def admin_sync_domain_waf_conf(request): """管理员同步域名waf配置信息""" msg = '' status = False provider = 'QINGSONG' res = { 'status': status, 'msg': msg } domain_id = request.POST.get('domain_id', '') # domain_id = 8 try: domain_obj = Domain.objects.filter(id=domain_id).first() if not domain_obj: msg = af.DOMAIN_NOT_EXIST assert False channel = '%s://%s' % (domain_obj.protocol, domain_obj.domain) body = { 'channel': channel, } api_res = APIUrl.post_link('sync_domain_waf_conf', body) message = api_res[provider].get('message', 'success') msg = '' if message == 'success' else message if api_res[provider]['return_code'] == 0: """ { 'domain': 'itest.chinacache.com', 'access_type': '2', 'access_point': '广州', 'access_point_cname': 'cc-waf-gz.ccgslb.com.cn', 'confirm_cdn_preload': True, 'confirm_cdn_http_layered': True, 'confirm_cdn_https_layered': True, 'status': 4, 'source_is_ip': True, 'source_addr': '223.202.202.15', 'port': '80', 'ssl_status': 1, 'cert_id': '333330', 'return_code': 0, 'cert_name': 'mzr_delete_final_1_2211', 'default_waf_mode': 2, 'self_waf_mode': 1 } """ waf_conf = api_res[provider] provider_obj = Provider.objects.filter(code=provider).first() waf_conf['provider_name'] = provider_obj.name waf_conf['provider_name'] = provider_obj.name res['waf_conf'] = waf_conf status = True except Exception as e: print(traceback.format_exc()) res['msg'] = _(msg) res['msg'] = msg res['status'] = status return json_response(res)
def admin_set_domain_waf_conf(request): """管理员设置waf 基本配置 update = { 'domain': '域名', 'access_point': '接入点', 'access_point_cname': '接入点对应cname', 'access_type': 'waf接入方式 目前是 2', 'src_type': '1 ip回源 & 2 域名回源', 'src_address': '回源值 域名回源就是域名,ip回源就是ip', 'src_port': '回源端口', 'src_host': '回源host', 'ssl_status': '是否启用https', 'cert_name': '证书名称', 'default_waf_mode': '默认规则防御模式', 'self_waf_mode': '自定义规则防御模式', } """ msg = '' status = False provider = 'QINGSONG' res = { 'status': status, 'msg': msg } domain_id = request.POST.get('domain_id', '') short_name = request.POST.get('short_name', '') access_type = request.POST.get('access_type', '2') src_type = request.POST.get('src_type', '2') src_address = request.POST.get('src_address', '') src_port = request.POST.get('src_port', '') src_host = request.POST.get('src_host', '') ssl_status = request.POST.get('ssl_status', False) cert_id = request.POST.get('cert_id', '') default_waf_mode = request.POST.get('default_waf_mode', '') self_waf_mode = request.POST.get('self_waf_mode', '') # domain_id = 8 # short_name = 'GZ' # default_waf_mode = 3 # self_waf_mode = 0 try: domain_obj = Domain.objects.filter(id=domain_id).first() if not domain_obj: msg = af.DOMAIN_NOT_EXIST assert False domain = domain_obj.domain channel = '%s://%s' % (domain_obj.protocol, domain) body = { 'channel': channel, 'access_type': access_type, } if short_name: access_point = sf.ACCESS_POINT_CONF[short_name]['name'] access_point_cname = sf.ACCESS_POINT_CONF[short_name]['cname'] body['access_point'] = access_point body['access_point_cname'] = access_point_cname if src_address and src_type: src_type = int_check(src_type) if src_type is None: msg = af.PARAME_ERROR assert False if src_type == sf.SRC_TYPE_IP: if not is_ip(src_address): msg = af.PARAME_ERROR assert False elif src_type == sf.SRC_TYPE_DOMAIN: if not is_domain(src_address): msg = af.PARAME_ERROR body['src_type'] = src_type body['src_address'] = src_address if src_port: body['src_port'] = src_port if src_host: body['src_host'] = src_host if default_waf_mode: body['default_waf_mode'] = default_waf_mode if self_waf_mode: body['self_waf_mode'] = self_waf_mode if ssl_status: body['ssl_status'] = ssl_status if cert_id: body['cert_id'] = cert_id api_res = APIUrl.post_link('set_domain_waf_conf', body) if api_res[provider]['return_code'] == 0: status = True log_msg = om.EDIT_WAF_CONF % (request.user.username, domain) OperateLog.write_operate_log( request, om.SECURITY, log_msg) except Exception as e: print(e) res['msg'] = _(msg) res['status'] = status return json_response(res)
def admin_edit_parent_user(request): """修改父账号用户""" msg = '' status = False res = {'status': status, 'msg': msg} username = request.POST.get('username', '') company = request.POST.get('company', '') user_type = request.POST.get('user_type', '') linkman = request.POST.get('linkman', '') email = request.POST.get('email', '') mobile = request.POST.get('mobile', '') is_active = request.POST.get('is_active', '') password = request.POST.get('password', '') reset_password = request.POST.get('reset_password', '0') perm_list = request.POST.getlist('perm[]', []) try: check_user = UserProfile.objects.filter(username=username).first() if not check_user: msg = af.USER_NOT_EXIST assert False if is_active: is_active = int_check(is_active) if is_active is None: msg = af.PARAME_ERROR assert False check_user.is_active = True if is_active else False if password: check_user.set_password(password) if reset_password: reset_password = int_check(reset_password) check_user.reset_password = True if reset_password else False except AssertionError: res['msg'] = _(msg) return json_response(res) creator_username = request.user.username if company: check_user.company = company if user_type == 'is_parent': check_user.is_parent = True check_user.is_agent = False if user_type == 'is_agent': check_user.is_parent = False check_user.is_agent = True if linkman: check_user.linkman = linkman if email: check_user.email = email if mobile: check_user.mobile = mobile user_perm, is_new = PermUser.objects.get_or_create(user=check_user) if is_new: user_perm.save() user_perm.perm.clear() # check_user.product_list.clear() # check_user.strategy_list.clear() for perm_code in perm_list: PermUser.assign_perm(perm_code, check_user) if perm_code == 'client_cdn_menu': cdn_product = Product.objects.filter(code='CDN').first() cdn_strategy = Strategy.get_obj_from_property('CC', 'CDN', 'CDN') check_user.product_list.add(cdn_product) check_user.strategy_list.add(cdn_strategy) check_user.save() # elif perm_code == 'client_security_menu': # sec_product = Product.objects.filter(code='SECURITY').first() # sec_strategy = Strategy.get_obj_from_property( # 'QINGSONG', 'SECURITY', 'WAF') # check_user.product_list.add(sec_product) # check_user.strategy_list.add(sec_strategy) # check_user.save() check_user.save() log_msg = om.EDIT_USER % (creator_username, username) OperateLog.write_operate_log(request, om.ACCOUNTS, log_msg) status = True res['status'] = status return json_response(res)
