| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300 | package agiimport (	"encoding/json"	"errors"	"io/ioutil"	"log"	"net/http"	"path/filepath"	"github.com/robertkrimen/otto"	"imuslab.com/arozos/mod/filesystem"	user "imuslab.com/arozos/mod/user")//Define path translation functionfunc virtualPathToRealPath(vpath string, u *user.User) (*filesystem.FileSystemHandler, string, error) {	fsh, err := u.GetFileSystemHandlerFromVirtualPath(vpath)	if err != nil {		return nil, "", err	}	rpath, err := fsh.FileSystemAbstraction.VirtualPathToRealPath(vpath, u.Username)	if err != nil {		return nil, "", err	}	return fsh, rpath, nil}func realpathToVirtualpath(fsh *filesystem.FileSystemHandler, path string, u *user.User) (string, error) {	return fsh.FileSystemAbstraction.RealPathToVirtualPath(path, u.Username)}//Inject user based functions into the virtual machinefunc (g *Gateway) injectUserFunctions(vm *otto.Otto, scriptFile string, scriptScope string, u *user.User, w http.ResponseWriter, r *http.Request) {	username := u.Username	vm.Set("USERNAME", username)	vm.Set("USERICON", u.GetUserIcon())	vm.Set("USERQUOTA_TOTAL", u.StorageQuota.TotalStorageQuota)	vm.Set("USERQUOTA_USED", u.StorageQuota.UsedStorageQuota)	vm.Set("USER_VROOTS", u.GetAllAccessibleFileSystemHandler())	vm.Set("USER_MODULES", u.GetUserAccessibleModules())	//File system and path related	vm.Set("decodeVirtualPath", func(call otto.FunctionCall) otto.Value {		log.Println("Call to deprecated function decodeVirtualPath")		return otto.FalseValue()	})	vm.Set("decodeAbsoluteVirtualPath", func(call otto.FunctionCall) otto.Value {		log.Println("Call to deprecated function decodeAbsoluteVirtualPath")		return otto.FalseValue()	})	vm.Set("encodeRealPath", func(call otto.FunctionCall) otto.Value {		log.Println("Call to deprecated function encodeRealPath")		return otto.FalseValue()	})	//Check if a given virtual path is readonly	vm.Set("pathCanWrite", func(call otto.FunctionCall) otto.Value {		vpath, _ := call.Argument(0).ToString()		if u.CanWrite(vpath) {			return otto.TrueValue()		} else {			return otto.FalseValue()		}	})	//Permission related	vm.Set("getUserPermissionGroup", func(call otto.FunctionCall) otto.Value {		groupinfo := u.GetUserPermissionGroup()		jsonString, _ := json.Marshal(groupinfo)		reply, _ := vm.ToValue(string(jsonString))		return reply	})	vm.Set("userIsAdmin", func(call otto.FunctionCall) otto.Value {		reply, _ := vm.ToValue(u.IsAdmin())		return reply	})	//User Account Related	/*		userExists(username);	*/	vm.Set("userExists", func(call otto.FunctionCall) otto.Value {		if u.IsAdmin() {			//Get username from function paramter			username, err := call.Argument(0).ToString()			if err != nil || username == "undefined" {				g.raiseError(errors.New("username is undefined"))				reply, _ := vm.ToValue(nil)				return reply			}			//Check if user exists			userExists := u.Parent().GetAuthAgent().UserExists(username)			if userExists {				return otto.TrueValue()			} else {				return otto.FalseValue()			}		} else {			g.raiseError(errors.New("Permission Denied: userExists require admin permission"))			return otto.FalseValue()		}	})	/*		createUser(username, password, defaultGroup);	*/	vm.Set("createUser", func(call otto.FunctionCall) otto.Value {		if u.IsAdmin() {			//Ok. Create user base on given information			username, err := call.Argument(0).ToString()			if err != nil || username == "undefined" {				g.raiseError(errors.New("username is undefined"))				reply, _ := vm.ToValue(false)				return reply			}			password, err := call.Argument(1).ToString()			if err != nil || password == "undefined" {				g.raiseError(errors.New("password is undefined"))				reply, _ := vm.ToValue(false)				return reply			}			defaultGroup, err := call.Argument(2).ToString()			if err != nil || defaultGroup == "undefined" {				g.raiseError(errors.New("defaultGroup is undefined"))				reply, _ := vm.ToValue(false)				return reply			}			//Check if username already used			userExists := u.Parent().GetAuthAgent().UserExists(username)			if userExists {				g.raiseError(errors.New("Username already exists"))				reply, _ := vm.ToValue(false)				return reply			}			//Check if the given permission group