def post(self,request,format=None):
de = decypt(saltkey=None)
dbapi = db_api()
instid = request.data['instid']
request_type = request.data['type']
# dbinfo = MySQLDatabase.objects.get(Q(dbname=dbname))
instinfo = MySQLInst.objects.get(Q(id=instid))
# 获取连接信息
connectinfo = {'conn_host':'','conn_port':'','conn_user':'','conn_passwd':'','conn_db':''}
connectinfo['conn_host'] = instinfo.inst_host
connectinfo['conn_port'] = instinfo.inst_port
connectinfo['conn_user'] = instinfo.manage_user
connectinfo['conn_passwd'] = de.decryptV(instinfo.manage_userpwd)
connectinfo['conn_db'] = 'information_schema'
# 查询关键字
col = []
results = []
if ( str(request_type) == 'full'):
col,results = dbapi.get_metadata(6,connectinfo)
elif ( str(request_type) == 'active'):
col,results = dbapi.get_metadata(7,connectinfo)
elif ( str(request_type) == 'innodb'):
col,results = dbapi.get_metadata(8,connectinfo)
elif ( str(request_type) == 'master'):
col,results = dbapi.get_metadata(9,connectinfo)
elif ( str(request_type) == 'slave'):
col,results = dbapi.get_metadata(10,connectinfo)
elif ( str(request_type) == 'kill'):
sessionid = request.data['sessionid']
killsql = "kill %s;" % (sessionid)
col,results = dbapi.mysql_query(connectinfo,killsql)
re = { 'col': '', 'results': ''}
re['col'] = col
re['results'] = results
return Response(re)
def post(self,request,format=None):
de = decypt(saltkey=None)
dbapi = db_api()
request_type = request.data['type']
instid = request.data['instid']
instinfo = MySQLInst.objects.get(Q(id=instid))
# 获取连接信息
connectinfo = {'conn_host':'','conn_port':'','conn_user':'','conn_passwd':'','conn_db':''}
connectinfo['conn_host'] = instinfo.inst_host
connectinfo['conn_port'] = instinfo.inst_port
connectinfo['conn_user'] = instinfo.read_user
connectinfo['conn_passwd'] = de.decryptV(instinfo.read_userpwd)
if (str(request_type) == 'database'):
instid = request.data['instid']
col,results = dbapi.get_metadata(0,connectinfo)
elif (str(request_type) == 'table'):
dbname = request.data['dbname']
col,results = dbapi.get_metadata(1,connectinfo,dbname)
elif (str(request_type) == 'tablemeta'):
dbname = request.data['dbname']
tablename = request.data['tablename']
col,results = dbapi.get_metadata(2,connectinfo,dbname,tablename)
re = { 'col': '', 'results': '',}
re['col'] = col
re['results'] = results
return Response(re)
def create(self, request, *args, **kwargs):
# de = decypt(os.environ.get("saltkey"))
de = decypt(saltkey=None)
password = request.data['password']
request.data['password'] = de.get_encrypted_key(password)
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
self.perform_create(serializer)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
def post(self, request, format=None):
de = decypt(saltkey=None)
try:
limitinfo = QueryLimit.objects.get(Q(query_type='mongodb'))
except:
limitinfo = None
if (limitinfo):
default_limit = str(limitinfo.query_limit)
else:
default_limit = '10'
dbapi = db_api()
exectype = request.data['exectype']
instid = request.data['instid']
instinfo = MongoDBInst.objects.get(Q(id=instid))
# instinfo = dbinfo.mongodbinst_id
# instinfo = MongodbInst.objects.get(Q(id=instid))
connectinfo = {
'conn_host': '',
'conn_port': '',
'conn_user': '',
'conn_passwd': '',
'conn_db': ''
}
connectinfo['conn_host'] = instinfo.inst_host
connectinfo['conn_port'] = instinfo.inst_port
connectinfo['conn_user'] = instinfo.read_user
connectinfo['conn_passwd'] = de.decryptV(instinfo.read_userpwd)
if (exectype == 'db'):
query_results = dbapi.mongodb_query(0, connectinfo)
elif (exectype == 'collection'):
collectionname = request.data['collectionname']
connectinfo['conn_db'] = collectionname
query_results = dbapi.mongodb_query(1, connectinfo)
elif (exectype == 'sql'):
# username = request.data['username']
collectionname = request.data['collectionname']
connectinfo['conn_db'] = collectionname
sql = request.data['sql']
if 'limit' in sql.lower():
lower_sql = sql.lower()
p1 = re.compile(r'[(](.*?)[)]', re.S)
for i in lower_sql.split('.'):
if 'limit' in i:
sql_limit = int(list(map(int, re.findall(p1, i)))[0])
if (sql_limit >= 500):
limit_sql = sql + '.limit(' + default_limit + ')'
else:
limit_sql = sql
else:
limit_sql = sql + '.limit(' + default_limit + ')'
query_results = dbapi.mongodb_query(2, connectinfo, limit_sql)
