pci compliance headers

usmannasir · Nov 5, 2019 · e4a375f · e4a375f
1 parent 95a953a
commit e4a375f
Show file tree

Hide file tree

Showing 10 changed files with 55 additions and 28 deletions.
diff --git a/CyberCP/secMiddleware.py b/CyberCP/secMiddleware.py
@@ -92,5 +92,12 @@ def __call__(self, request):
                 logging.writeToFile(str(msg))
                 response = self.get_response(request)
                 return response
+
+
         response = self.get_response(request)
+
+        response['X-XSS-Protection'] = "1; mode=block"
+        response['Strict-Transport-Security'] = "max-age=31536000; includeSubDomains; preload"
+        response['X-Frame-Options'] = "DENY"
+
         return response
diff --git a/CyberCP/settings.py b/CyberCP/settings.py
@@ -127,7 +127,8 @@
 }
 
 DATABASE_ROUTERS = ['backup.backupRouter.backupRouter']
-
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
 
 # Password validation
 # https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators

diff --git a/WebTerminal/CPWebSocket.py b/WebTerminal/CPWebSocket.py
@@ -9,6 +9,8 @@
 import time
 
 class SSHServer(multi.Thread):
+    OKGREEN = '\033[92m'
+    ENDC = '\033[0m'
 
     def loadPublicKey(self):
         pubkey = '/root/.ssh/cyberpanel.pub'
@@ -44,17 +46,25 @@ def __init__(self, websocket):
         self.shell.settimeout(0)
 
         self.websocket = websocket
+        self.color = 0
 
     def recvData(self):
         while True:
             try:
                 if os.path.exists(self.websocket.verifyPath):
-                    if self.shell.recv_ready():
-                        self.websocket.sendMessage(self.shell.recv(9000).decode("utf-8"))
-                    else:
-                        time.sleep(0.1)
+                    if self.websocket.filePassword == self.websocket.filePassword:
+                        if self.shell.recv_ready():
+                            if self.color == 0:
+                                text = '%sEnjoy your accelerated Internet by CyberPanel and LiteSpeed%s' % (SSHServer.OKGREEN, SSHServer.ENDC)
+                                nText = 'Enjoy your accelerated Internet by CyberPanel'
+                                self.websocket.sendMessage(self.shell.recv(9000).decode("utf-8").replace(nText, text))
+                                self.color = 1
+                            else:
+                                self.websocket.sendMessage(self.shell.recv(9000).decode("utf-8"))
+                        else:
+                            time.sleep(0.01)
             except BaseException, msg:
-                time.sleep(2)
+                time.sleep(0.1)
 
     def run(self):
         try:
@@ -70,9 +80,12 @@ def handleMessage(self):
            data = json.loads(self.data)
            if str(self.data).find('"tp":"init"') > -1:
                self.verifyPath = str(data['data']['verifyPath'])
+               self.password = str(data['data']['password'])
+               self.filePassword = open(self.verifyPath, 'r').read()
            else:
                if os.path.exists(self.verifyPath):
-                   self.shell.send(str(data['data']))
+                   if self.filePassword == self.filePassword:
+                    self.shell.send(str(data['data']))
        except:
            pass
 

diff --git a/WebTerminal/static/WebTerminal/main.js b/WebTerminal/static/WebTerminal/main.js
@@ -67,14 +67,9 @@ function check() {
 function connect() {
     var remember = $("#remember").is(":checked");
     var options = {
-        host: $("#host").val(),
-        port: $("#port").val(),
-        username: $("#username").val(),
-        ispwd: $("input[name=ispwd]:checked").val(),
-        secret: $("#secret").val(),
-        verifyPath: $("#verifyPath").text()
-    }
-    console.debug(options);
+        verifyPath: $("#verifyPath").text(),
+        password: $("#password").text()
+    };
     if (remember) {
         store(options)
     }

diff --git a/WebTerminal/static/WebTerminal/ws.js b/WebTerminal/static/WebTerminal/ws.js
@@ -58,7 +58,7 @@ WSSHClient.prototype.sendInitData = function (options) {
 }
 
