def login_action(request):
"""处理登陆请求"""
if request.method != "POST":
return render(request, 'isadmin/error/error-403.html')
nickname = request.POST.get("nickname")
password = request.POST.get("password")
remain = request.POST.get("remain")
user = SysUser.objects.filter(nickname=nickname)
if user is None or len(user) == 0:
result = json_result("error", "用户不存在")
return HttpResponse(result,
content_type="application/json;charset=utf-8")
salt = user[0].salt
real_password = user[0].pw
# 创建md5对象
hl = hashlib.md5()
hl.update((password + salt).encode(encoding='utf-8'))
if real_password == hl.hexdigest():
half_hour = 60 * 30
seven_days = 60 * 60 * 24 * 7
if int(remain) == 0:
request.session.set_expiry(half_hour)
else:
request.session.set_expiry(seven_days)
request.session["id"] = user[0].id
request.session["nickname"] = nickname
result = json_result("success", "登陆成功。")
return HttpResponse(result,
content_type="application/json;charset=utf-8")
else:
result = json_result("error", "密码错误,请重试。")
return HttpResponse(result,
content_type='application/json;charset=utf-8')
def beat_start(request):
ip = settings.CELERY_BEAT_IP
user = settings.CELERY_BEAT_USER
password = settings.CELERY_BEAT_PW
if platform.system() != "Linux":
result = json_result("error", "WEB服务器操作系统不支持此操作!:-(")
return HttpResponse(result, content_type="application/json;charset=utf-8")
child = None
try:
child = get_ssh_connection(ip, user, password)
child.expect("root@(.*?)~#", timeout=5)
child.sendline("cd /home/internet-snapshot/mysite")
child.expect("root@(.*?)/home/internet-snapshot/mysite#", timeout=5)
child.sendline("ps -aux | grep django_celery_beat | grep -v grep | awk '{print $2}'")
expect_result = child.expect(["\r\n\d+", "root@(.*?)/home/internet-snapshot/mysite#"], timeout=5)
if expect_result == 0:
pid = int(child.after[2:])
result = json_result("error", "检测到beat正在运行,其进程id为%s。" % (pid,))
else:
child.sendline("bash ./celery-beat-start.sh")
child.expect("root@(.*?)/home/internet-snapshot/mysite#", timeout=5)
child.sendline("ps -aux | grep django_celery_beat | grep -v grep | awk '{print $2}'")
child.expect("\r\n\d+", timeout=5)
pid = int(child.after[2:])
result = json_result("success", "beat启动成功,其进程号为%s。" % (pid,))
except Exception as e:
logging.error("When beat start, error %s occurred." % (e.__class__,))
result = json_result("error", "后台链接失败,请重试:-(")
return HttpResponse(result, content_type="application/json;charset=utf-8")
finally:
if child is not None:
child.sendline("exit")
child.close()
return HttpResponse(result, content_type="application/json;charset=utf-8")
def prisocs(request, id=None):
"""PRISOC(PrivateSafeOutChains)的CURD操作REST接口"""
if request.method == 'POST':
mydomain = request.POST.get("mydomain")
owner = request.POST.get("owner")
remark = request.POST.get("remark")
obj = PrivateSafeOutChains.objects.create(mydomain=mydomain, owner=owner, remark=remark)
if not obj:
result = json_result("error", "添加私有正常外链主域名失败:-(")
else:
result = json_result("success", "添加私有正常外链主域名成功:-)")
return HttpResponse(result, content_type="application/json;charset=utf-8")
elif request.method == 'DELETE':
obj = PrivateSafeOutChains.objects.filter(id=id).delete()
if not obj or obj[0] == 0:
result = json_result("error", "删除私有正常外链主域名失败:-(")
else:
result = json_result("success", "删除私有正常外链主域名成功:-)")
return HttpResponse(result, content_type="application/json;charset=utf-8")
elif request.method == 'PUT':
put = QueryDict(request.body)
id = put.get("id")
mydomain = put.get("mydomain")
owner = put.get("owner")
remark = put.get("remark")
obj = PrivateSafeOutChains.objects.filter(id=id).update(mydomain=mydomain, owner=owner, remark=remark)
if obj == 0:
result = json_result("error", "更新私有正常外链主域名失败:-(")
else:
result = json_result("success", "更新私有正常外链主域名成功:-)")
return HttpResponse(result, content_type="application/json;charset=utf-8")
elif request.method == 'GET':
if id:
obj = PrivateSafeOutChains.objects.filter(id=id)
if not isinstance(obj, QuerySet):
result = json_result("error", "查询私有正常外链主域名失败:-(")
else:
data = list()
data.append(to_json_dict(obj))
result = json_result("success", "查询私有正常外链主域名成功:-)", data=data)
else:
rows = int(request.GET.get("rows")) if request.GET.get("rows") else 10
page = int(request.GET.get("page")) if request.GET.get("page") else 1