# query_results = dbapi.mongodb_query(1, connectinfo)
result = {'results': query_results}
return Response(result)
def post(self, request, format=None):
de = decypt(saltkey=None)
dbapi = db_api()
instid = request.data['instid']
request_type = request.data['type']
# dbinfo = MySQLDatabase.objects.get(Q(dbname=dbname))
instinfo = MySQLInst.objects.get(Q(id=instid))
# 获取连接信息
connectinfo = {
'conn_host': '',
'conn_port': '',
'conn_user': '',
'conn_passwd': '',
'conn_db': ''
}
connectinfo['conn_host'] = instinfo.inst_host
connectinfo['conn_port'] = instinfo.inst_port
connectinfo['conn_user'] = instinfo.manage_user
connectinfo['conn_passwd'] = de.decryptV(instinfo.manage_userpwd)
connectinfo['conn_db'] = 'mysql'
col, dblists = dbapi.get_metadata(0, connectinfo)
dblist = []
for i in dblists:
dblist.append(i['table_schema'])
# 查询关键字
if (str(request_type) == 'showusers'):
col, results = dbapi.get_metadata(5, connectinfo)
elif (str(request_type) == 'showuserpri'):
user = request.data['user']
sql = 'show grants for ' + user + ';'
col, result = dbapi.mysql_query(connectinfo, sql)
results = []
for i in result:
for value in i.values():
results.append(value)
elif (str(request_type) == 'adduser'):
grantuser = request.data['grantuser']
userpri = ','.join(grantuser['userpri'])
grantsql = "grant %s on %s.* to %s@'%s' identified by '%s';" % (
userpri, grantuser['userpridb'], grantuser['username'],
grantuser['userip'], grantuser['userpwd'])
col, results = dbapi.mysql_query(connectinfo, grantsql)
elif (str(request_type) == 'dropuser'):
user = request.data['user']
dropusersql = "drop user %s;" % (user)
col, results = dbapi.mysql_query(connectinfo, dropusersql)
re = {'col': '', 'results': '', 'dblist': ''}
re['col'] = col
re['results'] = results
re['dblist'] = dblist
return Response(re)
def update(self, request, *args, **kwargs):
de = decypt(saltkey=None)
partial = kwargs.pop('partial', False)
instance = self.get_object()
if ('password' in request.data):
password = request.data['password']
request.data['password'] = de.get_encrypted_key(password)
serializer = self.get_serializer(instance, data=request.data, partial=partial)
serializer.is_valid(raise_exception=True)
self.perform_update(serializer)
if getattr(instance, '_prefetched_objects_cache', None):
# If 'prefetch_related' has been applied to a queryset, we need to
# forcibly invalidate the prefetch cache on the instance.
instance._prefetched_objects_cache = {}
return Response(serializer.data)
def post(self, request, format=None):
result = {'col': '', 'results': ''}
de = decypt(saltkey=None)
# inception连接信息
inception_info = {
'conn_host': '',
'conn_port': '',
'conn_user': '',
'conn_passwd': ''
}
inception_info['conn_host'] = get_conf('inception', 'inc_host')
inception_info['conn_port'] = get_conf('inception', 'inc_port')
inception_info['conn_user'] = get_conf('inception', 'inc_user')
inception_info['conn_passwd'] = get_conf('inception', 'inc_password')
dbapi = db_api()
inception_type = request.data['type']
if (inception_type == 'check'):
inception_sql_data = request.data['sql_data']
inst_id = inception_sql_data['dbname'][0]
dbname = inception_sql_data['dbname'][1]
instinfo = MySQLInst.objects.get(Q(id=inst_id))
sql = inception_sql_data['sqltext']
check_sql = '/*--user=%s;--password=%s;--host=%s;--enable-check;--enable-remote-backup;--port=%d;*/inception_magic_start;use %s;%sinception_magic_commit;' % (
instinfo.manage_user, de.decryptV(instinfo.manage_userpwd),
instinfo.inst_host, instinfo.inst_port, dbname, sql)
col, results = dbapi.inception(inception_info, check_sql)
check_info = []
print('SQL审核结果', col, results)
if (results[0] == 'error'):
check_info.append({'errormessage': col})
else:
for info in results:
if (info['errlevel'] != 0):
check_status = 'error'
check_info.append(info)
result['col'] = col
result['results'] = check_info
print(result)
return Response(result)
def post(self, request, format=None):
de = decypt(saltkey=None)
dbapi = db_api()
exectype = request.data['exectype']
redisinst = request.data['selectredis']
selectdb = request.data['selectdb']
rediskey = request.data['rediskey']
instinfo = RedisInst.objects.get(Q(id=redisinst))
connectinfo = {
'conn_host': '',
'conn_port': '',
'conn_passwd': '',
'conn_db': ''
}
connectinfo['conn_host'] = instinfo.inst_host
