def UpdatePassword(request):#更新密码
RequestLogRecord(request, request_api="update_password")
if request.method == "POST":
try:
UserName=json.loads(request.body)["username"]
OldPasswd=json.loads(request.body)["old_passwd"]
NewPasswd = json.loads(request.body)["new_passwd"]
VerificationCodeKey = json.loads(request.body)["verification_code_key"]#获取验证码关联的KEY
Code = json.loads(request.body)["verification_code"].lower()#获取验证码
if VerificationCodeKey!=None and Code!=None:#判断传入数据不为空
VerificationCodeResult=VerificationCode().Query(code=Code,verification_code_key=VerificationCodeKey)#获取判断
if VerificationCodeResult:#如果为真,进行登录验证
Md5NewPasswd = Md5Encryption().Md5Result(NewPasswd) # 对新密码加密
Md5OldPasswd = Md5Encryption().Md5Result(OldPasswd) # 对旧密码加密
UpdatePassword=UserInfo().UpdatePasswd(name=UserName,old_passwd=Md5OldPasswd,new_passwd=Md5NewPasswd)
if UpdatePassword:
UserOperationLogRecord(request, request_api="update_password", uid=UserName)#如果修改成功写入数据库中
return JsonResponse({'message': '好耶!修改成功~', 'code': 200, })
else:
return JsonResponse({'message': "输入信息有误重新输入", 'code': 404, })
else:
return JsonResponse({'message': "验证码错误或者过期!", 'code': 503, })
else:
return JsonResponse({'message': "验证码或者验证码秘钥不能为空!", 'code': 504, })
except Exception as e:
ErrorLog().Write("Web_BasicFunctions_User_UpdatePassword(def)", e)
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def UpdatePassword(request): #更新密码
RequestLogRecord(request, request_api="update_password")
if request.method == "POST":
try:
UserName = json.loads(request.body)["username"]
OldPasswd = json.loads(request.body)["old_passwd"]
NewPasswd = json.loads(request.body)["new_passwd"]
Md5NewPasswd = Md5Encryption().Md5Result(NewPasswd) # 对新密码加密
Md5OldPasswd = Md5Encryption().Md5Result(OldPasswd) # 对旧密码加密
UpdatePassword = UserInfo().UpdatePasswd(name=UserName,
old_passwd=Md5OldPasswd,
new_passwd=Md5NewPasswd)
if UpdatePassword:
UserOperationLogRecord(request,
request_api="update_password",
uid=UserName) #如果修改成功写入数据库中
return JsonResponse({
'message': '修改成功~',
'code': 200,
})
else:
return JsonResponse({
'message': "输入信息有误重新输入",
'code': 404,
})
except Exception as e:
ErrorLog().Write("Web_Api_User_UpdatePassword(def)", e)
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def Login(request):#用户登录,每次登录成功都会刷新一次Token
RequestLogRecord(request, request_api="login")
if request.method == "POST":
try:
Username=json.loads(request.body)["username"]
Passwd=json.loads(request.body)["passwd"]
Md5Passwd=Md5Encryption().Md5Result(Passwd)#对密码加密
UserLogin=UserInfo().UserLogin(Username,Md5Passwd)
if UserLogin is None:
return JsonResponse({'message': '账号或密码错误', 'code': 604, })
else:
while True:#如果查询确实冲突了
Token = randoms().result(250)
QueryTokenValidity = UserInfo().QueryTokenValidity(Token)#用来查询Token是否冲突了
if not QueryTokenValidity:#如果不冲突的话跳出循环
break
UpdateToken=UserInfo().UpdateToken(name=Username, token=Token)#接着更新Token
if UpdateToken:#如果更新成功了
Uid = UserInfo().QueryUidWithToken(Token) # 查询UID
UserOperationLogRecord(request, request_api="login", uid=Uid)
return JsonResponse({'message': Token, 'code': 200, })
except Exception as e:
ErrorLog().Write("Web_Api_User_LogIn(def)", e)
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def ForgetPassword(request):#忘记密码接口
