def handle_user_info(user, x_real_ip):
rds_cli = get_redis_connection()
cache.delete(user.username)
token_isvalid = user.access_token and len(
user.access_token) == 32 and user.token_expired >= time.time()
user.access_token = user.access_token if token_isvalid else uuid.uuid4(
).hex
# 8小时过期
user.token_expired = 8 * 60 * 60
user.last_login = human_datetime()
user.last_ip = x_real_ip
user.save()
rds_token = uuid.uuid4().hex
rds_cli.set(REDIS_AUTH_KEY + rds_token, user.username, user.token_expired)
return json_response({
'access_token':
rds_token,
'nickname':
user.nickname,
'is_supper':
user.is_supper,
'has_real_ip':
True if x_real_ip else False,
'permissions': [] if user.is_supper else user.page_perms
})
def _handle_event(self, event):
close_old_connections()
obj = SimpleLazyObject(lambda: Task.objects.filter(pk=event.job_id).first())
if event.code == EVENT_SCHEDULER_SHUTDOWN:
logging.warning(f'EVENT_SCHEDULER_SHUTDOWN: {event}')
Notify.make_notify('schedule', '1', '调度器已关闭', '调度器意外关闭,你可以在github上提交issue')
elif event.code == EVENT_JOB_MAX_INSTANCES:
logging.warning(f'EVENT_JOB_MAX_INSTANCES: {event}')
send_fail_notify(obj, '达到调度实例上限,一般为上个周期的执行任务还未结束,请增加调度间隔或减少任务执行耗时')
elif event.code == EVENT_JOB_ERROR:
logging.warning(f'EVENT_JOB_ERROR: job_id {event.job_id} exception: {event.exception}')
send_fail_notify(obj, f'执行异常:{event.exception}')
elif event.code == EVENT_JOB_EXECUTED:
if event.retval:
score = 0
for item in event.retval:
score += 1 if item[1] else 0
history = History.objects.create(
task_id=event.job_id,
status=2 if score == len(event.retval) else 1 if score else 0,
run_time=human_datetime(event.scheduled_run_time),
output=json.dumps(event.retval)
)
Task.objects.filter(pk=event.job_id).update(latest=history)
if score != 0:
send_fail_notify(obj)
def _handle_event(self, event):
close_old_connections()
obj = SimpleLazyObject(lambda: Detection.objects.filter(pk=event.job_id).first())
if event.code == EVENT_SCHEDULER_SHUTDOWN:
logger.info(f'EVENT_SCHEDULER_SHUTDOWN: {event}')
Notify.make_notify('monitor', '1', '调度器已关闭', '调度器意外关闭,你可以在github上提交issue', False)
elif event.code == EVENT_JOB_MAX_INSTANCES:
logger.info(f'EVENT_JOB_MAX_INSTANCES: {event}')
Notify.make_notify('monitor', '1', f'{obj.name} - 达到调度实例上限', '一般为上个周期的执行任务还未结束,请增加调度间隔或减少任务执行耗时')
elif event.code == EVENT_JOB_ERROR:
logger.info(f'EVENT_JOB_ERROR: job_id {event.job_id} exception: {event.exception}')
Notify.make_notify('monitor', '1', f'{obj.name} - 执行异常', f'{event.exception}')
elif event.code == EVENT_JOB_EXECUTED:
obj = Detection.objects.filter(pk=event.job_id).first()
old_status = obj.latest_status
obj.latest_status = 0 if event.retval else 1
obj.latest_run_time = human_datetime(event.scheduled_run_time)
if old_status in [0, None] and event.retval is False:
obj.latest_fault_time = int(time.time())
if obj.latest_status == 0:
obj.latest_notify_time = 0
obj.fault_times = 0
else:
obj.fault_times += 1
obj.save()
self._handle_notify(obj, old_status)
def _handle_event(self, event):
close_old_connections()
obj = SimpleLazyObject(
lambda: Task.objects.filter(pk=event.job_id).first())
if event.code == EVENT_SCHEDULER_SHUTDOWN:
logger.info(f'EVENT_SCHEDULER_SHUTDOWN: {event}')
Notify.make_notify('schedule', '1', '调度器已关闭',
'调度器意外关闭,你可以在github上提交issue')
elif event.code == EVENT_JOB_MAX_INSTANCES:
logger.info(f'EVENT_JOB_MAX_INSTANCES: {event}')
Notify.make_notify('schedule', '1', f'{obj.name} - 达到调度实例上限',
