pywebexec 1.0.0__tar.gz → 1.1.1__tar.gz

{pywebexec-1.0.0/pywebexec.egg-info → pywebexec-1.1.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.2
 Name: pywebexec
-Version: 1.0.0
+Version: 1.1.1
 Summary: Simple Python HTTP Exec Server
 Home-page: https://github.com/joknarf/pywebexec
 Author: Franck Jouvanceau
@@ -58,6 +58,7 @@ Requires-Dist: cryptography>=40.0.2
 Requires-Dist: Flask>=2.0.3
 Requires-Dist: Flask-HTTPAuth>=4.8.0
 Requires-Dist: gunicorn>=21.2.0
+Requires-Dist: ldap3>=2.9.1
 
 [![Pypi version](https://img.shields.io/pypi/v/pywebexec.svg)](https://pypi.org/project/pywebexec/)
 ![example](https://github.com/joknarf/pywebexec/actions/workflows/python-publish.yml/badge.svg)
@@ -75,13 +76,14 @@ $ pip install pywebexec
 
 ## Quick start
 
+* put in a directory the scripts/commands/links to commands you want to expose
 * start http server serving current directory executables listening on 0.0.0.0 port 8080
-```
+```shell
 $ pywebexec
 ```
 
 * Launch commands with params/view live output/Status using browser
-![image](https://github.com/user-attachments/assets/921da56f-6d4b-46e3-b16c-e01a2dc9accf)
+![pywebexec](https://github.com/user-attachments/assets/d352cc23-1552-4b79-a6ff-f02f05cf328e)
 
 ## features
 
@@ -92,40 +94,55 @@ $ pywebexec
 * Relaunch command
 * HTTPS support
 * HTTPS self-signed certificate generator
+* Basic Auth
+* LDAP(S)
 * Can be started as a daemon (POSIX)
 * uses gunicorn to serve http/https
 * compatible Linux/MacOS
 
 ## Customize server
-```
+```shell
 $ pywebexec --dir ~/myscripts --listen 0.0.0.0 --port 8080
 $ pywebexec -d ~/myscripts -l 0.0.0.0 -p 8080
 ```
 
-## Basic auth user/password
-```
+## Basic auth 
+
+* single user/password
+```shell
 $ pywebexec --user myuser [--password mypass]
-$ pywebfs -u myuser [-P mypass]
+$ pywebexec -u myuser [-P mypass]
 ```
 Generated password is given if no `--pasword` option
 
+* ldap(s) password check / group member
+```shell
+$ export PYWEBEXEC_LDAP_SERVER=ldap.forumsys.com
+$ export PYWEBEXEC_LDAP_USE_SSL=0
+$ export PYWEBEXEC_LDAP_BIND_DN="cn=read-only-admin,dc=example,dc=com"
+$ export PYWEBEXEC_LDAP_BIND_PASSWORD="password"
+$ export PYWEBEXEC_LDAP_GROUPS=mathematicians,scientists
+$ export PYWEBEXEC_LDAP_USER_ID="uid"
+$ export PYWEBEXEC_LDAP_BASE_DN="dc=example,dc=com"
+$ pywebexec
+```
 ## HTTPS server
 
 * Generate auto-signed certificate and start https server
-```
+```shell
 $ pywebfs --gencert
 $ pywebfs --g
 ```
 
 * Start https server using existing certificate
-```
+```shell
 $ pywebfs --cert /pathto/host.cert --key /pathto/host.key
 $ pywebfs -c /pathto/host.cert -k /pathto/host.key
 ```
 
 ## Launch server as a daemon
 
-```
+```shell
 $ pywebexec start
 $ pywebexec status
 $ pywebexec stop
@@ -134,8 +151,8 @@ $ pywebexec stop
 
 ## Launch command through API
 
-```
-# curl http://myhost:8080/run_script -H 'Content-Type: application/json' -X POST -d '{ "script_name":"myscript", "param":["param1", ...]}
+```shell
+$ curl http://myhost:8080/run_script -H 'Content-Type: application/json' -X POST -d '{ "script_name":"myscript", "param":["param1", ...]}
 ```
 
