def login_qrcode(self, get): tid = public.GetRandomString(12) qrcode_str = 'https://app.bt.cn/app.html?&panel_url=' + public.getPanelAddr( ) + '&v=' + public.GetRandomString(3) + '?login&tid=' + tid cache.set(tid, public.get_session_id(), 360) cache.set(public.get_session_id(), tid, 360) return public.returnMsg(True, qrcode_str)
def set_token(self, get): if 'request_token' in get: return public.returnMsg( False, 'Cannot configure API through API interface') data = self.get_api_config() if get.t_type == '1': token = public.GetRandomString(32) data['token'] = public.md5(token) data['token_crypt'] = public.en_crypt(data['token'], token).decode('utf-8') public.WriteLog('SET_API', 'Regenerate API-Token') elif get.t_type == '2': data['open'] = not data['open'] stats = {True: 'Open', False: 'Close'} if not 'token_crypt' in data: token = public.GetRandomString(32) data['token'] = public.md5(token) data['token_crypt'] = public.en_crypt(data['token'], token).decode('utf-8') public.WriteLog('SET_API', '%s API interface' % stats[data['open']]) token = stats[data['open']] + 'success!' elif get.t_type == '3': data['limit_addr'] = get.limit_addr.split('\n') public.WriteLog('SET_API', 'Change IP limit to [%s]' % get.limit_addr) token = 'Saved successfully!' self.save_api_config(data) return public.returnMsg(True, token)
def CheckDomain(self, get): try: epass = public.GetRandomString(32) spath = get.path + '/.well-known/pki-validation' if not os.path.exists(spath): public.ExecShell("mkdir -p '" + spath + "'") #生成并写入检测内容 epass = public.GetRandomString(32) public.writeFile(spath + '/fileauth.txt', epass) #检测目标域名访问结果 if get.domain[:4] == 'www.': #申请二级域名为www时检测主域名 get.domain = get.domain[4:] import http_requests self._check_url = 'http://127.0.0.1/.well-known/pki-validation/fileauth.txt' result = http_requests.get(self._check_url, s_type='curl', timeout=6, headers={ "host": get.domain }).text self.__test = result if result == epass: return True return False except: return False
def set_token(self, get): if 'request_token' in get: return public.returnMsg(False, '不能通过API接口配置API') data = self.get_api_config() if get.t_type == '1': token = public.GetRandomString(32) data['token'] = public.md5(token) data['token_crypt'] = public.en_crypt(data['token'], token).decode('utf-8') public.WriteLog('API配置', '重新生成API-Token') elif get.t_type == '2': data['open'] = not data['open'] stats = {True: '开启', False: '关闭'} if not 'token_crypt' in data: token = public.GetRandomString(32) data['token'] = public.md5(token) data['token_crypt'] = public.en_crypt(data['token'], token).decode('utf-8') public.WriteLog('API配置', '%sAPI接口' % stats[data['open']]) token = stats[data['open']] + '成功!' elif get.t_type == '3': data['limit_addr'] = get.limit_addr.split('\n') public.WriteLog('API配置', '变更IP限制为[%s]' % get.limit_addr) token = '保存成功!' self.save_api_config(data) return public.returnMsg(True, token)
def login_qrcode(self, get): tid = public.GetRandomString(12) qrcode_str = 'https://app.bt.cn/app.html?&panel_url=' + public.getPanelAddr( ) + '&v=' + public.GetRandomString(3) + '?login&tid=' + tid data = public.get_session_id() + ':' + str(time.time()) public.writeFile(self.app_path + "app_login_check.pl", data) cache.set(tid, public.get_session_id(), 360) cache.set(public.get_session_id(), tid, 360) return public.returnMsg(True, qrcode_str)
def CreateToken(self,get): token = {} token['access_key'] = public.GetRandomString(24) token['secret_key'] = public.GetRandomString(48) token['rule'] = [] token['address'] = [] token['status'] = False public.writeFile(self.tokenFile,dumps(token)) public.WriteLog('API','开启API接口成功!'); return public.returnMsg(True,'初始化API接口成功!');
def get_bind_token(self, token=None): data = self.get_api_config() s_time = time.time() binds = [] bind = None is_write = False for i in range(len(data['binds'])): if s_time - data['binds'][i]['time'] > self.timeout: is_write = True continue binds.append(data['binds'][i]) if token: if token == data['binds'][i]['token']: bind = data['binds'][i] else: if not bind: bind = data['binds'][i] if not bind: if len(binds) > 0: binds = sorted(binds, key=lambda x: x['time'], reverse=True) bind = binds[0] else: bind = { "time": s_time, "token": public.GetRandomString(18), 'status': 0 } binds.append(bind) is_write = True if is_write: data['binds'] = binds self.save_api_config(data) return bind