def edit_parent_user(request): """修改父账号用户""" msg = '' status = False res = {'status': status, 'msg': msg} username = request.POST.get('username', '') company = request.POST.get('company', '') user_type = request.POST.get('user_type', '') linkman = request.POST.get('linkman', '') email = request.POST.get('email', '') mobile = request.POST.get('mobile', '') is_active = request.POST.get('is_active', '0') perm_list = request.POST.getlist('perm[]', '') try: check_user = UserProfile.objects.filter(username=username) if not check_user: msg = af.USER_NOT_EXIST assert False is_active = int_check(is_active) if is_active is None: msg = af.PARAME_ERROR assert False check_user.is_active = True if is_active else False except AssertionError: res['msg'] = msg return json_response(res) creator_username = request.user.username if company: check_user.company = company if user_type == 'is_parent': check_user.is_parent = True check_user.is_agent = False if user_type == 'is_agent': check_user.is_parent = False check_user.is_agent = True if linkman: check_user.linkman = linkman if email: check_user.email = email if mobile: check_user.mobile = mobile if perm_list: user_perm = PermUser.objects.filter(user=check_user) user_perm.delete() for perm_id in perm_list: PermUser.assign_perm(perm_id, check_user) check_user.save() log_msg = om.EDIT_USER % (creator_username, username) OperateLog.write_operate_log(request, om.ACCOUNTS, log_msg) status = True res['status'] = status return json_response(res)
def admin_cert_list(request): """管理员证书列表""" msg = '' status = False res = {'status': status, 'msg': msg} cert_name = request.POST.get('cert_name', '') status = request.POST.get('status', '[]') user_id = request.POST.get('user_id', '') # cert_name = 'xz_test_0009' # status = 1 try: status_list = handle_list(status) if not status_list: status_list = [ CertConf.CERT_CONDUCT, CertConf.CERT_SUCCESS, CertConf.CERT_FAIL, CertConf.CERT_TIMEOUT, CertConf.CERT_UPDATE ] body = { 'status': status_list, } if user_id: user_id = int_check(user_id) if user_id is None: msg = af.PARAME_ERROR assert False body['user_id'] = user_id if cert_name: body['cert_name'] = cert_name api_res = APIUrl.post_link('ssl_cert_query', body) return_code = api_res.get('return_code', 0) if return_code != 0: assert False result_list = api_res.get('cert_list', []) cert_list = [] for cert_info in result_list: # cert_info['cert_from'] = CertConf.cert_from_name( # cert_info['cert_from']) # # cert_info['status'] = CertConf.cert_status_name( # cert_info['status']) cert_list.append(cert_info) result_list = sorted(cert_list, key=lambda x: x['create_time'], reverse=True) check_msg, result_list, pagination = data_pagination( request, result_list) if check_msg: res['msg'] = check_msg return json_response(res) res['cert_list'] = result_list res['page_info'] = pagination status = True except Exception as e: print(e) res['msg'] = _(msg) res['status'] = status print(res) return json_response(res)
def client_cdn_edit_domain(request): """ 客户端修改cdn域名 """ msg = '' status = False res = {'status': status, 'msg': msg} user = request.user domain = request.POST.get('domain', '') cert_name = request.POST.get('cert_name', '') src_type = request.POST.get('src_type', '') src_value = request.POST.get('src_value', '') src_host = request.POST.get('src_host', '') src_back_type = request.POST.get('src_back_type', '') src_back_value = request.POST.get('src_back_value', '') ignore_cache_control = request.POST.get('ignore_cache_control', '0') ignore_query_string = request.POST.get('ignore_query_string', '0') cache_rule = request.POST.get('cache_rule', '[]') try: cache_rule = json.loads(cache_rule) if src_back_value and not src_back_type: msg = af.SRC_BACK_TYPE_EMPTY assert False check_domain = Domain.objects.filter(domain=domain).first() if not check_domain: assert False msg = af.DOMAIN_NOT_EXIST src_ips = [] src_domain = '' if src_type == CDNConf.SRC_IP: src_ips = src_value.split('\n') elif src_type == CDNConf.SRC_DOMAIN: src_domain = src_value if not src_host: src_host = domain src_back_ips = [] src_back_domain = '' if src_back_type == CDNConf.SRC_BACK_IP: src_back_ips = src_back_value.split('\n') elif src_back_type == CDNConf.SRC_BACK_DOMAIN: src_back_domain = src_back_value body = { 'user_id': user.id, 'domain': domain, 'cert_name': cert_name, 'src_type': src_type, 'src_ips': src_ips, 'src_domain': src_domain, 'src_host': src_host, 'src_back_type': src_back_type, 'src_back_ips': src_back_ips, 'src_back_domain': src_back_domain, 'ignore_cache_control': ignore_cache_control, 'ignore_query_string': ignore_query_string, 'cache_rule': cache_rule, } print(body) api_res = APIUrl.post_link('cdn_domain_edit', body) print(api_res) return_code = api_res.get('return_code', 0) if return_code != 0: assert False status = True log_msg = om.EDIT_CDN_DOMAIN % (user.username, user.username, domain) OperateLog.write_operate_log(request, om.ACCOUNTS, log_msg) except Exception as e: print(e) res['msg'] = _(msg) res['status'] = status return json_response(res)
