def post(self, request, *args, **kwargs):
values = request.data.get("oauth_services")
eid = request.user.enterprise_id
try:
services = oauth_repo.create_or_update_console_oauth_services(
values, eid)
except Exception as e:
logger.exception(e)
return Response({"msg": e.message},
status=status.HTTP_400_BAD_REQUEST)
service = oauth_repo.get_conosle_oauth_service(eid)
api = get_oauth_instance(service.oauth_type, service, None)
authorize_url = api.get_authorize_url()
data = []
for service in services:
data.append({
"service_id": service.ID,
"name": service.name,
"oauth_type": service.oauth_type,
"client_id": service.client_id,
"client_secret": service.client_secret,
"enable": service.enable,
"eid": service.eid,
"redirect_uri": service.redirect_uri,
"home_url": service.home_url,
"auth_url": service.auth_url,
"access_token_url": service.access_token_url,
"api_url": service.api_url,
"is_auto_login": service.is_auto_login,
"is_git": service.is_git,
"authorize_url": authorize_url,
})
rst = {"data": {"bean": {"oauth_services": data}}}
return Response(rst, status=status.HTTP_200_OK)
def get_oauth_services(self):
rst = []
enterprise = enterprise_services.get_enterprise_by_enterprise_id(
self.enterprise_id)
if enterprise.ID != 1:
oauth_services = OAuthServices.objects.filter(
~Q(oauth_type="enterprisecenter"),
eid=enterprise.enterprise_id,
is_deleted=False,
enable=True)
else:
oauth_services = OAuthServices.objects.filter(
eid=enterprise.enterprise_id, is_deleted=False, enable=True)
if oauth_services:
for oauth_service in oauth_services:
try:
api = get_oauth_instance(oauth_service.oauth_type,
oauth_service, None)
authorize_url = api.get_authorize_url()
rst.append({
"service_id": oauth_service.ID,
"enable": oauth_service.enable,
"name": oauth_service.name,
"oauth_type": oauth_service.oauth_type,
"is_console": oauth_service.is_console,
"home_url": oauth_service.home_url,
"eid": oauth_service.eid,
"is_auto_login": oauth_service.is_auto_login,
"is_git": oauth_service.is_git,
"authorize_url": authorize_url,
})
except NoSupportOAuthType:
continue
return rst
def get_enterprise_center_oauth(self):
try:
oauth_service = OAuthServices.objects.get(
is_deleted=False,
enable=True,
oauth_type="enterprisecenter",
ID=1)
pre_enterprise_center = os.getenv("PRE_ENTERPRISE_CENTER", None)
if pre_enterprise_center:
oauth_service = OAuthServices.objects.get(
name=pre_enterprise_center, oauth_type="enterprisecenter")
except OAuthServices.DoesNotExist:
return None
try:
api = get_oauth_instance(oauth_service.oauth_type, oauth_service,
None)
authorize_url = api.get_authorize_url()
return {
"service_id": oauth_service.ID,
"enable": oauth_service.enable,
"name": oauth_service.name,
"oauth_type": oauth_service.oauth_type,
"is_console": oauth_service.is_console,
"home_url": oauth_service.home_url,
"eid": oauth_service.eid,
"is_auto_login": oauth_service.is_auto_login,
"is_git": oauth_service.is_git,
"authorize_url": authorize_url,
}
except NoSupportOAuthType:
return None
def post(self, request, enterprise_id, *args, **kwargs):
values = request.data.get("oauth_services")
services = oauth_repo.create_or_update_oauth_services(
values, enterprise_id)
data = []
for service in services:
api = get_oauth_instance(service.oauth_type, service, None)
authorize_url = api.get_authorize_url()
data.append({
"service_id": service.ID,
"name": service.name,
"oauth_type": service.oauth_type,
"client_id": service.client_id,
"client_secret": service.client_secret,
"enable": service.enable,
"eid": service.eid,
"redirect_uri": service.redirect_uri,
"home_url": service.home_url,
"auth_url": service.auth_url,
"access_token_url": service.access_token_url,
"api_url": service.api_url,
"is_auto_login": service.is_auto_login,
"is_git": service.is_git,
"authorize_url": authorize_url,
})
rst = {"data": {"bean": {"oauth_services": data}}}
return Response(rst, status=status.HTTP_200_OK)
def initial(self, request, *args, **kwargs):
super(EnterpriseServiceOauthView,
self).initial(request, *args, **kwargs)
try:
oauth_service = OAuthServices.objects.get(
oauth_type="enterprisecenter", ID=1)
pre_enterprise_center = os.getenv("PRE_ENTERPRISE_CENTER", None)
if pre_enterprise_center:
oauth_service = OAuthServices.objects.get(
name=pre_enterprise_center, oauth_type="enterprisecenter")
oauth_user = UserOAuthServices.objects.get(
service_id=oauth_service.ID, user_id=request.user.user_id)
except OAuthServices.DoesNotExist:
raise ServiceHandleException(
msg="not found enterprise center oauth server config",
msg_show=u"未找到企业中心OAuth配置",
status_code=404)
except UserOAuthServices.DoesNotExist:
raise ServiceHandleException(
msg="user not authorize in enterprise center oauth",
msg_show=u"用户身份未在企业中心认证")
self.oauth_instance = get_oauth_instance(oauth_service.oauth_type,
oauth_service, oauth_user)
if not self.oauth_instance:
raise ServiceHandleException(
msg="no found enterprise service OAuth",
msg_show=u"未找到企业中心OAuth服务类型",
status_code=404)
def get_all_oauth_service(self):
rst = []
oauth_services = OAuthServices.objects.filter(is_deleted=False,
