def decryptPassword(request): privateKey = settings.RSA_PRIVATE_KEY response_data = {} try: # print("privateKey"+privateKey); article = request.data encryptedPW = article.get("password") mobileName = article.get('mobile') print('encryptPassword is %s and mobileNum %s' % (encryptedPW, mobileName)) # rsakey = RSA.importKey(settings.RSA_PRIVATE_KEY) keyDER = b64decode(privateKey) rsakey = RSA.importKey(keyDER) cipher = Cipher_pkcs1_v1_5.new(rsakey) random_generator = Random.new().read text = cipher.decrypt(base64.b64decode(encryptedPW), None) text = text.decode('utf8') response_data['Result'] = {"password": text} response_data['status'] = HTTP_200_OK return except Exception as e: print(e) print('ffffff', text) logger.info("api:validateView error %s", e) logger.debug("api:validateView error %s", e) finally: return Response(response_data)
def validatePort(request): try: article = request.data imei = article.get("Imei") sign = article.get("Sign") key = article.get("Key") source = article.get("Source") version = article.get("Version") modelArticle = ValidatePost.objects.filter(imei=imei, key=key, source=source).values_list( 'seed', ) print(modelArticle.count()) if modelArticle.count() > 0: raise Exception('系统错误,请联系管理员') strTime = key.split('-', -1) strTimeCustomer = strTime[0] strTimeNew = time.time() strTimeNew = time.strftime('%Y%m%d%H%M%S', time.localtime(strTimeNew)) valueTime = int(strTimeNew) - int(strTimeCustomer) if valueTime > 60 or valueTime < 0: # print('差:%s' % valueTime) logger.info("api:validateView 请求超时 %s", article) return Response({"ErrorDesc": "请求超时"}, status=HTTP_408_REQUEST_TIMEOUT) seed = ('%s_%s_RSPlatForm' % (imei, key)) seed = hashlib.md5(seed.encode(encoding='UTF-8')).hexdigest() seed = seed.upper() print("seed: %s" % seed) if not seed == sign: print("seed is not equal sign") logger.info("api:validateView sign参数有误 %s", article) return Response({"ErrorDesc": "sign参数有误"}, status=HTTP_408_REQUEST_TIMEOUT) seed = ('%s_%s_HB' % (seed, strTimeCustomer)) seed = hashlib.md5(seed.encode(encoding='UTF-8')).hexdigest() print('responseSeed:%s' % seed) ValidatePost.objects.create(imei=imei, source=source, sign=sign, key=key, version=version, seed=seed) logger.info("xingming:%s logging successful", article) logger.debug("xingming:%s logging successful", article) return Response({"Result": {"Seed": seed}}, status=HTTP_200_OK) except Exception as e: print(e) logger.info("api:validateView error %s", e) logger.debug("api:validateView error %s", e) return Response({"ErrorDesc:": e}, status=HTTP_404_NOT_FOUND)
def publishKey(request): response_data = {} try: pub = settings.RSA_PUBLIC_KEY print('publiKey:' + pub) if len(pub) > 10: response_data['Result'] = {"Publikey": pub} response_data['status'] = HTTP_200_OK logger.info('请求publicKey success!') return if len(pub) <= 0: response_data['ErrorDesc'] = '系统错误,请联系管理员' response_data['status'] = HTTP_404_NOT_FOUND logger.info("未找到publickey!") return else: raise Exception['系统错误:publicKey can not find'] print("系统错误:publicKey can not find") except Exception as e: logger.info("api_validateView error %s", e) logger.debug("api_validateView error %s", e) print(e) finally: return Response(response_data)