RequestLogRecord(request, request_api="forget_password")
if request.method == "POST":
try:
Key = json.loads(request.body)["key"]
Name = json.loads(request.body).get("name")
NewPasswd = json.loads(request.body).get("new_passwd")
Email = json.loads(request.body).get("email")
VerificationCodeKey = json.loads(request.body)["verification_code_key"]#获取验证码关联的KEY
Code = json.loads(request.body)["verification_code"].lower()#获取验证码
if VerificationCodeKey!=None and Code!=None:#判断传入数据不为空
VerificationCodeResult=VerificationCode().Query(code=Code,verification_code_key=VerificationCodeKey)#获取判断
if VerificationCodeResult:#如果为真,进行登录验证
if forgot_password_function_status: # 查看状态是否关闭
if Key==forget_password_key:#如果传入的key相等
Md5Passwd = Md5Encryption().Md5Result(NewPasswd) # 进行加密
ChangePasswordResult=UserInfo().ForgetPassword(name=Name,new_passwd=Md5Passwd,email=Email)#进行修改密码
if ChangePasswordResult:#如果修改成功
return JsonResponse({'message': "修改成功啦~建议去配置文件中关闭忘记密码功能哦~", 'code': 200, })
else:
return JsonResponse({'message': "这个数据你是认真的嘛(。﹏。)", 'code': 501, })
else:
return JsonResponse({'message': "大黑阔别乱搞,莎莎好怕怕(*/ω\*)", 'code': 404, })
else:
return JsonResponse({'message': "小宝贝你没有开启忘记密码功能哦(๑•̀ㅂ•́)و✧", 'code': 403, })
else:
return JsonResponse({'message': "验证码错误或者过期!", 'code': 503, })
else:
return JsonResponse({'message': "验证码或者验证码秘钥不能为空!", 'code': 504, })
except Exception as e:
ErrorLog().Write("Web_BasicFunctions_User_RequestLogRecord(def)", e)
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def Login(request):#用户登录,每次登录成功都会刷新一次Token
RequestLogRecord(request, request_api="login")
if request.method == "POST":
try:
Username=json.loads(request.body)["username"]
Passwd=json.loads(request.body)["passwd"]
VerificationCodeKey = json.loads(request.body)["verification_code_key"]#获取验证码关联的KEY
Code = json.loads(request.body)["verification_code"].lower()#获取验证码,把验证码全部转换成小写
Md5Passwd=Md5Encryption().Md5Result(Passwd)#对密码加密
if VerificationCodeKey!=None and Code!=None:#判断传入数据不为空
VerificationCodeResult=VerificationCode().Query(code=Code,verification_code_key=VerificationCodeKey)#获取判断
if VerificationCodeResult:#如果为真,进行登录验证
UserLogin=UserInfo().UserLogin(Username,Md5Passwd)
if UserLogin is None:
return JsonResponse({'message': '账号或密码错误', 'code': 604, })
else:
while True:#如果查询确实冲突了
Token = randoms().result(250)
QueryTokenValidity = UserInfo().QueryTokenValidity(Token)#用来查询Token是否冲突了
if not QueryTokenValidity:#如果不冲突的话跳出循环
break
UpdateToken=UserInfo().UpdateToken(name=Username, token=Token)#接着更新Token
if UpdateToken:#如果更新成功了
Uid = UserInfo().QueryUidWithToken(Token) # 查询UID
UserOperationLogRecord(request, request_api="login", uid=Uid)
return JsonResponse({'message': Token, 'code': 200, })
else:
return JsonResponse({'message': "验证码错误或者过期!", 'code': 503, })
else:
return JsonResponse({'message': "验证码或者验证码秘钥不能为空!", 'code': 504, })
except Exception as e:
ErrorLog().Write("Web_BasicFunctions_User_LogIn(def)", e)
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def response(self, flow: http.HTTPFlow):
self.authenticate(flow)
if not self.Auth:
flow.response.set_text("请进行代理认证")#修改返回值 需要字符串类型
return 0
else:
self.Username, self.Password = self.Auth
#账号密码认证
self.request(flow)
self.ResponseDateString = flow.response.text #获取返回值结果 结果类型是字符串
