def get_period(period_id, product_id): db = DB() status, period_result = db.select_by_id("period_task", period_id) if status is True and period_result: minions = [] for group in period_result.get("target"): status, result = db.select_by_id("groups", group) if status is True and result: minions.extend(result.get("minion")) minion_list = list(set(minions)) salt_api = salt_api_for_product(product_id) if isinstance(salt_api, dict): period_result["status"] = { "id": 4, "name": period_status.get(4) } db.update_by_id("period_task", json.dumps(period_result, ensure_ascii=False), period_id) return salt_api, 500 return period_result, minion_list, salt_api else: logger.error("Get period and minion error: %s" % period_result) raise
def update_group_for_create_project(project_name, groups_id_list): db = DB() logger.info('UPDATEGROUP') logger.info('project_name:' + project_name + 'groups_id_list:' + str(groups_id_list)) for group_id in groups_id_list: status, group = db.select_by_id('groups', group_id) project_name_list = list(group['projects']) project_name_list.append(project_name) group['projects'] = project_name_list status, result = db.update_by_id('groups', json.dumps(group, ensure_ascii=False), group_id) db.close_mysql()
def get(self, product_id): db = DB() status, result = db.select_by_id("product", product_id) db.close_mysql() if status is True: if result: return {"data": result, "status": True, "message": ""}, 200 else: return { "status": False, "message": "%s does not exist" % product_id }, 404 else: return {"status": False, "message": result}, 500
def get(self, groups_id): db = DB() status, result = db.select_by_id("groups", groups_id) db.close_mysql() if status is True: if result: try: groups = eval(result[0][0]) except Exception as e: return {"status": False, "message": str(e)}, 500 else: return {"status": False, "message": "%s does not exist" % groups_id}, 404 else: return {"status": False, "message": result}, 500 return {"groups": groups}, 200
def group_to_user(gid, uid): db = DB() select_status, select_result = db.select_by_id("user", uid) if select_status is True and select_result: select_result["groups"].append(gid) else: return {"status": False, "message": select_result} status, result = db.update_by_id( "user", json.dumps(select_result, ensure_ascii=False), uid) db.close_mysql() if status is True: return {"status": True, "message": ""} else: logger.error("Group to user error: %s" % result) return {"status": False, "message": result}
def get(self, host_id): db = DB() status, result = db.select_by_id("host", host_id) db.close_mysql() if status is True: if result: try: host = eval(result[0][0]) except Exception as e: return {"status": False, "message": str(e)}, 500 else: return {"status": False, "message": "%s does not exist" % host_id}, 404 else: return {"status": False, "message": result}, 500 return {"host": host, "status": True, "message": ""}, 200
def get(self): args = parser.parse_args() db = DB() status, result = db.select_by_id("audit_log", args["product_id"]) db.close_mysql() log_list = [] if status is True: if result: for i in result: log_list.append(eval(i[0])) else: return {"status": False, "message": "Log does not exist"}, 500 else: return {"status": False, "message": result}, 500 return {"audit_logs": {"audit_log": log_list}, "status": True, "message": ""}, 200
def verify_role(user_info, tag): for role in user_info["role"]: db = DB() status, result = db.select_by_id("role", role) db.close_mysql() if status is True and result: try: if result["tag"] == role_dict["superuser"] or result[ "tag"] == tag: return True except KeyError as _: return False else: return False return False
def transfer_projectGroupID_to_projectGroupNAME(projects_with_groupid): db = DB() if not isinstance(projects_with_groupid, list): projects_with_groupid = [projects_with_groupid] projects_with_group_name = [] for project in projects_with_groupid: group_name_list = [] for group_id in list(project['groups']): status, group = db.select_by_id('groups', group_id) logger.info('group:' + str(group)) group_name = group['name'] group_name_list.append(group_name) project['groups'] = group_name_list projects_with_group_name.append(project) return projects_with_group_name
