def patch(self, *args, **kwargs): ### 审批 data = json.loads(self.request.body.decode("utf-8")) list_id = data.get('list_id', None) start_time = data.get('start_time', None) nickname = self.get_current_nickname() if not list_id or not start_time: return self.write(dict(code=-1, msg='订单ID和开始时间不能为空')) with DBContext('r') as session: task_info = session.query(TaskList).filter(TaskList.list_id == list_id).first() admin_user = literal_eval(task_info.associated_user).get("admin") if nickname in admin_user or self.is_superuser: with DBContext('w', None, True) as session: session.query(TaskList).filter(TaskList.list_id == list_id).update( {TaskList.schedule: 'ready', TaskList.start_time: start_time, TaskList.status: '1', TaskList.executor: nickname}) session.query(TaskSched).filter(TaskSched.list_id == list_id, TaskSched.task_status == '0').update( {TaskSched.task_status: '1'}) redis_conn = cache_conn() try: time_array = time.strptime(start_time, '%Y-%m-%d %H:%M') except: time_array = time.strptime(start_time, '%Y-%m-%d %H:%M:%S') start_time = time.mktime(time_array) redis_conn.set('task_id_{}_start_time'.format(list_id), start_time) redis_conn.expire('task_id_{}_start_time'.format(list_id), 2592000) return self.write(dict(code=0, msg='任务开始成功')) else: return self.write(dict(code=-2, msg="你没有审批权限"))
def get_user_rules(user_id, is_superuser=False): page_data = {} component_data = {} with DBContext('r') as session: this_menus = session.query(Menus.menu_name).outerjoin( RoleMenus, Menus.menu_id == RoleMenus.menu_id).outerjoin( UserRoles, RoleMenus.role_id == UserRoles.role_id).filter( UserRoles.user_id == user_id).all() this_components = session.query(Components.component_name).outerjoin( RolesComponents, Components.comp_id == RolesComponents.comp_id).outerjoin( UserRoles, RolesComponents.role_id == UserRoles.role_id).filter( UserRoles.user_id == user_id).all() for p in this_menus: page_data[p[0]] = True for c in this_components: component_data[c[0]] = True ## 插入一个没有权限的 if is_superuser: page_data['all'] = True component_data['all'] = True else: page_data['all'] = False component_data['all'] = False redis_conn = cache_conn() redis_conn.hmset("{}_rules".format(user_id), dict(page=page_data, component=component_data))
def post(self, *args, **kwargs): ### 发送邮件 data = json.loads(self.request.body.decode('utf-8')) to_list = data.get('to_list', None) subject = data.get('subject', None) content = data.get('content', None) subtype = data.get('subtype', None) att = data.get('att', None) redis_conn = cache_conn() if not to_list and not subject and not content: return self.write(dict(code=-1, msg='收件人、邮件标题、邮件内容不能为空')) configs_init('all') config_info = redis_conn.hgetall(const.APP_SETTINGS) config_info = convert(config_info) try: obj = SendMail( mail_host=config_info.get(const.EMAIL_HOST), mail_port=config_info.get(const.EMAIL_PORT), mail_user=config_info.get(const.EMAIL_HOST_USER), mail_password=config_info.get(const.EMAIL_HOST_PASSWORD), mail_ssl=True if config_info.get(const.EMAIL_USE_SSL) == '1' else False) obj.send_mail(to_list, subject, content, subtype=subtype, att=att) return self.write(dict(code=0, msg='邮件发送成功')) except Exception as e: return self.write(dict(code=-1, msg='邮件发送失败 {}'.format(str(e))))
def post(self, *args, **kwargs): data = json.loads(self.request.body.decode('utf-8')) check_key = data.get('check_key') user_id = self.get_current_id() redis_conn = cache_conn() config_info = redis_conn.hgetall(const.APP_SETTINGS) config_info = convert(config_info) if check_key == 'EMAIL': with DBContext('r') as session: mail_to = session.query(Users.email).filter(Users.user_id == user_id).first() obj = SendMail(mail_host=config_info.get(const.EMAIL_HOST), mail_port=config_info.get(const.EMAIL_PORT), mail_user=config_info.get(const.EMAIL_HOST_USER), mail_password=config_info.get(const.EMAIL_HOST_PASSWORD), mail_ssl=True if config_info.get(const.EMAIL_USE_SSL) == '1' else False) obj.send_mail(mail_to[0], 'OPS测试邮件', '测试发送邮件成功', subtype='plain') return self.write(dict(code=0, msg='测试邮件已经发送')) elif check_key == 'SMS': obj = SendSms(config_info.get(const.SMS_REGION), config_info.get(const.SMS_DOMAIN), config_info.get(const.SMS_PRODUCT_NAME), config_info.get(const.SMS_ACCESS_KEY_ID), config_info.get(const.SMS_ACCESS_KEY_SECRET)) query_response = obj.query_send_detail('', '11111111111', 1, 1, time.strftime("%Y%m%d", time.localtime())) query_response = json.loads(query_response.decode('utf-8')) if query_response.get("Message") == "OK": return self.write(dict(code=0, msg='测试短信成功')) else: return self.write(dict(code=-2, msg='测试短信失败{}'.format(str(query_response)))) else: return self.write(dict(code=-1, msg='未知测试项目'))
