pathrule:                      # List of RESTAPI rules, rules that determine whe
     rule: allow
   - groups: [user]
     paths: [/signin, /assets, /bbforce_cmd, /copyright, /dosignin, /dosignout, /password/change,
-            /exec_cmd, /exec_pipe, /filer, /gui, /get_server_opt, /usesignout, /versions_cmdbox, /versions_used]
+            /gui/user_data/load, /gui/user_data/save, /gui/user_data/delete,
+            /exec_cmd, /exec_pipe, /filer, /result, /gui, /get_server_opt, /usesignout, /versions_cmdbox, /versions_used]
     rule: allow
   - groups: [readonly]
     paths: [/gui/del_cmd, /gui/del_pipe, /gui/save_cmd, /gui/save_pipe]
@@ -426,7 +481,8 @@ oauth2:                             # OAuth2 settings.
       client_secret: XXXXXXXXXXX    # Specify Google's OAuth2 client secret.
       redirect_uri: https://localhost:8443/oauth2/google/callback # Specify Google's OAuth2 redirect URI.
       scope: ['email']              # Specify the scope you want to retrieve with Google's OAuth2. Usually, just reading the email is sufficient.
-      signin_module:                # Specify the module name that implements the sign-in. see, cmdbox.app.signin.SignIn
+      signin_module:                # Specify the module name that implements the sign-in.
+        cmdbox.app.auth.google_signin
       note:                         # Specify a description such as Google's OAuth2 reference site.
       - https://developers.google.com/identity/protocols/oauth2/web-server?hl=ja#httprest
     github:                         # OAuth2 settings for GitHub.
@@ -435,9 +491,50 @@ oauth2:                             # OAuth2 settings.
       client_secret: XXXXXXXXXXX    # Specify the GitHub OAuth2 client secret.
       redirect_uri: https://localhost:8443/oauth2/github/callback # Specify the OAuth2 redirect URI for GitHub.
       scope: ['user:email']         # Specify the scope you want to get from GitHub's OAuth2. Usually, just reading the email is sufficient.
-      signin_module:                # Specify the module name that implements the sign-in. see, cmdbox.app.signin.SignIn
+      signin_module:                # Specify the module name that implements the sign-in.
+        cmdbox.app.auth.github_signin
       note:                         # Specify a description, such as a reference site for OAuth2 on GitHub.
       - https://docs.github.com/ja/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#scopes
+    azure:                          # OAuth2 settings for Azure AD.
+      enabled: false                # Specify whether to enable OAuth2 for Azure AD.
+      tenant_id: XXXXXXXXXXX        # Specify the tenant ID for Azure AD.
+      client_id: XXXXXXXXXXX        # Specify the OAuth2 client ID for Azure AD.
+      client_secret: XXXXXXXXXXX    # Specify the Azure AD OAuth2 client secret.
+      redirect_uri: https://localhost:8443/oauth2/azure/callback # Specify the OAuth2 redirect URI for Azure AD.
+      scope: ['openid', 'profile', 'email', 'https://graph.microsoft.com/mail.read']
+      signin_module:                # Specify the module name that implements the sign-in.
+        cmdbox.app.auth.azure_signin
+      note:                         # Specify a description, such as a reference site for Azure AD's OAuth2.
+      - https://learn.microsoft.com/ja-jp/entra/identity-platform/v2-oauth2-auth-code-flow
+saml:                               # SAML settings.
+  providers:                        # This is a per-provider setting for OAuth2.
+    azure:                          # SAML settings for Azure AD.
+      enabled: false                # Specify whether to enable SAML authentication for Azure AD.
+      signin_module:                # Specify the module name that implements the sign-in.
+        cmdbox.app.auth.azure_signin_saml # Specify the python3-saml configuration.
+                                    # see) https://github.com/SAML-Toolkits/python3-saml
+      sp:
+        entityId: https://localhost:8443/
+        assertionConsumerService:
+          url: https://localhost:8443/saml/azure/callback
+          binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
+        attributeConsumingService: {}
+        singleLogoutService:
+          binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
+        NameIDFormat: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+        x509cert: ''
+        privateKey: ''
+      idp:
+        entityId: https://sts.windows.net/{tenant-id}/
+        singleSignOnService:
+          url: https://login.microsoftonline.com/{tenant-id}/saml2
+          binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
+        x509cert: XXXXXXXXXXX
+        singleLogoutService: {}
+        certFingerprint: ''
+        certFingerprintAlgorithm: sha1
+
+
 ```
 
 - See the documentation for references to each file.