Exemple #1
0
def create_group(request, data):
    user_id, group, role = authutils.verify_request(request)
    if role != ROLE.ADMIN:
        LOG.error('role is not admin')
        raise DMException(error.ADMIN_REQUIRE)
    data = data.get('group', None)
    if not data:
        LOG.error('params is wrong')
        raise DMException(error.PARAMS_ERROR)
    if not verify_data(data,['name','role'],['metadata']):
        LOG.error('params is wrong')
        raise DMException(error.PARAMS_ERROR)
    if Groups.objects.filter(name=data.get('name')).first():
        LOG.error('group is exist')
        raise DMException(error.GROUP_EXISTED)
    role = Roles.objects.filter(name=data.get('role')).first()
    if not role:
        LOG.error('role is not exist')
        raise DMException(error.ROLE_NOTEXISTED)
    kwagrs = {}
    kwagrs['name'] = data['name']
    kwagrs['role'] = role
    if 'metadata' in data:
        kwagrs['metadata'] = json.dumps(data['metadata'])
    group = Groups(**kwagrs)
    group.save()
    return {'group':{'id':group.id,'name':group.name,'role':group.role.name}}
Exemple #2
0
def delete_server(request, id):
    user_id, group, role = authutils.verify_request(request)
    server = Servers.objects.filter(id=id).first()
    if not server:
        raise DMException(error.SERVER_NOTEXIST)
    if role != ROLE.ADMIN and server.owner.id != user_id:
        LOG.error('permission denied')
        raise DMException(error.PERMISSION_DENIED)
    server.delete()
Exemple #3
0
def get_user(request,id):
    user_id, group, role = authutils.verify_request(request)
    if role != ROLE.ADMIN and id != user_id:
        LOG.error('permission denied')
        raise DMException(error.PERMISSION_DENIED)
    user = Users.objects.filter(id=id).first()
    if not user:
        LOG.error('user not exist')
        raise DMException(error.USER_NOTEXISTED)
    return {'user':{'id':user.id,'name':user.name,'group':user.group.name,'role':user.group.role.name,
                    'email':user.email,'create_at':user.create_at,'last_login':user.last_login,'metadata':json.loads(user.metadata)}}
Exemple #4
0
def delete_user(request,id):
    user_id, group, role = authutils.verify_request(request)
    if role != ROLE.ADMIN and id != user_id:
        LOG.error('permission denied')
        raise DMException(error.PERMISSION_DENIED)
    if role == ROLE.ADMIN and id == user_id:
        LOG.error('admin cannot be deleted')
        raise DMException(error.ADMIN_CANNOTDELETE)
    user = Users.objects.filter(id=id).first()
    if not user:
        raise DMException(error.USER_NOTEXISTED)
    user.delete()
Exemple #5
0
def verify_token(X_Auth_Token):
    if not Tokens.objects.filter(token=X_Auth_Token).first():
        LOG.error('token is invalid')
        raise DMException(error.TOKEN_INVALID)
    token = crypt.decodeToken(X_Auth_Token)
    expires_at = token['token']['expires_at']
    if timeutils.Normaltime(expires_at) < datetime.datetime.now():
        db_token = Tokens.objects.filter(token=X_Auth_Token).first()
        db_token.delete()
        LOG.error('token is expires')
        raise DMException(error.TOKEN_EXPIRES)
    return token['token']['user']['id'], token['token']['user']['group'], token['token']['user']['role']
Exemple #6
0
def get_users(request):
    user_id, group, role = authutils.verify_request(request)
    if role != ROLE.ADMIN:
        LOG.error('role is not admin')
        raise DMException(error.ADMIN_REQUIRE)
    users = Users.objects.all()
    users_list = {'users':[{'id':user.id,'name':user.name,'group':user.group.name,'role':user.group.role.name} for user in users]}
    return users_list
Exemple #7
0
def auth(data):
    data = data.get('auth', None)
    if not data:
        LOG.error('params is wrong')
        raise DMException(error.PARAMS_ERROR)
    if not verify_data(data, ['name','password']):
        LOG.error('params is wrong')
        raise DMException(error.PARAMS_ERROR)
    name = data['name']
    password = data['password']
    user = Users.objects.filter(name=name).first()
    if not user:
        LOG.error('user not exist')
        raise DMException(error.USER_NOTEXISTED)
    if password != crypt.decrypt(user.salt, user.password):
        LOG.error('password is wrong')
        raise DMException(error.PASSWORD_WRONG)
    return create_token(user)
Exemple #8
0
def decodeToken(jwt_str):
    # fp = file('DockerManager/server.key', 'rb')
    # pri_key_str = fp.read().replace('\n', '')
    # fp.close()
    try:
        token = jwt.decode(jwt_str, 'jj', algorithms=['HS256'])
        return token
    except Exception as e:
        LOG.error('token invaild')
        raise DMException(error.TOKEN_INVALID)
Exemple #9
0
def create_server(request, data):
    user_id, group, role = authutils.verify_request(request)
    data = data.get('server', None)
    if not data:
        LOG.error('params is wrong')
        raise DMException(error.PARAMS_ERROR)
    if not verify_data(data, ['ip', 'username', 'password'],
                       ['description', 'metadata']):
        LOG.error('params is wrong')
        raise DMException(error.PARAMS_ERROR)
    server = Servers.objects.filter(ip=data.get('ip')).first()
    if server:
        LOG.error('server exist')
        raise DMException(error.SERVER_EXIST)
    user = Users.objects.filter(id=user_id).first()
    kwargs = {}
    kwargs['id'] = idutils.generate_id()
    kwargs['ip'] = data['ip']
    kwargs['username'] = data['username']
    salt, password = crypt.encrypt(data['password'])