def get(self, user_id): db = DB() status, result = db.select_by_id("user", user_id) db.close_mysql() if status is True: if result: result.pop("password") return {"data": result, "status": True, "message": ""}, 200 else: return { "status": False, "message": "%s does not exist" % user_id }, 404 else: return {"status": False, "message": result}, 500
def get(self, user_id): db = DB() status, result = db.select_by_id("user", user_id) db.close_mysql() if status is True: if result: try: user = eval(result[0][0]) user.pop("password") except Exception as e: return {"status": False, "message": str(e)}, 500 else: return {"status": False, "message": "%s does not exist" % user_id}, 404 else: return {"status": False, "message": result}, 500 return {"user": user, "status": True, "message": ""}, 200
def git_clone(product_id, project_name): db = DB() status, product = db.select_by_id('product', product_id) gitlab_url = product['gitlab_url'] master = product['salt_master_id'] gitlab_url = gitlab_url.replace('http://', 'git@') gitlab_project_url = re.split( ':', gitlab_url)[0] + ':root/' + project_name + '.git' #gitlab_project_url = gitlab_url.replace(':80', '/root/') + project_name + '.git' command_list = [] command_list.append('cd /tmp/' + ' \n ') command_list.append('git clone ' + gitlab_project_url + ' \n ') command_final = ''.join(command_list) logger.info('command' + command_final) salt_api = salt_api_for_product(product_id) exec_result = salt_api.shell_remote_execution([master], command_final)
def gitlab_project(product_id, project_type): db = DB() status, result = db.select_by_id("product", product_id) db.close_mysql() if status is True: if result: product = result else: return { "status": False, "message": "%s does not exist" % product_id } else: return {"status": False, "message": result} try: if product.get("file_server") == "gitfs": gl = gitlab.Gitlab( url=product.get("gitlab_url"), private_token=None if product.get("private_token") is "" else product.get("private_token"), oauth_token=None if product.get("oauth_token") is "" else product.get("oauth_token"), email=None if product.get("email") is "" else product.get("email"), password=None if product.get("password") is "" else product.get("password"), ssl_verify=True, http_username=None if product.get("http_username") is "" else product.get("http_username"), http_password=None if product.get("http_password") is "" else product.get("http_password"), timeout=120, api_version=None if product.get("api_version") is "" else product.get("api_version")) project = gl.projects.get(product.get(project_type)) return project, product.get(project_type) # 項目过多会慢 # projects = gl.projects.list(all=True) # for pr in projects: # if pr.__dict__.get('_attrs').get('path_with_namespace') == product.get(project_type): # project = gl.projects.get(pr.__dict__.get('_attrs').get('id')) # return project, product.get(project_type) # return {"status": False, "message": "Project not found"}, "" else: return {"status": False, "message": "File server is not gitfs"}, "" except Exception as e: return {"status": False, "message": str(e)}
def update_user_product(user_id, product_id): db = DB() status, result = db.select_by_id("user", user_id) if status is True: if result: result["product"].append(product_id) db.update_by_id("user", json.dumps(result, ensure_ascii=False), user_id) db.close_mysql() return {"status": True, "message": ""} else: db.close_mysql() return {"status": False, "message": "User does not exist"} else: db.close_mysql() logger.error("Update user product error: %s" % result) return {"status": False, "message": result}
