def event_toughcloud_sms_account_open(self, userinfo):
""" toughCloud sms api open notify event """
if not userinfo:
return
if not userinfo.get('phone'):
logger.error('user phone is None exit')
return
api_secret = self.get_param_value("toughcloud_license")
api_token = yield tools.get_sys_token()
params = dict(token=api_token.strip(),
action='sms',
tplname=self.SMS_TPLNAME,
phone=userinfo.get('phone'),
customer=utils.safestr(userinfo.get('realname')),
username=userinfo.get('account_number'),
product=utils.safestr(userinfo.get('product_name')),
password=userinfo.get('password'),
expire=userinfo.get('expire_date'),
nonce=str(int(time.time())))
params['sign'] = apiutils.make_sign(api_secret.strip(),
params.values())
try:
resp = yield httpclient.fetch(self.SMS_APIURL,
postdata=urlencode(params))
logger.info(resp.body)
logger.info('open account send short message success')
except Exception as err:
logger.exception(err)
def disconnect(self):
try:
is_chap = self.settings.config.portal.chap in (1, "1", "chap")
userIp = self.current_user.ipaddr
nas = self.get_nas(self.current_user.nasaddr)
ac_addr = nas['ip_addr']
ac_port = int(nas['ac_port'])
secret = utils.safestr(nas['bas_secret'])
_vendor = utils.safestr(nas['portal_vendor'])
if _vendor not in ('cmccv1', 'cmccv2', 'huaweiv1', 'huaweiv2'):
defer.returnValue("not support vendor %s" % _vendor)
send_portal = functools.partial(client.send,
secret,
log=self.syslog,
debug=self.settings.debug,
vendor=_vendor)
vendor = client.PortalClient.vendors.get(_vendor)
logout_req = vendor.proto.newReqLogout(userIp,
secret,
chap=is_chap)
logout_resp = yield send_portal(data=logout_req,
host=ac_addr,
port=ac_port)
if logout_resp.errCode > 0:
_err_msg = u"{0},{1}".format(
vendor.mod.AckLogoutErrs[logout_resp.errCode],
utils.safeunicode(logout_resp.get_text_info()[0] or ""))
logger.error(_err_msg)
defer.returnValue("disconnect done!")
except Exception as err:
defer.returnValue(err)
def event_toughcloud_mail_account_open(self, userinfo):
""" toughCloud mail api open notify without password event """
if not userinfo:
return
if not userinfo.get('email'):
logger.error('user email is None exit')
return
try:
api_secret = self.get_param_value("toughcloud_license")
service_mail = self.get_param_value("toughcloud_service_mail")
if not service_mail:
return
api_token = yield tools.get_sys_token()
params = dict(token=api_token.strip(),
action='email',
mailto=userinfo.get('email'),
tplname=self.MAIL_TPLNAME,
customer=utils.safestr(userinfo.get('realname')),
username=userinfo.get('account_number'),
product=utils.safestr(userinfo.get('product_name')),
expire=userinfo.get('expire_date'),
service_call=self.get_param_value(
"toughcloud_service_call", ''),
service_mail=service_mail,
nonce=str(int(time.time())))
params['sign'] = apiutils.make_sign(api_secret.strip(),
params.values())
resp = yield httpclient.fetch(self.MAIL_APIURL,
postdata=urlencode(params))
logger.info(resp.body)
logger.info('open account send email without password success')
except Exception as err:
logger.exception(err)
def post(self):
# if FeedbackHandler.last_send == 0:
# FeedbackHandler.last_send = time.time()
# elif (time.time() - FeedbackHandler.last_send) < 10:
# rsec = int(10 - (time.time() - FeedbackHandler.last_send))
# return self.render_json(code=0,msg=u"发送间隔为10秒,请再等待 %s 秒"% rsec)
topic = self.get_argument("topic","")
email = self.get_argument("email","")
if not topic or len(topic.strip()) == 0:
self.render_json(code=0,msg=u"描述不能为空")
return
if len(topic.strip()) > 90:
self.render_json(code=0,msg=u"描述不能大于90个字符")
return
service_url = '%s/service/feedback'%self.settings.config.system.service_url
param_data = dict(
topic=utils.safestr(topic),
email=email,
uuid=get_uuid(),
license=self.settings.config.system.license,
content=utils.safestr(self.warp_content())
)
resp = yield httpclient.post(service_url.encode('utf-8'), data=param_data)
content = yield resp.content()
self.write(content)
def event_toughcloud_sms_account_open(self, userinfo):
""" toughCloud sms api open notify event """
if not userinfo:
return
if not userinfo.get('phone'):
logger.error('user phone is None exit')
return
api_secret = self.get_param_value("toughcloud_license")
api_token = yield tools.get_sys_token()
params = dict(
token=api_token.strip(),
action='sms',
tplname=self.SMS_TPLNAME,
phone=userinfo.get('phone'),
customer=utils.safestr(userinfo.get('realname')),
username=userinfo.get('account_number'),
product=utils.safestr(userinfo.get('product_name')),
password=userinfo.get('password'),
expire=userinfo.get('expire_date'),
nonce=str(int(time.time()))
)
params['sign'] = apiutils.make_sign(api_secret.strip(), params.values())
try:
resp = yield httpclient.fetch(self.SMS_APIURL, postdata=urlencode(params))
logger.info(resp.body)
logger.info('open account send short message success')
except Exception as err:
logger.exception(err)
def event_toughcloud_mail_account_expire(self, userinfo):
""" toughcloud mail api notify event """
if not userinfo:
return
api_secret = self.get_param_value("toughcloud_license")
service_mail = self.get_param_value("toughcloud_service_mail")
if not service_mail:
return
api_token = yield tools.get_sys_token()
params = dict(token=api_token.strip(),
mailto=userinfo.email,
tplname=self.MAIL_TPLNAME,
customer=utils.safestr(userinfo.realname),
username=userinfo.account_number,
product=utils.safestr(userinfo.product_name),
expire=userinfo.expire_date,
service_call=self.get_param_value(
"toughcloud_service_call", ''),
service_mail=service_mail,
nonce=str(int(time.time())))
params['sign'] = apiutils.make_sign(api_secret.strip(),
params.values())
try:
resp = yield httpclient.fetch(self.MAIL_APIURL,
postdata=urlencode(params))
logger.info(resp.body)
except Exception as err:
logger.exception(err)
def disconnect(self):
try:
is_chap=self.settings.config.portal.chap in (1, "1", "chap")
userIp = self.current_user.ipaddr
nas = self.get_nas(self.current_user.nasaddr)
ac_addr = nas['ip_addr']
ac_port = int(nas['ac_port'])
secret = utils.safestr(nas['bas_secret'])
_vendor= utils.safestr(nas['portal_vendor'])
if _vendor not in ('cmccv1','cmccv2','huaweiv1','huaweiv2'):
defer.returnValue("not support vendor %s"%_vendor)
send_portal = functools.partial(
client.send,
secret,
log=self.syslog,
debug=self.settings.debug,
vendor=_vendor
)
vendor = client.PortalClient.vendors.get(_vendor)
logout_req = vendor.proto.newReqLogout(userIp, secret,chap=is_chap)
logout_resp = yield send_portal(data=logout_req, host=ac_addr, port=ac_port)
if logout_resp.errCode > 0:
_err_msg=u"{0},{1}".format(
vendor.mod.AckLogoutErrs[logout_resp.errCode],
utils.safeunicode(logout_resp.get_text_info()[0] or "")
)
logger.error( _err_msg)
defer.returnValue("disconnect done!")
