def patch(self, *args, **kwargs):
### 审批
data = json.loads(self.request.body.decode("utf-8"))
list_id = data.get('list_id', None)
start_time = data.get('start_time', None)
nickname = self.get_current_nickname()
if not list_id or not start_time:
return self.write(dict(code=-1, msg='订单ID和开始时间不能为空'))
with DBContext('r') as session:
task_info = session.query(TaskList).filter(TaskList.list_id == list_id).first()
admin_user = literal_eval(task_info.associated_user).get("admin")
if nickname in admin_user or self.is_superuser:
with DBContext('w', None, True) as session:
session.query(TaskList).filter(TaskList.list_id == list_id).update(
{TaskList.schedule: 'ready', TaskList.start_time: start_time, TaskList.status: '1',
TaskList.executor: nickname})
session.query(TaskSched).filter(TaskSched.list_id == list_id, TaskSched.task_status == '0').update(
{TaskSched.task_status: '1'})
redis_conn = cache_conn()
try:
time_array = time.strptime(start_time, '%Y-%m-%d %H:%M')
except:
time_array = time.strptime(start_time, '%Y-%m-%d %H:%M:%S')
start_time = time.mktime(time_array)
redis_conn.set('task_id_{}_start_time'.format(list_id), start_time)
redis_conn.expire('task_id_{}_start_time'.format(list_id), 2592000)
return self.write(dict(code=0, msg='任务开始成功'))
else:
return self.write(dict(code=-2, msg="你没有审批权限"))
def get_user_rules(user_id, is_superuser=False):
page_data = {}
component_data = {}
with DBContext('r') as session:
this_menus = session.query(Menus.menu_name).outerjoin(
RoleMenus, Menus.menu_id == RoleMenus.menu_id).outerjoin(
UserRoles, RoleMenus.role_id == UserRoles.role_id).filter(
UserRoles.user_id == user_id).all()
this_components = session.query(Components.component_name).outerjoin(
RolesComponents,
Components.comp_id == RolesComponents.comp_id).outerjoin(
UserRoles,
RolesComponents.role_id == UserRoles.role_id).filter(
UserRoles.user_id == user_id).all()
for p in this_menus:
page_data[p[0]] = True
for c in this_components:
component_data[c[0]] = True
## 插入一个没有权限的
if is_superuser:
page_data['all'] = True
component_data['all'] = True
else:
page_data['all'] = False
component_data['all'] = False
redis_conn = cache_conn()
redis_conn.hmset("{}_rules".format(user_id),
dict(page=page_data, component=component_data))
def post(self, *args, **kwargs):
### 发送邮件
data = json.loads(self.request.body.decode('utf-8'))
to_list = data.get('to_list', None)
subject = data.get('subject', None)
content = data.get('content', None)
subtype = data.get('subtype', None)
att = data.get('att', None)
redis_conn = cache_conn()
if not to_list and not subject and not content:
return self.write(dict(code=-1, msg='收件人、邮件标题、邮件内容不能为空'))
configs_init('all')
config_info = redis_conn.hgetall(const.APP_SETTINGS)
config_info = convert(config_info)
try:
obj = SendMail(
mail_host=config_info.get(const.EMAIL_HOST),
mail_port=config_info.get(const.EMAIL_PORT),
mail_user=config_info.get(const.EMAIL_HOST_USER),
mail_password=config_info.get(const.EMAIL_HOST_PASSWORD),
mail_ssl=True
if config_info.get(const.EMAIL_USE_SSL) == '1' else False)
obj.send_mail(to_list, subject, content, subtype=subtype, att=att)
return self.write(dict(code=0, msg='邮件发送成功'))
except Exception as e:
return self.write(dict(code=-1, msg='邮件发送失败 {}'.format(str(e))))
def post(self, *args, **kwargs):
data = json.loads(self.request.body.decode('utf-8'))
check_key = data.get('check_key')
user_id = self.get_current_id()
redis_conn = cache_conn()
config_info = redis_conn.hgetall(const.APP_SETTINGS)
config_info = convert(config_info)
if check_key == 'EMAIL':
with DBContext('r') as session:
mail_to = session.query(Users.email).filter(Users.user_id == user_id).first()
obj = SendMail(mail_host=config_info.get(const.EMAIL_HOST), mail_port=config_info.get(const.EMAIL_PORT),
mail_user=config_info.get(const.EMAIL_HOST_USER),
mail_password=config_info.get(const.EMAIL_HOST_PASSWORD),
mail_ssl=True if config_info.get(const.EMAIL_USE_SSL) == '1' else False)
obj.send_mail(mail_to[0], 'OPS测试邮件', '测试发送邮件成功', subtype='plain')
return self.write(dict(code=0, msg='测试邮件已经发送'))
elif check_key == 'SMS':
obj = SendSms(config_info.get(const.SMS_REGION), config_info.get(const.SMS_DOMAIN),
config_info.get(const.SMS_PRODUCT_NAME), config_info.get(const.SMS_ACCESS_KEY_ID),