def admin_create_sec_domain(request): """管理员添加安全域名""" msg = '' status = False res = { 'status': status, 'msg': msg } channel_info_list = request.POST.getlist('channel_info_list', []) user_id = request.POST.get('user_id', '') channel_info_list = json.loads(channel_info_list[0]) try: user_id = int_check(user_id) if user_id is None: msg = af.USER_NOT_EXIST assert False user = UserProfile.objects.filter(id=user_id).first() domain_info_list = [] for channel_info in channel_info_list: channel_name = channel_info.get('channel_name', '') url_info = urlparse(channel_name) domain = url_info.netloc protocol = url_info.scheme domain_info = { 'domain': domain, 'protocol': protocol, 'user_id': user_id, } domain_info_list.append(domain_info) body = { 'domain_info_list': domain_info_list } api_res = APIUrl.post_link('domain_create', body) api_res = api_res.get('result_list', False) if api_res: for i in api_res: domain = i.get('domain', '') protocol = i.get('protocol', '') insert_flag = i.get('insert_flag', '') if insert_flag: domain_obj, _ = Domain.objects.get_or_create( domain=domain, protocol=protocol, user=user) domain_obj.save() url = '%s://%s' % (protocol, domain) log_msg = om.CREATE_SECURITY_DOMAIN % (user.username, url) OperateLog.write_operate_log( request, om.SECURITY, log_msg) status = True except AssertionError: res['msg'] = _(msg) res['status'] = status return json_response(res)
def login(request): """用户登录""" res = { 'status': False, 'msg': '', 'menus': [] } username = request.POST.get('username', '') password = request.POST.get('password', '') pl = request.POST.get('pl', '0') pl = int(pl) key = request.POST.get('csrfmiddlewaretoken', '')[:16] vi = request.POST.get('csrfmiddlewaretoken', '')[-16:] error_msg = '' status = False url = '' try: if not username: error_msg = af.USERNAME_EMPTY assert False if not password: error_msg = af.PASSWORD_EMPTY assert False dec_password = decrypt_to(password, key, vi) password = dec_password[:pl] user = UserProfile.objects.filter(username=username).first() if user: user = authenticate(username=username, password=password) if not user: error_msg = af.USER_ERROR assert False if not user.is_active: error_msg = af.USER_NOT_ACTIVE assert False if user.reset_password: redirect_url = '/base/reset_password/page/' return HttpResponseRedirect(redirect_url) auth_login(request, user) OperateLog.write_operate_log( request, om.ACCOUNTS, om.LOGIN_SYSTEM) menus, perm_user = get_menu_tree(user) res['menus'] = menus res['perm_user'] = perm_user status = True else: assert False error_msg = af.USER_ERROR except AssertionError: res['msg'] = _(error_msg) res['status'] = status res['url'] = url print(res) return json_response(res)
def admin_cdn_user_list(request): """cdn用户列表""" msg = '' status = False res = {'status': status, 'msg': msg} id_or_username = request.POST.get('id_or_username', '') cms_username = request.POST.get('cms_username', '') cdn_product = Product.objects.filter(code='CDN').first() try: body = { 'username_list': [], 'cms_username': '', 'return_type': 'is_list', } user_query = cdn_product.user_product.all() if id_or_username: check_res = int_check(id_or_username) if check_res is None: user_query = user_query.filter(username=id_or_username) else: user_query = user_query.filter(id=check_res) cms_user_list = [] if user_query: body['username_list'] = [user.username for user in user_query] if cms_username: body['cms_username'] = cms_username api_res = APIUrl.post_link('user_query', body) api_user_query = api_res.get('user_query', {}) print(1111111, api_user_query) for i in api_user_query: username = i.get('username', '') user_id = i.get('user_id', 0) cms_username = i.get('cms_username', '') cdn_opt = i.get('cdn_opt', []) user_info = { 'user_id': user_id, 'username': username, 'cms_username': cms_username, 'cdn_opt': cdn_opt } cms_user_list.append(user_info) cms_user_list = sorted(cms_user_list, key=lambda x: x['user_id'], reverse=True) check_msg, cdn_user_list, pagination = data_pagination( request, cms_user_list) if check_msg: res['msg'] = check_msg return json_response(res) res['cdn_user_list'] = cdn_user_list res['page_info'] = pagination status = True except AssertionError: res['msg'] = _(msg) res['status'] = status return json_response(res)
def admin_cdn_status_code_data(request): """管理员查看状态码统计数据""" msg = '' status = False res = {'status': status, 'msg': msg} start_time = request.POST.get('start_time', 0) end_time = request.POST.get('end_time', 0) user_id = request.POST.get('user_id', '') domain_ids = request.POST.get('domain_list', '[]') opts = request.POST.get('opts', '[]') all_status_code = [] # 全部状态码数据 all_trend_result = [] status_code_table = [] trend_table = [] try: user_id = int_check(user_id) if user_id is None: msg = af.PARAME_ERROR assert False msg, start_time, end_time = handle_req_time(start_time, end_time) if msg: assert False domain_ids = handle_list(domain_ids, dec_int=True) if domain_ids: opts = handle_list(opts) domain_query = Domain.objects.filter(id__in=domain_ids) domain_list = [i.domain for i in domain_query] (all_status_code, opt_status_code, all_trend_result, all_trend_data, opt_trend_data) = get_domain_status_code(user_id, domain_list, start_time, end_time, opts) all_opt_status_code = copy.deepcopy(all_status_code) all_opt_status_code['opt'] = 'all' status_code_table.append(all_opt_status_code) for opt in opt_status_code: opt_data = copy.deepcopy(opt_status_code[opt]) opt_data['opt'] = opt status_code_table.append(opt_data) opt_ratio_data = {} for code in opt_status_code[opt]: opt_num = opt_status_code[opt][code] base_num = all_status_code.get(code, 