def post(self, *args, **kwargs): ### 发送邮件 data = json.loads(self.request.body.decode('utf-8')) phone = data.get('phone', None) msg = data.get('msg', None) # json格式 对应短信模板里设置的参数 template_code = data.get('template_code', None) sign_name = data.get('sign_name', 'OPS') redis_conn = cache_conn() if not phone and not msg and not template_code: return self.write(dict(code=-1, msg='收件人、邮件标题、邮件内容不能为空')) configs_init('all') config_info = redis_conn.hgetall(const.APP_SETTINGS) config_info = convert(config_info) try: obj = SendSms(config_info.get(const.SMS_REGION), config_info.get(const.SMS_DOMAIN), config_info.get(const.SMS_PRODUCT_NAME), config_info.get(const.SMS_ACCESS_KEY_ID), config_info.get(const.SMS_ACCESS_KEY_SECRET)) params = json.dumps(msg) sms_response = obj.send_sms(phone, template_param=params, sign_name=sign_name, template_code=template_code) sms_response = json.loads(sms_response.decode('utf-8')) if sms_response.get("Message") == "OK": return self.write(dict(code=0, msg='短信发送成功')) else: return self.write( dict(code=-2, msg='短信发送失败{}'.format(str(sms_response)))) except Exception as e: return self.write(dict(code=-1, msg='短信发送失败 {}'.format(str(e))))
def put(self, *args, **kwargs): ### 处理全部需要手动干预的任务 data = json.loads(self.request.body.decode("utf-8")) list_id = data.get('list_id', None) hand_task = data.get('hand_task', None) if not list_id: return self.write(dict(code=-1, msg='订单ID 不能为空')) if not hand_task: return self.write(dict(code=-2, msg='任务名称不正确')) with DBContext('w', None, True) as session: session.query(TaskSched).filter(TaskSched.list_id == list_id, TaskSched.task_name == hand_task).update( {TaskSched.task_status: '1'}) data_info = session.query(TaskSched).filter(TaskSched.list_id == list_id, TaskSched.task_name == hand_task).all() redis_conn = cache_conn() redis_pipe = redis_conn.pipeline() for msg in data_info: data_dict = model_to_dict(msg) hash_key = "task_{}_{}_{}".format(list_id, data_dict["task_group"], data_dict["exec_ip"]) redis_pipe.hset(hash_key, data_dict["task_level"], '1') redis_pipe.expire(hash_key, 2592000) redis_pipe.execute() return self.write(dict(code=0, msg='审核干预成功'))
def put(self, *args, **kwargs): if not self.is_superuser: return self.write(dict(code=-1, msg='不是超级管理员,没有权限')) data = json.loads(self.request.body.decode("utf-8")) user_list = data.get('user_list', None) if len(user_list) != 1: return self.write(dict(code=-2, msg='一次只能选择一个用户,且不能为空')) user_id = user_list[0] with DBContext('r') as session: user_info = session.query(Users).filter( Users.user_id == user_id).first() ### 生成token if user_info.superuser == '0': is_superuser = True else: is_superuser = False token_info = dict(user_id=user_id, username=user_info.username, nickname=user_info.nickname, is_superuser=is_superuser, exp_time=1100) auth_token = AuthToken() auth_key = auth_token.encode_auth_token_v2(**token_info) if isinstance(auth_key, bytes): auth_key = auth_key.decode() redis_conn = cache_conn() configs_init('all') config_info = redis_conn.hgetall(const.APP_SETTINGS) config_info = convert(config_info) obj = SendMail( mail_host=config_info.get(const.EMAIL_HOST), mail_port=config_info.get(const.EMAIL_PORT), mail_user=config_info.get(const.EMAIL_HOST_USER), mail_password=config_info.get(const.EMAIL_HOST_PASSWORD), mail_ssl=True if config_info.get(const.EMAIL_USE_SSL) == '1' else False, mail_tls=True if config_info.get(const.EMAIL_USE_TLS) == '1' else False) with DBContext('w', None, True) as session: mail_to = session.query(Users.email).filter( Users.user_id == self.get_current_id()).first() if mail_to[0] == user_info.email: obj.send_mail(mail_to[0], '令牌,有效期三年', auth_key, subtype='plain') else: obj.send_mail(mail_to[0], '令牌,有效期三年', auth_key, subtype='plain') obj.send_mail(user_info.email, '令牌,有效期三年', auth_key, subtype='plain') return self.write(dict(code=0, msg='Token已经发送到邮箱', data=auth_key))