def put(self, project_id): args = parser.parse_args() args["id"] = project_id projects = transfer_args_to_project(args) db = DB() # 判断是否存在 select_status, select_result = db.select_by_id("projects", project_id) if select_status is not True: db.close_mysql() logger.error("Modify projects error: %s" % select_result) return {"status": False, "message": select_result}, 500 if not select_result: db.close_mysql() return { "status": False, "message": "%s does not exist" % project_id }, 404 gitlab_name_origion = select_result['gitlab_name'] args['gitlab_name'] = gitlab_name_origion # 判断名字否已经存在 status, result = db.select( "projects", "where data -> '$.name'='%s' and data -> '$.product_id'='%s'" % (args["name"], args["product_id"])) if status is True and result: if project_id != result[0].get("id"): db.close_mysql() return { "status": False, "message": "The projects name already exists" }, 200 try: status, message = update_group_for_update_project( project_id, args['groups'], args['name']) if status is not True: return {"status": False, "message": message}, 500 except Exception as e: return {"status": False, "message": str(e)}, 500 status, result = db.update_by_id( "projects", json.dumps(projects, ensure_ascii=False), project_id) db.close_mysql() if status is not True: logger.error("Modify projects error: %s" % result) return {"status": False, "message": result}, 500 return {"status": True, "message": ""}, 200
def salt_api_for_product(product_id): db = DB() status, result = db.select_by_id("product", product_id) db.close_mysql() if status is True: if result: product = result else: return { "status": False, "message": "product %s does not exist" % product_id } else: return {"status": False, "message": result} salt_api = SaltAPI(url=product.get("salt_master_url"), user=product.get("salt_master_user"), passwd=product.get("salt_master_password")) return salt_api
def post(self, user_id): args = parser.parse_args() user = g.user_info["username"] if not args["old_password"]: return { "status": False, "message": "The specified old_password parameter does not exist" }, 200 if not args["new_password"]: return { "status": False, "message": "The specified now_password parameter does not exist" }, 200 db = DB() status, result = db.select_by_id("user", user_id) if status is True and result: if not verify_password(result["username"], args["old_password"]): return {"status": False, "message": "Old password error"}, 200 else: # 基于RSA加密算法获取密码 password = rsa_decrypt(args["new_password"]) if password is False: return { "status": False, "message": "Decrypt is failure" }, 500 # 加密新密码 password_hash = custom_app_context.encrypt(password) result["password"] = password_hash update_status, update_result = db.update_by_id( "user", json.dumps(result, ensure_ascii=False), user_id) db.close_mysql() if update_status is not True: logger.error("Reset %s password error: %s" % (user_id, update_result)) return {"status": False, "message": update_result}, 500 audit_log(user, user_id, "", "user", "reset by owner") return {"status": True, "message": ""}, 201 else: db.close_mysql() logger.error("Select user error: %s" % result) return {"status": False, "message": result}, 500
def put(self, user_id): user = g.user_info["username"] args = parser.parse_args() args["id"] = user_id db = DB() # 判断用户名是否已经存在 status, result = db.select( "user", "where data -> '$.username'='%s'" % args["username"]) if status is True: if len(result) != 0: info = eval(result[0][0]) if user_id != info.get("id"): return { "status": False, "message": "The user name already exists" }, 200 # 获取之前的加密密码 status, result = db.select_by_id("user", user_id) if status is True: if result: try: user_info = eval(result[0][0]) args["password"] = user_info.get("password") except Exception as e: return {"status": False, "message": str(e)}, 500 else: return { "status": False, "message": "%s does not exist" % user_id }, 404 else: return {"status": False, "message": result}, 500 # 更新用户信息 users = args status, result = db.update_by_id("user", json.dumps(users, ensure_ascii=False), user_id) db.close_mysql() if status is not True: logger.error("Modify user error: %s" % result) return {"status": False, "message": result}, 500 audit_log(user, user_id, "", "user", "edit") return {"status": True, "message": ""}, 200