config_info.get(const.SMS_ACCESS_KEY_SECRET))
query_response = obj.query_send_detail('', '11111111111', 1, 1, time.strftime("%Y%m%d", time.localtime()))
query_response = json.loads(query_response.decode('utf-8'))
if query_response.get("Message") == "OK":
return self.write(dict(code=0, msg='测试短信成功'))
else:
return self.write(dict(code=-2, msg='测试短信失败{}'.format(str(query_response))))
else:
return self.write(dict(code=-1, msg='未知测试项目'))
def post(self, *args, **kwargs):
### 发送邮件
data = json.loads(self.request.body.decode('utf-8'))
phone = data.get('phone', None)
msg = data.get('msg', None) # json格式 对应短信模板里设置的参数
template_code = data.get('template_code', None)
sign_name = data.get('sign_name', 'OPS')
redis_conn = cache_conn()
if not phone and not msg and not template_code:
return self.write(dict(code=-1, msg='收件人、邮件标题、邮件内容不能为空'))
configs_init('all')
config_info = redis_conn.hgetall(const.APP_SETTINGS)
config_info = convert(config_info)
try:
obj = SendSms(config_info.get(const.SMS_REGION),
config_info.get(const.SMS_DOMAIN),
config_info.get(const.SMS_PRODUCT_NAME),
config_info.get(const.SMS_ACCESS_KEY_ID),
config_info.get(const.SMS_ACCESS_KEY_SECRET))
params = json.dumps(msg)
sms_response = obj.send_sms(phone,
template_param=params,
sign_name=sign_name,
template_code=template_code)
sms_response = json.loads(sms_response.decode('utf-8'))
if sms_response.get("Message") == "OK":
return self.write(dict(code=0, msg='短信发送成功'))
else:
return self.write(
dict(code=-2, msg='短信发送失败{}'.format(str(sms_response))))
except Exception as e:
return self.write(dict(code=-1, msg='短信发送失败 {}'.format(str(e))))
def put(self, *args, **kwargs):
### 处理全部需要手动干预的任务
data = json.loads(self.request.body.decode("utf-8"))
list_id = data.get('list_id', None)
hand_task = data.get('hand_task', None)
if not list_id:
return self.write(dict(code=-1, msg='订单ID 不能为空'))
if not hand_task:
return self.write(dict(code=-2, msg='任务名称不正确'))
with DBContext('w', None, True) as session:
session.query(TaskSched).filter(TaskSched.list_id == list_id, TaskSched.task_name == hand_task).update(
{TaskSched.task_status: '1'})
data_info = session.query(TaskSched).filter(TaskSched.list_id == list_id,
TaskSched.task_name == hand_task).all()
redis_conn = cache_conn()
redis_pipe = redis_conn.pipeline()
for msg in data_info:
data_dict = model_to_dict(msg)
hash_key = "task_{}_{}_{}".format(list_id, data_dict["task_group"], data_dict["exec_ip"])
redis_pipe.hset(hash_key, data_dict["task_level"], '1')
redis_pipe.expire(hash_key, 2592000)
redis_pipe.execute()
return self.write(dict(code=0, msg='审核干预成功'))
def put(self, *args, **kwargs):
if not self.is_superuser:
return self.write(dict(code=-1, msg='不是超级管理员,没有权限'))
data = json.loads(self.request.body.decode("utf-8"))
user_list = data.get('user_list', None)
if len(user_list) != 1:
return self.write(dict(code=-2, msg='一次只能选择一个用户,且不能为空'))
user_id = user_list[0]
with DBContext('r') as session:
user_info = session.query(Users).filter(
Users.user_id == user_id).first()
### 生成token
if user_info.superuser == '0':
is_superuser = True
else:
is_superuser = False
token_info = dict(user_id=user_id,
username=user_info.username,
nickname=user_info.nickname,
is_superuser=is_superuser,
exp_time=1100)
auth_token = AuthToken()
auth_key = auth_token.encode_auth_token_v2(**token_info)
if isinstance(auth_key, bytes): auth_key = auth_key.decode()
redis_conn = cache_conn()
configs_init('all')
config_info = redis_conn.hgetall(const.APP_SETTINGS)
config_info = convert(config_info)
obj = SendMail(
mail_host=config_info.get(const.EMAIL_HOST),
mail_port=config_info.get(const.EMAIL_PORT),
mail_user=config_info.get(const.EMAIL_HOST_USER),
mail_password=config_info.get(const.EMAIL_HOST_PASSWORD),
mail_ssl=True
if config_info.get(const.EMAIL_USE_SSL) == '1' else False,
mail_tls=True
if config_info.get(const.EMAIL_USE_TLS) == '1' else False)
with DBContext('w', None, True) as session:
mail_to = session.query(Users.email).filter(
Users.user_id == self.get_current_id()).first()
if mail_to[0] == user_info.email:
obj.send_mail(mail_to[0], '令牌,有效期三年', auth_key, subtype='plain')
else:
obj.send_mail(mail_to[0], '令牌,有效期三年', auth_key, subtype='plain')
obj.send_mail(user_info.email,
'令牌,有效期三年',