self.ResponseDateBytes = flow.response.content # 获取返回值结果 结果类型是bytes二进制
self.ResponseStatusCode = flow.response.status_code # 状态码
self.ResponseHeaders = {} # 请求头数据
for i in flow.response.headers: # 对数据进行处理后存储到RequestHeaders中
self.ResponseHeaders.update({i: flow.response.headers[i]})
self.Md5Password=Md5Encryption().Md5Result(self.Password)#对密码进行MD5加密
ProxyAuthenticationResult=ProxyScanList().ProxyAuthentication(proxy_username=self.Username,proxy_password=self.Md5Password)#对数据进行校检
if ProxyAuthenticationResult==None:
flow.response.set_text("账号或密码错误~") # 认证失败
return 0
else:
OriginalProxyData().Write(uid=ProxyAuthenticationResult["uid"],sid=ProxyAuthenticationResult["sid"],url=base64.b64encode(self.RequestUrl.encode(encoding="utf-8")),request_headers=base64.b64encode(str(self.RequestHeaders).encode(encoding="utf-8")),request_date=self.RequestMethod,request_method=base64.b64encode(self.RequestDate.encode(encoding="utf-8")),
response_headers=str(self.ResponseHeaders).encode(encoding="utf-8"),response_status_code=self.ResponseStatusCode,response_date_string=self.ResponseDateString.encode(encoding="utf-8"),response_date_bytes=str(self.ResponseDateBytes).encode(encoding="utf-8"))
def CreateProxyScanProject(request):#创建代理扫描项目
RequestLogRecord(request, request_api="create_proxy_scan_project")
if request.method == "POST":
try:
Token=json.loads(request.body)["token"]
ProxyProjectName=json.loads(request.body)["proxy_project_name"]
ProxyUsername=json.loads(request.body)["proxy_username"]
ProxyPassword=json.loads(request.body)["proxy_password"]
EndTime=json.loads(request.body)["end_time"]
Uid = UserInfo().QueryUidWithToken(Token) #通过Token来查用户
if Uid != None: # 查到了UID
UserOperationLogRecord(request, request_api="create_proxy_scan_project", uid=Uid)
#还需要查询项目名是否冲突
QueryTheResultOfTheProxyProjectName=ProxyScanList().QueryProxyProjectName(uid=Uid, proxy_project_name=ProxyProjectName,proxy_username=ProxyUsername)#进行代理扫描项目查询,判断是否已经存在该项目
if QueryTheResultOfTheProxyProjectName==False:
Md5ProxyPassword = Md5Encryption().Md5Result(ProxyPassword) # 对密码进行MD5加密
ProxyScanList().Write(uid=Uid,end_time=EndTime,proxy_project_name=ProxyProjectName,proxy_username=ProxyUsername,proxy_password=Md5ProxyPassword)#写入表中
return JsonResponse({'message': '小宝贝!创建成功了呢~', 'code': 200, })
else:
return JsonResponse({'message': '代理扫描项目创建失败!', 'code': 403, })
else:
return JsonResponse({'message': "🐻弟你Token不对劲诶?", 'code': 404, })
except Exception as e:
ErrorLog().Write("Web_Api_ProxyScan_CreateProxyScanProject(def)", e)
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
#查询代理扫描项目
def Registered(request):
RequestLogRecord(request, request_api="registered")
if request.method == "POST":
try:
ShowName = json.loads(request.body).get("show_name")
Username=json.loads(request.body).get("username")
Passwd=json.loads(request.body).get("passwd")
Email=json.loads(request.body).get("email")
Key = json.loads(request.body).get("key")
VerificationCodeKey = json.loads(request.body)["verification_code_key"]#获取验证码关联的KEY
Code = json.loads(request.body)["verification_code"].lower()#获取验证码
if VerificationCodeKey!=None and Code!=None:#判断传入数据不为空
VerificationCodeResult=VerificationCode().Query(code=Code,verification_code_key=VerificationCodeKey)#获取判断
if VerificationCodeResult:#如果为真,进行登录验证