    kwargs['password'] = password
    kwargs['salt'] = salt
    kwargs['status'] = SERVER_STATUS.CREATING
    kwargs['owner'] = user
    if 'description' in data:
        kwargs['description'] = data['description']
    if 'metadata' in data:
        kwargs['metadata'] = json.dumps(data['metadata'])
    server = Servers(**kwargs)
    server.save()
    return {
        'server': {
            'id': server.id,
            'ip': server.ip,
            'status': server.status,
            'username': server.username,
            'owner': server.owner.id
        }
    }
Exemple #10
0
def update_user(request,id,data):
    user_id, group, role = authutils.verify_request(request)
    if role != ROLE.ADMIN and id != user_id:
        LOG.error('permission denied')
        raise DMException(error.PERMISSION_DENIED)
    user = Users.objects.filter(id=id).first()
    if not user:
        LOG.error('user not exist')
        raise DMException(error.USER_NOTEXISTED)
    data = data.get('user', None)
    if not data:
        LOG.error('params is wrong')
        raise DMException(error.PARAMS_ERROR)
    if role == ROLE.ADMIN and not verify_data(data,[], ['email','metadata','password','group']):
        LOG.error('params is wrong')
        raise DMException(error.PARAMS_ERROR)
    if role != ROLE.ADMIN and not verify_data(data,[], ['email','metadata','password']):
        LOG.error('params is wrong')
        raise DMException(error.PARAMS_ERROR)
    kwargs = {}
    if 'group' in data:
        group = Groups.objects.filter(name=data['group']).first()
        if not group:
            LOG.error('group not exist')
            raise DMException(error.GROUP_NOTEXISTED)
        else:
            kwargs['group'] = group
    if 'email' in data and not verify_email(data['email']):
        LOG.error('params is wrong')
        raise DMException(error.PARAMS_ERROR)
    if 'email' in data and verify_email(data['email']):
        kwargs['email'] = data['email']
    if role == ROLE.ADMIN and id == user_id and 'password' in data:
        salt, password = crypt.encrypt(data['password'])
        kwargs['salt'] = salt
        kwargs['password'] = password
    if role == ROLE.ADMIN and id != user_id and 'password' in data:
        salt, password = crypt.encrypt(DEFAULT.PREPASSWORD+'_'+user.name)
        kwargs['salt'] = salt
        kwargs['password'] = password
    if role != ROLE.ADMIN and id == user_id and 'password' in data:
        salt, password = crypt.encrypt(data['password'])
        kwargs['salt'] = salt
        kwargs['password'] = password
    if 'metadata' in data:
        metadata = json.loads(user.metadata)
        for k,v in data['metadata'].items():
            metadata[k] = v
        kwargs['metadata'] = json.dumps(metadata)
    Users.objects.filter(id=id).update(**kwargs)
Exemple #11
0
def get_server(request, id):
    user_id, group, role = authutils.verify_request(request)
    user = Users.objects.filter(id=user_id).first()
    server = Servers.objects.filter(id=id, owner=user).first()
    if not server:
        raise DMException(error.SERVER_NOTEXIST)
    return {
        'server': {
            'id': server.id,
            'ip': server.ip,
            'version': server.version,
            'container_number': server.container_number,
            'hostname': server.hostname,
            'status': server.status,
            'owner': server.owner.id,
            'cpu_number': server.cpu_number,
            'memory_size': server.memory_size,
            'description': server.description,
            'metadata': json.loads(server.metadata)
        }
    }
Exemple #12
0
def create_user(request, data):
    user_id, group, role = authutils.verify_request(request)
    if role != ROLE.ADMIN:
        LOG.error('role is not admin')
        raise DMException(error.ADMIN_REQUIRE)
    data = data.get('user', None)
    if not data:
        LOG.error('params is wrong')
        raise DMException(error.PARAMS_ERROR)
    if not verify_data(data,['name','password','group'], ['email','metadata']):
        LOG.error('params is wrong')
        raise DMException(error.PARAMS_ERROR)
    if Users.objects.filter(name=data.get('name')).first():
        LOG.error('user already exist')
        raise DMException(error.USER_EXISTED)
    group = Groups.objects.filter(name=data.get('group')).first()
    if not group:
        LOG.error('group not exist')
        raise DMException(error.GROUP_NOTEXISTED)
    if group.role.name == ROLE.ADMIN:
        LOG.error('admin cannot be created')
        raise DMException(error.ADMIN_CANNOTCREATE)
    kwargs = {}
    kwargs['id'] = idutils.generate_id()
    kwargs['name'] = data['name']
    salt, password = crypt.encrypt(data['password'])
    kwargs['salt'] = salt
    kwargs['password'] = password
    if 'email' in data:
        if not verify_email(data['email']):
            LOG.error('email is wrong')
            raise DMException(error.PARAMS_ERROR)
        kwargs['email'] = data['email']
    kwargs['group'] = group
    if 'metadata' in data:
        kwargs['metadata'] = json.dumps(data['metadata'])
    user = Users(**kwargs)
    user.save()
    return {'user':{'id':user.id,'name':user.name,'group':user.group.name,'role':user.group.role.name}}
Exemple #13
0
def verify_request(request):
    X_Auth_Token = request.META.get('HTTP_X_AUTH_TOKEN', None)
    if not X_Auth_Token:
        LOG.error('token is not in headers')
        raise DMException(error.TOKEN_REQUIRE)
    return verify_token(X_Auth_Token)