def event_toughcloud_sms_account_open(self, userinfo): """ toughCloud sms api open notify event """ if not userinfo: return if not userinfo.get('phone'): logger.error('user phone is None exit') return api_secret = self.get_param_value("toughcloud_license") api_token = yield tools.get_sys_token() params = dict(token=api_token.strip(), action='sms', tplname=self.SMS_TPLNAME, phone=userinfo.get('phone'), customer=utils.safestr(userinfo.get('realname')), username=userinfo.get('account_number'), product=utils.safestr(userinfo.get('product_name')), password=userinfo.get('password'), expire=userinfo.get('expire_date'), nonce=str(int(time.time()))) params['sign'] = apiutils.make_sign(api_secret.strip(), params.values()) try: resp = yield httpclient.fetch(self.SMS_APIURL, postdata=urlencode(params)) logger.info(resp.body) logger.info('open account send short message success') except Exception as err: logger.exception(err)
def disconnect(self): try: is_chap = self.settings.config.portal.chap in (1, "1", "chap") userIp = self.current_user.ipaddr nas = self.get_nas(self.current_user.nasaddr) ac_addr = nas['ip_addr'] ac_port = int(nas['ac_port']) secret = utils.safestr(nas['bas_secret']) _vendor = utils.safestr(nas['portal_vendor']) if _vendor not in ('cmccv1', 'cmccv2', 'huaweiv1', 'huaweiv2'): defer.returnValue("not support vendor %s" % _vendor) send_portal = functools.partial(client.send, secret, log=self.syslog, debug=self.settings.debug, vendor=_vendor) vendor = client.PortalClient.vendors.get(_vendor) logout_req = vendor.proto.newReqLogout(userIp, secret, chap=is_chap) logout_resp = yield send_portal(data=logout_req, host=ac_addr, port=ac_port) if logout_resp.errCode > 0: _err_msg = u"{0},{1}".format( vendor.mod.AckLogoutErrs[logout_resp.errCode], utils.safeunicode(logout_resp.get_text_info()[0] or "")) logger.error(_err_msg) defer.returnValue("disconnect done!") except Exception as err: defer.returnValue(err)
def event_toughcloud_mail_account_open(self, userinfo): """ toughCloud mail api open notify without password event """ if not userinfo: return if not userinfo.get('email'): logger.error('user email is None exit') return try: api_secret = self.get_param_value("toughcloud_license") service_mail = self.get_param_value("toughcloud_service_mail") if not service_mail: return api_token = yield tools.get_sys_token() params = dict(token=api_token.strip(), action='email', mailto=userinfo.get('email'), tplname=self.MAIL_TPLNAME, customer=utils.safestr(userinfo.get('realname')), username=userinfo.get('account_number'), product=utils.safestr(userinfo.get('product_name')), expire=userinfo.get('expire_date'), service_call=self.get_param_value( "toughcloud_service_call", ''), service_mail=service_mail, nonce=str(int(time.time()))) params['sign'] = apiutils.make_sign(api_secret.strip(), params.values()) resp = yield httpclient.fetch(self.MAIL_APIURL, postdata=urlencode(params)) logger.info(resp.body) logger.info('open account send email without password success') except Exception as err: logger.exception(err)
def post(self): # if FeedbackHandler.last_send == 0: # FeedbackHandler.last_send = time.time() # elif (time.time() - FeedbackHandler.last_send) < 10: # rsec = int(10 - (time.time() - FeedbackHandler.last_send)) # return self.render_json(code=0,msg=u"发送间隔为10秒,请再等待 %s 秒"% rsec) topic = self.get_argument("topic","") email = self.get_argument("email","") if not topic or len(topic.strip()) == 0: self.render_json(code=0,msg=u"描述不能为空") return if len(topic.strip()) > 90: self.render_json(code=0,msg=u"描述不能大于90个字符") return service_url = '%s/service/feedback'%self.settings.config.system.service_url param_data = dict( topic=utils.safestr(topic), email=email, uuid=get_uuid(), license=self.settings.config.system.license, content=utils.safestr(self.warp_content()) ) resp = yield httpclient.post(service_url.encode('utf-8'), data=param_data) content = yield resp.content() self.write(content)
def event_toughcloud_sms_account_open(self, userinfo): """ toughCloud sms api open notify event """ if not userinfo: return if not userinfo.get('phone'): logger.error('user phone is None exit') return api_secret = self.get_param_value("toughcloud_license") api_token = yield tools.get_sys_token() params = dict( token=api_token.strip(), action='sms', tplname=self.SMS_TPLNAME, phone=userinfo.get('phone'), customer=utils.safestr(userinfo.get('realname')), username=userinfo.get('account_number'), product=utils.safestr(userinfo.get('product_name')), password=userinfo.get('password'), expire=userinfo.get('expire_date'), nonce=str(int(time.time())) ) params['sign'] = apiutils.make_sign(api_secret.strip(), params.values()) try: resp = yield httpclient.fetch(self.SMS_APIURL, postdata=urlencode(params)) logger.info(resp.body) logger.info('open account send short message success') except Exception as err: logger.exception(err)
def event_toughcloud_mail_account_expire(self, userinfo): """ toughcloud mail api notify event """ if not userinfo: return api_secret = self.get_param_value("toughcloud_license") service_mail = self.get_param_value("toughcloud_service_mail") if not service_mail: return api_token = yield tools.get_sys_token() params = dict(token=api_token.strip(), mailto=userinfo.email, tplname=self.MAIL_TPLNAME, customer=utils.safestr(userinfo.realname), username=userinfo.account_number, product=utils.safestr(userinfo.product_name), expire=userinfo.expire_date, service_call=self.get_param_value( "toughcloud_service_call", ''), service_mail=service_mail, nonce=str(int(time.time()))) params['sign'] = apiutils.make_sign(api_secret.strip(), params.values()) try: resp = yield httpclient.fetch(self.MAIL_APIURL, postdata=urlencode(params)) logger.info(resp.body) except Exception as err: logger.exception(err)
