def login_qrcode(self, get):
tid = public.GetRandomString(12)
qrcode_str = 'https://app.bt.cn/app.html?&panel_url=' + public.getPanelAddr(
) + '&v=' + public.GetRandomString(3) + '?login&tid=' + tid
cache.set(tid, public.get_session_id(), 360)
cache.set(public.get_session_id(), tid, 360)
return public.returnMsg(True, qrcode_str)
def set_token(self, get):
if 'request_token' in get:
return public.returnMsg(
False, 'Cannot configure API through API interface')
data = self.get_api_config()
if get.t_type == '1':
token = public.GetRandomString(32)
data['token'] = public.md5(token)
data['token_crypt'] = public.en_crypt(data['token'],
token).decode('utf-8')
public.WriteLog('SET_API', 'Regenerate API-Token')
elif get.t_type == '2':
data['open'] = not data['open']
stats = {True: 'Open', False: 'Close'}
if not 'token_crypt' in data:
token = public.GetRandomString(32)
data['token'] = public.md5(token)
data['token_crypt'] = public.en_crypt(data['token'],
token).decode('utf-8')
public.WriteLog('SET_API',
'%s API interface' % stats[data['open']])
token = stats[data['open']] + 'success!'
elif get.t_type == '3':
data['limit_addr'] = get.limit_addr.split('\n')
public.WriteLog('SET_API',
'Change IP limit to [%s]' % get.limit_addr)
token = 'Saved successfully!'
self.save_api_config(data)
return public.returnMsg(True, token)
def CheckDomain(self, get):
try:
epass = public.GetRandomString(32)
spath = get.path + '/.well-known/pki-validation'
if not os.path.exists(spath):
public.ExecShell("mkdir -p '" + spath + "'")
#生成并写入检测内容
epass = public.GetRandomString(32)
public.writeFile(spath + '/fileauth.txt', epass)
#检测目标域名访问结果
if get.domain[:4] == 'www.': #申请二级域名为www时检测主域名
get.domain = get.domain[4:]
import http_requests
self._check_url = 'http://127.0.0.1/.well-known/pki-validation/fileauth.txt'
result = http_requests.get(self._check_url,
s_type='curl',
timeout=6,
headers={
"host": get.domain
}).text
self.__test = result
if result == epass: return True
return False
except:
return False
def set_token(self, get):
if 'request_token' in get:
return public.returnMsg(False, '不能通过API接口配置API')
data = self.get_api_config()
if get.t_type == '1':
token = public.GetRandomString(32)
data['token'] = public.md5(token)
data['token_crypt'] = public.en_crypt(data['token'],
token).decode('utf-8')
public.WriteLog('API配置', '重新生成API-Token')
elif get.t_type == '2':
data['open'] = not data['open']
stats = {True: '开启', False: '关闭'}
if not 'token_crypt' in data:
token = public.GetRandomString(32)
data['token'] = public.md5(token)
data['token_crypt'] = public.en_crypt(data['token'],
token).decode('utf-8')
public.WriteLog('API配置', '%sAPI接口' % stats[data['open']])
token = stats[data['open']] + '成功!'
elif get.t_type == '3':
data['limit_addr'] = get.limit_addr.split('\n')
public.WriteLog('API配置', '变更IP限制为[%s]' % get.limit_addr)
token = '保存成功!'
