备份数据库时自动获取字符集，兼容let's中文域名使用DNS-Api

BTPanel/__init__.py

@@ -80,7 +80,7 @@
 admin_path_file = 'data/admin_path.pl'
 admin_path = '/'
 if os.path.exists(admin_path_file): admin_path = public.readFile(admin_path_file).strip()
-admin_path_checks = ['/','/close','/task','/login','/config','/site','/sites','ftp','/public','/database','/data','/download_file','/control','/crontab','/firewall','/files','config','/soft','/ajax','/system','/panel_data','/code','/ssl','/plugin','/wxapp','/hook','/safe','/yield','/downloadApi','/pluginApi','/auth','/download','/cloud','/webssh','/connect_event','/panel']
+admin_path_checks = ['/','/san','/monitor','/abnormal','/close','/task','/login','/config','/site','/sites','ftp','/public','/database','/data','/download_file','/control','/crontab','/firewall','/files','config','/soft','/ajax','/system','/panel_data','/code','/ssl','/plugin','/wxapp','/hook','/safe','/yield','/downloadApi','/pluginApi','/auth','/download','/cloud','/webssh','/connect_event','/panel']
 if admin_path in admin_path_checks: admin_path = '/bt'
 
 @app.route('/service_status',methods = method_get)
@@ -322,7 +322,7 @@ def panel_monitor(pdata=None):
     if comReturn: return comReturn
     import monitor
     dataObject = monitor.Monitor()
-    defs = ('get_access_ip', 'get_exception', 'get_exception_logs', 'get_attack_nums', 'php_count', 'return_php', 'mysql_client_count')
+    defs = ('get_spider', 'get_exception', 'get_request_count_qps', 'load_and_up_flow', 'get_request_count_by_hour')
     return publicObject(dataObject, defs, None, pdata)
 
 
@@ -334,15 +334,15 @@ def san_baseline(pdata=None):
     dataObject = san_baseline.san_baseline()
     defs = ('start', 'get_api_log', 'get_resut', 'get_ssh_errorlogin')
     return publicObject(dataObject, defs, None, pdata)
-  
-  
+
+
 @app.route('/abnormal', methods=method_all)
 def abnormal(pdata=None):
     comReturn = comm.local()
     if comReturn: return comReturn
     import abnormal
     dataObject = abnormal.abnormal()
-    defs = ( 'mysql_server', 'mysql_cpu', 'mysql_count', 'php_server', 'php_conn_max', 'php_cpu', 'CPU', 'Memory', 'disk', 'not_root_user','start')
+    defs = ('mysql_server', 'mysql_cpu', 'mysql_count', 'php_server', 'php_conn_max', 'php_cpu', 'CPU', 'Memory', 'disk', 'not_root_user', 'start')
     return publicObject(dataObject, defs, None, pdata)
 
 @app.route('/files',methods=method_all)
@@ -514,7 +514,7 @@ def plugin(pdata = None):
 def panel_public():
     get = get_input();
     get.client_ip = public.GetClientIp();
-
+    if not public.path_safe_check("%s/%s" % (get.name,get.fun)): return abort(404)
     if get.fun in ['scan_login','login_qrcode','set_login','is_scan_ok','blind']:
         #检查是否验证过安全入口
         if get.fun in ['login_qrcode','is_scan_ok']:
@@ -530,7 +530,6 @@ def panel_public():
     import panelPlugin
     plu = panelPlugin.panelPlugin()
     get.s = '_check';
-
     checks = plu.a(get)
     if type(checks) != bool or not checks: return public.getJson(checks),json_header
     get.s = get.fun
@@ -548,30 +547,6 @@ def send_favicon():
     return send_file(s_file,conditional=True,add_etags=True)
 
 
-@socketio.on('coll_socket')
-def coll_socket(msg):
-    coll_path = '/www/server/panel/plugin/coll'
-    if not os.path.exists(coll_path): 
-        emit('coll_response',{'data':'未安装宝塔群控主控端!'})
-        return;
-    if type(msg) == str or not 'f' in msg: 
-        emit('coll_response',{'data':'参数错误!'})
-        return;
-    sys.path.insert(0,coll_path)
-    from inc import coll_terminal
-    try:
-        if sys.version_info[0] == 2:
-            reload(coll_terminal)
-        else:
-            from imp import reload
-            reload(coll_terminal)
-    except:pass
-    t = coll_terminal.coll_terminal()
-    if not hasattr(t,msg['f']): 
-        emit('coll_response',{'data':'指定方法不存在!'})
-        return;
-    emit('coll_response',getattr(t,msg['f'])(msg))
-
 @app.route('/coll',methods=method_all)
 @app.route('/coll/',methods=method_all)
 @app.route('/<name>/<fun>',methods=method_all)
@@ -589,10 +564,12 @@ def panel_other(name=None,fun = None,stype=None):
     #前置准备
 
     if not name: name = 'coll'
+    if not public.path_safe_check("%s/%s/%s" % (name,fun,stype)): return abort(404)
 
     #是否响应面板默认静态文件
     if name == 'static':
         s_file = '/www/server/panel/BTPanel/static/' + fun + '/' + stype
+        if s_file.find('..') != -1 or s_file.find('./') != -1: return abort(404)
         if not os.path.exists(s_file): return abort(404)
         return send_file(s_file,conditional=True,add_etags=True)
 