auth_key,
subtype='plain')
return self.write(dict(code=0, msg='Token已经发送到邮箱', data=auth_key))
def get(self, *args, **kwargs):
user_id = self.get_current_id()
redis_conn = cache_conn()
page = redis_conn.hget("{}_rules".format(user_id), 'page')
component = redis_conn.hget("{}_rules".format(user_id), 'component')
data = dict(rules=dict(page=literal_eval(convert(page)), component=literal_eval(convert(component))))
return self.write(dict(data=data, code=0, msg='获取前端权限成功'))
def __init__(self, **settings):
if configs.can_import:
configs.import_dict(**settings)
self.redis_conn = cache_conn()
super(DealMQ, self).__init__(exchange='task_scheduler',
exchange_type='direct',
routing_key='the_task_id',
queue_name='deal_task_scheduler',
no_ack=False)
def get(self, *args, **kwargs):
key = self.get_argument('key', default=None, strip=True)
value = self.get_argument('value', default=None, strip=True)
page_size = self.get_argument('page', default=1, strip=True)
limit = self.get_argument('limit', default=30, strip=True)
limit_start = (int(page_size) - 1) * int(limit)
user_list = []
with DBContext('r') as session:
if key and value:
count = session.query(Users).filter(
Users.status != '10').filter_by(**{
key: value
}).count()
user_info = session.query(Users).filter(
Users.status != '10').filter_by(**{
key: value
}).order_by(Users.user_id).offset(limit_start).limit(
int(limit))
else:
count = session.query(Users).filter(
Users.status != '10').count()
user_info = session.query(Users).filter(
Users.status != '10').order_by(
Users.user_id).offset(limit_start).limit(int(limit))
all_user = session.query(Users).filter(Users.status != '10').all()
if int(limit) > 200:
user_info = all_user
for msg in user_info:
data_dict = model_to_dict(msg)
data_dict.pop('password')
data_dict.pop('google_key')
data_dict['last_login'] = str(data_dict['last_login'])
data_dict['ctime'] = str(data_dict['ctime'])
user_list.append(data_dict)
redis_conn = cache_conn()
redis_conn.delete(const.USERS_INFO) ### 清空集合数据
with redis_conn.pipeline(transaction=False) as p:
for msg in all_user:
data_dict = model_to_dict(msg)
data_dict.pop('password')
data_dict.pop('google_key')
data_dict['last_login'] = str(data_dict['last_login'])
data_dict['ctime'] = str(data_dict['ctime'])
nickname_key = bytes(data_dict['nickname'] + '__contact',
encoding='utf-8')
p.hmset(nickname_key, {
"tel": data_dict["tel"],
"email": data_dict["email"]
})
p.sadd(const.USERS_INFO, json.dumps(data_dict))
p.execute()
self.write(dict(code=0, msg='获取用户成功', count=count, data=user_list))
def post(self, *args, **kwargs):
data = json.loads(self.request.body.decode('utf-8'))
check_key = data.get('check_key')
user_id = self.get_current_id()
redis_conn = cache_conn()
config_info = redis_conn.hgetall(const.APP_SETTINGS)
config_info = convert(config_info)
if check_key == 'EMAIL':
with DBContext('r') as session:
mail_to = session.query(
Users.email).filter(Users.user_id == user_id).first()
send_list = [mail_to[0], 'OPS测试邮件', '测试发送邮件成功', 'plain', None]
res = yield self.send_mail_pool(send_list, config_info)
return self.write(res)
elif check_key == 'SMS':
obj = SendSms(config_info.get(const.SMS_REGION),
config_info.get(const.SMS_DOMAIN),
config_info.get(const.SMS_PRODUCT_NAME),
config_info.get(const.SMS_ACCESS_KEY_ID),
config_info.get(const.SMS_ACCESS_KEY_SECRET))
query_response = obj.query_send_detail(
'', '11111111111', 1, 1,
time.strftime("%Y%m%d", time.localtime()))
query_response = json.loads(query_response.decode('utf-8'))
if query_response.get("Message") == "OK":
return self.write(dict(code=0, msg='测试短信成功'))
else:
return self.write(
dict(code=-2, msg='测试短信失败{}'.format(str(query_response))))
elif check_key == 'LDAP':
ldap_ssl = True if config_info.get(
const.LDAP_USE_SSL) == '1' else False
obj = LdapApi(config_info.get(const.LDAP_SERVER_HOST),
config_info.get(const.LDAP_ADMIN_DN),
config_info.get(const.LDAP_ADMIN_PASSWORD),
int(config_info.get(const.LDAP_SERVER_PORT, 389)),
ldap_ssl)
if obj.ldap_server_test():
return self.write(dict(code=0, msg='LDAP连接测试成功'))
else:
return self.write(dict(code=-1, msg='LDAP连接测试不成功,请仔细检查配置'))
else:
return self.write(dict(code=-1, msg='未知测试项目'))
def codo_csrf(self):
# 验证客户端CSRF,如请求为GET,则不验证,否则验证。最后将写入新的key
cache = cache_conn()