def disconnect(self): try: is_chap=self.settings.config.portal.chap in (1, "1", "chap") userIp = self.current_user.ipaddr nas = self.get_nas(self.current_user.nasaddr) ac_addr = nas['ip_addr'] ac_port = int(nas['ac_port']) secret = utils.safestr(nas['bas_secret']) _vendor= utils.safestr(nas['portal_vendor']) if _vendor not in ('cmccv1','cmccv2','huaweiv1','huaweiv2'): defer.returnValue("not support vendor %s"%_vendor) send_portal = functools.partial( client.send, secret, log=self.syslog, debug=self.settings.debug, vendor=_vendor ) vendor = client.PortalClient.vendors.get(_vendor) logout_req = vendor.proto.newReqLogout(userIp, secret,chap=is_chap) logout_resp = yield send_portal(data=logout_req, host=ac_addr, port=ac_port) if logout_resp.errCode > 0: _err_msg=u"{0},{1}".format( vendor.mod.AckLogoutErrs[logout_resp.errCode], utils.safeunicode(logout_resp.get_text_info()[0] or "") ) logger.error( _err_msg) defer.returnValue("disconnect done!") except Exception as err: defer.returnValue(err)
def event_toughcloud_mail_account_open(self, userinfo): """ toughCloud mail api open notify without password event """ if not userinfo: return if not userinfo.get('email'): logger.error('user email is None exit') return try: api_secret = self.get_param_value("toughcloud_license") service_mail = self.get_param_value("toughcloud_service_mail") if not service_mail: return api_token = yield tools.get_sys_token() params = dict( token=api_token.strip(), action='email', mailto=userinfo.get('email'), tplname=self.MAIL_TPLNAME, customer=utils.safestr(userinfo.get('realname')), username=userinfo.get('account_number'), product=utils.safestr(userinfo.get('product_name')), expire=userinfo.get('expire_date'), service_call=self.get_param_value("toughcloud_service_call", ''), service_mail=service_mail, nonce=str(int(time.time())) ) params['sign'] = apiutils.make_sign(api_secret.strip(), params.values()) resp = yield httpclient.fetch(self.MAIL_APIURL, postdata=urlencode(params)) logger.info(resp.body) logger.info('open account send email without password success') except Exception as err: logger.exception(err)
def event_toughcloud_mail_account_expire(self, userinfo): """ toughcloud mail api notify event """ if not userinfo: return api_secret = self.get_param_value("toughcloud_license") service_mail=self.get_param_value("toughcloud_service_mail") if not service_mail: return api_token = yield tools.get_sys_token() params = dict( token=api_token.strip(), mailto=userinfo.email, tplname=self.MAIL_TPLNAME, customer=utils.safestr(userinfo.realname), username=userinfo.account_number, product=utils.safestr(userinfo.product_name), expire=userinfo.expire_date, service_call=self.get_param_value("toughcloud_service_call",''), service_mail=service_mail, nonce = str(int(time.time())) ) params['sign'] = apiutils.make_sign(api_secret.strip(), params.values()) try: resp = yield httpclient.fetch(self.MAIL_APIURL, postdata=urlencode(params)) logger.info(resp.body) except Exception as err: logger.exception(err)
def add_mail_alert(self, mailto, content): db = self.mdb['nagios_alerts'] coll = db['alerts'] data = dict(alert_type='mail', target=utils.safestr(mailto), content=utils.safestr(content), sendtime=time.time()) coll.insert(data)
def add_mail_alert(self,mailto,content): db = self.mdb['nagios_alerts'] coll = db['alerts'] data = dict( alert_type = 'mail', target = utils.safestr(mailto), content = utils.safestr(content), sendtime = time.time() ) coll.insert(data)
def process(self, msgid, message): self.syslog.info("accept auth message @ %s : %r" % (self.listen, utils.safeunicode(message))) @self.cache.cache(expire=600) def get_account_by_username(username): return self.db.query(models.TrAccount).filter_by(account_number=username).first() @self.cache.cache(expire=600) def get_product_by_id(product_id): return self.db.query(models.TrProduct).filter_by(id=product_id).first() try: req_msg = apiutils.parse_request(self.secret, message) if req_msg.get("action") == 'ping': return self.agent.reply(msgid, apiutils.make_message(self.secret,code=0)) if 'username' not in req_msg: raise ValueError('username is empty') except Exception as err: resp = apiutils.make_message(self.secret, code=1, msg=utils.safestr(err.message)) self.agent.reply(msgid, resp) return try: username = req_msg['username'] account = get_account_by_username(username) if not account: apiutils.make_message(self.secret, code=1, msg=u'user {0} not exists'.format(utils.safeunicode(username))) self.agent.reply(msgid, resp) return passwd = self.app.aes.decrypt(account.password) product = get_product_by_id(account.product_id) result = dict( code=0, msg='success', username=username, passwd=passwd, input_rate=product.input_max_limit, output_rate=product.output_max_limit, attrs={ "Session-Timeout" : 86400, "Acct-Interim-Interval": 300 } ) resp = apiutils.make_message(self.secret, **result) self.agent.reply(msgid, resp) self.syslog.info("send auth response %r" % (utils.safeunicode(resp))) except Exception as err: self.syslog.error(u"api authorize error %s" % utils.safeunicode(err.message)) resp = apiutils.make_message(self.secret, code=1, msg=utils.safestr(err.message)) return self.agent.reply(msgid, resp)
