def setup_local(app):
""" setup local user - creates a random password and adds as encrypted
value to settings and adds 'local' user to users database
"""
import uuid
from utils import aes_encrypt
lpass = "******" % uuid.uuid4()
lpass_encrypt = aes_encrypt(lpass,
ekey=app.config["EKEY"],
eiv=app.config["EIV"])
with app.app_context():
db = app.mongo.db
# add encrypted lpass to global settings
db.settings.update_one({}, {"$set": {"lpass": lpass_encrypt}})
# update/upsert local user
r = db.users.update_one({"username": "******"}, {
"$set": {
"password": Users.hash_pass(lpass),
"role": Roles.FULL_ADMIN,
"groups": []
}
},
upsert=True)
def test_aes_works_for_correct_key(self):
k = utils.generate_aes_key(128)
clear_text = b'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod ' \
b'tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim ' \
b'veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea' \
b' commodo consequat. Duis aute irure dolor in reprehenderit in voluptate ' \
b'velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat' \
b' cupidatat non proident, sunt in culpa qui officia deserunt mollit anim ' \
b'id est laborum.'
encrypted = utils.aes_encrypt(clear_text, k)
decrypted = utils.aes_decrypt(encrypted, k)
self.assertEqual(clear_text, decrypted)
def update(cls, fabric):
""" api call - update ep_settings """
# check if user provided apic password, if so encrypt it
override_attr = {}
data = get_user_data([])
if "apic_password" in data:
override_attr["apic_password"] = aes_encrypt(data["apic_password"])
if override_attr["apic_password"] is None:
abort(500, "encryption block failed")
if "ssh_password" in data:
override_attr["ssh_password"] = aes_encrypt(data["ssh_password"])
if override_attr["ssh_password"] is None:
abort(500, "encryption block failed")
# perform update (aborts on error)
update = Rest.update.__func__(
cls,
current_app.mongo.db.ep_settings,
rule_dn="/ept/settings",
update_one=("fabric", fabric),
override_attr=override_attr,
)
return {"success": True}
def create(cls):
""" api call - create new fabric settings """
# check if user provided apic password, if so encrypt it
override_attr = {}
data = get_user_data(["fabric"])
fabric = data["fabric"]
if "apic_password" in data:
override_attr["apic_password"] = aes_encrypt(data["apic_password"])
if override_attr["apic_password"] is None:
abort(500, "encryption block failed")
if "ssh_password" in data:
override_attr["ssh_password"] = aes_encrypt(data["ssh_password"])
if override_attr["ssh_password"] is None:
abort(500, "encryption block failed")
Rest.create.__func__(
cls,
current_app.mongo.db.ep_settings,
rule_dn="/ept/settings/",
required_attr=["fabric"],
override_attr=override_attr,
)
return {"success": True, "fabric": fabric}
def post(self, path):
if 'card_query' not in self.current_user['roles']:
return self.finish()
self.user_id = self.current_user['user_id']
body = self.request.body.decode()
args = json.loads(body)
if not {'box_id', 'card_id', 'password', 'no_modify'} <= set(args):
return self.finish(json.dumps({'status': 'fail', 'msg': '输入异常'}))
box_id = args['box_id']
card_id = args['card_id']
password = args['password']
no_modify = args['no_modify']
session = None
try:
session = self.session('machado')
#数据库中查询卡盒信息
db_box_info = None
query = session.query(Box).filter(Box.id == box_id)
if 'admin' not in self.current_user['role']:
query = query.filter(Box.user_id == self.user_id)
db_box_info = query.one_or_none()
if db_box_info == None:
return self.finish(
json.dumps({
'status': 'fail',
'msg': '卡盒信息出错'
}))
#redis查询单张卡的信息