enable=True)
if oauth_services:
for oauth_service in oauth_services:
try:
api = get_oauth_instance(oauth_service.oauth_type,
oauth_service, None)
authorize_url = api.get_authorize_url()
rst.append({
"service_id": oauth_service.ID,
"enable": oauth_service.enable,
"name": oauth_service.name,
"oauth_type": oauth_service.oauth_type,
"is_console": oauth_service.is_console,
"home_url": oauth_service.home_url,
"eid": oauth_service.eid,
"is_auto_login": oauth_service.is_auto_login,
"is_git": oauth_service.is_git,
"authorize_url": authorize_url,
})
except NoSupportOAuthType:
continue
return rst
def create_or_update_oauth_services(self, values, eid=None):
querysetlist = []
for value in values:
instance = get_oauth_instance(value["oauth_type"])
value["home_url"] = value["home_url"].strip().strip("/")
auth_url = instance.get_auth_url(home_url=value["home_url"])
access_token_url = instance.get_access_token_url(
home_url=value["home_url"])
api_url = instance.get_user_url(home_url=value["home_url"])
is_git = instance.is_git_oauth()
if value.get("service_id") is None:
# check if the name exists
try:
self.get_by_name(value["name"])
raise ErrOauthServiceExists
except OAuthServices.DoesNotExist:
pass
querysetlist.append(
OAuthServices(name=value["name"],
client_id=value["client_id"],
eid=value["eid"],
client_secret=value["client_secret"],
redirect_uri=value["redirect_uri"],
oauth_type=value["oauth_type"],
home_url=value["home_url"],
auth_url=auth_url,
access_token_url=access_token_url,
api_url=api_url,
is_auto_login=value["is_auto_login"],
is_console=value["is_console"],
is_deleted=value.get("is_deleted", False),
is_git=is_git))
else:
if value.get("is_deleted"):
self.delete_oauth_service(
service_id=value.get("service_id"))
else:
old_service = self.open_get_oauth_services_by_service_id(
service_id=value.get("service_id"))
if old_service.home_url != value["home_url"]:
UserOAuthServices.objects.filter(
service_id=value.get("service_id")).delete()
OAuthServices.objects.filter(
ID=value["service_id"]).update(
name=value["name"],
eid=value["eid"],
redirect_uri=value["redirect_uri"],
home_url=value["home_url"],
auth_url=auth_url,
access_token_url=auth_url,
api_url=auth_url,
enable=value["enable"],
is_auto_login=value["is_auto_login"],
is_console=value["is_console"])
if eid is None:
eid = value["eid"]
OAuthServices.objects.bulk_create(querysetlist)
rst = OAuthServices.objects.filter(eid=eid)
return rst
def check_user_is_enterprise_center_user(self, user_id):
oauth_user, oauth_service = oauth_user_repo.get_enterprise_center_user_by_user_id(
user_id)
if oauth_user and oauth_service:
return get_oauth_instance(oauth_service.oauth_type, oauth_service,
oauth_user), oauth_user
return None, None
def get(self, request, *args, **kwargs):
eid = request.user.enterprise_id
service = oauth_repo.get_conosle_oauth_service(eid)
if service is not None:
api = get_oauth_instance(service.oauth_type, service, None)
authorize_url = api.get_authorize_url()
data = {
"service_id": service.ID,
"enable": service.enable,
"name": service.name,
"client_id": service.client_id,
"auth_url": service.auth_url,
"redirect_uri": service.redirect_uri,
"oauth_type": service.oauth_type,
"home_url": service.home_url,
"eid": service.eid,
"access_token_url": service.access_token_url,
"api_url": service.api_url,
"client_secret": service.client_secret,
"is_auto_login": service.is_auto_login,
"is_git": service.is_git,
"authorize_url": authorize_url,
}
rst = {"data": {"bean": {"oauth_services": data}}}
return Response(rst, status=status.HTTP_200_OK)
else:
rst = {"data": {"bean": {"oauth_services": None}}}
return Response(rst, status=status.HTTP_200_OK)
def get(self, request, *args, **kwargs):
all_services_list = []
eid = request.user.enterprise_id
service = oauth_repo.get_conosle_oauth_service(eid)
all_services = oauth_repo.get_all_oauth_services(eid)
if all_services is not None:
for l_service in all_services:
api = get_oauth_instance(l_service.oauth_type, service, None)
authorize_url = api.get_authorize_url()
all_services_list.append({
"service_id": l_service.ID,
"enable": l_service.enable,
"name": l_service.name,
"client_id": l_service.client_id,
"auth_url": l_service.auth_url,
"redirect_uri": l_service.redirect_uri,
"oauth_type": l_service.oauth_type,
"home_url": l_service.home_url,
"eid": l_service.eid,
"access_token_url": l_service.access_token_url,
"api_url": l_service.api_url,
"client_secret": l_service.client_secret,
"is_auto_login": l_service.is_auto_login,
"is_git": l_service.is_git,
"authorize_url": authorize_url,
"enterprise_id": l_service.eid,
})
rst = {"data": {"list": all_services_list}}
return Response(rst, status=status.HTTP_200_OK)
def get(self, request, service_id, *args, **kwargs):
user_id = request.user.user_id
page = request.GET.get("page", 1)
search = request.GET.get("search", '')
oauth_service = oauth_repo.get_oauth_services_by_service_id(
service_id=service_id)
oauth_user = oauth_user_repo.get_user_oauth_by_user_id(
service_id=service_id, user_id=user_id)
if oauth_user is None:
