def run(self): source_ip = self.params['SourceIP'] operator = self.params['Operator'] if not netutil.is_valid_ip(source_ip): res = sc(code.ParamError) raise gen.Return(res) data_info = {} data_info['BlockListData'] = [] data_status = {} thread_list = [] fw_list = self.application.firewalllist if operator == 'bgp' else [ self.application.ccfirewall, operator ] for i in fw_list: t = MyThread(self.select_block, args=(i, source_ip)) thread_list.append(t) for t in thread_list: t.start() for t in thread_list: t.join() for index, item in enumerate(thread_list): data_status[fw_list[index]] = item.get_result() for k, v in data_status.items(): data_info['BlockListData'].append({k: v}) res = sc(code.Success) res.redata = data_info raise gen.Return(res)
def _apply_xheaders(self, headers): """Rewrite the ``remote_ip`` and ``protocol`` fields.""" # 1. X-Forwarded-For: 记录一个请求从客户端出发到目标服务器过程中经历的代理或 # 者负载平衡设备的IP。最早由 Squid 的开发人员引入,现已成为事实上的标准被广泛使用。 # 一般格式为: client1, proxy1, proxy2,其中的值通过一个 “逗号+空格” 把多 # 个 IP 地址分开,最左边(client1)是最原始客户端的IP地址, 代理服务器每成功收到 # 一个请求,就把请求来源 IP 地址添加到右边(所以最后一个代理的 IP 不在该字段中,但 # 可以通过 socket.getpeername() 获取,这个 Ip 是可靠的,伪造 Ip 的是无法通过 # TCP 三次握手的)。 # # 2. X-Real-Ip:不是标准的 Http 头,不过 Nginx 在使用。通常被 HTTP 代理用来 # 表示与它产生 TCP 连接的设备 IP,这个设备可能是其他代理,也可能是真正的请求端。 # # 3. 经过 Nginx 的 Http 请求,X-Forwarded-For 的最后一个 Ip 与 X-Real-Ip # 是相同的,记录的是直接与 Nginx 建立连接的端 Ip。 # # 4. 安全问题:伪造 X-Forwarded-For 字段很容易,所以使用该字段信息时要格外注意。 # 通常 X-Forwarded-For 是最后一个IP地址是最后一个代理服务器的IP地址,这通常是一 # 个比较可靠的信息来源。 # # Squid uses X-Forwarded-For, others use X-Real-Ip ip = headers.get("X-Forwarded-For", self.remote_ip) ip = ip.split(',')[-1].strip() ip = headers.get("X-Real-Ip", ip) if netutil.is_valid_ip(ip): self.remote_ip = ip # AWS uses X-Forwarded-Proto proto_header = headers.get( "X-Scheme", headers.get("X-Forwarded-Proto", self.protocol)) if proto_header in ("http", "https"): self.protocol = proto_header
def __init__(self, application, request, **kwargs): """ Constructor :param application: :param request: :param kwargs: """ self._redis = application.settings['redis'] self._session = application.settings['db'] self._endpoints = application.settings['endpoints'] self._handler_docs = application.settings['handler_docs'] self._handler_validators = application.settings['handler_validators'] self._custom_response_headers = application.settings['custom_response_headers'] self._permissions = application.settings['permissions'] self._thread_pool = application.settings['thread_pool'] self._url_parser = lambda x: True self._human_route = '' """Expire sql alchemy inner cache when initializing BaseHandler for incoming client""" if options.expire_on_connect: self._session.expire_all() super(BaseHandler, self).__init__(application, request, **kwargs) # added support for x-forwarded-for header in tornado web logs for client ip forwarded_ip = self.request.headers.get("X-Forwarded-For", self.request.remote_ip) if is_valid_ip(forwarded_ip): self.request.remote_ip = forwarded_ip
def resolve( self, host: str, port: int, family: int = 0) -> "Generator[Any, Any, List[Tuple[int, Any]]]": if is_valid_ip(host): addresses = [host] else: # gethostbyname doesn't take callback as a kwarg fut = Future() # type: Future[Tuple[Any, Any]] self.channel.gethostbyname( host, family, lambda result, error: fut.set_result( (result, error))) result, error = yield fut if error: raise IOError( "C-Ares returned error %s: %s while resolving %s" % (error, pycares.errno.strerror(error), host)) addresses = result.addresses addrinfo = [] for address in addresses: if "." in address: address_family = socket.AF_INET elif ":" in address: address_family = socket.AF_INET6 else: address_family = socket.AF_UNSPEC if family != socket.AF_UNSPEC and family != address_family: raise IOError("Requested socket family %d but got %d" % (family, address_family)) addrinfo.append((typing.cast(int, address_family), (address, port))) return addrinfo
def resolve(self, host, port, family=0): if is_valid_ip(host): addresses = [host] else: # gethostbyname doesn't take callback as a kwarg fut = Future() self.channel.gethostbyname( host, family, lambda result, error: fut.set_result( (result, error))) result, error = yield fut if error: raise IOError( 'C-Ares returned error %s: %s while resolving %s' % (error, pycares.errno.strerror(error), host)) addresses = result.addresses addrinfo = [] for address in addresses: if '.' in address: address_family = socket.AF_INET elif ':' in address: address_family = socket.AF_INET6 else: address_family = socket.AF_UNSPEC if family != socket.AF_UNSPEC and family != address_family: raise IOError('Requested socket family %d but got %d' % (family, address_family)) addrinfo.append((address_family, (address, port))) raise gen.Return(addrinfo)
def resolve(self, host, port, family=0): if is_valid_ip(host): addresses = [host] else: # gethostbyname doesn't take callback as a kwarg fut = Future() self.channel.gethostbyname(host, family, lambda result, error: fut.set_result((result, error))) result, error = yield fut if error: raise IOError('C-Ares returned error %s: %s while resolving %s' % (error, pycares.errno.strerror(error), host)) addresses = result.addresses addrinfo = [] for address in addresses: if '.' in address: address_family = socket.AF_INET elif ':' in address: address_family = socket.AF_INET6 else: address_family = socket.AF_UNSPEC if family != socket.AF_UNSPEC and family != address_family: raise IOError('Requested socket family %d but got %d' % (family, address_family)) addrinfo.append((address_family, (address, port))) raise gen.Return(addrinfo)
def resolve(self, host, port, family=0): if is_valid_ip(host): addresses = [host] else: # gethostbyname doesn't take callback as a kwarg self.channel.gethostbyname(host, family, (yield gen.Callback(1))) callback_args = yield gen.Wait(1) assert isinstance(callback_args, gen.Arguments) assert not callback_args.kwargs result, error = callback_args.args if error: raise IOError('C-Ares returned error %s: %s while resolving %s' % (error, pycares.errno.strerror(error), host)) addresses = result.addresses addrinfo = [] for address in addresses: if '.' in address: address_family = socket.AF_INET elif ':' in address: address_family = socket.AF_INET6 else: address_family = socket.AF_UNSPEC if family != socket.AF_UNSPEC and family != address_family: raise IOError('Requested socket family %d but got %d' % (family, address_family)) addrinfo.append((address_family, (address, port))) raise gen.Return(addrinfo)