def delete(self, period_id): user = g.user_info["username"] db = DB() select_status, select_result = db.select_by_id("period_task", period_id) if select_status is not True: db.close_mysql() logger.error("Modify period_task error: %s" % select_result) return {"status": False, "message": select_result}, 500 # 删除定期任务的时候删除对应的调度 if select_result["scheduler"] == "period": scheduler_result = scheduler_delete(period_id) if scheduler_result.get("status") is not True: # 假如不是job不存在,才返回 if "'No job" not in scheduler_result.get("message"): return { "status": False, "message": scheduler_result.get("message") }, 500 status, result = db.delete_by_id("period_task", period_id) if status is not True: logger.error("Delete period_task error: %s" % result) return {"status": False, "message": result}, 500 if result is 0: return { "status": False, "message": "%s does not exist" % period_id }, 404 period_result_status, period_result_result = db.delete_by_id( "period_result", period_id) if period_result_status is not True: logger.error("Delete period_result error: %s" % period_result_result) return {"status": False, "message": result}, 500 period_audit_status, period_audit_result = db.delete_by_id( "period_audit", period_id) if period_audit_status is not True: logger.error("Delete period_result error: %s" % period_audit_result) return {"status": False, "message": result}, 500 db.close_mysql() audit_log(user, period_id, "", "period_task", "delete") return {"status": True, "message": ""}, 200
def put(self, period_id): product_id = request.args.get("product_id") user = g.user_info["username"] db = DB() status, result = db.select_by_id("period_task", period_id) if status is True: if result: if result["scheduler"] == "once" and result["once"][ "type"] == "now": # 重开之前清空已经执行过的minion result["count"] = 0 result["step"] = 0 audit = { "timestamp": int(time.time()), "user": user, "option": period_audit.get(1) } insert_period_audit(period_id, audit) update_status, update_result = db.update_by_id( "period_task", json.dumps(result, ensure_ascii=False), period_id) if update_status is not True: logger.error("Reopen period_task error: %s" % update_result) db.close_mysql() return {"status": False, "message": update_result}, 500 audit_log(user, period_id, product_id, "period_task", "reopen") job.delay(period_id, product_id, user) db.close_mysql() return {"status": True, "message": ""}, 200 else: db.close_mysql() return { "status": False, "message": "The period_task does not exist" }, 404 else: db.close_mysql() return {"status": False, "message": result}, 500
def post(self): args = parser.parse_args() args["id"] = uuid_prefix("g") user = g.user_info["username"] groups = args db = DB() status, result = db.select_by_id("product", args["product_id"]) if status is True: if not result: db.close_mysql() return { "status": False, "message": "%s does not exist" % args["product_id"] }, 404 else: return {"status": False, "message": result}, 500 status, result = db.select( "groups", "where data -> '$.name'='%s' and data -> '$.product_id'='%s'" % (args["name"], args["product_id"])) if status is True: if len(result) == 0: insert_status, insert_result = db.insert( "groups", json.dumps(groups, ensure_ascii=False)) db.close_mysql() if insert_status is not True: logger.error("Add groups error: %s" % insert_result) return {"status": False, "message": insert_result}, 500 audit_log(user, args["id"], "", "groups", "add") group_to_user(args["id"], g.user_info["id"]) return {"status": True, "message": ""}, 201 else: db.close_mysql() return { "status": False, "message": "The groups name already exists" }, 200 else: db.close_mysql() logger.error("Select groups name error: %s" % result) return {"status": False, "message": result}, 500
def put(self, product_id): user = g.user_info["username"] args = parser.parse_args() args["id"] = product_id product = args db = DB() # 判断是否存在 select_status, select_result = db.select_by_id("product", product_id) if select_status is not True: db.close_mysql() logger.error("Modify product error: %s" % select_result) return {"status": False, "message": select_result}, 500 if not select_result: db.close_mysql() return { "status": False, "message": "%s does not exist" % product_id }, 404 # 判断名字是否重复 status, result = db.select( "product", "where data -> '$.name'='%s'" % args["name"]) if status is True: if result: if product_id != result[0].get("id"): db.close_mysql() return { "status": False, "message": "The product name already exists" }, 200 status, result = db.update_by_id( "product", json.dumps(product, ensure_ascii=False), product_id) db.close_mysql() if status is not True: logger.error("Modify product error: %s" % result) return {"status": False, "message": result}, 500 audit_log(user, args["id"], product_id, "product", "edit") # 更新Rsync配置 if args["file_server"] == "rsync": rsync_config() return {"status": True, "message": ""}, 200
