Exemplo n.º 1
0
 def request_temp(self, get):
     try:
         if not hasattr(get, 'tmp_token'):
             return public.getMsg('INIT_ARGS_ERR')
         if len(get.tmp_token) != 48: return public.getMsg('INIT_ARGS_ERR')
         if not re.match(r"^\w+$", get.tmp_token):
             return public.getMsg('INIT_ARGS_ERR')
         skey = public.GetClientIp() + '_temp_login'
         if not public.get_error_num(skey, 10):
             return public.getMsg('AUTH_FAILED')
         s_time = int(time.time())
         data = public.M('temp_login').where(
             'state=? and expire>?',
             (0, s_time)).field('id,token,salt,expire').find()
         if not data:
             public.set_error_num(skey)
             return public.getMsg('VERIFICATION_FAILED')
         if not isinstance(data, dict):
             public.set_error_num(skey)
             return public.getMsg('VERIFICATION_FAILED')
         r_token = public.md5(get.tmp_token + data['salt'])
         if r_token != data['token']:
             public.set_error_num(skey)
             return public.getMsg('VERIFICATION_FAILED')
         public.set_error_num(skey, True)
         userInfo = public.M('users').where(
             "id=?", (1, )).field('id,username').find()
         session['login'] = True
         session['username'] = public.getMsg('TEMPORARY_ID', (data['id'], ))
         session['tmp_login'] = True
         session['tmp_login_id'] = str(data['id'])
         session['tmp_login_expire'] = time.time() + 3600
         session['uid'] = data['id']
         sess_path = 'data/session'
         if not os.path.exists(sess_path):
             os.makedirs(sess_path, 384)
         public.writeFile(sess_path + '/' + str(data['id']), '')
         login_addr = public.GetClientIp() + ":" + str(
             request.environ.get('REMOTE_PORT'))
         public.WriteLog('TYPE_LOGIN', 'LOGIN_SUCCESS',
                         (userInfo['username'], login_addr))
         public.M('temp_login').where('id=?', (data['id'], )).update({
             "login_time":
             s_time,
             'state':
             1,
             'login_addr':
             login_addr
         })
         self.limit_address('-')
         cache.delete('panelNum')
         cache.delete('dologin')
         sess_input_path = 'data/session_last.pl'
         public.writeFile(sess_input_path, str(int(time.time())))
         self.set_request_token()
         self.login_token()
         self.set_cdn_host(get)
         return redirect('/')
     except:
         return public.getMsg('LOGIN_FAIL')
Exemplo n.º 2
0
    def get_sk(self):
        save_path = '/www/server/panel/config/api.json'
        if not os.path.exists(save_path):
            return redirect('/login')
        try:
            api_config = json.loads(public.ReadFile(save_path))
        except:
            os.remove(save_path)
            return redirect('/login')

        if not api_config['open']:
            return redirect('/login')
        from BTPanel import get_input
        get = get_input()
        client_ip = public.GetClientIp()
        if not 'client_bind_token' in get:
            if not 'request_token' in get or not 'request_time' in get:
                return redirect('/login')

            num_key = client_ip + '_api'
            if not public.get_error_num(num_key, 20):
                return public.returnJson(False, 'AUTH_FAILED1')

            if not client_ip in api_config['limit_addr']:
                public.set_error_num(num_key)
                return public.returnJson(
                    False,
                    '%s[' % public.GetMsg("AUTH_FAILED1") + client_ip + ']')
        else:
            num_key = client_ip + '_app'
            if not public.get_error_num(num_key, 20):
                return public.returnJson(False, 'AUTH_FAILED1')
            a_file = '/dev/shm/' + get.client_bind_token
            if not os.path.exists(a_file):
                import panelApi
                if not panelApi.panelApi().get_app_find(get.client_bind_token):
                    public.set_error_num(num_key)
                    return public.returnJson(False, 'UNBOUND_DEVICE')
                public.writeFile(a_file, '')

            if not 'key' in api_config:
                public.set_error_num(num_key)
                return public.returnJson(False, 'KEY_ERR')
            if not 'form_data' in get:
                public.set_error_num(num_key)
                return public.returnJson(False, 'FORM_DATA_ERR')

            g.form_data = json.loads(
                public.aes_decrypt(get.form_data, api_config['key']))

            get = get_input()
            if not 'request_token' in get or not 'request_time' in get:
                return redirect('/login')
            g.is_aes = True
            g.aes_key = api_config['key']
        request_token = public.md5(get.request_time + api_config['token'])
        if get.request_token == request_token:
            public.set_error_num(num_key, True)
            return False
        public.set_error_num(num_key)
        return public.returnJson(False, 'SECRET_KEY_CHECK_FALSE')