start = (page-1) * rows
end = start + rows
objs = PrivateSafeOutChains.objects.all()[start: end]
if not isinstance(objs, QuerySet):
result = json_result("error", "查询私有正常外链主域名失败:-(")
else:
data = list()
for obj in objs:
data.append(to_json_dict(obj))
recoards = PrivateSafeOutChains.objects.count()
total_pages = math.floor(recoards / rows) + 1
result = json_result("success", "查询私有正常外链主域名成功:-)", data=data, page=page,
total=total_pages, records=recoards)
return HttpResponse(result, content_type="application/json;charset=utf-8")
else:
return render(request, 'isadmin/error/error-404.html')
def get_log_files(request):
ip = request.POST.get("ip")
vps = Vps.objects.filter(ip=ip)
if vps is None or len(vps) == 0:
result = json_result("error", "该服务器ip不存在。")
return HttpResponse(result,
content_type="application/json;charset=utf-8")
log_files = LogFiles.objects.filter(vps_id=vps[0].id)
data = [log_file.path + log_file.filename for log_file in log_files]
result = json_result("success", "查询成功", data=data)
return HttpResponse(result, content_type="application/json;charset=utf-8")
def invite_code_action(request):
inviter_id = request.POST.get("inviter_id", None)
left_time = request.POST.get("left_time", 1)
invite_code = random_string()
try:
Invite.objects.create(inviter_id=inviter_id,
invite_code=invite_code,
left_time=left_time)
except Exception as e:
logging.error("When create invite entity, %s occurred." %
(e.__class__, ))
result = json_result("error", "数据库错误")
return HttpResponse(result,
content_type="application/json;charset=utf-8")
result = json_result("success", "生成邀请码成功", invite_code=invite_code)
return HttpResponse(result, content_type="application/json;charset=utf-8")
def disks_chart(request):
"""磁盘剩余量走势"""
vps_id = request.GET.get("vps_id")
try:
vps = Vps.objects.filter(id=vps_id)
vps_status_count = VpsStatus.objects.filter(vps_id=vps_id).count()
start_index = vps_status_count - 288 if vps_status_count > 288 else 0
vps_statuses = VpsStatus.objects.filter(vps_id=vps_id)[start_index:]
except:
return render(request, "isadmin/error/error-500.html")
disks = json.loads(vps[0].disks)
disks_total = 0
for disk in disks.keys():
disks_total += disks[disk]["total"]
result = {
"times": [],
"lefts": [],
}
for vps_status in vps_statuses:
unformat_time = vps_status.field_time
format_time = time.strftime("%Y-%m-%d %H:%M",
unformat_time.timetuple())
disks = json.loads(vps_status.disks_status)
disks_used = 0
for disk in disks.keys():
disks_used += disks[disk]
result["times"].append(format_time)
result["lefts"].append(byte_to_gb(disks_total - disks_used))
return HttpResponse(json_result("success", "查询成功:-)", data=result),
content_type="application/json;charset=utf-8")
def _check_session_json(request, *args, **kwargs):
if request.session.get("nickname", None):
response = func(request, *args, **kwargs)
else:
result = json_result("error", "未检查到登陆态:-(")
response = HttpResponse(
result, content_type="application/json;charset=utf-8")
return response
def retrieve_action(request):
"""处理重置密码请求"""
if request.method != "POST":
return render(request, 'isadmin/error/error-403.html')
token = request.POST.get("token")
password = request.POST.get("password")
repeat_password = request.POST.get("repeat_password")
token = urllib.parse.unquote(token)
encrypt = base64.b64decode(token) # base64解密
triple_des = pyDes.triple_des(settings.DES_KEY, padmode=pyDes.PAD_PKCS5)
decrypt = triple_des.decrypt(encrypt).decode("utf-8") # 3DES解密
try:
email = decrypt.split('+')[0]
token_time = int(decrypt.split('+')[1])
user = SysUser.objects.filter(email=email)
if user is None:
raise Exception()
except:
result = json_result("error", "重置密码链接有误,请勿更改邮件内链接。")
return HttpResponse(result,
content_type="application/json;charset=utf-8")
if int(time.time()) - token_time > 3600:
# 邮件已发出一小时,token失效
result = json_result("error", "token已超时,请重新申请重置密码邮件。")
return HttpResponse(result,
content_type="application/json;charset=utf-8")
if password != repeat_password:
result = json_result("error", "两次输入的密码不一致。")
return HttpResponse(result,
content_type="application/json;charset=utf-8")
salt = random_string()
# 创建md5对象
hl = hashlib.md5()
hl.update((password + salt).encode(encoding='utf-8'))
real_password = hl.hexdigest()
try:
row = user.update(pw=real_password, salt=salt)