def make_sign(self, secret, params=[]): """ make sign :param params: params list :return: :rtype: """ _params = [utils.safestr(p) for p in params if p is not None] _params.sort() _params.insert(0, secret) strs = ''.join(_params) # if self.settings.debug: # log.msg("sign_src = %s" % strs, level=logging.DEBUG) mds = md5(utils.safestr(strs)).hexdigest() return mds.upper()
def event_webhook_account_expire(self, userinfo): """webhook notify event """ notify_url = self.get_param_value("expire_notify_url") if not notify_url: return url = notify_url.replace('{account}',userinfo.account_number) url = url.replace('{customer}',utils.safestr(userinfo.realname)) url = url.replace('{expire}',userinfo.expire_date) url = url.replace('{email}',userinfo.email) url = url.replace('{mobile}',userinfo.mobile) url = url.replace('{product}',utils.safestr(userinfo.product_name)) url = url.encode('utf-8') url = quote(url,":?=/&") return httpclient.fetch(url).addCallbacks(lambda r: logger.info(r.body),logger.exception)
def event_webhook_account_expire(self, userinfo): """webhook notify event """ notify_url = self.get_param_value("expire_notify_url") if not notify_url: return url = notify_url.replace('{account}', userinfo.account_number) url = url.replace('{customer}', utils.safestr(userinfo.customer)) url = url.replace('{expire}', userinfo.expire_date) url = url.replace('{email}', userinfo.email) url = url.replace('{mobile}', userinfo.mobile) url = url.replace('{product}', utils.safestr(userinfo.product_name)) url = url.encode('utf-8') url = quote(url, ":?=/&") return httpclient.fetch(url).addCallbacks( lambda r: logger.info(r.body), logger.exception)
def post(self): try: req_msg = self.parse_request() except Exception as err: self.render_json(code=1, msg=safestr(err.message)) return session_id = req_msg.get("session_id") if not session_id: self.render_json(code=1, msg="session_id is empty") session = self.db.query(models.TrwOnline).filter_by(session_id=session_id) result = dict( username=session.username, nas_addr=session.nas_addr, session_id=session_id, start_time=session.start_time, ipaddr=session.ipaddr, macaddr=session.macaddr, input_total=session.input_total, output_total=session.output_total ) self.render_json(code=0, msg="success", data=result)
def render_json(self, **template_vars): if not template_vars.has_key("code"): template_vars["code"] = 0 resp = json.dumps(template_vars, ensure_ascii=False) if self.settings.debug: logger.debug("[api debug] :: %s response body: %s" % (self.request.path, utils.safestr(resp))) self.write(resp)
def post(self): try: req_msg = self.parse_request() except Exception as err: self.render_json(code=1, msg=safestr(err.message)) return session_id = req_msg.get("session_id") if not session_id: self.render_json(code=1, msg="session_id is empty") session = self.db.query(models.TrwOnline).filter_by(session_id=session_id) result = dict( username=session.username, nas_addr=session.nas_addr, session_id=session_id, start_time=session.start_time, ipaddr=session.ipaddr, macaddr=session.macaddr, input_total=session.input_total, output_total=session.output_total, ) self.render_json(code=0, msg="success", data=result)
def get(self, *args, **kwargs): logger.info(utils.safeunicode(self.request.query)) wlan_params = { "wlanuserip": self.get_argument("userip", self.request.remote_ip), "ispcode": self.get_argument("ispcode", "default"), "wlanusername": self.get_argument("username","test"), "wlanacip": self.settings.config.acagent.nasaddr, "ssid": self.get_argument("ssid","default"), "wlanusermac": self.get_argument("wlanusermac","00-00-00-00-00"), "wlanapmac": self.get_argument("wlanapmac","00-00-00-00-00"), "wlanuserfirsturl": self.get_argument("wlanuserfirsturl","/portal/index"), "callback": self.get_argument("callback",""), "vendortype" : self.get_argument("vendortype",""), } logger.info(utils.safeunicode(wlan_params)) if wlan_params['vendortype'] == 'routeros': logger.info("Forward to RouterOS Portal Login") self.forward_ros(wlan_params) return elif wlan_params['vendortype'] == 'ikuai': logger.info("Forward to RouterOS ikuai Login") self.forward_ikuai(wlan_params) return logger.info("callback_cache_%s" % utils.safeunicode(wlan_params['wlanuserip'])) self.application.mcache.set( "callback_cache_%s" % utils.safestr(wlan_params['wlanuserip']),wlan_params['callback'],300) url = self.settings.config.acagent.portal_login.format(**wlan_params) logger.info("portal forward to : %s" % url) self.redirect(url, permanent=False)
def post(self): self.settings.config['system']['debug'] = int( self.get_argument("debug")) self.settings.config['system']['tz'] = utils.safestr( self.get_argument("tz")) self.settings.config.save() self.redirect("/config?active=default")
def process(self, msgid, message): self.syslog.info("accept acct message @ %s : %r" % (self.listen, utils.safeunicode(message))) try: req_msg = apiutils.parse_request(self.secret, message) if req_msg.get("action") == 'ping': return self.agent.reply(msgid, apiutils.make_message(self.secret,code=0)) except Exception as err: resp = apiutils.make_message(self.secret, code=1, msg=utils.safestr(err.message)) self.agent.reply(msgid, resp) return