def get(self, *args, **kwargs): user_id = self.get_current_id() redis_conn = cache_conn() page = redis_conn.hget("{}_rules".format(user_id), 'page') component = redis_conn.hget("{}_rules".format(user_id), 'component') data = dict(rules=dict(page=literal_eval(convert(page)), component=literal_eval(convert(component)))) return self.write(dict(data=data, code=0, msg='获取前端权限成功'))
def __init__(self, **settings): if configs.can_import: configs.import_dict(**settings) self.redis_conn = cache_conn() super(DealMQ, self).__init__(exchange='task_scheduler', exchange_type='direct', routing_key='the_task_id', queue_name='deal_task_scheduler', no_ack=False)
def get(self, *args, **kwargs): key = self.get_argument('key', default=None, strip=True) value = self.get_argument('value', default=None, strip=True) page_size = self.get_argument('page', default=1, strip=True) limit = self.get_argument('limit', default=30, strip=True) limit_start = (int(page_size) - 1) * int(limit) user_list = [] with DBContext('r') as session: if key and value: count = session.query(Users).filter( Users.status != '10').filter_by(**{ key: value }).count() user_info = session.query(Users).filter( Users.status != '10').filter_by(**{ key: value }).order_by(Users.user_id).offset(limit_start).limit( int(limit)) else: count = session.query(Users).filter( Users.status != '10').count() user_info = session.query(Users).filter( Users.status != '10').order_by( Users.user_id).offset(limit_start).limit(int(limit)) all_user = session.query(Users).filter(Users.status != '10').all() if int(limit) > 200: user_info = all_user for msg in user_info: data_dict = model_to_dict(msg) data_dict.pop('password') data_dict.pop('google_key') data_dict['last_login'] = str(data_dict['last_login']) data_dict['ctime'] = str(data_dict['ctime']) user_list.append(data_dict) redis_conn = cache_conn() redis_conn.delete(const.USERS_INFO) ### 清空集合数据 with redis_conn.pipeline(transaction=False) as p: for msg in all_user: data_dict = model_to_dict(msg) data_dict.pop('password') data_dict.pop('google_key') data_dict['last_login'] = str(data_dict['last_login']) data_dict['ctime'] = str(data_dict['ctime']) nickname_key = bytes(data_dict['nickname'] + '__contact', encoding='utf-8') p.hmset(nickname_key, { "tel": data_dict["tel"], "email": data_dict["email"] }) p.sadd(const.USERS_INFO, json.dumps(data_dict)) p.execute() self.write(dict(code=0, msg='获取用户成功', count=count, data=user_list))
def post(self, *args, **kwargs): data = json.loads(self.request.body.decode('utf-8')) check_key = data.get('check_key') user_id = self.get_current_id() redis_conn = cache_conn() config_info = redis_conn.hgetall(const.APP_SETTINGS) config_info = convert(config_info) if check_key == 'EMAIL': with DBContext('r') as session: mail_to = session.query( Users.email).filter(Users.user_id == user_id).first() send_list = [mail_to[0], 'OPS测试邮件', '测试发送邮件成功', 'plain', None] res = yield self.send_mail_pool(send_list, config_info) return self.write(res) elif check_key == 'SMS': obj = SendSms(config_info.get(const.SMS_REGION), config_info.get(const.SMS_DOMAIN), config_info.get(const.SMS_PRODUCT_NAME), config_info.get(const.SMS_ACCESS_KEY_ID), config_info.get(const.SMS_ACCESS_KEY_SECRET)) query_response = obj.query_send_detail( '', '11111111111', 1, 1, time.strftime("%Y%m%d", time.localtime())) query_response = json.loads(query_response.decode('utf-8')) if query_response.get("Message") == "OK": return self.write(dict(code=0, msg='测试短信成功')) else: return self.write( dict(code=-2, msg='测试短信失败{}'.format(str(query_response)))) elif check_key == 'LDAP': ldap_ssl = True if config_info.get( const.LDAP_USE_SSL) == '1' else False obj = LdapApi(config_info.get(const.LDAP_SERVER_HOST), config_info.get(const.LDAP_ADMIN_DN), config_info.get(const.LDAP_ADMIN_PASSWORD), int(config_info.get(const.LDAP_SERVER_PORT, 389)), ldap_ssl) if obj.ldap_server_test(): return self.write(dict(code=0, msg='LDAP连接测试成功')) else: return self.write(dict(code=-1, msg='LDAP连接测试不成功,请仔细检查配置')) else: return self.write(dict(code=-1, msg='未知测试项目'))