@@ -606,6 +583,7 @@ def panel_other(name=None,fun = None,stype=None):
     if fun == 'static':
         if stype.find('./') != -1 or not os.path.exists(p_path + '/static'): return public.returnJson(False,'错误的请求!'),json_header
         s_file = p_path + '/static/' + stype
+        if s_file.find('..') != -1: return abort(404)
         if not os.path.exists(s_file): return public.returnJson(False,'指定文件不存在['+stype+']'),json_header
         return send_file(s_file,conditional=True,add_etags=True)
 
@@ -778,44 +756,6 @@ def check_token(data):
     if result['token'] != token: return False;
     return result;
 
-@app.route('/yield',methods=method_all)
-def panel_yield():
-    get = get_input()
-    import panelPlugin
-    plu = panelPlugin.panelPlugin()
-    get.s = '_check';
-    get.client_ip = public.GetClientIp()
-    checks = plu.a(get)
-    if type(checks) != bool or not checks: return
-    get.s = get.fun
-    filename = plu.a(get);
-    mimetype = 'application/octet-stream'
-    return send_file(filename,mimetype=mimetype, as_attachment=True,attachment_filename=os.path.basename(filename))
-
-@app.route('/downloadApi',methods=method_all)
-def panel_downloadApi():
-    get = get_input()
-    if not public.checkToken(get): get.filename = str(time.time());
-    filename = 'plugin/psync/backup/' + get.filename.encode('utf-8');
-    mimetype = 'application/octet-stream'
-    return send_file(filename,mimetype=mimetype, as_attachment=True,attachment_filename=os.path.basename(filename))
-
-
-@app.route('/pluginApi',methods=method_all)
-def panel_pluginApi():
-    get = get_input()
-    if not public.checkToken(get): return public.returnJson(False,'INIT_TOKEN_ERR');
-    infoFile = 'plugin/' + get.name + '/info.json';
-    if not os.path.exists(infoFile): return False;
-    import json
-    info = json.loads(public.readFile(infoFile));
-    if not info['api']:  return public.returnJson(False,'INIT_PLU_ACC_ERR');
-
-    import panelPlugin
-    pluginObject = panelPlugin.panelPlugin()
-
-    defs = ('install','unInstall','getPluginList','getPluginInfo','getPluginStatus','setPluginStatus','a','getCloudPlugin','getConfigHtml','savePluginSort')
-    return publicObject(pluginObject,defs);
 
 @app.route('/auth',methods=method_all)
 def auth(pdata = None):
@@ -875,6 +815,11 @@ def panel_cloud():
 except:
     public.ExecShell('pip install paramiko==2.0.2 &')
 
+@socketio.on('connect')
+def socket_connect(msg=None):
+    if not check_login(): 
+        raise emit('server_response',{'data':public.getMsg('INIT_WEBSSH_LOGOUT')})
+
 @socketio.on('webssh')
 def webssh(msg):
     if not check_login(msg['x_http_token']): 

BTPanel/static/js/config.js

@@ -468,7 +468,7 @@ function GetPanelApi() {
                         <div class="line">\
                             <span class="tname">接口密钥</span>\
                             <div class="info-r">\
-                                <input disabled="disabled" name="panel_token_value" class="bt-input-text mr5 disable" type="text" style="width: 310px" value="'+rdata.token+'" disable>\
+                                <input readonly="readonly" name="panel_token_value" class="bt-input-text mr5 disable" type="text" style="width: 310px" value="'+rdata.token+'" disable>\
                                 <button class="btn btn-xs btn-success btn-sm" style="margin-left: -50px;" onclick="SetPanelApi(1)">重置</button>\
                             </div>\
                         </div>\

class/config.py

@@ -421,6 +421,9 @@ def SetPanelSSL(self,get):
             os.system('rm -f ' + sslConf);
             return public.returnMsg(True,'PANEL_SSL_CLOSE');
         else:
+            os.system('pip install cffi');
+            os.system('pip install cryptography');
+            os.system('pip install pyOpenSSL');
             try:
                 if not self.CreateSSL(): return public.returnMsg(False,'PANEL_SSL_ERR');
                 public.writeFile(sslConf,'True')

class/database.py

@@ -391,7 +391,7 @@ def ToBackup(self,get):
 
         fileName = name + '_' + time.strftime('%Y%m%d_%H%M%S',time.localtime()) + '.sql.gz'
         backupName = session['config']['backup_path'] + '/database/' + fileName
-        public.ExecShell("/www/server/mysql/bin/mysqldump --force --opt \"" + name + "\" | gzip > " + backupName)
+        public.ExecShell("/www/server/mysql/bin/mysqldump --default-character-set="+ public.get_database_character(name) +" --force --opt \"" + name + "\" | gzip > " + backupName)
         if not os.path.exists(backupName): return public.returnMsg(False,'BACKUP_ERROR');
 
         self.mypass(False, root);

class/monitor.py

@@ -207,7 +207,7 @@ def get_request_count_qps(self, args):
         ntime = time.time()
         new_total_request = self._get_request_count(args)
 
-        qps = int(round(float(new_total_request - old_total_request) / (ntime - otime)))
+        qps = float(new_total_request - old_total_request) / (ntime - otime)
 
         cache.set('old_total_request', new_total_request, cache_timeout)
         cache.set('old_get_time', ntime, cache_timeout)

class/panelDnsapi.py

@@ -283,6 +283,8 @@ def create_dns_record(self, domain_name, domain_dns_value):
         if result == "False":
             raise ValueError('[DNS]当前绑定的宝塔DNS云解析账户里面不存在这个域名,添加解析失败!')
         print("[DNS]TXT记录创建成功")
+        print("[DNS]尝试验证TXT记录")
+        time.sleep(10)
 
     def delete_dns_record(self, domain_name, domain_dns_value):
         root, _, acme_txt = self.extract_zone(domain_name)