connectinfo['conn_port'] = instinfo.inst_port
connectinfo['conn_passwd'] = de.decryptV(instinfo.password)
connectinfo['conn_db'] = selectdb
if (exectype == 'getkey'):
query_results = dbapi.redis_query(1, connectinfo, rediskey)
re = {'results': query_results}
return Response(re)
def inception_exec(self, sqlorderid):
de = decypt(saltkey=None)
# inception连接信息
inception_info = {
'conn_host': '',
'conn_port': '',
'conn_user': '',
'conn_passwd': ''
}
inception_info['conn_host'] = get_conf('inception', 'inc_host')
inception_info['conn_port'] = get_conf('inception', 'inc_port')
inception_info['conn_user'] = get_conf('inception', 'inc_user')
inception_info['conn_passwd'] = get_conf('inception', 'inc_password')
dbapi = db_api()
sqlorder = SqlOrder.objects.get(Q(id=sqlorderid))
sqlordererror = 0
for sqlinfo in sqlorder.sqlorder_sqltext.all():
# 执行sql信息
# 执行数据库
dbname = sqlinfo.dbname
instinfo = sqlinfo.instid
# sql
sql = sqlinfo.sqltext
exec_sql = '/*--user=%s;--password=%s;--host=%s;--enable-execute;--enable-remote-backup;--port=%d;*/inception_magic_start;use %s;%sinception_magic_commit;' % (
instinfo.manage_user, de.decryptV(instinfo.manage_userpwd),
instinfo.inst_host, instinfo.inst_port, dbname, sql)
col, results = dbapi.inception(inception_info, exec_sql)
sqlexecstatus = 1
for info in results:
if (info['errlevel'] != 0):
sqlordererror = sqlordererror + 1
sqlexecstatus = -1
SqlText.objects.filter(Q(id=sqlinfo.id)).update(
info=results, sqlstatus=sqlexecstatus)
return sqlordererror
def post(self, request, format=None):
de = decypt(saltkey=None)
userinfo = self.request.user
username = userinfo.username
try:
limitinfo = QueryLimit.objects.get(Q(query_type='mysql'))
except:
limitinfo = None
if (limitinfo):
default_limit = str(limitinfo.query_limit)
else:
default_limit = '100'
dbapi = db_api()
instid = request.data['instid']
dbname = request.data['dbname']
instinfo = MySQLInst.objects.get(Q(id=instid))
connectinfo = {
'conn_host': '',
'conn_port': '',
'conn_user': '',
'conn_passwd': '',
'conn_db': ''
}
connectinfo['conn_host'] = instinfo.inst_host
connectinfo['conn_port'] = instinfo.inst_port
connectinfo['conn_user'] = instinfo.read_user
connectinfo['conn_passwd'] = de.decryptV(instinfo.read_userpwd)
connectinfo['conn_db'] = dbname
# sql = 'select * from student;'
exectype = request.data['exectype']
sql = request.data['sql']
if 'limit' in sql.lower():
limit_sql = sql
else:
sql_end = sql[len(sql) - 1]
if sql_end == ';':
limit = ' limit ' + default_limit + ';'
limit_sql = sql.replace(';', limit)
else:
limit_sql = sql + ' limit ' + default_limit + ';'
if (exectype == 'exec'):
username = request.data['username']
execsqltables = dbapi.extract_table_name_from_sql(sql)
try:
white_table = DumpWhiteList.objects.get(
Q(white_user=username)).white_table
except:
white_table = None
if (white_table):
whitelist_tables = set(white_table.split(","))
difftables = execsqltables - whitelist_tables
if (len(difftables) > 0):
col, results = dbapi.mysql_query(connectinfo, limit_sql,
default_limit)
QuerySqlLog.objects.create(operator=username,
mysqlinst=instinfo,
dbname=dbname,
sql=limit_sql)
else:
col, results = dbapi.mysql_query(connectinfo, limit_sql)
QuerySqlLog.objects.create(operator=username,
mysqlinst=instinfo,
dbname=dbname,
sql=limit_sql)
else:
col, results = dbapi.mysql_query(connectinfo, limit_sql,
default_limit)
QuerySqlLog.objects.create(operator=username,
mysqlinst=instinfo,
dbname=dbname,
sql=limit_sql)
# whitelist_tables = set(dump_white_list.split(","))
# difftables = execsqltables - whitelist_tables
# if (len(difftables) > 0):
# col,results = dbapi.mysql_query(connectinfo,limit_sql,islimit)
# else:
# col,results = dbapi.mysql_query(connectinfo,limit_sql)
elif (exectype == 'explain'):
explain_sql = 'explain %s' % sql
col, results = dbapi.mysql_query(connectinfo, explain_sql)
result = {
'col': '',
'results': '',
}
if (len(results) > 0):
if (results[0] != 'error'):
for i in results:
for k, v in i.items():
if (isinstance(v, int)):
i[k] = str(v)
# real_results = []
# for i in results:
# new_item = {}
# for k,v in i.items():
# if ('.' in k):
# new_item[k.replace('.','_')] = v
# else:
# new_item[k] = v
# real_results.append(new_item)
result['col'] = col
result['results'] = results
return Response(result)