if row == 0:
raise Exception()
except:
result = json_result("error", "重置密码失败。")
return HttpResponse(result,
content_type="application/json;charset=utf-8")
result = json_result("success", "重置密码成功。")
return HttpResponse(result, content_type="application/json;charset=utf-8")
def vps_monitor_reload(request):
if request.method != "GET":
return render(request, 'isadmin/error/error-404.html')
vpss = Vps.objects.all()
vps_statuss = []
for vps in vpss:
sql = "SELECT * FROM vps_status WHERE vps_id=%s AND _time=(SELECT max(_time) " \
"FROM vps_status WHERE vps_id=%s);"
with connection.cursor() as cursor:
cursor.execute(sql, (vps.id, vps.id))
vps_status_obj = cursor.fetchone()
disks_total = 0
disks = json.loads(vps.disks)
for disk in disks.keys():
disks_total += int(disks[disk]["total"])
cpus = json.loads(vps_status_obj[2])
disks_used = 0
disks = json.loads(vps_status_obj[5])
for disk in disks.keys():
disks_used += int(disks[disk])
vps_status = {
"id":
vps.id,
"ip":
vps.ip,
"nickname":
vps.nickname,
"cpu_count":
vps.cpu_count,
"cpu_logical_count":
vps.cpu_logical_count,
"cpu_percent":
cpus[0],
"memory_total":
byte_to_gb(vps.memory),
"memory_used":
byte_to_gb(vps.memory - vps_status_obj[3]),
"memory_percent":
float_to_percent(vps_status_obj[3] / vps.memory),
"swap_total":
byte_to_gb(vps.swap),
"swap_used":
byte_to_gb(vps.swap - vps_status_obj[4]),
"swap_percent":
float_to_percent(0 if vps.swap == 0 else vps_status_obj[4] /
vps.swap),
"disks_total":
byte_to_gb(disks_total),
"disks_used":
byte_to_gb(disks_total - disks_used),
"disks_percent":
float_to_percent(disks_used / disks_total),
}
vps_statuss.append(vps_status)
result = json_result("success", "查询成功:-)", data=vps_statuss)
return HttpResponse(result, content_type="application/json;charset=utf-8")
def snapshots(request, id=None):
"""网页快照(Snapshot)的CURD操作REST接口"""
if request.method == 'POST':
return render(request, 'isadmin/error/error-404.html')
elif request.method == 'DELETE':
obj = Snapshot.objects.filter(id=id).delete()
if not obj or obj[0] == 0:
result = json_result("error", "删除网页快照失败:-(")
else:
result = json_result("success", "删除网页快照成功:-)")
return HttpResponse(result, content_type="application/json;charset=utf-8")
elif request.method == 'PUT':
put = QueryDict(request.body)
id = put.get("id")
screen_shot_path = put.get("screen_shot_path")
obj = Snapshot.objects.filter(id=id).update(screen_shot_path=screen_shot_path)
if obj == 0:
result = json_result("error", "更新网页快照失败:-(")
else:
result = json_result("success", "更新网页快照成功:-)")
return HttpResponse(result, content_type="application/json;charset=utf-8")
elif request.method == 'GET':
if id:
obj = Snapshot.objects.filter(id=id)
if not isinstance(obj, QuerySet):
result = json_result("error", "查询网页快照失败:-(")
else:
data = list()
if obj.get_time:
obj.get_time = obj.get_time.strftime("%Y-%m-%d %H:%M:%S")
data.append(to_json_dict(obj))
result = json_result("success", "查询网页快照成功:-)", data=data)
else:
rows = int(request.GET.get("rows")) if request.GET.get("rows") else 10
page = int(request.GET.get("page")) if request.GET.get("page") else 1
start = (page - 1) * rows
end = start + rows
objs = Snapshot.objects.all()[start: end]
if not isinstance(objs, QuerySet):
result = json_result("error", "查询网页快照失败:-(")
else:
data = list()
for obj in objs:
if obj.get_time:
obj.get_time = obj.get_time.strftime("%Y-%m-%d %H:%M:%S")
data.append(to_json_dict(obj))
recoards = Snapshot.objects.count()
total_pages = math.floor(recoards / rows) + 1
result = json_result("success", "查询网页快照成功:-)", data=data, page=page,
total=total_pages, records=recoards)
return HttpResponse(result, content_type="application/json;charset=utf-8")
else:
return render(request, 'isadmin/error/error-404.html')
def compare_unique_datas(request):
draw = request.GET.get("draw")
start = request.GET.get("start")
length = request.GET.get("length")
filter = request.GET.get("search[value]")
sql = "SELECT snapshot.id, snapshot.request_url, private_out_chain_records.out_chain, " \
"private_out_chain_records.checked, private_out_chain_records.result, " \
"snapshot.send_ip, snapshot.server_ip, snapshot.get_time, private_out_chain_records.id " \
"FROM snapshot INNER JOIN private_out_chain_records " \
"ON snapshot.id = private_out_chain_records.ss_id "