# or self.request.headers.get('X-Gitlab-Token')
if self.request.method in ("GET", "HEAD", "OPTIONS"
) or self.request.headers.get('Sdk-Method'):
pass
else:
csrf_key = self.get_cookie('csrf_key')
if not csrf_key: raise HTTPError(402, 'csrf error need csrf key')
result = cache.get(csrf_key)
cache.delete(csrf_key)
if isinstance(result, bytes): result = result.decode()
if result != '1': raise HTTPError(402, 'csrf error')
cache.set(self.new_csrf_key, '1', ex=1800)
self.set_cookie('csrf_key', self.new_csrf_key)
def configs_init(setting_key):
new_dict = {}
"""返回所有数据"""
with DBContext('r') as session:
if setting_key == 'all':
conf_info = session.query(AppSettings).all()
else:
conf_info = session.query(AppSettings).filter(
AppSettings.name.like(setting_key + '%')).all()
for msg in conf_info:
data_dict = model_to_dict(msg)
new_dict[data_dict.get('name')] = data_dict.get('value')
if new_dict:
redis_conn = cache_conn()
redis_conn.hmset(const.APP_SETTINGS, new_dict)
return dict(code=0, msg='获取配置成功', data=new_dict)
def run():
redis_conn = cache_conn()
query_keys = redis_conn.smembers('query_list')
for key in query_keys:
data = redis_conn.hgetall(key)
new_data = {}
try:
for k, v in data.items():
new_data[str(k, 'utf8')] = str(v, 'utf8')
if not new_data:
redis_conn.srem('query_list', key)
if new_data['status'] == '1':
now = int(time.time())
if now >= int(new_data['next_time']):
do_sql(redis_conn, key, new_data)
except Exception as e:
traceback.print_exc(e)
def post(self, *args, **kwargs):
### 发送邮件
data = json.loads(self.request.body.decode('utf-8'))
to_list = data.get('to_list', None)
subject = data.get('subject', None)
content = data.get('content', None)
subtype = data.get('subtype', None)
att = data.get('att', None)
redis_conn = cache_conn()
if not to_list and not subject and not content:
return self.write(dict(code=-1, msg='收件人、邮件标题、邮件内容不能为空'))
configs_init('all')
config_info = redis_conn.hgetall(const.APP_SETTINGS)
config_info = convert(config_info)
send_list = [to_list, subject, content, subtype, att]
res = yield self.send_mail_pool(send_list, config_info)
return self.write(res)
def post(self, *args, **kwargs):
### 发送短信
data = json.loads(self.request.body.decode('utf-8'))
phone = data.get('phone', None)
msg = data.get('msg', None) # json格式 对应短信模板里设置的参数
template_code = data.get('template_code', None)
sign_name = data.get('sign_name', 'OPS')
redis_conn = cache_conn()
if not phone and not msg and not template_code:
return self.write(dict(code=-1, msg='收件人、邮件标题、邮件内容不能为空'))
configs_init('all')
config_info = redis_conn.hgetall(const.APP_SETTINGS)
config_info = convert(config_info)
#
send_list = [phone, msg, sign_name, template_code]
res = yield self.send_sms_pool(send_list, config_info)
return self.write(res)
def put(self, *args, **kwargs):
if not self.is_superuser:
return self.write(dict(code=-1, msg='不是超级管理员,没有权限'))
data = json.loads(self.request.body.decode("utf-8"))
user_list = data.get('user_list', None)
if len(user_list) < 1:
return self.write(dict(code=-1, msg='用户不能为空'))
redis_conn = cache_conn()
configs_init('all')
config_info = redis_conn.hgetall(const.APP_SETTINGS)
config_info = convert(config_info)
obj = SendMail(
mail_host=config_info.get(const.EMAIL_HOST),
mail_port=config_info.get(const.EMAIL_PORT),
mail_user=config_info.get(const.EMAIL_HOST_USER),
mail_password=config_info.get(const.EMAIL_HOST_PASSWORD),
mail_ssl=True
if config_info.get(const.EMAIL_USE_SSL) == '1' else False,
mail_tls=True
if config_info.get(const.EMAIL_USE_TLS) == '1' else False)
with DBContext('w', None, True) as session:
for user_id in user_list:
mfa = base64.b32encode(
bytes(str(shortuuid.uuid() + shortuuid.uuid())[:-9],
encoding="utf-8")).decode("utf-8")
session.query(Users).filter(Users.user_id == user_id).update({
Users.last_ip:
'',
Users.google_key:
mfa
})
mail_to = session.query(
Users.email).filter(Users.user_id == user_id).first()
obj.send_mail(mail_to[0], '重置MFA', mfa, subtype='plain')
return self.write(dict(code=0, msg='重置MFA成功,新的MFA已经发送到邮箱'))
def put(self, *args, **kwargs):
if not self.is_superuser:
return self.write(dict(code=-1, msg='不是超级管理员,没有权限'))
data = json.loads(self.request.body.decode("utf-8"))
user_list = data.get('user_list', None)