def run(self): operator = self.params['Operator'] hostname = self.params['Hostname'] data_info = {} if not netutil.is_valid_ip(hostname): res = sc(code.ParamError) res.result = res.result % hostname raise gen.Return(res) thread_list = [] data_status = {} fw_list = self.application.firewalllist if operator == 'bgp' else [ self.application.ccfirewall, operator ] for i in fw_list: t = MyThread(self.select_ip, args=(i, hostname)) thread_list.append(t) for t in thread_list: t.start() for t in thread_list: t.join() for index, item in enumerate(thread_list): data_status[fw_list[index]] = item.get_result() print(data_status) for k, v in data_status.items(): if '白' not in v: data_info['DescribeIPFirewallList'] = operator + ':IP不在白名单' break else: data_info['DescribeIPFirewallList'] = operator + ':IP在白名单' res = sc(code.Success) res.redata = data_info raise gen.Return(res)
def __init__(self, method, uri, version="HTTP/1.0", headers=None, body=None, remote_ip=None, protocol=None, host=None, files=None, connection=None): self.method = method self.uri = uri self.version = version self.headers = headers or httputil.HTTPHeaders() self.body = body or "" self.trace = None # set remote IP and protocol self.remote_ip = remote_ip if protocol: self.protocol = protocol elif connection and isinstance(connection.stream, iostream.SSLIOStream): self.protocol = "https" else: self.protocol = "http" # xheaders can override the defaults if connection and connection.xheaders: # Squid uses X-Forwarded-For, others use X-Real-Ip ip = self.headers.get("X-Forwarded-For", self.remote_ip) ip = ip.split(',')[-1].strip() ip = self.headers.get( "X-Real-Ip", ip) if netutil.is_valid_ip(ip): self.remote_ip = ip # AWS uses X-Forwarded-Proto proto = self.headers.get( "X-Scheme", self.headers.get("X-Forwarded-Proto", self.protocol)) if proto in ("http", "https"): self.protocol = proto # Zipkin users if options.server_trace: parent_span_id = self.headers.get("X-B3-ParentSpanId", None) trace_id = self.headers.get("X-B3-TraceId", None) span_id = self.headers.get("X-B3-SpanId", None) name = method endpoint = Endpoint(ipv4=socket.gethostbyname(socket.gethostname()), port=port, service_name=service_name) self.trace = Trace(name=name, trace_id=trace_id, span_id=span_id, parent_span_id=parent_span_id) self.trace.set_endpoint(endpoint) self.host = host or self.headers.get("Host") or "127.0.0.1" self.files = files or {} self.connection = connection self._start_time = time.time() self._finish_time = None self.path, sep, self.query = uri.partition('?') self.arguments = parse_qs_bytes(self.query, keep_blank_values=True) self.query_arguments = copy.deepcopy(self.arguments) self.body_arguments = {} if options.server_trace: self.trace.record(Annotation.string('Url', uri)) self.trace.record(Annotation.string('Header', self.headers)) self.trace.record(Annotation.server_recv())
def _apply_xheaders(self, headers): """Rewrite the ``remote_ip`` and ``protocol`` fields.""" # 1. X-Forwarded-For: 记录一个请求从客户端出发到目标服务器过程中经历的代理或 # 者负载平衡设备的IP。最早由 Squid 的开发人员引入,现已成为事实上的标准被广泛使用。 # 一般格式为: client1, proxy1, proxy2,其中的值通过一个 “逗号+空格” 把多 # 个 IP 地址分开,最左边(client1)是最原始客户端的IP地址, 代理服务器每成功收到 # 一个请求,就把请求来源 IP 地址添加到右边(所以最后一个代理的 IP 不在该字段中,但 # 可以通过 socket.getpeername() 获取,这个 Ip 是可靠的,伪造 Ip 的是无法通过 # TCP 三次握手的)。 # # 2. X-Real-Ip:不是标准的 Http 头,不过 Nginx 在使用。通常被 HTTP 代理用来 # 表示与它产生 TCP 连接的设备 IP,这个设备可能是其他代理,也可能是真正的请求端。 # # 3. 经过 Nginx 的 Http 请求,X-Forwarded-For 的最后一个 Ip 与 X-Real-Ip # 是相同的,记录的是直接与 Nginx 建立连接的端 Ip。 # # 4. 安全问题:伪造 X-Forwarded-For 字段很容易,所以使用该字段信息时要格外注意。 # 通常 X-Forwarded-For 是最后一个IP地址是最后一个代理服务器的IP地址,这通常是一 # 个比较可靠的信息来源。 # # Squid uses X-Forwarded-For, others use X-Real-Ip ip = headers.get("X-Forwarded-For", self.remote_ip) ip = ip.split(",")[-1].strip() ip = headers.get("X-Real-Ip", ip) if netutil.is_valid_ip(ip): self.remote_ip = ip # AWS uses X-Forwarded-Proto proto_header = headers.get("X-Scheme", headers.get("X-Forwarded-Proto", self.protocol)) if proto_header in ("http", "https"): self.protocol = proto_header
def resolve(self, host, port, family=0, callback=None): if is_valid_ip(host): addresses = [host] else: # gethostbyname doesn't take callback as a kwarg self.channel.gethostbyname(host, family, (yield gen.Callback(1))) callback_args = yield gen.Wait(1) assert isinstance(callback_args, gen.Arguments) assert not callback_args.kwargs result, error = callback_args.args if error: raise Exception('C-Ares returned error %s: %s while resolving %s' % (error, pycares.errno.strerror(error), host)) addresses = result.addresses addrinfo = [] for address in addresses: if '.' in address: address_family = socket.AF_INET elif ':' in address: address_family = socket.AF_INET6 else: address_family = socket.AF_UNSPEC if family != socket.AF_UNSPEC and family != address_family: raise Exception('Requested socket family %d but got %d' % (family, address_family)) addrinfo.append((address_family, (address, port))) callback(addrinfo)
def test_is_valid_ip(self): self.assertTrue(is_valid_ip('127.0.0.1')) self.assertTrue(is_valid_ip('4.4.4.4')) self.assertTrue(is_valid_ip('::1')) self.assertTrue(is_valid_ip('2620:0:1cfe:face:b00c::3')) self.assertTrue(not is_valid_ip('www.google.com')) self.assertTrue(not is_valid_ip('localhost')) self.assertTrue(not is_valid_ip('4.4.4.4<')) self.assertTrue(not is_valid_ip(' 127.0.0.1'))
def delete_white_list(operator, hostname): zhifirewalllist = ['ctc', 'cmcc'] firewall = ZhiFirewall( operator) if operator in zhifirewalllist else Firewall(operator) if netutil.is_valid_ip(hostname) is True: return firewall.del_white_list(hostname) else: return firewall.del_domain_name(hostname)