def codo_csrf(self): # 验证客户端CSRF,如请求为GET,则不验证,否则验证。最后将写入新的key cache = cache_conn() # or self.request.headers.get('X-Gitlab-Token') if self.request.method in ("GET", "HEAD", "OPTIONS" ) or self.request.headers.get('Sdk-Method'): pass else: csrf_key = self.get_cookie('csrf_key') if not csrf_key: raise HTTPError(402, 'csrf error need csrf key') result = cache.get(csrf_key) cache.delete(csrf_key) if isinstance(result, bytes): result = result.decode() if result != '1': raise HTTPError(402, 'csrf error') cache.set(self.new_csrf_key, '1', ex=1800) self.set_cookie('csrf_key', self.new_csrf_key)
def configs_init(setting_key): new_dict = {} """返回所有数据""" with DBContext('r') as session: if setting_key == 'all': conf_info = session.query(AppSettings).all() else: conf_info = session.query(AppSettings).filter( AppSettings.name.like(setting_key + '%')).all() for msg in conf_info: data_dict = model_to_dict(msg) new_dict[data_dict.get('name')] = data_dict.get('value') if new_dict: redis_conn = cache_conn() redis_conn.hmset(const.APP_SETTINGS, new_dict) return dict(code=0, msg='获取配置成功', data=new_dict)
def run(): redis_conn = cache_conn() query_keys = redis_conn.smembers('query_list') for key in query_keys: data = redis_conn.hgetall(key) new_data = {} try: for k, v in data.items(): new_data[str(k, 'utf8')] = str(v, 'utf8') if not new_data: redis_conn.srem('query_list', key) if new_data['status'] == '1': now = int(time.time()) if now >= int(new_data['next_time']): do_sql(redis_conn, key, new_data) except Exception as e: traceback.print_exc(e)
def post(self, *args, **kwargs): ### 发送邮件 data = json.loads(self.request.body.decode('utf-8')) to_list = data.get('to_list', None) subject = data.get('subject', None) content = data.get('content', None) subtype = data.get('subtype', None) att = data.get('att', None) redis_conn = cache_conn() if not to_list and not subject and not content: return self.write(dict(code=-1, msg='收件人、邮件标题、邮件内容不能为空')) configs_init('all') config_info = redis_conn.hgetall(const.APP_SETTINGS) config_info = convert(config_info) send_list = [to_list, subject, content, subtype, att] res = yield self.send_mail_pool(send_list, config_info) return self.write(res)
def post(self, *args, **kwargs): ### 发送短信 data = json.loads(self.request.body.decode('utf-8')) phone = data.get('phone', None) msg = data.get('msg', None) # json格式 对应短信模板里设置的参数 template_code = data.get('template_code', None) sign_name = data.get('sign_name', 'OPS') redis_conn = cache_conn() if not phone and not msg and not template_code: return self.write(dict(code=-1, msg='收件人、邮件标题、邮件内容不能为空')) configs_init('all') config_info = redis_conn.hgetall(const.APP_SETTINGS) config_info = convert(config_info) # send_list = [phone, msg, sign_name, template_code] res = yield self.send_sms_pool(send_list, config_info) return self.write(res)
def put(self, *args, **kwargs): if not self.is_superuser: return self.write(dict(code=-1, msg='不是超级管理员,没有权限')) data = json.loads(self.request.body.decode("utf-8")) user_list = data.get('user_list', None) if len(user_list) < 1: return self.write(dict(code=-1, msg='用户不能为空')) redis_conn = cache_conn() configs_init('all') config_info = redis_conn.hgetall(const.APP_SETTINGS) config_info = convert(config_info) obj = SendMail( mail_host=config_info.get(const.EMAIL_HOST), mail_port=config_info.get(const.EMAIL_PORT), mail_user=config_info.get(const.EMAIL_HOST_USER), mail_password=config_info.get(const.EMAIL_HOST_PASSWORD), mail_ssl=True if config_info.get(const.EMAIL_USE_SSL) == '1' else False, mail_tls=True if config_info.get(const.EMAIL_USE_TLS) == '1' else False) with DBContext('w', None, True) as session: for user_id in user_list: mfa = base64.b32encode( bytes(str(shortuuid.uuid() + shortuuid.uuid())[:-9], encoding="utf-8")).decode("utf-8") session.query(Users).filter(Users.user_id == user_id).update({ Users.last_ip: '', Users.google_key: mfa }) mail_to = session.query( Users.email).filter(Users.user_id == user_id).first() obj.send_mail(mail_to[0], '重置MFA', mfa, subtype='plain') return self.write(dict(code=0, msg='重置MFA成功,新的MFA已经发送到邮箱'))