 ## API reference

{pywebexec-1.0.0 → pywebexec-1.1.1}/README.md

@@ -14,13 +14,14 @@ $ pip install pywebexec
 
 ## Quick start
 
+* put in a directory the scripts/commands/links to commands you want to expose
 * start http server serving current directory executables listening on 0.0.0.0 port 8080
-```
+```shell
 $ pywebexec
 ```
 
 * Launch commands with params/view live output/Status using browser
-![image](https://github.com/user-attachments/assets/921da56f-6d4b-46e3-b16c-e01a2dc9accf)
+![pywebexec](https://github.com/user-attachments/assets/d352cc23-1552-4b79-a6ff-f02f05cf328e)
 
 ## features
 
@@ -31,40 +32,55 @@ $ pywebexec
 * Relaunch command
 * HTTPS support
 * HTTPS self-signed certificate generator
+* Basic Auth
+* LDAP(S)
 * Can be started as a daemon (POSIX)
 * uses gunicorn to serve http/https
 * compatible Linux/MacOS
 
 ## Customize server
-```
+```shell
 $ pywebexec --dir ~/myscripts --listen 0.0.0.0 --port 8080
 $ pywebexec -d ~/myscripts -l 0.0.0.0 -p 8080
 ```
 
-## Basic auth user/password
-```
+## Basic auth 
+
+* single user/password
+```shell
 $ pywebexec --user myuser [--password mypass]
-$ pywebfs -u myuser [-P mypass]
+$ pywebexec -u myuser [-P mypass]
 ```
 Generated password is given if no `--pasword` option
 
+* ldap(s) password check / group member
+```shell
+$ export PYWEBEXEC_LDAP_SERVER=ldap.forumsys.com
+$ export PYWEBEXEC_LDAP_USE_SSL=0
+$ export PYWEBEXEC_LDAP_BIND_DN="cn=read-only-admin,dc=example,dc=com"
+$ export PYWEBEXEC_LDAP_BIND_PASSWORD="password"
+$ export PYWEBEXEC_LDAP_GROUPS=mathematicians,scientists
+$ export PYWEBEXEC_LDAP_USER_ID="uid"
+$ export PYWEBEXEC_LDAP_BASE_DN="dc=example,dc=com"
+$ pywebexec
+```
 ## HTTPS server
 
 * Generate auto-signed certificate and start https server
-```
+```shell
 $ pywebfs --gencert
 $ pywebfs --g
 ```
 
 * Start https server using existing certificate
-```
+```shell
 $ pywebfs --cert /pathto/host.cert --key /pathto/host.key
 $ pywebfs -c /pathto/host.cert -k /pathto/host.key
 ```
 
 ## Launch server as a daemon
 
-```
+```shell
 $ pywebexec start
 $ pywebexec status
 $ pywebexec stop
@@ -73,8 +89,8 @@ $ pywebexec stop
 
 ## Launch command through API
 
-```
-# curl http://myhost:8080/run_script -H 'Content-Type: application/json' -X POST -d '{ "script_name":"myscript", "param":["param1", ...]}
+```shell
+$ curl http://myhost:8080/run_script -H 'Content-Type: application/json' -X POST -d '{ "script_name":"myscript", "param":["param1", ...]}
 ```
 
 ## API reference

{pywebexec-1.0.0 → pywebexec-1.1.1}/pyproject.toml

@@ -14,6 +14,7 @@ dependencies = [
   "Flask>=2.0.3",
   "Flask-HTTPAuth>=4.8.0",
   "gunicorn>=21.2.0",
+  "ldap3>=2.9.1",
 ]
 dynamic=["version"]
 readme = "README.md"

