def process(self, msgid, message):
self.syslog.info("accept auth message @ %s : %r" % (self.listen, utils.safeunicode(message)))
@self.cache.cache("get_account_by_username", expire=600)
def get_account_by_username(username):
return self.db.query(models.TrAccount).filter_by(account_number=username).first()
@self.cache.cache("get_product_by_id", expire=600)
def get_product_by_id(product_id):
return self.db.query(models.TrProduct).filter_by(id=product_id).first()
try:
req_msg = apibase.parse_request(self.secret, message)
if "username" not in req_msg:
raise ValueError("username is empty")
except Exception as err:
resp = apibase.make_response(self.secret, code=1, msg=utils.safestr(err.message))
self.agent.reply(msgid, resp)
return
try:
username = req_msg["username"]
account = get_account_by_username(username)
if not account:
apibase.make_response(
self.secret, code=1, msg=u"user {0} not exists".format(utils.safeunicode(username))
)
self.agent.reply(msgid, resp)
return
passwd = self.app.aes.decrypt(account.password)
product = get_product_by_id(account.product_id)
result = dict(
code=0,
msg="success",
username=username,
passwd=passwd,
input_rate=product.input_max_limit,
output_rate=product.output_max_limit,
attrs={"Session-Timeout": 86400, "Acct-Interim-Interval": 300},
)
resp = apibase.make_response(self.secret, **result)
self.agent.reply(msgid, resp)
self.syslog.info("send auth response %r" % (utils.safeunicode(resp)))
except Exception as err:
self.syslog.error(u"api authorize error %s" % utils.safeunicode(err.message))
resp = apibase.make_response(self.secret, code=1, msg=utils.safestr(err.message))
return self.agent.reply(msgid, resp)
def check_sign(self, msg, debug=True):
if "sign" not in msg:
return False
sign = msg['sign']
params = [utils.safestr(msg[k]) for k in msg if k != 'sign']
local_sign = self.mksign(params)
return sign == local_sign
def mksign(self, params=[], debug=True):
_params = [utils.safestr(p) for p in params if p is not None]
_params.sort()
_params.insert(0, self.settings.config.defaults.secret)
strs = ''.join(_params)
mds = md5(strs.encode()).hexdigest()
return mds.upper()
def post(url,data=None,**kwargs):
return treq.post(url, data=safestr(data), pool=pool,data_to_body_producer=StringProducer,**kwargs)