def put(self, *args, **kwargs): if not self.is_superuser: return self.write(dict(code=-1, msg='不是超级管理员,没有权限')) data = json.loads(self.request.body.decode("utf-8")) user_list = data.get('user_list', None) if len(user_list) < 1: return self.write(dict(code=-2, msg='用户不能为空')) redis_conn = cache_conn() configs_init('all') config_info = redis_conn.hgetall(const.APP_SETTINGS) config_info = convert(config_info) obj = SendMail( mail_host=config_info.get(const.EMAIL_HOST), mail_port=config_info.get(const.EMAIL_PORT), mail_user=config_info.get(const.EMAIL_HOST_USER), mail_password=config_info.get(const.EMAIL_HOST_PASSWORD), mail_ssl=True if config_info.get(const.EMAIL_USE_SSL) == '1' else False, mail_tls=True if config_info.get(const.EMAIL_USE_TLS) == '1' else False) with DBContext('w', None, True) as session: for user_id in user_list: md5_password = shortuuid.uuid() new_password = gen_md5(md5_password) session.query(Users).filter(Users.user_id == user_id).update( {Users.password: new_password}) mail_to = session.query( Users.email).filter(Users.user_id == user_id).first() obj.send_mail(mail_to[0], '修改密码', md5_password, subtype='plain') return self.write(dict(code=0, msg='重置密码成功,新密码已经发送到邮箱'))
def __init__(self, user_id, is_superuser=False): self.redis_conn = cache_conn() self.user_id = user_id self.is_superuser = is_superuser self.method_list = ["GET", "POST", "PATCH", "DELETE", "PUT", "ALL"]
def __init__(self, user_id): self.redis_conn = cache_conn() self.user_id = user_id self.method_list = ["GET", "POST", "PATCH", "DELETE", "PUT", "ALL"]
def send_alarm(): with DBContext('r', None, False, **configs) as session: error_info = session.query(TaskList).filter( TaskList.schedule == 'start', TaskList.status == '4', TaskList.start_time < datetime.datetime.now()).all() ### 查找出已经发出告警的订单 old_warm = session.query(TaskMonitor).filter( TaskMonitor.call_status == 1).all() ### 没有错误订单则返回 if not error_info: return old_warm_list = [] error_list = [] for o in old_warm: old_warm_list.append(o.list_id) old_warm_list = list(set(old_warm_list)) with DBContext('w', None, True, **configs) as session: for i in error_info: error_list.append(int(i.list_id)) if int(i.list_id) not in old_warm_list: print('The task-{0} is error'.format(i.list_id)) call_info = 'ID-{} 任务-{} 类型-{}'.format(i.list_id, i.task_name[0:25], i.task_type[0:25]) session.add( TaskMonitor( list_id=int(i.list_id), call_info=call_info, call_level=2, call_users=','.join( list(literal_eval(i.associated_user).values())[0]), call_status=0)) ### 错误记录里面里面的订单已经修复 for o in old_warm_list: if int(o) not in error_list: session.query(TaskMonitor).filter( TaskMonitor.list_id == int(o)).delete( synchronize_session=False) ### 删除报警记录 session.query(TaskMonitor).filter( TaskMonitor.ctime < time.localtime(time.time() - 6000)).delete( synchronize_session=False) session.commit() time.sleep(1) ### 告警 with DBContext('r', None, False, **configs) as session: my_call = session.query(TaskMonitor).filter( TaskMonitor.call_status == 0).all() ### 如果没有告警信息,则返回 if not len(my_call): return redis_conn = cache_conn() cache_config_info = redis_conn.hgetall(const.APP_SETTINGS) if cache_config_info: config_info = convert(cache_config_info) else: config_info = configs['email_info'] ### 禁用邮箱 # sm = SendMail(mail_host=config_info.get(const.EMAIL_HOST), mail_port=config_info.get(const.EMAIL_PORT), # mail_user=config_info.get(const.EMAIL_HOST_USER), # mail_password=config_info.get(const.EMAIL_HOST_PASSWORD), # mail_ssl=True if config_info.get(const.EMAIL_USE_SSL) == '1' else False) ### 发送短信实例化 sms = SendSms(config_info.get(const.SMS_REGION), config_info.get(const.SMS_DOMAIN), config_info.get(const.SMS_PRODUCT_NAME), config_info.get(const.SMS_ACCESS_KEY_ID), config_info.get(const.SMS_ACCESS_KEY_SECRET)) for i in my_call: sms_to_list = [] email_to_list = [] for user in i.call_users.split(','): info__contact = convert( redis_conn.hgetall(bytes(user + '__contact', encoding='utf-8'))) if info__contact: sms_to_list.append(info__contact['tel']) email_to_list.append(info__contact['email']) print(sms_to_list, email_to_list, i.call_info) ### 发送邮件 # sm.send_mail(",".join(email_to_list), '自动化订单', i.call_info) ### 以下为注释为单独报警的示例,具体根据自己的需求修改 # import sys # sys.path.append(sys.path[0]) # print(exec_shell('python3 alert.py {} {}'.format(",".join(sms_to_list), i.call_info))) ### 发送短信 if sms_to_list: params = {"msg": i.call_info} # 对应短信模板里设置的参数 sms.send_sms(phone_numbers=",".join(sms_to_list), template_param=params, sign_name=configs.get('sign_name')[0], template_code=configs.get('template_code')[0]) ### 发送完禁用 with DBContext('w', None, True, **configs) as session: session.query(TaskMonitor).filter(TaskMonitor.call_status == 0).update( {TaskMonitor.call_status: 1}) session.commit() return