def run(self): source_ip = self.params['SourceIP'] remote_ip = self.params['RemoteIP'] operator = self.params['Operator'] user_org = self.params['AccessKeyId'] user_end = self.params[ 'IPUserID'] if 'IPUserID' in self.params else None ts = self.application.ts_begin if not (netutil.is_valid_ip(source_ip) and netutil.is_valid_ip(remote_ip)): res = sc(code.ParamError) raise gen.Return(res) data_info = {} data_info['ResetBlockIPData'] = [] data_status = {} thread_list = [] condition = 0 fw_list = self.application.firewalllist if operator == 'bgp' else [ self.application.ccfirewall, operator ] for i in fw_list: t = MyThread(self.reset_block, args=(i, source_ip)) thread_list.append(t) for t in thread_list: t.start() for t in thread_list: t.join() for index, item in enumerate(thread_list): data_status[fw_list[index]] = item.get_result() for k, v in data_status.items(): if v != 200: condition = '' if isinstance(condition, int): data_info['ResetBlockIPData'] = operator + ':屏蔽列表已重置' res = sc(code.Success) res.redata = data_info else: res = sc(code.ChangeFail) res.result = res.result % {operator + ':屏蔽列表重置失败'} raise gen.Return(res)
def _apply_xheaders(self, headers): """Rewrite the ``remote_ip`` and ``protocol`` fields.""" # Squid uses X-Forwarded-For, others use X-Real-Ip ip = headers.get("X-Forwarded-For", self.remote_ip) ip = ip.split(",")[-1].strip() ip = headers.get("X-Real-Ip", ip) if netutil.is_valid_ip(ip): self.remote_ip = ip # AWS uses X-Forwarded-Proto proto_header = headers.get("X-Scheme", headers.get("X-Forwarded-Proto", self.protocol)) if proto_header in ("http", "https"): self.protocol = proto_header
def __init__(self, method, uri, version="HTTP/1.0", headers=None, body=None, remote_ip=None, protocol=None, host=None, files=None, connection=None): self.method = method self.uri = uri self.version = version self.headers = headers or httputil.HTTPHeaders() self.body = body or "" # set remote IP and protocol self.remote_ip = remote_ip if protocol: self.protocol = protocol elif connection and isinstance(connection.stream, iostream.SSLIOStream): self.protocol = "https" else: self.protocol = "http" # xheaders can override the defaults if connection and connection.xheaders: # Squid uses X-Forwarded-For, others use X-Real-Ip ip = self.headers.get("X-Forwarded-For", self.remote_ip) ip = ip.split(',')[-1].strip() ip = self.headers.get("X-Real-Ip", ip) if netutil.is_valid_ip(ip): self.remote_ip = ip # AWS uses X-Forwarded-Proto proto = self.headers.get( "X-Scheme", self.headers.get("X-Forwarded-Proto", self.protocol)) if proto in ("http", "https"): self.protocol = proto self.host = host or self.headers.get("Host") or "127.0.0.1" self.files = files or {} self.connection = connection self._start_time = time.time() self._finish_time = None self.path, sep, self.query = uri.partition('?') self.arguments = parse_qs_bytes(self.query, keep_blank_values=True) self.query_arguments = copy.deepcopy(self.arguments) self.body_arguments = {}
def _apply_xheaders(self, headers): """Rewrite the ``remote_ip`` and ``protocol`` fields.""" # Squid uses X-Forwarded-For, others use X-Real-Ip ip = headers.get("X-Forwarded-For", self.remote_ip) ip = ip.split(',')[-1].strip() ip = headers.get("X-Real-Ip", ip) if netutil.is_valid_ip(ip): self.remote_ip = ip # AWS uses X-Forwarded-Proto proto_header = headers.get( "X-Scheme", headers.get("X-Forwarded-Proto", self.protocol)) if proto_header in ("http", "https"): self.protocol = proto_header
def __init__( self, method, uri, version="HTTP/1.0", headers=None, body=None, remote_ip=None, protocol=None, host=None, files=None, connection=None, ): self.method = method self.uri = uri self.version = version self.headers = headers or httputil.HTTPHeaders() self.body = body or "" # set remote IP and protocol self.remote_ip = remote_ip if protocol: self.protocol = protocol elif connection and isinstance(connection.stream, iostream.SSLIOStream): self.protocol = "https" else: self.protocol = "http" # xheaders can override the defaults if connection and connection.xheaders: # Squid uses X-Forwarded-For, others use X-Real-Ip ip = self.headers.get("X-Forwarded-For", self.remote_ip) ip = ip.split(",")[-1].strip() ip = self.headers.get("X-Real-Ip", ip) if netutil.is_valid_ip(ip): self.remote_ip = ip # AWS uses X-Forwarded-Proto proto = self.headers.get("X-Scheme", self.headers.get("X-Forwarded-Proto", self.protocol)) if proto in ("http", "https"): self.protocol = proto self.host = host or self.headers.get("Host") or "127.0.0.1" self.files = files or {} self.connection = connection self._start_time = time.time() self._finish_time = None self.path, sep, self.query = uri.partition("?") self.arguments = parse_qs_bytes(self.query, keep_blank_values=True) self.query_arguments = copy.deepcopy(self.arguments) self.body_arguments = {}
def whois_query(self, name, server): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) stream = iostream.IOStream(sock) logging.debug("Requesting {} whois for {}".format(server, name)) if self.resolver and not netutil.is_valid_ip(server): server = yield self._get_ip_by_name(server) yield stream.connect((server, self.whois_port)) yield stream.write("{}\r\n".format(name)) data = yield stream.read_until_close() raise gen.Return(data)
def __init__(self, method, uri, version="HTTP/1.0", headers=None, body=None, remote_ip=None, protocol=None, host=None, files=None, connection=None): # 简单提一下 HTTPRequest。它是【客户端请求的代表】,它携带了所有和客户端请求的信息, # 因为 application 的回调__call__方法【只】接收 request 参数, # 当然是把所有信息包在其中。另外,由于服务器只把 request 对象暴露给 application 的回调, # 因此request 对象还需要提供 write,finish 方法来提供服务, # 其实就是对 HTTPConnection 对象的【封装调用】。其它也没什么了。 self.method = method self.uri = uri self.version = version self.headers = headers or httputil.HTTPHeaders() self.body = body or "" # set remote IP and protocol self.remote_ip = remote_ip if protocol: self.protocol = protocol elif connection and isinstance(connection.stream, iostream.SSLIOStream): self.protocol = "https" else: self.protocol = "http" # xheaders can override the defaults if connection and connection.xheaders: # Squid uses X-Forwarded-For, others use X-Real-Ip ip = self.headers.get("X-Forwarded-For", self.remote_ip) ip = ip.split(',')[-1].strip() ip = self.headers.get( "X-Real-Ip", ip) if netutil.is_valid_ip(ip): self.remote_ip = ip # AWS uses X-Forwarded-Proto proto = self.headers.get( "X-Scheme", self.headers.get("X-Forwarded-Proto", self.protocol)) if proto in ("http", "https"): self.protocol = proto self.host = host or self.headers.get("Host") or "127.0.0.1" self.files = files or {} self.connection = connection self._start_time = time.time() self._finish_time = None self.path, sep, self.query = uri.partition('?') self.arguments = parse_qs_bytes(self.query, keep_blank_values=True)