{pywebexec-1.0.0 → pywebexec-1.1.1}/pywebexec/pywebexec.py

@@ -1,5 +1,5 @@
 import sys
-from flask import Flask, request, jsonify, render_template
+from flask import Flask, request, jsonify, render_template, session, redirect, url_for
 from flask_httpauth import HTTPBasicAuth
 import subprocess
 import threading
@@ -9,16 +9,33 @@ import uuid
 import argparse
 import random
 import string
-from datetime import datetime
+from datetime import datetime, timezone, timedelta
 import shlex
 from gunicorn.app.base import Application
-from datetime import timezone, timedelta
 import ipaddress
 from socket import gethostname, gethostbyname_ex
+import ssl
+
+if os.environ.get('PYWEBEXEC_LDAP_SERVER'):
+    try:
+        from ldap3 import Server, Connection, ALL, SIMPLE, SUBTREE, Tls
+    except:
+        print("Need to install ldap3: pip install ldap3", file=sys.stderr)
+        sys.exit(1)
 
 app = Flask(__name__)
+app.secret_key = os.urandom(24)  # Secret key for session management
+app.config['SESSION_COOKIE_SAMESITE'] = 'Lax'  # Add SameSite attribute to session cookies
 auth = HTTPBasicAuth()
 
+app.config['LDAP_SERVER'] = os.environ.get('PYWEBEXEC_LDAP_SERVER')
+app.config['LDAP_USER_ID'] = os.environ.get('PYWEBEXEC_LDAP_USER_ID', "uid")
+app.config['LDAP_GROUPS'] = os.environ.get('PYWEBEXEC_LDAP_GROUPS')
+app.config['LDAP_BASE_DN'] = os.environ.get('PYWEBEXEC_LDAP_BASE_DN')
+app.config['LDAP_BIND_DN'] = os.environ.get('PYWEBEXEC_LDAP_BIND_DN')
+app.config['LDAP_BIND_PASSWORD'] = os.environ.get('PYWEBEXEC_LDAP_BIND_PASSWORD')
+app.config['LDAP_USE_SSL'] = int(os.environ.get('PYWEBEXEC_LDAP_USE_SSL', False))
+
 # Directory to store the command status and output
 COMMAND_STATUS_DIR = '.web_status'
 CONFDIR = os.path.expanduser("~/")
@@ -29,6 +46,9 @@ CONFDIR += "/.pywebexec"
 if not os.path.exists(COMMAND_STATUS_DIR):
     os.makedirs(COMMAND_STATUS_DIR)
 
+# In-memory cache for command statuses
+command_status_cache = {}
+
 def generate_random_password(length=12):
     characters = string.ascii_letters + string.digits + string.punctuation
     return ''.join(random.choice(characters) for i in range(length))
@@ -124,6 +144,39 @@ class StandaloneApplication(Application):
         return self.application
 
 
+def decode_line(line: bytes) -> str:
+    """try decode line exception on binary"""
+    try:
+        return line.decode()
+    except UnicodeDecodeError:
+        return ""
+
+
+def last_line(fd, maxline=1000):
+    """last non empty line of file"""
+    line = "\n"
+    fd.seek(0, os.SEEK_END)
+    size = 0
+    while line in ["\n", "\r"] and size < maxline:
+        try:  # catch if file empty / only empty lines
+            while fd.read(1) not in [b"\n", b"\r"]:
+                fd.seek(-2, os.SEEK_CUR)
+                size += 1
+        except OSError:
+            fd.seek(0)
+            line = decode_line(fd.readline())
+            break
+        line = decode_line(fd.readline())
+        fd.seek(-4, os.SEEK_CUR)
+    return line.strip()
+
+
+def get_last_non_empty_line_of_file(file_path):
+    """Get the last non-empty line of a file."""
+    with open(file_path, 'rb') as f:
+        return last_line(f)
+    
+
 def start_gunicorn(daemon=False, baselog=None):
     if daemon:
         errorlog = f"{baselog}.log"
@@ -186,8 +239,8 @@ def daemon_d(action, pidfilepath, hostname=None, args=None):
 def parseargs():
     global app, args
     parser = argparse.ArgumentParser(description='Run the command execution server.')
-    parser.add_argument('--user', help='Username for basic auth')
-    parser.add_argument('--password', help='Password for basic auth')
+    parser.add_argument('-u', '--user', help='Username for basic auth')
+    parser.add_argument('-P', '--password', help='Password for basic auth')
     parser.add_argument(
         "-l", "--listen", type=str, default="0.0.0.0", help="HTTP server listen address"
     )
@@ -241,6 +294,7 @@ def parseargs():
     else:
         app.config['USER'] = None
         app.config['PASSWORD'] = None
+
     return args
 