rst = {
"data": {
"bean": None
},
"status": 400,
"msg_show": u"未成功获取第三方用户信息"
}
return Response(rst, status=status.HTTP_200_OK)
service = get_oauth_instance(oauth_service.oauth_type, oauth_service,
oauth_user)
if not service.is_git_oauth():
rst = {
"data": {
"bean": None
},
"status": 400,
"msg_show": u"该OAuth服务不是代码仓库类型"
}
return Response(rst, status=status.HTTP_200_OK)
try:
if len(search) > 0 and search is not None:
true_search = oauth_user.oauth_user_name + '/' + search.split(
"/")[-1]
data = service.search_repos(true_search, page=page)
else:
data = service.get_repos(page=page)
rst = {
"data": {
"bean": {
"repositories": data,
"user_id": user_id,
"service_id": service_id,
"service_type": oauth_service.oauth_type,
"service_name": oauth_service.name,
"total": 10
}
}
}
return Response(rst, status=status.HTTP_200_OK)
except Exception as e:
logger.debug(e)
rst = {
"data": {
"bean": None
},
"status": 400,
"msg_show": u"Access Token 已过期"
}
return Response(rst, status=status.HTTP_200_OK)
def get(self, request, service_id, *args, **kwargs):
user_id = request.user.user_id
type = request.GET.get("type")
full_name = request.GET.get("full_name")
oauth_service = oauth_repo.get_oauth_services_by_service_id(service_id)
oauth_user = oauth_user_repo.get_user_oauth_by_user_id(
service_id=service_id, user_id=user_id)
if oauth_user is None:
rst = {
"data": {
"bean": None
},
"status": 400,
"msg_show": u"未成功获取第三方用户信息"
}
return Response(rst, status=status.HTTP_200_OK)
try:
service = get_oauth_instance(oauth_service.oauth_type,
oauth_service, oauth_user)
except Exception as e:
logger.debug(e)
rst = {
"data": {
"bean": None
},
"status": 400,
"msg_show": u"未找到OAuth服务"
}
return Response(rst, status=status.HTTP_200_OK)
if not service.is_git_oauth():
rst = {
"data": {
"bean": None
},
"status": 400,
"msg_show": u"该OAuth服务不是代码仓库类型"
}
return Response(rst, status=status.HTTP_200_OK)
try:
data = service.get_branches_or_tags(type, full_name)
rst = {"data": {"bean": {type: data, "total": len(data)}}}
return Response(rst, status=status.HTTP_200_OK)
except Exception as e:
logger.debug(e)
rst = {
"data": {
"bean": None
},
"status": 400,
"msg_show": u"Access Token 已过期"
}
return Response(rst, status=status.HTTP_200_OK)
def get_user_oauth_services_info(self, eid, user_id):
oauth_services = []
services = OAuthServices.objects.filter(eid=eid,
is_deleted=False,
enable=True)
for service in services:
user_service = self.get_user_oauth_by_user_id(
service_id=service.ID, user_id=user_id)
api = get_oauth_instance(service.oauth_type, service, None)
authorize_url = api.get_authorize_url()
if user_service:
oauth_services.append({
"service_id":
service.ID,
"service_name":
service.name,
"oauth_type":
service.oauth_type,
"is_authenticated":
user_service.is_authenticated,
"is_expired":
user_service.is_expired,
"auth_url":
service.auth_url,
"client_id":
service.client_id,
"redirect_uri":
service.redirect_uri,
"is_git":
service.is_git,
"authorize_url":
authorize_url,
"oauth_user_name":
user_service.oauth_user_name,
})
else:
oauth_services.append({
"service_id": service.ID,
"service_name": service.name,
"oauth_type": service.oauth_type,
"is_authenticated": False,
"is_expired": False,
"auth_url": service.auth_url,
"client_id": service.client_id,
"redirect_uri": service.redirect_uri,
"is_git": service.is_git,
"authorize_url": authorize_url,
"oauth_user_name": "",
})
return oauth_services
def get(self, request, service_id, path, name, *args, **kwargs):
full_name = '/'.join([path, name])
user_id = request.user.user_id
try:
oauth_service = oauth_repo.get_oauth_services_by_service_id(service_id=service_id)
oauth_user = oauth_user_repo.get_user_oauth_by_user_id(service_id=service_id, user_id=user_id)
except Exception as e:
logger.debug(e)
rst = {"data": {"bean": None}, "status": 404,
"msg_show": u"未找到oauth服务, 请检查该服务是否存在且属于开启状态"}
return Response(rst, status=status.HTTP_200_OK)
if oauth_user is None:
rst = {"data": {"bean": None},
"status": 400,
"msg_show": u"未成功获取第三方用户信息"
}
return Response(rst, status=status.HTTP_200_OK)
try:
service = get_oauth_instance(oauth_service.oauth_type, oauth_service, oauth_user)
except Exception as e:
logger.debug(e)
rst = {"data": {"bean": None},
"status": 400,
"msg_show": u"未找到OAuth服务"
}
return Response(rst, status=status.HTTP_200_OK)
if not service.is_git_oauth():
rst = {"data": {"bean": None},
"status": 400,
"msg_show": u"该OAuth服务不是代码仓库类型"
}
return Response(rst, status=status.HTTP_200_OK)
repo_list = []
try:
for data in service.get_repo_detail(full_name):
repo_list.append(data)
rst = {"data": {"bean": {
"repositories": repo_list, "user_id": user_id,
"service_id": service_id, "service_type": oauth_service.oauth_type,
"service_name": oauth_service.name, "total": 10}}}
return Response(rst, status=status.HTTP_200_OK)
except Exception as e:
logger.debug(e)
rst = {"data": {"bean": None},
"status": 400,
"msg_show": u"Access Token 已过期"}
return Response(rst, status=status.HTTP_200_OK)
def create_or_update_console_oauth_services(self, values, eid):
old_oauth_service = OAuthServices.objects.filter(
