def post(self):
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
user_info = json.loads(self.request.body)
user_id = user_info['user_id']
ok, info = check.check_user_id(user_id)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
access_token = encrypt.make_cookie_secret()
action_time = utils.cur_timestamp()
session_data = {
'access_token': access_token,
'user_id': user_id,
'action_time': action_time,
'expire_time': action_time + config.expire_second
}
if db_session.update(session_data):
self.set_secure_cookie("access_token", access_token)
self.set_cookie("user_id", user_id)
ok = True
info = {}
else:
ok = False
info = u"登陆失败,请联系管理员!"
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def post(self):
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
user_info = json.loads(self.request.body)
username, password = user_info['username'], user_info['passwd']
ok, info = check.check_password(username, password)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
access_token = encrypt.make_cookie_secret()
action_time = utils.cur_timestamp()
session_data = {
'access_token': access_token,
'username': username,
'action_time': action_time,
'expire_time': action_time + config.expire_second
}
if db_session.update(session_data):
self.set_secure_cookie("access_token", access_token)
self.set_cookie("username", username)
ok = True
info = {}
else:
ok = False
info = "Login error, please contact with the system administrator"
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def post(self):
post_add_permission = '3.2.1'
post_update_permission = '3.2.2'
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
body = json.loads(self.request.body)
action, permission_data = body['action'], body['data']
if action == 'add':
local_permission_list = [self.handler_permission, self.post_permission, post_add_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if db_permission.add(permission_data):
ok = True
info = 'Add permission successful'
else:
ok = False
info = 'Add permission failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if action == 'update':
local_permission_list = [self.handler_permission, self.post_permission, post_update_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if db_permission.update(permission_data):
ok = True
info = 'Update permission successful'
else:
ok = False
info = 'Update permission failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok = False
info = 'Unsupported permission action'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def post(self):
post_add_permission = '1.2.1'
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
body = json.loads(self.request.body)
action, task_data, mailto = body['action'], body['data'], body[
'mailto']
if action == 'add':
local_permission_list = [
self.handler_permission, self.post_permission,
post_add_permission
]
ok, info, _ = verify.has_permission(self.token,
local_permission_list)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
task_data['task_id'] = uuid.uuid1().hex
task_data['create_time'] = utils.cur_timestamp()
if db_task.add(task_data):
if list(mailto):
message = task_data['creator'] + " create a new task, see in " \
"http://oms.example.com/task?task_id=" + task_data['task_id']
tornado.ioloop.IOLoop.instance().add_callback(
self.sending_mail(list(mailto), message))
ok = True
info = {'task_id': task_data['task_id']}
else:
ok = False
info = 'Add task failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok = False
info = 'Unsupported task action'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def post(self):
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
task_status = json.loads(self.request.body)['data']
print task_status
if not db_task.update(task_status):
ok = False
info = 'update task status failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok = True
info = "info = 'update task status successful"
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def post(self):
post_initialize_permission = '8.2.1'
post_install_permission = '8.2.2'
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
body = json.loads(self.request.body)
action, data = body['action'], body['data']
if action == 'initialize':
local_permission_list = [self.handler_permission, self.post_permission, post_initialize_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
tornado.ioloop.IOLoop.instance().add_callback(self.machine_initialize(data['ip']))
ok = True
info = "Initializing..."
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if action == 'install':
local_permission_list = [self.handler_permission, self.post_permission, post_install_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
tornado.ioloop.IOLoop.instance().add_callback(self.install_software(data['ip'], data['software']))
ok = True
info = 'Software installing...'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok = False
info = 'Unsupported task action'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def post(self):
post_update_file_permission = '5.2.1'
post_update_db_permission = '5.2.2'
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
body = json.loads(self.request.body)
action, data = body['action'], body['data']
excutor = self.get_cookie("username")
if action == 'update':
task = db_task.get(data['task_id'])
update_type = task['type']
local_permission_list = [
self.handler_permission, self.post_permission
]
if update_type == 'update_file':
local_permission_list = [
self.handler_permission, self.post_permission,
post_update_file_permission
]
if update_type == 'update_db':
local_permission_list = [
self.handler_permission, self.post_permission,
post_update_db_permission
]
ok, info, _ = verify.has_permission(self.token,
local_permission_list)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
if task['status'] is True:
ok = False
info = 'Task has been executed'
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
task_status = {
'task_id': task['task_id'],
'status': 1,
'start_time': utils.cur_timestamp(),
'executor': excutor
}
if not db_task.update(task_status):
ok = False
info = 'update task status failed'
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
tornado.ioloop.IOLoop.instance().add_callback(
self.salt_run_update(task))
ok = True
info = 'Execute update script successful'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if action == 'revert':
task = db_task.get(data['task_id'])
update_type = task['type']
local_permission_list = [
self.handler_permission, self.post_permission
]
if update_type == 'update_file':
local_permission_list = [
self.handler_permission, self.post_permission,
post_update_file_permission
]
if update_type == 'update_db':
local_permission_list = [
self.handler_permission, self.post_permission,
post_update_db_permission
]
ok, info, is_admin = verify.has_permission(self.token,
local_permission_list)
if not is_admin:
info = "Only admin can revert."
