Inactive [WEB/DEV/ADMIN] HTTPConsole 0.3.0 - Issue Console Commands Over HTTP [803]

Discussion in 'Inactive/Unsupported Plugins' started by BlueJeansAndRain, Apr 11, 2011.

  1. HTTPConsole - Issue Console Commands Over HTTP
    Version: 0.3.0

    I wrote this because I have a bash script which I use to backup the worlds and do mapping and various other manipulations directly on world data. So, I needed a way for the script to tell the server to save-all, then disable saving to copy the worlds, then re-enable saving. I know there are plugins out there that expose a limited API over HTTP, and there's even one that provides telnet access. But the APIs didn't provide the access I wanted and telnet access is too cumbersome.

    While I was at it I figured I would make it capable of issuing any console command. You never know what you might need :).

    WARNING: If you configure this plugin to listen on an ip address open to the internet, and don't restrict client IP addresses (using the white and black lists) to specific IP addresses you trust, someone will hack your server.

    This is my first plugin... actually this is the first thing I've ever written in Java, so be gentle with my source :p. Suggestions welcome.

    Features:
    • Issue any command over HTTP that you can issue on the console.
    • Change the listener IP address, port, and log-level through the config file.
    • Get back the output of the issued command.
      • This only works for some commands, specifically commands that are not "threaded".
    • Accepts GET and POST (url or json encoded) requests.
    • Client IP address whitelist/blacklist.
    • Host name filtering.
    Trouble Shooting: If it doesn't appear to be working, try the following solutions.
    • Change the "port: 8765" configuration option to a different number. Valid values are 1024 - 65565
    • Make sure your firewall is allowing access to the port.
    Download the plugin Jar

    Source Code
    Usage (open)

    Make requests to http://127.0.0.1:8765/console?command=<command> (assuming you're using the default port and the server is running on localhost). If you're running your server locally, just open up your browser and type http://127.0.0.1:8765/console?command=save-all and SAVE THE WORLD!
    Default config.yml (open)

    Code:
    # The IP address that HTTPConsole will listen on. "any" can be used to listen on
    #  any address.
    # The default is 127.0.0.1
    ip-address: 127.0.0.1
    
    # The TCP listening port that HTTPConsole will bind to.
    # The default is 8765.
    port: 8765
    
    # Controls how important a console message must be to be shown.
    # Possible values: severe, warning, info
    # The default is severe, meaning only severe log messages will be visible.
    log-level: severe
    
    # Controls whether messages beginning with "ConsoleCommandSender:" are filtered
    #  out of the console log.
    # The default value is true.
    filter-command-sender: true
    
    # This sets what ip addresses are not allowed to send requests to HTTPConsole.
    # To add more values, just add more "- ipaddress" lines to the list.
    # Add "- any" (no quotes) to the list to block all ip addresses from connecting
    #  to HTTPConsole.
    # Ranges of ip addresses can be set by using two ip addresses seperated by a
    #  hyphen (-), or by using an asterisk (*) in place of any number.
    # Hyphens and asterisks are special characters in yml files so they will have
    #  to be surrounded by quotes (see examples below).
    client-ip-blacklist:
    #   - 192.168.3.2
    #   - "192.168.4.*"
    #   - "192.168.5.1-192.168.6.254"
    #   - any
    
    # This sets what ip addresses are allowed to send requests to HTTPConsole.
    # All ip addresses and ranges that are valid for the blacklist are also valid
    #  for the whitelist.
    client-ip-whitelist:
    #   Example:
    #   - 192.168.1.100
    #   - "192.168.2.*"
    #   - "192.168.0.1-192.168.0.254"
    #   - any
    
    # This changes the order in which the whitelist and blacklist are checked.
    # Possible Values:
    #
    #  "Deny,Allow"
    #   The whitelist is only checked when an ip address matches the blacklist.
    #   If the ip address matches both lists, it will be allowed. If it matches
    #    neither list, it will be allowed.
    #   This behavior matches the Apache "Deny,Allow" Order directive.
    #   This is the default value.
    #
    #  "Allow,Deny"
    #   The blacklist is only checked when an ip address matches the whitelist.
    #   If the ip address matches both lists, it will be denied. If it matches
    #    neither list, it will be denied.
    #   This behavior matches the Apache "Allow,Deny" Order directive.
    #
    white-black-list-order: "Deny,Allow"
    