 parseargs()
@@ -267,15 +321,35 @@ def update_command_status(command_id, status, command=None, params=None, start_t
         status_data['exit_code'] = exit_code
     if pid is not None:
         status_data['pid'] = pid
+    if status != 'running':
+        output_file_path = get_output_file_path(command_id)
+        if os.path.exists(output_file_path):
+            status_data['last_output_line'] = get_last_non_empty_line_of_file(output_file_path)
     with open(status_file_path, 'w') as f:
         json.dump(status_data, f)
+    
+    # Update cache if status is not "running"
+    if status != 'running':
+        command_status_cache[command_id] = status_data
+    elif command_id in command_status_cache:
+        del command_status_cache[command_id]
 
 def read_command_status(command_id):
+    # Return cached status if available
+    if command_id in command_status_cache:
+        return command_status_cache[command_id]
+    
     status_file_path = get_status_file_path(command_id)
     if not os.path.exists(status_file_path):
         return None
     with open(status_file_path, 'r') as f:
-        return json.load(f)
+        status_data = json.load(f)
+    
+    # Cache the status if it is not "running"
+    if status_data['status'] != 'running':
+        command_status_cache[command_id] = status_data
+    
+    return status_data
 
 # Dictionary to store the process objects
 processes = {}
@@ -307,13 +381,60 @@ def run_command(command, params, command_id):
         with open(get_output_file_path(command_id), 'a') as output_file:
             output_file.write(str(e))
 
-def auth_required(f):
-    if app.config.get('USER'):
-        return auth.login_required(f)
-    return f
+@app.before_request
+def check_authentication():
+    if 'username' not in session and request.endpoint not in ['login', 'static']:
+        return auth.login_required(lambda: None)()
+
+@auth.verify_password
+def verify_password(username, password):
+    if not username:
+        return False
+    if app.config['USER']:
+        if username == app.config['USER'] and password == app.config['PASSWORD']:
+            session['username'] = username
+            return True
+    elif app.config['LDAP_SERVER']:
+        if verify_ldap(username, password):
+            session['username'] = username
+            return True
+    return False
+
+def verify_ldap(username, password):
+    tls_configuration = Tls(validate=ssl.CERT_NONE, version=ssl.PROTOCOL_TLSv1_2) if app.config['LDAP_USE_SSL'] else None
+    server = Server(app.config['LDAP_SERVER'], use_ssl=app.config['LDAP_USE_SSL'], tls=tls_configuration, get_info=ALL)
+    user_filter = f"({app.config['LDAP_USER_ID']}={username})"
+    try:
+        # Bind with the bind DN and password
+        conn = Connection(server, user=app.config['LDAP_BIND_DN'], password=app.config['LDAP_BIND_PASSWORD'], authentication=SIMPLE, auto_bind=True)
+        try:
+            conn.search(search_base=app.config['LDAP_BASE_DN'], search_filter=user_filter)
+            if len(conn.entries) == 0:
+                print(f"User {username} not found in LDAP.")
+                return False
+            user_dn = conn.entries[0].entry_dn
+        finally:
+            conn.unbind()
+        
+        # Bind with the user DN and password to verify credentials
+        conn = Connection(server, user=user_dn, password=password, authentication=SIMPLE, auto_bind=True)
+        try:
+            if not app.config['LDAP_GROUPS'] and conn.result["result"] == 0:
+                return True
+            group_filter = "".join([f'(ou={group})' for group in app.config['LDAP_GROUPS'].split(",")])
+            group_filter = f"(&{group_filter}(|(member={user_dn})(uniqueMember={user_dn})))"
+            conn.search(search_base=app.config['LDAP_BASE_DN'], search_filter=group_filter)
+            result = len(conn.entries) > 0
+            if not result:
+                print(f"User {username} is not a member of groups {app.config['LDAP_GROUPS']}.")
+            return result
+        finally:
+            conn.unbind()
+    except Exception as e:
+        print(f"LDAP authentication failed: {e}")
+        return False
 