eid=eid, is_console=True).first()
for value in values[:1]:
if value["oauth_type"] in support_oauth_type.keys():
instance = get_oauth_instance(value["oauth_type"])
auth_url = instance.get_auth_url(home_url=value["home_url"])
access_token_url = instance.get_access_token_url(
home_url=value["home_url"])
api_url = instance.get_user_url(home_url=value["home_url"])
is_git = instance.is_git_oauth()
if value.get(
"service_id") is None and old_oauth_service is None:
OAuthServices.objects.create(
name=value["name"],
client_id=value["client_id"],
eid=value["eid"],
client_secret=value["client_secret"],
redirect_uri=value["redirect_uri"],
oauth_type=value["oauth_type"],
home_url=value["home_url"],
auth_url=auth_url,
access_token_url=access_token_url,
api_url=api_url,
enable=value["enable"],
is_auto_login=value["is_auto_login"],
is_console=value["is_console"],
is_git=is_git)
elif old_oauth_service is not None and value.get(
"service_id") == old_oauth_service.ID:
OAuthServices.objects.filter(
ID=value["service_id"]).update(
name=value["name"],
eid=value["eid"],
redirect_uri=value["redirect_uri"],
home_url=value["home_url"],
auth_url=auth_url,
access_token_url=access_token_url,
api_url=api_url,
enable=value["enable"],
is_auto_login=value["is_auto_login"],
is_console=value["is_console"])
else:
raise Exception(u"未找到该OAuth类型")
rst = OAuthServices.objects.filter(eid=eid, is_console=True)
return rst
def initial(self, request, *args, **kwargs):
super(CloudEnterpriseCenterView, self).initial(request, *args, **kwargs)
if not os.getenv("IS_PUBLIC", False):
return
try:
oauth_service = OAuthServices.objects.get(oauth_type="enterprisecenter", ID=1)
pre_enterprise_center = os.getenv("PRE_ENTERPRISE_CENTER", None)
if pre_enterprise_center:
oauth_service = OAuthServices.objects.get(name=pre_enterprise_center, oauth_type="enterprisecenter")
oauth_user = UserOAuthServices.objects.get(service_id=oauth_service.ID, user_id=self.user.user_id)
except OAuthServices.DoesNotExist:
raise NotFound("enterprise center oauth server not found")
except UserOAuthServices.DoesNotExist:
msg = _('用户身份未在企业中心认证')
raise AuthenticationInfoHasExpiredError(msg)
self.oauth_instance = get_oauth_instance(oauth_service.oauth_type, oauth_service, oauth_user)
if not self.oauth_instance:
msg = _('未找到企业中心OAuth服务类型')
raise AuthenticationInfoHasExpiredError(msg)
def post(self, request, *args, **kwargs):
client_id = parse_item(request, "client_id", required=True)
client_secret = parse_item(request, "client_secret", required=True)
user_id = parse_item(request, "user_id", required=True)
oauth_service = oauth_repo.get_by_client_id(client_id)
if oauth_service.oauth_type != "dbox":
raise AbortRequest(
"unsupported oauth type {} for oauth user logout".format(
oauth_service.oauth_type))
if oauth_service.client_secret != client_secret:
raise AbortRequest("the requested client key does not match")
oauth_user = oauth_user_repo.get_by_oauth_user_id(
oauth_service.ID, user_id)
# Go to Oauth2 Server to check if the user has logged out
api = get_oauth_instance(oauth_service.oauth_type, oauth_service,
oauth_user)
api.is_logout()
# logout
JwtManager().delete_user_id(oauth_user.user_id)
return Response(status=status.HTTP_200_OK)
def put(self, request, *args, **kwargs):
"""
修改构建源
---
"""
s_id = transaction.savepoint()
try:
image = request.data.get("image", None)
cmd = request.data.get("cmd", None)
service_source = request.data.get("service_source")
git_url = request.data.get("git_url", None)
code_version = request.data.get("code_version", None)
user_name = request.data.get("user_name", None)
password = request.data.get("password", None)
is_oauth = request.data.get("is_oauth", False)
user_id = request.user.user_id
oauth_service_id = request.data.get("service_id")
git_full_name = request.data.get("full_name")
if not service_source:
return Response(general_message(400, "param error", "参数错误"),
status=400)
service_source_user = service_source_repo.get_service_source(
team_id=self.service.tenant_id,
service_id=self.service.service_id)
if not service_source_user:
service_source_info = {
"service_id": self.service.service_id,
"team_id": self.service.tenant_id,
"user_name": user_name,
"password": password,
"create_time":
datetime.datetime.now().strftime('%Y%m%d%H%M%S')
}
service_source_repo.create_service_source(
**service_source_info)
else:
service_source_user.user_name = user_name
service_source_user.password = password
service_source_user.save()
if service_source == "source_code":
if code_version:
self.service.code_version = code_version
else:
self.service.code_version = "master"
if git_url:
if is_oauth:
oauth_service = oauth_repo.get_oauth_services_by_service_id(
service_id=oauth_service_id)
oauth_user = oauth_user_repo.get_user_oauth_by_user_id(
service_id=oauth_service_id, user_id=user_id)
try:
instance = get_oauth_instance(
oauth_service.oauth_type, oauth_service,
oauth_user)
except Exception as e:
logger.debug(e)
rst = {
"data": {
"bean": None
},
"status": 400,
"msg_show": u"未找到OAuth服务"
}