except Exception as err:
defer.returnValue(err)
def event_toughcloud_mail_account_open(self, userinfo):
""" toughCloud mail api open notify without password event """
if not userinfo:
return
if not userinfo.get('email'):
logger.error('user email is None exit')
return
try:
api_secret = self.get_param_value("toughcloud_license")
service_mail = self.get_param_value("toughcloud_service_mail")
if not service_mail:
return
api_token = yield tools.get_sys_token()
params = dict(
token=api_token.strip(),
action='email',
mailto=userinfo.get('email'),
tplname=self.MAIL_TPLNAME,
customer=utils.safestr(userinfo.get('realname')),
username=userinfo.get('account_number'),
product=utils.safestr(userinfo.get('product_name')),
expire=userinfo.get('expire_date'),
service_call=self.get_param_value("toughcloud_service_call", ''),
service_mail=service_mail,
nonce=str(int(time.time()))
)
params['sign'] = apiutils.make_sign(api_secret.strip(), params.values())
resp = yield httpclient.fetch(self.MAIL_APIURL, postdata=urlencode(params))
logger.info(resp.body)
logger.info('open account send email without password success')
except Exception as err:
logger.exception(err)
def event_toughcloud_mail_account_expire(self, userinfo):
""" toughcloud mail api notify event """
if not userinfo:
return
api_secret = self.get_param_value("toughcloud_license")
service_mail=self.get_param_value("toughcloud_service_mail")
if not service_mail:
return
api_token = yield tools.get_sys_token()
params = dict(
token=api_token.strip(),
mailto=userinfo.email,
tplname=self.MAIL_TPLNAME,
customer=utils.safestr(userinfo.realname),
username=userinfo.account_number,
product=utils.safestr(userinfo.product_name),
expire=userinfo.expire_date,
service_call=self.get_param_value("toughcloud_service_call",''),
service_mail=service_mail,
nonce = str(int(time.time()))
)
params['sign'] = apiutils.make_sign(api_secret.strip(), params.values())
try:
resp = yield httpclient.fetch(self.MAIL_APIURL, postdata=urlencode(params))
logger.info(resp.body)
except Exception as err:
logger.exception(err)
def add_mail_alert(self, mailto, content):
db = self.mdb['nagios_alerts']
coll = db['alerts']
data = dict(alert_type='mail',
target=utils.safestr(mailto),
content=utils.safestr(content),
sendtime=time.time())
coll.insert(data)
def add_mail_alert(self,mailto,content):
db = self.mdb['nagios_alerts']
coll = db['alerts']
data = dict(
alert_type = 'mail',
target = utils.safestr(mailto),
content = utils.safestr(content),
sendtime = time.time()
)
coll.insert(data)
def process(self, msgid, message):
self.syslog.info("accept auth message @ %s : %r" % (self.listen, utils.safeunicode(message)))
@self.cache.cache(expire=600)
def get_account_by_username(username):
return self.db.query(models.TrAccount).filter_by(account_number=username).first()
@self.cache.cache(expire=600)
def get_product_by_id(product_id):
return self.db.query(models.TrProduct).filter_by(id=product_id).first()
try:
req_msg = apiutils.parse_request(self.secret, message)
if req_msg.get("action") == 'ping':
return self.agent.reply(msgid, apiutils.make_message(self.secret,code=0))
if 'username' not in req_msg:
raise ValueError('username is empty')
except Exception as err:
resp = apiutils.make_message(self.secret, code=1, msg=utils.safestr(err.message))
self.agent.reply(msgid, resp)
return
try:
username = req_msg['username']
account = get_account_by_username(username)
if not account:
apiutils.make_message(self.secret, code=1, msg=u'user {0} not exists'.format(utils.safeunicode(username)))
self.agent.reply(msgid, resp)
return
passwd = self.app.aes.decrypt(account.password)
product = get_product_by_id(account.product_id)
result = dict(
code=0,
msg='success',
username=username,
passwd=passwd,
input_rate=product.input_max_limit,
output_rate=product.output_max_limit,
attrs={
"Session-Timeout" : 86400,
"Acct-Interim-Interval": 300
}
)
resp = apiutils.make_message(self.secret, **result)
self.agent.reply(msgid, resp)
self.syslog.info("send auth response %r" % (utils.safeunicode(resp)))
except Exception as err:
self.syslog.error(u"api authorize error %s" % utils.safeunicode(err.message))
resp = apiutils.make_message(self.secret, code=1, msg=utils.safestr(err.message))
return self.agent.reply(msgid, resp)
def make_sign(self, secret, params=[]):
""" make sign
:param params: params list
:return: :rtype:
"""
_params = [utils.safestr(p) for p in params if p is not None]
_params.sort()
_params.insert(0, secret)
strs = ''.join(_params)
# if self.settings.debug:
# log.msg("sign_src = %s" % strs, level=logging.DEBUG)
mds = md5(utils.safestr(strs)).hexdigest()
return mds.upper()
def make_sign(self, secret, params=[]):
""" make sign
:param params: params list
:return: :rtype:
"""
_params = [utils.safestr(p) for p in params if p is not None]
_params.sort()
_params.insert(0, secret)
strs = ''.join(_params)
# if self.settings.debug:
# log.msg("sign_src = %s" % strs, level=logging.DEBUG)
mds = md5(utils.safestr(strs)).hexdigest()
return mds.upper()
def event_webhook_account_expire(self, userinfo):
"""webhook notify event """
notify_url = self.get_param_value("expire_notify_url")
if not notify_url:
return
url = notify_url.replace('{account}',userinfo.account_number)
url = url.replace('{customer}',utils.safestr(userinfo.realname))
url = url.replace('{expire}',userinfo.expire_date)
url = url.replace('{email}',userinfo.email)
url = url.replace('{mobile}',userinfo.mobile)