'一般为上个周期的执行任务还未结束,请增加调度间隔或减少任务执行耗时')
elif event.code == EVENT_JOB_ERROR:
logger.info(
f'EVENT_JOB_ERROR: job_id {event.job_id} exception: {event.exception}'
)
Notify.make_notify('schedule', '1', f'{obj.name} - 执行异常',
f'{event.exception}')
elif event.code == EVENT_JOB_EXECUTED:
if event.retval:
score = 0
for item in event.retval:
score += 1 if item[1] else 0
history = History.objects.create(
task_id=event.job_id,
status=2
if score == len(event.retval) else 1 if score else 0,
run_time=human_datetime(event.scheduled_run_time),
output=json.dumps(event.retval))
Task.objects.filter(pk=event.job_id).update(latest=history)
if score != 0 and time.time() - counter.get(event.job_id,
0) > 3600:
counter[event.job_id] = time.time()
Notify.make_notify('schedule', '1', f'{obj.name} - 执行失败',
'请在任务计划中查看失败详情')
def post(self, request):
form, error = JsonParser(
Argument('id', type=int, required=False),
Argument('type', help='请输入任务类型'),
Argument('name', help='请输入任务名称'),
Argument('command', help='请输入任务内容'),
Argument('targets',
type=list,
filter=lambda x: len(x),
help='请选择执行对象'),
Argument('trigger',
filter=lambda x: x in dict(Task.TRIGGERS),
help='请选择触发器类型'),
Argument('trigger_args', help='请输入触发器参数'),
Argument('desc', required=False),
).parse(request.body)
if error is None:
form.targets = json.dumps(form.targets)
if form.id:
Task.objects.filter(pk=form.id).update(
updated_at=human_datetime(),
updated_by=request.user,
**form)
task = Task.objects.filter(pk=form.id).first()
if task and task.is_active:
form.action = 'modify'
form.targets = json.loads(form.targets)
rds_cli = get_redis_connection()
rds_cli.lpush(settings.SCHEDULE_KEY, json.dumps(form))
else:
Task.objects.create(created_by=request.user, **form)
return json_response(error=error)
def handle_user_info(user, x_real_ip):
cache.delete(user.username)
token_isvalid = user.access_token and len(
user.access_token) == 32 and user.token_expired >= time.time()
user.access_token = user.access_token if token_isvalid else uuid.uuid4(
).hex
user.token_expired = time.time() + 8 * 60 * 60
user.last_login = human_datetime()
user.last_ip = x_real_ip
user.save()
History.objects.create(user=user, ip=x_real_ip)
verify_ip = AppSetting.get_default('verify_ip', 'True') == 'True'
return json_response({
'access_token':
user.access_token,
'nickname':
user.nickname,
'is_supper':
user.is_supper,
'has_real_ip':
x_real_ip and ipaddress.ip_address(x_real_ip).is_global
if verify_ip else True,
'host_perms': [] if user.is_supper else user.host_perms,
'permissions': [] if user.is_supper else user.page_perms
})
def post(self, request, t_id):
task = Task.objects.filter(pk=t_id).first()
if not task:
return json_response(error='未找到指定任务')
outputs, status = {}, 1
for host_id in json.loads(task.targets):
if host_id == 'local':
code, duration, out = local_executor(task.command)
else:
host = Host.objects.filter(pk=host_id).first()
if not host:
code, duration, out = 1, 0, f'unknown host id for {host_id!r}'
else:
code, duration, out = host_executor(host, task.command)
if code != 0:
status = 2
outputs[host_id] = [code, duration, out]
history = History.objects.create(
task_id=task.id,
status=status,
run_time=human_datetime(),
output=json.dumps(outputs)
)
return json_response(history.id)
def post(self, request, r_id):
query = {'pk': r_id}
if not request.user.is_supper:
perms = request.user.deploy_perms
query['deploy__app_id__in'] = perms['apps']
query['deploy__env_id__in'] = perms['envs']
