def get(self):
try:
public_key = RedisTool.get("public_key")
if not public_key:
generate_key_pair()
public_key = RedisTool.get("public_key")
return {"data": public_key, "status": True, "message": ""}, 200
except Exception as e:
return {"status": False, "message": str(e)}, 200
def generate_key_pair():
# 伪随机数生成器
random_generator = Random.new().read
# rsa算法生成实例
rsa = RSA.generate(1024, random_generator)
# 私钥
private_key = rsa.exportKey()
RedisTool.setex("private_key", 24 * 60 * 60, private_key)
# 公钥
public_key = rsa.publickey().exportKey()
RedisTool.setex("public_key", 24 * 60 * 60, public_key)
def create_token(username):
token = serializer.dumps({'username': username})
db = DB()
status, result = db.select("user",
"where data -> '$.username'='%s'" % username)
db.close_mysql()
uid = ""
if status is True and result:
try:
uid = result[0].get("id")
RedisTool.setex(token, expires_in, uid)
except Exception as e:
logger.error("Verify password error: %s" % e)
return cookie_key, token, uid
def create_token(username):
token = serializer.dumps({'username': username})
db = DB()
status, result = db.select("user",
"where data -> '$.username'='%s'" % username)
db.close_mysql()
if status:
if len(result) > 0:
try:
info = eval(result[0][0])
RedisTool.setex(token, expires_in, info)
except Exception as e:
logger.error("Verify password error: %s" % e)
return cookie_key, token
def rsa_encrypt(encrypt_text):
try:
public_key = RedisTool.get("public_key")
rsa_key = RSA.importKey(public_key)
cipher = Cipher_pkcs1_v1_5.new(rsa_key)
text = base64.b64decode(cipher.encrypt(encrypt_text))
return text
except Exception as e:
logger.error("Encrypt rsa error: %s" % e)
return False
def verify_token(*args, **kwargs):
# 通过 Cookie Token 进行认证
token = request.cookies.get(cookie_key)
if token:
try:
user_info = eval(RedisTool.get(token))
# 验证是否有权限访问
if not verify_role(user_info, tag):
return {
"status": False,
"message": "access forbidden"
}, 403
g.user_info = user_info
except Exception as e:
logger.error("Verify token error: %s" % e)
return {
"status": False,
"message": "Unauthorized access"
}, 401
if RedisTool.get(token):
RedisTool.expire(token, expires_in)
return func(*args, **kwargs)
# 通过 Bearer Token 进行认证
elif 'Authorization' in request.headers:
try:
scheme, cred = request.headers['Authorization'].split(
None, 1)
user_info = eval(RedisTool.get(cred))
# 验证是否有权限访问
if not verify_role(user_info, tag):
return {
"status": False,
"message": "access forbidden"
}, 403
g.user_info = user_info
except Exception as e:
logger.error("Verify token error: %s" % e)
return {
"status": False,
"message": "Unauthorized access"
}, 401
else:
if scheme == 'Bearer' and RedisTool.get(cred):
RedisTool.expire(token, expires_in)
return func(*args, **kwargs)
else:
return {
"status": False,
"message": "Unauthorized access"
}, 401
else:
return {"status": False, "message": "Unauthorized access"}, 401
def rsa_decrypt(decrypt_text):
try:
random_generator = Random.new().read
private_key = RedisTool.get("private_key")
rsa_key = RSA.importKey(private_key)
cipher = Cipher_pkcs1_v1_5.new(rsa_key)
text = cipher.decrypt(base64.b64decode(decrypt_text), random_generator)
return text
except Exception as e:
logger.error("Decrypt rsa error: %s" % e)
return False
def _process_jobs(self):
"""
Iterates through jobs in every jobstore, starts jobs that are due and figures out how long
to wait for the next round.
If the ``get_due_jobs()`` call raises an exception, a new wakeup is scheduled in at least
``jobstore_retry_interval`` seconds.
"""
if self.state == STATE_PAUSED:
self._logger.debug('Scheduler is paused -- not processing jobs')
return None
self._logger.debug('Looking for jobs to run')
now = datetime.now(self.timezone)
next_wakeup_time = None
events = []
with self._jobstores_lock:
for jobstore_alias, jobstore in six.iteritems(self._jobstores):
try:
due_jobs = jobstore.get_due_jobs(now)
except Exception as e:
# Schedule a wakeup at least in jobstore_retry_interval seconds
self._logger.warning(
'Error getting due jobs from job store %r: %s',
jobstore_alias, e)
retry_wakeup_time = now + timedelta(
seconds=self.jobstore_retry_interval)
if not next_wakeup_time or next_wakeup_time > retry_wakeup_time:
next_wakeup_time = retry_wakeup_time
continue
for job in due_jobs:
# Look up the job's executor
try:
executor = self._lookup_executor(job.executor)
except BaseException:
self._logger.error(
'Executor lookup ("%s") failed for job "%s" -- removing it from the '
'job store', job.executor, job)
self.remove_job(job.id, jobstore_alias)
continue
run_times = job._get_run_times(now)
run_times = run_times[
-1:] if run_times and job.coalesce else run_times
if run_times:
try:
'''互斥操作'''
# 获取job 的id
id = job.id
# 使用 redis setnx 进行互斥
status = RedisTool.setnx("%s.lock" % id,
time.time())
# 成功存入redis key 后进行job的提交
if status:
executor.submit_job(job, run_times)
# 提交完成后设置redis key 过期时间为 900毫秒(周期最小1秒)
RedisTool.pexpire("%s.lock" % id, 900)
# 失败直接跳出,说明这个周期的job已经被执行过了
else:
continue
except MaxInstancesReachedError:
self._logger.warning(
'Execution of job "%s" skipped: maximum number of running '
'instances reached (%d)', job,
job.max_instances)
event = JobSubmissionEvent(EVENT_JOB_MAX_INSTANCES,
job.id, jobstore_alias,
run_times)
events.append(event)
except BaseException:
self._logger.exception(
'Error submitting job "%s" to executor "%s"',
job, job.executor)
else:
event = JobSubmissionEvent(EVENT_JOB_SUBMITTED,
job.id, jobstore_alias,
run_times)
events.append(event)