if len(user_list) < 1:
return self.write(dict(code=-2, msg='用户不能为空'))
redis_conn = cache_conn()
configs_init('all')
config_info = redis_conn.hgetall(const.APP_SETTINGS)
config_info = convert(config_info)
obj = SendMail(
mail_host=config_info.get(const.EMAIL_HOST),
mail_port=config_info.get(const.EMAIL_PORT),
mail_user=config_info.get(const.EMAIL_HOST_USER),
mail_password=config_info.get(const.EMAIL_HOST_PASSWORD),
mail_ssl=True
if config_info.get(const.EMAIL_USE_SSL) == '1' else False,
mail_tls=True
if config_info.get(const.EMAIL_USE_TLS) == '1' else False)
with DBContext('w', None, True) as session:
for user_id in user_list:
md5_password = shortuuid.uuid()
new_password = gen_md5(md5_password)
session.query(Users).filter(Users.user_id == user_id).update(
{Users.password: new_password})
mail_to = session.query(
Users.email).filter(Users.user_id == user_id).first()
obj.send_mail(mail_to[0],
'修改密码',
md5_password,
subtype='plain')
return self.write(dict(code=0, msg='重置密码成功,新密码已经发送到邮箱'))
def __init__(self, user_id, is_superuser=False):
self.redis_conn = cache_conn()
self.user_id = user_id
self.is_superuser = is_superuser
self.method_list = ["GET", "POST", "PATCH", "DELETE", "PUT", "ALL"]
def __init__(self, user_id):
self.redis_conn = cache_conn()
self.user_id = user_id
self.method_list = ["GET", "POST", "PATCH", "DELETE", "PUT", "ALL"]
def send_alarm():
with DBContext('r', None, False, **configs) as session:
error_info = session.query(TaskList).filter(
TaskList.schedule == 'start', TaskList.status == '4',
TaskList.start_time < datetime.datetime.now()).all()
### 查找出已经发出告警的订单
old_warm = session.query(TaskMonitor).filter(
TaskMonitor.call_status == 1).all()
### 没有错误订单则返回
if not error_info:
return
old_warm_list = []
error_list = []
for o in old_warm:
old_warm_list.append(o.list_id)
old_warm_list = list(set(old_warm_list))
with DBContext('w', None, True, **configs) as session:
for i in error_info:
error_list.append(int(i.list_id))
if int(i.list_id) not in old_warm_list:
print('The task-{0} is error'.format(i.list_id))
call_info = 'ID-{} 任务-{} 类型-{}'.format(i.list_id,
i.task_name[0:25],
i.task_type[0:25])
session.add(
TaskMonitor(
list_id=int(i.list_id),
call_info=call_info,
call_level=2,
call_users=','.join(
list(literal_eval(i.associated_user).values())[0]),
call_status=0))
### 错误记录里面里面的订单已经修复
for o in old_warm_list:
if int(o) not in error_list:
session.query(TaskMonitor).filter(
TaskMonitor.list_id == int(o)).delete(
synchronize_session=False)
### 删除报警记录
session.query(TaskMonitor).filter(
TaskMonitor.ctime < time.localtime(time.time() - 6000)).delete(
synchronize_session=False)
session.commit()
time.sleep(1)
### 告警
with DBContext('r', None, False, **configs) as session:
my_call = session.query(TaskMonitor).filter(
TaskMonitor.call_status == 0).all()
### 如果没有告警信息,则返回
if not len(my_call):
return
redis_conn = cache_conn()
cache_config_info = redis_conn.hgetall(const.APP_SETTINGS)
if cache_config_info:
config_info = convert(cache_config_info)
else:
config_info = configs['email_info']
### 禁用邮箱
# sm = SendMail(mail_host=config_info.get(const.EMAIL_HOST), mail_port=config_info.get(const.EMAIL_PORT),
# mail_user=config_info.get(const.EMAIL_HOST_USER),
# mail_password=config_info.get(const.EMAIL_HOST_PASSWORD),
# mail_ssl=True if config_info.get(const.EMAIL_USE_SSL) == '1' else False)
### 发送短信实例化
sms = SendSms(config_info.get(const.SMS_REGION),
config_info.get(const.SMS_DOMAIN),
config_info.get(const.SMS_PRODUCT_NAME),
config_info.get(const.SMS_ACCESS_KEY_ID),
config_info.get(const.SMS_ACCESS_KEY_SECRET))
for i in my_call:
sms_to_list = []
email_to_list = []
for user in i.call_users.split(','):
info__contact = convert(
redis_conn.hgetall(bytes(user + '__contact',
encoding='utf-8')))
if info__contact:
sms_to_list.append(info__contact['tel'])
email_to_list.append(info__contact['email'])
print(sms_to_list, email_to_list, i.call_info)
### 发送邮件
# sm.send_mail(",".join(email_to_list), '自动化订单', i.call_info)
### 以下为注释为单独报警的示例,具体根据自己的需求修改
# import sys
# sys.path.append(sys.path[0])
# print(exec_shell('python3 alert.py {} {}'.format(",".join(sms_to_list), i.call_info)))
### 发送短信
if sms_to_list:
params = {"msg": i.call_info} # 对应短信模板里设置的参数