req = DeployRequest.objects.filter(**query).first()
if not req:
return json_response(error='未找到指定发布申请')
if req.status not in ('1', '-3'):
return json_response(error='该申请单当前状态还不能执行发布')
hosts = Host.objects.filter(id__in=json.loads(req.host_ids))
token = uuid.uuid4().hex
outputs = {str(x.id): {'data': []} for x in hosts}
outputs.update(local={'data': [f'{human_time()} 建立接连... ']})
req.status = '2'
req.do_at = human_datetime()
req.do_by = request.user
if not req.version:
req.version = f'{req.deploy_id}_{req.id}_{datetime.now().strftime("%Y%m%d%H%M%S")}'
req.save()
Thread(target=deploy_dispatch, args=(request, req, token)).start()
return json_response({
'token': token,
'type': req.type,
'outputs': outputs
})
def delete(self, request):
form, error = JsonParser(Argument('id', type=int,
help='请指定操作对象')).parse(request.GET)
if error is None:
User.objects.filter(pk=form.id).update(deleted_at=human_datetime(),
deleted_by=request.user)
return json_response(error=error)
def post(self, request, r_id):
query = {'pk': r_id}
if not request.user.is_supper:
perms = request.user.deploy_perms
query['deploy__app_id__in'] = perms['apps']
query['deploy__env_id__in'] = perms['envs']
req = DeployRequest.objects.filter(**query).first()
if not req:
return json_response(error='未找到指定发布申请')
if req.status not in ('1', '-3'):
return json_response(error='该申请单当前状态还不能执行发布')
hosts = Host.objects.filter(id__in=json.loads(req.host_ids))
message = f'{human_time()} 等待调度... '
outputs = {
x.id: {
'id': x.id,
'title': x.name,
'step': 0,
'data': message
}
for x in hosts
}
req.status = '2'
req.do_at = human_datetime()
req.do_by = request.user
req.save()
Thread(target=dispatch, args=(req, )).start()
if req.is_quick_deploy:
if req.repository_id:
outputs['local'] = {
'id': 'local',
'step': 100,
'data': f'{human_time()} 已构建完成忽略执行。'
}
else:
outputs['local'] = {
'id': 'local',
'step': 0,
'data': f'{human_time()} 建立连接... '
}
if req.deploy.extend == '2':
outputs['local'] = {
'id': 'local',
'step': 0,
'data': f'{human_time()} 建立连接... '
}
s_actions = json.loads(req.deploy.extend_obj.server_actions)
h_actions = json.loads(req.deploy.extend_obj.host_actions)
for item in h_actions:
if item.get('type') == 'transfer' and item.get(
'src_mode') == '0':
s_actions.append({'title': '执行打包'})
if not h_actions:
outputs = {'local': outputs['local']}
return json_response({
's_actions': s_actions,
'h_actions': h_actions,
'outputs': outputs
})
return json_response({'outputs': outputs})
def delete(self, request):
form, error = JsonParser(Argument('id', type=int,
help='请指定操作对象')).parse(request.GET)
if error is None:
deploy = Deploy.objects.filter(
host_ids__regex=fr'[^0-9]{form.id}[^0-9]').annotate(
app_name=F('app__name'), env_name=F('env__name')).first()
if deploy:
return json_response(
error=
f'应用【{deploy.app_name}】在【{deploy.env_name}】的发布配置关联了该主机,请解除关联后再尝试删除该主机'
)
task = Task.objects.filter(
targets__regex=fr'[^0-9]{form.id}[^0-9]').first()
if task:
return json_response(
error=f'任务计划中的任务【{task.name}】关联了该主机,请解除关联后再尝试删除该主机')
detection = Detection.objects.filter(type__in=('3', '4'),
addr=form.id).first()
if detection:
return json_response(
error=f'监控中心的任务【{detection.name}】关联了该主机,请解除关联后再尝试删除该主机')
role = Role.objects.filter(
host_perms__regex=fr'[^0-9]{form.id}[^0-9]').first()
if role:
return json_response(
error=f'角色【{role.name}】的主机权限关联了该主机,请解除关联后再尝试删除该主机')
Host.objects.filter(pk=form.id).update(
deleted_at=human_datetime(),