self.save_api_config(data)
return public.returnMsg(True, token)
def login_qrcode(self, get):
tid = public.GetRandomString(12)
qrcode_str = 'https://app.bt.cn/app.html?&panel_url=' + public.getPanelAddr(
) + '&v=' + public.GetRandomString(3) + '?login&tid=' + tid
data = public.get_session_id() + ':' + str(time.time())
public.writeFile(self.app_path + "app_login_check.pl", data)
cache.set(tid, public.get_session_id(), 360)
cache.set(public.get_session_id(), tid, 360)
return public.returnMsg(True, qrcode_str)
def CreateToken(self,get):
token = {}
token['access_key'] = public.GetRandomString(24)
token['secret_key'] = public.GetRandomString(48)
token['rule'] = []
token['address'] = []
token['status'] = False
public.writeFile(self.tokenFile,dumps(token))
public.WriteLog('API','开启API接口成功!');
return public.returnMsg(True,'初始化API接口成功!');
def get_bind_token(self, token=None):
data = self.get_api_config()
s_time = time.time()
binds = []
bind = None
is_write = False
for i in range(len(data['binds'])):
if s_time - data['binds'][i]['time'] > self.timeout:
is_write = True
continue
binds.append(data['binds'][i])
if token:
if token == data['binds'][i]['token']:
bind = data['binds'][i]
else:
if not bind:
bind = data['binds'][i]
if not bind:
if len(binds) > 0:
binds = sorted(binds, key=lambda x: x['time'], reverse=True)
bind = binds[0]
else:
bind = {
"time": s_time,
"token": public.GetRandomString(18),
'status': 0
}
binds.append(bind)
is_write = True
if is_write:
data['binds'] = binds
self.save_api_config(data)
return bind
def set_panel_username():
import db
sql = db.Sql()
username = sql.table('users').where('id=?', (1, )).getField('username')
if username == 'admin':
username = public.GetRandomString(8).lower()
sql.table('users').where('id=?', (1, )).setField('username', username)
def __init__(self, plugin_name):
self.__plugin_name = plugin_name
self.__plugin_path = "/www/server/panel/plugin/%s" % plugin_name
self.__args_dir = self.__plugin_path + '/args'
self.__args_tmp = self.__args_dir + '/' + public.GetRandomString(32)
if not os.path.exists(self.__args_dir):
os.makedirs(self.__args_dir, 384)
def set_token(self, get):
if 'request_token' in get:
return public.returnMsg(False, 'CANT_SET_API_WIFTH_API')
save_path = '/www/server/panel/config/api.json'
data = json.loads(public.ReadFile(save_path))
if get.t_type == '1':
token = public.GetRandomString(32)
data['token'] = public.md5(token)
public.WriteLog('SET_API', 'REGENERATE_API_TOKEN')
elif get.t_type == '2':
data['open'] = not data['open']
stats = {
True: public.GetMsg("TURN_ON"),
False: public.GetMsg("CLOSE")
}
public.WriteLog('SET_API', 'API_INTERFACE',
(stats[data['open']], ))
token = stats[data['open']] + public.GetMsg("SUCCESS")
elif get.t_type == '3':
data['limit_addr'] = get.limit_addr.split('\n')
public.WriteLog('SET_API', 'CHANGE_IP_LIMIT', (get.limit_addr))
token = public.GetMsg("SAVE_SUCCESS")
public.WriteFile(save_path, json.dumps(data))
return public.returnMsg(True, token)
def install():
if public.M('config').where("id=?",('1',)).getField('status') == 1:
if os.path.exists('install.pl'): os.remove('install.pl');
session.clear()
return redirect('/login')
ret_login = os.path.join('/',admin_path)
if admin_path == '/' or admin_path == '/bt': ret_login = '******'
if request.method == method_get[0]:
if not os.path.exists('install.pl'): return redirect(ret_login)
data = {}
data['status'] = os.path.exists('install.pl');
data['username'] = public.GetRandomString(8).lower()
return render_template( 'install.html',data = data)
elif request.method == method_post[0]:
if not os.path.exists('install.pl'): return redirect(ret_login)
get = get_input()
if not hasattr(get,'bt_username'): return public.GetMsg("LOGIN_USER_EMPTY")