 WSSHClient.prototype.sendClientData = function (data) {
-    this._connection.send(JSON.stringify({"tp": "client", "data": data, 'verifyPath': $("#verifyPath").text()}))
+    this._connection.send(JSON.stringify({"tp": "client", "data": data, 'verifyPath': $("#verifyPath").text(), 'password': $("#password").text()}))
 }
 
 var client = new WSSHClient();
diff --git a/WebTerminal/templates/WebTerminal/WebTerminal.html b/WebTerminal/templates/WebTerminal/WebTerminal.html
@@ -42,6 +42,7 @@ <h3 class="content-box-header">
 
                     </div>
                     <div style="display: none" id="verifyPath">{{ verifyPath }}</div>
+                    <div style="display: none" id="password">{{ password }}</div>
                 </div>
             </div>
         </div>

diff --git a/WebTerminal/views.py b/WebTerminal/views.py
@@ -11,6 +11,7 @@
 from plogical.firewallUtilities import FirewallUtilities
 from firewall.models import FirewallRules
 import json
+import plogical.randomPassword
 
 # Create your views here.
 
@@ -24,12 +25,13 @@ def terminal(request):
         else:
             return ACLManager.loadError()
 
+        password = plogical.randomPassword.generate_pass()
+
         verifyPath = "/home/cyberpanel/" + str(randint(100000, 999999))
         writeToFile = open(verifyPath, 'w')
-        writeToFile.writelines('code')
+        writeToFile.write(password)
         writeToFile.close()
 
-
         ## setting up ssh server
         path = '/etc/systemd/system/cpssh.service'
         curPath = '/usr/local/CyberCP/WebTerminal/cpssh.service'
@@ -46,7 +48,7 @@ def terminal(request):
             newFWRule = FirewallRules(name='terminal', proto='tcp', port='5678', ipAddress='0.0.0.0/0')
             newFWRule.save()
 
-        return render(request, 'WebTerminal/WebTerminal.html', {'verifyPath': verifyPath})
+        return render(request, 'WebTerminal/WebTerminal.html', {'verifyPath': verifyPath, 'password': password})
     except BaseException, msg:
         logging.writeToFile(str(msg))
         return redirect(loadLoginPage)

diff --git a/plogical/upgrade.py b/plogical/upgrade.py
@@ -1353,6 +1353,12 @@ def downloadAndUpgrade(versionNumbring):
                 if items.find('WebTerminal') > -1:
                     WebTerminal = 0
 
+            SESSION_COOKIE_SECURE = 1
+
+            for items in data:
+                if items.find('SESSION_COOKIE_SECURE') > -1:
+                    SESSION_COOKIE_SECURE = 0
+
             Upgrade.stdOut('Restoring settings file!')
 
             writeToFile = open("/usr/local/CyberCP/CyberCP/settings.py", 'w')
@@ -1362,6 +1368,13 @@ def downloadAndUpgrade(versionNumbring):
                     if csrfCheck == 1:
                         writeToFile.writelines("    'django.middleware.csrf.CsrfViewMiddleware',\n")
 
+                if items.find('DATABASE_ROUTERS') > -1:
+                    if SESSION_COOKIE_SECURE == 1:
+                        con = """SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+"""
+                        writeToFile.writelines(con)
+
                 elif items.find("'filemanager',") > -1:
                     writeToFile.writelines(items)
                     if pluginCheck == 1:

diff --git a/static/WebTerminal/main.js b/static/WebTerminal/main.js
@@ -67,14 +67,9 @@ function check() {
 function connect() {
     var remember = $("#remember").is(":checked");
     var options = {
-        host: $("#host").val(),
-        port: $("#port").val(),
-        username: $("#username").val(),
-        ispwd: $("input[name=ispwd]:checked").val(),
-        secret: $("#secret").val(),
-        verifyPath: $("#verifyPath").text()
-    }
-    console.debug(options);
+        verifyPath: $("#verifyPath").text(),
+        password: $("#password").text()
+    };
     if (remember) {
         store(options)
     }

diff --git a/static/WebTerminal/ws.js b/static/WebTerminal/ws.js
@@ -58,7 +58,7 @@ WSSHClient.prototype.sendInitData = function (options) {
 }
 
 WSSHClient.prototype.sendClientData = function (data) {
-    this._connection.send(JSON.stringify({"tp": "client", "data": data, 'verifyPath': $("#verifyPath").text()}))
+    this._connection.send(JSON.stringify({"tp": "client", "data": data, 'verifyPath': $("#verifyPath").text(), 'password': $("#password").text()}))
 }
 
 var client = new WSSHClient();