From 6c37beece03a7f804bf583d1936d916f34c2348c Mon Sep 17 00:00:00 2001 From: Eduardo Silva Date: Mon, 9 Feb 2026 13:09:30 -0300 Subject: [PATCH] improved cron tasks output and force authentication --- api/views.py | 32 ++++++++++++++++++++++++++++++++ containers/cron/Dockerfile-cron | 9 +++------ containers/cron/cron_runner.sh | 11 +++++++++++ containers/cron/entrypoint.sh | 32 ++++++++++++++------------------ docker-compose-no-nginx-dev.yml | 4 +++- docker-compose-no-nginx.yml | 4 +++- docker-compose.yml | 4 +++- entrypoint.sh | 6 +++++- wireguard_webadmin/urls.py | 10 +++++----- 9 files changed, 79 insertions(+), 33 deletions(-) create mode 100644 containers/cron/cron_runner.sh diff --git a/api/views.py b/api/views.py index 92f0ca8..06980c1 100644 --- a/api/views.py +++ b/api/views.py @@ -41,6 +41,8 @@ def get_api_key(api_name): api_file_path = '/etc/wireguard/routerfleet_key' elif api_name == 'rrdkey': api_file_path = '/app_secrets/rrdtool_key' + elif api_name == 'cron_key': + api_file_path = '/app_secrets/cron_key' else: return api_key @@ -398,6 +400,12 @@ def func_concatenate_cluster_wireguard_status_cache() -> None: def cron_refresh_wireguard_status_cache(request): + api_key = get_api_key('cron_key') + if api_key and api_key == request.GET.get('cron_key'): + pass + else: + return HttpResponseForbidden() + data = {'status': 'success'} WireguardStatusCache.objects.filter(created__lt=timezone.now() - timezone.timedelta(seconds=settings.WIREGUARD_STATUS_CACHE_MAX_AGE)).delete() @@ -414,6 +422,12 @@ def cron_refresh_wireguard_status_cache(request): def cron_calculate_peer_schedules(request): + api_key = get_api_key('cron_key') + if api_key and api_key == request.GET.get('cron_key'): + pass + else: + return HttpResponseForbidden() + data = { 'status': 'success', 'updated_records': 0, @@ -484,6 +498,12 @@ def cron_calculate_peer_schedules(request): def cron_peer_scheduler(request): + api_key = get_api_key('cron_key') + if api_key and api_key == request.GET.get('cron_key'): + pass + else: + return HttpResponseForbidden() + now = timezone.now() data = { 'status': 'success', @@ -671,6 +691,12 @@ def legacy_wireguard_status(request): @require_http_methods(["GET"]) def cron_update_peer_latest_handshake(request): + api_key = get_api_key('cron_key') + if api_key and api_key == request.GET.get('cron_key'): + pass + else: + return HttpResponseForbidden() + command = "wg show all latest-handshakes | expand | tr -s ' '" process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True) stdout, stderr = process.communicate() @@ -707,6 +733,12 @@ def cron_update_peer_latest_handshake(request): def cron_check_updates(request): + api_key = get_api_key('cron_key') + if api_key and api_key == request.GET.get('cron_key'): + pass + else: + return HttpResponseForbidden() + webadmin_settings, webadmin_settings_created = WebadminSettings.objects.get_or_create(name='webadmin_settings') if webadmin_settings.last_checked is None or timezone.now() > (webadmin_settings.last_checked + datetime.timedelta(hours=1)): try: diff --git a/containers/cron/Dockerfile-cron b/containers/cron/Dockerfile-cron index 1594fe0..5eb8ad1 100644 --- a/containers/cron/Dockerfile-cron +++ b/containers/cron/Dockerfile-cron @@ -1,15 +1,12 @@ FROM ubuntu:latest -# Instalar cron -RUN apt-get update && apt-get install -y cron curl +RUN apt-get update && apt-get install -y cron curl && rm -rf /var/lib/apt/lists/* -# Adicionar seus scripts de cron -# Adicionar apenas o entrypoint script, as tasks serão geradas lá COPY entrypoint.sh /entrypoint.sh +COPY cron_runner.sh /cron_runner.sh RUN chmod +x /entrypoint.sh +RUN chmod +x /cron_runner.sh -# Criar um arquivo de log para armazenar os resultados do cron RUN touch /var/log/cron.log -# Executar o entrypoint ENTRYPOINT ["/entrypoint.sh"] diff --git a/containers/cron/cron_runner.sh b/containers/cron/cron_runner.sh new file mode 100644 index 0000000..2ab4393 --- /dev/null +++ b/containers/cron/cron_runner.