0) opt_ratio = '%.4f' % (opt_num / base_num * 100 if base_num else 0) opt_ratio_data[code] = opt_ratio opt_ratio_data['opt'] = opt status_code_table.append(opt_ratio_data) trend_table = [] all_opt_trend_data = copy.deepcopy(all_trend_data) all_opt_trend_data['opt'] = 'all' trend_table.append(all_opt_trend_data) for opt in opt_trend_data: opt_data = copy.deepcopy(opt_trend_data[opt]) opt_data['opt'] = opt trend_table.append(opt_data) opt_ratio_data = {} for code in opt_trend_data[opt]: opt_num = opt_trend_data[opt][code] base_num = all_trend_data.get(code, 0) opt_ratio = '%.4f' % (opt_num / base_num * 100 if base_num else 0) opt_ratio_data[code] = opt_ratio opt_ratio_data['opt'] = opt trend_table.append(opt_ratio_data) status = True except Exception as e: print(e) res['msg'] = _(msg) res['all_status_code'] = all_status_code res['status_code_table'] = status_code_table res['all_trend_result'] = all_trend_result res['trend_table'] = trend_table res['status'] = status return json_response(res)
def admin_cdn_user_set_conf(request): """管理员设置cdn用户基本配置""" msg = '' status = False res = {'status': status, 'msg': msg} user = request.user user_id = request.POST.get('user_id', '') opt = request.POST.get('opt', '["CC"]') cc_cms_template_type = request.POST.get('cc_cms_template', '') cc_icp_check = request.POST.get('cc_icp_check', "0") base_cname = request.POST.get('base_cname', CDNConf.BASE_CNAME) # user_id = 93 # cc_cms_template_type = 2 # cc_icp_check = True # opt = ['CC'] # base_cname = '.ns.xgslb.com' try: opt = json.loads(opt) user_id = int_check(user_id) if user_id is None: assert False msg = af.PARAME_ERROR cc_icp_check = int_check(cc_icp_check) if cc_icp_check is None: assert False msg = af.PARAME_ERROR cc_cms_template_type = int_check(cc_cms_template_type) if cc_cms_template_type is None: assert False msg = af.PARAME_ERROR edit_user = UserProfile.objects.filter(id=user_id).first() if not edit_user: assert False msg = af.USER_NOT_EXIST fields = { 'cc_cms_template_type': cc_cms_template_type, 'cc_icp_check': cc_icp_check, 'cdn_opt': opt, 'base_cname': base_cname } body = { 'user_id': edit_user.id, 'username': edit_user.username, 'fields': fields, } res = APIUrl.post_link('update_user', body) return_code = res.get('return_code', 0) if return_code != 0: assert False status = True log_msg = om.SET_CDN_BASE_CONF % (user.username, edit_user.username) OperateLog.write_operate_log(request, om.ACCOUNTS, log_msg) except Exception as e: print(e) res['msg'] = _(msg) res['status'] = status return json_response(res)
def create_child_user(request): """创建子账号号用户""" msg = '' status = False res = {'status': status, 'msg': msg} username = request.POST.get('username', '') password = request.POST.get('password', '') is_api = request.POST.get('is_api', 0) reset_password = request.POST.get('reset_password', 0) email = request.POST.get('email', '') mobile = request.POST.get('mobile', '') remark = request.POST.get('remark', '') try: if not username: msg = af.USERNAME_EMPTY assert False check_user = UserProfile.objects.filter(username=username) if check_user: msg = af.USER_EXIST assert False if not password: msg = af.PASSWORD_EMPTY assert False is_api = int_check(is_api) if is_api is None: msg = af.PARAM_ERROR assert False reset_password = int_check(reset_password) if reset_password is None: msg = af.PARAM_ERROR assert False except AssertionError: res['msg'] = msg return json_response(res) if is_api: print('给api通信') identity = 'is_child' group = Group.objects.filter(id=GroupProfile.CUSTOMER_CHILD_ID) creator_username = request.user.username param = { 'username': username, 'password': password, 'group': group, 'identity': identity, 'email': email, 'mobile': mobile, 'remark': remark, 'reset_password': True if reset_password else False, 'creator_username': creator_username } user = create_user(**param) if not user: res['msg'] = af.PARAM_ERROR return json_response(res) log_msg = om.CREATE_USER % (creator_username, identity, username) OperateLog.write_operate_log(request, om.ACCOUNTS, log_msg) status = True res['status'] = status return json_response(res)
def login(request): """用户登录` 优先校验本地mysql 本地没有用户校验ldap系统 """ res = {'status': False, 'msg': '', 'menus': []} username = request.POST.get('username', '') password = request.POST.get('password', '') pl = request.POST.get('pl', '0') pl = int(pl) key = request.POST.get('csrfmiddlewaretoken', '')[:16] vi = request.POST.get('csrfmiddlewaretoken', '')[-16:] error_msg = '' status = False try: if not username: error_msg = af.USERNAME_EMPTY assert False if not password: error_msg = af.PASSWORD_EMPTY assert False dec_password = decrypt_to(password, key, vi) password = dec_password[:pl] user = UserProfile.objects.filter(username=username).first() if user: # cc 用户ldap登录 if user.is_staff: login_flag, msg = authorize(username, password) if not login_flag: error_msg = af.USER_ERROR assert False user.set_password(password) user.save() user = authenticate(username=username, password=password) auth_login(request, user) OperateLog.write_operate_log(request, om.ACCOUNTS, om.LOGIN_LDAP_SYSTEM) # 系统内置账号登录 else: user = authenticate(username=username, password=password) if user: if not user.is_active: error_msg = af.USER_NOT_ACTIVE assert False auth_login(request, user) OperateLog.write_operate_log(request, om.ACCOUNTS, om.LOGIN_SYSTEM) menus = get_menu_tree(user) res['menus'] = menus status = True else: assert False error_msg = af.USER_ERROR except AssertionError: res['msg'] = error_msg res['status'] = status return json_response(res)