def _apply_xheaders(self, headers): """Rewrite the ``remote_ip`` and ``protocol`` fields.""" # Squid uses X-Forwarded-For, others use X-Real-Ip ip = headers.get("X-Forwarded-For", self.remote_ip) # Skip trusted downstream hosts in X-Forwarded-For list for ip in (cand.strip() for cand in reversed(ip.split(','))): if ip not in self.trusted_downstream: break ip = headers.get("X-Real-Ip", ip) if netutil.is_valid_ip(ip): self.remote_ip = ip # AWS uses X-Forwarded-Proto proto_header = headers.get( "X-Scheme", headers.get("X-Forwarded-Proto", self.protocol)) if proto_header in ("http", "https"): self.protocol = proto_header
def checkIP(self): k = 'IP' ip_r = [] if k in self.params: v = self.get_argument(k) for ip in v.split(','): if netutil.is_valid_ip(ip): ip_r.append(ip) if ip_r: return True else: res = sc(code.ParamError) res.result = res.result % v return res else: return True
def remote_ip(self): """We don't use Tornado ``HTTPServerRequest.remote_ip`` directly, cause this value depend on ``HTTPServer.xheaders`` setting. Gunicorn recent change (http://docs.gunicorn.org/en/latest/news.html#tornado-worker) make us cannot set this setting. So we first get remote IP from header. """ # get remote IP from XFF hdr, fallback to request.remote_ip remote_ip = self.request.headers.get("X-Forwarded-For", self.request.remote_ip) remote_ip = remote_ip.split(',')[0].strip() # prefer to get remote IP from X-Real-IP hdr, fallback to XFF IP remote_ip = self.request.headers.get("X-Real-Ip", remote_ip) remote_ip = remote_ip.split(',')[0].strip() if is_valid_ip(remote_ip): return remote_ip return self.request.remote_ip
def _apply_xheaders(self, headers: httputil.HTTPHeaders) -> None: """Rewrite the ``remote_ip`` and ``protocol`` fields.""" # Squid uses X-Forwarded-For, others use X-Real-Ip ip = headers.get("X-Forwarded-For", self.remote_ip) # Skip trusted downstream hosts in X-Forwarded-For list for ip in (cand.strip() for cand in reversed(ip.split(","))): if ip not in self.trusted_downstream: break ip = headers.get("X-Real-Ip", ip) if netutil.is_valid_ip(ip): self.remote_ip = ip # AWS uses X-Forwarded-Proto proto_header = headers.get( "X-Scheme", headers.get("X-Forwarded-Proto", self.protocol)) if proto_header: # use only the last proto entry if there is more than one # TODO: support trusting mutiple layers of proxied protocol proto_header = proto_header.split(",")[-1].strip() if proto_header in ("http", "https"): self.protocol = proto_header
def _apply_xheaders(self, headers): """Rewrite the ``remote_ip`` and ``protocol`` fields.""" # Squid uses X-Forwarded-For, others use X-Real-Ip ip = headers.get("X-Forwarded-For", self.remote_ip) # Skip trusted downstream hosts in X-Forwarded-For list for ip in (cand.strip() for cand in reversed(ip.split(','))): if ip not in self.trusted_downstream: break ip = headers.get("X-Real-Ip", ip) if netutil.is_valid_ip(ip): self.remote_ip = ip # AWS uses X-Forwarded-Proto proto_header = headers.get( "X-Scheme", headers.get("X-Forwarded-Proto", self.protocol)) if proto_header: # use only the last proto entry if there is more than one # TODO: support trusting mutiple layers of proxied protocol proto_header = proto_header.split(',')[-1].strip() if proto_header in ("http", "https"): self.protocol = proto_header
def get_real_client_addr(self, xffirst=False): ip = self.request.remote_ip if ip == self.request.headers.get('X-Real-Ip'): port = self.request.headers.get('X-Real-Port') else: ips = self.request.headers.get('X-Forwarded-For', '') if not ips: return if not xffirst: if ip not in ips: return else: ip = ips.split(',')[0].strip() if not netutil.is_valid_ip(ip): return port = self.request.headers.get('X-Forwarded-Port') port = to_int(port) if port is None or not is_valid_port(port): # fake port port = 65535 return (ip, port)
def run(self): ts = self.application.ts_begin ip = self.params['IP'] user_org = self.params['AccessKeyId'] user_end = self.params[ 'IPUserID'] if 'IPUserID' in self.params else None configs = urllib.parse.unquote(self.params['Configs']) self.application.logger.info(self.params['Configs']) self.application.logger.info(configs) if len(ip.split(',')) > 1: res = sc(code.ParamError) raise gen.Return(res) configs_dict = eval(configs) serialuuid = 'SLBSevenLayer-' + str(uuid.uuid1()) seven_layer_info = {} seven_layer_info['uuid'] = serialuuid seven_layer_info['ip'] = self.makeinet(ip) seven_layer_info['configtype'] = 'New' # parames['Configs'] = urllib.unquote(parames['Configs']) seven_layer_info['cts'] = ts seven_layer_info['uts'] = ts for config in configs_dict: try: a_type = config['Type'] domain = config['Domain'] cname = config['Cname'] if 'Cname' in config else '' protocol = config['Protocol'] port = config['Port'] publickey = config['PublicKey'] if 'PublicKey' in config else '' privatekey = config[ 'PrivateKey'] if 'PrivateKey' in config else '' sourceips = config['SourceIPs'] seven_layer_info['types'] = a_type seven_layer_info['domains'] = domain seven_layer_info['cname'] = cname seven_layer_info['protocol'] = protocol seven_layer_info['port'] = port seven_layer_info['publickey'] = publickey seven_layer_info['privatekey'] = privatekey seven_layer_info['sourceips'] = sourceips except Exception as e: self.application.logger.info(e) res = sc(code.ParamError) res.result = res.result % config raise gen.Return(res) # check config if a_type not in ['Site', 'App']: res = sc(code.ParamError) res.result = res.result % a_type raise gen.Return(res) if protocol not in ['HTTP', 'HTTPS']: res = sc(code.ParamError) res.result = res.result % protocol raise gen.Return(res) try: int(port) if not re.match('^\d{1,5}$', port): res = sc(code.ParamError) res.result = res.result % port raise gen.Return(res) if int(port) < 0 or int(port) > 65536: res = sc(code.ParamError) res.result = res.result % port raise gen.Return(res) except Exception as e: self.application.logger.info(e) res = sc(code.ParamError) res.result = res.result % port raise gen.Return(res) sourceips_check = re.findall(r'\d+.