partition = self.slave.hget('card:%s' % card_id, 'part')
if partition is None:
return self.finish(
json.dumps({
'status': 'fail',
'msg': '卡信息错 %s' % partition
}))
card_class = get_card_shard(partition)
query = session.query(card_class).filter(
card_class.card_id == card_id, card_class.box_id == box_id)
if 'admin' not in self.current_user['role']:
query = query.filter(card_class.user_id == self.user_id)
card = query.one_or_none()
if card is None:
return self.finish(
json.dumps({
'status': 'fail',
'msg': '无效的卡(%s)' % card_id
}))
if card.status != 'error':
return self.finish(
json.dumps({
'status': 'fail',
'msg': '无效的状态(%s)' % card.status
}))
card_pass = None
if not no_modify:
user_id = card.user_id
user = self.application.config.get('user').get(user_id)
aes_pass = user['aes_pass']
aes_iv = user['aes_iv']
card_pass = aes_encrypt(password, aes_pass, aes_iv)
card.password = card_pass
card.status = db_box_info.status
session.add(card)
session.commit()
# update box
self.master.hincrby('box:%s' % box_id, 'error', -1)
self.master.hincrby('box:%s' % box_id, 'ready', 1)
# update Caching
request_log.info(
'USER[{0}] MODIFE CARD_PASS BOX[{1}] CARD[{2}] OLD_CARD_PASS[{3}] >> NEW_CARD_PASS[{4}]'
.format(self.current_user['id'], box_id, card_id,
self.master.hget('card:%s' % card_id, 'password'),
card_pass))
if card_pass:
self.master.hset('card:%s' % card_id, 'password', card_pass)
# 判断是否需要挪到可用列表
if card.status == 'ready':
card_type, pool = self.master.hmget('box:{0}'.format(box_id),
'card_type', 'pool')
card_list_key = 'list:card:{0}:{1}:{2}'.format(
card_type, pool, card.price)
self.master.rpush(card_list_key, card.card_id)
self.finish(json.dumps({'status': 'ok', 'msg': '成功'}))
except Exception as e:
request_log.exception('UPDATE CARD ERROR')
self.finish(json.dumps({'status': 'fail', 'msg': '未知异常'}))
finally:
if session:
session.close()
def post_commit(self):
user_id = self.current_user['user_id']
status = 'fail'
msg = ''
master = self.master
engine = self.application.engine['machado']
session = sessionmaker(bind=engine)()
number_check = self.application.number_check
try:
if self.master.exists('flag:task'):
log_request.info('STOP FLAG FOUND!')
raise RuntimeError('系统临时维护,请与技术人员联系。')
if not number_check.is_loaded():
raise RuntimeError('重复卡号检查器未加载完毕,请稍后再试。')
# checking
price0 = None
card_set = set()
pass_set = set()
count = 0
card_lines = self.master.lrange('list:easy:card:' + user_id, 0, -1)
if len(card_lines) == 0:
raise RuntimeError('你还没有输入可提交的卡密')
for card in card_lines:
card_id, price, card_pass = card.split(';')
if price0 is None:
price0 = price
elif price0 != price:
raise RuntimeError('价格不一致')
if card_id in card_set or master.exists(
'card:%s' % card_id) or number_check.exists(card_id):
raise RuntimeError('系统中有重复卡号:%s' % card_id)
if card_pass in pass_set:
raise RuntimeError('系统中有重复密码:%s' % card_id)
if sinopec_pattern_card.match(card_id) is None:
raise RuntimeError('卡号格式不正确(16位):%s' % card_id)
if sinopec_pattern_pass.match(card_pass) is None:
raise RuntimeError('卡密码不正确(20位) %s' % card_id)
card_set.add(card_id)
pass_set.add(card_pass)
count += 1
########
# CREATE BOX
tsp = dt.datetime.now()
part = tsp.strftime('%m')
uid = master.incr('xid:easy')
file_name = 'easy_%s_%d.txt' % (tsp.strftime('%Y%m%d'), uid)
box = Box()
box.card_type = 'SINOPEC'
box.user_id = user_id # for multi-user
box.partition = part
box.price = price0
box.count = count
box.ready = count
box.inuse = 0
box.used = 0
box.error = 0
box.invalid = 0
box.status = 'ready'
box.filename = file_name
box.package = str(uid)
box.create_time = tsp
# box.target_user = target_user
box.source = None