deleted_by=request.user,
)
return json_response(error=error)
def post(self, request):
form, error = JsonParser(
Argument('host_id', type=int, help='参数错误'),
Argument('instance_id', required=False),
Argument('os_name', help='请输入操作系统'),
Argument('cpu', type=int, help='请输入CPU核心数'),
Argument('memory', type=float, help='请输入内存大小'),
Argument('disk', type=list, filter=lambda x: len(x), help='请添加磁盘'),
Argument('private_ip_address',
type=list,
filter=lambda x: len(x),
help='请添加内网IP'),
Argument('public_ip_address', type=list, required=False),
Argument('instance_charge_type', default='Other'),
Argument('internet_charge_type', default='Other'),
Argument('created_time', required=False),
Argument('expired_time', required=False)).parse(request.body)
if error is None:
host = Host.objects.filter(pk=form.host_id).first()
form.disk = json.dumps(form.disk)
form.public_ip_address = json.dumps(
form.public_ip_address) if form.public_ip_address else '[]'
form.private_ip_address = json.dumps(form.private_ip_address)
form.updated_at = human_datetime()
form.os_type = check_os_type(form.os_name)
if hasattr(host, 'hostextend'):
extend = host.hostextend
extend.update_by_dict(form)
else:
extend = HostExtend.objects.create(host=host, **form)
return json_response(extend.to_view())
return json_response(error=error)
def post(self, request):
form, error = JsonParser(
Argument('id', type=int, required=False),
Argument('name', help='请输入任务名称'),
Argument('addr', help='请输入监控地址'),
Argument('type', filter=lambda x: x in dict(Detection.TYPES), help='请选择监控类型'),
Argument('extra', required=False),
Argument('desc', required=False),
Argument('rate', type=int, default=5),
Argument('threshold', type=int, default=3),
Argument('quiet', type=int, default=24 * 60),
Argument('notify_grp', type=list, help='请选择报警联系组'),
Argument('notify_mode', type=list, help='请选择报警方式'),
).parse(request.body)
if error is None:
form.notify_grp = json.dumps(form.notify_grp)
form.notify_mode = json.dumps(form.notify_mode)
if form.id:
Detection.objects.filter(pk=form.id).update(
updated_at=human_datetime(),
updated_by=request.user,
**form)
task = Detection.objects.filter(pk=form.id).first()
if task and task.is_active:
form.action = 'modify'
rds_cli = get_redis_connection()
rds_cli.rpush(settings.MONITOR_KEY, json.dumps(form))
else:
dtt = Detection.objects.create(created_by=request.user, **form)
form.action = 'add'
form.id = dtt.id
rds_cli = get_redis_connection()
rds_cli.rpush(settings.MONITOR_KEY, json.dumps(form))
return json_response(error=error)
def login(request):
form, error = JsonParser(Argument('username', help='请输入用户名'),
Argument('password', help='请输入密码'),
Argument('type')).parse(request.body)
if error is None:
user = User.objects.filter(username=form.username)
if form.type == 'ldap':
u = LDAP()
valid = u.valid_user(form.username, form.password)
if valid['status']:
user = user.filter(type='LDAP').first()
if user:
if not user.is_active:
return json_response(error="账户已被系统禁用")
if not user.role_id:
return json_response(error="LDAP用户角色未分配")
x_real_ip = request.headers.get('x-real-ip', '')
ret = handle_user_info(user, form.username, x_real_ip)
return json_response(ret)
x_real_ip = request.headers.get('x-real-ip', '')
form.access_token = uuid.uuid4().hex
form.nickname = form.username
form.token_expired = time.time() + 8 * 60 * 60
form.last_login = human_datetime()
form.last_ip = x_real_ip
form.type = 'LDAP'
form.pop('password')
User.objects.create(**form)
