def create_group(request, data):
user_id, group, role = authutils.verify_request(request)
if role != ROLE.ADMIN:
LOG.error('role is not admin')
raise DMException(error.ADMIN_REQUIRE)
data = data.get('group', None)
if not data:
LOG.error('params is wrong')
raise DMException(error.PARAMS_ERROR)
if not verify_data(data,['name','role'],['metadata']):
LOG.error('params is wrong')
raise DMException(error.PARAMS_ERROR)
if Groups.objects.filter(name=data.get('name')).first():
LOG.error('group is exist')
raise DMException(error.GROUP_EXISTED)
role = Roles.objects.filter(name=data.get('role')).first()
if not role:
LOG.error('role is not exist')
raise DMException(error.ROLE_NOTEXISTED)
kwagrs = {}
kwagrs['name'] = data['name']
kwagrs['role'] = role
if 'metadata' in data:
kwagrs['metadata'] = json.dumps(data['metadata'])
group = Groups(**kwagrs)
group.save()
return {'group':{'id':group.id,'name':group.name,'role':group.role.name}}
def delete_server(request, id):
user_id, group, role = authutils.verify_request(request)
server = Servers.objects.filter(id=id).first()
if not server:
raise DMException(error.SERVER_NOTEXIST)
if role != ROLE.ADMIN and server.owner.id != user_id:
LOG.error('permission denied')
raise DMException(error.PERMISSION_DENIED)
server.delete()
def get_user(request,id):
user_id, group, role = authutils.verify_request(request)
if role != ROLE.ADMIN and id != user_id:
LOG.error('permission denied')
raise DMException(error.PERMISSION_DENIED)
user = Users.objects.filter(id=id).first()
if not user:
LOG.error('user not exist')
raise DMException(error.USER_NOTEXISTED)
return {'user':{'id':user.id,'name':user.name,'group':user.group.name,'role':user.group.role.name,
'email':user.email,'create_at':user.create_at,'last_login':user.last_login,'metadata':json.loads(user.metadata)}}
def delete_user(request,id):
user_id, group, role = authutils.verify_request(request)
if role != ROLE.ADMIN and id != user_id:
LOG.error('permission denied')
raise DMException(error.PERMISSION_DENIED)
if role == ROLE.ADMIN and id == user_id:
LOG.error('admin cannot be deleted')
raise DMException(error.ADMIN_CANNOTDELETE)
user = Users.objects.filter(id=id).first()
if not user:
raise DMException(error.USER_NOTEXISTED)
user.delete()
def verify_token(X_Auth_Token):
if not Tokens.objects.filter(token=X_Auth_Token).first():
LOG.error('token is invalid')
raise DMException(error.TOKEN_INVALID)
token = crypt.decodeToken(X_Auth_Token)
expires_at = token['token']['expires_at']
if timeutils.Normaltime(expires_at) < datetime.datetime.now():
db_token = Tokens.objects.filter(token=X_Auth_Token).first()
db_token.delete()
LOG.error('token is expires')
raise DMException(error.TOKEN_EXPIRES)
return token['token']['user']['id'], token['token']['user']['group'], token['token']['user']['role']
def get_users(request):
user_id, group, role = authutils.verify_request(request)
if role != ROLE.ADMIN:
LOG.error('role is not admin')
raise DMException(error.ADMIN_REQUIRE)
users = Users.objects.all()
users_list = {'users':[{'id':user.id,'name':user.name,'group':user.group.name,'role':user.group.role.name} for user in users]}
return users_list
def auth(data):
data = data.get('auth', None)
if not data:
LOG.error('params is wrong')
raise DMException(error.PARAMS_ERROR)
if not verify_data(data, ['name','password']):
LOG.error('params is wrong')
raise DMException(error.PARAMS_ERROR)
name = data['name']
password = data['password']
user = Users.objects.filter(name=name).first()
if not user:
LOG.error('user not exist')
raise DMException(error.USER_NOTEXISTED)
if password != crypt.decrypt(user.salt, user.password):
LOG.error('password is wrong')
raise DMException(error.PASSWORD_WRONG)
return create_token(user)
def decodeToken(jwt_str):
# fp = file('DockerManager/server.key', 'rb')
# pri_key_str = fp.read().replace('\n', '')
# fp.close()
try:
token = jwt.decode(jwt_str, 'jj', algorithms=['HS256'])
return token
except Exception as e:
LOG.error('token invaild')
raise DMException(error.TOKEN_INVALID)
def create_server(request, data):
user_id, group, role = authutils.verify_request(request)
data = data.get('server', None)
if not data:
LOG.error('params is wrong')
raise DMException(error.PARAMS_ERROR)
if not verify_data(data, ['ip', 'username', 'password'],
['description', 'metadata']):
LOG.error('params is wrong')
raise DMException(error.PARAMS_ERROR)
server = Servers.objects.filter(ip=data.get('ip')).first()
if server:
LOG.error('server exist')
raise DMException(error.SERVER_EXIST)
user = Users.objects.filter(id=user_id).first()
kwargs = {}
kwargs['id'] = idutils.generate_id()
kwargs['ip'] = data['ip']