url = url.replace('{product}',utils.safestr(userinfo.product_name))
url = url.encode('utf-8')
url = quote(url,":?=/&")
return httpclient.fetch(url).addCallbacks(lambda r: logger.info(r.body),logger.exception)
def event_webhook_account_expire(self, userinfo):
"""webhook notify event """
notify_url = self.get_param_value("expire_notify_url")
if not notify_url:
return
url = notify_url.replace('{account}', userinfo.account_number)
url = url.replace('{customer}', utils.safestr(userinfo.customer))
url = url.replace('{expire}', userinfo.expire_date)
url = url.replace('{email}', userinfo.email)
url = url.replace('{mobile}', userinfo.mobile)
url = url.replace('{product}', utils.safestr(userinfo.product_name))
url = url.encode('utf-8')
url = quote(url, ":?=/&")
return httpclient.fetch(url).addCallbacks(
lambda r: logger.info(r.body), logger.exception)
def post(self):
try:
req_msg = self.parse_request()
except Exception as err:
self.render_json(code=1, msg=safestr(err.message))
return
session_id = req_msg.get("session_id")
if not session_id:
self.render_json(code=1, msg="session_id is empty")
session = self.db.query(models.TrwOnline).filter_by(session_id=session_id)
result = dict(
username=session.username,
nas_addr=session.nas_addr,
session_id=session_id,
start_time=session.start_time,
ipaddr=session.ipaddr,
macaddr=session.macaddr,
input_total=session.input_total,
output_total=session.output_total
)
self.render_json(code=0, msg="success", data=result)
def render_json(self, **template_vars):
if not template_vars.has_key("code"):
template_vars["code"] = 0
resp = json.dumps(template_vars, ensure_ascii=False)
if self.settings.debug:
logger.debug("[api debug] :: %s response body: %s" % (self.request.path, utils.safestr(resp)))
self.write(resp)
def post(self):
try:
req_msg = self.parse_request()
except Exception as err:
self.render_json(code=1, msg=safestr(err.message))
return
session_id = req_msg.get("session_id")
if not session_id:
self.render_json(code=1, msg="session_id is empty")
session = self.db.query(models.TrwOnline).filter_by(session_id=session_id)
result = dict(
username=session.username,
nas_addr=session.nas_addr,
session_id=session_id,
start_time=session.start_time,
ipaddr=session.ipaddr,
macaddr=session.macaddr,
input_total=session.input_total,
output_total=session.output_total,
)
self.render_json(code=0, msg="success", data=result)
def get(self, *args, **kwargs):
logger.info(utils.safeunicode(self.request.query))
wlan_params = {
"wlanuserip": self.get_argument("userip", self.request.remote_ip),
"ispcode": self.get_argument("ispcode", "default"),
"wlanusername": self.get_argument("username","test"),
"wlanacip": self.settings.config.acagent.nasaddr,
"ssid": self.get_argument("ssid","default"),
"wlanusermac": self.get_argument("wlanusermac","00-00-00-00-00"),
"wlanapmac": self.get_argument("wlanapmac","00-00-00-00-00"),
"wlanuserfirsturl": self.get_argument("wlanuserfirsturl","/portal/index"),
"callback": self.get_argument("callback",""),
"vendortype" : self.get_argument("vendortype",""),
}
logger.info(utils.safeunicode(wlan_params))
if wlan_params['vendortype'] == 'routeros':
logger.info("Forward to RouterOS Portal Login")
self.forward_ros(wlan_params)
return
elif wlan_params['vendortype'] == 'ikuai':
logger.info("Forward to RouterOS ikuai Login")
self.forward_ikuai(wlan_params)
return
logger.info("callback_cache_%s" % utils.safeunicode(wlan_params['wlanuserip']))
self.application.mcache.set(
"callback_cache_%s" % utils.safestr(wlan_params['wlanuserip']),wlan_params['callback'],300)
url = self.settings.config.acagent.portal_login.format(**wlan_params)
logger.info("portal forward to : %s" % url)
self.redirect(url, permanent=False)
def post(self):
self.settings.config['system']['debug'] = int(
self.get_argument("debug"))
self.settings.config['system']['tz'] = utils.safestr(
self.get_argument("tz"))
self.settings.config.save()
self.redirect("/config?active=default")
def process(self, msgid, message):
self.syslog.info("accept acct message @ %s : %r" % (self.listen, utils.safeunicode(message)))
try:
req_msg = apiutils.parse_request(self.secret, message)
if req_msg.get("action") == 'ping':
return self.agent.reply(msgid, apiutils.make_message(self.secret,code=0))
except Exception as err:
resp = apiutils.make_message(self.secret, code=1, msg=utils.safestr(err.message))
self.agent.reply(msgid, resp)
return
def event_toughcloud_mail_account_expire(self, userinfo):
""" toughcloud mail api notify event """
api_secret = self.get_param_value("toughcloud_api_secret", "")
if not userinfo:
return
params = dict(sid=tools.get_sys_uuid(),
tplname=self.MAIL_TPLNAME,
customer=utils.safestr(userinfo.realname),
username=userinfo.account_number,
product=utils.safestr(userinfo.product_name),
expire=userinfo.expire_date,
service_call=self.get_param_value("service_call", ''),
service_mail=self.get_param_value("service_mail", ''),
nonce=str(int(time.time())))
params['sign'] = apiutils.make_sign(api_secret, params.values())
d = httpclient.fetch(self.MAIL_APIURL, postdata=urlencode(params))
d.addCallback(lambda r: logger.info(r.body)).addErrback(
logger.exception)
return d
def get_error_html(self, status_code=500, **kwargs):
self.syslog.error("http error : [status_code:{0}], {1}".format(status_code, utils.safestr(kwargs)))
if status_code == 404:
return self.render_string("error.html", msg=u"404:页面不存在")
elif status_code == 403:
return self.render_string("error.html", msg=u"403:非法的请求")