if registration_function_status:#判断是否开启注册功能
if len(ShowName.strip("\r\n"))==0 or len(Username.strip("\r\n"))==0 or len(Passwd.strip("\r\n"))==0 or len(Email.strip("\r\n"))==0 or len(Key.strip("\r\n"))==0:#验证数据不为空
return JsonResponse({'message': '宝贝数据呢?💚', 'code': 666, })
else:
if Key==secret_key_required_for_account_registration:#判断是否符合注册值
VerifyUsername=UserInfo().VerifyUsername(Username)
VerifyEmail=UserInfo().VerifyEmail(Email)
if VerifyUsername or VerifyEmail:
return JsonResponse({'message': '用户名或邮箱已存在', 'code': 604, })
elif (VerifyUsername is None)or(VerifyEmail is None):
return JsonResponse({'message': '报错了🙄', 'code': 404, })
elif not VerifyUsername or not VerifyEmail:
Token=randoms().result(250)
Uid = randoms().result(100)#生成随机数,用户UID
Key = randoms().result(40) #生成key值
DomainNameSystemLogKey = randoms().LowercaseAndNumbers(5) # 生成DNSLOGkey值
Md5Passwd=Md5Encryption().Md5Result(Passwd)#进行加密
UserWrite=UserInfo().Write(name=Username, show_name=ShowName, token=Token, passwd=Md5Passwd,
email=Email, uid=Uid,key=Key,avatar="admin.jpg")
DomainNameSystemLogKeyword().Write(uid=Uid,key=DomainNameSystemLogKey)
if UserWrite:
return JsonResponse({'message': '注册成功', 'code': 200, })
elif UserWrite is None:
return JsonResponse({'message': '未知错误', 'code': 400, })
else:
return JsonResponse({'message': '注册失败', 'code': 603, })
else:
return JsonResponse({'message': '小宝贝这是非法注册哦(๑•̀ㅂ•́)و✧', 'code': 403, })
else:
return JsonResponse({'message': '小宝贝你没有开启注册功能哦!!', 'code': 503, })
else:
return JsonResponse({'message': "验证码错误或者过期!", 'code': 504, })
else:
return JsonResponse({'message': "验证码或者验证码秘钥不能为空!", 'code': 505, })
except Exception as e:
ErrorLog().Write("Web_BasicFunctions_Registered_Registered(def)", e)
return JsonResponse({'message': '自己去看报错日志!', 'code': 169, })
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def ForgetPassword(request):#忘记密码接口
RequestLogRecord(request, request_api="forget_password")
if request.method == "POST":
try:
Key = json.loads(request.body)["key"]
Name = json.loads(request.body).get("name")
NewPasswd = json.loads(request.body).get("new_passwd")
Email = json.loads(request.body).get("email")
if forgot_password_function_status: # 查看状态是否关闭
if Key==forget_password_key:#如果传入的key相等
Md5Passwd = Md5Encryption().Md5Result(NewPasswd) # 进行加密
ChangePasswordResult=UserInfo().ForgetPassword(name=Name,new_passwd=Md5Passwd,email=Email)#进行修改密码
if ChangePasswordResult:#如果修改成功
return JsonResponse({'message': "修改成功啦~建议去配置文件中关闭忘记密码功能哦~", 'code': 200, })
else:
return JsonResponse({'message': "这个数据你是认真的嘛(。﹏。)", 'code': 503, })
else:
return JsonResponse({'message': "大黑阔别乱搞,莎莎好怕怕(*/ω\*)", 'code': 404, })
else:
return JsonResponse({'message': "小宝贝你没有开启忘记密码功能哦(๑•̀ㅂ•́)و✧", 'code': 403, })
except Exception as e:
ErrorLog().Write("Web_Api_User_RequestLogRecord(def)", e)
else:
return JsonResponse({'message': '请使用Post请求', 'code': 500, })
def Registered(request):
RequestLogRecord(request, request_api="registered")
if request.method == "POST":
try:
ShowName = json.loads(request.body).get("show_name")
Username = json.loads(request.body).get("username")
Passwd = json.loads(request.body).get("passwd")
Email = json.loads(request.body).get("email")
if len(ShowName.strip("\r\n")) == 0 or len(