def admin_upload_waf_cert(request): """管理员上传证书""" msg = '' status = False provider = 'QINGSONG' res = { 'status': status, 'msg': msg } domain_id = request.POST.get('domain_id', '') name = request.POST.get('name', '') key = request.POST.get('csrfmiddlewaretoken', '')[:16] vi = request.POST.get('csrfmiddlewaretoken', '')[-16:] cert_value = request.POST.get('cert_value', '') dec_cert_value = decrypt_to(cert_value, key, vi) cert_pl = request.POST.get('cert_pl', '0') key_value = request.POST.get('key_value', '') dec_key_value = decrypt_to(key_value, key, vi) key_pl = request.POST.get('key_pl', '0') try: if not name: msg = af.CERT_NAME_EMPTY assert False cert_pl = int_check(cert_pl) if cert_pl is None: msg = af.PARAME_ERROR assert False key_pl = int_check(key_pl) if key_pl is None: msg = af.PARAME_ERROR assert False cert_value = dec_cert_value[:cert_pl] key_value = dec_key_value[:key_pl] domain_obj = Domain.objects.filter(id=domain_id).first() if not domain_obj: msg = af.DOMAIN_NOT_EXIST assert False domain = domain_obj.domain channel = '%s://%s' % (domain_obj.protocol, domain) body = { 'channel': channel, 'name': name, 'cert': cert_value, 'key': key_value } api_res = APIUrl.post_link('waf_cert_upload', body) msg = api_res[provider]['message'] if api_res[provider]['return_code'] == 0: status = True cert_id = api_res[provider].get('data', {}).get('cert_id', '') res['cert_id'] = cert_id log_msg = om.UPLOAD_WAF_CERT % (request.user.username, name) OperateLog.write_operate_log( request, om.SECURITY, log_msg) res['msg'] = _(msg) except Exception as e: print(traceback.format_exc()) res['msg'] = _(msg) res['status'] = status return json_response(res)
def admin_get_sec_domain_list(request): """管理员查看安全域名""" msg = '' status = False res = { 'status': status, 'msg': msg } id_or_username = request.POST.get('id_or_username', '') cms_username = request.POST.get('cms_username', '') domain = request.POST.get('domain', '') try: body = { 'username_list': [], 'cms_username': '', 'return_type': 'is_dict' } sec_product = Product.objects.filter(code='SECURITY').first() user_query = sec_product.user_product.all() if id_or_username: check_res = int_check(id_or_username) if check_res is None: user_query = user_query.filter(username=id_or_username) else: user_query = user_query.filter(id=check_res) if user_query: body['username_list'] = [user.username for user in user_query] if cms_username: body['cms_username'] = cms_username user_ids = [] api_res = APIUrl.post_link('user_query', body) user_info_list = api_res.get('user_query', {}) if user_info_list: user_ids = [ user_info_list[i]['user_id'] for i in user_info_list] domain_query = Domain.objects.filter(user_id__in=user_ids) if domain: if domain.startswith('http'): protocol, record, domain = parseProtocolRecordDomain(domain) domain = f'{record}.{domain}' domain_query = Domain.objects.filter(domain__contains=domain) domain_query = domain_query.order_by('-id') domain_name_list = [] if domain_query: domain_name_list = [i.domain for i in domain_query] body = { 'domain_list': domain_name_list } api_res = APIUrl.post_link('domain_query', body) api_domain_query = api_res.get('domain_query', []) domain_dict_list = [] for domain_obj in domain_query: url = '%s://%s' % (domain_obj.protocol, domain_obj.domain) if url not in api_domain_query: continue domain_info = api_domain_query.get(url, {}) user_id = domain_info.get('user_id') user = UserProfile.objects.filter(id=user_id).first() username = user.username cms_username = '' if username in user_info_list: cms_username = user_info_list.get( username, {}).get('cms_username', '') # waf 服务判断 is_waf = 0 strategy_waf = domain_info.get('waf', []) if strategy_waf: is_waf = 1 domain_dict = { 'user_id': user_id, 'username': username, 'WAF': is_waf, 'domain_id': domain_obj.id, 'channel_name': url, 'cms_username': cms_username } if is_waf: #---get domain status info. ''' 0:显示“开通waf” 1:显示“待审核” 2:显示“审核不通过” 3:显示“配置”+“统计” ''' status_from_api = APIUrl.post_link('get_domain_status', {'channel': url}) if status_from_api['return_code'] == 0: channel_status = status_from_api['data'].get('status', 0) domain_dict['WAF'] = channel_status else: print(f'admin_get_sec_domain_list[get_domain_status api error.] channel: {url}') domain_dict_list.append(domain_dict) check_msg, domain_dict_list, pagination = data_pagination( request, domain_dict_list) if check_msg: res['msg'] = _(check_msg) return json_response(res) res['domain_list'] = domain_dict_list res['page_info'] = pagination status = True except Exception: print(traceback.format_exc()) res['status'] = status return json_response(res)
def admin_domain_waf_set_cdn(request): """管理员设置cdn""" msg = '' status = False res = { 'status': status, 'msg': msg } domain_id = request.POST.get('domain_id', '') switch = request.POST.get('switch', '') confirm_cdn_preload = request.POST.get('confirm_cdn_preload', 0) confirm_cdn_http_layered = request.POST.get('confirm_cdn_http_layered', 0) confirm_cdn_https_layered = request.POST.get('confirm_cdn_https_layered', 0) # domain_id = 8 # switch = 0 # confirm_cdn_preload = 1 # confirm_cdn_http_layered = 1 # confirm_cdn_https_layered = 1 try: domain_obj = Domain.objects.filter(id=domain_id).first() if not domain_obj: msg = af.DOMAIN_NOT_EXIST assert False domain = domain_obj.domain switch = int_check(switch) if switch is None: msg = af.PARAME_ERROR assert False confirm_cdn_preload = int_check(confirm_cdn_preload) if confirm_cdn_preload is None: msg = af.PARAME_ERROR assert False confirm_cdn_http_layered = int_check(confirm_cdn_http_layered) if confirm_cdn_http_layered is None: msg = af.PARAME_ERROR assert False confirm_cdn_https_layered = int_check(confirm_cdn_https_layered) if confirm_cdn_https_layered is None: msg = af.PARAME_ERROR assert False body = { 'domain': domain, 'switch': switch, 'confirm_cdn_preload': True if confirm_cdn_preload else False, 'confirm_cdn_http_layered': True if confirm_cdn_http_layered else False, 'confirm_cdn_https_layered': True if confirm_cdn_https_layered else False, } api_res = APIUrl.post_link('domain_waf_set_cdn', body) if api_res['return_code'] == 0: status = True switch_name = '开启' if switch else '关闭' log_msg = om.SET_WAF_CDN_STATUS % ( request.user.username, domain, switch_name) OperateLog.write_operate_log( request, om.SECURITY, log_msg) except AssertionError: res['msg'] = _(msg) res['status'] = status return json_response(res)
