private void refreshTimeoutOnEvade(User user, Server server) {
ServerTimeout timeout =
SafeNav.of(serverStorage.get(server.getId()))
.next(TempServerConfig::getServerTimeouts)
.next(ServerTimeoutStorage::getTimeouts)
.next(timeouts -> timeouts.get(user.getId()))
.get();
if (timeout == null) {
LOGGER.warn(
"Attempted to refresh a timeout on a user who was not timed out! {} ({})",
user.getUsername(),
user.getId());
return;
}
LOGGER.info(
"User {} ({}) attempted to evade a timeout on {} ({})!",
user.getUsername(),
user.getId(),
server.getName(),
server.getId());
Channel channel = apiClient.getChannelById(server.getId(), server);
apiClient.sendMessage(
loc.localize(
"listener.mod.timeout.on_evasion",
user.getId(),
formatDuration(Duration.between(Instant.now(), timeout.getEndTime())),
formatInstant(timeout.getEndTime())),
channel);
applyTimeoutRole(user, server, channel);
}
public void onTimeoutExpire(User user, Server server) {
String serverId = server.getId();
TempServerConfig serverConfig = serverStorage.get(serverId);
if (serverConfig == null) {
serverConfig = new TempServerConfig(serverId);
serverStorage.put(serverId, serverConfig);
}
ServerTimeoutStorage storage = serverConfig.getServerTimeouts();
if (storage != null) {
ServerTimeout timeout = storage.getTimeouts().remove(user.getId());
if (timeout != null) {
saveServerConfig(serverConfig);
LOGGER.info(
"Expiring timeout for {} ({}) in {} ({})",
user.getUsername(),
user.getId(),
server.getName(),
server.getId());
if (apiClient.getUserById(user.getId(), server) != NO_USER) {
apiClient.sendMessage(
loc.localize("message.mod.timeout.expire", user.getId()), server.getId());
}
removeTimeoutRole(user, server, apiClient.getChannelById(server.getId()));
return;
}
}
LOGGER.warn(
"Unable to expire: find server or timeout entry for {} ({}) in {} ({})",
user.getUsername(),
user.getId(),
server.getName(),
server.getId());
}
private void stopTimeout(MessageContext context, String args) {
if (args.isEmpty()) {
apiClient.sendMessage(
loc.localize("commands.mod.stoptimeout.response.invalid"), context.getChannel());
return;
}
String uid = args;
if (uid.length() > 4) {
if (uid.startsWith("<@")) {
uid = uid.substring(2, uid.length() - 1);
}
Server server = context.getServer();
User user = apiClient.getUserById(uid, server);
if (user == NO_USER) {
user = new User("UNKNOWN", uid, "", null);
}
LOGGER.info(
"{} ({}) is attempting to cancel timeout for {} ({}) in {} ({})",
context.getAuthor().getUsername(),
context.getAuthor().getId(),
user.getUsername(),
user.getId(),
server.getName(),
server.getId());
cancelTimeout(user, server, context.getChannel());
} else {
apiClient.sendMessage(
loc.localize("commands.mod.stoptimeout.response.invalid"), context.getChannel());
}
}
public void markServerDown(String id) {
boolean triggered = false;
id = Server.normalizeId(id);
if (id == null) {
return;
}
Lock writeLock = upServerLock.writeLock();
try {
writeLock.lock();
final List<Server> changedServers = new ArrayList<Server>();
for (Server svr : upServerList) {
if (svr.isAlive() && (svr.getId().equals(id))) {
triggered = true;
svr.setAlive(false);
changedServers.add(svr);
}
}
if (triggered) {
logger.error("LoadBalancer: markServerDown called on [" + id + "]");
notifyServerStatusChangeListener(changedServers);
}
} finally {
try {
writeLock.unlock();
} catch (Exception e) { // NOPMD
}
}
}
public boolean applyTimeout(