if filter == "未检查":
sql += "WHERE private_out_chain_records.checked=0 "
elif "恶意" in filter:
sql += "WHERE private_out_chain_records.checked=1 AND private_out_chain_records.result=1 "
sql += "LIMIT %s,%s;"
with connection.cursor() as cursor:
cursor.execute(sql, (int(start), int(length)))
rows = cursor.fetchall()
data = []
for row in rows:
item = {}
item["ss_id"] = row[0]
item["request_url"] = row[1]
item["out_chain"] = row[2]
item["checked"] = row[3]
item["result"] = row[4]
item["send_ip"] = row[5]
item["server_ip"] = row[6]
get_time = row[7].strftime("%Y-%m-%d %H:%M:%S")
item["get_time"] = get_time
item["id"] = row[8]
data.append(item)
sql = "SELECT COUNT(*) FROM snapshot INNER JOIN private_out_chain_records " \
"ON snapshot.id = private_out_chain_records.ss_id "
if filter == "未检查":
sql += "WHERE private_out_chain_records.checked=0 "
elif "恶意" in filter:
sql += "WHERE private_out_chain_records.checked=1 AND private_out_chain_records.result=1 "
sql += ";"
with connection.cursor() as cursor:
cursor.execute(sql)
re = cursor.fetchone()
records_total = re[0]
# records_filtered = len(data)
result = json_result("success",
"查询成功:-)",
draw=draw,
data=data,
recordsTotal=records_total,
recordsFiltered=records_total)
return HttpResponse(result, content_type="application/json;charset=utf-8")
def check_suspicious(request):
"""判定过滤出的可疑主域名是否异常"""
# todo 事务控制、日志
result = request.GET.get("result")
id = request.GET.get("id")
request_url = request.GET.get("request_url")
unknown_domain = UrlUtil.get_domain(request.GET.get("unknown_domain"))
request_top_domain = UrlUtil.get_top_domain(request_url)
if result == "0":
# 判定为恶意链接
row = SuspiciousRecords.objects.filter(id=id).\
update(checked=1, result=1, check_time=time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time())))
row2 = MaliciousDomains.objects.create(mydomain=unknown_domain)
if row == 0 or row2 == 0:
result = json_result("error", "添加恶意链接失败:-(")
else:
result = json_result("success", "添加恶意链接成功:-)")
# 联动处理
SuspiciousRecords.objects.filter(checked=0, unknown_domain=unknown_domain).\
update(checked=1, result=1, check_time=time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time())))
elif result == "1":
# 加入公共白名单
re = SuspiciousRecords.objects.filter(id=id).\
update(checked=1, result=0, check_time=time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time())))
re2 = PublicSafeOutChains.objects.create(mydomain=unknown_domain)
if re == 0 or re2 == 0:
result = json_result("error", "加入公共白名单失败:-(")
else:
result = json_result("success", "加入公共白名单成功:-)")
# 联动处理
SuspiciousRecords.objects.filter(checked=0, unknown_domain=unknown_domain).\
update(checked=1, result=0, check_time=time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time())))
elif result == "2":
# 加入私有白名单
re = SuspiciousRecords.objects.filter(id=id).\
update(checked=1, result=0, check_time=time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time())))
re2 = PrivateSafeOutChains.objects.create(mydomain=unknown_domain,
owner=request_top_domain)
if re == 0 or re2 == 0:
result = json_result("error", "加入私有白名单失败:-(")
else:
result = json_result("success", "加入私有白名单成功:-)")
# 联动处理
SuspiciousRecords.objects.filter(checked=0, unknown_domain=unknown_domain).\
update(checked=1, result=0, check_time=time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time())))
else:
result = json_result("error", "参数错误:-(")
return HttpResponse(result, content_type="application/json;charset=utf-8")
def redirect_records_datas(request):
draw = request.GET.get("draw")
start = int(request.GET.get("start"))
length = int(request.GET.get("length"))
objs = Snapshot.objects.exclude(request_url=F("final_url")).\
values("id", "request_url", "final_url", "task_id", "send_ip", "server_ip")
redirect_objs = list()
for obj in objs:
if UrlUtil.get_top_domain(obj["request_url"]) != UrlUtil.get_top_domain(obj["final_url"]) \
and obj["final_url"] != "Something error occurred, please check the error log.":
redirect_objs.append(obj)
data = redirect_objs[start:start + length]
records_total = len(redirect_objs)
# records_filtered = len(data)
result = json_result("success",
"查询成功:-)",
draw=draw,
data=data,
recordsTotal=records_total,
recordsFiltered=records_total)
return HttpResponse(result, content_type="application/json;charset=utf-8")