Username.strip("\r\n")) == 0 or len(
Passwd.strip("\r\n")) == 0 or len(
Email.strip("\r\n")) == 0: #验证数据不为空
return JsonResponse({
'message': '宝贝数据呢?💚',
'code': 666,
})
else:
VerifyUsername = UserInfo().VerifyUsername(Username)
VerifyEmail = UserInfo().VerifyEmail(Email)
if VerifyUsername or VerifyEmail:
return JsonResponse({
'message': '用户名或邮箱已存在',
'code': 604,
})
elif (VerifyUsername is None) or (VerifyEmail is None):
return JsonResponse({
'message': '报错了🙄',
'code': 404,
})
elif not VerifyUsername or not VerifyEmail:
Token = randoms().result(250)
Md5Passwd = Md5Encryption().Md5Result(Passwd) #进行加密
UserWrite = UserInfo().Write(name=Username,
show_name=ShowName,
token=Token,
passwd=Md5Passwd,
email=Email,
img_path="img_path")
if UserWrite:
return JsonResponse({
'message': '注册成功',
'code': 200,
})
elif UserWrite is None:
return JsonResponse({
'message': '未知错误',
'code': 400,
})
else:
return JsonResponse({
'message': '注册失败',
'code': 603,
})
except Exception as e:
ErrorLog().Write("Web_Api_Registered_Registered(def)", e)
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def Registered(request):
RequestLogRecord(request, request_api="registered")
if request.method == "POST":
try:
ShowName = json.loads(request.body).get("show_name")
Username = json.loads(request.body).get("username")
Passwd = json.loads(request.body).get("passwd")
Email = json.loads(request.body).get("email")
Key = json.loads(request.body).get("key")
if registration_function_status: #判断是否开启注册功能
if len(ShowName.strip("\r\n")) == 0 or len(
Username.strip("\r\n")) == 0 or len(
Passwd.strip("\r\n")) == 0 or len(
Email.strip("\r\n")) == 0 or len(
Key.strip("\r\n")) == 0: #验证数据不为空
return JsonResponse({
'message': '宝贝数据呢?💚',
'code': 666,
})
else:
if Key == secret_key_required_for_account_registration: #判断是否符合注册值
VerifyUsername = UserInfo().VerifyUsername(Username)
VerifyEmail = UserInfo().VerifyEmail(Email)
if VerifyUsername or VerifyEmail:
return JsonResponse({
'message': '用户名或邮箱已存在',
'code': 604,
})
elif (VerifyUsername is None) or (VerifyEmail is None):
return JsonResponse({
'message': '报错了🙄',
'code': 404,
})
elif not VerifyUsername or not VerifyEmail:
Token = randoms().result(250)
Md5Passwd = Md5Encryption().Md5Result(
Passwd) #进行加密
UserWrite = UserInfo().Write(name=Username,
show_name=ShowName,
token=Token,
passwd=Md5Passwd,
email=Email,
avatar="admin.jpg")
if UserWrite:
return JsonResponse({
'message': '注册成功',
'code': 200,
})
elif UserWrite is None:
return JsonResponse({
'message': '未知错误',
'code': 400,
})
else:
return JsonResponse({
'message': '注册失败',
'code': 603,
})
else:
return JsonResponse({
'message': '小宝贝这是非法注册哦(๑•̀ㅂ•́)و✧',
'code': 403,
})
else:
return JsonResponse({
'message': '小宝贝你没有开启注册功能哦!!',
'code': 503,
})
except Exception as e:
ErrorLog().Write("Web_Api_Registered_Registered(def)", e)
else:
return JsonResponse({
'message': '请使用Post请求',
'code': 500,
})
def response(self, flow: http.HTTPFlow):
self.authenticate(flow)
if not self.Auth:
flow.response.set_text("请进行代理认证") #修改返回值 需要字符串类型
return 0
else:
self.Username, self.Password = self.Auth
#账号密码认证
self.request(flow)
self.ResponseDateString = flow.response.text #获取返回值结果 结果类型是字符串
self.ResponseDateBytes = flow.response.content # 获取返回值结果 结果类型是bytes二进制