    # This is a list of the allowed hostnames (domains) that HTTPConsole will
    #  accept requests on. This means that if someone uses
    #  "http://my.domain.com:8765/console?command=stop" to issue the
    #  stop command to your server, and my.domain.com is not listed below, the
    #  connection will be refused.
    # The one exception to the above rule is that If no hostnames are listed than
    #  any hostname will be allowed.
    # This is similar to virtual hosting except that HTTPConsole only uses the
    #  hostname to allow or deny the request.
    # This feature combined with the cross site scripting restrictions in modern
    #  browsers is designed to make it more difficult for unauthorized people
    #  to target your server from client side (browser) scripts. This does not make
    #  it impossible however as they can always create a proxy if they really want
    #  to send requests from the browser.
    # If any hostnames are listed, requests to bare ip addresses will be denied
    #  unless the ip address is 127.0.0.1.
    # An asterisk (*) in the left most label will match any valid label or labels.
    # At the very least one label and a top level domain (com, org, net, etc.) must
    #  be given per hostname.
    allowed-hosts:
    #   - theanticookie.com
    #   - notch.tumblr.com
    #   - "*.minecraft.net"
    
    # Controls whether connection refused log messages are always sent, or only sent
    #  when log-level is set to info.
    # The default value is false. Connection refused messages will only be visible
    #  if the log-level is set to info.
    always-log-refused-connections: false
    
    Example Backup Bash Script (open)

    This is the backup script I use for my own server.
    Code:
    #!/bin/bash
    BACKUP_DAYS=28
    MINECRAFT_DIR=/home/me/minecraft
    BACKUP_DIR=$MINECRAFT_DIR/backup
    HTTPCONSOLE_URL="http://127.0.0.1:8765"
    
    BASENAME=`basename $0`
    LOCK_FILE=/tmp/$BASENAME.lock
    if [ ! -e "$LOCK_FILE" ]; then
            trap "rm -f \"$LOCK_FILE\"; exit" INT TERM EXIT
            touch $LOCK_FILE
    else
            echo "Backup already running."
            exit
    fi
    
    if [ "$1" == "" ]; then
            echo No worlds specified.
            exit
    fi
    
    TIMESTAMP=`date +%Y-%m-%d_%T`
    
    function console_command
    {
            curl --data-urlencode "command=$*" $HTTPCONSOLE_URL/console
    }
    
    function backup
    {
            WORLD=$1
            SOURCE=$MINECRAFT_DIR/$WORLD/
            TARGET_DIR=$BACKUP_DIR/$WORLD
            TARGET=$TARGET_DIR/$TIMESTAMP
    
            if [ ! -d "$SOURCE" ]; then
                    echo World directory \"$SOURCE\" does not exist.
                    return
            fi
    
            if [ -d "$TARGET_DIR" ]; then
                    if [ -e "$TARGET" ]; then
                            echo Backup path \"$TARGET\" already exists.
                            return
                    fi
    
                    NEWEST_FILE=`ls -t "$TARGET_DIR" 2>/dev/null | head -1`
                    if [ "$NEWEST_FILE" != "" ]; then
                            NEWEST_FILE=$TARGET_DIR/$NEWEST_FILE
                            echo Sourcing Most Recent Backup \"$NEWEST_FILE\"
                            cp -al "$NEWEST_FILE" "$TARGET"
                    else
                            echo No Prior Backups
                    fi
    
                    echo Deleting Backups Older Than $BACKUP_DAYS Days
                    find "$TARGET_DIR/"* -maxdepth 0 -mtime +$BACKUP_DAYS -delete
            elif [ -e "$TARGET_DIR" ]; then
                    echo The backup path \"$TARGET_DIR exists but is not a directory.
                    return
            else
                    mkdir -p "$TARGET_DIR"
            fi
    
            echo Syncing \"$SOURCE\" to \"$TARGET\"
            rsync -a --delete "$SOURCE" "$TARGET"
    }
    
    echo Saving All Minecraft Worlds
    console_command say Backing Up Worlds...
    console_command save-all
    console_command save-off
    echo
    
    for LEVEL in "$@"; do
            echo Backing Up \"$LEVEL\"
            backup $LEVEL
            echo
    done
    
    console_command save-on
    console_command say Backup Complete.
    