def admin_sec_user_list(request): """安全用户列表""" msg = '' status = False res = { 'status': status, 'msg': msg } id_or_username = request.POST.get('id_or_username', '') cms_username = request.POST.get('cms_username', '') sec_product = Product.objects.filter(code='SECURITY').first() try: body = { 'username_list': [], 'cms_username': '', 'return_type': 'is_list', } user_query = sec_product.user_product.all() if id_or_username: check_res = int_check(id_or_username) if check_res is None: user_query = user_query.filter(username=id_or_username) else: user_query = user_query.filter(id=check_res) body['username_list'] = [user.username for user in user_query] if cms_username: body['cms_username'] = cms_username api_res = APIUrl.post_link('user_query', body) api_user_query = api_res.get('user_query', {}) cms_user_list = [] for i in api_user_query: username = i.get('username', '') user_id = i.get('user_id', 0) cms_username = i.get('cms_username', '') if not cms_username: continue user = user_query.filter(id=user_id).first() if not user: continue domain_num = Domain.objects.filter(user=user).count() user_info = { 'user_id': user_id, 'username': username, 'cms_username': cms_username, 'domain_num': domain_num } cms_user_list.append(user_info) cms_user_list = sorted( cms_user_list, key=lambda x: x['user_id'], reverse=True) check_msg, sec_user_list, pagination = data_pagination( request, cms_user_list) if check_msg: res['msg'] = check_msg return json_response(res) res['sec_user_list'] = sec_user_list res['page_info'] = pagination status = True except AssertionError: res['msg'] = _(msg) res['status'] = status return json_response(res)
def admin_cert_create_or_edit(request): """管理员证书上传与修改""" msg = '' status = False res = {'status': status, 'msg': msg} cert_name = request.POST.get('cert_name', '') username = request.POST.get('username', '') remark = request.POST.get('remark', '') email = request.POST.get('email', '') cert_from = request.POST.get('cert_from', 0) period = request.POST.get('period', 0) is_update = request.POST.get('is_update', 0) key = request.POST.get('csrfmiddlewaretoken', '')[:16] vi = request.POST.get('csrfmiddlewaretoken', '')[-16:] cert_value = request.POST.get('cert_value', '') dec_cert_value = decrypt_to(cert_value, key, vi) cert_pl = request.POST.get('cert_pl', '0') key_value = request.POST.get('key_value', '') dec_key_value = decrypt_to(key_value, key, vi) key_pl = request.POST.get('key_pl', '0') # cert_name = 'xz_test_0009' # username = '******' # remark = '备注备注' # email = '*****@*****.**' # cert_value = '--------字符串省略' # key_value = '--------字符串省略' # cert_from = 0 # period = 0 # is_update = 0 try: if not cert_name: msg = af.CERT_NAME_EMPTY assert False if not username: msg = af.USER_NOT_EXIST assert False if not email: msg = af.CERT_EMAIL_EMPTY assert False if period: period = int_check(period) if period is None: msg = af.PARAME_ERROR assert False if cert_from: cert_from = int_check(cert_from) if cert_from is None: msg = af.PARAME_ERROR assert False if is_update: is_update = int_check(is_update) if is_update is None: msg = af.PARAME_ERROR assert False if not cert_value or not cert_value: msg = af.CERT_VALUE_OR_KEY_EMPTY assert False cert_pl = int_check(cert_pl) if cert_pl is None: msg = af.PARAME_ERROR assert False key_pl = int_check(key_pl) if key_pl is None: msg = af.PARAME_ERROR assert False cert_value = dec_cert_value[:cert_pl] key_value = dec_key_value[:key_pl] body = { 'cert_name': cert_name, 'username': username, 'remark': remark, 'email': email, 'cert_value': cert_value, 'key_value': key_value, 'cert_from': cert_from, 'period': period, 'is_update': is_update, 'opt_username': request.user.username } api_res = APIUrl.post_link('ssl_cert_create_or_edit', body) print(111111111111, api_res) return_code = api_res.get('return_code', 0) if return_code != 0: res['msg'] = api_res.get('err_msg', '') assert False status = True except Exception as e: print(e) res['msg'] = _(msg) res['status'] = status return json_response(res)
def admin_check_domain_waf_status(request): """管理员检查安全域名在青松状态""" msg = '' status = False res = { 'status': status, 'msg': msg } provider = 'QINGSONG' domain_id = request.POST.get('domain_id', '') try: domain_obj = Domain.objects.filter(id=domain_id).first() if not domain_obj: msg = af.DOMAIN_NOT_EXIST assert False body = { 'channel': '%s://%s' % (domain_obj.protocol, domain_obj.domain), 'provider': provider } api_res = APIUrl.post_link('check_waf_status', body) message = api_res[provider].get('message', 'success') msg = '' if message == 'success' else message print(api_res) if api_res[provider].get('return_code', 1) == 0: check_status = api_res[provider]['status'] waf_switch = 0 check_result = '' status_msg = '' if check_status == 0: check_result = 'is_binding' waf_switch = 1 elif check_status == 1: check_result = 'is_binding' elif check_status == 2: check_result = 'is_create' elif check_status == 3: status_msg = _(sf.DOMAIN_WAIT_AUDIT) check_result = 'is_auditing' msg = status_msg elif check_status == 4: status_msg = _(sf.DOMAIN_AUDIT_FAILED) check_result = 'is_audit_failed' msg = status_msg else: status_msg = _(sf.DOMAIN_CHECK_FAILED) check_result = 'is_check_failed' msg = status_msg res['check_result'] = check_result res['waf_switch'] = waf_switch res['status_msg'] = status_msg res['msg'] = msg status = True elif api_res[provider].get('return_code', 1) == -1: msg = sf.WAF_TOKEN_EMPTY assert False except Exception as e: print(e) res['msg'] = _(msg) res['msg'] = msg res['status'] = status print(res) return json_response(res)