exists			groupExists := u.Parent().GetPermissionHandler().GroupExists(defaultGroup)			if !groupExists {				g.raiseError(errors.New(defaultGroup + " user-group not exists"))				reply, _ := vm.ToValue(false)				return reply			}			//Create the user			err = u.Parent().GetAuthAgent().CreateUserAccount(username, password, []string{defaultGroup})			if err != nil {				g.raiseError(errors.New("User creation failed: " + err.Error()))				reply, _ := vm.ToValue(false)				return reply			}			return otto.TrueValue()		} else {			g.raiseError(errors.New("Permission Denied: createUser require admin permission"))			return otto.FalseValue()		}	})	vm.Set("editUser", func(call otto.FunctionCall) otto.Value {		if u.IsAdmin() {		} else {			g.raiseError(errors.New("Permission Denied: editUser require admin permission"))			return otto.FalseValue()		}		//libname, err := call.Argument(0).ToString()		return otto.FalseValue()	})	/*		removeUser(username)	*/	vm.Set("removeUser", func(call otto.FunctionCall) otto.Value {		if u.IsAdmin() {			//Get username from function paramters			username, err := call.Argument(0).ToString()			if err != nil || username == "undefined" {				g.raiseError(errors.New("username is undefined"))				reply, _ := vm.ToValue(false)				return reply			}			//Check if the user exists			userExists := u.Parent().GetAuthAgent().UserExists(username)			if !userExists {				g.raiseError(errors.New(username + " not exists"))				reply, _ := vm.ToValue(false)				return reply			}			//User exists. Remove it from the system			err = u.Parent().GetAuthAgent().UnregisterUser(username)			if err != nil {				g.raiseError(errors.New("User removal failed: " + err.Error()))				reply, _ := vm.ToValue(false)				return reply			}			return otto.TrueValue()		} else {			g.raiseError(errors.New("Permission Denied: removeUser require admin permission"))			return otto.FalseValue()		}	})	vm.Set("getUserInfoByName", func(call otto.FunctionCall) otto.Value {		//libname, err := call.Argument(0).ToString()		if u.IsAdmin() {		} else {			g.raiseError(errors.New("Permission Denied: getUserInfoByName require admin permission"))			return otto.FalseValue()		}		return otto.TrueValue()	})	//Allow real time library includsion into the virtual machine	vm.Set("requirelib", func(call otto.FunctionCall) otto.Value {		libname, err := call.Argument(0).ToString()		if err != nil {			g.raiseError(err)			reply, _ := vm.ToValue(nil)			return reply		}		//Handle special case on high level libraries		if libname == "websocket" && w != nil && r != nil {			g.injectWebSocketFunctions(vm, u, w, r)			return otto.TrueValue()		} else {			//Check if the library name exists. If yes, run the initiation script on the vm			if entryPoint, ok := g.LoadedAGILibrary[libname]; ok {				entryPoint(vm, u)				return otto.TrueValue()			} else {				//Lib not exists				log.Println("Lib not found: " + libname)				return otto.FalseValue()			}		}		//Unknown status		return otto.FalseValue()	})	//Execd (Execute & detach) run another script and detach the execution	vm.Set("execd", func(call otto.FunctionCall) otto.Value {		//Check if the pkg is already registered		scriptName, err := call.Argument(0).ToString()		if err != nil {			g.raiseError(err)			return otto.FalseValue()		}		//Carry the payload to the forked process if there are any		payload, _ := call.Argument(1).ToString()		//Check if the script file exists		targetScriptPath := filepath.ToSlash(filepath.Join(filepath.Dir(scriptFile), scriptName))		if !fileExists(targetScriptPath) {			g.raiseError(errors.New("*AGI* Target path not exists!"))			return otto.FalseValue()		}		//Run the script		scriptContent, _ := ioutil.ReadFile(targetScriptPath)		go func() {			//Create a new VM to execute the script (also for isolation)			vm := otto.New()			//Inject standard libs into the vm			g.injectStandardLibs(vm, scriptFile, scriptScope)			g.injectUserFunctions(vm, scriptFile, scriptScope, u, w, r)			vm.Set("PARENT_DETACHED", true)			vm.Set("PARENT_PAYLOAD", payload)			_, err = vm.Run(string(scriptContent))			if err != nil {				//Script execution failed				log.Println("Script Execution Failed: ", err.Error())				g.raiseError(err)			}		}()		return otto.TrueValue()	})}
 |