#!/usr/bin/python
#coding: utf-8
# -------------------------------------------------------------------
# 宝塔Linux面板
# -------------------------------------------------------------------
# Copyright (c) 2015-2099 宝塔软件(http://bt.cn) All rights reserved.
# -------------------------------------------------------------------
# Author: hwliang <hwl@bt.cn>
# -------------------------------------------------------------------

# -------------------------------------------------------------------
# 检测网站是否开启防跨站
# -------------------------------------------------------------------


import os,sys,re,public

_title = 'Website anti-cross-site detection'
_version = 1.0                              # 版本
_ps = "Check the website to prevent cross-site"              # 描述
_level = 1                                  # 风险级别: 1.提示(低)  2.警告(中)  3.危险(高)
_date = '2020-08-05'                        # 最后更新时间
_ignore = os.path.exists("data/warning/ignore/sw_site_spath.pl")
_tips = [
    "On the [WebSite] page, [Settings]-[Site Directory], turn on the [Anti-cross-site attack (open_basedir)] function"
    ]

_help = ''


def check_run():
    '''
        @name 开始检测
        @author hwliang<2020-08-05>
        @return tuple (status<bool>,msg<string>)
    '''
    not_uini = []
    site_list = public.M('sites').field('name,path').select()
    for s in site_list:
        path = get_site_run_path(s['name'],s['path'])
        user_ini = path + '/.user.ini'
        if os.path.exists(user_ini): continue
        not_uini.append(s['name'])
    if not_uini:
        return False,'The following websites are not enabled for cross-site prevention:<br />' + ('<br />'.join(not_uini))
    return True,'Rick-free'



webserver_type = None
setupPath = '/www/server'
def get_site_run_path(siteName,sitePath):
    '''
        @name 获取网站运行目录
        @author hwliang<2020-08-05>
        @param siteName(string) 网站名称
        @param sitePath(string) 网站根目录
        @return string
    '''
    global webserver_type,setupPath
    if not webserver_type:
        webserver_type = public.get_webserver()
    path = None
    if webserver_type == 'nginx':
        filename = setupPath + '/panel/vhost/nginx/' + siteName + '.conf'
        if os.path.exists(filename):
            conf = public.readFile(filename)
            rep = r'\s*root\s+(.+);'
            tmp1 = re.search(rep,conf)
            if tmp1: path = tmp1.groups()[0]

    elif webserver_type == 'apache':
        filename = setupPath + '/panel/vhost/apache/' + siteName + '.conf'
        if os.path.exists(filename):
            conf = public.readFile(filename)
            rep = r'\s*DocumentRoot\s*"(.+)"\s*\n'
            tmp1 = re.search(rep,conf)
            if tmp1: path = tmp1.groups()[0]
    else:
        filename = setupPath + '/panel/vhost/openlitespeed/' + siteName + '.conf'
        if os.path.exists(filename):
            conf = public.readFile(filename)
            rep = r"vhRoot\s*(.*)"
            path = re.search(rep,conf)
            if not path:
                path = None
            else:
                path = path.groups()[0]

    if not path:
        path = sitePath

    return path