return json_response({
'access_token': form.access_token,
'nickname': form.username,
'is_supper': False,
'has_real_ip': True if x_real_ip else False,
'permissions': []
})
return json_response(error=valid['info'])
else:
user = user.filter(type='系统用户').first()
if user and user.deleted_by is None:
if not user.is_active:
return json_response(error="账户已被系统禁用")
if user.verify_password(form.password):
cache.delete(form.username)
x_real_ip = request.headers.get('x-real-ip', '')
ret = handle_user_info(user, form.username, x_real_ip)
return json_response(ret)
value = cache.get_or_set(form.username, 0, 86400)
if value >= 3:
if user and user.is_active:
user.is_active = False
user.save()
return json_response(error='账户已被系统禁用')
cache.set(form.username, value + 1, 86400)
return json_response(error="用户名或密码错误,连续多次错误账户将会被禁用")
return json_response(error=error)
def delete(self, request):
form, error = JsonParser(
Argument('host_list', type=list, help='请输入主机列表'),
).parse(request.GET)
if error is None and len(form.host_list) > 0:
for host in form.host_list:
Host.objects.filter(pk=host.get('id')).update(
deleted_at=human_datetime(),
deleted_by=request.user,
)
return json_response(error=error)
def delete(self, request):
form, error = JsonParser(Argument('id', type=int,
help='请指定操作对象')).parse(request.GET)
if error is None:
user = User.objects.filter(pk=form.id).first()
if user:
user.role_id = None
user.deleted_at = human_datetime()
user.deleted_by = request.user
user.save()
return json_response(error=error)
def delete(self, request):
form, error = JsonParser(Argument('id', type=int,
help='请指定操作对象')).parse(request.GET)
if error is None:
user = User.objects.filter(pk=form.id).first()
if user:
if user.type == 'ldap':
return json_response(error='ldap账户无法删除,请使用禁用功能来禁止该账户访问系统')
user.deleted_at = human_datetime()
user.deleted_by = request.user
user.save()
return json_response(error=error)
def _dispatch(self, task_id, command, targets):
output = {x: None for x in targets}
history = History.objects.create(
task_id=task_id,
status='0',
run_time=human_datetime(),
output=json.dumps(output)
)
Task.objects.filter(pk=task_id).update(latest_id=history.id)
rds_cli = get_redis_connection()
for t in targets:
rds_cli.rpush(SCHEDULE_WORKER_KEY, json.dumps([history.id, t, command]))
connections.close_all()
def post(self, request, t_id):
task = Task.objects.filter(pk=t_id).first()
if not task:
return json_response(error='未找到指定任务')
data = dispatch(task.command, json.loads(task.targets), True)
score = 0
for item in data:
score += 1 if item[1] else 0
history = History.objects.create(
task_id=t_id,
status=2 if score == len(data) else 1 if score else 0,
run_time=human_datetime(),
output=json.dumps(data))
return json_response(history.id)
def add_monitor(user, form):
form.notify_grp = json.dumps(form.notify_grp)
form.notify_mode = json.dumps(form.notify_mode)
if form.id:
Detection.objects.filter(pk=form.id).update(
updated_at=human_datetime(), updated_by=user, **form)
task = Detection.objects.filter(pk=form.id).first()
if task and task.is_active:
form.action = 'modify'
rds_cli = get_redis_connection()
rds_cli.lpush(settings.MONITOR_KEY, json.dumps(form))
return
elif form.deploy_id:
task = Detection.objects.filter(deploy_id=form.deploy_id).first()
if task:
form['id'] = task.id
Detection.objects.filter(pk=task.id).update(
updated_at=human_datetime(), updated_by=user, **form)
task = Detection.objects.filter(deploy_id=form.deploy_id).first()