# Update the job if it has a next execution time.
# Otherwise remove it from the job store.
job_next_run = job.trigger.get_next_fire_time(
run_times[-1], now)
if job_next_run:
job._modify(next_run_time=job_next_run)
jobstore.update_job(job)
else:
self.remove_job(job.id, jobstore_alias)
# Set a new next wakeup time if there isn't one yet or
# the jobstore has an even earlier one
jobstore_next_run_time = jobstore.get_next_run_time()
if jobstore_next_run_time and (
next_wakeup_time is None
or jobstore_next_run_time < next_wakeup_time):
next_wakeup_time = jobstore_next_run_time.astimezone(
self.timezone)
# Dispatch collected events
for event in events:
self._dispatch_event(event)
# Determine the delay until this method should be called again
if self.state == STATE_PAUSED:
wait_seconds = None
self._logger.debug(
'Scheduler is paused; waiting until resume() is called')
elif next_wakeup_time is None:
wait_seconds = None
self._logger.debug('No jobs; waiting until a job is added')
else:
wait_seconds = min(
max(timedelta_seconds(next_wakeup_time - now), 0), TIMEOUT_MAX)
self._logger.debug('Next wakeup is due at %s (in %f seconds)',
next_wakeup_time, wait_seconds)
return wait_seconds
def verify_token(*args, **kwargs):
# 通过 Cookie Token 进行认证
token = request.cookies.get(cookie_key)
if token:
try:
uid = RedisTool.get(token)
db = DB()
status, result = db.select_by_id("user", uid)
if status is True and result:
db.close_mysql()
# 验证是否有权限访问
if not verify_role(result, tag):
return {
"status": False,
"message": "Access forbidden"
}, 403
g.user_info = result
else:
logger.error("Select uid by token error: %s" % result)
return {
"status": False,
"message": "Unauthorized access"
}, 401
except Exception as e:
logger.error("Verify token error: %s" % e)
return {
"status": False,
"message": "Unauthorized access"
}, 401
if RedisTool.get(token):
RedisTool.expire(token, expires_in)
return func(*args, **kwargs)
# 通过 Bearer Token 进行认证
elif 'Authorization' in request.headers:
try:
scheme, cred = request.headers['Authorization'].split(
None, 1)
uid = RedisTool.get(cred)
db = DB()
status, result = db.select_by_id("user", uid)
if status is True and result:
db.close_mysql()
# 验证是否有权限访问
if not verify_role(result, tag):
return {
"status": False,
"message": "Access forbidden"
}, 403
g.user_info = result
else:
logger.error("Select uid by token error: %s" % result)
return {
"status": False,
"message": "Unauthorized access"
}, 401
except Exception as e:
logger.error("Verify token error: %s" % e)
return {
"status": False,
"message": "Unauthorized access"
}, 401
else:
if scheme == 'Bearer' and RedisTool.get(cred):
RedisTool.expire(token, expires_in)
return func(*args, **kwargs)
else:
return {
"status": False,
"message": "Unauthorized access"
}, 401
# 通过 X-Gitlab-Token 进行认证
elif 'X-Gitlab-Token' in request.headers:
gitlab_token = request.headers['X-Gitlab-Token']
try:
uid = RedisTool.get(gitlab_token)
db = DB()
status, result = db.select_by_id("user", uid)
if status is True and result:
db.close_mysql()
# 验证是否有权限访问
if not verify_role(result, tag):
return {
"status": False,
"message": "Access forbidden"
}, 403
g.user_info = result
else:
logger.error("Select uid by token error: %s" % result)
return {
"status": False,
"message": "Unauthorized access"
}, 401
except Exception as e:
logger.error("Verify token error: %s" % e)
return {
"status": False,
"message": "Unauthorized access"
}, 401
if RedisTool.get(gitlab_token):
RedisTool.expire(gitlab_token, expires_in)
return func(*args, **kwargs)
else:
return {"status": False, "message": "Unauthorized access"}, 401