def policy_auth(self, reqdata, test=False): if not test: policy_server = yield self.get_policy_server() apiurl = "http://{0}:{1}/aaawifi/authorizeRequest".format( policy_server["policy_server"], policy_server["auth_port"]) if self.settings.debug: self.syslog.debug("portal auth request (%s): %s" % (apiurl, reqdata)) headers = {"Content-Type": ["application/x-www-form-urlencoded"]} try: resp = yield requests.post(apiurl, params=reqdata, headers=headers) jsonresp = yield resp.json() defer.returnValue(jsonresp) except Exception as err: import traceback traceback.print_exc() defer.returnValue(dict(code=1, msg=u"认证失败,未知错误, %s" % str(err))) else: resp = { "code" : 0, "msg" : "success", "userName" : "18688888888", "userType" : 1, "qosName" : "pm4", "upLimit" : 4194304, "downLimit": 2097152, "domain" : "iktest", "expire" : "2016-10-10", "flowLen" : 0, "timeLen" : 0 } defer.returnValue(resp)
def get_policy_server(self): cache_key = "get_policy_server" _resp = portal_cache.get(cache_key) if _resp: if self.settings.debug: self.syslog.debug("query policy server request hit cache; key=%s" % cache_key) defer.returnValue(_resp) return nonce = str(time.time()) sign = self.mksign(params=[nonce]) reqdata = json.dumps(dict(nonce=nonce, sign=sign)) apiurl = "%s/plserver/query" % self.settings.apiurl if self.settings.debug: self.syslog.debug("start query policy server request (%s): %s" % (apiurl, reqdata)) resp = yield requests.post(apiurl, data=reqdata, headers={"Content-Type": ["application/json"]}) jsonresp = yield resp.json() if jsonresp['code'] == 1: log.err(jsonresp['msg']) defer.returnValue({}) if jsonresp['code'] == 0: self.syslog.info("query policy server success,{0}".format(utils.safestr(jsonresp))) portal_cache.set(cache_key, jsonresp, expire=60) defer.returnValue(jsonresp)
def get_ikuai_nas(self, gwid): cache_key = '{0}{1}'.format('get_ik_nas', gwid) _resp = portal_cache.get(cache_key) if _resp: if self.settings.debug: self.syslog.debug("query ik_nas request hit cache; key=%s" % cache_key) defer.returnValue(_resp) return sign = self.mksign(params=[gwid]) reqdata = json.dumps(dict(gwid=gwid, sign=sign)) apiurl = "%s/ikuai/query" % self.settings.apiurl if self.settings.debug: self.syslog.debug("start query ikuai nas request (%s): %s" % (apiurl, reqdata)) resp = yield requests.post(apiurl, data=reqdata, headers={"Content-Type": ["application/json"]}) jsonresp = yield resp.json() if jsonresp['code'] == 1: log.err(jsonresp['msg']) defer.returnValue({}) if jsonresp['code'] == 0: self.syslog.info("query ikuai nas success,{0}".format(utils.safestr(jsonresp))) portal_cache.set(cache_key, jsonresp['data'], expire=60) defer.returnValue(jsonresp['data'])
def get_ik_template_attrs(self, gwid): cache_key = '{0}{1}'.format('get_ik_template_attrs', gwid) _resp = portal_cache.get(cache_key) if _resp: if self.settings.debug: self.syslog.debug("query ik_template request hit cache; key=%s" % cache_key) defer.returnValue(_resp) return sign = self.mksign(params=[gwid]) reqdata = json.dumps(dict(gwid=gwid, sign=sign)) apiurl = "%s/ikuai/tpl/query" % self.settings.apiurl if self.settings.debug: self.syslog.debug("query template request (%s): %s" % (apiurl, reqdata)) resp = yield requests.post(apiurl, data=reqdata, headers={"Content-Type": ["application/json"]}) jsonresp = yield resp.json() if jsonresp['code'] == 1: self.syslog.error("query template attrs error, %s" % jsonresp['msg']) defer.returnValue({'tpl_name': 'default'}) return if jsonresp['code'] == 0: self.syslog.info("query template attrs success") portal_cache.set(cache_key, jsonresp['attrs'], expire=60) defer.returnValue(jsonresp['attrs'])
def get(self): session_id = self.get_argument("session_id", None) if not session_id: self.write('20001') sign = self.mksign([session_id]) apiurl = "%s/session/exists" % self.settings.apiurl reqdata = json.dumps(dict(session_id=session_id,sign=sign), ensure_ascii=False) headers = {"Content-Type": ["application/json"]} resp = yield requests.post(apiurl, data=reqdata, headers=headers) if resp.code != 200: self.syslog.error("ikuai session exists error : {0}".format(repr(resp))) self.write("20001") return jsonresp = yield resp.json() if jsonresp['code'] == 1: self.syslog.error("ikuai session exists error : {0}".format(utils.safestr(jsonresp['msg']))) self.write("20001") return self.write('20000')
def post(self, *args, **kwargs): start_time = time.time() username = self.get_argument("username", None) password = self.get_argument("password", None) domain = self.get_argument("domain", None) mac = self.get_argument("mac", None) vlanid1, vlanid2 = 0, 0 cli_dev, cli_os = self.chk_os isChap = 0 chapId = 0 chapPasswdHex = 'null' challengeHex = 'null' gwid = self.get_argument("gwid") user_ip = self.get_argument("user_ip") end_url = "{0}://{1}/ikend".format(self.request.protocol, self.request.host) callback_url = self.get_argument("callback_url") iknas = yield self.get_ikuai_nas(gwid) nasaddr = iknas.get("nas_addr", '0.0.0.0') reqdata = dict( userName=username, password=password, domain=domain, macAddr=mac, nasAddr=nasaddr, vlanId1=vlanid1, vlanId2=vlanid2, deviceType=cli_dev, os=cli_os, isChap=isChap, chapId=chapId, chapPasswdHex=chapPasswdHex, challengeHex=challengeHex, ) jsonresp = yield self.policy_auth(reqdata, test=False) if jsonresp['code'] == 1: self.render_error(msg=jsonresp['msg']) return if self.settings.debug: self.syslog.debug('ikauth login cast:%s' % (time.time() - start_time)) cparams = dict( user_id=username, user_ip=user_ip, upload=0, download=0, phone='', name='', comment='', type='portal', session_id=utils.get_uuid(), timestamp=int(time.time()) ) session = dict( username=username, nas_addr=nasaddr, session_id=cparams["session_id"], start_time=utils.get_currtime(), ipaddr=user_ip, macaddr=mac, input_total=0, output_total=0 ) session['sign'] = self.mksign(session.values()) _apiurl = "%s/session/add" % self.settings.apiurl se_resp = yield requests.post(_apiurl, data=json.dumps(session, ensure_ascii=False), headers={"Content-Type": ["application/json"]}) if se_resp.code != 200: self.syslog.error("ikuai session create error : {0}".format(repr(se_resp))) self.render_error(msg=u"认证失败,创建会话失败") return param_str = urllib.urlencode(cparams) param_str = "{0}&mac={1}".format(param_str, mac) token = md5("{0}&key={1}".format(param_str, iknas.get('api_key'))).hexdigest() enc = base64.encodestring(param_str) full_url = "{0}?ver=1&enc={1}&token={2}&end_url={3}".format(callback_url.strip(), enc, token, end_url) self.syslog.info("[username:{0}] callback {1}".format(username, full_url)) if self.settings.debug: self.syslog.debug('ikportal auth cast:%s' % (time.time() - start_time)) self.redirect(full_url)