def register_action(request):
"""处理注册请求"""
if request.method != "POST":
return render(request, 'isadmin/error/error-403.html')
nickname = request.POST.get("nickname")
email = request.POST.get("email")
invite_code = request.POST.get("invite_code")
password = request.POST.get("password")
repeat_password = request.POST.get("repeat_password")
if password != repeat_password:
result = json_result("error", "两次输入密码不一致")
return HttpResponse(result,
content_type="application/json;charset=utf-8")
user = SysUser.objects.filter(nickname=nickname)
if user is not None and len(user) > 0:
result = json_result("error", "用户名已存在")
return HttpResponse(result,
content_type="application/json;charset=utf-8")
user = SysUser.objects.filter(email=email)
if user is not None and len(user) > 0:
result = json_result("error", "Email已与其它账户关联")
return HttpResponse(result,
content_type="application/json;charset=utf-8")
invite = Invite.objects.filter(invite_code=invite_code)[0]
if invite is None or invite.left_time < 1:
result = json_result("error", "邀请码已失效")
return HttpResponse(result,
content_type="application/json;charset=utf-8")
Invite.objects.filter(invite_code=invite_code).update(
left_time=F("left_time") - 1)
salt = random_string()
# 创建md5对象
hl = hashlib.md5()
hl.update((password + salt).encode(encoding='utf-8'))
real_password = hl.hexdigest()
item = SysUser.objects.create(nickname=nickname,
pw=real_password,
salt=salt,
icon="/default.png",
email=email)
if item is None:
result = json_result("error", "服务器错误,请重试")
return HttpResponse(result,
content_type="application/json;charset=utf-8")
result = json_result("success", "注册成功")
return HttpResponse(result, content_type="application/json;charset=utf-8")
def cpu_chart(request):
"""cpu利用率走势"""
vps_id = request.GET.get("vps_id")
try:
vps_status_count = VpsStatus.objects.filter(vps_id=vps_id).count()
start_index = vps_status_count - 288 if vps_status_count > 288 else 0
vps_statuses = VpsStatus.objects.filter(vps_id=vps_id)[start_index:]
except:
return render(request, "isadmin/error/error-500.html")
result = {
"times": [],
"rates": [],
}
for vps_status in vps_statuses:
unformat_time = vps_status.field_time
format_time = time.strftime("%Y-%m-%d %H:%M",
unformat_time.timetuple())
result["times"].append(format_time)
result["rates"].append(json.loads(vps_status.cpu_status)[0])
return HttpResponse(json_result("success", "查询成功:-)", data=result),
content_type="application/json;charset=utf-8")
def pocr_records(request, id=None):
"""比对结果(PrivateOutChainRecords)的CURD操作REST接口"""
if request.method == 'POST':
ss_id = request.POST.get("ss_id")
out_chain = request.POST.get("out_chain")
checked = request.POST.get("checked")
result = request.POST.get("result")
check_time = request.POST.get("check_time")
obj = PrivateOutChainRecords.objects.create(ss_id=ss_id, out_chain=out_chain,
checked=checked, result=result,
check_time=check_time)
if not obj:
result = json_result("error", "添加比对结果记录失败:-(")
else:
result = json_result("success", "添加比对结果记录成功:-)")
return HttpResponse(result, content_type="application/json;charset=utf-8")
elif request.method == 'DELETE':
if isinstance(id, str) and id.find(',') != -1:
ids = id.split(',')
result_msg = ""
for item in ids:
obj = PrivateOutChainRecords.objects.filter(id=item).delete()
if not obj or obj[0] == 0:
result_msg += "删除比对结果记录id" + item + "失败:-("
else:
result_msg += "删除比对结果记录id" + item + "成功:-)"
result = json_result("success", result_msg)
else:
obj = PrivateOutChainRecords.objects.filter(id=id).delete()
if not obj or obj[0] == 0:
result = json_result("error", "删除比对结果记录失败:-(")
else:
result = json_result("success", "删除比对结果记录成功:-)")
return HttpResponse(result, content_type="application/json;charset=utf-8")
elif request.method == 'PUT':
put = QueryDict(request.body)
id = put.get("id")
ss_id = put.get("ss_id")
out_chain = put.get("out_chain")
checked = put.get("checked")
result = put.get("result")
check_time = time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(time.time()))
obj = PrivateOutChainRecords.objects.filter(id=id). \
update(ss_id=ss_id, out_chain=out_chain,
checked=checked, result=result, check_time=check_time)
if obj == 0:
result = json_result("error", "更新比对结果记录失败:-(")
else:
result = json_result("success", "删除比对结果记录成功:-)")