    Todo (open)

    • Wait for some log output before completing a request.
    • Return command output.
    • Have the response body be more meaningful than "Recieved Command <command>"
    • Respond to URL or JSON encoded POST requests.
    • Allow the listener address to be changed (not just 127.0.0.1 anymore).
    • Client ip whitelist.
    • Client ip blacklist.
    • Host name filtering.
    • Cookie based sessions. (finished, testing)
    • Get back buffered console output. (finished, testing)
    • Basic/Digest http authorization. (in progress)
    • Command whitelist/blacklist. Allow or disallow some commands.
    • Allow disabling of POST xor GET requests.
    • Write example web page for a console in your browser.
    • Possibly create a new service for restarting the server?
      • Not going to add this because it can be added by getting a plugin that does server restarts and then giving that plugin commands through HTTPConsole.
    • Expose a request handling API to bukkit allowing developers to easily add web service functionality to their plugins.
    • Profit?!
    Change Log (open)


    Version 0.3.0
    • Added blacklist.
    • Added host name filtering.
    • Changed default port to 8765.
    • Bug Fixes
    Version 0.2.1
    • Fixed input stream parsing.
    Version 0.2
    • Reworked logging and output.
    • Handle POST requests (url or json encoded data).
    • Return output from command (easier than I expected).
    • Abstracted a lot of the framework to pave the way for increased future functionality.
    • Listener ip address can be changes via the config.yml file.
    • A client ip address whitelist can be set via the config.yml file.
    Version 0.1
    • Initial Release
     
  2. Offline

    BronzeByte

    @BlueJeansAndRain Ever heard of a password or is that too hard for you to make?
     
  3. Offline

    Uncharmer

    when i run the plugin i get:
     
  4. Offline

    Doc

    Engelier I was unable to get the newer version working, I am using your "older" version 0.3.1
    There are some big changes coming in 1.1-R5, is it possible for you to fork this project and put it on dev.bukkit.org please?
    That would be AWESOME! And thanks for your (and the orig authors) work on this much needed plugin.

    -Doc
     
  5. Offline

    Sorroko

    I posted an update for VADemon on another thread, you can get it here http://dl.dropbox.com/u/53730212/HTTPConsole.zip it is the latest version. If you find any more bugs please let me know. :p
    NOTE: I have built against R5, it also works with R4

    EDIT: If its not working make sure you have the config.yml installed and setup (its in the download). It doesnt generate the config.yml
     
  6. ryan7745
    Oh thanks! Will test whether it works. Tried to fix it myself but I'm not good at all in Java. Will look whether it works with 1.0 :D
    Thanks again!
     
  7. Offline

    Doc

    Thanks for your hard work guys! It would be great, if the project was forked and a new dev.bukkit.org was setup.
    -Doc
     
  8. Offline

    Sorroko

    I am working on a default GUI for the console, when it is finished I may make a bukkit dev page for it, hopefully...
     
  9. Offline

    adri49400

    Do you know a similar plugin for 1.2 ?
     
  10. Offline

    Doc

    Just wanted to let you all know this is working just fine on CraftBukkit Beta Build 1.2.3-R0.1 (#2034)
     
  11. Offline

    Sorroko

    Doc adri49400 Created a Bukkit Dev page and git hub: http://dev.bukkit.org/server-mods/httpconsole/
    Updated:
    • Automatically creates config.yml
    • Error page added when no command is passed
    • You can use 127.0.0.1/?command=<command> instead of 127.0.0.1/console?command=<command>
    • /console will still work!!
     
  12. Offline

    adri49400

    Ho Yes ! a big thank. :)
     
  13. Offline

    Doc

    ryan7745 thanks for the new bukkit dev site.

    So my contribution to this project is how to interface to HTTPConsole via CLI (Command Line Interface) and PHP
    Feel free to copy to the dev site.

