def policy_auth(self, reqdata, test=False):
if not test:
policy_server = yield self.get_policy_server()
apiurl = "http://{0}:{1}/aaawifi/authorizeRequest".format(
policy_server["policy_server"], policy_server["auth_port"])
if self.settings.debug:
self.syslog.debug("portal auth request (%s): %s" % (apiurl, reqdata))
headers = {"Content-Type": ["application/x-www-form-urlencoded"]}
try:
resp = yield requests.post(apiurl, params=reqdata, headers=headers)
jsonresp = yield resp.json()
defer.returnValue(jsonresp)
except Exception as err:
import traceback
traceback.print_exc()
defer.returnValue(dict(code=1, msg=u"认证失败,未知错误, %s" % str(err)))
else:
resp = {
"code" : 0,
"msg" : "success",
"userName" : "18688888888",
"userType" : 1,
"qosName" : "pm4",
"upLimit" : 4194304,
"downLimit": 2097152,
"domain" : "iktest",
"expire" : "2016-10-10",
"flowLen" : 0,
"timeLen" : 0
}
defer.returnValue(resp)
def get_policy_server(self):
cache_key = "get_policy_server"
_resp = portal_cache.get(cache_key)
if _resp:
if self.settings.debug:
self.syslog.debug("query policy server request hit cache; key=%s" % cache_key)
defer.returnValue(_resp)
return
nonce = str(time.time())
sign = self.mksign(params=[nonce])
reqdata = json.dumps(dict(nonce=nonce, sign=sign))
apiurl = "%s/plserver/query" % self.settings.apiurl
if self.settings.debug:
self.syslog.debug("start query policy server request (%s): %s" % (apiurl, reqdata))
resp = yield requests.post(apiurl, data=reqdata, headers={"Content-Type": ["application/json"]})
jsonresp = yield resp.json()
if jsonresp['code'] == 1:
log.err(jsonresp['msg'])
defer.returnValue({})
if jsonresp['code'] == 0:
self.syslog.info("query policy server success,{0}".format(utils.safestr(jsonresp)))
portal_cache.set(cache_key, jsonresp, expire=60)
defer.returnValue(jsonresp)
def get_ikuai_nas(self, gwid):
cache_key = '{0}{1}'.format('get_ik_nas', gwid)
_resp = portal_cache.get(cache_key)
if _resp:
if self.settings.debug:
self.syslog.debug("query ik_nas request hit cache; key=%s" % cache_key)
defer.returnValue(_resp)
return
sign = self.mksign(params=[gwid])
reqdata = json.dumps(dict(gwid=gwid, sign=sign))
apiurl = "%s/ikuai/query" % self.settings.apiurl
if self.settings.debug:
self.syslog.debug("start query ikuai nas request (%s): %s" % (apiurl, reqdata))
resp = yield requests.post(apiurl, data=reqdata, headers={"Content-Type": ["application/json"]})
jsonresp = yield resp.json()
if jsonresp['code'] == 1:
log.err(jsonresp['msg'])
defer.returnValue({})
if jsonresp['code'] == 0:
self.syslog.info("query ikuai nas success,{0}".format(utils.safestr(jsonresp)))
portal_cache.set(cache_key, jsonresp['data'], expire=60)
defer.returnValue(jsonresp['data'])
def get_ik_template_attrs(self, gwid):
cache_key = '{0}{1}'.format('get_ik_template_attrs', gwid)
_resp = portal_cache.get(cache_key)
if _resp:
if self.settings.debug:
self.syslog.debug("query ik_template request hit cache; key=%s" % cache_key)
defer.returnValue(_resp)
return
sign = self.mksign(params=[gwid])
reqdata = json.dumps(dict(gwid=gwid, sign=sign))
apiurl = "%s/ikuai/tpl/query" % self.settings.apiurl
if self.settings.debug:
self.syslog.debug("query template request (%s): %s" % (apiurl, reqdata))
resp = yield requests.post(apiurl, data=reqdata, headers={"Content-Type": ["application/json"]})
jsonresp = yield resp.json()
if jsonresp['code'] == 1:
self.syslog.error("query template attrs error, %s" % jsonresp['msg'])
defer.returnValue({'tpl_name': 'default'})
return
if jsonresp['code'] == 0:
self.syslog.info("query template attrs success")
portal_cache.set(cache_key, jsonresp['attrs'], expire=60)
defer.returnValue(jsonresp['attrs'])
def get(self):
session_id = self.get_argument("session_id", None)
if not session_id:
self.write('20001')
sign = self.mksign([session_id])
apiurl = "%s/session/exists" % self.settings.apiurl
reqdata = json.dumps(dict(session_id=session_id,sign=sign), ensure_ascii=False)
headers = {"Content-Type": ["application/json"]}
resp = yield requests.post(apiurl, data=reqdata, headers=headers)
if resp.code != 200:
self.syslog.error("ikuai session exists error : {0}".format(repr(resp)))
self.write("20001")
return
jsonresp = yield resp.json()
if jsonresp['code'] == 1:
self.syslog.error("ikuai session exists error : {0}".format(utils.safestr(jsonresp['msg'])))
self.write("20001")
return
self.write('20000')
def post(self, *args, **kwargs):
start_time = time.time()
username = self.get_argument("username", None)
password = self.get_argument("password", None)
domain = self.get_argument("domain", None)
mac = self.get_argument("mac", None)
vlanid1, vlanid2 = 0, 0
cli_dev, cli_os = self.chk_os
isChap = 0
chapId = 0
chapPasswdHex = 'null'
challengeHex = 'null'
gwid = self.get_argument("gwid")
user_ip = self.get_argument("user_ip")
end_url = "{0}://{1}/ikend".format(self.request.protocol, self.request.host)
callback_url = self.get_argument("callback_url")
iknas = yield self.get_ikuai_nas(gwid)
nasaddr = iknas.get("nas_addr", '0.0.0.0')
reqdata = dict(
userName=username,
password=password,
domain=domain,
macAddr=mac,
nasAddr=nasaddr,
vlanId1=vlanid1,
vlanId2=vlanid2,
deviceType=cli_dev,
os=cli_os,
isChap=isChap,
chapId=chapId,
chapPasswdHex=chapPasswdHex,
challengeHex=challengeHex,
)
jsonresp = yield self.policy_auth(reqdata, test=False)
if jsonresp['code'] == 1:
self.render_error(msg=jsonresp['msg'])
return
if self.settings.debug:
self.syslog.debug('ikauth login cast:%s' % (time.time() - start_time))
cparams = dict(
user_id=username,
user_ip=user_ip,
upload=0,
download=0,
phone='',
name='',
comment='',
type='portal',
session_id=utils.get_uuid(),
timestamp=int(time.time())
)
session = dict(
username=username,
nas_addr=nasaddr,
session_id=cparams["session_id"],
start_time=utils.get_currtime(),
ipaddr=user_ip,
macaddr=mac,
input_total=0,
output_total=0
)
session['sign'] = self.mksign(session.values())
_apiurl = "%s/session/add" % self.settings.apiurl
se_resp = yield requests.post(_apiurl,
data=json.dumps(session, ensure_ascii=False),
headers={"Content-Type": ["application/json"]})
if se_resp.code != 200:
self.syslog.error("ikuai session create error : {0}".format(repr(se_resp)))
self.render_error(msg=u"认证失败,创建会话失败")
return
param_str = urllib.urlencode(cparams)
param_str = "{0}&mac={1}".format(param_str, mac)
token = md5("{0}&key={1}".format(param_str, iknas.get('api_key'))).hexdigest()
enc = base64.encodestring(param_str)
full_url = "{0}?ver=1&enc={1}&token={2}&end_url={3}".format(callback_url.strip(), enc, token, end_url)
self.syslog.info("[username:{0}] callback {1}".format(username, full_url))
if self.settings.debug:
self.syslog.debug('ikportal auth cast:%s' % (time.time() - start_time))
self.redirect(full_url)