box.buy_price = price0
box.sell_price = price0
box.notes = None
session.add(box)
session.commit()
master.hmset(
'box:%d' % box.id, {
'count': count,
'ready': count,
'inuse': 0,
'used': 0,
'error': 0,
'invalid': 0,
'user_id': user_id,
'price': price0,
'part': part,
'card_type': 'SINOPEC',
})
'''
INSERT FILE
'''
card_part = get_card_shard(part)
user = self.application.config.get('user').get(user_id)
aes_pass = user['aes_pass']
aes_iv = user['aes_iv']
# two parse
card_list = []
for card in card_lines:
card_id, price, card_pass = card.split(';')
card_pass = aes_encrypt(card_pass, aes_pass, aes_iv)
master.hmset(
'card:%s' % card_id, {
'price': price,
'password': card_pass,
'part': part,
'box': box.id,
'user_id': user_id,
'package': box.package,
'create_time': tsp,
'file_name': file_name,
})
card_list.append(card_id)
card = card_part()
card.user_id = user_id
card.card_id = card_id
card.box_id = box.id
card.password = card_pass
card.price = price
card.status = 'ready'
card.create_time = tsp
session.add(card)
session.commit()
number_check.update(card_set)
# 将上的卡存储到默认上卡卡池
up_pool = user_id
master.hmset('box:%d' % box.id, {'pool': up_pool})
master.sadd(
'set:card_pool:box_list:{0}:{1}'.format('SINOPEC', up_pool),
box.id)
for card_id in card_list:
master.lpush(
'list:card:{0}:{1}:{2}'.format('SINOPEC', up_pool, price0),
card_id)
# ret = {'status': 'ok', 'box_id': box.id, 'count': count, 'price': price0}
income = price0 * count
log_request.info('ADD FUND FOR %sx%s', price0, count)
for _try in range(5):
r = yield self.post_fund('deposit', '', user_id, income)
log_request.info('ADD FUND RESULT %s', r)
if r == 'ok':
break
tornado.gen.sleep(5)
self.master.delete('set:easy:card:' + user_id)
self.master.delete('list:easy:card:' + user_id)
status = 'ok'
msg = '导入成功'
except Exception as e:
log_request.exception('EASY IMPORT FAIL')
status = 'fail'
msg = str(e)
finally:
session.close()
self.finish(json.dumps({'status': status, 'msg': msg}))
def post(self):
if 'card_query' not in self.current_user['roles']:
return self.send_error(403)
err_msg = []
resp_result = {'status': 'fail', 'msg': err_msg}
self.user_id = self.current_user['user_id']
self.card_type = self.get_argument('card_type')
box_id = self.get_argument('box_id')
pattern_card = None
pattern_pass = None
if self.card_type == 'CMCC_FEE':
pattern_card = self.cmccfee_pattern_card
pattern_pass = self.cmccfee_pattern_pass
elif self.card_type == 'SINOPEC':
pattern_card = self.sinopec_pattern_card
pattern_pass = self.sinopec_pattern_pass
else:
return self.send_error(403)
file = self.request.files['correction_cards'][0]
file_name = file['filename']
card_id_set = set()
card_pass_set = set()
card_list = {}
#检测盒号信息
redis_box_info = self.master.hgetall('box:{0}'.format(box_id))
if not redis_box_info:
err_msg.append('找不到该盒卡的数据')
return self.finish(json.dumps(resp_result))
try:
self.db_session = self.session('machado')
query = self.db_session.query(Box).filter(Box.id == box_id)
if 'admin' not in self.current_user['role']:
query = query.filter(Box.user_id == self.user_id)
db_box_info = query.one_or_none()
if not db_box_info:
err_msg.append('找不到盒号 {0} 的信息'.format(box_id))
return self.finish(json.dumps(resp_result))
finally:
self.db_session.close()
#检测卡号和卡密
try:
with xlrd.open_workbook(file_contents=file['body']) as book:
sheet1 = book.sheet_by_index(0)
for i in range(1, sheet1.nrows):
line_num = i + 1
card_id = sheet1.cell(i, 6).value
card_pass = sheet1.cell(i, 7).value
if isinstance(card_id, float):
card_id = '%.0f' % card_id
if isinstance(card_pass, float):
card_pass = '******' % card_pass
