def login_qrcode(self, get):
tid = public.GetRandomString(12)
qrcode_str = 'https://app.bt.cn/app.html?&panel_url=' + public.getPanelAddr(
) + '&v=' + public.GetRandomString(3) + '?login&tid=' + tid
cache.set(tid, public.get_session_id(), 360)
cache.set(public.get_session_id(), tid, 360)
return public.returnMsg(True, qrcode_str)
def login_qrcode(self, get):
tid = public.GetRandomString(12)
qrcode_str = 'https://app.bt.cn/app.html?&panel_url=' + public.getPanelAddr(
) + '&v=' + public.GetRandomString(3) + '?login&tid=' + tid
data = public.get_session_id() + ':' + str(time.time())
public.writeFile(self.app_path + "app_login_check.pl", data)
cache.set(tid, public.get_session_id(), 360)
cache.set(public.get_session_id(), tid, 360)
return public.returnMsg(True, qrcode_str)
def check_app_login(self, get):
session_id = public.get_session_id()
if cache.get(session_id) != 'True':
return public.returnMsg(
False, 'Wait for the app to scan the code and log in')
cache.delete(session_id)
userInfo = public.M('users').where("id=?",
(1, )).field('id,username').find()
session['login'] = True
session['username'] = userInfo['username']
session['tmp_login'] = True
public.WriteLog(
'TYPE_LOGIN',
'APP scan code login, account: {}, login IP: {}'.format(
userInfo['username'],
public.GetClientIp() + ":" +
str(request.environ.get('REMOTE_PORT'))))
cache.delete('panelNum')
cache.delete('dologin')
sess_input_path = 'data/session_last.pl'
public.writeFile(sess_input_path, str(int(time.time())))
login_type = 'data/app_login.pl'
self.set_request_token()
import config
config.config().reload_session()
public.writeFile(login_type, 'True')
return public.returnMsg(True, 'login successful!')
def set_login(self, get):
session_id = public.get_session_id()
if cache.get(session_id) == 'True':
return self.check_app_login(get)
if os.path.exists(self.app_path + "login.pl"):
data = public.readFile(self.app_path + 'login.pl')
public.ExecShell('rm ' + self.app_path + "login.pl")
secret_key, init_time = data.split(':')
if time.time() - float(init_time) < 60 and get[
'secret_key'] == secret_key:
sql = db.Sql()
userInfo = sql.table('users').where(
"id=?", (1, )).field('id,username,password').find()
session['login'] = True
session['username'] = userInfo['username']
cache.delete('panelNum')
cache.delete('dologin')
public.WriteLog(
'TYPE_LOGIN', 'LOGIN_SUCCESS',
('WeChat scan code login', public.GetClientIp() + ":" +
str(request.environ.get('REMOTE_PORT'))))
login_type = 'data/app_login.pl'
self.set_request_token()
import config
config.config().reload_session()
public.writeFile(login_type, 'True')
return public.returnMsg(True, 'login successful')
return public.returnMsg(False, 'Login failed')
def set_login(self, get):
session_id = public.get_session_id()
if cache.get(session_id) == 'True':
return self.check_app_login(get)
# if os.path.exists(self.app_path+"login.pl"):
# data = public.readFile(self.app_path+'login.pl')
# public.ExecShell('rm ' + self.app_path+"login.pl")
# secret_key, init_time = data.split(':')
# if time.time() - float(init_time) < 60 and get['secret_key'] == secret_key:
# sql = db.Sql()
# userInfo = sql.table('users').where(
# "id=?", (1,)).field('id,username,password').find()
# session['login'] = True
# session['username'] = userInfo['username']
# cache.delete('panelNum')
# cache.delete('dologin')
# public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS',
# ('微信扫码登录', public.GetClientIp()+ ":" + str(request.environ.get('REMOTE_PORT'))))
# login_type = 'data/app_login.pl'
# self.set_request_token()
# import config
# config.config().reload_session()
# public.writeFile(login_type,'True')
# public.login_send_body("微信小程序",userInfo['username'],public.GetClientIp(),str(request.environ.get('REMOTE_PORT')))
# return public.returnMsg(True, '登录成功')
return public.returnMsg(False, '登录失败')
def check_app_login(self, get):
#判断是否存在绑定
btapp_info = json.loads(
public.readFile('/www/server/panel/config/api.json'))
if not btapp_info: return public.returnMsg(False, 'Unbound')
if not btapp_info['open']:
return public.returnMsg(False, 'API is not turned on')
if not 'apps' in btapp_info:
return public.returnMsg(False, 'Unbound phone')
if not btapp_info['apps']:
return public.returnMsg(False, 'Unbound phone')
try:
session_id = public.get_session_id()
if not os.path.exists(self.app_path + 'app_login_check.pl'):
return public.returnMsg(False,
'Waiting for APP scan code login 1')
data = public.readFile(self.app_path + 'app_login_check.pl')
public.ExecShell('rm ' + self.app_path + "app_login_check.pl")
secret_key, init_time = data.split(':')
if len(session_id) != 64:
return public.returnMsg(False,
'Waiting for APP scan code login 2')
if len(secret_key) != 64:
return public.returnMsg(False,
'Waiting for APP scan code login 2')
if time.time() - float(init_time) > 60:
return public.returnMsg(False,
'Waiting for APP scan code login')
if session_id != secret_key:
return public.returnMsg(False,
'Waiting for APP scan code login')
cache.delete(session_id)
userInfo = public.M('users').where(
"id=?", (1, )).field('id,username').find()
session['login'] = True
session['username'] = userInfo['username']
session['tmp_login'] = True
public.WriteLog(
'TYPE_LOGIN',
'APP scan code login, account: {}, login IP: {}'.format(
userInfo['username'],
public.GetClientIp() + ":" +
str(request.environ.get('REMOTE_PORT'))))
cache.delete('panelNum')
cache.delete('dologin')
session['session_timeout'] = time.time(
) + public.get_session_timeout()
login_type = 'data/app_login.pl'
self.set_request_token()
import config
config.config().reload_session()
public.writeFile(login_type, 'True')
public.login_send_body("aaPanel Mobile", userInfo['username'],
public.GetClientIp(),
str(request.environ.get('REMOTE_PORT')))
return public.returnMsg(True, 'login successful!')