return Response(rst, status=200)
if not instance.is_git_oauth():
rst = {
"data": {
"bean": None
},
"status": 400,
"msg_show": u"该OAuth服务不是代码仓库类型"
}
return Response(rst, status=200)
service_code_from = "oauth_" + oauth_service.oauth_type
self.service.code_from = service_code_from
self.service.git_url = git_url
self.service.git_full_name = git_full_name
self.service.oauth_service_id = oauth_service_id
else:
self.service.git_url = git_url
self.service.save()
transaction.savepoint_commit(s_id)
elif service_source == "docker_run":
if image:
version = image.split(':')[-1]
if not version:
version = "latest"
image = image + ":" + version
self.service.image = image
self.service.version = version
self.service.cmd = cmd
self.service.save()
transaction.savepoint_commit(s_id)
result = general_message(200, "success", "修改成功")
except Exception as e:
logger.exception(e)
result = error_message(e.message)
transaction.savepoint_rollback(s_id)
return Response(result, status=result["code"])
def get(self, request, *args, **kwargs):
try:
code = 200
status = role_perm_repo.initialize_permission_settings()
data = config_service.initialization_or_get_config()
base_data = config_service.initialization_or_get_base_config()
data.update(base_data)
logo = config_service.get_image()
data["logo"] = "{0}".format(str(logo))
title = config_service.get_config_by_key("TITLE")
if not title:
config = config_service.add_config("TITLE", "Rainbond-企业云应用操作系统,开发、交付云解决方案", "string", desc="云帮title")
title = config.value
else:
title = title.value
data["title"] = title
data["version"] = os.getenv("RELEASE_DESC", "public-cloud")
result = general_message(code, "query success", u"Logo获取成功", bean=data, initialize_info=status)
data["eid"] = None
enterprise = enterprise_repo.get_enterprise_first()
if enterprise:
data["eid"] = enterprise.enterprise_id
data["enterprise_name"] = enterprise.enterprise_alias
build_absolute_uri = request.build_absolute_uri()
scheme = "http"
if build_absolute_uri.startswith("https"):
scheme = "https"
if settings.MODULES.get('SSO_LOGIN'):
data["url"] = os.getenv("SSO_BASE_URL", "https://sso.goodrain.com") + "/#/login/"
data["is_public"] = True
else:
data["url"] = "{0}://{1}/index#/user/login".format(scheme, request.get_host())
data["is_public"] = False
if settings.MODULES.get('SSO_LOGIN'):
data["is_user_register"] = True
else:
users = user_repo.get_all_users()
if users:
data["is_user_register"] = True
else:
data["is_user_register"] = False
data["eid"] = None
enterprise = enterprise_repo.get_enterprise_first()
if enterprise:
data["eid"] = enterprise.enterprise_id
data["enterprise_name"] = enterprise.enterprise_alias
market_token = market_sycn_service.get_enterprise_access_token(enterprise.enterprise_id, "market")
if market_token:
data["market_url"] = market_token.access_url
else:
data["market_url"] = os.getenv('GOODRAIN_APP_API', settings.APP_SERVICE_API["url"])
data["oauth_services_is_sonsole"] = {"enable": True, "value": None}
oauth_services = []
services = oauth_repo.get_oauth_services(str(enterprise.enterprise_id))
for service in services:
api = get_oauth_instance(service.oauth_type, service, None)
authorize_url = api.get_authorize_url()
if not service.is_console:
data["oauth_services_is_sonsole"]["enable"] = False
oauth_services.append(
{
"service_id": service.ID,
"enable": service.enable,
"name": service.name,
"oauth_type": service.oauth_type,
"is_console": service.is_console,
"home_url": service.home_url,
"eid": service.eid,
"is_auto_login": service.is_auto_login,
"is_git": service.is_git,
"authorize_url": authorize_url,
}
)
data["oauth_services"]["value"] = oauth_services
data["version"] = os.getenv("RELEASE_DESC", "public-cloud")
return Response(result, status=code)
except Exception as e:
logger.exception(e)
result = error_message(e.message)
return Response(result)
def get(self, request, *args, **kwargs):
code = request.GET.get("code")
service_id = request.GET.get("service_id")
try:
oauth_service = oauth_repo.get_oauth_services_by_service_id(
service_id)
except Exception as e:
logger.debug(e)
rst = {
"data": {
"bean": None
},
"status": 404,
"msg_show": u"未找到oauth服务, 请检查该服务是否存在且属于开启状态"
}
return Response(rst, status=status.HTTP_200_OK)
try:
api = get_oauth_instance(oauth_service.oauth_type, oauth_service,
None)
except NoSupportOAuthType as e:
logger.debug(e)
rst = {
"data": {
"bean": None
},
"status": 404,
"msg_show": u"未找到oauth服务"
}
return Response(rst, status=status.HTTP_200_OK)
try:
user, access_token, refresh_token = api.get_user_info(code=code)
except Exception as e:
logger.debug(e.message)
rst = {
"data": {
"bean": None
},
"status": 404,
"msg_show": e.message
}
return Response(rst, status=status.HTTP_200_OK)
user_name = user.name
user_id = str(user.id)
user_email = user.email
authenticated_user = oauth_user_repo.user_oauth_exists(
service_id=service_id, oauth_user_id=user_id)
if authenticated_user is not None:
authenticated_user.oauth_user_id = user_id
authenticated_user.oauth_user_name = user_name
authenticated_user.oauth_user_email = user_email