def post(self, *args, **kwargs): data = json.loads(self.request.body.decode("utf-8")) username = data.get('username', None) password = data.get('password', None) dynamic = data.get('dynamic', None) if not username or not password: return self.write(dict(code=-1, msg='账号密码不能为空')) redis_conn = cache_conn() configs_init('all') if is_mail(username): login_mail = redis_conn.hget(const.APP_SETTINGS, const.EMAILLOGIN_DOMAIN) if login_mail: if is_mail(username, login_mail.decode('utf-8')): email = username username = email.split("@")[0] email_server = redis_conn.hget(const.APP_SETTINGS, const.EMAILLOGIN_SERVER).decode('utf-8') if not email_server: return self.write(dict(code=-9, msg='请配置邮箱服务的SMTP服务地址')) if not mail_login(email, password, email_server): return self.write(dict(code=-2, msg='邮箱登陆认证失败')) with DBContext('r') as session: user_info = session.query(Users).filter(Users.email == email, Users.username == username, Users.status != '10').first() if not user_info: return self.write(dict(code=-3, msg='邮箱认证通过,请根据邮箱完善用户信息', username=username, email=email)) else: with DBContext('r') as session: user_info = session.query(Users).filter(Users.username == username, Users.password == gen_md5(password), Users.status != '10').first() if not user_info: # redis_conn = cache_conn() # configs_init('all') ldap_login = redis_conn.hget(const.APP_SETTINGS, const.LDAP_ENABLE) ldap_login = convert(ldap_login) if ldap_login != '1': return self.write(dict(code=-4, msg='账号密码错误')) ### 如果开启了LDAP认证 则进行LDAP认证 else: #### config_info = redis_conn.hgetall(const.APP_SETTINGS) config_info = convert(config_info) ldap_ssl = True if config_info.get(const.LDAP_USE_SSL) == '1' else False obj = LdapApi(config_info.get(const.LDAP_SERVER_HOST), config_info.get(const.LDAP_ADMIN_DN), config_info.get(const.LDAP_ADMIN_PASSWORD), int(config_info.get(const.LDAP_SERVER_PORT, 389)), ldap_ssl) ldap_pass_info = obj.ldap_auth(username, password, config_info.get(const.LDAP_SEARCH_BASE), config_info.get(const.LDAP_SEARCH_FILTER)) if ldap_pass_info[0]: with DBContext('r') as session: if not ldap_pass_info[2]: return self.write(dict(code=-11, msg='LDAP认证成功,但是没有找到用户邮箱,请完善!')) else: user_info = session.query(Users).filter(Users.email == ldap_pass_info[2], Users.username == username, Users.status != '10').first() if not user_info: return self.write(dict(code=-3, msg='LDAP认证通过,完善用户信息', username=ldap_pass_info[1], email=ldap_pass_info[2])) else: return self.write(dict(code=-4, msg='账号密码错误')) if 'user_info' not in dir(): return self.write(dict(code=-4, msg='账号异常')) if user_info.status != '0': return self.write(dict(code=-4, msg='账号被禁用')) is_superuser = True if user_info.superuser == '0' else False ### 如果被标记为必须动态验证切没有输入动态密钥,则跳转到二维码添加密钥的地方 ### 默认为 True, False 则全局禁用MFA mfa_global = False if convert(redis_conn.hget(const.APP_SETTINGS, const.MFA_GLOBAL)) == '1' else True if mfa_global and user_info.google_key: if not dynamic: ### 第一次不带MFA的认证 return self.write(dict(code=1, msg='跳转二次认证')) else: ### 二次认证 t_otp = pyotp.TOTP(user_info.google_key) if t_otp.now() != str(dynamic): return self.write(dict(code=-5, msg='MFA错误')) user_id = str(user_info.user_id) ### 生成token 并写入cookie token_exp_hours = redis_conn.hget(const.APP_SETTINGS, const.TOKEN_EXP_TIME) if token_exp_hours and convert(token_exp_hours): token_info = dict(user_id=user_id, username=user_info.username, nickname=user_info.nickname, email=user_info.email, is_superuser=is_superuser, exp_hours=token_exp_hours) else: token_info = dict(user_id=user_id, username=user_info.username, nickname=user_info.nickname, email=user_info.email, is_superuser=is_superuser) auth_token = AuthToken() auth_key = auth_token.encode_auth_token_v2(**token_info) login_ip_list = self.request.headers.get("X-Forwarded-For") if login_ip_list: login_ip = login_ip_list.split(",")[0] with DBContext('w', None, True) as session: session.query(Users).filter(Users.user_id == user_id).update({Users.last_ip: login_ip}) session.commit() self.set_secure_cookie("nickname", user_info.nickname) self.set_secure_cookie("username", user_info.username) self.set_secure_cookie("user_id", str(user_info.user_id)) self.set_cookie('auth_key', auth_key, expires_days=1) ### 后端权限写入缓存 my_verify = MyVerify(user_id, is_superuser) my_verify.write_verify() ### 前端权限写入缓存 # get_user_rules(user_id, is_superuser) return self.write(dict(code=0, auth_key=auth_key.decode(), username=user_info.username, nickname=user_info.nickname, msg='登录成功'))