def put(self, acl_id): user = g.user_info["username"] args = parser.parse_args() args["id"] = acl_id acl = args db = DB() # 判断是否存在 select_status, select_result = db.select_by_id("acl", acl_id) if select_status is not True: db.close_mysql() logger.error("Modify acl error: %s" % select_result) return {"status": False, "message": select_result}, 500 if not select_result: db.close_mysql() return { "status": False, "message": "%s does not exist" % acl_id }, 404 # 判断名字否已经存在 status, result = db.select( "acl", "where data -> '$.name'='%s'" % args["name"]) if status is True: if len(result) != 0: info = eval(result[0][0]) if acl_id != info.get("id"): db.close_mysql() return { "status": False, "message": "The acl name already exists" }, 200 status, result = db.update_by_id("acl", json.dumps(acl, ensure_ascii=False), acl_id) db.close_mysql() if status is not True: logger.error("Modify acl error: %s" % result) return {"status": False, "message": result}, 500 audit_log(user, acl_id, "", "acl", "edit") return {"status": True, "message": ""}, 200
def put(self, role_id): user = g.user_info["username"] args = parser.parse_args() args["id"] = role_id role = args db = DB() # 判断是否存在 select_status, select_result = db.select_by_id("role", role_id) if select_status is not True: db.close_mysql() logger.error("Modify role error: %s" % select_result) return {"status": False, "message": select_result}, 500 if not select_result: db.close_mysql() return { "status": False, "message": "%s does not exist" % role_id }, 404 # 判断名字是否重复 status, result = db.select( "role", "where data -> '$.name'='%s'" % args["name"]) if status is True: if result: if role_id != result[0].get("id"): db.close_mysql() return { "status": False, "message": "The role name already exists" }, 200 status, result = db.update_by_id("role", json.dumps(role, ensure_ascii=False), role_id) db.close_mysql() if status is not True: logger.error("Modify role error: %s" % result) return {"status": False, "message": result}, 500 audit_log(user, role_id, "", "role", "edit") return {"status": True, "message": ""}, 200
def get(self, project_id): db = DB() status, result = db.select_by_id("projects", project_id) try: project_with_group_name = list( transfer_projectGroupID_to_projectGroupNAME(result))[0] except Exception as e: return {"status": False, "message": str(e)}, 500 db.close_mysql() if status is True: if result: return { "data": project_with_group_name, "status": True, "message": "" }, 200 else: return { "status": False, "message": "%s does not exist" % project_id }, 404 else: return {"status": False, "message": result}, 500
def gitlab_project(product_id): db = DB() status, result = db.select_by_id("product", product_id) db.close_mysql() if status is True: if result: product = eval(result[0][0]) else: return { "status": False, "message": "%s does not exist" % product_id } else: return {"status": False, "message": result} try: gl = gitlab.Gitlab( url=product.get("gitlab_url"), private_token=None if product.get("private_token") is "" else product.get("private_token"), oauth_token=None if product.get("oauth_token") is "" else product.get("oauth_token"), email=None if product.get("email") is "" else product.get("email"), password=None if product.get("password") is "" else product.get("password"), ssl_verify=True, http_username=None if product.get("http_username") is "" else product.get("http_username"), http_password=None if product.get("http_password") is "" else product.get("http_password"), timeout=120, api_version=None if product.get("api_version") is "" else product.get("api_version")) project = gl.projects.get(product.get("project")) return project except Exception as e: return {"status": False, "message": str(e)}