sms.send_sms(phone_numbers=",".join(sms_to_list),
template_param=params,
sign_name=configs.get('sign_name')[0],
template_code=configs.get('template_code')[0])
### 发送完禁用
with DBContext('w', None, True, **configs) as session:
session.query(TaskMonitor).filter(TaskMonitor.call_status == 0).update(
{TaskMonitor.call_status: 1})
session.commit()
return
def post(self, *args, **kwargs):
data = json.loads(self.request.body.decode("utf-8"))
username = data.get('username', None)
password = data.get('password', None)
dynamic = data.get('dynamic', None)
if not username or not password: return self.write(dict(code=-1, msg='账号密码不能为空'))
redis_conn = cache_conn()
configs_init('all')
if is_mail(username):
login_mail = redis_conn.hget(const.APP_SETTINGS, const.EMAILLOGIN_DOMAIN)
if login_mail:
if is_mail(username, login_mail.decode('utf-8')):
email = username
username = email.split("@")[0]
email_server = redis_conn.hget(const.APP_SETTINGS, const.EMAILLOGIN_SERVER).decode('utf-8')
if not email_server:
return self.write(dict(code=-9, msg='请配置邮箱服务的SMTP服务地址'))
if not mail_login(email, password, email_server):
return self.write(dict(code=-2, msg='邮箱登陆认证失败'))
with DBContext('r') as session:
user_info = session.query(Users).filter(Users.email == email, Users.username == username,
Users.status != '10').first()
if not user_info:
return self.write(dict(code=-3, msg='邮箱认证通过,请根据邮箱完善用户信息', username=username, email=email))
else:
with DBContext('r') as session:
user_info = session.query(Users).filter(Users.username == username, Users.password == gen_md5(password),
Users.status != '10').first()
if not user_info:
# redis_conn = cache_conn()
# configs_init('all')
ldap_login = redis_conn.hget(const.APP_SETTINGS, const.LDAP_ENABLE)
ldap_login = convert(ldap_login)
if ldap_login != '1':
return self.write(dict(code=-4, msg='账号密码错误'))
### 如果开启了LDAP认证 则进行LDAP认证
else:
####
config_info = redis_conn.hgetall(const.APP_SETTINGS)
config_info = convert(config_info)
ldap_ssl = True if config_info.get(const.LDAP_USE_SSL) == '1' else False
obj = LdapApi(config_info.get(const.LDAP_SERVER_HOST), config_info.get(const.LDAP_ADMIN_DN),
config_info.get(const.LDAP_ADMIN_PASSWORD),
int(config_info.get(const.LDAP_SERVER_PORT, 389)),
ldap_ssl)
ldap_pass_info = obj.ldap_auth(username, password, config_info.get(const.LDAP_SEARCH_BASE),
config_info.get(const.LDAP_SEARCH_FILTER))
if ldap_pass_info[0]:
with DBContext('r') as session:
if not ldap_pass_info[2]:
return self.write(dict(code=-11, msg='LDAP认证成功,但是没有找到用户邮箱,请完善!'))
else:
user_info = session.query(Users).filter(Users.email == ldap_pass_info[2],
Users.username == username,
Users.status != '10').first()
if not user_info:
return self.write(dict(code=-3, msg='LDAP认证通过,完善用户信息', username=ldap_pass_info[1],
email=ldap_pass_info[2]))
else:
return self.write(dict(code=-4, msg='账号密码错误'))
if 'user_info' not in dir():
return self.write(dict(code=-4, msg='账号异常'))
if user_info.status != '0':
return self.write(dict(code=-4, msg='账号被禁用'))
is_superuser = True if user_info.superuser == '0' else False
### 如果被标记为必须动态验证切没有输入动态密钥,则跳转到二维码添加密钥的地方
### 默认为 True, False 则全局禁用MFA
mfa_global = False if convert(redis_conn.hget(const.APP_SETTINGS, const.MFA_GLOBAL)) == '1' else True
if mfa_global and user_info.google_key:
if not dynamic:
### 第一次不带MFA的认证
return self.write(dict(code=1, msg='跳转二次认证'))
else:
### 二次认证
t_otp = pyotp.TOTP(user_info.google_key)
if t_otp.now() != str(dynamic):
return self.write(dict(code=-5, msg='MFA错误'))
user_id = str(user_info.user_id)
### 生成token 并写入cookie
token_exp_hours = redis_conn.hget(const.APP_SETTINGS, const.TOKEN_EXP_TIME)
if token_exp_hours and convert(token_exp_hours):
token_info = dict(user_id=user_id, username=user_info.username, nickname=user_info.nickname,
email=user_info.email, is_superuser=is_superuser, exp_hours=token_exp_hours)
else:
token_info = dict(user_id=user_id, username=user_info.username, nickname=user_info.nickname,
email=user_info.email, is_superuser=is_superuser)
auth_token = AuthToken()
auth_key = auth_token.encode_auth_token_v2(**token_info)
login_ip_list = self.request.headers.get("X-Forwarded-For")
if login_ip_list:
login_ip = login_ip_list.split(",")[0]
with DBContext('w', None, True) as session:
