v2.5.0: harden admin key and traffic flows

2026-05-19 13:26:02 +00:00 · 2026-04-25 12:28:33 +03:00
parent d74b05ccf8
commit 5225811b3c
6 changed files with 213 additions and 75 deletions
--- a/admin-web/server.py
+++ b/admin-web/server.py
@@ -167,7 +167,7 @@ def read_telemt_users() -> dict[str, str]:
        if not in_users or not line or line.startswith("#") or "=" not in line:
            continue
        name, value = line.split("=", 1)
-        name = name.strip()
+        name = parse_toml_key(name)
        value = value.strip().split("#", 1)[0].strip()
        if value.startswith('"') and '"' in value[1:]:
            value = value[1:].split('"', 1)[0]
@@ -221,7 +221,24 @@ def _ordered_user_lines(users: dict[str, str]) -> list[str]:
    if "main" in users:
        names.append("main")
    names.extend(sorted(n for n in users if n != "main"))
-    return [f'{name} = "{users[name]}"' for name in names]
+    return [f'{quote_toml_key(name)} = "{users[name]}"' for name in names]
+
+
+def parse_toml_key(raw: str) -> str:
+    key = raw.strip()
+    if len(key) >= 2 and key[0] == key[-1] == '"':
+        try:
+            return json.loads(key)
+        except json.JSONDecodeError:
+            return key[1:-1].replace('\\"', '"').replace("\\\\", "\\")
+    if len(key) >= 2 and key[0] == key[-1] == "'":
+        return key[1:-1]
+    return key
+
+
+def quote_toml_key(name: str) -> str:
+    escaped = name.replace("\\", "\\\\").replace('"', '\\"')
+    return f'"{escaped}"'


 def write_telemt_users(users: dict[str, str]) -> None:
@@ -267,16 +284,8 @@ def restart_service(name: str) -> bool:


 def request_service_restart(name: str) -> bool:
-    try:
-        subprocess.Popen(
-            ["systemctl", "restart", name],
-            stdout=subprocess.DEVNULL,
-            stderr=subprocess.DEVNULL,
-            start_new_session=True,
-        )
-        return True
-    except Exception:
-        return False
+    code, _, _ = run(["systemctl", "--no-block", "restart", name], timeout=5)
+    return code == 0


 def service_status(name: str) -> str:
@@ -539,8 +548,8 @@ def traffic_interval_summaries(rows: list[dict[str, int]]) -> list[dict[str, Any
            "points": len(window),
            "from": first.get("epoch", 0),
            "to": last.get("epoch", 0),
-            "proxy_delta": max(0, int(last.get("proxy_bytes", 0)) - int(first.get("proxy_bytes", 0))),
-            "site_delta": max(0, int(last.get("site_bytes", 0)) - int(first.get("site_bytes", 0))),
+            "proxy_delta": sum(max(0, int(item.get("proxy_delta", 0))) for item in window),
+            "site_delta": sum(max(0, int(item.get("site_delta", 0))) for item in window),
            "proxy_total": int(last.get("proxy_bytes", 0)),
            "site_total": int(last.get("site_bytes", 0)),
        })