def __init__(self, channel='task_log', **settings): if configs.can_import: configs.import_dict(**settings) self.redis_conn = cache_conn() self.channel = channel # 定义频道名称 self.__settings = settings
def patch(self, *args, **kwargs): data = json.loads(self.request.body.decode("utf-8")) list_id = data.get('list_id', None) task_group = data.get('task_group', None) task_level = data.get('task_level', None) exec_ip = data.get('exec_ip', None) hand_type = data.get('hand_type', None) if not list_id or not task_group or not task_level or not exec_ip: return self.write(dict(code=-1, msg='缺少必要参数')) if not hand_type: return self.write(dict(code=-1, msg='执行类型不能为空')) hash_key = "task_{}_{}_{}".format(list_id, task_group, exec_ip) redis_conn = cache_conn() if hand_type == "execute": s_id = data.get('scheduler_id', None) if s_id: with DBContext('w', None, True) as session: session.query(TaskSched).filter(TaskSched.sched_id == s_id).update({TaskSched.task_status: '1'}) redis_conn.hset(hash_key, task_level, '1') redis_conn.expire(hash_key, 2592000) return self.write(dict(code=0, msg='审核执行成功')) else: return self.write(dict(code=-2, msg='审批执行任务参数缺失')) elif hand_type == "restart": with DBContext('w', None, True) as session: session.query(TaskSched).filter(TaskSched.list_id == list_id, TaskSched.task_group == task_group, TaskSched.exec_ip == exec_ip, TaskSched.task_status != '5', TaskSched.task_status != '7', TaskSched.task_level >= task_level).update({TaskSched.task_status: '1'}) session.query(TaskSched).filter(TaskSched.list_id == list_id, TaskSched.task_group == task_group, TaskSched.exec_ip == exec_ip, TaskSched.task_status != '5', TaskSched.task_status != '7', TaskSched.task_level < task_level).update({TaskSched.task_status: '3'}) data_info = session.query(TaskSched.task_level, TaskSched.task_status).filter( TaskSched.list_id == list_id, TaskSched.task_group == task_group, TaskSched.exec_ip == exec_ip).all() level_status = {} for s in data_info: if s[1] not in ['5', '7']: if s[0] >= task_level: level_status[s[0]] = s[1] else: level_status[s[0]] = '3' print(level_status) redis_conn.hmset(hash_key, level_status) redis_conn.expire(hash_key, 2592000) return self.write(dict(code=0, msg='重新执行成功')) elif hand_type == "stop_one": with DBContext('w', None, True) as session: session.query(TaskSched).filter(TaskSched.list_id == list_id, TaskSched.task_group == task_group, TaskSched.exec_ip == exec_ip).update({TaskSched.task_status: '3'}) data_info = session.query(TaskSched.task_level).filter(TaskSched.list_id == list_id, TaskSched.task_group == task_group, TaskSched.exec_ip == exec_ip).all() level_status = {} for s in data_info: level_status[s[0]] = '3' redis_conn.hmset(hash_key, level_status) redis_conn.expire(hash_key, 2592000) return self.write(dict(code=0, msg='终止此组任务成功')) else: return self.write(dict(code=-5, msg='错误任务类型'))
def post(self, *args, **kwargs): data = json.loads(self.request.body.decode("utf-8")) username = data.get('username', None) nickname = data.get('nickname', None) password = data.get('password', None) department = data.get('department', None) tel = data.get('tel', None) wechat = data.get('wechat', None) no = data.get('no', None) email = data.get('email', None) if not username or not nickname or not department or not tel or not wechat or not no or not email: return self.write(dict(code=-1, msg='参数不能为空')) with DBContext('r') as session: user_info1 = session.query(Users).filter( Users.username == username).first() user_info2 = session.query(Users).filter(Users.tel == tel).first() user_info3 = session.query(Users).filter( Users.email == email).first() user_info4 = session.query(Users).filter( Users.nickname == nickname).first() if user_info1: return self.write(dict(code=-2, msg='用户名已注册')) if user_info2: return self.write(dict(code=-3, msg='手机号已注册')) if user_info3: return self.write(dict(code=-4, msg='邮箱已注册')) if user_info4: return self.write(dict(code=-4, msg='昵称已注册')) if not password: md5_password = shortuuid.uuid() password = gen_md5(md5_password) else: if not check_password(password): return self.write( dict(code=-5, msg='密码复杂度必须为: 超过8位,包含数字,大小写字母 等')) password = gen_md5(password) mfa = base64.b32encode( bytes(str(shortuuid.uuid() + shortuuid.uuid())[:-9], encoding="utf-8")).decode("utf-8") redis_conn = cache_conn() configs_init('all') config_info = redis_conn.hgetall(const.APP_SETTINGS) config_info = convert(config_info) obj = SendMail( mail_host=config_info.get(const.EMAIL_HOST), mail_port=config_info.get(const.EMAIL_PORT), mail_user=config_info.get(const.EMAIL_HOST_USER), mail_password=config_info.get(const.EMAIL_HOST_PASSWORD), mail_ssl=True if config_info.get(const.EMAIL_USE_SSL) == '1' else False, mail_tls=True if config_info.get(const.EMAIL_USE_TLS) == '1' else False) with DBContext('w', None, True) as session: session.add( Users(username=username, password=password, nickname=nickname, department=department, tel=tel, wechat=wechat, no=no, email=email, google_key=mfa, superuser='******')) obj.send_mail(email, '用户注册成功', '密码为:{} \n MFA:{}'.format(password, mfa), subtype='plain') return self.write( dict(code=0, msg='恭喜你! 注册成功,赶紧联系管理员给你添加权限吧!!!', mfa=mfa))
def post(self, *args, **kwargs): data = json.loads(self.request.body.decode("utf-8")) username = data.get('username', None) password = data.get('password', None) dynamic = data.get('dynamic', None) next_url = data.get('next_url', None) if not username or not password: return self.write(dict(code=-1, msg='账号密码不能为空')) if is_mail(username): redis_conn = cache_conn() configs_init('all') login_mail = redis_conn.hget(const.APP_SETTINGS, const.EMAILLOGIN_DOMAIN) if login_mail: if is_mail(username, login_mail.decode('utf-8')): email = username username = email.split("@")[0] email_server = redis_conn.hget( const.APP_SETTINGS, const.EMAILLOGIN_SERVER).decode('utf-8') if not email_server: return self.write(dict(code=-9, msg='请配置邮箱服务的SMTP服务地址')) if not mail_login(email, password, email_server): return self.write(dict(code=-2, msg='邮箱登陆认证失败')) with DBContext('r') as session: user_info = session.query(Users).filter( Users.email == email, Users.username == username, Users.status != '10').first() if not user_info: return self.write( dict(code=-3, msg='邮箱认证通过,请根据邮箱完善用户信息', email=email)) else: with DBContext('r') as session: user_info = session.query(Users).filter( Users.username == username, Users.password == gen_md5(password), Users.status != '10').first() if not user_info: return self.write(dict(code=-4, msg='账号密码错误')) if user_info.status != '0': return self.write(dict(code=-4, msg='账号被禁用')) if user_info.superuser == '0': is_superuser = True else: is_superuser = False ### 如果被标记为必须动态验证切没有输入动态密钥,则跳转到二维码添加密钥的地方 if user_info.google_key: totp = pyotp.TOTP(user_info.google_key) if dynamic: if totp.now() != str(dynamic): return self.write(dict(code=-5, msg='MFA错误')) else: return self.write(dict(code=-8, msg='请输入MFA')) user_id = str(user_info.user_id) ### 生成token 并写入cookie token_info = dict(user_id=user_id, username=user_info.username, nickname=user_info.nickname, is_superuser=is_superuser) auth_token = AuthToken() auth_key = auth_token.encode_auth_token(**token_info) login_ip_list = self.request.headers.get("X-Forwarded-For") if login_ip_list: login_ip = login_ip_list.split(",")[0] with DBContext('w', None, True) as session: session.query(Users).filter(Users.user_id == user_id).update( {Users.last_ip: login_ip}) self.set_secure_cookie("nickname", user_info.nickname) self.set_secure_cookie("username", user_info.username) self.set_secure_cookie("user_id", str(user_info.user_id)) self.set_cookie('auth_key', auth_key, expires_days=1) ### 后端权限写入缓存 my_verify = MyVerify(user_id) my_verify.write_verify() ### 前端权限写入缓存 get_user_rules(user_id) return self.write( dict(code=0, auth_key=auth_key.decode(encoding="utf-8"), username=user_info.username, nickname=user_info.nickname, next_url=next_url, msg='登录成功'))