if not get.bt_username: return public.GetMsg("LOGIN_USER_EMPTY")
if not hasattr(get,'bt_password1'): return public.GetMsg("LOGIN_USER_EMPTY")
if not get.bt_password1: return public.GetMsg("LOGIN_USER_EMPTY")
if get.bt_password1 != get.bt_password2: return public.GetMsg("USER_PASSWORD_CHECK")
public.M('users').where("id=?",(1,)).save('username,password',(get.bt_username,public.md5(get.bt_password1.strip())))
os.remove('install.pl');
public.M('config').where("id=?",('1',)).setField('status',1);
data = {}
data['status'] = os.path.exists('install.pl');
data['username'] = get.bt_username;
return render_template( 'install.html',data = data)
def install():
if public.M('config').where("id=?", ('1', )).getField('status') == 1:
if os.path.exists('install.pl'): os.remove('install.pl')
return redirect('/login')
ret_login = os.path.join('/', admin_path)
if admin_path == '/' or admin_path == '/bt': ret_login = '******'
if request.method == method_get[0]:
if not os.path.exists('install.pl'): return redirect(ret_login)
data = {}
data['status'] = os.path.exists('install.pl')
data['username'] = public.GetRandomString(8).lower()
return render_template('install.html', data=data)
elif request.method == method_post[0]:
if not os.path.exists('install.pl'): return redirect(ret_login)
get = get_input()
if not hasattr(get, 'bt_username'): return '用户名不能为空!'
if not get.bt_username: return '用户名不能为空!'
if not hasattr(get, 'bt_password1'): return '密码不能为空!'
if not get.bt_password1: return '密码不能为空!'
if get.bt_password1 != get.bt_password2: return '两次输入的密码不一致,请重新输入!'
public.M('users').where("id=?", (1, )).save(
'username,password',
(get.bt_username, public.md5(get.bt_password1.strip())))
os.remove('install.pl')
public.M('config').where("id=?", ('1', )).setField('status', 1)
data = {}
data['status'] = os.path.exists('install.pl')
data['username'] = get.bt_username
return render_template('install.html', data=data)
def get_tmp_token(self,get):
save_path = '/www/server/panel/config/api.json'
if not 'request_token' in get: return public.returnMsg(False,'只能通过API接口获取临时密钥')
data = json.loads(public.ReadFile(save_path))
data['tmp_token'] = public.GetRandomString(64)
data['tmp_time'] = time.time()
public.WriteFile(save_path,json.dumps(data))
return public.returnMsg(True,data['tmp_token'])
def get_tmp_token(self, get):
if not 'request_token' in get:
return public.returnMsg(False, '只能通过API接口获取临时密钥')
data = self.get_api_config()
data['tmp_token'] = public.GetRandomString(64)
data['tmp_time'] = time.time()
self.save_api_config(data)
return public.returnMsg(True, data['tmp_token'])
def __init__(self):
if not os.path.exists(self._save_path):
os.makedirs(self._save_path, 384)
if not os.path.exists(self._pass_file):
public.writeFile(self._pass_file, public.GetRandomString(16))
public.set_mode(self._pass_file, 600)
if not self._pass_str:
self._pass_str = public.readFile(self._pass_file)
def is_login(result):
if 'login' in session:
if session['login'] == True:
result = make_response(result)
request_token = public.GetRandomString(48)
session['request_token'] = request_token
result.set_cookie('request_token',request_token,max_age=86400*30)
return result
def get_tmp_token(self,get):
save_path = '/www/server/panel/config/api.json'
if not 'request_token' in get: return public.returnMsg(False,'Temporary key can only be obtained through the API interface')
data = json.loads(public.ReadFile(save_path))
data['tmp_token'] = public.GetRandomString(64)
data['tmp_time'] = time.time()
public.WriteFile(save_path,json.dumps(data))
return public.returnMsg(True,data['tmp_token'])
def blind_qrcode(self, get):
'''
生成绑定二维码
'''
panel_addr = public.getPanelAddr()
token = public.GetRandomString(32)