authenticated_user.access_token = access_token
authenticated_user.refresh_token = refresh_token
authenticated_user.code = code
authenticated_user.save()
if authenticated_user.user_id is not None:
login_user = user_repo.get_by_user_id(
authenticated_user.user_id)
payload = jwt_payload_handler(login_user)
token = jwt_encode_handler(payload)
response = Response({"data": {
"bean": {
"token": token
}
}},
status=status.HTTP_200_OK)
if api_settings.JWT_AUTH_COOKIE:
expiration = (datetime.datetime.now() +
api_settings.JWT_EXPIRATION_DELTA)
response.set_cookie(api_settings.JWT_AUTH_COOKIE,
token,
expires=expiration,
httponly=True)
return response
else:
rst = {
"oauth_user_name": user_name,
"oauth_user_id": user_id,
"oauth_user_email": user_email,
"service_id": authenticated_user.service_id,
"oauth_type": oauth_service.oauth_type,
"is_authenticated": authenticated_user.is_authenticated,
"code": code,
}
msg = "user is not authenticated"
return Response(
{"data": {
"bean": {
"result": rst,
"msg": msg
}
}},
status=status.HTTP_200_OK)
else:
usr = oauth_user_repo.save_oauth(
oauth_user_id=user_id,
oauth_user_name=user_name,
oauth_user_email=user_email,
code=code,
service_id=service_id,
access_token=access_token,
refresh_token=refresh_token,
is_authenticated=True,
is_expired=False,
)
rst = {
"oauth_user_name": usr.oauth_user_name,
"oauth_user_id": usr.oauth_user_id,
"oauth_user_email": usr.oauth_user_email,
"service_id": usr.service_id,
"oauth_type": oauth_service.oauth_type,
"is_authenticated": usr.is_authenticated,
"code": code,
}
msg = "user is not authenticated"
return Response({"data": {
"bean": {
"result": rst,
"msg": msg
}
}},
status=status.HTTP_200_OK)
def get(self, request, *args, **kwargs):
code = request.GET.get("code")
service_id = request.GET.get("service_id")
domain = request.GET.get("domain")
home_split_url = None
try:
oauth_service = oauth_repo.get_oauth_services_by_service_id(
service_id)
if oauth_service.oauth_type == "enterprisecenter" and domain:
home_split_url = urlsplit(oauth_service.home_url)
oauth_service.proxy_home_url = home_split_url.scheme + "://" + domain + home_split_url.path
except Exception as e:
logger.debug(e)
rst = {
"data": {
"bean": None
},
"status": 404,
"msg_show": "未找到oauth服务, 请检查该服务是否存在且属于开启状态"
}
return Response(rst, status=status.HTTP_200_OK)
try:
api = get_oauth_instance(oauth_service.oauth_type, oauth_service,
None)
except NoSupportOAuthType as e:
logger.debug(e)
rst = {
"data": {
"bean": None
},
"status": 404,
"msg_show": "未找到oauth服务"
}
return Response(rst, status=status.HTTP_200_OK)
try:
oauth_user, access_token, refresh_token = api.get_user_info(
code=code)
except Exception as e:
logger.exception(e)
rst = {
"data": {
"bean": None
},
"status": 404,
"msg_show": e.message
}
return Response(rst, status=status.HTTP_200_OK)
if api.is_communication_oauth():
logger.debug(oauth_user.enterprise_domain)
logger.debug(domain.split(".")[0])
logger.debug(home_split_url.netloc.split("."))
if oauth_user.enterprise_domain != domain.split(".")[0] and \
domain.split(".")[0] != home_split_url.netloc.split(".")[0]:
raise ServiceHandleException(msg="Domain Inconsistent",
msg_show="登录失败",
status_code=401,
error_code=10405)
client_ip = request.META.get("REMOTE_ADDR", None)
oauth_user.client_ip = client_ip
oauth_sev_user_service.get_or_create_user_and_enterprise(
oauth_user)
return oauth_sev_user_service.set_oauth_user_relation(
api, oauth_service, oauth_user, access_token, refresh_token, code)
def post(self, request, *args, **kwargs):
"""
源码创建组件
---
parameters:
- name: tenantName
description: 租户名
required: true
type: string
paramType: path
- name: group_id
description: 组id
required: true
type: string
paramType: form
- name: code_from
description: 组件代码来源
required: true
type: string
paramType: form
- name: service_cname
description: 组件名称
required: true
type: string
paramType: form
- name: git_url
description: git地址
required: false
type: string
paramType: form
- name: git_project_id
description: 代码ID
required: false
type: string
paramType: form
- name: code_version
description: 代码版本
required: false
type: string
paramType: form
- name: username
description: 私有云用户名称
required: false
type: string
paramType: form
- name: password
description: 私有云账户密码
required: false
type: string
paramType: form
- name: server_type
description: 仓库类型git或svn
required: false
type: string
paramType: form
"""
group_id = request.data.get("group_id", -1)
service_code_from = request.data.get("code_from", None)
service_cname = request.data.get("service_cname", None)
service_code_clone_url = request.data.get("git_url", None)
git_password = request.data.get("password", None)
git_user_name = request.data.get("username", None)
service_code_id = request.data.get("git_project_id", None)
service_code_version = request.data.get("code_version", "master")
is_oauth = request.data.get("is_oauth", False)
check_uuid = request.data.get("check_uuid")
event_id = request.data.get("event_id")
server_type = request.data.get("server_type", "git")
user_id = request.user.user_id
oauth_service_id = request.data.get("service_id")