    Code:
    #!/bin/bash
    if [ "$1" == "" ]
    then
      echo -e "\n\nUsage:"
      echo -e "console <command>"
      echo -e "\n\n"
      exit 1
    fi
     
    HTTPCONSOLE_URL="http://127.0.0.1:8765"
     
    function console_command
    {
            curl -sS --data-urlencode "command=$*" $HTTPCONSOLE_URL/console
    }
     
    console_command $*
    
    Code:
    <?php
    function console($command)
    {
      $ch = curl_init();
     
      curl_setopt($ch, CURLOPT_URL, "http://127.0.0.1:8765/console?command=$command");
      curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
     
      $output=curl_exec($ch);
     
      curl_close($ch);
     
      return $output;
    }
     
    /*
     
      TO USE
     
    echo console('YOUR COMMAND HERE');
    echo console('list');
    echo console('broadcast The Webserver says HI!');
     
    or
     
    $output=console('list');
     
    */
     
    ?>
    
     
  14. Offline

    wasecileader

    I am getting this error:

    19:01:48 [SEVERE] Error occurred while enabling HTTPConsole v0.3.0 (Is it up to
    date?)
    java.lang.NoClassDefFoundError: org/bukkit/util/config/Configuration
    at org.theanticookie.bukkit.HTTPConsole.getConfig(HTTPConsole.java:114)
    at org.theanticookie.bukkit.HTTPConsole.onEnable(HTTPConsole.java:143)
    at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:215)
    at org.bukkit.plugin.java.JavaPluginLoader.enablePlugin(JavaPluginLoader
    .java:336)
    at org.bukkit.plugin.SimplePluginManager.enablePlugin(SimplePluginManage
    r.java:381)
    at org.bukkit.craftbukkit.CraftServer.loadPlugin(CraftServer.java:250)
    at org.bukkit.craftbukkit.CraftServer.enablePlugins(CraftServer.java:232
    )
    at org.bukkit.craftbukkit.CraftServer.reload(CraftServer.java:543)
    at org.bukkit.Bukkit.reload(Bukkit.java:182)
    at org.bukkit.command.defaults.ReloadCommand.execute(ReloadCommand.java:
    22)
    at org.bukkit.command.SimpleCommandMap.dispatch(SimpleCommandMap.java:16
    6)
    at org.bukkit.craftbukkit.CraftServer.dispatchCommand(CraftServer.java:4
    73)
    at org.bukkit.craftbukkit.CraftServer.dispatchServerCommand(CraftServer.
    java:469)
    at net.minecraft.server.MinecraftServer.b(MinecraftServer.java:596)
    at net.minecraft.server.MinecraftServer.w(MinecraftServer.java:565)
    at net.minecraft.server.MinecraftServer.run(MinecraftServer.java:449)
    at net.minecraft.server.ThreadServerApplication.run(SourceFile:492)
    Caused by: java.lang.ClassNotFoundException: org.bukkit.util.config.Configuratio
    n
    at java.net.URLClassLoader$1.run(Unknown Source)
    at java.net.URLClassLoader$1.run(Unknown Source)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(Unknown Source)
    at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.
    java:41)
    at org.bukkit.plugin.java.PluginClassLoader.findClass(PluginClassLoader.
    java:29)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    at java.lang.ClassLoader.loadClass(Unknown Source)
    ... 17 more

    I run CraftBukkit 1.2.5-R1.0
     
  15. Offline

    LegendaryMack

    What Does this Do exactly
     
  16. Offline

    Doc

    It lets you "Issue Console Commands Over HTTP", and VERY well I might all.
     
  17. Offline

    Gertyerteg

    can you make a new link?
     
  18. Offline

    smilesoft

    hello, i have problem. Im using CB 1.4.7 and i use HTTPconsole 2.3.1.
    My problem is verry simple,
    client-ip-whitelist
    doesn't work.
    i checked my IP on ipchecking.com
    i pasted it on client-ip-whitelist and nothing work. but when i change my IP to "any" it work perfect.