if task and task.is_active:
form.action = 'modify'
form.rate = task.rate
rds_cli = get_redis_connection()
rds_cli.lpush(settings.MONITOR_KEY, json.dumps(form))
return
# 其它为新增
# 填充默认值
form['rate'] = form.get('rate') if form.get('rate') else 5
form['threshold'] = form.get('threshold') if form.get('threshold') else 20
form['quiet'] = form.get('quiet') if form.get('quiet') else 24 * 60
dtt = Detection.objects.create(created_by=user, **form)
form.action = 'add'
form.id = dtt.id
rds_cli = get_redis_connection()
rds_cli.lpush(settings.MONITOR_KEY, json.dumps(form))
def post(self, request):
form, error = JsonParser(
Argument('id', type=int, required=False),
Argument('type', help='请输入任务类型'),
Argument('name', help='请输入任务名称'),
Argument('command', help='请输入任务内容'),
Argument('rst_notify', type=dict, help='请选择执行失败通知方式'),
Argument('targets',
type=list,
filter=lambda x: len(x),
help='请选择执行对象'),
Argument('trigger',
filter=lambda x: x in dict(Task.TRIGGERS),
help='请选择触发器类型'),
Argument('trigger_args', help='请输入触发器参数'),
Argument('desc', required=False),
).parse(request.body)
if error is None:
form.targets = json.dumps(form.targets)
form.rst_notify = json.dumps(form.rst_notify)
if form.trigger == 'cron':
args = json.loads(form.trigger_args)['rule'].split()
if len(args) != 5:
return json_response(error='无效的执行规则,请更正后再试')
minute, hour, day, month, week = args
week = '0' if week == '7' else week
try:
CronTrigger(minute=minute,
hour=hour,
day=day,
month=month,
day_of_week=week)
except ValueError:
return json_response(error='无效的执行规则,请更正后再试')
if form.id:
Task.objects.filter(pk=form.id).update(
updated_at=human_datetime(),
updated_by=request.user,
**form)
task = Task.objects.filter(pk=form.id).first()
if task and task.is_active:
form.action = 'modify'
form.targets = json.loads(form.targets)
rds_cli = get_redis_connection()
rds_cli.lpush(settings.SCHEDULE_KEY, json.dumps(form))
else:
Task.objects.create(created_by=request.user, **form)
return json_response(error=error)
def do_task(request):
form, error = JsonParser(
Argument('host_ids', type=list, filter=lambda x: len(x), help='请选择执行主机'),
Argument('command', help='请输入执行命令内容'),
Argument('interpreter', default='sh'),
Argument('template_id', type=int, required=False)
).parse(request.body)
if error is None:
if not has_host_perm(request.user, form.host_ids):
return json_response(error='无权访问主机,请联系管理员')
token, rds = uuid.uuid4().hex, get_redis_connection()
for host in Host.objects.filter(id__in=form.host_ids):
data = dict(
key=host.id,
name=host.name,
token=token,
interpreter=form.interpreter,
hostname=host.hostname,
port=host.port,
username=host.username,
command=form.command,
pkey=host.private_key,
)
rds.rpush(settings.EXEC_WORKER_KEY, json.dumps(data))
form.host_ids.sort()
host_ids = json.dumps(form.host_ids)
tmp_str = f'{form.interpreter},{host_ids},{form.command}'
digest = hashlib.md5(tmp_str.encode()).hexdigest()
record = ExecHistory.objects.filter(user=request.user, digest=digest).first()
if form.template_id:
template = ExecTemplate.objects.filter(pk=form.template_id).first()
if not template or template.body != form.command:
form.template_id = None
if record:
record.template_id = form.template_id
record.updated_at = human_datetime()
record.save()
else:
ExecHistory.objects.create(
user=request.user,
digest=digest,
interpreter=form.interpreter,
template_id=form.template_id,
command=form.command,
host_ids=json.dumps(form.host_ids),