def set_panel_username(): import db sql = db.Sql() username = sql.table('users').where('id=?', (1, )).getField('username') if username == 'admin': username = public.GetRandomString(8).lower() sql.table('users').where('id=?', (1, )).setField('username', username)
def __init__(self, plugin_name): self.__plugin_name = plugin_name self.__plugin_path = "/www/server/panel/plugin/%s" % plugin_name self.__args_dir = self.__plugin_path + '/args' self.__args_tmp = self.__args_dir + '/' + public.GetRandomString(32) if not os.path.exists(self.__args_dir): os.makedirs(self.__args_dir, 384)
def set_token(self, get): if 'request_token' in get: return public.returnMsg(False, 'CANT_SET_API_WIFTH_API') save_path = '/www/server/panel/config/api.json' data = json.loads(public.ReadFile(save_path)) if get.t_type == '1': token = public.GetRandomString(32) data['token'] = public.md5(token) public.WriteLog('SET_API', 'REGENERATE_API_TOKEN') elif get.t_type == '2': data['open'] = not data['open'] stats = { True: public.GetMsg("TURN_ON"), False: public.GetMsg("CLOSE") } public.WriteLog('SET_API', 'API_INTERFACE', (stats[data['open']], )) token = stats[data['open']] + public.GetMsg("SUCCESS") elif get.t_type == '3': data['limit_addr'] = get.limit_addr.split('\n') public.WriteLog('SET_API', 'CHANGE_IP_LIMIT', (get.limit_addr)) token = public.GetMsg("SAVE_SUCCESS") public.WriteFile(save_path, json.dumps(data)) return public.returnMsg(True, token)
def install(): if public.M('config').where("id=?",('1',)).getField('status') == 1: if os.path.exists('install.pl'): os.remove('install.pl'); session.clear() return redirect('/login') ret_login = os.path.join('/',admin_path) if admin_path == '/' or admin_path == '/bt': ret_login = '******' if request.method == method_get[0]: if not os.path.exists('install.pl'): return redirect(ret_login) data = {} data['status'] = os.path.exists('install.pl'); data['username'] = public.GetRandomString(8).lower() return render_template( 'install.html',data = data) elif request.method == method_post[0]: if not os.path.exists('install.pl'): return redirect(ret_login) get = get_input() if not hasattr(get,'bt_username'): return public.GetMsg("LOGIN_USER_EMPTY") if not get.bt_username: return public.GetMsg("LOGIN_USER_EMPTY") if not hasattr(get,'bt_password1'): return public.GetMsg("LOGIN_USER_EMPTY") if not get.bt_password1: return public.GetMsg("LOGIN_USER_EMPTY") if get.bt_password1 != get.bt_password2: return public.GetMsg("USER_PASSWORD_CHECK") public.M('users').where("id=?",(1,)).save('username,password',(get.bt_username,public.md5(get.bt_password1.strip()))) os.remove('install.pl'); public.M('config').where("id=?",('1',)).setField('status',1); data = {} data['status'] = os.path.exists('install.pl'); data['username'] = get.bt_username; return render_template( 'install.html',data = data)
def install(): if public.M('config').where("id=?", ('1', )).getField('status') == 1: if os.path.exists('install.pl'): os.remove('install.pl') return redirect('/login') ret_login = os.path.join('/', admin_path) if admin_path == '/' or admin_path == '/bt': ret_login = '******' if request.method == method_get[0]: if not os.path.exists('install.pl'): return redirect(ret_login) data = {} data['status'] = os.path.exists('install.pl') data['username'] = public.GetRandomString(8).lower() return render_template('install.html', data=data) elif request.method == method_post[0]: if not os.path.exists('install.pl'): return redirect(ret_login) get = get_input() if not hasattr(get, 'bt_username'): return '用户名不能为空!' if not get.bt_username: return '用户名不能为空!' if not hasattr(get, 'bt_password1'): return '密码不能为空!' if not get.bt_password1: return '密码不能为空!' if get.bt_password1 != get.bt_password2: return '两次输入的密码不一致,请重新输入!' public.M('users').where("id=?", (1, )).save( 'username,password', (get.bt_username, public.md5(get.bt_password1.strip()))) os.remove('install.pl') public.M('config').where("id=?", ('1', )).setField('status', 1) data = {} data['status'] = os.path.exists('install.pl') data['username'] = get.bt_username return render_template('install.html', data=data)