def wrapper(request, *args, **kwargs): try: hbvar = ('HTTP_IMEI', 'HTTP_KEY', 'HTTP_SIGN', 'HTTP_SOURCE') varial = request.META for k in hbvar: if k not in varial: return Response({"ErrorDesc": "参数:%s有误" % k}, status=HTTP_400_BAD_REQUEST) print('enter getpublic2 %s', k) value = varial[k] if not value or len(value) < 1: return Response({"ErrorDesc": "参数:%s值不能为空" % varial[k]}, status=HTTP_400_BAD_REQUEST) imei = request.META['HTTP_IMEI'] print('enter getpublic0') key = request.META['HTTP_KEY'] sign = request.META['HTTP_SIGN'] source = request.META['HTTP_SOURCE'] print(imei + '+' + sign + "+" + key + "+" + source) # modelArticle = ValidatePost.objects.filter(imei=imei, key=key, source=source).values_list('secondSeed',) # print('modelArticle count:%s and length:%d'%(len(modelArticle[0][0]), modelArticle.count())) # if len(modelArticle[0][0]) > 0 or modelArticle.count() > 1: # raise Exception('系统受到重放攻击,secondSeed:%s-%s' % (imei, key)) strTime = key.split('-', -1) strTimeCustomer = strTime[0] strTimeNew = time.time() strTimeNew = time.strftime('%Y%m%d%H%M%S', time.localtime(strTimeNew)) valueTime = int(strTimeNew) - int(strTimeCustomer) # print('差:%s' % valueTime) if valueTime > 120: print('差:%s' % valueTime) logger.info("api:validateView 请求超时 %s", key) return Response({"ErrorDesc": "请求超时"}, status=HTTP_408_REQUEST_TIMEOUT) print('差:%s' % valueTime) vard = ValidatePost.objects.filter(imei=imei, key=key, source=source).values_list( 'key', 'sign', 'seed') print(vard) print(vard.count()) if vard.count() == 0: return Response({'ErrorDesc': "request out mind!"}, status=HTTP_405_METHOD_NOT_ALLOWED) oldseed = vard[0][2] oldsign = vard[0][1] print('oldseed:' + oldseed) if vard.count() > 1: logger.info("server error:%s key=%s" % ("ValidatePost表出现重复的数据 ", key)) logger.debug("server error:%s key=%s" % ("ValidatePost表出现重复的数据", key)) return Response({"ErrorDesc": "系统错误,请联系管理员"}, status=HTTP_500_INTERNAL_SERVER_ERROR) if vard.count() < 1: logger.info("The system seems to be under attack key=%s ", key) logger.debug("The system seems to be under attack key=%s", key) return Response({"ErrorDesc": "请求超时key:%s" % key}, status=HTTP_408_REQUEST_TIMEOUT) newsign = ('%s_%s_HB' % (oldseed, key)) newsign = hashlib.md5(newsign.encode(encoding='UTF-8')).hexdigest() newsign = newsign.upper() print('newsign after m5:%s' % newsign) print('sign:' + sign) if not sign == newsign: logger.info("sign value is not correctly. key=%s", key) logger.debug("sign value is not correctly. key=%s", key) return Response({"ErrorDesc": "参数有误,sign:%s" % sign}, status=HTTP_400_BAD_REQUEST) ValidatePost.objects.filter(imei=imei, key=key, source=source).delete() logger.info("api:registerPort delete done imei:%s key:%s" % (imei, key)) logger.debug("api:registerPort delete done imei:%s key:%s" % (imei, key)) print('delete OK') return func(request, *args, **kwargs) except Exception as e: type(e) print("Exception error:%s" % str(e)) logger.info("api:validateView error %s", e) logger.debug("api:validateView error %s", e) return Response({"ErrorDesc:": e}, status=HTTP_404_NOT_FOUND)
def loginAccount(request): response_data = {} privateKey = settings.RSA_PRIVATE_KEY print('000') try: article = request.data username = article.get('mobile') password = article.get('password') print('article', username, password) ar = { 'encryptedPW': password, 'mobileName': username, } print('ar:') userModel = UserModel.objects.values( 'userPhone', 'userPassword').filter(userPhone=username) print('type00:%s' % type(userModel)) print(userModel) print('length:%s' % len(userModel)) if len(userModel) > 1: logger.info('系统错误,手机号用户名重复:%s' % username) logger.debug('系统错误,手机号用户名重复:%s' % username) response_data['ErrorDesc'] = '系统错误' response_data['status'] = HTTP_400_BAD_REQUEST return if not userModel or len(userModel) == 0: print('用户名有误') response_data['ErrorDesc'] = '用户名:%s 不存在' % username