    This is the way i use php code
    Code:
    function mc_console($command)
    {
    $command=urlencode($command);
     
    $ch = curl_init();
     
    curl_setopt($ch, CURLOPT_URL, "http://91.121.155.149:1478/console?command=$command");
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
     
    $output=curl_exec($ch);
     
    curl_close($ch);
     
    return $output;
    }
     
    mc_console('say something');
    
    and this is my config:
    Code:
    # The IP address that HTTPConsole will listen on. "any" can be used to listen on
    #  any address.
    # The default is 127.0.0.1
    ip-address: '91.121.155.149'
     
    # The TCP listening port that HTTPConsole will bind to.
    # The default is 8765.
    port: 1478
     
    # Controls how important a console message must be to be shown.
    # Possible values: severe, warning, info
    # The default is severe, meaning only severe log messages will be visible.
    log-level: severe
     
    # Controls whether messages beginning with "ConsoleCommandSender:" are filtered
    #  out of the console log.
    # The default value is true.
    filter-command-sender: true
     
    # This sets what ip addresses are not allowed to send requests to HTTPConsole.
    # To add more values, just add more "- ipaddress" lines to the list.
    # Add "- any" (no quotes) to the list to block all ip addresses from connecting
    #  to HTTPConsole.
    # Ranges of ip addresses can be set by using two ip addresses seperated by a
    #  hyphen (-), or by using an asterisk (*) in place of any number.
    # Hyphens and asterisks are special characters in yml files so they will have
    #  to be surrounded by quotes (see examples below).
    client-ip-blacklist:
    #  - 192.168.3.2
    #  - "192.168.4.*"
    #  - "192.168.5.1-192.168.6.254"
    #  - any
     
    # This sets what ip addresses are allowed to send requests to HTTPConsole.
    # All ip addresses and ranges that are valid for the blacklist are also valid
    #  for the whitelist.
    client-ip-whitelist:
    - 188.116.19.24
    #  Example:
    #  - 192.168.1.100
    #  - "192.168.2.*"
    #  - "192.168.0.1-192.168.0.254"
    #  - any
     
    # This changes the order in which the whitelist and blacklist are checked.
    # Possible Values:
    #
    #  "Deny,Allow"
    #  The whitelist is only checked when an ip address matches the blacklist.
    #  If the ip address matches both lists, it will be allowed. If it matches
    #    neither list, it will be allowed.
    #  This behavior matches the Apache "Deny,Allow" Order directive.
    #  This is the default value.
    #
    #  "Allow,Deny"
    #  The blacklist is only checked when an ip address matches the whitelist.
    #  If the ip address matches both lists, it will be denied. If it matches
    #    neither list, it will be denied.
    #  This behavior matches the Apache "Allow,Deny" Order directive.
    #
    white-black-list-order: "Allow,Deny"
     
    # This is a list of the allowed hostnames (domains) that HTTPConsole will
    #  accept requests on. This means that if someone uses
    #  "http://my.domain.com:8765/console?command=stop" to issue the
    #  stop command to your server, and my.domain.com is not listed below, the
    #  connection will be refused.
    # The one exception to the above rule is that If no hostnames are listed than
    #  any hostname will be allowed.
    # This is similar to virtual hosting except that HTTPConsole only uses the
    #  hostname to allow or deny the request.
    # This feature combined with the cross site scripting restrictions in modern
    #  browsers is designed to make it more difficult for unauthorized people
    #  to target your server from client side (browser) scripts. This does not make
    #  it impossible however as they can always create a proxy if they really want
    #  to send requests from the browser.
    # If any hostnames are listed, requests to bare ip addresses will be denied
    #  unless the ip address is 127.0.0.1.
    # An asterisk (*) in the left most label will match any valid label or labels.
    # At the very least one label and a top level domain (com, org, net, etc.) must
    #  be given per hostname.
    allowed-hosts:
    #  - theanticookie.com
    #  - notch.tumblr.com
    #  - "*.minecraft.net"
     
    # Controls whether connection refused log messages are always sent, or only sent
    #  when log-level is set to info.
    # The default value is false. Connection refused messages will only be visible
    #  if the log-level is set to info.
    always-log-refused-connections: false
    
    By the way, i was trying those kinds of IP typing:
    Code:
     
    - '188.116.19.24'
    - "188.116.19.24"
    - 188.116.19.24
    - 'http://minecraft-hardcore.pl'
    - "http://minecraft-hardcore.pl"
    - http://minecraft-hardcore.pl
    - 'minecraft-hardcore.pl'
    - "minecraft-hardcore.pl"
    - minecraft-hardcore.pl
    
     

Share This Page