def event_toughcloud_mail_account_expire(self, userinfo): """ toughcloud mail api notify event """ api_secret = self.get_param_value("toughcloud_api_secret", "") if not userinfo: return params = dict(sid=tools.get_sys_uuid(), tplname=self.MAIL_TPLNAME, customer=utils.safestr(userinfo.realname), username=userinfo.account_number, product=utils.safestr(userinfo.product_name), expire=userinfo.expire_date, service_call=self.get_param_value("service_call", ''), service_mail=self.get_param_value("service_mail", ''), nonce=str(int(time.time()))) params['sign'] = apiutils.make_sign(api_secret, params.values()) d = httpclient.fetch(self.MAIL_APIURL, postdata=urlencode(params)) d.addCallback(lambda r: logger.info(r.body)).addErrback( logger.exception) return d
def get_error_html(self, status_code=500, **kwargs): self.syslog.error("http error : [status_code:{0}], {1}".format(status_code, utils.safestr(kwargs))) if status_code == 404: return self.render_string("error.html", msg=u"404:页面不存在") elif status_code == 403: return self.render_string("error.html", msg=u"403:非法的请求") elif status_code == 500: return self.render_string("error.html", msg=u"500:服务器处理失败,请联系管理员") else: return self.render_string("error.html", msg=u"%s:服务器处理失败,请联系管理员" % status_code)
def explode_list(msg, blist): for n1 in msg: if isinstance(msg[n1], dict): explode_list(msg[n1], blist) elif isinstance(msg[n1], list): for n2 in msg[n1]: explode_list(n2, blist) else: if n1 != 'sign': blist.append(utils.safestr(msg[n1]))
def event_toughcloud_mail_account_expire(self, userinfo): """ toughcloud mail api notify event """ api_secret = self.get_param_value("toughcloud_api_secret","") if not userinfo: return params = dict( sid=tools.get_sys_uuid(), tplname=self.MAIL_TPLNAME, customer=utils.safestr(userinfo.realname), username=userinfo.account_number, product=utils.safestr(userinfo.product_name), expire=userinfo.expire_date, service_call=self.get_param_value("service_call",''), service_mail=self.get_param_value("service_mail",''), nonce = str(int(time.time())) ) params['sign'] = apiutils.make_sign(api_secret, params.values()) d = httpclient.fetch(self.MAIL_APIURL, postdata=urlencode(params)) d.addCallback(lambda r:logger.info(r.body)).addErrback(logger.exception) return d
def get_error_html(self, status_code=500, **kwargs): logger.info("http error : [status_code:{0}], {1}".format( status_code, utils.safestr(kwargs))) if status_code == 404: return self.render_string("error.html", msg=u"404:页面不存在") elif status_code == 403: return self.render_string("error.html", msg=u"403:非法的请求") elif status_code == 500: return self.render_string("error.html", msg=u"500:服务器处理失败,请联系管理员") else: return self.render_string("error.html", msg=u"%s:服务器处理失败,请联系管理员" % status_code)
class PortalListen(protocol.DatagramProtocol): actions = {} def __init__(self, config, dbengine=None, log=None): self.syslog = log or logger.Logger(config) self.dbengine = dbengine self.config = config self.mcache = redis_cache.CacheManager( redis_conf(config), cache_name='ToughWlanPortald-%s' % os.getpid()) # self.vendor = PortalListen.vendors.get(config.portal.vendor) # self.actions = { # self.vendor.mod.NTF_LOGOUT : self.doAckNtfLogout # } reactor.callLater(3.0, self.init_task) def get_nas(self, ip_addr): def fetch_result(): table = models.TrwBas.__table__ with self.db_engine.begin() as conn: return conn.execute( table.select().where(table.c.ip_addr == ip_addr)).first() return self.mcache.aget(ac_cache_key(ip_addr), fetch_result, expire=600) def init_task(self): _task = task.LoopingCall(self.send_ntf_heart) _task.start(self.config.portal.ntf_heart) def send_ntf_heart(self): pass # host,port = self.ac1[0], int(self.ac1[1]) # req = self.vendor.Portal.newNtfHeart(self.config.portal.secret,host) # if self.debug: # pass # # self.syslog.info("Send NTF_HEARTBEAT to %s:%s: %s" % (host,port,repr(req))) # try: # self.transport.write(str(req), (host,port)) # except: # pass def doAckNtfLogout(self, req, vendor, secret, (host, port)): resp = vendor.proto.newMessage(vendor.ACK_NTF_LOGOUT, req.userIp, req.serialNo, req.reqId, str(secret)) try: logger.info("Send portal packet to %s:%s: %s" % (host, port, utils.safestr(req))) self.transport.write(str(resp), (host, port)) except: pass
def post(self): try: req_msg = self.parse_request() except Exception as err: self.render_json(code=1, msg=safestr(err.message)) return session_id = req_msg.get("session_id") if not session_id: self.render_json(code=1, msg="session_id is empty") self.db.query(models.TrwOnline).filter_by(session_id=session_id).delete() self.render_json(code=0, msg="success")
def render_string(self, template_name, **template_vars): template_vars["xsrf_form_html"] = self.xsrf_form_html template_vars["current_user"] = self.current_user template_vars["login_time"] = self.get_secure_cookie("portal_logintime") template_vars["request"] = self.request template_vars["requri"] = "{0}://{1}".format(self.request.protocol, self.request.host) template_vars["handler"] = self template_vars["utils"] = utils try: mytemplate = self.tp_lookup.get_template(template_name) return mytemplate.render(**template_vars) except Exception as err: self.syslog.error("Render template error {0}".format(utils.safestr(err))) raise