response_data['status'] = HTTP_400_BAD_REQUEST return userPhoneNumber = userModel[0].get('userPhone') userPhonePassword = userModel[0].get('userPassword') print('phone:%s password:%s' % (userPhoneNumber, userPhonePassword)) keyDER = b64decode(privateKey) rsakey = RSA.importKey(keyDER) cipher = Cipher_pkcs1_v1_5.new(rsakey) text = cipher.decrypt(base64.b64decode(password), None) text = text.decode('utf8') print('text:' + text) if username is None or password is None: response_data[ 'ErrorDesc'] = 'Please provide both username and password' response_data['status'] = HTTP_404_NOT_FOUND return if not userPhonePassword == text: response_data['ErrorDesc'] = "密码错误" response_data['status'] = HTTP_400_BAD_REQUEST raise Exception('密码错误') if userPhonePassword == text: logger.info('api:registerPort succesful telphone:%s' % username) logger.debug('api:registerPort succesful telphone:%s' % username) userModel = UserModel.objects.values( 'userPhone', 'nickName', 'userGender', 'userIdcard', 'userAddress').filter(userPhone=username) response_data['Result'] = userModel[0] response_data['status'] = HTTP_200_OK return except Exception as e: print(e) logger.info("api_validateView error %s", e) logger.debug("api_validateView error %s", e) print('e', e) finally: print('e') return Response(response_data)
def registerUser(request): response_data = {} privateKey = settings.RSA_PRIVATE_KEY try: article = request.data encryptedPW = article.get("password") mobileName = article.get('mobile') validateCode = article.get('validate') print('article') userModel = UserModel.objects.filter(userPhone=mobileName).values_list( 'userPhone', ) print('type00:%s' % type(userModel)) print(userModel) print('length:%s' % len(userModel)) if userModel.exists() and len(userModel) > 0: response_data['ErrorDesc'] = '手机号:%s已注册' % mobileName response_data['status'] = HTTP_400_BAD_REQUEST return ar = { 'encryptedPW': encryptedPW, 'mobileName': mobileName, 'validateCode': validateCode } print('ar:') print(encryptedPW) for key, value in ar.items(): print('ar:99' + value) print(len(value)) if not len(value) > 0: logger.info("参数:%s异常" % key) logger.debug("参数:%s异常" % key) response_data['ErrorDesc'] = '参数错误' + key response_data['status'] = HTTP_400_BAD_REQUEST return print('validateCode:' + validateCode) if not validateCode == '123456': print('validateCode:' + validateCode) logger.info('api:registerPort:验证码错误,& telphone:%s' % mobileName) logger.debug('api:registerPort: 验证码错误,& telphone:%s' % mobileName) response_data['ErrorDesc'] = '邀请码有误' response_data['status'] = HTTP_400_BAD_REQUEST raise Exception('邀请码有误') print('encryptPassword is %s and mobileNum %s' % (encryptedPW, mobileName)) keyDER = b64decode(privateKey) rsakey = RSA.importKey(keyDER) cipher = Cipher_pkcs1_v1_5.new(rsakey) random_generator = Random.new().read text = cipher.decrypt(base64.b64decode(encryptedPW), None) text = text.decode('utf8') print('text:' + text) UserModel.objects.create(userPhone=mobileName, userPassword=text, username=mobileName) logger.info('api:registerPort succesful telphone:%s' % mobileName) logger.debug('api:registerPort succesful telphone:%s' % mobileName) userModel = UserModel.objects.filter(userPhone=mobileName).values_list( 'userPhone', 'nickName', 'userGender', 'userIdcard', 'userAddress') response_data['Result'] = userModel response_data['status'] = HTTP_200_OK return except Exception as e: print(e) logger.info("api_validateView error %s", e) logger.debug("api_validateView error %s", e) finally: return Response(response_data)