session.query(Users).filter(Users.user_id == user_id).update({Users.last_ip: login_ip})
session.commit()
self.set_secure_cookie("nickname", user_info.nickname)
self.set_secure_cookie("username", user_info.username)
self.set_secure_cookie("user_id", str(user_info.user_id))
self.set_cookie('auth_key', auth_key, expires_days=1)
### 后端权限写入缓存
my_verify = MyVerify(user_id, is_superuser)
my_verify.write_verify()
### 前端权限写入缓存
# get_user_rules(user_id, is_superuser)
return self.write(dict(code=0, auth_key=auth_key.decode(), username=user_info.username,
nickname=user_info.nickname, msg='登录成功'))
def __init__(self, channel='task_log', **settings):
if configs.can_import:
configs.import_dict(**settings)
self.redis_conn = cache_conn()
self.channel = channel # 定义频道名称
self.__settings = settings
def patch(self, *args, **kwargs):
data = json.loads(self.request.body.decode("utf-8"))
list_id = data.get('list_id', None)
task_group = data.get('task_group', None)
task_level = data.get('task_level', None)
exec_ip = data.get('exec_ip', None)
hand_type = data.get('hand_type', None)
if not list_id or not task_group or not task_level or not exec_ip:
return self.write(dict(code=-1, msg='缺少必要参数'))
if not hand_type:
return self.write(dict(code=-1, msg='执行类型不能为空'))
hash_key = "task_{}_{}_{}".format(list_id, task_group, exec_ip)
redis_conn = cache_conn()
if hand_type == "execute":
s_id = data.get('scheduler_id', None)
if s_id:
with DBContext('w', None, True) as session:
session.query(TaskSched).filter(TaskSched.sched_id == s_id).update({TaskSched.task_status: '1'})
redis_conn.hset(hash_key, task_level, '1')
redis_conn.expire(hash_key, 2592000)
return self.write(dict(code=0, msg='审核执行成功'))
else:
return self.write(dict(code=-2, msg='审批执行任务参数缺失'))
elif hand_type == "restart":
with DBContext('w', None, True) as session:
session.query(TaskSched).filter(TaskSched.list_id == list_id, TaskSched.task_group == task_group,
TaskSched.exec_ip == exec_ip, TaskSched.task_status != '5',
TaskSched.task_status != '7',
TaskSched.task_level >= task_level).update({TaskSched.task_status: '1'})
session.query(TaskSched).filter(TaskSched.list_id == list_id, TaskSched.task_group == task_group,
TaskSched.exec_ip == exec_ip, TaskSched.task_status != '5',
TaskSched.task_status != '7',
TaskSched.task_level < task_level).update({TaskSched.task_status: '3'})
data_info = session.query(TaskSched.task_level, TaskSched.task_status).filter(
TaskSched.list_id == list_id,
TaskSched.task_group == task_group,
TaskSched.exec_ip == exec_ip).all()
level_status = {}
for s in data_info:
if s[1] not in ['5', '7']:
if s[0] >= task_level:
level_status[s[0]] = s[1]
else:
level_status[s[0]] = '3'
print(level_status)
redis_conn.hmset(hash_key, level_status)
redis_conn.expire(hash_key, 2592000)
return self.write(dict(code=0, msg='重新执行成功'))
elif hand_type == "stop_one":
with DBContext('w', None, True) as session:
session.query(TaskSched).filter(TaskSched.list_id == list_id, TaskSched.task_group == task_group,
TaskSched.exec_ip == exec_ip).update({TaskSched.task_status: '3'})
data_info = session.query(TaskSched.task_level).filter(TaskSched.list_id == list_id,
TaskSched.task_group == task_group,
TaskSched.exec_ip == exec_ip).all()
level_status = {}
for s in data_info:
level_status[s[0]] = '3'
redis_conn.hmset(hash_key, level_status)
redis_conn.expire(hash_key, 2592000)
return self.write(dict(code=0, msg='终止此组任务成功'))
else:
return self.write(dict(code=-5, msg='错误任务类型'))
def post(self, *args, **kwargs):
data = json.loads(self.request.body.decode("utf-8"))
username = data.get('username', None)
nickname = data.get('nickname', None)
password = data.get('password', None)
department = data.get('department', None)
tel = data.get('tel', None)
wechat = data.get('wechat', None)
no = data.get('no', None)
email = data.get('email', None)
if not username or not nickname or not department or not tel or not wechat or not no or not email:
return self.write(dict(code=-1, msg='参数不能为空'))
with DBContext('r') as session:
user_info1 = session.query(Users).filter(
Users.username == username).first()
user_info2 = session.query(Users).filter(Users.tel == tel).first()
user_info3 = session.query(Users).filter(
Users.email == email).first()
user_info4 = session.query(Users).filter(