def get_tmp_token(self,get): save_path = '/www/server/panel/config/api.json' if not 'request_token' in get: return public.returnMsg(False,'只能通过API接口获取临时密钥') data = json.loads(public.ReadFile(save_path)) data['tmp_token'] = public.GetRandomString(64) data['tmp_time'] = time.time() public.WriteFile(save_path,json.dumps(data)) return public.returnMsg(True,data['tmp_token'])
def get_tmp_token(self, get): if not 'request_token' in get: return public.returnMsg(False, '只能通过API接口获取临时密钥') data = self.get_api_config() data['tmp_token'] = public.GetRandomString(64) data['tmp_time'] = time.time() self.save_api_config(data) return public.returnMsg(True, data['tmp_token'])
def __init__(self): if not os.path.exists(self._save_path): os.makedirs(self._save_path, 384) if not os.path.exists(self._pass_file): public.writeFile(self._pass_file, public.GetRandomString(16)) public.set_mode(self._pass_file, 600) if not self._pass_str: self._pass_str = public.readFile(self._pass_file)
def is_login(result): if 'login' in session: if session['login'] == True: result = make_response(result) request_token = public.GetRandomString(48) session['request_token'] = request_token result.set_cookie('request_token',request_token,max_age=86400*30) return result
def get_tmp_token(self,get): save_path = '/www/server/panel/config/api.json' if not 'request_token' in get: return public.returnMsg(False,'Temporary key can only be obtained through the API interface') data = json.loads(public.ReadFile(save_path)) data['tmp_token'] = public.GetRandomString(64) data['tmp_time'] = time.time() public.WriteFile(save_path,json.dumps(data)) return public.returnMsg(True,data['tmp_token'])
def blind_qrcode(self, get): ''' 生成绑定二维码 ''' panel_addr = public.getPanelAddr() token = public.GetRandomString(32) data = '%s:%s' % (token, int(time.time())) public.writeFile(self.app_path + 'token.pl', data) public.writeFile(self.app_path_p + 'token.pl', data) qrcode_str = 'https://app.bt.cn/app.html?panel_url=' + panel_addr + '&panel_token=' + token + '?blind' return public.returnMsg(True, qrcode_str)
def GetServerToken(self,get): password = public.M('users').where('id=?',(1,)).getField('password'); if password != public.md5(get.password): return public.returnMsg(False,'密码验证失败!'); tokenFile = '/www/server/panel/plugin/safelogin/token.pl'; if not os.path.exists(tokenFile): tokenStr = public.GetRandomString(64); public.writeFile(tokenFile,tokenStr); else: tokenStr = public.readFile(tokenFile); public.ExecShell('chattr +i ' + tokenFile); return tokenStr.strip();
def get_tmp_token(self, get): if not 'request_token' in get: return public.returnMsg( False, 'Temporary keys can only be obtained through the API interface' ) data = self.get_api_config() data['tmp_token'] = public.GetRandomString(64) data['tmp_time'] = time.time() self.save_api_config(data) return public.returnMsg(True, data['tmp_token'])
def CheckDomain(self,get): try: epass = public.GetRandomString(32); spath = get.path + '/.well-known/pki-validation'; if not os.path.exists(spath): os.system("mkdir -p '" + spath + "'"); public.writeFile(spath + '/fileauth.txt',epass); result = public.httpGet('http://' + get.domain + '/.well-known/pki-validation/fileauth.txt'); if result == epass: return True return False except: return False
def GET(self): import json,time get = web.input(); tokenFile = 'data/token.json' if not os.path.exists(self.tokenFile): return json.dumps(public.returnMsg(False,'错误:当前未开启API接口服务!')); token = json.loads(public.readFile(tokenFile)); if get.access_key != token['access_key'] or get.secret_key != token['secret_key']: return json.dumps(public.returnMsg(False,'密钥验证失败!')); tempToken = {} tempToken['token'] = public.GetRandomString(32); tempToken['timeout'] = time.time() + 86400; public.writeFile('data/tempToken.json',json.dumps(tempToken)); tempToken['status'] = True; return json.dumps(tempToken);
def FileSlipt(self,lpath,csize = 4096): csize = csize*1024 f = open(lpath,"rb") # 生成文件识别编码 fid = public.GetRandomString(16) # 统计需要切片数量 bags = int(math.ceil(float(os.path.getsize(lpath))/float(csize))) cut = 1 if not os.path.exists("/PythonFileSplit"): os.mkdir("/PythonFileSplit") os.mkdir("/PythonFileSplit/"+fid) while cut != bags+1: c = open("/PythonFileSplit/"+fid+"/"+fid+"_"+str(cut)+".cut","wb") fdata = f.read(csize) c.write(fdata) c.close() cut = cut + 1 return json.dumps({"fid":fid,"bags":bags})