self.ResponseStatusCode = flow.response.status_code # 状态码
self.ResponseHeaders = {} # 请求头数据
for i in flow.response.headers: # 对数据进行处理后存储到RequestHeaders中
self.ResponseHeaders.update({i: flow.response.headers[i]})
self.Md5Password = Md5Encryption().Md5Result(
self.Password) #对密码进行MD5加密
ProxyAuthenticationResult = ProxyScanList().ProxyAuthentication(
proxy_username=self.Username,
proxy_password=self.Md5Password) #对数据进行校检
if ProxyAuthenticationResult == None:
flow.response.set_text("账号或密码错误~") # 认证失败
return 0
else:
#进行判断的ProxyTempUrl类使用判断的URL是正则处理过的,而记录到OriginalProxyData类中的URL是未处理过的
RequestUrl = str(
bytes.decode(
self.RequestUrl.encode(encoding="utf-8"))) #转换成字符型
try:
UrlRegularMatchingProcessing = re.search(
r'http[s]?://(.*)?/', RequestUrl,
re.I).group(0) #对URL进行提取处理
if UrlRegularMatchingProcessing != None: #进行判断匹配结果
ScanExecutionTime = ProxyTempUrl().Query(
uid=ProxyAuthenticationResult["uid"],
proxy_temp_url=UrlRegularMatchingProcessing,
proxy_id=ProxyAuthenticationResult["proxy_id"]
) #先进行查询如果查到数据进行时间匹配
if ScanExecutionTime == None: #表示没有数据
RedisTask = ProxyScan.delay(
UrlRegularMatchingProcessing,
bytes.decode(
str(self.RequestHeaders).encode(
encoding="utf-8")),
Uid=ProxyAuthenticationResult["uid"],
ActiveScanId="0") #由于代理扫描没有ActiveScanId值所以全局使用0
OriginalProxyData().Write(
uid=ProxyAuthenticationResult["uid"],
proxy_id=ProxyAuthenticationResult["proxy_id"],
url=RequestUrl,
request_headers=base64.b64encode(
str(self.RequestHeaders).encode(
encoding="utf-8")),
request_date=self.RequestMethod,
request_method=base64.b64encode(
self.RequestDate.encode(encoding="utf-8")),
response_headers=str(
self.ResponseHeaders).encode(encoding="utf-8"),
response_status_code=self.ResponseStatusCode,
response_date_string=self.ResponseDateString.
encode(encoding="utf-8"),
response_date_bytes=str(
self.ResponseDateBytes).encode(
encoding="utf-8"),
redis_id=RedisTask.task_id)
ProxyTempUrl().Write(
uid=ProxyAuthenticationResult["uid"],
redis_id=RedisTask.task_id,
proxy_temp_url=UrlRegularMatchingProcessing,
proxy_id=ProxyAuthenticationResult["proxy_id"])
else: #有数据的话进行计算
TimeDifferencestr = int(time.time()) - int(
ScanExecutionTime) #计算时间差
if TimeDifferencestr > agent_scan_interval: #如果间隔超过定义时间就从新下发到任务中
RedisTask = ProxyScan.delay(
UrlRegularMatchingProcessing,
bytes.decode(
str(self.RequestHeaders).encode(
encoding="utf-8")),
Uid=ProxyAuthenticationResult["uid"],
ActiveScanId="0"
) # 由于代理扫描没有ActiveScanId值所以全局使用0
OriginalProxyData().Write(
uid=ProxyAuthenticationResult["uid"],
proxy_id=ProxyAuthenticationResult["proxy_id"],
url=RequestUrl,
request_headers=base64.b64encode(
str(self.RequestHeaders).encode(
encoding="utf-8")),
request_date=self.RequestMethod,
request_method=base64.b64encode(
self.RequestDate.encode(encoding="utf-8")),
response_headers=str(
self.ResponseHeaders).encode(
encoding="utf-8"),
response_status_code=self.ResponseStatusCode,
response_date_string=self.ResponseDateString.
encode(encoding="utf-8"),
response_date_bytes=str(
self.ResponseDateBytes).encode(
encoding="utf-8"),
redis_id=RedisTask.task_id)
ProxyTempUrl().Write(
uid=ProxyAuthenticationResult["uid"],
redis_id=RedisTask.task_id,
proxy_temp_url=UrlRegularMatchingProcessing,
proxy_id=ProxyAuthenticationResult["proxy_id"])
except Exception as e:
pass