git_full_name = request.data.get("full_name")
git_service = None
open_webhook = False
host = os.environ.get('DEFAULT_DOMAIN', "http://" + request.get_host())
result = {}
if is_oauth:
open_webhook = request.data.get("open_webhook", False)
try:
oauth_service = oauth_repo.get_oauth_services_by_service_id(service_id=oauth_service_id)
oauth_user = oauth_user_repo.get_user_oauth_by_user_id(service_id=oauth_service_id, user_id=user_id)
except Exception as e:
logger.debug(e)
rst = {"data": {"bean": None}, "status": 400, "msg_show": "未找到OAuth服务, 请检查该服务是否存在且属于开启状态"}
return Response(rst, status=200)
try:
git_service = get_oauth_instance(oauth_service.oauth_type, oauth_service, oauth_user)
except Exception as e:
logger.debug(e)
rst = {"data": {"bean": None}, "status": 400, "msg_show": "未找到OAuth服务"}
return Response(rst, status=200)
if not git_service.is_git_oauth():
rst = {"data": {"bean": None}, "status": 400, "msg_show": "该OAuth服务不是代码仓库类型"}
return Response(rst, status=200)
service_code_from = "oauth_" + oauth_service.oauth_type
try:
if not service_code_clone_url:
return Response(general_message(400, "code url is null", "仓库地址未指明"), status=400)
if not service_code_from:
return Response(general_message(400, "params error", "参数service_code_from未指明"), status=400)
if not server_type:
return Response(general_message(400, "params error", "仓库类型未指明"), status=400)
# 创建源码组件
if service_code_clone_url:
service_code_clone_url = service_code_clone_url.strip()
code, msg_show, new_service = app_service.create_source_code_app(
self.response_region, self.tenant, self.user, service_code_from, service_cname, service_code_clone_url,
service_code_id, service_code_version, server_type, check_uuid, event_id, oauth_service_id, git_full_name)
if code != 200:
return Response(general_message(code, "service create fail", msg_show), status=code)
# 添加username,password信息
if git_password or git_user_name:
app_service.create_service_source_info(self.tenant, new_service, git_user_name, git_password)
# 自动添加hook
if open_webhook and is_oauth and not new_service.open_webhooks:
service_webhook = service_webhooks_repo.create_service_webhooks(new_service.service_id, "code_webhooks")
service_webhook.state = True
service_webhook.deploy_keyword = "deploy"
service_webhook.save()
try:
git_service.create_hook(host, git_full_name, endpoint='console/webhooks/' + new_service.service_id)
new_service.open_webhooks = True
except Exception as e:
logger.exception(e)
new_service.open_webhooks = False
new_service.save()
# 添加组件所在组
code, msg_show = group_service.add_service_to_group(self.tenant, self.response_region, group_id,
new_service.service_id)
if code != 200:
logger.debug("service.create", msg_show)
bean = new_service.to_dict()
result = general_message(200, "success", "创建成功", bean=bean)
except ResourceNotEnoughException as re:
raise re
except AccountOverdueException as re:
logger.exception(re)
return Response(general_message(10410, "resource is not enough", re.message), status=412)
return Response(result, status=result["code"])
def check_service(self, tenant, service, is_again, user=None):
body = dict()
body["tenant_id"] = tenant.tenant_id
body["source_type"] = self.__get_service_region_type(
service.service_source)
source_body = ""
service_source = service_source_repo.get_service_source(
tenant.tenant_id, service.service_id)
user_name = ""
password = ""
service.service_source = self.__get_service_source(service)
if service_source:
user_name = service_source.user_name
password = service_source.password
if service.service_source == AppConstants.SOURCE_CODE:
if service.oauth_service_id:
try:
oauth_service = oauth_repo.get_oauth_services_by_service_id(
service.oauth_service_id)
oauth_user = oauth_user_repo.get_user_oauth_by_user_id(
service_id=service.oauth_service_id,
user_id=user.user_id)
except Exception as e:
logger.debug(e)
return 400, "未找到oauth服务, 请检查该服务是否存在且属于开启状态", None
if oauth_user is None:
return 400, "未成功获取第三方用户信息", None
try:
instance = get_oauth_instance(oauth_service.oauth_type,
oauth_service, oauth_user)
except Exception as e:
logger.debug(e)
return 400, "未找到OAuth服务", None
if not instance.is_git_oauth():
return 400, "该OAuth服务不是代码仓库类型", None
tenant = Tenants.objects.get(tenant_name=tenant.tenant_name)
try:
service_code_clone_url = instance.get_clone_url(
service.git_url)
except Exception as e:
logger.debug(e)
return 400, "Access Token 已过期", None
else:
service_code_clone_url = service.git_url
sb = {
"server_type": service.server_type,
"repository_url": service_code_clone_url,
"branch": service.code_version,
"user": user_name,
"password": password,
"tenant_id": tenant.tenant_id
}
source_body = json.dumps(sb)
elif service.service_source == AppConstants.DOCKER_RUN or service.service_source == AppConstants.DOCKER_IMAGE:
source_body = service.docker_cmd
elif service.service_source == AppConstants.THIRD_PARTY:
# endpoints信息
service_endpoints = service_endpoints_repo.get_service_endpoints_by_service_id(
service.service_id).first()
if service_endpoints and service_endpoints.endpoints_type == "discovery":