return HttpResponse(result, content_type="application/json;charset=utf-8")
elif request.method == 'GET':
if id:
obj = PrivateOutChainRecords.objects.filter(id=id)
if not isinstance(obj, QuerySet):
result = json_result("error", "查询比对结果记录失败:-(")
else:
data = list()
if obj.check_time:
obj.check_time = obj.check_time.strftime("%Y-%m-%d %H:%M:%S")
data.append(to_json_dict(obj))
result = json_result("success", "查询比对结果记录成功:-)", data=data)
else:
rows = int(request.GET.get("rows")) if request.GET.get("rows") else 10
page = int(request.GET.get("page")) if request.GET.get("page") else 1
start = (page - 1) * rows
end = start + rows
filters = request.GET.get("filters")
if filters:
objs = PrivateOutChainRecords.objects
filters = eval(filters)
group_op = filters["groupOp"]
rules = filters["rules"]
if group_op == "OR":
pass
elif group_op == "AND":
for rule in rules:
if rule["op"] == "eq":
if rule["field"] == "checked":
objs = objs.filter(checked=rule["data"])
elif rule["field"] == "result":
objs = objs.filter(result=rule["data"])
records = objs.count()
objs = objs[start: end]
else:
return render(request, 'isadmin/error/error-404.html')
else:
objs = PrivateOutChainRecords.objects.all()[start: end]
records = PrivateOutChainRecords.objects.count()
if not isinstance(objs, QuerySet):
result = json_result("error", "查询比对结果记录失败:-(")
else:
data = list()
for obj in objs:
if obj.check_time:
obj.check_time = obj.check_time.strftime("%Y-%m-%d %H:%M:%S")
data.append(to_json_dict(obj))
total_pages = math.floor(records / rows) + 1
result = json_result("success", "查询比对结果记录成功:-)", data=data, page=page,
total=total_pages, records=records)
return HttpResponse(result, content_type="application/json;charset=utf-8")
else:
return render(request, 'isadmin/error/error-404.html')
def check_compare_unique(request):
"""判定比对出的独有外链是否异常"""
# todo 事务控制
result = request.GET.get("result")
id = request.GET.get("id")
request_url = request.GET.get("request_url")
out_chain = request.GET.get("out_chain")
out_chain_top_domain = UrlUtil.get_top_domain(out_chain)
if result == "0":
# 判定为恶意链接
row = PrivateOutChainRecords.objects.filter(id=id).update(
checked=1,
result=1,
check_time=time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(time.time())))
row2 = MaliciousDomains.objects.create(mydomain=out_chain_top_domain)
if row == 0 or row2 == 0:
result = json_result("error", "添加恶意链接失败:-(")
else:
result = json_result("success", "添加恶意链接成功:-)")
# 联动处理
uncheked_records = PrivateOutChainRecords.objects.filter(checked=0)
for uncheked_record in uncheked_records:
if UrlUtil.get_top_domain(
uncheked_record.out_chain) == UrlUtil.get_top_domain(
out_chain):
PrivateOutChainRecords.objects.filter(
id=uncheked_record.id).update(
checked=1,
result=1,
check_time=time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(time.time())))
elif result == "1":
# 加入公共白名单
re = PrivateOutChainRecords.objects.filter(id=id).update(
checked=1,
result=0,
check_time=time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(time.time())))
re2 = PublicSafeOutChains.objects.create(mydomain=out_chain_top_domain)
if re == 0 or re2 == 0:
result = json_result("error", "加入公共白名单失败:-(")
else:
result = json_result("success", "加入公共白名单成功:-)")
# 联动处理
uncheked_records = PrivateOutChainRecords.objects.filter(checked=0)
for uncheked_record in uncheked_records:
if UrlUtil.get_top_domain(
uncheked_record.out_chain) == UrlUtil.get_top_domain(
out_chain):
PrivateOutChainRecords.objects.filter(
id=uncheked_record.id).update(
checked=1,
result=0,
check_time=time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(time.time())))
elif result == "2":
# 加入私有白名单
re = PrivateOutChainRecords.objects.filter(id=id).update(
checked=1,
result=0,
check_time=time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(time.time())))
request_top_domain = UrlUtil.get_top_domain(request_url)
re2 = PrivateSafeOutChains.objects.create(
mydomain=out_chain_top_domain, owner=request_top_domain)
if re == 0 or re2 == 0:
result = json_result("error", "加入私有白名单失败:-(")
else:
result = json_result("success", "加入私有白名单成功:-)")
# 联动处理
uncheked_records = PrivateOutChainRecords.objects.filter(checked=0)
for uncheked_record in uncheked_records:
if UrlUtil.get_top_domain(
uncheked_record.out_chain) == UrlUtil.get_top_domain(