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
task_status = {
'task_id': task['task_id'],
'revert': 1,
'revert_time': utils.cur_timestamp()
}
if not db_task.update(task_status):
ok = False
info = 'update task status failed'
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
tornado.ioloop.IOLoop.instance().add_callback(
self.salt_run_revert(task))
ok = True
info = 'Execute revert script successful'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if action == 'get_current_version':
target = data['target']
ip = '127.0.0.1'
result = sapi.run_script([ip],
'salt://scripts/get_current_version.sh',
target)
retcode, cur_version = result[ip]['retcode'], result[ip]['stdout']
if retcode == 0:
ok = True
info = cur_version
else:
ok = False
info = u'Get version info failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok = False
info = 'Unsupported update action'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def post(self):
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
body = json.loads(self.request.body)
action, user_data = body['action'], body['data']
if action == 'add':
user_type, expiry_mouth = user_data['user_type'], user_data[
'expiry_mouth']
if 'remarks' in user_data:
remarks = user_data['remarks']
else:
remarks = ''
cur_timestamp = utils.cur_timestamp()
expiry_timestamp = int(
expiry_mouth) * 31 * 60 * 60 * 24 + cur_timestamp
if user_type == "vip":
# todo
user_id = encrypt.make_user_id()
port = db_user.get_largest_port(is_share=False) + 1
user_data = {
'user_id': user_id,
'create_time': cur_timestamp,
'expire_time': expiry_timestamp,
'port': port,
'type': user_type,
'enabled': 1,
'remarks': remarks
}
if db_user.add(user_data):
ok = True
info = u'新增用户信息成功'
else:
ok = False
info = u'新增用户信息失败'
elif user_type == "normal":
user_id = encrypt.make_user_id()
port = db_user.get_largest_port(is_share=False) + 1
user_data = {
'user_id': user_id,
'create_time': cur_timestamp,
'expire_time': expiry_timestamp,
'port': port,
'type': user_type,
'enabled': 1,
'remarks': remarks
}
if db_user.add(user_data):
count = 0
for i in range(1, 6):
sub_user_id = encrypt.make_user_id()
port = db_user.get_largest_port(is_share=True) + 1
sub_user_data = {
'user_id': sub_user_id,
'parent_id': user_id,
'create_time': cur_timestamp,
'expire_time': expiry_timestamp,
'port': port,
'type': 'share',
'enabled': 0,
'remarks': ''
}
if not db_user.add(sub_user_data):
count += 1
if count == 0:
ok = True
info = u"新增账户及子账号成功"
else:
ok = False
info = u"新增子账户失败,请检查"
else:
ok = False
info = u'新增用户信息失败'
else:
ok = False
info = "不支持的用户类型"
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if action == 'update_time':
user_id, add_mouth = user_data['user_id'], user_data['add_mouth']
user_info = db_user.get(user_id)
if user_info is not False:
cur_expire_time = user_info['expire_time']
cur_time = utils.cur_timestamp()
if cur_expire_time >= cur_time:
new_expire_time = cur_expire_time + int(
add_mouth) * 31 * 24 * 60 * 60
else:
new_expire_time = cur_time + int(
add_mouth) * 31 * 24 * 60 * 60
user_data = {
'user_id': user_id,
'expire_time': new_expire_time
}
if db_user.update(user_data):
sub_id_list = db_user.get_sub_id_list(user_id)
if sub_id_list:
count = 0
for sub_user_id in sub_id_list:
sub_user_data = {
'user_id': sub_user_id,
'expire_time': new_expire_time
}
if not db_user.update(sub_user_data):
count += 1
if count == 0:
ok = True
info = u"更新账户及子账号过期时间成功"
else:
ok = False
info = u"更新子账户过期时间失败,请检查"
else:
ok = True
info = u'更新用户过期时间成功'
else:
ok = False
info = u'更新用户过期时间失败'
else:
ok = False
info = u'获取用户信息失败'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok = False
info = u'不支持的操作类型'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def post(self):
post_add_permission = '7.2.1'
post_delete_permission = '7.2.1'
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
body = json.loads(self.request.body)
action, ssh_key_data = body['action'], body['data']
if action == 'add':
local_permission_list = [self.handler_permission, self.post_permission, post_add_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ip = ssh_key_data['ip']