\d+.\d+.\d+', str(sourceips.split(","))) for i in sourceips_check: if not netutil.is_valid_ip(i): res = sc(code.ParamError) res.result = res.result % sourceips raise gen.Return(res) sql = "SELECT COUNT(0) FROM t_slb_seven_layer WHERE ip=%s AND domains=%s AND port=%s AND configtype in ('New','Mod')" duplicate = self.application.dbcur.queryone( sql, ( ip, domain, port, ))[0] if duplicate: res = sc(code.SLBConfDuplicate) res.result = res.result % (ip + ':' + port) raise gen.Return(res) if protocol == 'HTTP': nginx_conf_lines = 'upstream ' + domain + ' {\n' default_port = '80' else: nginx_conf_lines = 'upstream ' + domain + '_443 {\n' default_port = '443' try: for sourceip in sourceips.split(','): if re.findall(':', sourceip): sourceip_ip, sourceip_port = sourceip.split(':') int(sourceip_port) if not re.match('^\d{1,5}$', sourceip_port): res = sc(code.ParamError) res.result = res.result % sourceip_port raise gen.Return(res) if int(sourceip_port) < 0 or int( sourceip_port) > 65536: res = sc(code.ParamError) res.result = res.result % sourceip_port raise gen.Return(res) else: sourceip = sourceip + ':' + default_port nginx_conf_lines += '\tserver ' + sourceip + ';\n' nginx_conf_lines += '}\n' except Exception as e: res = sc(code.ParamError) res.result = res.result % sourceips raise gen.Return(res) data = self.application.dbcur.queryall_dict( 'select name,value,type,idx from t_sys_parameter') sys_parameter = { ret['name'] + ret['idx']: { ret['idx']: ret['value'] } for ret in data } remoteser = RemoteOper(hostname=ip) res = remoteser.init_remote() if isinstance(res, sc): raise gen.Return(res) if platform.system() == 'Windows': with open( 'C:\Temp' + str(uuid.uuid1()) + str(ip) + str(port) + '.conf', 'w') as nginx_file: nginx_file.write(nginx_conf_lines) else: with open( '/tmp/' + str(uuid.uuid1()) + str(ip) + str(port) + '.conf', 'w') as nginx_file: nginx_file.write(nginx_conf_lines) if protocol == 'HTTP': REMOTE_FILE = os.path.join( sys_parameter['SLBConfigWrokDir' + 'HTTP']['HTTP'], str(domain) + '.conf') else: REMOTE_FILE = os.path.join( sys_parameter['SLBConfigWrokDir' + 'HTTP']['HTTP'], str(domain) + '_443.conf') res = remoteser.put_file(nginx_file.name, REMOTE_FILE) os.remove(nginx_file.name) if os.path.isfile(nginx_file.name) else None if isinstance(res, sc): raise gen.Return(res) seven_layer_info['cfgfile'] = REMOTE_FILE # check nginx conf file stdin, stdout, stderr = remoteser.exec_cmd( sys_parameter['SLBNginxCMD' + 'HTTP']['HTTP'] + ' -t -c ' + sys_parameter['SLBConfigMainConfig' + 'HTTP']['HTTP']) execret = stdout.readlines() + stderr.readlines() # with open('C:\Temp\seven.log', 'w') as seven: with open('/tmp/seven.log', 'w') as seven: seven.write(str(ts) + '\r\n') seven.write(str(stdin) + '\r\n') seven.write(str(nginx_file) + '\r\n') seven.write(str(execret) + '\r\n') remoteser.put_file(seven.name, '/logs/nginx/new_seven.log') remoteser.exec_cmd( 'cat /logs/nginx/new_seven.log >> /logs/nginx/seven.log') os.remove(seven.name) if os.path.isfile(seven.name) else None if not [x for x in execret if 'successful' in x]: res = sc(code.SLBConfCheckFaile) res.result = res.result % (str(execret) + ip) remoteser.file.remove(REMOTE_FILE) return res # https key files if protocol == 'HTTPS': httpspublickey = sys_parameter['HTTPSPublicKey' + 'Default']['Default'] httpsprivatekey = sys_parameter['HTTPSPrivateKey' + 'Default']['Default'] if platform.system() == 'Windows': with open( 'C:\Temp' + str(uuid.uuid1()) + str(ip) + str(port) + '.conf', 'w') as httpspublickeyfile: httpspublickeyfile.write(publickey) with open( 'C:\Temp' + str(uuid.uuid1()) + str(ip) + str(port) + '.conf', 'w') as httpsprivatekeyfile: httpsprivatekeyfile.write(privatekey) elif platform.system() == 'Linux': with open( '/tmp/' + str(uuid.uuid1()) + str(ip) + str(port) + '.conf', 'w') as httpspublickeyfile: httpspublickeyfile.write(publickey) with open( '/tmp/' + str(uuid.uuid1()) + str(ip) + str(port) + '.conf', 'w') as httpsprivatekeyfile: httpsprivatekeyfile.write(privatekey) res = remoteser.put_file(httpspublickeyfile.name, httpspublickey) os.remove(httpspublickeyfile.name) if os.path.isfile( httpspublickeyfile.name) else None if isinstance(res, sc): raise gen.Return(res) res = remoteser.put_file(httpsprivatekeyfile.name, httpsprivatekey) os.remove(httpsprivatekeyfile.name) if os.path.isfile( httpsprivatekeyfile.name) else None if isinstance(res, sc): raise gen.Return(res) # restart|reload nginx stdin, stdout, stderr = remoteser.exec_cmd( sys_parameter['SLBNginxRESTART' + 'HTTP']['HTTP']) execret = stdout.readlines() + stderr.readlines() # with open('C:\Temp\seven.log', 'w') as seven: with open('/tmp/new_seven.log', 'w') as seven: seven.write(str(ts) + '\r\n') seven.write(str(stdin) + '\r\n') seven.write(str(execret) + '\r\n') remoteser.put_file(seven.name, '/logs/nginx/new_seven.log') remoteser.exec_cmd( 'cat /logs/nginx/new_seven.log >> /logs/nginx/seven.log') os.remove(seven.name) if os.path.isfile(seven.name) else None self.application.dbcur.insert_dict('t_slb_seven_layer', seven_layer_info) data_info = {} data_info['SevenLayerAntiConfigInfo'] = {'UUID': str(serialuuid)} res = sc(code.Success) res.result = 'Success' res.redata = data_info raise gen.Return(res)