elif status_code == 500:
return self.render_string("error.html", msg=u"500:服务器处理失败,请联系管理员")
else:
return self.render_string("error.html", msg=u"%s:服务器处理失败,请联系管理员" % status_code)
def explode_list(msg, blist):
for n1 in msg:
if isinstance(msg[n1], dict):
explode_list(msg[n1], blist)
elif isinstance(msg[n1], list):
for n2 in msg[n1]:
explode_list(n2, blist)
else:
if n1 != 'sign':
blist.append(utils.safestr(msg[n1]))
def explode_list(msg, blist):
for n1 in msg:
if isinstance(msg[n1], dict):
explode_list(msg[n1], blist)
elif isinstance(msg[n1], list):
for n2 in msg[n1]:
explode_list(n2, blist)
else:
if n1 != 'sign':
blist.append(utils.safestr(msg[n1]))
def event_toughcloud_mail_account_expire(self, userinfo):
""" toughcloud mail api notify event """
api_secret = self.get_param_value("toughcloud_api_secret","")
if not userinfo:
return
params = dict(
sid=tools.get_sys_uuid(),
tplname=self.MAIL_TPLNAME,
customer=utils.safestr(userinfo.realname),
username=userinfo.account_number,
product=utils.safestr(userinfo.product_name),
expire=userinfo.expire_date,
service_call=self.get_param_value("service_call",''),
service_mail=self.get_param_value("service_mail",''),
nonce = str(int(time.time()))
)
params['sign'] = apiutils.make_sign(api_secret, params.values())
d = httpclient.fetch(self.MAIL_APIURL, postdata=urlencode(params))
d.addCallback(lambda r:logger.info(r.body)).addErrback(logger.exception)
return d
def get_error_html(self, status_code=500, **kwargs):
logger.info("http error : [status_code:{0}], {1}".format(
status_code, utils.safestr(kwargs)))
if status_code == 404:
return self.render_string("error.html", msg=u"404:页面不存在")
elif status_code == 403:
return self.render_string("error.html", msg=u"403:非法的请求")
elif status_code == 500:
return self.render_string("error.html", msg=u"500:服务器处理失败,请联系管理员")
else:
return self.render_string("error.html",
msg=u"%s:服务器处理失败,请联系管理员" % status_code)
class PortalListen(protocol.DatagramProtocol):
actions = {}
def __init__(self, config, dbengine=None, log=None):
self.syslog = log or logger.Logger(config)
self.dbengine = dbengine
self.config = config
self.mcache = redis_cache.CacheManager(
redis_conf(config), cache_name='ToughWlanPortald-%s' % os.getpid())
# self.vendor = PortalListen.vendors.get(config.portal.vendor)
# self.actions = {
# self.vendor.mod.NTF_LOGOUT : self.doAckNtfLogout
# }
reactor.callLater(3.0, self.init_task)
def get_nas(self, ip_addr):
def fetch_result():
table = models.TrwBas.__table__
with self.db_engine.begin() as conn:
return conn.execute(
table.select().where(table.c.ip_addr == ip_addr)).first()
return self.mcache.aget(ac_cache_key(ip_addr),
fetch_result,
expire=600)
def init_task(self):
_task = task.LoopingCall(self.send_ntf_heart)
_task.start(self.config.portal.ntf_heart)
def send_ntf_heart(self):
pass
# host,port = self.ac1[0], int(self.ac1[1])
# req = self.vendor.Portal.newNtfHeart(self.config.portal.secret,host)
# if self.debug:
# pass
# # self.syslog.info("Send NTF_HEARTBEAT to %s:%s: %s" % (host,port,repr(req)))
# try:
# self.transport.write(str(req), (host,port))
# except:
# pass
def doAckNtfLogout(self, req, vendor, secret, (host, port)):
resp = vendor.proto.newMessage(vendor.ACK_NTF_LOGOUT, req.userIp,
req.serialNo, req.reqId, str(secret))
try:
logger.info("Send portal packet to %s:%s: %s" %
(host, port, utils.safestr(req)))
self.transport.write(str(resp), (host, port))
except:
pass
def post(self):
try:
req_msg = self.parse_request()
except Exception as err:
self.render_json(code=1, msg=safestr(err.message))
return
session_id = req_msg.get("session_id")
if not session_id:
self.render_json(code=1, msg="session_id is empty")
self.db.query(models.TrwOnline).filter_by(session_id=session_id).delete()
self.render_json(code=0, msg="success")
def post(self):
try:
req_msg = self.parse_request()
except Exception as err:
self.render_json(code=1, msg=safestr(err.message))
return
session_id = req_msg.get("session_id")
if not session_id:
self.render_json(code=1, msg="session_id is empty")
self.db.query(models.TrwOnline).filter_by(session_id=session_id).delete()
self.render_json(code=0, msg="success")
def render_string(self, template_name, **template_vars):
template_vars["xsrf_form_html"] = self.xsrf_form_html
template_vars["current_user"] = self.current_user
template_vars["login_time"] = self.get_secure_cookie("portal_logintime")
template_vars["request"] = self.request
template_vars["requri"] = "{0}://{1}".format(self.request.protocol, self.request.host)
template_vars["handler"] = self
template_vars["utils"] = utils
try:
mytemplate = self.tp_lookup.get_template(template_name)
return mytemplate.render(**template_vars)
except Exception as err:
self.syslog.error("Render template error {0}".format(utils.safestr(err)))
raise
def process(self, msgid, message):
self.syslog.info("accept acct message @ %s : %r" %
(self.listen, utils.safeunicode(message)))
try:
req_msg = apiutils.parse_request(self.secret, message)
if req_msg.get("action") == 'ping':
return self.agent.reply(
msgid, apiutils.make_message(self.secret, code=0))
except Exception as err:
resp = apiutils.make_message(self.secret,
code=1,
msg=utils.safestr(err.message))
self.agent.reply(msgid, resp)
return
def get_error_html(self, status_code=500, **kwargs):
self.syslog.error("http error : [status_code:{0}], {1}".format(status_code, utils.safestr(kwargs)))
if self.request.headers.get('X-Requested-With') == 'XMLHttpRequest':