User issuingUser, Channel noticeChannel, Server server, User user, Duration duration) {
String serverId = server.getId();
if (duration != null && !duration.isNegative() && !duration.isZero()) {
ServerTimeout timeout =
new ServerTimeout(
duration,
Instant.now(),
user.getId(),
serverId,
user.getUsername(),
issuingUser.getId());
TempServerConfig serverConfig = serverStorage.get(serverId);
if (serverConfig == null) {
serverConfig = new TempServerConfig(serverId);
serverStorage.put(serverId, serverConfig);
}
ServerTimeoutStorage storage = serverConfig.getServerTimeouts();
if (storage == null) {
storage = new ServerTimeoutStorage();
serverConfig.setServerTimeouts(storage);
}
if (applyTimeoutRole(user, server, noticeChannel)) {
storage.getTimeouts().put(user.getId(), timeout);
ScheduledFuture future =
timeoutService.schedule(
() -> onTimeoutExpire(user, server), duration.getSeconds(), TimeUnit.SECONDS);
timeout.setTimerFuture(future);
saveServerConfig(serverConfig);
String durationStr = formatDuration(duration);
String instantStr = formatInstant(timeout.getEndTime());
String msg =
loc.localize(
"commands.mod.timeout.response",
user.getUsername(),
user.getId(),
durationStr,
instantStr);
apiClient.sendMessage(msg, noticeChannel);
LOGGER.info(
"[{}] '{}': Timing out {} ({}) for {} (until {}), issued by {} ({})",
serverId,
server.getName(),
user.getUsername(),
user.getId(),
durationStr,
instantStr,
issuingUser.getUsername(),
issuingUser.getId());
}
// No else with error - applyTimeoutRole does that for us
return true;
} else {
LOGGER.warn("Invalid duration format");
}
return false;
}
/**
* Lancer par signal de NoPublicController quand le processus sshd est démarré dans les containers
* serveur et git
*/
public Application updateEnv(Application application, User user) throws ServiceException {
logger.info("--update Env of Server--");
String command = null;
Map<String, String> configShellModule = new HashMap<>();
Map<String, String> configShellServer = new HashMap<>();
Module moduleGit = moduleService.findGitModule(user.getLogin(), application);
Server server = application.getServers().get(0);
String rootPassword = application.getUser().getPassword();
configShellModule.put("port", moduleGit.getSshPort());
configShellModule.put("dockerManagerAddress", moduleGit.getApplication().getManagerIp());
configShellModule.put("password", rootPassword);
configShellModule.put("dockerManagerAddress", application.getManagerIp());
logger.info("new server ip : " + server.getContainerIP());
try {
int counter = 0;
while (!server.getStatus().equals(Status.START)
|| !moduleGit.getStatus().equals(Status.START)) {
if (counter == 100) {
break;
}
Thread.sleep(1000);
logger.info(" wait git and server sshd processus start");
logger.info(
"SSHDSTATUS = server : " + server.getStatus() + " - module : " + moduleGit.getStatus());
moduleGit = moduleService.findById(moduleGit.getId());
server = serverService.findById(server.getId());
counter++;
}
command = ". /cloudunit/scripts/update-env.sh " + server.getContainerIP();
logger.info("command shell to execute [" + command + "]");
shellUtils.executeShell(command, configShellModule);
configShellServer.put("port", server.getSshPort());
configShellServer.put("dockerManagerAddress", server.getApplication().getManagerIp());
configShellServer.put("password", rootPassword);
command = ". /cloudunit/scripts/rm-auth-keys.sh ";
logger.info("command shell to execute [" + command + "]");