def process(self, msgid, message): self.syslog.info("accept acct message @ %s : %r" % (self.listen, utils.safeunicode(message))) try: req_msg = apiutils.parse_request(self.secret, message) if req_msg.get("action") == 'ping': return self.agent.reply( msgid, apiutils.make_message(self.secret, code=0)) except Exception as err: resp = apiutils.make_message(self.secret, code=1, msg=utils.safestr(err.message)) self.agent.reply(msgid, resp) return
def get_error_html(self, status_code=500, **kwargs): self.syslog.error("http error : [status_code:{0}], {1}".format(status_code, utils.safestr(kwargs))) if self.request.headers.get('X-Requested-With') == 'XMLHttpRequest': return self.render_json(code=1, msg=u"%s:服务器处理失败,请联系管理员" % status_code) if status_code == 404: return self.render_string("error.html", msg=u"404:页面不存在") elif status_code == 403: return self.render_string("error.html", msg=u"403:非法的请求") elif status_code == 500: self.syslog.error(traceback.format_exc()) return self.render_string("error.html", msg=u"500:服务器处理失败,请联系管理员") else: return self.render_string("error.html", msg=u"%s:服务器处理失败,请联系管理员" % status_code)
def get_error_html(self, status_code=500, **kwargs): logger.error("http error : [status_code:{0}], {1}".format(status_code, utils.safestr(kwargs))) if self.settings.debug: traceback.print_exc() if self.request.headers.get('X-Requested-With') == 'XMLHttpRequest': return self.render_json(code=1, msg=u"%s:服务器处理失败,请联系管理员" % status_code) if status_code == 404: return self.render_error(msg=u"404:页面不存在") elif status_code == 403: return self.render_error(msg=u"403:非法的请求") elif status_code == 500: return self.render_error(msg=u"500:服务器处理失败,请联系管理员") else: return self.render_error(msg=u"%s:服务器处理失败,请联系管理员" % status_code)
def check_sign(api_secret, msg): """ >>> check_sign("123456",dict(code=1,s='2',msg=u'中文',sign='33C9065427EECA3490C5642C99165145')) True """ if "sign" not in msg: return False sign = msg['sign'] params = [utils.safestr(msg[k]) for k in msg if k != 'sign'] local_sign = make_sign(api_secret, params) result = (sign == local_sign) if not result: logger.error("check_sign failure, sign:%s != local_sign:%s" %(sign,local_sign)) return result
def post(self): try: req_msg = self.parse_request() except Exception as err: self.render_json(code=1, msg=safestr(err.message)) return session_id = req_msg.get("session_id") if not session_id: self.render_json(code=1, msg="session_id is empty") _exists = self.db.query(models.TrwOnline.id).filter_by(session_id=session_id).count() > 0 if _exists: self.render_json(code=0, msg="session exists") else: self.render_json(code=1, msg="session not exists")
def render_string(self, template_name, **template_vars): template_vars["xsrf_form_html"] = self.xsrf_form_html template_vars["current_user"] = self.current_user template_vars["login_time"] = self.get_secure_cookie( "portal_logintime") template_vars["request"] = self.request template_vars["requri"] = "{0}://{1}".format(self.request.protocol, self.request.host) template_vars["handler"] = self template_vars["utils"] = utils try: mytemplate = self.tp_lookup.get_template("portal/%s" % template_name) return mytemplate.render(**template_vars) except Exception as err: logger.info("Render template error {0}".format(utils.safestr(err))) raise
def get(self, *args, **kwargs): logger.info(utils.safeunicode(self.request.query)) wlan_params = { "wlanuserip": self.get_argument("userip", self.request.remote_ip), "ispcode": self.get_argument("ispcode", "default"), "wlanusername": self.get_argument("username", "test"), "wlanacip": self.settings.config.acagent.nasaddr, "ssid": self.get_argument("ssid", "default"), "wlanusermac": self.get_argument("wlanusermac", "00-00-00-00-00"), "wlanapmac": self.get_argument("wlanapmac", "00-00-00-00-00"), "wlanuserfirsturl": self.get_argument("wlanuserfirsturl", "/portal/index"), "callback": self.get_argument("callback", ""), "vendortype": self.get_argument("vendortype", ""), } logger.info(utils.safeunicode(wlan_params)) if wlan_params['vendortype'] == 'routeros': logger.info("Forward to RouterOS Portal Login") self.forward_ros(wlan_params) return elif wlan_params['vendortype'] == 'ikuai': logger.info("Forward to RouterOS ikuai Login") self.forward_ikuai(wlan_params) return logger.info("callback_cache_%s" % utils.safeunicode(wlan_params['wlanuserip'])) self.application.mcache.set( "callback_cache_%s" % utils.safestr(wlan_params['wlanuserip']), wlan_params['callback'], 300) url = self.settings.config.acagent.portal_login.format(**wlan_params) logger.info("portal forward to : %s" % url) self.redirect(url, permanent=False)
def check_sign(api_secret, msg): """ >>> check_sign("123456",dict(code=1,s='2',msg=u'中文',sign='33C9065427EECA3490C5642C99165145')) True """ if "sign" not in msg: return False sign = msg['sign'] params = [ utils.safestr(msg[k]) for k in msg if k != 'sign' and msg[k] is not None ] local_sign = make_sign(api_secret, params) result = (sign == local_sign) if not result: logger.error("check_sign failure, sign:%s != local_sign:%s" % (sign, local_sign)) return result