return self.render_json(code=1, msg=u"%s:服务器处理失败,请联系管理员" % status_code)
if status_code == 404:
return self.render_string("error.html", msg=u"404:页面不存在")
elif status_code == 403:
return self.render_string("error.html", msg=u"403:非法的请求")
elif status_code == 500:
self.syslog.error(traceback.format_exc())
return self.render_string("error.html", msg=u"500:服务器处理失败,请联系管理员")
else:
return self.render_string("error.html", msg=u"%s:服务器处理失败,请联系管理员" % status_code)
def get_error_html(self, status_code=500, **kwargs):
logger.error("http error : [status_code:{0}], {1}".format(status_code, utils.safestr(kwargs)))
if self.settings.debug:
traceback.print_exc()
if self.request.headers.get('X-Requested-With') == 'XMLHttpRequest':
return self.render_json(code=1, msg=u"%s:服务器处理失败,请联系管理员" % status_code)
if status_code == 404:
return self.render_error(msg=u"404:页面不存在")
elif status_code == 403:
return self.render_error(msg=u"403:非法的请求")
elif status_code == 500:
return self.render_error(msg=u"500:服务器处理失败,请联系管理员")
else:
return self.render_error(msg=u"%s:服务器处理失败,请联系管理员" % status_code)
def check_sign(api_secret, msg):
"""
>>> check_sign("123456",dict(code=1,s='2',msg=u'中文',sign='33C9065427EECA3490C5642C99165145'))
True
"""
if "sign" not in msg:
return False
sign = msg['sign']
params = [utils.safestr(msg[k]) for k in msg if k != 'sign']
local_sign = make_sign(api_secret, params)
result = (sign == local_sign)
if not result:
logger.error("check_sign failure, sign:%s != local_sign:%s" %(sign,local_sign))
return result
def post(self):
try:
req_msg = self.parse_request()
except Exception as err:
self.render_json(code=1, msg=safestr(err.message))
return
session_id = req_msg.get("session_id")
if not session_id:
self.render_json(code=1, msg="session_id is empty")
_exists = self.db.query(models.TrwOnline.id).filter_by(session_id=session_id).count() > 0
if _exists:
self.render_json(code=0, msg="session exists")
else:
self.render_json(code=1, msg="session not exists")
def render_string(self, template_name, **template_vars):
template_vars["xsrf_form_html"] = self.xsrf_form_html
template_vars["current_user"] = self.current_user
template_vars["login_time"] = self.get_secure_cookie(
"portal_logintime")
template_vars["request"] = self.request
template_vars["requri"] = "{0}://{1}".format(self.request.protocol,
self.request.host)
template_vars["handler"] = self
template_vars["utils"] = utils
try:
mytemplate = self.tp_lookup.get_template("portal/%s" %
template_name)
return mytemplate.render(**template_vars)
except Exception as err:
logger.info("Render template error {0}".format(utils.safestr(err)))
raise
def post(self):
try:
req_msg = self.parse_request()
except Exception as err:
self.render_json(code=1, msg=safestr(err.message))
return
session_id = req_msg.get("session_id")
if not session_id:
self.render_json(code=1, msg="session_id is empty")
_exists = self.db.query(models.TrwOnline.id).filter_by(session_id=session_id).count() > 0
if _exists:
self.render_json(code=0, msg="session exists")
else:
self.render_json(code=1, msg="session not exists")
def get(self, *args, **kwargs):
logger.info(utils.safeunicode(self.request.query))
wlan_params = {
"wlanuserip":
self.get_argument("userip", self.request.remote_ip),
"ispcode":
self.get_argument("ispcode", "default"),
"wlanusername":
self.get_argument("username", "test"),
"wlanacip":
self.settings.config.acagent.nasaddr,
"ssid":
self.get_argument("ssid", "default"),
"wlanusermac":
self.get_argument("wlanusermac", "00-00-00-00-00"),
"wlanapmac":
self.get_argument("wlanapmac", "00-00-00-00-00"),
"wlanuserfirsturl":
self.get_argument("wlanuserfirsturl", "/portal/index"),
"callback":
self.get_argument("callback", ""),
"vendortype":
self.get_argument("vendortype", ""),
}
logger.info(utils.safeunicode(wlan_params))
if wlan_params['vendortype'] == 'routeros':
logger.info("Forward to RouterOS Portal Login")
self.forward_ros(wlan_params)
return
elif wlan_params['vendortype'] == 'ikuai':
logger.info("Forward to RouterOS ikuai Login")
self.forward_ikuai(wlan_params)
return
logger.info("callback_cache_%s" %
utils.safeunicode(wlan_params['wlanuserip']))
self.application.mcache.set(
"callback_cache_%s" % utils.safestr(wlan_params['wlanuserip']),
wlan_params['callback'], 300)
url = self.settings.config.acagent.portal_login.format(**wlan_params)
logger.info("portal forward to : %s" % url)
self.redirect(url, permanent=False)
def check_sign(api_secret, msg):
"""
>>> check_sign("123456",dict(code=1,s='2',msg=u'中文',sign='33C9065427EECA3490C5642C99165145'))
True
"""
if "sign" not in msg:
return False
sign = msg['sign']
params = [
utils.safestr(msg[k]) for k in msg
if k != 'sign' and msg[k] is not None
]
local_sign = make_sign(api_secret, params)
result = (sign == local_sign)
if not result:
logger.error("check_sign failure, sign:%s != local_sign:%s" %
(sign, local_sign))
return result
def get_error_html(self, status_code=500, **kwargs):
dispatch.pub(logger.EVENT_ERROR,"http error : [status_code:{0}], {1}".format(status_code, utils.safestr(kwargs)))
if self.settings.debug:
traceback.print_exc()
if self.request.headers.get('X-Requested-With') == 'XMLHttpRequest':
return self.render_json(code=1, msg=u"%s:服务器处理失败,请联系管理员" % status_code)
if status_code == 404:
return self.render_error(msg=u"404:页面不存在")
elif status_code == 403:
return self.render_error(msg=u"403:非法的请求")
elif status_code == 500:
return self.render_error(msg=u"500:服务器处理失败,请联系管理员")