shellUtils.executeShell(command, configShellServer);
String cleanCommand = server.getServerAction().cleanCommand();
if (cleanCommand != null) {
shellUtils.executeShell(server.getServerAction().cleanCommand(), configShellServer);
}
} catch (Exception e) {
moduleGit.setStatus(Status.FAIL);
moduleGit = moduleService.saveInDB(moduleGit);
server.setStatus(Status.FAIL);
server = serverService.saveInDB(server);
logger.error("Error : Error during update Env var of GIT " + e);
throw new ServiceException(e.getLocalizedMessage(), e);
}
return application;
}
public String choose(Object key) {
if (rule == null) {
return null;
} else {
try {
Server svr = rule.choose(key);
return ((svr == null) ? null : svr.getId());
} catch (Throwable t) {
return null;
}
}
}
public void testLoadServer() throws Exception {
Database database = _category.getDatabase();
database.begin();
Server server = (Server) database.load(Server.class, new Integer(3));
database.commit();
assertNotNull(server);
assertEquals("ctf.jdo.tc9x.Server", server.getClass().getName());
assertEquals(3, server.getId());
assertEquals("server 3", server.getName());
database.close();
}
public void cancelTimeout(User user, Server server, Channel invocationChannel) {
String serverId = server.getId();
TempServerConfig serverConfig = serverStorage.get(serverId);
if (serverConfig == null) {
serverConfig = new TempServerConfig(serverId);
serverStorage.put(serverId, serverConfig);
}
ServerTimeoutStorage storage = serverConfig.getServerTimeouts();
removeTimeoutRole(user, server, apiClient.getChannelById(serverId));
if (storage != null) {
ServerTimeout timeout = storage.getTimeouts().remove(user.getId());
saveServerConfig(serverConfig);
if (timeout != null) {
SafeNav.of(timeout.getTimerFuture()).ifPresent(f -> f.cancel(true));
LOGGER.info(
"Cancelling timeout for {} ({}) in {} ({})",
user.getUsername(),
user.getId(),
server.getName(),
serverId);
apiClient.sendMessage(
loc.localize("commands.mod.stoptimeout.response", user.getUsername(), user.getId()),
invocationChannel);
return;
}
}
LOGGER.warn(
"Unable to cancel: cannot find server or timeout entry for {} ({}) in {} ({})",
user.getUsername(),
user.getId(),
server.getName(),
server.getId());
apiClient.sendMessage(
loc.localize(
"commands.mod.stoptimeout.response.not_found", user.getUsername(), user.getId()),
invocationChannel);
}
/**
* Removes the timeout role from the given user. This does NOT create or manage any
* storage/persistence, it only sets the user's roles
*
* @param user The user to remove the timeout role
* @param server The server on which to remove the user from the timeout role
* @param invocationChannel The channel to send messages on error
*/
public boolean removeTimeoutRole(User user, Server server, Channel invocationChannel) {
String serverId = server.getId();
TempServerConfig serverConfig = serverStorage.get(serverId);
if (serverConfig == null) {
serverConfig = new TempServerConfig(serverId);
serverStorage.put(serverId, serverConfig);
}
ServerTimeoutStorage storage = serverConfig.getServerTimeouts();
String serverName = server.getName();
if (storage != null && storage.getTimeoutRoleId() != null) {
String timeoutRoleId = storage.getTimeoutRoleId();
Role timeoutRole = apiClient.getRole(timeoutRoleId, server);
if (timeoutRole != NO_ROLE) {
// Get roles
Set<Role> userRoles =
apiClient.getMemberRoles(apiClient.getUserMember(user, server), server);