def get_error_html(self, status_code=500, **kwargs): dispatch.pub(logger.EVENT_ERROR,"http error : [status_code:{0}], {1}".format(status_code, utils.safestr(kwargs))) if self.settings.debug: traceback.print_exc() if self.request.headers.get('X-Requested-With') == 'XMLHttpRequest': return self.render_json(code=1, msg=u"%s:服务器处理失败,请联系管理员" % status_code) if status_code == 404: return self.render_error(msg=u"404:页面不存在") elif status_code == 403: return self.render_error(msg=u"403:非法的请求") elif status_code == 500: return self.render_error(msg=u"500:服务器处理失败,请联系管理员") else: return self.render_error(msg=u"%s:服务器处理失败,请联系管理员" % status_code)
def processPacket(self, req,bas=None): if req.code != packet.AccessRequest: raise PacketError('non-AccessRequest packet on authentication socket') try: reply = req.CreateReply() reply.vendor_id = req.vendor_id aaa_request = dict( account_number=req.get_user_name(), domain=req.get_domain(), macaddr=req.client_mac, nasaddr=req.get_nas_addr(), vlanid1=req.vlanid1, vlanid2=req.vlanid2 ) auth_resp = RadiusAuth(self,aaa_request).authorize() print auth_resp if auth_resp['code'] > 0: reply['Reply-Message'] = auth_resp['msg'] reply.code = packet.AccessReject return reply if 'bypass' in auth_resp and int(auth_resp['bypass']) == 0: is_pwd_ok = True else: is_pwd_ok = req.is_valid_pwd(auth_resp.get('passwd')) if not is_pwd_ok: reply['Reply-Message'] = "password not match" reply.code = packet.AccessReject return reply else: if u"input_rate" in auth_resp and u"output_rate" in auth_resp: reply = rate_process.process( reply, input_rate=auth_resp['input_rate'], output_rate=auth_resp['output_rate']) attrs = auth_resp.get("attrs") or {} for attr_name in attrs: try: # todo: May have a type matching problem reply.AddAttribute(utils.safestr(attr_name), attrs[attr_name]) except Exception as err: errstr = "RadiusError:current radius cannot support attribute {0},{1}".format( attr_name,utils.safestr(err.message)) dispatch.pub(logger.EVENT_ERROR,errstr) for attr, attr_val in req.resp_attrs.iteritems(): reply[attr] = attr_val reply['Reply-Message'] = 'success!' reply.code = packet.AccessAccept if not req.VerifyReply(reply): raise PacketError('VerifyReply error') return reply except Exception as err: reply['Reply-Message'] = "auth failure, %s" % utils.safeunicode(err.message) reply.code = packet.AccessReject return reply
def processPacket(self, req, bas=None): if req.code != packet.AccessRequest: raise PacketError( 'non-AccessRequest packet on authentication socket') try: reply = req.CreateReply() reply.vendor_id = req.vendor_id aaa_request = dict(account_number=req.get_user_name(), domain=req.get_domain(), macaddr=req.client_mac, nasaddr=req.get_nas_addr(), vlanid1=req.vlanid1, vlanid2=req.vlanid2) auth_resp = RadiusAuth(self, aaa_request).authorize() print auth_resp if auth_resp['code'] > 0: reply['Reply-Message'] = auth_resp['msg'] reply.code = packet.AccessReject return reply if 'bypass' in auth_resp and int(auth_resp['bypass']) == 0: is_pwd_ok = True else: is_pwd_ok = req.is_valid_pwd(auth_resp.get('passwd')) if not is_pwd_ok: reply['Reply-Message'] = "password not match" reply.code = packet.AccessReject return reply else: if u"input_rate" in auth_resp and u"output_rate" in auth_resp: reply = rate_process.process( reply, input_rate=auth_resp['input_rate'], output_rate=auth_resp['output_rate']) attrs = auth_resp.get("attrs") or {} for attr_name in attrs: try: # todo: May have a type matching problem reply.AddAttribute(utils.safestr(attr_name), attrs[attr_name]) except Exception as err: errstr = "RadiusError:current radius cannot support attribute {0},{1}".format( attr_name, utils.safestr(err.message)) dispatch.pub(logger.EVENT_ERROR, errstr) for attr, attr_val in req.resp_attrs.iteritems(): reply[attr] = attr_val reply['Reply-Message'] = 'success!' reply.code = packet.AccessAccept if not req.VerifyReply(reply): raise PacketError('VerifyReply error') return reply except Exception as err: reply['Reply-Message'] = "auth failure, %s" % utils.safeunicode( err.message) reply.code = packet.AccessReject return reply
def processAuth(self, datagram, host, port): try: bas = self.find_nas(host) if not bas: raise PacketError('[Radiusd] :: Dropping packet from unknown host %s' % host) secret, vendor_id = bas['bas_secret'], bas['vendor_id'] req = self.createAuthPacket(packet=datagram, dict=self.dict, secret=six.b(str(secret)),vendor_id=vendor_id) self.do_stat(req.code) logger.info("[Radiusd] :: Received radius request: %s" % (repr(req))) if self.config.system.debug: logger.debug(req.format_str()) if req.code != packet.AccessRequest: raise PacketError('non-AccessRequest packet on authentication socket') reply = req.CreateReply() reply.vendor_id = req.vendor_id aaa_request = dict( account_number=req.get_user_name(), domain=req.get_domain(), macaddr=req.client_mac, nasaddr=req.get_nas_addr(), vlanid1=req.vlanid1, vlanid2=req.vlanid2 ) auth_resp = RadiusAuth(self.db_engine,self.mcache,self.aes,aaa_request).authorize() if auth_resp['code'] > 0: reply['Reply-Message'] = auth_resp['msg'] reply.code = packet.AccessReject return reply if 'bypass' in auth_resp and int(auth_resp['bypass']) == 0: is_pwd_ok = True else: is_pwd_ok = req.is_valid_pwd(auth_resp.get('passwd')) if not is_pwd_ok: reply['Reply-Message'] = "password not match" reply.code = packet.AccessReject return reply else: if u"input_rate" in auth_resp and u"output_rate" in auth_resp: reply = rate_process.process( reply, input_rate=auth_resp['input_rate'], output_rate=auth_resp['output_rate']) attrs = auth_resp.get("attrs") or {} for attr_name in attrs: try: # todo: May have a type matching problem reply.AddAttribute(utils.safestr(attr_name), attrs[attr_name]) except Exception as err: errstr = "RadiusError:current radius cannot support attribute {0},{1}".format( attr_name,utils.safestr(err.message)) logger.error(errstr) for attr, attr_val in req.resp_attrs.iteritems(): reply[attr] = attr_val reply['Reply-Message'] = 'success!' reply.code = packet.AccessAccept if not req.VerifyReply(reply): raise PacketError('VerifyReply error') return reply except Exception as err: self.do_stat(0) errstr = 'RadiusError:Dropping invalid auth packet from {0} {1},{2}'.format( host, port, utils.safeunicode(err)) logger.error(errstr) import traceback traceback.print_exc()