def set_panel_username(username=None): import db sql = db.Sql() if username: if len(username) < 5: print(public.GetMsg("USER_NAME_LEN_ERR")) return if username in ['admin', 'root']: print(public.GetMsg("EASY_NAME")) return sql.table('users').where('id=?', (1, )).setField('username', username) print(public.GetMsg("NEW_NAME", (username, ))) return username = sql.table('users').where('id=?', (1, )).getField('username') if username == 'admin': username = public.GetRandomString(8).lower() sql.table('users').where('id=?', (1, )).setField('username', username) print('username: ' + username)
def set_token(self,get): if 'request_token' in get: return public.returnMsg(False,'不能通过API接口配置API') save_path = '/www/server/panel/config/api.json' data = json.loads(public.ReadFile(save_path)) if get.t_type == '1': token = public.GetRandomString(32) data['token'] = public.md5(token) public.WriteLog('API配置','重新生成API-Token') elif get.t_type == '2': data['open'] = not data['open'] stats = {True:'开启',False:'关闭'} public.WriteLog('API配置','%sAPI接口' % stats[data['open']]) token = stats[data['open']] + '成功!' elif get.t_type == '3': data['limit_addr'] = get.limit_addr.split('\n') public.WriteLog('API配置','变更IP限制为[%s]' % get.limit_addr) token ='保存成功!' public.WriteFile(save_path,json.dumps(data)) return public.returnMsg(True,token)
def set_panel_username(username=None): import db sql = db.Sql() if username: if len(username) < 5: print("|-错误,用户名长度不能少于5位") return if username in ['admin', 'root']: print("|-错误,不能使用过于简单的用户名") return sql.table('users').where('id=?', (1, )).setField('username', username) print("|-新用户名: %s" % username) return username = sql.table('users').where('id=?', (1, )).getField('username') if username == 'admin': username = public.GetRandomString(8).lower() sql.table('users').where('id=?', (1, )).setField('username', username) print('username: ' + username)
def get_token(self, get): data = self.get_api_config() if not 'key' in data: data['key'] = public.GetRandomString(16) public.writeFile(self.save_path, json.dumps(data)) if 'token_crypt' in data: data['token'] = public.de_crypt(data['token'], data['token_crypt']) else: data['token'] = "***********************************" data['limit_addr'] = '\n'.join(data['limit_addr']) data['bind'] = self.get_bind_token() qrcode = (public.getPanelAddr() + "|" + data['token'] + "|" + data['key'] + '|' + data['bind']['token']).encode('utf-8') data['qrcode'] = public.base64.b64encode(qrcode).decode('utf-8') data['apps'] = sorted(data['apps'], key=lambda x: x['time'], reverse=True) del (data['key']) return data
def addSlaveByMaster(self, get): ''' 开启权限 允许从服务器连接 get = { 'db':'*', 'master_ip':'192.168.1.242', } ''' self._mysql.execute('unlock tables;') passwd = public.GetRandomString(32) data = "%s:%s:%s" % (get['master_ip'], get['db'], passwd) public.ExecShell("echo '%s' > %stoken.pl" % (data, self.masterslave_path)) ''' 秘钥包含:server_id, uesr, passwd, all_user_id, master_ip, panel_addr, db ''' all_user_id = self.__getAllUserId() my_panel_addr = public.getPanelAddr() secret_key = self.__encodeKey(self.my_id, self.user_name, passwd, all_user_id, get['master_ip'], my_panel_addr, get['db'], self.my_id, self.my_version) print secret_key return public.returnMsg(True, secret_key)
def set_token(self, get): import json #panel_password = public.M('users').where('id=?',(1,)).getField('password') #if not public.md5(get.panel_password.strip()) == panel_password: return public.returnMsg(False,'面板密码错误!') if 'request_token' in get: return public.returnMsg(False, '不能通过API接口配置API') save_path = '/www/server/panel/config/api.json' data = json.loads(public.ReadFile(save_path)) if get.t_type == '1': token = public.GetRandomString(32) data['token'] = public.md5(token) public.WriteLog('API配置', '重新生成API-Token') elif get.t_type == '2': data['open'] = not data['open'] stats = {True: '开启', False: '关闭'} public.WriteLog('API配置', '%sAPI接口' % stats[data['open']]) token = stats[data['open']] + '成功!' elif get.t_type == '3': data['limit_addr'] = get.limit_addr.split('\n') public.WriteLog('API配置', '变更IP限制为[%s]' % get.limit_addr) token = '保存成功!' public.WriteFile(save_path, json.dumps(data)) return public.returnMsg(True, token)
def set_request_token(self): session['request_token_head'] = public.GetRandomString(48)