)
return json_response(token)
return json_response(error=error)
def post(self, request):
form, error = JsonParser(Argument('id', type=int, required=False),
Argument('name', help='请输入模版名称'),
Argument('type', help='请选择模版类型'),
Argument('body', help='请输入模版内容'),
Argument('desc',
required=False)).parse(request.body)
if error is None:
if form.id:
form.updated_at = human_datetime()
form.updated_by = request.user
ExecTemplate.objects.filter(pk=form.pop('id')).update(**form)
else:
form.created_by = request.user
ExecTemplate.objects.create(**form)
return json_response(error=error)
def handle_user_info(user, x_real_ip):
cache.delete(user.username)
token_isvalid = user.access_token and len(user.access_token) == 32 and user.token_expired >= time.time()
user.access_token = user.access_token if token_isvalid else uuid.uuid4().hex
user.token_expired = time.time() + 8 * 60 * 60
user.last_login = human_datetime()
user.last_ip = x_real_ip
user.save()
return json_response({
'access_token': user.access_token,
'nickname': user.nickname,
'is_supper': user.is_supper,
'has_real_ip': x_real_ip and ipaddress.ip_address(x_real_ip).is_global,
'host_perms': [] if user.is_supper else user.host_perms,
'permissions': [] if user.is_supper else user.page_perms
})
def handle_user_info(request, user, captcha):
cache.delete(user.username)
key = f'{user.username}:code'
if captcha:
code = cache.get(key)
if not code:
return json_response(error='验证码已失效,请重新获取')
if code != captcha:
ttl = cache.ttl(key)
cache.expire(key, ttl - 100)
return json_response(error='验证码错误')
cache.delete(key)
else:
mfa = AppSetting.get_default('MFA', {'enable': False})
if mfa['enable']:
if not user.wx_token:
return json_response(error='已启用登录双重认证,但您的账户未配置微信Token,请联系管理员')
code = generate_random_str(6)
send_login_wx_code(user.wx_token, code)
cache.set(key, code, 300)
return json_response({'required_mfa': True})
x_real_ip = get_request_real_ip(request.headers)
token_isvalid = user.access_token and len(
user.access_token) == 32 and user.token_expired >= time.time()
user.access_token = user.access_token if token_isvalid else uuid.uuid4(
).hex
user.token_expired = time.time() + 8 * 60 * 60
user.last_login = human_datetime()
user.last_ip = x_real_ip
user.save()
History.objects.create(user=user, ip=x_real_ip)
verify_ip = AppSetting.get_default('verify_ip', True)
return json_response({
'id':
user.id,
'access_token':
user.access_token,
'nickname':
user.nickname,
'is_supper':
user.is_supper,
'has_real_ip':
x_real_ip and ipaddress.ip_address(x_real_ip).is_global
if verify_ip else True,
'permissions': [] if user.is_supper else list(user.page_perms)
})
def handle_user_info(user, username, x_real_ip):
cache.delete(username)
token_isvalid = user.access_token and len(
user.access_token) == 32 and user.token_expired >= time.time()
user.access_token = user.access_token if token_isvalid else uuid.uuid4(
).hex
user.token_expired = time.time() + 8 * 60 * 60
user.last_login = human_datetime()
user.last_ip = x_real_ip
user.save()
return {
'access_token': user.access_token,
'nickname': user.nickname,
'is_supper': user.is_supper,
'has_real_ip': True if x_real_ip else False,
'permissions': [] if user.is_supper else user.page_perms
}
def post(self, request):
form, error = JsonParser(
Argument('id', type=int, required=False),
Argument('name', help='请输入任务名称'),
Argument('group', help='请选择任务分组'),
Argument('targets',
type=list,
filter=lambda x: len(x),