kwargs['username'] = data['username']
salt, password = crypt.encrypt(data['password'])
kwargs['password'] = password
kwargs['salt'] = salt
kwargs['status'] = SERVER_STATUS.CREATING
kwargs['owner'] = user
if 'description' in data:
kwargs['description'] = data['description']
if 'metadata' in data:
kwargs['metadata'] = json.dumps(data['metadata'])
server = Servers(**kwargs)
server.save()
return {
'server': {
'id': server.id,
'ip': server.ip,
'status': server.status,
'username': server.username,
'owner': server.owner.id
}
}
def update_user(request,id,data):
user_id, group, role = authutils.verify_request(request)
if role != ROLE.ADMIN and id != user_id:
LOG.error('permission denied')
raise DMException(error.PERMISSION_DENIED)
user = Users.objects.filter(id=id).first()
if not user:
LOG.error('user not exist')
raise DMException(error.USER_NOTEXISTED)
data = data.get('user', None)
if not data:
LOG.error('params is wrong')
raise DMException(error.PARAMS_ERROR)
if role == ROLE.ADMIN and not verify_data(data,[], ['email','metadata','password','group']):
LOG.error('params is wrong')
raise DMException(error.PARAMS_ERROR)
if role != ROLE.ADMIN and not verify_data(data,[], ['email','metadata','password']):
LOG.error('params is wrong')
raise DMException(error.PARAMS_ERROR)
kwargs = {}
if 'group' in data:
group = Groups.objects.filter(name=data['group']).first()
if not group:
LOG.error('group not exist')
raise DMException(error.GROUP_NOTEXISTED)
else:
kwargs['group'] = group
if 'email' in data and not verify_email(data['email']):
LOG.error('params is wrong')
raise DMException(error.PARAMS_ERROR)
if 'email' in data and verify_email(data['email']):
kwargs['email'] = data['email']
if role == ROLE.ADMIN and id == user_id and 'password' in data:
salt, password = crypt.encrypt(data['password'])
kwargs['salt'] = salt
kwargs['password'] = password
if role == ROLE.ADMIN and id != user_id and 'password' in data:
salt, password = crypt.encrypt(DEFAULT.PREPASSWORD+'_'+user.name)
kwargs['salt'] = salt
kwargs['password'] = password
if role != ROLE.ADMIN and id == user_id and 'password' in data:
salt, password = crypt.encrypt(data['password'])
kwargs['salt'] = salt
kwargs['password'] = password
if 'metadata' in data:
metadata = json.loads(user.metadata)
for k,v in data['metadata'].items():
metadata[k] = v
kwargs['metadata'] = json.dumps(metadata)
Users.objects.filter(id=id).update(**kwargs)
def get_server(request, id):
user_id, group, role = authutils.verify_request(request)
user = Users.objects.filter(id=user_id).first()
server = Servers.objects.filter(id=id, owner=user).first()
if not server:
raise DMException(error.SERVER_NOTEXIST)
return {
'server': {
'id': server.id,
'ip': server.ip,
'version': server.version,
'container_number': server.container_number,
'hostname': server.hostname,
'status': server.status,
'owner': server.owner.id,
'cpu_number': server.cpu_number,
'memory_size': server.memory_size,
'description': server.description,
'metadata': json.loads(server.metadata)
}
}
def create_user(request, data):
user_id, group, role = authutils.verify_request(request)
if role != ROLE.ADMIN:
LOG.error('role is not admin')
raise DMException(error.ADMIN_REQUIRE)
data = data.get('user', None)
if not data:
LOG.error('params is wrong')
raise DMException(error.PARAMS_ERROR)
if not verify_data(data,['name','password','group'], ['email','metadata']):
LOG.error('params is wrong')
raise DMException(error.PARAMS_ERROR)
if Users.objects.filter(name=data.get('name')).first():
LOG.error('user already exist')
raise DMException(error.USER_EXISTED)
group = Groups.objects.filter(name=data.get('group')).first()
if not group:
LOG.error('group not exist')
raise DMException(error.GROUP_NOTEXISTED)
if group.role.name == ROLE.ADMIN:
LOG.error('admin cannot be created')
raise DMException(error.ADMIN_CANNOTCREATE)
kwargs = {}
kwargs['id'] = idutils.generate_id()
kwargs['name'] = data['name']
salt, password = crypt.encrypt(data['password'])
kwargs['salt'] = salt
kwargs['password'] = password
if 'email' in data:
if not verify_email(data['email']):
LOG.error('email is wrong')
raise DMException(error.PARAMS_ERROR)
kwargs['email'] = data['email']
kwargs['group'] = group
if 'metadata' in data:
kwargs['metadata'] = json.dumps(data['metadata'])
user = Users(**kwargs)
user.save()
return {'user':{'id':user.id,'name':user.name,'group':user.group.name,'role':user.group.role.name}}
def verify_request(request):
X_Auth_Token = request.META.get('HTTP_X_AUTH_TOKEN', None)
if not X_Auth_Token:
LOG.error('token is not in headers')
raise DMException(error.TOKEN_REQUIRE)
return verify_token(X_Auth_Token)