Users.nickname == nickname).first()
if user_info1:
return self.write(dict(code=-2, msg='用户名已注册'))
if user_info2:
return self.write(dict(code=-3, msg='手机号已注册'))
if user_info3:
return self.write(dict(code=-4, msg='邮箱已注册'))
if user_info4:
return self.write(dict(code=-4, msg='昵称已注册'))
if not password:
md5_password = shortuuid.uuid()
password = gen_md5(md5_password)
else:
if not check_password(password):
return self.write(
dict(code=-5, msg='密码复杂度必须为: 超过8位,包含数字,大小写字母 等'))
password = gen_md5(password)
mfa = base64.b32encode(
bytes(str(shortuuid.uuid() + shortuuid.uuid())[:-9],
encoding="utf-8")).decode("utf-8")
redis_conn = cache_conn()
configs_init('all')
config_info = redis_conn.hgetall(const.APP_SETTINGS)
config_info = convert(config_info)
obj = SendMail(
mail_host=config_info.get(const.EMAIL_HOST),
mail_port=config_info.get(const.EMAIL_PORT),
mail_user=config_info.get(const.EMAIL_HOST_USER),
mail_password=config_info.get(const.EMAIL_HOST_PASSWORD),
mail_ssl=True
if config_info.get(const.EMAIL_USE_SSL) == '1' else False,
mail_tls=True
if config_info.get(const.EMAIL_USE_TLS) == '1' else False)
with DBContext('w', None, True) as session:
session.add(
Users(username=username,
password=password,
nickname=nickname,
department=department,
tel=tel,
wechat=wechat,
no=no,
email=email,
google_key=mfa,
superuser='******'))
obj.send_mail(email,
'用户注册成功',
'密码为:{} \n MFA:{}'.format(password, mfa),
subtype='plain')
return self.write(
dict(code=0, msg='恭喜你! 注册成功,赶紧联系管理员给你添加权限吧!!!', mfa=mfa))
def post(self, *args, **kwargs):
data = json.loads(self.request.body.decode("utf-8"))
username = data.get('username', None)
password = data.get('password', None)
dynamic = data.get('dynamic', None)
next_url = data.get('next_url', None)
if not username or not password:
return self.write(dict(code=-1, msg='账号密码不能为空'))
if is_mail(username):
redis_conn = cache_conn()
configs_init('all')
login_mail = redis_conn.hget(const.APP_SETTINGS,
const.EMAILLOGIN_DOMAIN)
if login_mail:
if is_mail(username, login_mail.decode('utf-8')):
email = username
username = email.split("@")[0]
email_server = redis_conn.hget(
const.APP_SETTINGS,
const.EMAILLOGIN_SERVER).decode('utf-8')
if not email_server:
return self.write(dict(code=-9,
msg='请配置邮箱服务的SMTP服务地址'))
if not mail_login(email, password, email_server):
return self.write(dict(code=-2, msg='邮箱登陆认证失败'))
with DBContext('r') as session:
user_info = session.query(Users).filter(
Users.email == email, Users.username == username,
Users.status != '10').first()
if not user_info:
return self.write(
dict(code=-3,
msg='邮箱认证通过,请根据邮箱完善用户信息',
email=email))
else:
with DBContext('r') as session:
user_info = session.query(Users).filter(
Users.username == username,
Users.password == gen_md5(password),
Users.status != '10').first()
if not user_info:
return self.write(dict(code=-4, msg='账号密码错误'))
if user_info.status != '0':
return self.write(dict(code=-4, msg='账号被禁用'))
if user_info.superuser == '0':
is_superuser = True
else:
is_superuser = False
### 如果被标记为必须动态验证切没有输入动态密钥,则跳转到二维码添加密钥的地方
if user_info.google_key:
totp = pyotp.TOTP(user_info.google_key)
if dynamic:
if totp.now() != str(dynamic):
return self.write(dict(code=-5, msg='MFA错误'))
else:
return self.write(dict(code=-8, msg='请输入MFA'))
user_id = str(user_info.user_id)
### 生成token 并写入cookie
token_info = dict(user_id=user_id,
username=user_info.username,
nickname=user_info.nickname,
is_superuser=is_superuser)
auth_token = AuthToken()
auth_key = auth_token.encode_auth_token(**token_info)
login_ip_list = self.request.headers.get("X-Forwarded-For")
if login_ip_list:
login_ip = login_ip_list.split(",")[0]
with DBContext('w', None, True) as session:
session.query(Users).filter(Users.user_id == user_id).update(
{Users.last_ip: login_ip})
self.set_secure_cookie("nickname", user_info.nickname)
self.set_secure_cookie("username", user_info.username)
self.set_secure_cookie("user_id", str(user_info.user_id))
self.set_cookie('auth_key', auth_key, expires_days=1)
### 后端权限写入缓存
my_verify = MyVerify(user_id)
my_verify.write_verify()
### 前端权限写入缓存
get_user_rules(user_id)
return self.write(
dict(code=0,
auth_key=auth_key.decode(encoding="utf-8"),
username=user_info.username,
nickname=user_info.nickname,
next_url=next_url,
msg='登录成功'))