out_chain):
PrivateOutChainRecords.objects.filter(
id=uncheked_record.id).update(
checked=1,
result=0,
check_time=time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(time.time())))
else:
result = json_result("error", "参数错误:-(")
return HttpResponse(result, content_type="application/json;charset=utf-8")
def retrieve_email_action(request):
"""处理发送重置密码邮件请求"""
if request.method != "POST":
return render(request, 'isadmin/error/error-403.html')
email = request.POST.get("email")
user = SysUser.objects.filter(email=email)
if user is None or len(user) == 0:
result = json_result("error", "该邮箱没有注册过本系统。")
return HttpResponse(result,
content_type="application/json;charset=utf-8")
now = str(int(time.time()))
triple_des = pyDes.triple_des(settings.DES_KEY, padmode=pyDes.PAD_PKCS5)
encrypt = triple_des.encrypt(email + '+' + now) # 3DES加密
token = base64.b64encode(encrypt).decode() # base64加密解码成字符串
token = urllib.parse.quote(token) # 避免特殊字符如+丢失
msg = '''
<table cellpadding="0" cellspacing="0" width="100%" style="max-width:744px; border: 1px solid #dedede;border-radius: 3px">
<tbody><tr>
<td style="padding: 10px 20px 10px 20px;">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody><tr>
<td align="left" style="font-size: 17px; padding:20px 0 10px 0;">
<b>亲爱的''' + user[0].nickname + ''':</b>
</td>
</tr>
<tr>
<td align="left" style="font-size:15px; padding: 10px 0px 10px 0px;">
你的密码重设要求已经得到验证。请点击以下按钮设置新的密码:
</td>
</tr>
<tr>
<td align="center" style="padding: 10px 0px 10px 0px;">
<table border="0" cellpadding="0" cellspacing="0">
<tbody><tr>
<td>
<div style="font-size:20px;font-weight:700;padding:5px 10px 5px 10px;text-align:center;background-color:#3aa252;border-radius: 3px;">
<a href="''' + settings.RETRIEVE_ADDRESS + '''?token=''' + token + ''''" class="button" style="text-decoration: none;color:white;" target="_blank">重设密码</a>
</div>
</td>
</tr>
</tbody></table>
</td>
</tr>
<tr>
<td align="left" style="font-size:15px; padding: 10px 0px 10px 0px;">
感谢你对互联网站点劫持检测系统的支持,希望你在互联网站点劫持检测系统的体验有益且愉快。
</td>
</tr>
<tr>
<td align="left" style="font-size:15px; padding: 10px 0px 10px 0px;">
互联网站点劫持检测系统 <a href="http://''' + settings.SITE_DOMAIN + '''/isadmin" target="_blank">https://''' + settings.SITE_DOMAIN + '''/isadmin</a>
</td>
</tr>
<tr>
<td align="left" style="font-size:15px; padding: 10px 0px 10px 0px;">
(这是一封自动产生的email,请勿回复。)
</td>
</tr>
</tbody></table>
</td>
</tr>
</tbody></table>
'''
try:
send_mail('密码重置链接',
'',
settings.EMAIL_FROM, [
email,
],
html_message=msg)
except Exception as e:
result = json_result("error", "邮件发送失败")
logging.error("When sent retrieve email, error %s occurred." %
(e.__class__, ))
return HttpResponse(result,
content_type="application/json;charset=utf-8")
result = json_result("success", "邮件发送成功")
return HttpResponse(result, content_type="application/json;charset=utf-8")
def dcbps(request, id=None):
"""DCBP(DjangoCeleryBeatPeriodicTask)的CURD操作REST接口"""
if request.method == 'POST':
name = request.POST.get("name")
args = request.POST.get("args")
kwargs = request.POST.get("kwargs")
queue = request.POST.get("queue")
exchange = request.POST.get("exchange")
routing_key = request.POST.get("routing_key")
expires = request.POST.get("expires")
enabled = request.POST.get("enabled")
last_run_at = request.POST.get("last_run_at")
total_run_count = request.POST.get("total_run_count")
date_changed = request.POST.get("dete_changed")
description = request.POST.get("description")
crontab_id = request.POST.get("crontab_id")
obj = PeriodicTask.objects.create(name=name, args=args, kwargs=kwargs, queue=queue, exchange=exchange,
routing_key=routing_key, expires=expires, enabled=enabled,
last_run_at=last_run_at, total_run_count=total_run_count,
date_changed=date_changed, description=description, crontab_id=crontab_id)
if not obj:
result = json_result("error", "添加定时任务失败:-(")
else:
result = json_result("success", "添加定时任务成功:-)")
return HttpResponse(result, content_type="application/json;charset=utf-8")
elif request.method == 'DELETE':
obj = PeriodicTask.objects.filter(id=id).delete()
if not obj or obj[0] == 0:
result = json_result("error", "删除定时任务失败:-(")
else:
result = json_result("success", "删除定时任务成功:-)")
return HttpResponse(result, content_type="application/json;charset=utf-8")