def post(self): qstr = self.get_argument("qstr", "") wlan_params = self.get_wlan_params(qstr) ssid = wlan_params.get("ssid", "default") ispcode = wlan_params.get("ispcode", "default") if not wlan_params: self.render_error(msg=u"Missing parameter: ssid,wlanuserip,wlanacip") return start_time = time.time() nas = self.get_nas(wlan_params.get("wlanacip",'127.0.0.1')) print nas if not nas: self.render_error(msg=u"AC server {0} didn't register ".format(wlan_params.get("wlanacip"))) return ac_addr = nas['ip_addr'] ac_port = int(nas['ac_port']) secret = utils.safestr(nas['bas_secret']) _vendor= utils.safestr(nas['portal_vendor']) if _vendor not in ('cmccv1','cmccv2','huaweiv1','huaweiv2'): self.render_error(msg=u"AC server portal_vendor {0} not support ".format(_vendor)) return hm_mac=(wlan_params.get('wlanstamac','').replace(".",":").replace('-',':')) macbstr = hm_mac and struct.pack('BBBBBB',*[int(i,base=16) for i in hm_mac.split(':')]) or None send_portal = functools.partial( client.send, secret, log=logger, debug=self.settings.debug, vendor=_vendor, timeout=5 ) vendor = client.PortalClient.vendors.get(_vendor) is_chap=self.settings.config.portal.chap in (1, "1", "chap") userIp=wlan_params.get('wlanuserip', self.request.remote_ip) username=self.get_argument("username", None) password=self.get_argument("password", None) if self.settings.debug: logger.info( u"Start [username:%s] portal auth, wlan params:%s" % ( username, utils.safeunicode(wlan_params))) tpl = self.get_template_attrs(wlan_params.get("ssid", "default"),ispcode) firsturl=tpl.get("home_page", "/portal/index?tpl_name=%s" % tpl.get('tpl_name', 'default')) def back_login(msg = u''): self.render(self.get_login_template(tpl['tpl_path']), tpl = tpl, msg = msg, qstr = qstr, **wlan_params) if not username or not password: back_login(msg = u"username and password cannot be empty") return # checkos # cli_dev, cli_os = self.chk_os # domain = yield self.get_domain(wlan_params.get("ssid", "default")) # username = "******" % (username, cli_dev, cli_os, domain) try: challenge_resp = None if is_chap: ## req challenge ################################ challenge_req=vendor.proto.newReqChallenge(userIp, secret, mac=macbstr, chap = is_chap) challenge_resp = yield send_portal(data = challenge_req, host=ac_addr, port=ac_port) if challenge_resp.errCode > 0: if challenge_resp.errCode == 2: self.set_session_user(username, userIp, utils.get_currtime(), qstr=qstr) self.redirect(firsturl) return raise Exception(vendor.mod.AckChallengeErrs[challenge_resp.errCode]) if challenge_resp: ## req auth ################################ auth_req = vendor.proto.newReqAuth( userIp, username, password, challenge_resp.reqId, challenge_resp.get_challenge(), secret, ac_addr, serialNo=challenge_req.serialNo,mac=macbstr, chap=is_chap) else: auth_req = vendor.proto.newReqAuth(userIp, username,password,0,None,secret,ac_addr,chap=is_chap) auth_resp = yield send_portal(data=auth_req, host=ac_addr, port=ac_port) if auth_resp.errCode > 0: if auth_resp.errCode == 2: self.set_session_user(username, userIp, utils.get_currtime(),qstr=qstr) self.redirect(firsturl) return text_info = auth_resp.get_text_info() _err_msg=u"{0},{1}".format( vendor.mod.AckAuthErrs[auth_resp.errCode], utils.safeunicode(text_info and text_info[0] or "") ) raise Exception(_err_msg) ### aff_ack ################################ affack_req = vendor.proto.newAffAckAuth( userIp, secret,ac_addr,auth_req.serialNo,auth_resp.reqId, mac=macbstr,chap = is_chap) send_portal(data=affack_req, host=ac_addr, port=ac_port,noresp=True) logger.info( u'Portal [username:{0}] auth success'.format(username)) if self.settings.debug: logger.debug( u'Portal [username:%s] auth login [cast:%s ms]' % ( username, (time.time() - start_time) * 1000)) self.set_session_user(username, userIp, utils.get_currtime(),qstr=qstr, nasaddr=ac_addr) self.redirect(firsturl) except Exception as err: import traceback traceback.print_exc() back_login(msg = u"Portal auth error,%s" % utils.safeunicode(err.message))