 @app.route('/run_command', methods=['POST'])
-@auth_required
 def run_command_endpoint():
     data = request.json
     command = data.get('command')
@@ -346,7 +467,6 @@ def run_command_endpoint():
     return jsonify({'message': 'Command is running', 'command_id': command_id})
 
 @app.route('/stop_command/<command_id>', methods=['POST'])
-@auth_required
 def stop_command(command_id):
     status = read_command_status(command_id)
     if not status or 'pid' not in status:
@@ -370,7 +490,6 @@ def stop_command(command_id):
         return jsonify({'error': 'Failed to terminate command'}), 500
 
 @app.route('/command_status/<command_id>', methods=['GET'])
-@auth_required
 def get_command_status(command_id):
     status = read_command_status(command_id)
     if not status:
@@ -385,12 +504,10 @@ def get_command_status(command_id):
     return jsonify(status)
 
 @app.route('/')
-@auth_required
 def index():
     return render_template('index.html', title=args.title)
 
 @app.route('/commands', methods=['GET'])
-@auth_required
 def list_commands():
     commands = []
     for filename in os.listdir(COMMAND_STATUS_DIR):
@@ -409,14 +526,14 @@ def list_commands():
                     'start_time': status.get('start_time', 'N/A'),
                     'end_time': status.get('end_time', 'N/A'),
                     'command': command,
-                    'exit_code': status.get('exit_code', 'N/A')
+                    'exit_code': status.get('exit_code', 'N/A'),
+                    'last_output_line': status.get('last_output_line', get_last_non_empty_line_of_file(get_output_file_path(command_id))),
                 })
     # Sort commands by start_time in descending order
     commands.sort(key=lambda x: x['start_time'], reverse=True)
     return jsonify(commands)
 
 @app.route('/command_output/<command_id>', methods=['GET'])
-@auth_required
 def get_command_output(command_id):
     output_file_path = get_output_file_path(command_id)
     if os.path.exists(output_file_path):
@@ -427,15 +544,10 @@ def get_command_output(command_id):
     return jsonify({'error': 'Invalid command_id'}), 404
 
 @app.route('/executables', methods=['GET'])
-@auth_required
 def list_executables():
     executables = [f for f in os.listdir('.') if os.path.isfile(f) and os.access(f, os.X_OK)]
     return jsonify(executables)
 
-@auth.verify_password
-def verify_password(username, password):
-    return username == app.config['USER'] and password == app.config['PASSWORD']
-
 def main():
     basef = f"{CONFDIR}/pywebexec_{args.listen}:{args.port}"
     if not os.path.exists(CONFDIR):
@@ -448,4 +560,4 @@ def main():
 
 if __name__ == '__main__':
     main()
-    # app.run(host='0.0.0.0', port=5000)
+    # app.run(host='0.0.0.0', port=5000)