else:
return self.render_error(msg=u"%s:服务器处理失败,请联系管理员" % status_code)
def processPacket(self, req,bas=None):
if req.code != packet.AccessRequest:
raise PacketError('non-AccessRequest packet on authentication socket')
try:
reply = req.CreateReply()
reply.vendor_id = req.vendor_id
aaa_request = dict(
account_number=req.get_user_name(),
domain=req.get_domain(),
macaddr=req.client_mac,
nasaddr=req.get_nas_addr(),
vlanid1=req.vlanid1,
vlanid2=req.vlanid2
)
auth_resp = RadiusAuth(self,aaa_request).authorize()
print auth_resp
if auth_resp['code'] > 0:
reply['Reply-Message'] = auth_resp['msg']
reply.code = packet.AccessReject
return reply
if 'bypass' in auth_resp and int(auth_resp['bypass']) == 0:
is_pwd_ok = True
else:
is_pwd_ok = req.is_valid_pwd(auth_resp.get('passwd'))
if not is_pwd_ok:
reply['Reply-Message'] = "password not match"
reply.code = packet.AccessReject
return reply
else:
if u"input_rate" in auth_resp and u"output_rate" in auth_resp:
reply = rate_process.process(
reply, input_rate=auth_resp['input_rate'], output_rate=auth_resp['output_rate'])
attrs = auth_resp.get("attrs") or {}
for attr_name in attrs:
try:
# todo: May have a type matching problem
reply.AddAttribute(utils.safestr(attr_name), attrs[attr_name])
except Exception as err:
errstr = "RadiusError:current radius cannot support attribute {0},{1}".format(
attr_name,utils.safestr(err.message))
dispatch.pub(logger.EVENT_ERROR,errstr)
for attr, attr_val in req.resp_attrs.iteritems():
reply[attr] = attr_val
reply['Reply-Message'] = 'success!'
reply.code = packet.AccessAccept
if not req.VerifyReply(reply):
raise PacketError('VerifyReply error')
return reply
except Exception as err:
reply['Reply-Message'] = "auth failure, %s" % utils.safeunicode(err.message)
reply.code = packet.AccessReject
return reply
def processPacket(self, req, bas=None):
if req.code != packet.AccessRequest:
raise PacketError(
'non-AccessRequest packet on authentication socket')
try:
reply = req.CreateReply()
reply.vendor_id = req.vendor_id
aaa_request = dict(account_number=req.get_user_name(),
domain=req.get_domain(),
macaddr=req.client_mac,
nasaddr=req.get_nas_addr(),
vlanid1=req.vlanid1,
vlanid2=req.vlanid2)
auth_resp = RadiusAuth(self, aaa_request).authorize()
print auth_resp
if auth_resp['code'] > 0:
reply['Reply-Message'] = auth_resp['msg']
reply.code = packet.AccessReject
return reply
if 'bypass' in auth_resp and int(auth_resp['bypass']) == 0:
is_pwd_ok = True
else:
is_pwd_ok = req.is_valid_pwd(auth_resp.get('passwd'))
if not is_pwd_ok:
reply['Reply-Message'] = "password not match"
reply.code = packet.AccessReject
return reply
else:
if u"input_rate" in auth_resp and u"output_rate" in auth_resp:
reply = rate_process.process(
reply,
input_rate=auth_resp['input_rate'],
output_rate=auth_resp['output_rate'])
attrs = auth_resp.get("attrs") or {}
for attr_name in attrs:
try:
# todo: May have a type matching problem
reply.AddAttribute(utils.safestr(attr_name),
attrs[attr_name])
except Exception as err:
errstr = "RadiusError:current radius cannot support attribute {0},{1}".format(
attr_name, utils.safestr(err.message))
dispatch.pub(logger.EVENT_ERROR, errstr)
for attr, attr_val in req.resp_attrs.iteritems():
reply[attr] = attr_val
reply['Reply-Message'] = 'success!'
reply.code = packet.AccessAccept
if not req.VerifyReply(reply):
raise PacketError('VerifyReply error')
return reply
except Exception as err:
reply['Reply-Message'] = "auth failure, %s" % utils.safeunicode(
err.message)
reply.code = packet.AccessReject
return reply
def processAuth(self, datagram, host, port):
try:
bas = self.find_nas(host)
if not bas:
raise PacketError('[Radiusd] :: Dropping packet from unknown host %s' % host)
secret, vendor_id = bas['bas_secret'], bas['vendor_id']
req = self.createAuthPacket(packet=datagram,
dict=self.dict, secret=six.b(str(secret)),vendor_id=vendor_id)
self.do_stat(req.code)
logger.info("[Radiusd] :: Received radius request: %s" % (repr(req)))
if self.config.system.debug:
logger.debug(req.format_str())
if req.code != packet.AccessRequest:
raise PacketError('non-AccessRequest packet on authentication socket')
reply = req.CreateReply()
reply.vendor_id = req.vendor_id
aaa_request = dict(
account_number=req.get_user_name(),
domain=req.get_domain(),
macaddr=req.client_mac,
nasaddr=req.get_nas_addr(),
vlanid1=req.vlanid1,
vlanid2=req.vlanid2
)
auth_resp = RadiusAuth(self.db_engine,self.mcache,self.aes,aaa_request).authorize()
if auth_resp['code'] > 0:
reply['Reply-Message'] = auth_resp['msg']
reply.code = packet.AccessReject
return reply
if 'bypass' in auth_resp and int(auth_resp['bypass']) == 0:
is_pwd_ok = True
else:
is_pwd_ok = req.is_valid_pwd(auth_resp.get('passwd'))
if not is_pwd_ok:
reply['Reply-Message'] = "password not match"
reply.code = packet.AccessReject
return reply
else:
if u"input_rate" in auth_resp and u"output_rate" in auth_resp:
reply = rate_process.process(
reply, input_rate=auth_resp['input_rate'], output_rate=auth_resp['output_rate'])
attrs = auth_resp.get("attrs") or {}
for attr_name in attrs:
try:
# todo: May have a type matching problem
reply.AddAttribute(utils.safestr(attr_name), attrs[attr_name])
except Exception as err:
errstr = "RadiusError:current radius cannot support attribute {0},{1}".format(
attr_name,utils.safestr(err.message))
logger.error(errstr)
for attr, attr_val in req.resp_attrs.iteritems():
reply[attr] = attr_val
reply['Reply-Message'] = 'success!'