ssh_key_string = db_user.get(username=ssh_key_data['username'])['ssh_key']
if ssh_key_string is None:
ok = False
info = "User ssh-key does not exist, please add first"
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
encrypt_ssh_key_info = encrypt.base64_encode(ssh_key_data['system_user'] + '@' +
ssh_key_string + " " + ssh_key_data['username'])
result = sapi.run_script([ip], 'salt://scripts/add_ssh_key.sh', encrypt_ssh_key_info)
retcode = result[ip]['retcode']
if retcode == 0:
if db_ssh_key_info.add(ssh_key_data):
ok = True
info = 'Add ssh-key successful'
else:
ok = False
info = 'Add ssh-key failed'
else:
ok = False
info = 'Add ssh-key failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if action == 'delete':
local_permission_list = [self.handler_permission, self.post_permission, post_delete_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
fail_count = 0
for ssh_key_info in ssh_key_data:
ip = ssh_key_info['ip']
encrypt_ssh_key_info = encrypt.base64_encode(ssh_key_info['system_user'] + '@' +
ssh_key_info['username'])
result = sapi.run_script([ip], 'salt://scripts/delete_ssh_key.sh', encrypt_ssh_key_info)
retcode = result[ip]['retcode']
if retcode == 0:
if db_ssh_key_info.delete(ssh_key_info['username'], ssh_key_info['ip'], ssh_key_info['system_user']):
fail_count += 0
else:
fail_count += 1
else:
fail_count += 1
if fail_count == 0:
ok = True
info = 'Delete all ssh-key info failed'
else:
ok = False
info = 'Delete some ssh-key info failed, please retry'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok = False
info = 'Unsupported ssh-key action'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def post(self):
post_add_permission = '4.2.1'
post_user_update_permission = '4.2.2'
post_admin_update_permission = '4.2.3'
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
body = json.loads(self.request.body)
action, user_data = body['action'], body['data']
if action == 'add':
local_permission_list = [
self.handler_permission, self.post_permission,
post_add_permission
]
ok, info, _ = verify.has_permission(self.token,
local_permission_list)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
ok, info = check.check_user_input(user_data)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
user_data['salt'], user_data['passwd'] = encrypt.md5_salt(
user_data['passwd'])
if db_user.add(user_data):
ok = True
info = 'Add user successful'
else:
ok = False
info = 'Add user failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if action == 'update':
local_permission_list = [
self.handler_permission, self.post_permission,
post_user_update_permission
]
ok, info, _ = verify.has_permission(self.token,
local_permission_list)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
ok, info = check.check_user_input(user_data)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
if 'old_passwd' in user_data:
ok, info = check.check_password(user_data['username'],
user_data['old_passwd'])
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
user_data['salt'], user_data['passwd'] = encrypt.md5_salt(
user_data['new_passwd'])
if db_user.update(user_data):
ok = True
info = 'Update password successful'
else:
ok = False
info = 'Update password failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
# update user info without verify password, by admin
if action == 'update_all':
local_permission_list = [
self.handler_permission, self.post_permission,
post_admin_update_permission
]
ok, info, _ = verify.has_permission(self.token,
local_permission_list)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
if user_data['passwd'] == "":
user_data.pop('passwd')
ok, info = check.check_user_input(user_data)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
if 'passwd' in user_data:
user_data['salt'], user_data['passwd'] = encrypt.md5_salt(
user_data['passwd'])
if db_user.update(user_data):
ok = True
info = 'Update user info successful'
else:
ok = False
info = 'Update user info failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok = False
info = 'Unsupported user action'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