pywebexec-1.1.1/pywebexec/static/css/style.css

@@ -0,0 +1,112 @@
+body { font-family: Arial, sans-serif; }
+.table-container { height: 270px; overflow-y: auto; position: relative; }
+table { width: 100%; border-collapse: collapse; }
+th, td {
+    padding: 8px;
+    text-align: left;
+    border-bottom: 1px solid #ddd;
+    white-space: nowrap;
+}
+th { background-color: #f2f2f2; position: sticky; top: 0; z-index: 1; }
+.outcol {
+    width: 100%;
+}
+.output {
+    white-space: pre-wrap;
+    background: #f0f0f0;
+    padding: 10px;
+    border: 1px solid #ccc;
+    font-family: monospace;
+    border-radius: 15px;
+    overflow-y: auto;
+}
+.copy-icon { cursor: pointer; }
+.monospace { font-family: monospace; }
+.copied { color: green; margin-left: 5px; }
+button {
+    -webkit-appearance: none;
+    -webkit-border-radius: none;
+    appearance: none;
+    border-radius: 15px;
+    padding: 3px;
+    padding-right: 13px;
+    border: 1px #555 solid;
+    height: 22px;
+    font-size: 13px;
+    outline: none;
+    text-indent: 10px;
+    background-color: #eee;
+}
+form {
+    padding-bottom: 15px;
+}
+.status-icon {
+    display: inline-block;
+    width: 16px;
+    height: 16px;
+    margin-right: 5px;
+    background-size: contain;
+    background-repeat: no-repeat;
+    vertical-align: middle;
+}
+.status-running { 
+    background-image: url("/static/images/running.svg")
+}
+.status-success { 
+    background-image: url("/static/images/success.svg")
+}
+.status-failed { 
+    background-image: url("/static/images/failed.svg")
+}
+.status-aborted { 
+    background-image: url("/static/images/aborted.svg")
+}
+.copy_clip {
+    padding-right: 25px;
+    background-repeat: no-repeat;
+    background-position: right top;
+    background-size: 25px 16px;
+    white-space: nowrap;
+}
+.copy_clip:hover {
+    cursor: pointer;
+    background-image: url("/static/images/copy.svg");
+}
+.copy_clip_ok, .copy_clip_ok:hover {
+    background-image: url("/static/images/copy_ok.svg");
+}
+input {
+    width: 50%;
+    -webkit-appearance: none;
+    -webkit-border-radius: none;
+    appearance: none;
+    border-radius: 15px;
+    padding: 3px;
+    padding-right: 13px;
+    border: 1px #aaa solid;
+    height: 15px;
+    font-size: 15px;
+    outline: none;
+    text-indent: 10px;
+    background-color: white;
+}
+.currentcommand {
+    background-color: #eef;
+}
+.resizer {
+    width: 100%;
+    height: 5px;
+    background: #aaa;
+    cursor: ns-resize;
+    position: absolute;
+    bottom: 0;
+    left: 0;
+}
+.resizer-container {
+    position: relative;
+    height: 5px;
+    margin-bottom: 10px;
+}
+tr.clickable-row {
+    cursor: pointer;
+}

pywebexec-1.1.1/pywebexec/static/images/favicon.svg

@@ -0,0 +1 @@
+<svg fill="#000000" viewBox="-1 0 19 19" xmlns="http://www.w3.org/2000/svg" class="cf-icon-svg"><g id="SVGRepo_bgCarrier" stroke-width="0"></g><g id="SVGRepo_tracerCarrier" stroke-linecap="round" stroke-linejoin="round"></g><g id="SVGRepo_iconCarrier"><path d="M16.5 9.5a8 8 0 1 1-8-8 8 8 0 0 1 8 8zm-2.97.006a5.03 5.03 0 1 0-5.03 5.03 5.03 5.03 0 0 0 5.03-5.03zm-7.383-.4H4.289a4.237 4.237 0 0 1 2.565-3.498q.1-.042.2-.079a7.702 7.702 0 0 0-.907 3.577zm0 .8a7.7 7.7 0 0 0 .908 3.577q-.102-.037-.201-.079a4.225 4.225 0 0 1-2.565-3.498zm.8-.8a9.04 9.04 0 0 1 .163-1.402 6.164 6.164 0 0 1 .445-1.415c.289-.615.66-1.013.945-1.013.285 0 .656.398.945 1.013a6.18 6.18 0 0 1 .445 1.415 9.078 9.078 0 0 1 .163 1.402zm3.106.8a9.073 9.073 0 0 1-.163 1.402 6.187 6.187 0 0 1-.445 1.415c-.289.616-.66 1.013-.945 1.013-.285 0-.656-.397-.945-1.013a6.172 6.172 0 0 1-.445-1.415 9.036 9.036 0 0 1-.163-1.402zm1.438-3.391a4.211 4.211 0 0 1 1.22 2.591h-1.858a7.698 7.698 0 0 0-.908-3.577q.102.037.201.08a4.208 4.208 0 0 1 1.345.906zm-.638 3.391h1.858a4.238 4.238 0 0 1-2.565 3.498q-.1.043-.2.08a7.697 7.697 0 0 0 .907-3.578z"></path></g></svg>