reply.code = packet.AccessAccept
if not req.VerifyReply(reply):
raise PacketError('VerifyReply error')
return reply
except Exception as err:
self.do_stat(0)
errstr = 'RadiusError:Dropping invalid auth packet from {0} {1},{2}'.format(
host, port, utils.safeunicode(err))
logger.error(errstr)
import traceback
traceback.print_exc()
def post(self):
qstr = self.get_argument("qstr", "")
wlan_params = self.get_wlan_params(qstr)
ssid = wlan_params.get("ssid", "default")
ispcode = wlan_params.get("ispcode", "default")
if not wlan_params:
self.render_error(msg=u"Missing parameter: ssid,wlanuserip,wlanacip")
return
start_time = time.time()
nas = self.get_nas(wlan_params.get("wlanacip",'127.0.0.1'))
print nas
if not nas:
self.render_error(msg=u"AC server {0} didn't register ".format(wlan_params.get("wlanacip")))
return
ac_addr = nas['ip_addr']
ac_port = int(nas['ac_port'])
secret = utils.safestr(nas['bas_secret'])
_vendor= utils.safestr(nas['portal_vendor'])
if _vendor not in ('cmccv1','cmccv2','huaweiv1','huaweiv2'):
self.render_error(msg=u"AC server portal_vendor {0} not support ".format(_vendor))
return
hm_mac=(wlan_params.get('wlanstamac','').replace(".",":").replace('-',':'))
macbstr = hm_mac and struct.pack('BBBBBB',*[int(i,base=16) for i in hm_mac.split(':')]) or None
send_portal = functools.partial(
client.send,
secret,
log=logger,
debug=self.settings.debug,
vendor=_vendor,
timeout=5
)
vendor = client.PortalClient.vendors.get(_vendor)
is_chap=self.settings.config.portal.chap in (1, "1", "chap")
userIp=wlan_params.get('wlanuserip', self.request.remote_ip)
username=self.get_argument("username", None)
password=self.get_argument("password", None)
if self.settings.debug:
logger.info( u"Start [username:%s] portal auth, wlan params:%s" % (
username, utils.safeunicode(wlan_params)))
tpl = self.get_template_attrs(wlan_params.get("ssid", "default"),ispcode)
firsturl=tpl.get("home_page", "/portal/index?tpl_name=%s" % tpl.get('tpl_name', 'default'))
def back_login(msg = u''):
self.render(self.get_login_template(tpl['tpl_path']), tpl = tpl, msg = msg, qstr = qstr, **wlan_params)
if not username or not password:
back_login(msg = u"username and password cannot be empty")
return
# checkos
# cli_dev, cli_os = self.chk_os
# domain = yield self.get_domain(wlan_params.get("ssid", "default"))
# username = "******" % (username, cli_dev, cli_os, domain)
try:
challenge_resp = None
if is_chap:
## req challenge ################################
challenge_req=vendor.proto.newReqChallenge(userIp, secret, mac=macbstr, chap = is_chap)
challenge_resp = yield send_portal(data = challenge_req, host=ac_addr, port=ac_port)
if challenge_resp.errCode > 0:
if challenge_resp.errCode == 2:
self.set_session_user(username, userIp, utils.get_currtime(), qstr=qstr)
self.redirect(firsturl)
return
raise Exception(vendor.mod.AckChallengeErrs[challenge_resp.errCode])
if challenge_resp:
## req auth ################################
auth_req = vendor.proto.newReqAuth(
userIp, username, password, challenge_resp.reqId, challenge_resp.get_challenge(),
secret, ac_addr, serialNo=challenge_req.serialNo,mac=macbstr, chap=is_chap)
else:
auth_req = vendor.proto.newReqAuth(userIp, username,password,0,None,secret,ac_addr,chap=is_chap)
auth_resp = yield send_portal(data=auth_req, host=ac_addr, port=ac_port)
if auth_resp.errCode > 0:
if auth_resp.errCode == 2:
self.set_session_user(username, userIp, utils.get_currtime(),qstr=qstr)
self.redirect(firsturl)
return
text_info = auth_resp.get_text_info()
_err_msg=u"{0},{1}".format(
vendor.mod.AckAuthErrs[auth_resp.errCode],
utils.safeunicode(text_info and text_info[0] or "")
)
raise Exception(_err_msg)
### aff_ack ################################
affack_req = vendor.proto.newAffAckAuth(
userIp, secret,ac_addr,auth_req.serialNo,auth_resp.reqId, mac=macbstr,chap = is_chap)
send_portal(data=affack_req, host=ac_addr, port=ac_port,noresp=True)
logger.info( u'Portal [username:{0}] auth success'.format(username))
if self.settings.debug:
logger.debug( u'Portal [username:%s] auth login [cast:%s ms]' % (
username, (time.time() - start_time) * 1000))
self.set_session_user(username, userIp, utils.get_currtime(),qstr=qstr, nasaddr=ac_addr)
self.redirect(firsturl)
except Exception as err:
import traceback
traceback.print_exc()
back_login(msg = u"Portal auth error,%s" % utils.safeunicode(err.message))
def process(self, msgid, message):
self.syslog.info("accept auth message @ %s : %r" %
(self.listen, utils.safeunicode(message)))
@self.cache.cache(expire=600)
def get_account_by_username(username):
return self.db.query(
models.TrAccount).filter_by(account_number=username).first()
@self.cache.cache(expire=600)
def get_product_by_id(product_id):
return self.db.query(
models.TrProduct).filter_by(id=product_id).first()
try:
req_msg = apiutils.parse_request(self.secret, message)
if req_msg.get("action") == 'ping':
return self.agent.reply(
msgid, apiutils.make_message(self.secret, code=0))
if 'username' not in req_msg:
raise ValueError('username is empty')
except Exception as err:
resp = apiutils.make_message(self.secret,
code=1,
msg=utils.safestr(err.message))
self.agent.reply(msgid, resp)
return
try:
username = req_msg['username']