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -e + +[ -z "$1" ] && exit 1 + +ENDPOINT="$1" +CRON_KEY="$(cat /app_secrets/cron_key)" +URL="http://wireguard-webadmin:8000/api/cron/${ENDPOINT}/?cron_key=${CRON_KEY}" + +BODY="$(/usr/bin/curl -sS "$URL" 2>&1 || true)" +echo "[$(date -Is)] ${ENDPOINT} -> ${BODY}" diff --git a/containers/cron/entrypoint.sh b/containers/cron/entrypoint.sh index 3bd89d3..c169a59 100755 --- a/containers/cron/entrypoint.sh +++ b/containers/cron/entrypoint.sh @@ -16,32 +16,28 @@ echo "Starting cron with WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL=$WIREGUARD_STAT # Create cron tasks cat < /etc/cron.d/cron_tasks -*/15 * * * * root sleep 20 ; /usr/bin/curl -s http://wireguard-webadmin:8000/api/cron_check_updates/ >> /var/log/cron.log 2>&1 -*/10 * * * * root sleep 15 ; /usr/bin/curl -s http://wireguard-webadmin:8000/api/cron_update_peer_latest_handshake/ >> /var/log/cron.log 2>&1 -* * * * * root sleep 10 ; /usr/bin/curl -s http://wireguard-webadmin:8000/api/cron_peer_scheduler/ >> /var/log/cron.log 2>&1 -* * * * * root sleep 30 ; /usr/bin/curl -s http://wireguard-webadmin:8000/api/cron_calculate_peer_schedules/ >> /var/log/cron.log 2>&1 +*/15 * * * * root sleep 20 ; /cron_runner.sh check_updates >> /var/log/cron.log 2>&1 +*/10 * * * * root sleep 15 ; /cron_runner.sh update_peer_latest_handshake >> /var/log/cron.log 2>&1 +* * * * * root sleep 10 ; /cron_runner.sh peer_scheduler >> /var/log/cron.log 2>&1 +* * * * * root sleep 30 ; /cron_runner.sh calculate_peer_schedules >> /var/log/cron.log 2>&1 EOF -CMD="/usr/bin/curl -s http://wireguard-webadmin:8000/api/cron_refresh_wireguard_status_cache/ >> /var/log/cron.log 2>&1" +CMD="echo -n cron_refresh_wireguard_status_cache ; /cron_runner.sh refresh_wireguard_status_cache >> /var/log/cron.log 2>&1" if [ "$WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL" -eq 30 ]; then - echo "* * * * * root $CMD" >> /etc/cron.d/cron_tasks - echo "* * * * * root sleep 30; $CMD" >> /etc/cron.d/cron_tasks + echo "* * * * * root $CMD" >> /etc/cron.d/cron_tasks + echo "* * * * * root sleep 30 ; $CMD" >> /etc/cron.d/cron_tasks elif [ "$WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL" -eq 60 ]; then - echo "* * * * * root $CMD" >> /etc/cron.d/cron_tasks + echo "* * * * * root $CMD" >> /etc/cron.d/cron_tasks elif [ "$WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL" -eq 150 ]; then - echo "*/5 * * * * root $CMD" >> /etc/cron.d/cron_tasks - echo "*/5 * * * * root sleep 150; $CMD" >> /etc/cron.d/cron_tasks + echo "*/5 * * * * root $CMD" >> /etc/cron.d/cron_tasks + echo "*/5 * * * * root sleep 150 ; $CMD" >> /etc/cron.d/cron_tasks elif [ "$WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL" -eq 300 ]; then - echo "*/5 * * * * root $CMD" >> /etc/cron.d/cron_tasks + echo "*/5 * * * * root $CMD" >> /etc/cron.d/cron_tasks fi -# Permissions chmod 0644 /etc/cron.d/cron_tasks -# crontab /etc/cron.d/cron_tasks -# Touch log file -touch /var/log/cron.log - -# Execute cron -exec cron -f +echo > /var/log/cron.log +cron +tail -n 0 -F /var/log/cron.log diff --git a/docker-compose-no-nginx-dev.yml b/docker-compose-no-nginx-dev.yml index 6bb0573..9f15893 100644 --- a/docker-compose-no-nginx-dev.yml +++ b/docker-compose-no-nginx-dev.yml @@ -9,7 +9,7 @@ services: - SERVER_ADDRESS=${SERVER_ADDRESS} - DEBUG_MODE=${DEBUG_MODE} - DEV_MODE=True - - COMPOSE_VERSION=c1b + - COMPOSE_VERSION=c1c - TZ=${TIMEZONE} - EXTRA_ALLOWED_HOSTS=${EXTRA_ALLOWED_HOSTS} - WIREGUARD_STATUS_CACHE_ENABLED=${WIREGUARD_STATUS_CACHE_ENABLED} @@ -48,6 +48,8 @@ services: environment: - TZ=${TIMEZONE} - WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL=${WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL} + volumes: + - app_secrets:/app_secrets/ depends_on: - wireguard-webadmin diff --git a/docker-compose-no-nginx.yml b/docker-compose-no-nginx.yml index 1fd66d9..bdf3ce2 100644 --- a/docker-compose-no-nginx.yml +++ b/docker-compose-no-nginx.yml @@ -7,7 +7,7 @@ services: environment: - SERVER_ADDRESS=${SERVER_ADDRESS} - DEBUG_MODE=${DEBUG_MODE} - - COMPOSE_VERSION=c1b + - COMPOSE_VERSION=c1c - TZ=${TIMEZONE} - EXTRA_ALLOWED_HOSTS=${EXTRA_ALLOWED_HOSTS} - WIREGUARD_STATUS_CACHE_ENABLED=${WIREGUARD_STATUS_CACHE_ENABLED} @@ -42,6 +42,8 @@ services: environment: - TZ=${TIMEZONE} - WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL=${WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL} + volumes: + - app_secrets:/app_secrets/ depends_on: - wireguard-webadmin diff --git a/docker-compose.yml b/docker-compose.yml index 280d85a..1ed577a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -7,7 +7,7 @@ services: environment: - SERVER_ADDRESS=${SERVER_ADDRESS} - DEBUG_MODE=${DEBUG_MODE} - - COMPOSE_VERSION=c1b + - COMPOSE_VERSION=c1c - TZ=${TIMEZONE} - EXTRA_ALLOWED_HOSTS=${EXTRA_ALLOWED_HOSTS} - WIREGUARD_STATUS_CACHE_ENABLED=${WIREGUARD_STATUS_CACHE_ENABLED} @@ -42,6 +42,8 @@ services: environment: - TZ=${TIMEZONE} - WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL=${WIREGUARD_STATUS_CACHE_REFRESH_INTERVAL} + volumes: + - app_secrets:/app_secrets/ depends_on: - wireguard-webadmin diff --git a/entrypoint.sh b/entrypoint.sh index 8a3441a..993820e 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,7 +2,7 @@ set -e -if [[ "$COMPOSE_VERSION" != "c1b" ]]; then +if [[ "$COMPOSE_VERSION" != "c1c" ]]; then echo "ERROR: Please upgrade your docker compose file. Exiting." exit 1 fi @@ -21,6 +21,10 @@ if [ ! -f /app_secrets/rrdtool_key ]; then cat /proc/sys/kernel/random/uuid > /app_secrets/rrdtool_key fi +if [ ! -f /app_secrets/cron_key ]; then + cat /proc/sys/kernel/random/uuid > /app_secrets/cron_key +fi + SERVER_HOSTNAME=$(echo $SERVER_ADDRESS | cut -d ':' -f 1) EXTRA_ALLOWED_HOSTS_STRING="" CSRF_EXTRA_TRUSTED_ORIGINS="" diff --git a/wireguard_webadmin/urls.py b/wireguard_webadmin/urls.py index 7ef9d03..d30df92 100644 --- a/wireguard_webadmin/urls.py +++ b/wireguard_webadmin/urls.py @@ -87,11 +87,11 @@ urlpatterns = [ path('api/instance_info/', api_instance_info, name='api_instance_info'), path('api/peer_info/', peer_info, name='api_peer_info'), path('api/peer_invite/', api_peer_invite, name='api_peer_invite'), - path('api/cron_peer_scheduler/', cron_peer_scheduler, name='cron_peer_scheduler'), - path('api/cron_calculate_peer_schedules/', cron_calculate_peer_schedules, name='cron_calculate_peer_schedules'), - path('api/cron_refresh_wireguard_status_cache/', cron_refresh_wireguard_status_cache, name='cron_refresh_wireguard_status_cache'), - path('api/cron_check_updates/', cron_check_updates, name='cron_check_updates'), - path('api/cron_update_peer_latest_handshake/', cron_update_peer_latest_handshake, name='cron_update_peer_latest_handshake'), + path('api/cron/peer_scheduler/', cron_peer_scheduler, name='cron_peer_scheduler'), + path('api/cron/calculate_peer_schedules/', cron_calculate_peer_schedules, name='cron_calculate_peer_schedules'), + path('api/cron/refresh_wireguard_status_cache/', cron_refresh_wireguard_status_cache, name='cron_refresh_wireguard_status_cache'), + path('api/cron/check_updates/', cron_check_updates, name='cron_check_updates'), + path('api/cron/update_peer_latest_handshake/', cron_update_peer_latest_handshake, name='cron_update_peer_latest_handshake'), path('api/cluster/status/', api_cluster_status, name='api_cluster_status'), path('api/cluster/worker/get_config_files/', api_get_worker_config_files, name='api_get_worker_config_files'), path('api/cluster/worker/get_dnsmasq_config/', api_get_worker_dnsmasq_config, name='api_get_worker_dnsmasq_config'),