// Delete the ban role
LinkedHashSet<String> newRoles = new LinkedHashSet<>(userRoles.size() - 1);
userRoles
.stream()
.map(Role::getId)
.filter(s -> !timeoutRoleId.equals(s))
.forEach(newRoles::add);
// Update
apiClient.updateRoles(user, server, newRoles);
return userRoles.size() == newRoles.size();
} else {
LOGGER.warn(
"Timeout role ID {} for server {} ({}) does not exist",
timeoutRoleId,
serverName,
serverId);
apiClient.sendMessage(
loc.localize("message.mod.timeout.bad_role", timeoutRoleId), invocationChannel);
}
} else {
storage = new ServerTimeoutStorage();
serverConfig.setServerTimeouts(storage);
serverStorage.put(serverId, serverConfig);
LOGGER.warn(
"Timeout role for server {} ({}) is not configured",
storage.getTimeoutRoleId(),
serverName,
serverId);
apiClient.sendMessage(loc.localize("message.mod.timeout.not_configured"), invocationChannel);
}
return false;
}
@Override
public void markServerDown(Server server) {
if (server == null) {
return;
}
if (!server.isAlive()) {
return;
}
logger.error("LoadBalancer: markServerDown called on [" + server.getId() + "]");
server.setAlive(false);
// forceQuickPing();
notifyServerStatusChangeListener(singleton(server));
}
public boolean banChecked(Channel channel, User author, User user, Server server) {
String userId = user.getId();
if (userId.equals(author.getId())) {
apiClient.sendMessage("You cannot ban yourself", channel);
return false;
}
if (userId.equals(apiClient.getClientUser().getId())) {
apiClient.sendMessage("You cannot ban the bot", channel);
return false;
}
if (bot.getCommands()
.checkPermission(
Permission.GEN_MANAGE_ROLES,
apiClient.getUserMember(userId, server),
server,
apiClient)) {
apiClient.sendMessage("You cannot ban an admin", channel);
return false;
}
return banImpl(userId, server.getId());
}
public void testQueryServers() throws Exception {
Database database = _category.getDatabase();
database.begin();
OQLQuery query =
database.getOQLQuery("select s from " + Server.class.getName() + " as s order by s.id");
QueryResults results = query.execute();
if (results.hasMore()) {
int counter = 3;
while (results.hasMore()) {
Server server = (Server) results.next();
assertNotNull(server);
assertEquals(counter, server.getId());
counter += 1;
}
} else {
fail("Query does not return any Server instances.");
}
database.commit();
database.close();
}
public void loadServerConfig(Path path) {
boolean purge = false;
TempServerConfig config;
ServerTimeoutStorage storage;
try (Reader reader = Files.newBufferedReader(path, UTF_8)) {
config = gson.fromJson(reader, TempServerConfig.class);
serverStorage.put(config.getServerId(), config);
storage = config.getServerTimeouts();
if (storage != null) {
Server server = apiClient.getServerByID(config.getServerId());
if (server == NO_SERVER) {
LOGGER.warn("Rejecting {} server storage file: server not found", config.getServerId());
return;
}
LOGGER.info(
"Loaded {} ({}) server storage file",
server.getName(),
server.getId(),
storage.getTimeoutRoleId());
// Prune expired entries
for (Iterator<Map.Entry<String, ServerTimeout>> iter =
storage.getTimeouts().entrySet().iterator();
iter.hasNext(); ) {
Map.Entry<String, ServerTimeout> e = iter.next();
ServerTimeout timeout = e.getValue();
String userId = timeout.getUserId();
User user = apiClient.getUserById(userId, server);
if (!isUserTimedOut(userId, server.getId())) {
// Purge!