data = '%s:%s' % (token, int(time.time()))
public.writeFile(self.app_path + 'token.pl', data)
public.writeFile(self.app_path_p + 'token.pl', data)
qrcode_str = 'https://app.bt.cn/app.html?panel_url=' + panel_addr + '&panel_token=' + token + '?blind'
return public.returnMsg(True, qrcode_str)
def GetServerToken(self,get):
password = public.M('users').where('id=?',(1,)).getField('password');
if password != public.md5(get.password): return public.returnMsg(False,'密码验证失败!');
tokenFile = '/www/server/panel/plugin/safelogin/token.pl';
if not os.path.exists(tokenFile):
tokenStr = public.GetRandomString(64);
public.writeFile(tokenFile,tokenStr);
else:
tokenStr = public.readFile(tokenFile);
public.ExecShell('chattr +i ' + tokenFile);
return tokenStr.strip();
def get_tmp_token(self, get):
if not 'request_token' in get:
return public.returnMsg(
False,
'Temporary keys can only be obtained through the API interface'
)
data = self.get_api_config()
data['tmp_token'] = public.GetRandomString(64)
data['tmp_time'] = time.time()
self.save_api_config(data)
return public.returnMsg(True, data['tmp_token'])
def CheckDomain(self,get):
try:
epass = public.GetRandomString(32);
spath = get.path + '/.well-known/pki-validation';
if not os.path.exists(spath): os.system("mkdir -p '" + spath + "'");
public.writeFile(spath + '/fileauth.txt',epass);
result = public.httpGet('http://' + get.domain + '/.well-known/pki-validation/fileauth.txt');
if result == epass: return True
return False
except:
return False
def GET(self):
import json,time
get = web.input();
tokenFile = 'data/token.json'
if not os.path.exists(self.tokenFile): return json.dumps(public.returnMsg(False,'错误:当前未开启API接口服务!'));
token = json.loads(public.readFile(tokenFile));
if get.access_key != token['access_key'] or get.secret_key != token['secret_key']:
return json.dumps(public.returnMsg(False,'密钥验证失败!'));
tempToken = {}
tempToken['token'] = public.GetRandomString(32);
tempToken['timeout'] = time.time() + 86400;
public.writeFile('data/tempToken.json',json.dumps(tempToken));
tempToken['status'] = True;
return json.dumps(tempToken);
def FileSlipt(self,lpath,csize = 4096):
csize = csize*1024
f = open(lpath,"rb")
# 生成文件识别编码
fid = public.GetRandomString(16)
# 统计需要切片数量
bags = int(math.ceil(float(os.path.getsize(lpath))/float(csize)))
cut = 1
if not os.path.exists("/PythonFileSplit"):
os.mkdir("/PythonFileSplit")
os.mkdir("/PythonFileSplit/"+fid)
while cut != bags+1:
c = open("/PythonFileSplit/"+fid+"/"+fid+"_"+str(cut)+".cut","wb")
fdata = f.read(csize)
c.write(fdata)
c.close()
cut = cut + 1
return json.dumps({"fid":fid,"bags":bags})
def set_panel_username(username=None):
import db
sql = db.Sql()
if username:
if len(username) < 5:
print(public.GetMsg("USER_NAME_LEN_ERR"))
return
if username in ['admin', 'root']:
print(public.GetMsg("EASY_NAME"))
return
sql.table('users').where('id=?', (1, )).setField('username', username)
print(public.GetMsg("NEW_NAME", (username, )))
return
username = sql.table('users').where('id=?', (1, )).getField('username')
if username == 'admin':
username = public.GetRandomString(8).lower()
sql.table('users').where('id=?', (1, )).setField('username', username)
print('username: ' + username)
def set_token(self,get):
if 'request_token' in get: return public.returnMsg(False,'不能通过API接口配置API')
save_path = '/www/server/panel/config/api.json'
data = json.loads(public.ReadFile(save_path))
if get.t_type == '1':
token = public.GetRandomString(32)
data['token'] = public.md5(token)
public.WriteLog('API配置','重新生成API-Token')
elif get.t_type == '2':
data['open'] = not data['open']
stats = {True:'开启',False:'关闭'}
public.WriteLog('API配置','%sAPI接口' % stats[data['open']])
token = stats[data['open']] + '成功!'