def get(self, period_id): db = DB() status, result = db.select_by_id("period_task", period_id) if status is True: if result: targets = result.get("target") result["target"] = [] for target in targets: group_status, group_result = db.select_by_id( "groups", target) if group_status is True and group_result: result["target"].append({ "name": group_result.get("name"), "id": target }) else: db.close_mysql() return {"status": False, "message": group_result}, 500 product_status, product_result = db.select_by_id( "product", result.get("product_id")) if product_status is True and product_result: result["product_id"] = product_result.get("name") count_status, count_result = db.select_count_by_id( "period_result", result["id"]) if count_result is False: return {"status": False, "message": count_result}, 500 # 数量小于15的时候避免等于负数 if int(count_result) < 15: count_result = 15 # 获取最后15条数据 period_result_status, period_result_result = db.select( "period_result", "where data -> '$.id'='%s' limit %s,%s" % (result["id"], int(count_result) - 15, 15)) if period_result_status is True: for r in period_result_result: result["result"].append(r.get("result")) period_audit_status, period_audit_result = db.select( "period_audit", "where data -> '$.id'='%s'" % result["id"]) if period_audit_status is True: for a in period_audit_result: result["audit"].append(a.get("result")) db.close_mysql() # 周期性Job审计信息超过10条后显示前10条及最后两条 if result["scheduler"] != "once": if len(result["audit"]) > 10: result_limit = result["audit"][0:10] result_limit.append({ 'user': '', 'option': '', 'timestamp': '' }) result_limit.extend(result["audit"][-2:]) result["audit"] = result_limit return {"data": result, "status": True, "message": ""}, 200 else: db.close_mysql() return { "status": False, "message": "%s does not exist" % period_id }, 404 else: db.close_mysql() return {"status": False, "message": result}, 500
def put(self, user_id): user = g.user_info["username"] args = parser.parse_args() args["id"] = user_id db = DB() # 判断是否存在 select_status, select_result = db.select_by_id("user", user_id) if select_status is not True: db.close_mysql() logger.error("Modify user error: %s" % select_result) return {"status": False, "message": select_result}, 500 if not select_result: db.close_mysql() return { "status": False, "message": "%s does not exist" % user_id }, 404 # 判断名字否已经存在 status, result = db.select( "user", "where data -> '$.username'='%s'" % args["username"]) if status is True: if result: if user_id != result[0].get("id"): db.close_mysql() return { "status": False, "message": "The user name already exists" }, 200 # 获取之前的加密密码 if args["password"]: # 基于RSA加密算法获取密码 password = rsa_decrypt(args["password"]) if password is False: return {"status": False, "message": "Decrypt is failure "}, 500 password_hash = custom_app_context.encrypt(password) args["password"] = password_hash else: status, result = db.select_by_id("user", user_id) if status is True: if result: args["password"] = result.get("password") else: db.close_mysql() return { "status": False, "message": "%s does not exist" % user_id }, 404 else: db.close_mysql() return {"status": False, "message": result}, 500 # 更新用户信息 users = args status, result = db.update_by_id("user", json.dumps(users, ensure_ascii=False), user_id) db.close_mysql() if status is not True: logger.error("Modify user error: %s" % result) return {"status": False, "message": result}, 500 audit_log(user, user_id, "", "user", "edit") return {"status": True, "message": ""}, 200
def grouping(concurrent, period_result, period_id, minion_list, salt_api, user, product_id): # 假如并行数大于minion的总数,range步长为minion长度,即一次全部运行 # for m in period_result["executed_minion"]: # minion_list.remove(m) if concurrent > len(minion_list): concurrent = len(minion_list) count = period_result["count"] if period_result["count"] != 0 else 1 step = period_result["step"] if period_result["step"] != 0 else 0 for i in range(step, len(minion_list), concurrent): db = DB() p_status, p_result = db.select_by_id("period_task", period_id) if p_status is True and p_result: if p_result.get("action") == "concurrent_play" or p_result.get( "action") == "scheduler_resume": # 记录状态为第N组运行中 p_result["status"] = { "id": 7, "name": period_status.get(7) % count } audits = { "timestamp": int(time.time()), "user": "******", "option": period_audit.get(7) % count } insert_period_audit(period_id, audits) db.update_by_id("period_task", json.dumps(p_result, ensure_ascii=False), period_id) # 根据并行数,对minion进行切分 minion = minion_list[i:i + concurrent] if period_result.get("execute") == "shell": result = salt_api.shell_remote_execution( minion, period_result.get("shell")) elif period_result.get("execute") == "sls": result = salt_api.target_deploy( minion, period_result.get("sls").replace(".sls", "")) # 执行结果写入到period_result表 results = { "time": int(time.time()), "result": result, "option": period_audit.get(7) % count } insert_period_result(period_id, results) # 执行完命令更新状态 p_result["status"] = { "id": 8, "name": period_status.get(8) % count } # 执行审计写入到period_audit表 audits = { "timestamp": int(time.time()), "user": "******", "option": period_audit.get(8) % count } insert_period_audit(period_id, audits) p_result["count"] = count + 1 p_result["step"] = step + concurrent # 并行间隔时间,最后一次不等待 if concurrent < len(minion_list): if i != list(range(0, len(minion_list), concurrent))[-1]: time.sleep(int(p_result["interval"])) count += 1 elif i == list(range(0, len(minion_list), concurrent))[-1]: # 正常循环最后一次对计数几步长初始化 p_result["count"] = 0 p_result["step"] = 0 db.update_by_id("period_task", json.dumps(p_result, ensure_ascii=False), period_id) db.close_mysql() # audit_log(user, minion, product_id, "minion", "shell") # 不同调度方式使用不同的状态显示 if p_result["scheduler"] == "period": p_result["status"] = {"id": 9, "name": period_status.get(9)} elif p_result["scheduler"] == "crontab": p_result["status"] = {"id": 10, "name": period_status.get(10)} elif p_result.get("action") != "concurrent_pause": p_result["status"] = {"id": 3, "name": period_status.get(3)} if p_result.get("action") != "concurrent_pause": audits = { "timestamp": int(time.time()), "user": "******", "option": period_audit.get(3) } insert_period_audit(period_id, audits) db = DB() db.update_by_id("period_task", json.dumps(p_result, ensure_ascii=False), period_id) db.close_mysql()
def verify_token(*args, **kwargs): # 通过 Cookie Token 进行认证 token = request.cookies.get(cookie_key) if token: try: uid = RedisTool.get(token) db = DB() status, result = db.select_by_id("user", uid) if status is True and result: db.close_mysql() # 验证是否有权限访问 if not verify_role(result, tag): return { "status": False, "message": "Access forbidden" }, 403 g.user_info = result else: logger.error("Select uid by token error: %s" % result) return { "status": False, "message": "Unauthorized access" }, 401 except Exception as e: logger.error("Verify token error: %s" % e) return { "status": False, "message": "Unauthorized access" }, 401 if RedisTool.get(token): RedisTool.expire(token, expires_in) return func(*args, **kwargs) # 通过 Bearer Token 进行认证 elif 'Authorization' in request.headers: try: scheme, cred = request.headers['Authorization'].split( None, 1) uid = RedisTool.get(cred) db = DB() status, result = db.select_by_id("user", uid) if status is True and result: db.close_mysql() # 验证是否有权限访问 if not verify_role(result, tag): return { "status": False, "message": "Access forbidden" }, 403 g.user_info = result else: logger.error("Select uid by token error: %s" % result) return { "status": False, "message": "Unauthorized access" }, 401 except Exception as e: logger.error("Verify token error: %s" % e) return { "status": False, "message": "Unauthorized access" }, 401 else: if scheme == 'Bearer' and RedisTool.get(cred): RedisTool.expire(token, expires_in) return func(*args, **kwargs) else: return { "status": False, "message": "Unauthorized access" }, 401 # 通过 X-Gitlab-Token 进行认证 elif 'X-Gitlab-Token' in request.headers: gitlab_token = request.headers['X-Gitlab-Token'] try: uid = RedisTool.get(gitlab_token) db = DB() status, result = db.select_by_id("user", uid) if status is True and result: db.close_mysql() # 验证是否有权限访问 if not verify_role(result, tag): return { "status": False, "message": "Access forbidden" }, 403 g.user_info = result else: logger.error("Select uid by token error: %s" % result) return { "status": False, "message": "Unauthorized access" }, 401 except Exception as e: logger.error("Verify token error: %s" % e) return { "status": False, "message": "Unauthorized access" }, 401 if RedisTool.get(gitlab_token): RedisTool.expire(gitlab_token, expires_in) return func(*args, **kwargs) else: return {"status": False, "message": "Unauthorized access"}, 401