From d7eb8efa816689f7f8317afe2ddeee6a848fcc5b Mon Sep 17 00:00:00 2001
From: DomySh <me@domysh.com>
Date: Tue, 9 Aug 2022 10:28:30 +0000
Subject: [PATCH] new start.py + set password in start.py

---
 README.md      |  1 -
 backend/app.py | 12 ++++++----
 start.py       | 59 +++++++++++++++++++++++++++++++++++---------------
 3 files changed, 50 insertions(+), 22 deletions(-)

diff --git a/README.md b/README.md
index c2c05fd..c66ee5b 100644
--- a/README.md
+++ b/README.md
@@ -52,6 +52,5 @@ Initiially the project was based only on regex filters, and also now the main fu
 
 - Create hijacking port to proxy
 - Explanation about tools in the dedicated pages making them more user-friendly
-- Give the permission to set a startup password in start.py protecting firegex also at the first run
 - buffering the TCP and(/or) the UDP stream to avoid to bypass the proxy dividing the information in more packets
 - Adding new section with "general firewall rules" to manage "simple" TCP traffic rules graphically and through nftables
diff --git a/backend/app.py b/backend/app.py
index 0b56fa2..bb6efbb 100644
--- a/backend/app.py
+++ b/backend/app.py
@@ -23,6 +23,10 @@ utils.socketio = SocketManager(app, "/sock", socketio_path="")
 def APP_STATUS(): return "init" if db.get("password") is None else "run"
 def JWT_SECRET(): return db.get("secret")
 
+def set_psw(psw: str):
+    hash_psw = crypto.hash(psw)
+    db.put("password",hash_psw)
+
 @utils.socketio.on("update")
 async def updater(): pass
 
@@ -78,8 +82,7 @@ async def set_password(form: PasswordForm):
     if APP_STATUS() != "init": raise HTTPException(status_code=400)
     if form.password == "":
         return {"status":"Cannot insert an empty password!"}
-    hash_psw = crypto.hash(form.password)
-    db.put("password",hash_psw)
+    set_psw(form.password)
     await refresh_frontend()
     return {"status":"ok", "access_token": create_access_token({"logged_in": True})}
 
@@ -93,8 +96,7 @@ async def change_password(form: PasswordChangeForm):
     if form.expire:
         db.put("secret", secrets.token_hex(32))
     
-    hash_psw = crypto.hash(form.password)
-    db.put("password",hash_psw)
+    set_psw(form.password)
     await refresh_frontend()
     return {"status":"ok", "access_token": create_access_token({"logged_in": True})}
 
@@ -110,6 +112,8 @@ reset, startup, shutdown = load_routers(api)
 @app.on_event("startup")
 async def startup_event():
     db.init()
+    if os.getenv("HEX_SET_PSW"):
+        set_psw(bytes.fromhex(os.getenv("HEX_SET_PSW")).decode())
     await startup()
     if not JWT_SECRET(): db.put("secret", secrets.token_hex(32))
     await refresh_frontend()
diff --git a/start.py b/start.py
index 70bd061..ce15ad2 100755
--- a/start.py
+++ b/start.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 
-import argparse, sys, platform, os
+import argparse, sys, platform, os, multiprocessing
 
 pref = "\033["
 reset = f"{pref}0m"
@@ -19,24 +19,41 @@ def puts(text, *args, color=colors.white, is_bold=False, **kwargs):
     print(f'{pref}{1 if is_bold else 0};{color}' + text + reset, *args, **kwargs)
 
 def sep(): puts("-----------------------------------", is_bold=True)
+
 parser = argparse.ArgumentParser()
 parser.add_argument('--port', "-p", type=int, required=False, help='Port where open the web service of the firewall', default=4444)
-parser.add_argument('--threads', "-t", type=int, required=False, help='Number of threads started for each service/utility', default=1)
-parser.add_argument('--no-autostart', "-n", required=False, action="store_true", help='Auto-execute "docker-compose up -d --build"', default=False)
+parser.add_argument('--threads', "-t", type=int, required=False, help='Number of threads started for each service/utility', default=-1)
+parser.add_argument('--no-autostart', "-n", required=False, action="store_true", help='Save docker-compose file and not start the container', default=False)
+parser.add_argument('--keep','-k', required=False, action="store_true", help='Keep the docker-compose file generated', default=False)
 parser.add_argument('--build', "-b", required=False, action="store_true", help='Build the container locally', default=False)
+parser.add_argument('--stop', '-s', required=False, action="store_true", help='Stop firegex execution', default=False)
+parser.add_argument('--psw-no-interactive',type=str, required=False, help='Password for no-interactive mode', default=None)
+parser.add_argument('--startup-psw', required=False, action="store_true", help='Insert password in the startup screen of firegex', default=False)
 
 args = parser.parse_args()
-sep()
-puts(f"Firegex", color=colors.yellow, end="")
-puts(" will start on port ", end="")
-puts(f"{args.port}", color=colors.cyan)
-
-if args.threads < 1: 
-    puts("Insert a valid number of threads", color=colors.red)
-    exit()
-
 os.chdir(os.path.dirname(os.path.realpath(__file__)))
 
+if args.build and not os.path.isfile("./Dockerfile"):
+    puts("This is not a clone of firegex, to build firegex the clone of the repository is needed!", color=colors.red)
+    exit()
+
+if args.threads < 1: 
+    args.threads = multiprocessing.cpu_count()
+
+if not args.stop:
+    sep()
+    puts(f"Firegex", color=colors.yellow, end="")
+    puts(" will start on port ", end="")
+    puts(f"{args.port}", color=colors.cyan)
+
+psw_set = None
+if not args.stop:
+    if args.psw_no_interactive:
+        psw_set = args.psw_no_interactive
+    elif not args.startup_psw:
+        puts("Insert the password for firegex: ", end="" , color=colors.yellow, is_bold=True)
+        psw_set = input()
+    
 with open("docker-compose.yml","wt") as compose:
 
     if "linux" in sys.platform and not 'microsoft-standard' in platform.uname().release: #Check if not is a wsl also
@@ -51,6 +68,7 @@ services:
         environment:
             - PORT={args.port}
             - NTHREADS={args.threads}
+            {"- HEX_SET_PSW="+psw_set.encode().hex() if psw_set else ""}
         volumes:
             - /execute/db
         cap_add:
@@ -73,17 +91,24 @@ services:
         environment:
             - PORT={args.port}
             - NTHREADS={args.threads}
+            {"- HEX_SET_PSW="+psw_set.encode().hex() if psw_set else ""}
         volumes:
             - /execute/db
         cap_add:
             - NET_ADMIN
 """)
-
 sep()
 if not args.no_autostart:
-    puts("Running 'docker-compose up -d --build'\n", color=colors.green)
-    os.system("docker-compose up -d --build")
+    try:
+        if args.stop:
+            puts("Running 'docker-compose down'\n", color=colors.green)
+            os.system("docker-compose -p firegex down")
+        else:
+            puts("Running 'docker-compose up -d --build'\n", color=colors.green)
+            os.system("docker-compose -p firegex up -d --build")
+    finally:
+        if not args.keep:
+            os.remove("docker-compose.yml")
 else:
-    puts("Done! You can start firegex with docker-compose up -d --build", color=colors.yellow)
+    puts("Done! You can start/stop firegex with docker-compose up -d --build", color=colors.yellow)
     sep()
-