def process(self, msgid, message): self.syslog.info("accept auth message @ %s : %r" % (self.listen, utils.safeunicode(message))) @self.cache.cache(expire=600) def get_account_by_username(username): return self.db.query( models.TrAccount).filter_by(account_number=username).first() @self.cache.cache(expire=600) def get_product_by_id(product_id): return self.db.query( models.TrProduct).filter_by(id=product_id).first() try: req_msg = apiutils.parse_request(self.secret, message) if req_msg.get("action") == 'ping': return self.agent.reply( msgid, apiutils.make_message(self.secret, code=0)) if 'username' not in req_msg: raise ValueError('username is empty') except Exception as err: resp = apiutils.make_message(self.secret, code=1, msg=utils.safestr(err.message)) self.agent.reply(msgid, resp) return try: username = req_msg['username'] account = get_account_by_username(username) if not account: apiutils.make_message(self.secret, code=1, msg=u'user {0} not exists'.format( utils.safeunicode(username))) self.agent.reply(msgid, resp) return passwd = self.app.aes.decrypt(account.password) product = get_product_by_id(account.product_id) result = dict(code=0, msg='success', username=username, passwd=passwd, input_rate=product.input_max_limit, output_rate=product.output_max_limit, attrs={ "Session-Timeout": 86400, "Acct-Interim-Interval": 300 }) resp = apiutils.make_message(self.secret, **result) self.agent.reply(msgid, resp) self.syslog.info("send auth response %r" % (utils.safeunicode(resp))) except Exception as err: self.syslog.error(u"api authorize error %s" % utils.safeunicode(err.message)) resp = apiutils.make_message(self.secret, code=1, msg=utils.safestr(err.message)) return self.agent.reply(msgid, resp)
def post(self): self.settings.config['system']['debug'] = int(self.get_argument("debug")) self.settings.config['system']['tz'] = utils.safestr(self.get_argument("tz")) self.settings.config.save() self.redirect("/config?active=default")
req.reqId, str(secret) ) try: logger.info("Send portal packet to %s:%s: %s"%(host,port, utils.safestr(req))) self.transport.write(str(resp), (host, port)) except: pass def datagramReceived(self, datagram, (host, port)): try: nas = self.get_nas(host) ac_addr = nas['ip_addr'] ac_port = int(nas['ac_port']) secret = utils.safestr(nas['bas_secret']) _vendor= utils.safestr(nas['portal_vendor']) if _vendor not in ('cmccv1','cmccv2','huaweiv1','huaweiv2'): self.render_error(msg=u"AC server portal_vendor {0} not support ".format(_vendor)) return vendor = client.PortalClient.vendors.get(_vendor) req = vendor.proto( secret=secret, packet=datagram, source=(host, port) ) logger.info("Received portal packet from %s:%s: %s"%(host,port,utils.safestr(req))) if req.type in self.actions: self.actions[req.type](req, vendor, secret, (host, port))
def doAckNtfLogout(self, req, vendor, secret, (host, port)): resp = vendor.proto.newMessage(vendor.ACK_NTF_LOGOUT, req.userIp, req.serialNo, req.reqId, str(secret)) try: logger.info("Send portal packet to %s:%s: %s" % (host, port, utils.safestr(req))) self.transport.write(str(resp), (host, port)) except: pass def datagramReceived(self, datagram, (host, port)): try: nas = self.get_nas(host) ac_addr = nas['ip_addr'] ac_port = int(nas['ac_port']) secret = utils.safestr(nas['bas_secret']) _vendor = utils.safestr(nas['portal_vendor']) if _vendor not in ('cmccv1', 'cmccv2', 'huaweiv1', 'huaweiv2'): self.render_error( msg=u"AC server portal_vendor {0} not support ".format( _vendor)) return vendor = client.PortalClient.vendors.get(_vendor) req = vendor.proto(secret=secret, packet=datagram, source=(host, port)) logger.info("Received portal packet from %s:%s: %s" % (host, port, utils.safestr(req))) if req.type in self.actions:
def processAuth(self, datagram, host, port): try: bas = self.find_nas(host) if not bas: raise PacketError('[Radiusd] :: Dropping packet from unknown host %s' % host) secret, vendor_id = bas['bas_secret'], bas['vendor_id'] req = self.createAuthPacket(packet=datagram, dict=self.dict, secret=six.b(str(secret)),vendor_id=vendor_id) self.log_trace(host,port,req) self.do_stat(req.code) logger.info("[Radiusd] :: Received radius request: %s" % (repr(req))) if self.config.system.debug: logger.debug(req.format_str()) if req.code != packet.AccessRequest: raise PacketError('non-AccessRequest packet on authentication socket') reply = req.CreateReply() reply.vendor_id = req.vendor_id aaa_request = dict( account_number=req.get_user_name(), domain=req.get_domain(), macaddr=req.client_mac, nasaddr=req.get_nas_addr() or host, vlanid1=req.vlanid1, vlanid2=req.vlanid2 ) auth_resp = RadiusAuth(self.db_engine,self.mcache,self.aes,aaa_request).authorize() if auth_resp['code'] > 0: reply['Reply-Message'] = auth_resp['msg'] reply.code = packet.AccessReject self.log_trace(host,port,req,reply) return reply if 'bypass' in auth_resp and int(auth_resp['bypass']) == 0: is_pwd_ok = True req.is_valid_pwd(auth_resp.get('passwd')) else: is_pwd_ok = req.is_valid_pwd(auth_resp.get('passwd')) if not is_pwd_ok: reply['Reply-Message'] = "password not match" reply.code = packet.AccessReject self.log_trace(host,port,req,reply) return reply else: if u"input_rate" in auth_resp and u"output_rate" in auth_resp: reply = rate_process.process( reply, input_rate=auth_resp['input_rate'], output_rate=auth_resp['output_rate']) attrs = auth_resp.get("attrs") or {} for attr_name in attrs: try: # todo: May have a type matching problem reply.AddAttribute(utils.safestr(attr_name), attrs[attr_name]) except Exception as err: errstr = "RadiusError:current radius cannot support attribute {0},{1}".format( attr_name,utils.safestr(err.message)) logger.error(RadiusError(err,errstr)) for attr, attr_val in req.resp_attrs.iteritems(): reply[attr] = attr_val reply['Reply-Message'] = 'success!' reply.code = packet.AccessAccept if not req.VerifyReply(reply): raise PacketError('VerifyReply error') self.log_trace(host,port,req,reply) return reply except Exception as err: self.do_stat(0) logger.exception(err)