except:
return public.returnMsg(False, 'Login failed 2')
def is_scan_ok(self, get):
if os.path.exists(self.app_path + "login.pl"):
key, init_time = public.readFile(self.app_path +
'login.pl').split(':')
if time.time() - float(init_time) < 60:
return public.returnMsg(True, key)
session_id = public.get_session_id()
if cache.get(session_id) == 'True':
return public.returnMsg(True, 'Scan QRCORE successfully')
return public.returnMsg(False, '')
def check_app_login(self,get):
session_id = public.get_session_id()
if cache.get(session_id) != 'True':
return public.returnMsg(False,'等待APP扫码登录')
cache.delete(session_id)
userInfo = public.M('users').where("id=?",(1,)).field('id,username').find()
session['login'] = True
session['username'] = userInfo['username']
session['tmp_login'] = True
public.WriteLog('TYPE_LOGIN','APP扫码登录,帐号:{},登录IP:{}'.format(userInfo['username'],public.GetClientIp()+ ":" + str(request.environ.get('REMOTE_PORT'))))
cache.delete('panelNum')
cache.delete('dologin')
sess_input_path = 'data/session_last.pl'
public.writeFile(sess_input_path,str(int(time.time())))
login_type = 'data/app_login.pl'
import config
config.config().reload_session()
public.writeFile(login_type,'True')
return public.returnMsg(True,'登录成功!')
def set_login(self, get):
session_id = public.get_session_id()
if cache.get(session_id) == 'True':
return self.check_app_login(get)
return public.returnMsg(False, 'Login failed 1')
def after_request(self, response):
app = self.app or current_app
accept_encoding = request.headers.get('Accept-Encoding', '')
response.headers['Server'] = 'nginx'
response.headers['Connection'] = 'keep-alive'
if 'dologin' in g and app.config['SSL']:
try:
for k, v in request.cookies.items():
response.set_cookie(
k,
'',
expires='Thu, 01-Jan-1970 00:00:00 GMT',
path='/')
except:
pass
if 'rm_ssl' in g:
import public
try:
for k, v in request.cookies.items():
response.set_cookie(
k,
'',
expires='Thu, 01-Jan-1970 00:00:00 GMT',
path='/')
except:
pass
session_name = app.config['SESSION_COOKIE_NAME']
session_id = public.get_session_id()
response.set_cookie(session_name,
'',
expires='Thu, 01-Jan-1970 00:00:00 GMT',
path='/')
response.set_cookie(session_name,
session_id,
path='/',
max_age=86400 * 30,
httponly=True)
request_token = request.cookies.get('request_token', '')
if request_token:
response.set_cookie('request_token',
request_token,
path='/',
max_age=86400 * 30)
if (response.mimetype not in app.config['COMPRESS_MIMETYPES']
or 'gzip' not in accept_encoding.lower()
or not 200 <= response.status_code < 300 or
(response.content_length is not None
and response.content_length < app.config['COMPRESS_MIN_SIZE'])
or 'Content-Encoding' in response.headers):
return response
response.direct_passthrough = False
if self.cache:
key = self.cache_key(response)
gzip_content = self.cache.get(key) or self.compress(app, response)
self.cache.set(key, gzip_content)
else:
gzip_content = self.compress(app, response)
response.set_data(gzip_content)
response.headers['Content-Encoding'] = 'gzip'
response.headers['Content-Length'] = response.content_length
vary = response.headers.get('Vary')
if vary:
if 'accept-encoding' not in vary.lower():
response.headers['Vary'] = '{}, Accept-Encoding'.format(vary)
else:
response.headers['Vary'] = 'Accept-Encoding'
return response