async def run(self) -> None: try: self.parsed = urllib.parse.urlsplit(_unicode(self.request.url)) if self.parsed.scheme not in ("http", "https"): raise ValueError("Unsupported url scheme: %s" % self.request.url) # urlsplit results have hostname and port results, but they # didn't support ipv6 literals until python 2.7. netloc = self.parsed.netloc if "@" in netloc: userpass, _, netloc = netloc.rpartition("@") host, port = httputil.split_host_and_port(netloc) if port is None: port = 443 if self.parsed.scheme == "https" else 80 if re.match(r"^\[.*\]$", host): # raw ipv6 addresses in urls are enclosed in brackets host = host[1:-1] self.parsed_hostname = host # save final host for _on_connect if self.request.allow_ipv6 is False: af = socket.AF_INET else: af = socket.AF_UNSPEC ssl_options = self._get_ssl_options(self.parsed.scheme) source_ip = None if self.request.network_interface: if is_valid_ip(self.request.network_interface): source_ip = self.request.network_interface else: raise ValueError( "Unrecognized IPv4 or IPv6 address for network_interface, got %r" % (self.request.network_interface, )) timeout = min(self.request.connect_timeout, self.request.request_timeout) if timeout: self._timeout = self.io_loop.add_timeout( self.start_time + timeout, functools.partial(self._on_timeout, "while connecting"), ) stream = await self.tcp_client.connect( host, port, af=af, ssl_options=ssl_options, max_buffer_size=self.max_buffer_size, source_ip=source_ip, ) if self.final_callback is None: # final_callback is cleared if we've hit our timeout. stream.close() return self.stream = stream self.stream.set_close_callback(self.on_connection_close) self._remove_timeout() if self.final_callback is None: return if self.request.request_timeout: self._timeout = self.io_loop.add_timeout( self.start_time + self.request.request_timeout, functools.partial(self._on_timeout, "during request"), ) if (self.request.method not in self._SUPPORTED_METHODS and not self.request.allow_nonstandard_methods): raise KeyError("unknown method %s" % self.request.method) for key in ( "proxy_host", "proxy_port", "proxy_username", "proxy_password", "proxy_auth_mode", ): if getattr(self.request, key, None): raise NotImplementedError("%s not supported" % key) if "Connection" not in self.request.headers: self.request.headers["Connection"] = "close" if "Host" not in self.request.headers: if "@" in self.parsed.netloc: self.request.headers[ "Host"] = self.parsed.netloc.rpartition("@")[-1] else: self.request.headers["Host"] = self.parsed.netloc username, password = None, None if self.parsed.username is not None: username, password = self.parsed.username, self.parsed.password elif self.request.auth_username is not None: username = self.request.auth_username password = self.request.auth_password or "" if username is not None: assert password is not None if self.request.auth_mode not in (None, "basic"): raise ValueError("unsupported auth_mode %s", self.request.auth_mode) self.request.headers[ "Authorization"] = "Basic " + _unicode( base64.b64encode( httputil.encode_username_password( username, password))) if self.request.user_agent: self.request.headers[ "User-Agent"] = self.request.user_agent if not self.request.allow_nonstandard_methods: # Some HTTP methods nearly always have bodies while others # almost never do. Fail in this case unless the user has # opted out of sanity checks with allow_nonstandard_methods. body_expected = self.request.method in ("POST", "PATCH", "PUT") body_present = (self.request.body is not None or self.request.body_producer is not None) if (body_expected and not body_present) or (body_present and not body_expected): raise ValueError( "Body must %sbe None for method %s (unless " "allow_nonstandard_methods is true)" % ("not " if body_expected else "", self.request.method)) if self.request.expect_100_continue: self.request.headers["Expect"] = "100-continue" if self.request.body is not None: # When body_producer is used the caller is responsible for # setting Content-Length (or else chunked encoding will be used). self.request.headers["Content-Length"] = str( len(self.request.body)) if (self.request.method == "POST" and "Content-Type" not in self.request.headers): self.request.headers[ "Content-Type"] = "application/x-www-form-urlencoded" if self.request.decompress_response: self.request.headers["Accept-Encoding"] = "gzip" req_path = (self.parsed.path or "/") + ( ("?" + self.parsed.query) if self.parsed.query else "") self.connection = self._create_connection(stream) start_line = httputil.RequestStartLine(self.request.method, req_path, "") self.connection.write_headers(start_line, self.request.headers) if self.request.expect_100_continue: await self.connection.read_response(self) else: await self._write_body(True) except Exception: if not self._handle_exception(*sys.exc_info()): raise
def validate_ip(cls, ip_address): ''' Checks the format of the string to confirm its a valid IPv4 or v6 address ''' if netutil.is_valid_ip(ip_address): return ip_address else: raise ValueError("Invalid IP Address: '%s'" % str(ip_address))
def run(self): operator = self.params['Operator'] hostname = self.params['Hostname'] user_org = self.params['AccessKeyId'] user_end = self.params['IPUserID'] ip = self.params['IP'] if 'IP' in self.params else None package_id = self.params['PackageID'] if 'PackageID' in self.params else None ts = self.application.ts_begin sql = "select user_org,user_end,ip,package_protect_id,status from t_firewall WHERE hostname=%s and status>0" data_add = self.application.dbcur.queryall_dict(sql, (hostname,)) if not netutil.is_valid_ip(hostname): res = sc(code.ParamError) res.result = res.result % hostname raise gen.Return(res) if ip is None and package_id is None: res = sc(code.ParamError) res.result = res.result % 'IP与包ID至少择一提交' raise gen.Return(res) num_sql = "SELECT count(1) FROM t_firewall WHERE user_end=%s AND types=1 AND status>0 " if ip is None: num_sql = num_sql + "AND package_protect_id=%s;" num_data = self.application.dbcur.queryall_dict(num_sql, (user_end, package_id,)) elif package_id is None: num_sql = num_sql + "AND ip=%s;" num_data = self.application.dbcur.queryall_dict(num_sql, (user_end, ip,)) else: num_sql = num_sql + "AND ip=%s AND package_protect_id=%s;" num_data = self.application.dbcur.queryall_dict(num_sql, (user_end, ip, package_id,)) if num_data[0]['count'] > self.application.wlmaxvalue[0]: res = sc(code.MaxWhiteList) raise gen.Return(res) data_info = {} data_status = {} thread_list = [] status_num = 0 user_dict = {'user_org': user_org, 'user_end': user_end, 'ip': ip, 'package_protect_id': package_id} condition = 0 fw_list = self.application.firewalllist if operator == 'bgp' else [self.application.ccfirewall, operator] for i in fw_list: firewall = ZhiFirewall(i) if i in self.application.zhifirewalllist else Firewall(i) condition += 2 ** firewall.number if len(data_add) != 0: if condition != data_add[0]['status']: res = sc(code.ParamError) res.result = res.result % operator raise gen.Return(res) for i in fw_list: t = MyThread(self.add_ip, args=(i, hostname, data_add, user_dict)) thread_list.append(t) for t in thread_list: t.start() for t in thread_list: t.join() for index, item in enumerate(thread_list): data_status[fw_list[index]] = item.get_result() for k, v in data_status.items(): if '添加至' in v: firewall = ZhiFirewall(k) if k in self.application.zhifirewalllist else Firewall(k) status_num = status_num ^ 2**firewall.number sql = "select user_org,user_end,ip,package_protect_id from t_firewall WHERE hostname=%s" data = self.application.dbcur.queryall_dict(sql, (hostname,)) if user_dict in data: if ip is None: update_sql = 'UPDATE t_firewall SET status=%s, updatedt=%s WHERE user_org=%s AND user_end=%s AND hostname=%s AND ip IS NULL AND package_protect_id=%s' self.application.dbcur.execute(update_sql, (status_num, ts, user_org, user_end, hostname, package_id,)) elif package_id is None: update_sql = 'UPDATE t_firewall SET status=%s, updatedt=%s WHERE user_org=%s AND user_end=%s AND hostname=%s AND ip=%s AND package_protect_id IS NULL' self.application.dbcur.execute(update_sql, (status_num, ts, user_org, user_end, hostname, ip,)) else: update_sql = 'UPDATE t_firewall SET status=%s, updatedt=%s WHERE user_org=%s AND user_end=%s AND hostname=%s AND ip=%s AND package_protect_id=%s' self.application.dbcur.execute(update_sql, (status_num, ts, user_org, user_end, hostname, ip, package_id,)) else: white_info = {'user_org': user_org, 'user_end': user_end, 'ip': ip, 'package_protect_id': package_id, 'hostname': hostname, 'types': 1, 'status': status_num, 'createdt': ts} self.application.dbcur.insert_dict('t_firewall', white_info) else: condition = '' if isinstance(condition, int): data_info['AddIPWhiteList'] = operator + ':IP添加至白名单' res = sc(code.Success) res.redata = data_info else: res = sc(code.ChangeFail) res.result = res.result % {operator + ':此IP已被他人配置'} raise gen.Return(res)
def test_is_valid_ip(self): self.assertTrue(is_valid_ip("127.0.0.1")) self.assertTrue(is_valid_ip("4.4.4.4")) self.assertTrue(is_valid_ip("::1")) self.assertTrue(is_valid_ip("2620:0:1cfe:face:b00c::3")) self.assertTrue(not is_valid_ip("www.google.com")) self.assertTrue(not is_valid_ip("localhost")) self.assertTrue(not is_valid_ip("4.4.4.4<")) self.assertTrue(not is_valid_ip(" 127.0.0.1")) self.assertTrue(not is_valid_ip("")) self.assertTrue(not is_valid_ip(" ")) self.assertTrue(not is_valid_ip("\n")) self.assertTrue(not is_valid_ip("\x00"))
async def run(self) -> None: try: self.parsed = urllib.parse.urlsplit(_unicode(self.request.url)) if self.parsed.scheme not in ("http", "https"): raise ValueError("Unsupported url scheme: %s" % self.request.url) # urlsplit results have hostname and port results, but they # didn't support ipv6 literals until python 2.7. netloc = self.parsed.netloc if "@" in netloc: userpass, _, netloc = netloc.rpartition("@") host, port = httputil.split_host_and_port(netloc) if port is None: port = 443 if self.parsed.scheme == "https" else 80 if re.match(r"^\[.*\]$", host): # raw ipv6 addresses in urls are enclosed in brackets host = host[1:-1] self.parsed_hostname = host # save final host for _on_connect if self.request.allow_ipv6 is False: af = socket.AF_INET else: af = socket.AF_UNSPEC ssl_options = self._get_ssl_options(self.parsed.scheme) source_ip = None if self.request.network_interface: if is_valid_ip(self.request.network_interface): source_ip = self.request.network_interface else: raise ValueError( "Unrecognized IPv4 or IPv6 address for network_interface, got %r" % (self.request.network_interface,) ) timeout = min(self.request.connect_timeout, self.request.request_timeout) if timeout: self._timeout = self.io_loop.add_timeout( self.start_time + timeout, functools.partial(self._on_timeout, "while connecting"), ) stream = await self.tcp_client.connect( host, port, af=af, ssl_options=ssl_options, max_buffer_size=self.max_buffer_size, source_ip=source_ip, ) if self.final_callback is None: # final_callback is cleared if we've hit our timeout. stream.close() return self.stream = stream self.stream.set_close_callback(self.on_connection_close) self._remove_timeout() if self.final_callback is None: return if self.request.request_timeout: self._timeout = self.io_loop.add_timeout( self.start_time + self.request.request_timeout, functools.partial(self._on_timeout, "during request"), ) if ( self.request.method not in self._SUPPORTED_METHODS and not self.request.allow_nonstandard_methods ): raise KeyError("unknown method %s" % self.request.method) for key in ( "proxy_host", "proxy_port", "proxy_username", "proxy_password", "proxy_auth_mode", ): if getattr(self.request, key, None): raise NotImplementedError("%s not supported" % key) if "Connection" not in self.request.headers: self.request.headers["Connection"] = "close" if "Host" not in self.request.headers: if "@" in self.parsed.netloc: self.request.headers["Host"] = self.parsed.netloc.rpartition( "@" )[-1] else: self.request.headers["Host"] = self.parsed.netloc username, password = None, None if self.parsed.username is not None: username, password = self.parsed.username, self.parsed.password elif self.request.auth_username is not None: username = self.request.auth_username password = self.request.auth_password or "" if username is not None: assert password is not None if self.request.auth_mode not in (None, "basic"): raise ValueError( "unsupported auth_mode %s", self.request.auth_mode ) self.request.headers["Authorization"] = "Basic " + _unicode( base64.b64encode( httputil.encode_username_password(username, password) ) ) if self.request.user_agent: self.request.headers["User-Agent"] = self.request.user_agent if not self.request.allow_nonstandard_methods: # Some HTTP methods nearly always have bodies while others # almost never do. Fail in this case unless the user has # opted out of sanity checks with allow_nonstandard_methods. body_expected = self.request.method in ("POST", "PATCH", "PUT") body_present = ( self.request.body is not None or self.request.body_producer is not None ) if (body_expected and not body_present) or ( body_present