if card_id in card_id_set:
card_id_set.add(card_id)
err_msg.append('第{0}行存在重复卡号 {1}'.format(
line_num, card_id))
if pattern_card.match(card_id) is None:
err_msg.append('第{0}行卡号{1}格式不正确'.format(
line_num, card_pass))
if card_pass in card_pass_set:
card_pass_set.add(card_pass_set)
err_msg.append('第{0}行存在重复卡密 {1}'.format(
line_num, card_pass))
if pattern_pass.match(card_pass) is None:
err_msg.append('第{0}行卡密{1}格式不正确'.format(
line_num, card_pass))
card_list[card_id] = card_pass
except Exception:
log.exception('CorrectionBoxFileHandler read file exception')
err_msg.append('数据异常')
return self.finish(json.dumps(resp_result))
if len(err_msg):
return self.finish(json.dumps(resp_result))
#根据盒号信息检测卡号信息是否存在
db_err_card_list = {}
card_class = get_card_shard(db_box_info.partition)
try:
self.db_session = self.session('machado')
q = self.db_session.query(card_class).filter(
card_class.box_id == db_box_info.id,
card_class.status == 'error')
for card_info in q:
db_err_card_list[card_info.card_id] = None
finally:
self.db_session.close()
#判断错卡状态是否正确
for card_id in card_list:
if card_id not in db_err_card_list:
err_msg.append('卡号 {0} 状态非法,或者不属于本盒卡'.format(card_id))
else:
db_err_card_list[card_id] = card_list[card_id]
#更新错卡卡密
user_id = db_box_info.user_id
user = self.application.config.get('user').get(user_id)
aes_pass = user['aes_pass']
aes_iv = user['aes_iv']
try:
self.db_session = self.session('machado')
for card_id in db_err_card_list:
card_pass = db_err_card_list[card_id]
if not card_pass:
continue
card_pass = aes_encrypt(card_pass, aes_pass, aes_iv)
#更新卡的状态
card = self.db_session.query(card_class).filter(
card_class.box_id == db_box_info.id,
card_class.card_id == card_id).one()
card.password = card_pass
card.status = db_box_info.status
self.db_session.add(card)
self.db_session.commit()
self.master.hincrby('box:%s' % box_id, 'error', -1)
self.master.hincrby('box:%s' % box_id, 'ready', 1)
log.info(
'USER[{0}] MODIFE CARD_PASS BOX[{1}] CARD[{2}] OLD_CARD_PASS[3] >> NEW_CARD_PASS[{4}]'
.format(self.current_user['id'], box_id, card_id,
self.master.hget('card:%s' % card_id, 'password'),
card_pass))
self.master.hmset('card:%s' % card_id, {'password': card_pass})
if card.status == 'ready':
card_list_key = 'list:card:{0}:{1}:{2}'.format(
redis_box_info['card_type'],
redis_box_info['pool'],
redis_box_info['price'],
)
self.master.rpush(card_list_key, card.card_id)
finally:
self.db_session.close()
resp_result['status'] = 'ok'
return self.finish(json.dumps(resp_result))
def commit_file(self, file_info, session):
# checking only
card_set = set()
pass_set = set()
price = int(file_info['price'])
file_name = file_info['filename']
file_path = os.path.join(file_info['path'], file_name)
package_no = file_info['package_no']
# target_user = file_info['target_user']
user_id = file_info['user_id']
source_id = file_info['source_id']
buy_price = file_info['buy_price']
sell_price = file_info['sell_price']
notes = file_info['notes']
card_type = file_info['card_type']
master = self.master
status = 'ok'
msg = ''
number_check = self.application.number_check
if not number_check.is_loaded():
status = 'fail'
msg = '重复卡号检查器未加载完毕,请稍后再试。'
return status, msg
try:
tsp = dt.datetime.now()
part = tsp.strftime('%m')
with xlrd.open_workbook(file_path) as book:
sheet1 = book.sheet_by_index(0)
# FAST CHECK
count = 0
for n in range(sheet1.nrows):
count += 1
# read a cell
card_id = str(sheet1.cell(
n, self.CARD_ID_COL_NUM).value).strip()
card_pass = str(
sheet1.cell(n, self.CARD_PASS_COL_NUM).value).strip()
p = sheet1.cell(n, self.CARD_PRICE_NUM).value