def parent_get_sec_domain_list(request): msg = '' status = False res = {'status': status, 'msg': msg} url = request.POST.get('domain', '') url_info = urlparse(url) protocol = url_info.scheme netloc = url_info.netloc path = url_info.path try: user = request.user domain_query = Domain.objects.filter(user=user) if url: if protocol and netloc: domain_query = domain_query.filter(protocol=protocol, domain=netloc) else: domain_query = domain_query.filter(domain__contains=path) domain_name_list = [i.domain for i in domain_query] body = {'domain_list': domain_name_list} api_res = APIUrl.post_link('domain_query', body) api_domain_query = api_res.get('domain_query', []) domain_dict_list = [] for domain_obj in domain_query: url = '%s://%s' % (domain_obj.protocol, domain_obj.domain) if url not in api_domain_query: continue domain_info = api_domain_query.get(url, {}) user_id = domain_info.get('user_id') user = UserProfile.objects.filter(id=user_id).first() # waf标记 is_waf = 0 waf_info = domain_info.get('waf', []) if waf_info: is_waf = 1 domain_dict = { 'username': user.username, 'WAF': is_waf, 'domain_id': domain_obj.id, 'channel_name': url } if is_waf: #---get domain status info. ''' 0:显示“开通waf” 1:显示“待审核” 2:显示“审核不通过” 3:显示“配置”+“统计” ''' status_from_api = APIUrl.post_link('get_domain_status', {'channel': url}) if status_from_api['return_code'] == 0: channel_status = status_from_api['data'].get('status', 0) domain_dict['WAF'] = channel_status else: print( f'parent_get_sec_domain_list[get_domain_status api error.] channel: {url}' ) domain_dict_list.append(domain_dict) check_msg, domain_dict_list, pagination = data_pagination( request, domain_dict_list) if check_msg: res['msg'] = _(check_msg) return json_response(res) res['domain_list'] = domain_dict_list res['page_info'] = pagination status = True except Exception as e: res['msg'] = e res['status'] = status return json_response(res)
def admin_domain_waf_binding(request): """管理员绑定waf域名""" msg = '' status = False res = { 'status': status, 'msg': msg } provider = 'QINGSONG' domain_id = request.POST.get('domain_id', '') access_type = request.POST.get('access_type', '2') short_name = request.POST.get('short_name', '') # domain_id = 8 # short_name = 'GZ' try: if short_name not in sf.ACCESS_POINT_CONF: msg = af.PARAME_ERROR assert False access_point = sf.ACCESS_POINT_CONF[short_name]['name'] access_point_cname = sf.ACCESS_POINT_CONF[short_name]['cname'] domain_obj = Domain.objects.filter(id=domain_id).first() if not domain_obj: msg = af.DOMAIN_NOT_EXIST assert False domain = domain_obj.domain body = { 'provider': provider, 'domain': domain, 'access_type': access_type, 'access_point': access_point, 'access_point_cname': access_point_cname, 'confirm_cdn_preload': True, 'confirm_cdn_http_layered': True, 'confirm_cdn_https_layered': True, 'short_name': short_name } api_res = APIUrl.post_link('waf_binding', body) message = api_res.get('message', 'success') msg = '' if message == 'success' else message if api_res['return_code'] == 0: res['status'] = '' status = True log_msg = om.BINDING_WAF_DOMAIN % (request.user.username, domain) OperateLog.write_operate_log( request, om.SECURITY, log_msg) except AssertionError: res['msg'] = _(msg) res['msg'] = msg res['status'] = status return json_response(res)
def client_cdn_status_code_data(request): """客户端查看状态码统计数据""" import time start = time.time() msg = '' status = False res = {'status': status, 'msg': msg} user = request.user start_time = request.POST.get('start_time', 0) end_time = request.POST.get('end_time', 0) domain_ids = request.POST.get('domain_list', '[]') base_code = CDNConf.STATUS_CODE all_status_code = [] # 全部状态码数据 status_code_table = [] # 状态码表格数据 all_trend_result = [] trend_table_data = [] try: msg, start_time, end_time = handle_req_time(start_time, end_time) if msg: assert False domain_ids = handle_list(domain_ids, dec_int=True) if domain_ids: domain_query = Domain.objects.filter(id__in=domain_ids) else: domain_query = Domain.objects.filter(user=user) domain_list = [i.domain for i in domain_query] if domain_list: (all_status_code, __, all_trend_result, all_trend_data, __) = get_domain_status_code(user.id, domain_list, start_time, end_time, []) sum_req = 0 for code in all_status_code: sum_req += all_status_code[code] for code in base_code: num = all_status_code[code] ratio = (num / sum_req) * 100 if sum_req else 0 code_dict = {'code': code, 'num': num, 'ratio': '%.4f' % ratio} status_code_table.append(code_dict) trend_key = list(all_trend_data.keys()) trend_key.sort() sum_cnt = 0 for i in all_trend_data: sum_cnt += all_trend_data[i] for key in trend_key: code_cnt = all_trend_data[key] ratio = code_cnt / sum_cnt * 100 if sum_cnt else 0 temp_dict = { 'code': key, 'count': code_cnt, 'ratio': '%.4f' % ratio } trend_table_data.append(temp_dict) status = True except Exception as e: print(e) res['msg'] = _(msg) print(444444444, time.time() - start) res['all_status_code'] = all_status_code res['status_code_table'] = status_code_table res['all_trend_result'] = all_trend_result res['all_trend_data'] = trend_table_data res['status'] = status return json_response(res)