help='请输入监控地址'),
Argument('type',
filter=lambda x: x in dict(Detection.TYPES),
help='请选择监控类型'),
Argument('extra', required=False),
Argument('desc', required=False),
Argument('rate', type=int, default=5),
Argument('threshold', type=int, default=3),
Argument('quiet', type=int, default=24 * 60),
Argument('notify_grp', type=list, help='请选择报警联系组'),
Argument('notify_mode', type=list, help='请选择报警方式'),
).parse(request.body)
if error is None:
if set(form.notify_mode).intersection(['1', '2', '4']):
if not AppSetting.get_default('spug_key'):
return json_response(
error='报警方式 微信、短信、邮件需要配置调用凭据(系统设置/基本设置),请配置后再启用该报警方式。')
form.targets = json.dumps(form.targets)
form.notify_grp = json.dumps(form.notify_grp)
form.notify_mode = json.dumps(form.notify_mode)
if form.id:
Detection.objects.filter(pk=form.id).update(
updated_at=human_datetime(),
updated_by=request.user,
**form)
task = Detection.objects.filter(pk=form.id).first()
if task and task.is_active:
form.action = 'modify'
rds_cli = get_redis_connection()
rds_cli.lpush(settings.MONITOR_KEY, json.dumps(form))
else:
dtt = Detection.objects.create(created_by=request.user, **form)
form.action = 'add'
form.id = dtt.id
rds_cli = get_redis_connection()
rds_cli.lpush(settings.MONITOR_KEY, json.dumps(form))
return json_response(error=error)
def patch(self, request, r_id):
form, error = JsonParser(Argument('reason', required=False),
Argument('is_pass', type=bool,
help='参数错误')).parse(request.body)
if error is None:
req = DeployRequest.objects.filter(pk=r_id).first()
if not req:
return json_response(error='未找到指定申请')
if not form.is_pass and not form.reason:
return json_response(error='请输入驳回原因')
if req.status != '0':
return json_response(error='该申请当前状态不允许审核')
req.approve_at = human_datetime()
req.approve_by = request.user
req.status = '1' if form.is_pass else '-1'
req.reason = form.reason
req.save()
return json_response(error=error)
def login(request):
form, error = JsonParser(Argument('username', help='请输入用户名'),
Argument('password',
help='请输入密码')).parse(request.body)
if error is None:
user = User.objects.filter(username=form.username).first()
if user:
if not user.is_active:
return json_response(error="账户已被禁用")
if user.verify_password(form.password):
cache.delete(form.username)
x_real_ip = request.headers.get('x-real-ip', '')
token_isvalid = user.access_token and len(
user.access_token
) == 32 and user.token_expired >= time.time()
user.access_token = user.access_token if token_isvalid else uuid.uuid4(
).hex
user.token_expired = time.time() + 8 * 60 * 60
user.last_login = human_datetime()
user.last_ip = x_real_ip
user.save()
return json_response({
'access_token':
user.access_token,
'nickname':
user.nickname,
'is_supper':
user.is_supper,
'has_real_ip':
True if x_real_ip else False,
'permissions': [] if user.is_supper else user.page_perms
})
value = cache.get_or_set(form.username, 0, 86400)
if value >= 3:
if user and user.is_active:
user.is_active = False
user.save()
return json_response(error='账户已被禁用')
cache.set(form.username, value + 1, 86400)
return json_response(error="用户名或密码错误,连续多次错误账户将会被禁用")
return json_response(error=error)
def _dispatch(self, task_id, tp, targets, extra, threshold, quiet):
Detection.objects.filter(pk=task_id).update(latest_run_time=human_datetime())
rds_cli = get_redis_connection()
for t in json.loads(targets):
rds_cli.rpush(MONITOR_WORKER_KEY, json.dumps([task_id, tp, t, extra, threshold, quiet]))
connections.close_all()