purge = true;
if (user == NO_USER) {
LOGGER.info(
"Ending timeout for departed user {} ({}) in {} ({})",
timeout.getLastUsername(),
userId,
server.getName(),
server.getId());
//
// apiClient.sendMessage(loc.localize("message.mod.timeout.expire.not_found",
// user.getId()),
// server.getId());
// Don't need to remove the timeout role because leaving does that for us
} else {
// Duplicated from onTimeoutExpire except without remove since we're removing in an
// iter
LOGGER.info(
"Expiring timeout for {} ({}) in {} ({})",
user.getUsername(),
user.getId(),
server.getName(),
server.getId());
// Only send message if they still have the role
if (removeTimeoutRole(user, server, apiClient.getChannelById(server.getId()))) {
//
// apiClient.sendMessage(loc.localize("message.mod.timeout.expire",
// user.getId()),
// server.getId());
}
}
SafeNav.of(timeout.getTimerFuture()).ifPresent(f -> f.cancel(true));
iter.remove();
} else {
// Start our futures
Duration duration = Duration.between(Instant.now(), timeout.getEndTime());
ScheduledFuture future =
timeoutService.schedule(
() -> onTimeoutExpire(user, server), duration.getSeconds(), TimeUnit.SECONDS);
timeout.setTimerFuture(future);
}
}
}
} catch (IOException | JsonParseException e) {
LOGGER.warn("Unable to load server storage file " + path.toString(), e);
return;
}
if (purge) {
saveServerConfig(config);
}
}
public void runPinger() {
if (pingInProgress.get()) {
return;
} else {
pingInProgress.set(true);
}
Object[] allServers = null;
boolean[] results = null;
Lock allLock = null;
Lock upLock = null;
try {
allLock = allServerLock.readLock();
allLock.lock();
allServers = allServerList.toArray();
allLock.unlock();
int numCandidates = allServers.length;
results = new boolean[numCandidates];
if (logger.isDebugEnabled()) {
logger.debug(
"LoadBalancer: PingTask executing [" + numCandidates + "] servers configured");
}
for (int i = 0; i < numCandidates; i++) {
results[i] = false;
try {
if (ping != null) {
results[i] = ping.isAlive((Server) allServers[i]);
}
} catch (Throwable t) {
logger.error("Exception while pinging Server:" + allServers[i], t);
}
}
final List<Server> newUpList = new ArrayList<Server>();
final List<Server> changedServers = new ArrayList<Server>();
for (int i = 0; i < numCandidates; i++) {
boolean isAlive = results[i];
Server svr = (Server) allServers[i];
boolean oldIsAlive = svr.isAlive();
svr.setAlive(isAlive);
if (oldIsAlive != isAlive) {
changedServers.add(svr);
if (logger.isDebugEnabled()) {
logger.debug(
"LoadBalancer: Server ["
+ svr.getId()
+ "] status changed to "
+ (isAlive ? "ALIVE" : "DEAD"));
}
}
if (isAlive) {
newUpList.add(svr);
}
}
upLock = upServerLock.writeLock();
upLock.lock();
upServerList = newUpList;
upLock.unlock();
notifyServerStatusChangeListener(changedServers);
} catch (Throwable t) {
logger.error("Throwable caught while running the Pinger-" + name, t);
} finally {
pingInProgress.set(false);
}
}
private void timeout(MessageContext context, String args) {
Channel channel = context.getChannel();
if (!args.isEmpty()) {
String[] split = args.split(" ", 2);
String uid = split[0];
if (uid.length() > 4) {
if (uid.startsWith("<@!")) {
uid = uid.substring(3, uid.length() - 1);
} else if (uid.startsWith("<@")) {
uid = uid.substring(2, uid.length() - 1);
}
if (!uid.matches("[0-9]+")) {
apiClient.sendMessage(loc.localize("commands.mod.stoptimeout.response.not_id"), channel);
return;
}
Server server = context.getServer();
String serverId = server.getId();
User user = apiClient.getUserById(uid, server);
if (user == NO_USER) {
user = new User("UNKNOWN", uid, "", null);
}
final User theUser = user;
if (split.length == 2) {
if (bot.getConfig().isAdmin(user.getId())) {
apiClient.sendMessage(
"```API error: Server returned HTTP: 403 Forbidden. Check bot " + "permissions```",
channel);
return;
}
Duration duration = parseDuration(split[1]);
if (applyTimeout(context.getAuthor(), channel, server, user, duration)) {