account = get_account_by_username(username)
if not account:
apiutils.make_message(self.secret,
code=1,
msg=u'user {0} not exists'.format(
utils.safeunicode(username)))
self.agent.reply(msgid, resp)
return
passwd = self.app.aes.decrypt(account.password)
product = get_product_by_id(account.product_id)
result = dict(code=0,
msg='success',
username=username,
passwd=passwd,
input_rate=product.input_max_limit,
output_rate=product.output_max_limit,
attrs={
"Session-Timeout": 86400,
"Acct-Interim-Interval": 300
})
resp = apiutils.make_message(self.secret, **result)
self.agent.reply(msgid, resp)
self.syslog.info("send auth response %r" %
(utils.safeunicode(resp)))
except Exception as err:
self.syslog.error(u"api authorize error %s" %
utils.safeunicode(err.message))
resp = apiutils.make_message(self.secret,
code=1,
msg=utils.safestr(err.message))
return self.agent.reply(msgid, resp)
def post(self):
self.settings.config['system']['debug'] = int(self.get_argument("debug"))
self.settings.config['system']['tz'] = utils.safestr(self.get_argument("tz"))
self.settings.config.save()
self.redirect("/config?active=default")
req.reqId,
str(secret)
)
try:
logger.info("Send portal packet to %s:%s: %s"%(host,port, utils.safestr(req)))
self.transport.write(str(resp), (host, port))
except:
pass
def datagramReceived(self, datagram, (host, port)):
try:
nas = self.get_nas(host)
ac_addr = nas['ip_addr']
ac_port = int(nas['ac_port'])
secret = utils.safestr(nas['bas_secret'])
_vendor= utils.safestr(nas['portal_vendor'])
if _vendor not in ('cmccv1','cmccv2','huaweiv1','huaweiv2'):
self.render_error(msg=u"AC server portal_vendor {0} not support ".format(_vendor))
return
vendor = client.PortalClient.vendors.get(_vendor)
req = vendor.proto(
secret=secret,
packet=datagram,
source=(host, port)
)
logger.info("Received portal packet from %s:%s: %s"%(host,port,utils.safestr(req)))
if req.type in self.actions:
self.actions[req.type](req, vendor, secret, (host, port))
def doAckNtfLogout(self, req, vendor, secret, (host, port)):
resp = vendor.proto.newMessage(vendor.ACK_NTF_LOGOUT, req.userIp,
req.serialNo, req.reqId, str(secret))
try:
logger.info("Send portal packet to %s:%s: %s" %
(host, port, utils.safestr(req)))
self.transport.write(str(resp), (host, port))
except:
pass
def datagramReceived(self, datagram, (host, port)):
try:
nas = self.get_nas(host)
ac_addr = nas['ip_addr']
ac_port = int(nas['ac_port'])
secret = utils.safestr(nas['bas_secret'])
_vendor = utils.safestr(nas['portal_vendor'])
if _vendor not in ('cmccv1', 'cmccv2', 'huaweiv1', 'huaweiv2'):
self.render_error(
msg=u"AC server portal_vendor {0} not support ".format(
_vendor))
return
vendor = client.PortalClient.vendors.get(_vendor)
req = vendor.proto(secret=secret,
packet=datagram,
source=(host, port))
logger.info("Received portal packet from %s:%s: %s" %
(host, port, utils.safestr(req)))
if req.type in self.actions:
def processAuth(self, datagram, host, port):
try:
bas = self.find_nas(host)
if not bas:
raise PacketError('[Radiusd] :: Dropping packet from unknown host %s' % host)
secret, vendor_id = bas['bas_secret'], bas['vendor_id']
req = self.createAuthPacket(packet=datagram,
dict=self.dict, secret=six.b(str(secret)),vendor_id=vendor_id)
self.log_trace(host,port,req)
self.do_stat(req.code)
logger.info("[Radiusd] :: Received radius request: %s" % (repr(req)))
if self.config.system.debug:
logger.debug(req.format_str())
if req.code != packet.AccessRequest:
raise PacketError('non-AccessRequest packet on authentication socket')
reply = req.CreateReply()
reply.vendor_id = req.vendor_id
aaa_request = dict(
account_number=req.get_user_name(),
domain=req.get_domain(),
macaddr=req.client_mac,
nasaddr=req.get_nas_addr() or host,
vlanid1=req.vlanid1,
vlanid2=req.vlanid2
)
auth_resp = RadiusAuth(self.db_engine,self.mcache,self.aes,aaa_request).authorize()
if auth_resp['code'] > 0:
reply['Reply-Message'] = auth_resp['msg']
reply.code = packet.AccessReject
self.log_trace(host,port,req,reply)
return reply
if 'bypass' in auth_resp and int(auth_resp['bypass']) == 0:
is_pwd_ok = True
req.is_valid_pwd(auth_resp.get('passwd'))
else:
is_pwd_ok = req.is_valid_pwd(auth_resp.get('passwd'))
if not is_pwd_ok:
reply['Reply-Message'] = "password not match"
reply.code = packet.AccessReject
self.log_trace(host,port,req,reply)
return reply
else:
if u"input_rate" in auth_resp and u"output_rate" in auth_resp:
reply = rate_process.process(
reply, input_rate=auth_resp['input_rate'], output_rate=auth_resp['output_rate'])
attrs = auth_resp.get("attrs") or {}
for attr_name in attrs:
try:
# todo: May have a type matching problem
reply.AddAttribute(utils.safestr(attr_name), attrs[attr_name])
except Exception as err:
errstr = "RadiusError:current radius cannot support attribute {0},{1}".format(
attr_name,utils.safestr(err.message))
logger.error(RadiusError(err,errstr))
for attr, attr_val in req.resp_attrs.iteritems():
reply[attr] = attr_val
reply['Reply-Message'] = 'success!'
reply.code = packet.AccessAccept
if not req.VerifyReply(reply):
raise PacketError('VerifyReply error')
self.log_trace(host,port,req,reply)
return reply
except Exception as err:
self.do_stat(0)
logger.exception(err)