elif get.t_type == '3':
data['limit_addr'] = get.limit_addr.split('\n')
public.WriteLog('API配置','变更IP限制为[%s]' % get.limit_addr)
token ='保存成功!'
public.WriteFile(save_path,json.dumps(data))
return public.returnMsg(True,token)
def set_panel_username(username=None):
import db
sql = db.Sql()
if username:
if len(username) < 5:
print("|-错误,用户名长度不能少于5位")
return
if username in ['admin', 'root']:
print("|-错误,不能使用过于简单的用户名")
return
sql.table('users').where('id=?', (1, )).setField('username', username)
print("|-新用户名: %s" % username)
return
username = sql.table('users').where('id=?', (1, )).getField('username')
if username == 'admin':
username = public.GetRandomString(8).lower()
sql.table('users').where('id=?', (1, )).setField('username', username)
print('username: ' + username)
def get_token(self, get):
data = self.get_api_config()
if not 'key' in data:
data['key'] = public.GetRandomString(16)
public.writeFile(self.save_path, json.dumps(data))
if 'token_crypt' in data:
data['token'] = public.de_crypt(data['token'], data['token_crypt'])
else:
data['token'] = "***********************************"
data['limit_addr'] = '\n'.join(data['limit_addr'])
data['bind'] = self.get_bind_token()
qrcode = (public.getPanelAddr() + "|" + data['token'] + "|" +
data['key'] + '|' + data['bind']['token']).encode('utf-8')
data['qrcode'] = public.base64.b64encode(qrcode).decode('utf-8')
data['apps'] = sorted(data['apps'],
key=lambda x: x['time'],
reverse=True)
del (data['key'])
return data
def addSlaveByMaster(self, get):
'''
开启权限 允许从服务器连接
get = {
'db':'*',
'master_ip':'192.168.1.242',
}
'''
self._mysql.execute('unlock tables;')
passwd = public.GetRandomString(32)
data = "%s:%s:%s" % (get['master_ip'], get['db'], passwd)
public.ExecShell("echo '%s' > %stoken.pl" %
(data, self.masterslave_path))
'''
秘钥包含:server_id, uesr, passwd, all_user_id, master_ip, panel_addr, db
'''
all_user_id = self.__getAllUserId()
my_panel_addr = public.getPanelAddr()
secret_key = self.__encodeKey(self.my_id, self.user_name, passwd, all_user_id, get['master_ip'],
my_panel_addr, get['db'], self.my_id, self.my_version)
print secret_key
return public.returnMsg(True, secret_key)
def set_token(self, get):
import json
#panel_password = public.M('users').where('id=?',(1,)).getField('password')
#if not public.md5(get.panel_password.strip()) == panel_password: return public.returnMsg(False,'面板密码错误!')
if 'request_token' in get:
return public.returnMsg(False, '不能通过API接口配置API')
save_path = '/www/server/panel/config/api.json'
data = json.loads(public.ReadFile(save_path))
if get.t_type == '1':
token = public.GetRandomString(32)
data['token'] = public.md5(token)
public.WriteLog('API配置', '重新生成API-Token')
elif get.t_type == '2':
data['open'] = not data['open']
stats = {True: '开启', False: '关闭'}
public.WriteLog('API配置', '%sAPI接口' % stats[data['open']])
token = stats[data['open']] + '成功!'
elif get.t_type == '3':
data['limit_addr'] = get.limit_addr.split('\n')
public.WriteLog('API配置', '变更IP限制为[%s]' % get.limit_addr)
token = '保存成功!'
public.WriteFile(save_path, json.dumps(data))
return public.returnMsg(True, token)
def set_request_token(self):
session['request_token_head'] = public.GetRandomString(48)