source_body = service_endpoints.endpoints_info
body["username"] = user_name
body["password"] = password
body["source_body"] = source_body
res, body = region_api.service_source_check(service.service_region,
tenant.tenant_name, body)
bean = body["bean"]
service.check_uuid = bean["check_uuid"]
service.check_event_id = bean["event_id"]
# 更新创建状态
if not is_again:
service.create_status = "checking"
service.save()
bean = dict()
bean.update(service.to_dict())
bean.update({"user_name": user_name, "password": password})
bean.update(self.__wrap_check_service(service))
return 200, "success", bean
def post(self, request, *args, **kwargs):
login_user = request.user
code = request.data.get("code")
service_id = request.data.get("service_id")
try:
oauth_service = oauth_repo.get_oauth_services_by_service_id(
service_id)
except Exception as e:
logger.debug(e)
rst = {
"data": {
"bean": None
},
"status": 404,
"msg_show": "未找到oauth服务, 请检查该服务是否存在且属于开启状态"
}
return Response(rst, status=status.HTTP_200_OK)
try:
api = get_oauth_instance(oauth_service.oauth_type, oauth_service,
None)
except NoSupportOAuthType as e:
logger.debug(e)
rst = {
"data": {
"bean": None
},
"status": 404,
"msg_show": "未找到oauth服务"
}
return Response(rst, status=status.HTTP_200_OK)
try:
user, access_token, refresh_token = api.get_user_info(code=code)
except Exception as e:
logger.exception(e)
rst = {
"data": {
"bean": None
},
"status": 404,
"msg_show": e.message
}
return Response(rst, status=status.HTTP_200_OK)
user_name = user.name
user_id = str(user.id)
user_email = user.email
authenticated_user = oauth_user_repo.user_oauth_exists(
service_id=service_id, oauth_user_id=user_id)
link_user = oauth_user_repo.get_user_oauth_by_user_id(
service_id=service_id, user_id=login_user.user_id)
if link_user is not None and link_user.oauth_user_id != user_id:
rst = {
"data": {
"bean": None
},
"status": 400,
"msg_show": "该用户已绑定其他账号"
}
return Response(rst, status=status.HTTP_200_OK)
if authenticated_user is not None and authenticated_user.user_id is None:
authenticated_user.oauth_user_id = user_id
authenticated_user.oauth_user_name = user_name
authenticated_user.oauth_user_email = user_email
authenticated_user.access_token = access_token
authenticated_user.refresh_token = refresh_token
authenticated_user.code = code
authenticated_user.is_authenticated = True
authenticated_user.is_expired = True
authenticated_user.user_id = login_user.user_id
authenticated_user.save()
return Response(None, status=status.HTTP_200_OK)
else:
oauth_user_repo.save_oauth(
oauth_user_id=user_id,
oauth_user_name=user_name,
oauth_user_email=user_email,
user_id=login_user.user_id,
code=code,
service_id=service_id,
access_token=access_token,
refresh_token=refresh_token,
is_authenticated=True,
is_expired=False,
)
rst = {"data": {"bean": None}, "status": 200, "msg_show": "绑定成功"}
return Response(rst, status=status.HTTP_200_OK)
def post(self, request, service_id, *args, **kwargs):
region = request.data.get("region_name")
tenant_name = request.data.get("tenant_name", None)
git_url = request.data.get("project_url")
version = request.data.get("version")
user_id = request.user.user_id
try:
oauth_service = oauth_repo.get_oauth_services_by_service_id(
service_id)
oauth_user = oauth_user_repo.get_user_oauth_by_user_id(
service_id=service_id, user_id=user_id)
except Exception as e:
logger.exception(e)
rst = {
"data": {
"bean": None
},
"status": 404,
"msg_show": "未找到oauth服务, 请检查该服务是否存在且属于开启状态"
}
return Response(rst, status=status.HTTP_200_OK)
if oauth_user is None:
rst = {
"data": {
"bean": None
},
"status": 400,
"msg_show": "未成功获取第三方用户信息"
}
return Response(rst, status=status.HTTP_200_OK)
try:
service = get_oauth_instance(oauth_service.oauth_type,
oauth_service, oauth_user)
except Exception as e:
logger.debug(e)
rst = {
"data": {
"bean": None
},
"status": 400,
"msg_show": "未找到OAuth服务"
}
return Response(rst, status=status.HTTP_200_OK)
if not service.is_git_oauth():
rst = {
"data": {
"bean": None
},
"status": 400,
"msg_show": "该OAuth服务不是代码仓库类型"
}
return Response(rst, status=status.HTTP_200_OK)
tenant = Tenants.objects.get(tenant_name=tenant_name)
service_code_version = version
try:
service_code_clone_url = service.get_clone_url(git_url)
except Exception as e:
logger.debug(e)
rst = {
"data": {
"bean": None
},
"status": 400,
"msg_show": "Access Token 已过期"
}
return Response(rst, status=status.HTTP_200_OK)
sb = {
"server_type": 'git',
"repository_url": service_code_clone_url,
"branch": service_code_version,
"tenant_id": tenant.tenant_id
}
source_body = json.dumps(sb)
body = dict()
body["tenant_id"] = tenant.tenant_id
body["source_type"] = "sourcecode"
body["username"] = None
body["password"] = None
body["source_body"] = source_body
try:
res, body = region_api.service_source_check(
region, tenant.tenant_name, body)
return Response({"data": {
"data": body
}},
status=status.HTTP_200_OK)
except (region_api.CallApiError, ServiceHandleException) as e:
logger.debug(e)
raise ServiceHandleException(msg="region error",
msg_show="访问数据中心失败")