if isinstance(p, str) and '元' in p:
p = p[:-1]
price0 = int(p)
if price != price0:
status = 'fail'
msg = '价格不一致:%s' % card_id
break
if master.exists('card:%s' %
card_id) or number_check.exists(card_id):
status = 'fail'
msg = '系统中有重复卡号:%s' % card_id
break
if card_id in card_set:
status = 'fail'
msg = '文件中有重复卡号:%s' % card_id
break
if card_type == 'SINOPEC':
if sinopec_pattern_card.match(card_id) is None:
status = 'fail'
msg = '卡号格式不正确(16位):%s' % card_id
break
if sinopec_pattern_pass.match(card_pass) is None:
status = 'fail'
msg = '卡密码不正确(20位) %s' % card_id
break
elif card_type == 'CMCC_FEE':
if pattern_card.match(card_id) is None:
status = 'fail'
msg = '卡号格式不正确(17位,6,7位为10,16,19,20):%s' % card_id
break
if pattern_pass.match(card_pass) is None:
status = 'fail'
msg = '卡密码不正确(19位) %s' % card_id
break
if card_pass in pass_set:
status = 'fail'
msg = '第%d行:文件中卡密码重复 %s' % (count, card_id)
break
card_set.add(card_id)
pass_set.add(card_pass)
# SLOW CHECK
# INPUT
if status == 'fail':
return status, msg
'''
CREATE BOX
'''
box = Box()
box.card_type = card_type
box.user_id = user_id # for multi-user
box.partition = part
box.price = price
box.count = count
box.ready = count
box.inuse = 0
box.used = 0
box.error = 0
box.invalid = 0
box.status = 'ready'
box.filename = file_name
box.package = package_no
box.create_time = tsp
# box.target_user = target_user
box.source = source_id
box.buy_price = buy_price
box.sell_price = sell_price
box.notes = notes
session.add(box)
session.commit()
master.hmset(
'box:%d' % box.id, {
'count': count,
'ready': count,
'inuse': 0,
'used': 0,
'error': 0,
'invalid': 0,
'user_id': user_id,
'price': price,
'part': part,
'card_type': card_type,
})
master.lpush(
'list:pool:type:{pool_id}:{price}'.format(pool_id=user_id,
price=price),
box.id)
'''
INSERT FILE
'''
card_part = get_card_shard(part)
user = self.application.config.get('user').get(user_id)
aes_pass = user['aes_pass']
aes_iv = user['aes_iv']
# two parse
card_list = []
for n in range(sheet1.nrows):
# read a cell
card_id = str(sheet1.cell(
n, self.CARD_ID_COL_NUM).value).strip()
card_pass = str(
sheet1.cell(n, self.CARD_PASS_COL_NUM).value).strip()
if isinstance(card_id, float):
card_id = '%.0f' % card_id
if isinstance(card_pass, float):
card_pass = '******' % card_pass
card_pass = aes_encrypt(card_pass, aes_pass, aes_iv)
master.hmset(
'card:%s' % card_id, {
'price': price,
'password': card_pass,
'part': part,
'box': box.id,
'user_id': user_id,
'package': box.package,
'create_time': tsp,
'file_name': file_name,
})
master.lpush(
'list:ready:box:{box_id}'.format(box_id=box.id),
card_id)
card_list.append(card_id)
card = card_part()
card.user_id = user_id
card.card_id = card_id
card.box_id = box.id
card.password = card_pass
card.price = price
card.status = 'ready'
card.create_time = tsp
session.add(card)
session.commit()
number_check.update(card_set)
# 存储到指定卡池之中
up_pool = file_info['card_pool']
master.hmset('box:%d' % box.id, {'pool': up_pool})
master.sadd(
'set:card_pool:box_list:{0}:{1}'.format(
card_type, up_pool), box.id)
for card_id in card_list:
master.lpush(
'list:card:{0}:{1}:{2}'.format(card_type, up_pool,
price), card_id)
ret = {
'status': 'ok',
'box_id': box.id,
'count': count,
'price': price
}
# when file closed
if status == 'ok':
self.encrypt_file_by_user(file_path)
except Exception as e:
log_request.exception('ERROR')
status = 'fail'
msg = repr(e)
return status, msg
def encrypt_bouncy_tcp_msg(msg: BouncyTcpMessage, session_key: bytes) -> bytes:
bouncy_tcp_bytes = msg.SerializeToString()
return utils.aes_encrypt(bouncy_tcp_bytes, session_key)