return;
}
} else if (split.length == 1) {
if (isUserTimedOut(user, server)) {
ServerTimeout timeout =
SafeNav.of(serverStorage.get(serverId))
.next(TempServerConfig::getServerTimeouts)
.next(ServerTimeoutStorage::getTimeouts)
.next(m -> m.get(theUser.getId()))
.get();
// Timeout cannot be null since we just checked
User timeoutIssuer = apiClient.getUserById(timeout.getIssuedByUserId(), server);
apiClient.sendMessage(
loc.localize(
"commands.mod.timeout.response.check",
user.getUsername(),
user.getId(),
formatDuration(Duration.between(Instant.now(), timeout.getEndTime())),
formatInstant(timeout.getEndTime()),
timeoutIssuer.getUsername(),
timeout.getIssuedByUserId()),
channel);
} else {
apiClient.sendMessage(
loc.localize(
"commands.mod.timeout.response.check.not_found",
user.getUsername(),
user.getId()),
channel);
}
return;
} else {
LOGGER.warn("Split length not 1 or 2, was {}: '{}'", split.length, args);
}
} else {
LOGGER.warn("UID/mention not long enough: '{}'", args);
}
} else {
LOGGER.warn("Args was empty");
}
apiClient.sendMessage(loc.localize("commands.mod.timeout.response.invalid"), channel);
}
public int getServerId() {
if (server != null) {
return server.getId();
}
return 0;
}
public boolean isUserTimedOut(User user, Server server) {
return isUserTimedOut(user.getId(), server.getId());
}
/**
* Lancer par signal de NoPublicController quand le processus sshd est (re)démarré dans container
* serveur et git, pour mettre à jour la nouvelle IP du serveur
*/
@Override
public Application sshCopyIDToServer(Application application, User user) throws ServiceException {
String command = null;
Map<String, String> configShell = new HashMap<>();
Module moduleGit = moduleService.findGitModule(user.getLogin(), application);
if (logger.isDebugEnabled()) {
logger.debug("--ssh Copy ID To Server--");
logger.debug("ssh port : " + moduleGit.getSshPort());
logger.debug("manager ip : " + application.getManagerIp());
}
for (Server server : application.getServers()) {
configShell.put("password", server.getApplication().getUser().getPassword());
configShell.put("port", moduleGit.getSshPort());
configShell.put("dockerManagerAddress", application.getManagerIp());
configShell.put("userLogin", server.getApplication().getUser().getLogin());
try {
int counter = 0;
while (!server.getStatus().equals(Status.START)
|| !moduleGit.getStatus().equals(Status.START)) {
if (counter == 100) {
break;
}
Thread.sleep(1000);
logger.info(" wait git and server ssh processus start");
logger.info(
"STATUS = server : " + server.getStatus() + " - module : " + moduleGit.getStatus());
moduleGit = moduleService.findById(moduleGit.getId());
server = serverService.findById(server.getId());
counter++;
}
// To permit ssh access on server from git container
command =
"expect /cloudunit/scripts/ssh-copy-id-expect.sh "
+ moduleGit.getApplication().getUser().getPassword();
logger.info("command shell to execute [" + command + "]");
shellUtils.executeShell(command, configShell);
} catch (Exception e) {
moduleGit.setStatus(Status.FAIL);
moduleGit = moduleService.saveInDB(moduleGit);
server.setStatus(Status.FAIL);
server = serverService.saveInDB(server);
logger.error("Error : Error during permit git to access to server " + e);
throw new ServiceException(e.getLocalizedMessage(), e);
}
}
try {
moduleGit = moduleService.update(moduleGit);
application.getModules().add(moduleGit);
application.setGitContainerIP(moduleGit.getContainerIP());
} catch (ServiceException e) {
moduleGit.setStatus(Status.FAIL);
moduleService.saveInDB(moduleGit);
logger.error("Error : Error during persist git module " + e);
throw new ServiceException(e.getLocalizedMessage(), e);
}
logger.info(
"ApplicationService : Application " + application.getName() + " successfully created.");
return application;
}
public boolean doesTimeoutEntryExistForUser(User user, Server server) {
return doesTimeoutEntryExistForUser(user.getId(), server.getId());
}