def post(self):
try:
req_msg = self.parse_request()
if 'username' not in req_msg:
raise ValueError('username is empty')
except Exception as err:
self.render_json(msg=utils.safestr(err.message))
return
username = req_msg['username']
account = self.db.query(models.ResAccount).filter_by(account_number=username)
if not account:
self.render_json(code=1, msg='user {0} not exists'.format(username))
passwd = utils.decrypt(account.password)
result = dict(
code=0,
msg='success',
username=username,
passwd=passwd,
input_rate=4194304,
output_rate=4194304,
attrs={
"Session-Timeout" : 3600,
"Acct-Interim-Interval": 300
}
)
sign = api_base.mksign(self.settings.config.defaults.secret, result.values())
result['sign'] = sign
self.render_json(**result)
def post(self):
try:
req_msg = self.parse_request()
if 'nasaddr' not in req_msg:
raise ValueError("nasaddr is empty")
except Exception as err:
self.render_json(code=1, msg=utils.safestr(err.message))
return
nasaddr = req_msg['nasaddr']
nas = self.db.query(models.TraBas).filter_by(ip_addr=nasaddr).first()
if not nas:
self.render_json(code=1, msg='nas {0} not exists'.format(nasaddr))
return
api_addr = self.settings.config.admin.api_addr
api_port = self.settings.config.admin.port
result = {
'code' : 0,
'msg' : 'ok',
'ipaddr' : nasaddr,
'secret' : nas.bas_secret,
'vendor_id' : nas.vendor_id,
'coa_port' : int(nas.coa_port or 3799),
'ac_port' : int(nas.ac_port or 2000),
'api_secret' : self.settings.config.defaults.secret,
'api_auth_url': "http://{0}:{1}/api/authorize".format(api_addr,api_port),
'api_acct_url': "http://{0}:{1}/api/acctounting".format(api_addr, api_port),
'nonce' : str(int(time.time())),
}
result['sign'] = api_base.mksign(self.settings.config.defaults.secret, result.values())
self.render_json(**result)
def post(self):
try:
req_msg = self.parse_request()
except Exception as err:
self.render_json(msg=safestr(err.message))
return
ostypes = [(it.os_name, it.dev_type, it.match_rule) for it in self.db.query(models.TraOSTypes)]
self.render_json(code=0, msg='success', rules=ostypes)
def post(self):
try:
req_msg = self.parse_request()
except Exception as err:
self.render_json(msg=safestr(err.message))
return
result = self.query_tpl_by_ssid(req_msg.get('ssid'))
self.render_json(**result)
def post(self):
try:
req_msg = self.parse_request()
except Exception as err:
self.render_json(msg=safestr(err.message))
return
ssid = req_msg.get('ssid')
gwid = req_msg.get('gwid')
if ssid:
self.render_json(**self.query_domain_by_ssid(ssid))
elif gwid:
self.render_json(**self.query_domain_by_gwid(gwid))
def get_error_html(self, status_code=500, **kwargs):
self.syslog.error("http error : [status_code:{0}], {1}".format(status_code, utils.safestr(kwargs)))
if self.request.headers.get('X-Requested-With') == 'XMLHttpRequest':
return self.render_json(code=1, msg=u"%s:服务器处理失败,请联系管理员" % status_code)
if status_code == 404:
return self.render_string("error.html", msg=u"404:页面不存在")
elif status_code == 403:
return self.render_string("error.html", msg=u"403:非法的请求")
elif status_code == 500:
self.syslog.error(traceback.format_exc())
return self.render_string("error.html", msg=u"500:服务器处理失败,请联系管理员")
else:
return self.render_string("error.html", msg=u"%s:服务器处理失败,请联系管理员" % status_code)
def parse_request(self):
try:
msg_src = self.request.body
if self.settings.debug:
log.msg("[api debug] :::::::: (%s) request body : %s" % (self.request.path, utils.safestr(msg_src)))
req_msg = json.loads(msg_src)
except Exception as err:
log.err('parse params error %s' % utils.safestr(err))
raise ValueError("parse params error")
if not check_sign(self.settings.config.defaults.secret, req_msg):
raise ValueError("message sign error")
return req_msg
def check_sign(secret, msg,debug=True):
""" 校验消息签名
:param secret:
:param msg: dict type data
:return: :rtype: boolean
"""
if "sign" not in msg:
return False
sign = msg['sign']
params = [safestr(msg[k]) for k in msg if k != 'sign']
local_sign = mksign(secret, params)
if debug:
log.msg("[check_sign] ::::::: remote_sign = %s ,local_sign = %s" % (sign, local_sign), level=logging.DEBUG)
return sign == local_sign
def mksign(secret, params=[], debug=True):
""" 生成消息签名
:param secret:
:param params:
:param debug:
:return: :rtype:
"""
_params = [safestr(p) for p in params if p is not None]
_params.sort()
_params.insert(0, secret)
strs = ''.join(_params)
if debug:
log.msg("[mksign] ::::::: sign_src = %s" % strs)
mds = md5(strs.encode()).hexdigest()
return mds.upper()
def post(self):
try:
req_msg = self.parse_request()
except Exception as err:
self.render_json(msg=safestr(err.message))
return
name = req_msg.get('name')
ipaddr = req_msg.get('ipaddr') or self.request.remote_ip
# check radius exists
radius = self.db.query(models.TraRadius).filter_by(name=name, ip_addr=ipaddr).first()
if not radius:
return self.render_json(code=100, msg=u'radius node <{0}> not exists'.format(ipaddr))
else:
radius.last_check = utils.get_currtime()
self.db.commit()
return self.render_json(code=0, msg=u'pong')
def post(self):
try:
req_msg = self.parse_request()
if 'username' not in req_msg:
raise ValueError('username is empty')
except Exception as err:
self.render_json(msg=utils.safestr(err.message))
return
username = req_msg['username']
result = dict(
code=0,
msg=u'success',
username=username
)
sign = api_base.mksign(self.settings.config.defaults.secret, result.values())
result['sign'] = sign
self.render_json(**result)
def post(self):
try:
req_msg = self.parse_request()
except Exception as err:
self.render_json(msg=safestr(err.message))
return
policy_server = self.get_active_policy_server()
if not policy_server:
return dict(code=1,msg='error')
result = dict(
code=0,
msg='success',
policy_server=policy_server.policy_server_ip,
auth_port=policy_server.policy_auth_port,
acct_port=policy_server.policy_acct_port,
secret=policy_server.secret
)
self.render_json(**result)
def render_json(self, **template_vars):
if not template_vars.has_key("code"):
template_vars["code"] = 0
resp = json.dumps(template_vars, ensure_ascii=False)
if self.settings.debug:
log.msg("[api debug] :::::::: %s response body: %s" % (self.request.path, utils.safestr(resp)))
self.write(resp)
def post(url,data=None,**kwargs):
return treq.post(url, data=safestr(data), pool=pool,data_to_body_producer=StringProducer,**kwargs)
