Initial commit — SETEC LABS Manager (Setec_CDM)

Flask-based VPS management panel with SSH remote command execution. Includes E2E encrypted SSH tunnel (AES-256-GCM + Go agent), setup wizard, security hardening tools, DNS management, firewall configs, monitoring, backup, and .sec patch update system. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 12:39:02 -07:00
commit 9e839ee826
62 changed files with 14605 additions and 0 deletions
--- a/setec-web/config.py
+++ b/setec-web/config.py
@@ -0,0 +1,61 @@
+import os
+import json
+
+CONFIG_PATH = os.path.join(os.path.expanduser("~"), ".setec-mgr", "config.json")
+
+DEFAULTS = {
+    "vps_host": "",
+    "vps_user": "root",
+    "vps_port": 22,
+    "ssh_key_path": "",
+    "domain": "",
+    "hosting_provider": "",
+    "hostinger_api_key": "",
+    "web_root": "/var/www",
+    "compose_path": "/opt/seteclabs/docker-compose.yml",
+    "flask_port": 5000,
+    "flask_secret": "",
+    "setup_complete": False,
+    "tos_accepted": False,
+    "e2e_enabled": False,
+}
+
+# Sensitive fields that should be masked in API responses
+SENSITIVE_FIELDS = {"hostinger_api_key", "flask_secret", "tunnel_key"}
+
+
+def load():
+    try:
+        with open(CONFIG_PATH) as f:
+            cfg = json.load(f)
+            for k, v in DEFAULTS.items():
+                cfg.setdefault(k, v)
+            # Generate and persist flask_secret on first load if empty
+            if not cfg["flask_secret"]:
+                cfg["flask_secret"] = os.urandom(32).hex()
+                save(cfg)
+            return cfg
+    except (FileNotFoundError, json.JSONDecodeError):
+        defaults = dict(DEFAULTS)
+        defaults["flask_secret"] = os.urandom(32).hex()
+        save(defaults)
+        return defaults
+
+
+def save(cfg):
+    os.makedirs(os.path.dirname(CONFIG_PATH), exist_ok=True)
+    with open(CONFIG_PATH, "w") as f:
+        json.dump(cfg, f, indent=2)
+
+
+def safe_config():
+    """Return config with sensitive fields masked."""
+    cfg = load()
+    safe = dict(cfg)
+    for field in SENSITIVE_FIELDS:
+        val = safe.get(field, "")
+        if val and len(val) > 8:
+            safe[field] = val[:8] + "..."
+        elif val:
+            safe[field] = "***"
+    return safe