def admin_domain_waf_create(request): """管理员创建waf域名""" msg = '' status = False res = { 'status': status, 'msg': msg } provider = 'QINGSONG' domain_id = request.POST.get('domain_id', '') access_type = request.POST.get('access_type', '2') short_name = request.POST.get('short_name', '') src_type = request.POST.get('src_type', '2') src_address = request.POST.get('src_address', '') src_port = request.POST.get('src_port', '') src_host = request.POST.get('src_host', '') ssl_status = request.POST.get('ssl_status', False) cert_id = request.POST.get('cert_id', '') default_waf_mode = request.POST.get('default_waf_mode', '') self_waf_mode = request.POST.get('self_waf_mode', '') # domain_id = 8 # short_name = 'GZ' print(f'admin_domain_waf_create request.POST: {request.POST}') try: if short_name not in sf.ACCESS_POINT_CONF: msg = af.PARAME_ERROR assert False access_point = sf.ACCESS_POINT_CONF[short_name]['name'] access_point_cname = sf.ACCESS_POINT_CONF[short_name]['cname'] domain_obj = Domain.objects.filter(id=domain_id).first() if not domain_obj: msg = af.DOMAIN_NOT_EXIST assert False domain = domain_obj.domain body = { 'channel': f'{domain_obj.protocol}://{domain}', 'provider': provider, 'domain': domain, 'short_name': short_name, 'access_type': access_type, 'access_point': access_point, 'access_point_cname': access_point_cname, 'src_type': src_type, 'src_address': src_address, 'src_port': src_port, 'ssl_status': ssl_status, 'cert_id': cert_id, 'default_waf_mode': default_waf_mode, 'self_waf_mode': self_waf_mode, # 'confirm_cdn_preload': True, # 'confirm_cdn_http_layered': True, # 'confirm_cdn_https_layered': True, } api_res = APIUrl.post_link('waf_create', body) message = api_res['message'] msg = '' if message == 'success' else message if api_res['return_code'] == 0: res['status'] = '' status = api_res['status'] log_msg = om.CREATE_WAF_DOMAIN % (request.user.username, domain) OperateLog.write_operate_log( request, om.SECURITY, log_msg) except AssertionError: res['msg'] = _(msg) res['msg'] = msg res['status'] = status print(f'\n---res---\n{res}') return json_response(res)
def admin_create_parent_user(request): """创建父账号用户""" msg = '' status = False res = {'status': status, 'msg': msg} username = request.POST.get('username', '') password = request.POST.get('password', '') company = request.POST.get('company', '') linkman = request.POST.get('linkman', '') email = request.POST.get('email', '') mobile = request.POST.get('mobile', '') is_api = request.POST.get('is_api', '') is_active = request.POST.get('is_active', '1') perm_list = request.POST.getlist('perm[]', []) try: if not username: msg = af.USERNAME_EMPTY assert False check_user = UserProfile.objects.filter(username=username) if check_user: msg = af.USER_EXIST assert False if not password: msg = af.PASSWORD_EMPTY assert False if not company: msg = af.COMPANY_EMPTY assert False is_api = int(is_api) if is_api is None: msg = af.PARAM_ERROR assert False is_active = int_check(is_active) if is_active is None: msg = af.PARAM_ERROR assert False except AssertionError: res['msg'] = _(msg) return json_response(res) identity = 'is_parent' group = Group.objects.filter(id=GroupProfile.CUSTOMER_ID).first() creator_username = request.user.username param = { 'username': username, 'password': password, 'group': group, 'identity': identity, 'company': company, 'linkman': linkman, 'email': email, 'mobile': mobile, 'creator_username': creator_username, 'is_api': True if is_api else False } user = create_user(**param) if not user: res['msg'] = _(af.PARAM_ERROR) return json_response(res) if not is_active: user.is_active = False user.save() for perm_code in perm_list: PermUser.assign_perm(perm_code, user) if perm_code == 'client_cdn_menu': cdn_product = Product.objects.filter(code='CDN').first() cdn_strategy = Strategy.get_obj_from_property('CC', 'CDN', 'CDN') user.product_list.add(cdn_product) user.strategy_list.add(cdn_strategy) user.save() # elif perm_code == 'client_security_menu': # sec_product = Product.objects.filter(code='SECURITY').first() # sec_strategy = Strategy.get_obj_from_property( # 'QINGSONG', 'SECURITY', 'WAF') # user.product_list.add(sec_product) # user.strategy_list.add(sec_strategy) # user.save() log_msg = om.CREATE_USER % (creator_username, identity, username) OperateLog.write_operate_log(request, om.ACCOUNTS, log_msg) status = True res['status'] = status return json_response(res)
def create_parent_user(request): """创建父账号用户""" msg = '' status = False res = {'status': status, 'msg': msg} username = request.POST.get('username', '') password = request.POST.get('password', '') company = request.POST.get('company', '') user_type = request.POST.get('user_type', '') linkman = request.POST.get('linkman', '') email = request.POST.get('email', '') mobile = request.POST.get('mobile', '') perm_list = request.POST.getlist('perm[]', '') try: if not username: msg = af.USERNAME_EMPTY assert False check_user = UserProfile.objects.filter(username=username) if check_user: msg = af.USER_EXIST assert False if not password: msg = af.PASSWORD_EMPTY assert False if not company: msg = af.COMPANY_EMPTY assert False except AssertionError: res['msg'] = msg return json_response(res) identity = user_type group = Group.objects.filter(id=GroupProfile.CUSTOMER_ID) creator_username = request.user.username param = { 'username': username, 'password': password, 'group': group, 'identity': identity, 'company': company, 'linkman': linkman, 'email': email, 'mobile': mobile, 'creator_username': creator_username } user = create_user(**param) if not user: res['msg'] = af.PARAM_ERROR return json_response(res) if perm_list: for perm_id in perm_list: PermUser.assign_perm(perm_id, user) log_msg = om.CREATE_USER % (creator_username, identity, username) OperateLog.write_operate_log(request, om.ACCOUNTS, log_msg) status = True res['status'] = status return json_response(res)