and not body_expected ): raise ValueError( "Body must %sbe None for method %s (unless " "allow_nonstandard_methods is true)" % ("not " if body_expected else "", self.request.method) ) if self.request.expect_100_continue: self.request.headers["Expect"] = "100-continue" if self.request.body is not None: # When body_producer is used the caller is responsible for # setting Content-Length (or else chunked encoding will be used). self.request.headers["Content-Length"] = str(len(self.request.body)) if ( self.request.method == "POST" and "Content-Type" not in self.request.headers ): self.request.headers[ "Content-Type" ] = "application/x-www-form-urlencoded" if self.request.decompress_response: self.request.headers["Accept-Encoding"] = "gzip" req_path = (self.parsed.path or "/") + ( ("?" + self.parsed.query) if self.parsed.query else "" ) self.connection = self._create_connection(stream) start_line = httputil.RequestStartLine( self.request.method, req_path, "" ) self.connection.write_headers(start_line, self.request.headers) if self.request.expect_100_continue: await self.connection.read_response(self) else: await self._write_body(True) except Exception: if not self._handle_exception(*sys.exc_info()): raise
def run(self): operator = self.params['Operator'] hostname = self.params['Hostname'] user_org = self.params['AccessKeyId'] user_end = self.params['IPUserID'] ip = self.params['IP'] if 'IP' in self.params else None package_id = self.params['PackageID'] if 'PackageID' in self.params else None ts = self.application.ts_begin sql = "select user_org,user_end,ip,package_protect_id,status from t_firewall WHERE hostname=%s and status>0" data_add = self.application.dbcur.queryall_dict(sql, (hostname,)) if netutil.is_valid_ip(hostname): res = sc(code.ParamError) res.result = res.result % hostname raise gen.Return(res) if len(data_add) == 0: res = sc(code.PermissionDenied) res.result = res.result % hostname raise gen.Return(res) if ip is None and package_id is None: res = sc(code.ParamError) res.result = res.result % 'IP与包ID至少择一提交' raise gen.Return(res) data_info = {} data_status = {} thread_list = [] status_num = data_add[0]['status'] user_dict = {'user_org': user_org, 'user_end': user_end, 'ip': ip, 'package_protect_id': package_id} condition = 0 fw_list = self.application.firewalllist if operator == 'bgp' else [self.application.ccfirewall, operator] for i in fw_list: fw_num = ZhiFirewall(i) if i in self.application.zhifirewalllist else Firewall(i) condition += 2**fw_num.number if condition != status_num: res = sc(code.ParamError) res.result = res.result % operator raise gen.Return(res) for i in fw_list: t = MyThread(self.del_domain, args=(i, hostname, data_add, user_dict)) thread_list.append(t) for t in thread_list: t.start() for t in thread_list: t.join() for index, item in enumerate(thread_list): data_status[fw_list[index]] = item.get_result() for k, v in data_status.items(): if '删除' in v: firewall = ZhiFirewall(k) if k in self.application.zhifirewalllist else Firewall(k) status_num = status_num ^ 2**firewall.number if ip is None: update_sql = 'UPDATE t_firewall SET status=%s, updatedt=%s WHERE user_org=%s AND user_end=%s AND hostname=%s AND ip IS NULL AND package_protect_id=%s' self.application.dbcur.execute(update_sql, (status_num, ts, user_org, user_end, hostname, package_id,)) elif package_id is None: update_sql = 'UPDATE t_firewall SET status=%s, updatedt=%s WHERE user_org=%s AND user_end=%s AND hostname=%s AND ip=%s AND package_protect_id IS NULL' self.application.dbcur.execute(update_sql, (status_num, ts, user_org, user_end, hostname, ip,)) else: update_sql = 'UPDATE t_firewall SET status=%s, updatedt=%s WHERE user_org=%s AND user_end=%s AND hostname=%s AND ip=%s AND package_protect_id=%s' self.application.dbcur.execute(update_sql, (status_num, ts, user_org, user_end, hostname, ip, package_id,)) else: condition = '' if isinstance(condition, int): data_info['DeleteDomainWhiteList'] = operator + ':域名从白名单删除' res = sc(code.Success) res.redata = data_info else: data_info['DeleteDomainWhiteList'] = operator + ':此域名已被他人配置' res = sc(code.ChangeFail) res.result = res.result % data_info raise gen.Return(res)
def __init__(self, method, uri, version="HTTP/1.0", headers=None, body=None, remote_ip=None, protocol=None, host=None, files=None, connection=None): self.method = method self.uri = uri self.version = version self.headers = headers or httputil.HTTPHeaders() self.body = body or "" self.trace = None # set remote IP and protocol self.remote_ip = remote_ip if protocol: self.protocol = protocol elif connection and isinstance(connection.stream, iostream.SSLIOStream): self.protocol = "https" else: self.protocol = "http" # xheaders can override the defaults if connection and connection.xheaders: # Squid uses X-Forwarded-For, others use X-Real-Ip ip = self.headers.get("X-Forwarded-For", self.remote_ip) ip = ip.split(',')[-1].strip() ip = self.headers.get("X-Real-Ip", ip) if netutil.is_valid_ip(ip): self.remote_ip = ip # AWS uses X-Forwarded-Proto proto = self.headers.get( "X-Scheme", self.headers.get("X-Forwarded-Proto", self.protocol)) if proto in ("http", "https"): self.protocol = proto # Zipkin users if options.server_trace: parent_span_id = self.headers.get("X-B3-ParentSpanId", None) trace_id = self.headers.get("X-B3-TraceId", None) span_id = self.headers.get("X-B3-SpanId", None) name = method endpoint = Endpoint(ipv4=socket.gethostbyname( socket.gethostname()), port=port, service_name=service_name) self.trace = Trace(name=name, trace_id=trace_id, span_id=span_id, parent_span_id=parent_span_id) self.trace.set_endpoint(endpoint) self.host = host or self.headers.get("Host") or "127.0.0.1" self.files = files or {} self.connection = connection self._start_time = time.time() self._finish_time = None self.path, sep, self.query = uri.partition('?') self.arguments = parse_qs_bytes(self.query, keep_blank_values=True) self.query_arguments = copy.deepcopy(self.arguments) self.body_arguments = {} if options.server_trace: self.trace.record(Annotation.string('Url', uri)) self.trace.record(Annotation.string('Header', self.headers)) self.trace.record(Annotation.server_recv())