elif request.method == 'PUT':
put = QueryDict(request.body)
id = put.get("id")
name = put.get("name")
args = put.get("args")
kwargs = put.get("kwargs")
queue = put.get("queue")
exchange = put.get("exchange")
routing_key = put.get("routing_key")
expires = put.get("expires")
enabled = put.get("enabled")
last_run_at = put.get("last_run_at")
total_run_count = put.get("total_run_count")
date_changed = put.get("dete_changed")
description = put.get("description")
crontab_id = put.get("crontab_id")
obj = PeriodicTask.objects.filter(id=id).update(name=name, args=args, kwargs=kwargs, queue=queue, exchange=exchange,
routing_key=routing_key, expires=expires, enabled=enabled,
last_run_at=last_run_at, total_run_count=total_run_count,
date_changed=date_changed, description=description, crontab_id=crontab_id)
if obj == 0:
result = json_result("error", "更新定时任务失败:-(")
else:
result = json_result("success", "更新定时任务成功:-)")
return HttpResponse(result, content_type="application/json;charset=utf-8")
elif request.method == 'GET':
if id:
obj = PeriodicTask.objects.filter(id=id)
if not isinstance(obj, QuerySet):
result = json_result("error", "查询定时任务失败:-(")
else:
data = list()
data.append(to_json_dict(obj))
result = json_result("success", "查询定时任务成功:-)", data=data)
else:
rows = int(request.GET.get("rows")) if request.GET.get("rows") else 10
page = int(request.GET.get("page")) if request.GET.get("page") else 1
start = (page - 1) * rows
end = start + rows
objs = PeriodicTask.objects.all()[start: end]
if not isinstance(objs, QuerySet):
result = json_result("error", "查询定时任务失败:-(")
else:
data = list()
for obj in objs:
data.append(to_json_dict(obj))
recoards = PeriodicTask.objects.count()
total_pages = math.floor(recoards / rows) + 1
result = json_result("success", "查询定时任务成功:-)", data=data, page=page,
total=total_pages, records=recoards)
return HttpResponse(result, content_type="application/json;charset=utf-8")
else:
return render(request, 'isadmin/error/error-404.html')
def tasks(request):
"""与任务相关的CURD操作"""
# todo 事务处理
oper = request.GET.get("oper")
if oper == "add":
try:
task_name = request.GET.get("task_name")
start_url = request.GET.get("start_url")
exist_time = request.GET.get("exist_time")
depth = request.GET.get("depth")
max_num = request.GET.get("max_num")
expires = request.GET.get("expires")
enabled = int(request.GET.get("enabled"))
description = request.GET.get("description")
minute = request.GET.get("minute")
hour = request.GET.get("hour")
day_of_week = request.GET.get("day_of_week")
day_of_month = request.GET.get("day_of_month")
month_of_year = request.GET.get("month_of_year")
now = time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(time.time()))
# 对任务名查重
with connection.cursor() as cursor:
sql = "SELECT * FROM django_celery_beat_periodictask WHERE name=%s;"
rows = cursor.execute(sql, (task_name, ))
if rows > 0:
result = json_result("error", "任务名重复,请更改。")
return HttpResponse(
result, content_type="application/json;charset=utf-8")
with connection.cursor() as cursor:
sql = "INSERT INTO django_celery_beat_crontabschedule(minute,hour,day_of_week,day_of_month,month_of_year)" \
" VALUE (%s,%s,%s,%s,%s);"
cursor.execute(
sql,
(minute, hour, day_of_week, day_of_month, month_of_year))
with connection.cursor() as cursor:
sql = "SELECT LAST_INSERT_ID() as id;"
cursor.execute(sql)
result = cursor.fetchone()
cron_id = result[0]
task_args = json.dumps([start_url, exist_time, depth, max_num])
with connection.cursor() as cursor:
sql = "INSERT INTO django_celery_beat_periodictask(name,task,args,kwargs,queue,exchange,routing_key,expires,enabled," \
"total_run_count,date_changed,description,crontab_id) VALUE (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s);"
cursor.execute(
sql, (task_name, "tasks.snapshot", task_args, "{}",
"default_queue", "default_exchange", "default_key",
expires, enabled, 0, now, description, cron_id))
result = json_result("success", "任务插入成功")
except Exception as e:
raise e
logging.error("Error %s occurred" % (e.__class__, ))
result = json_result("error", "任务插入失败")
return HttpResponse(result,
content_type="application/json;charset=utf-8")
elif oper == "get":
with connection.cursor() as cursor:
sql = "SELECT task.name,task.description,task.args,task.expires,cron.minute,cron.hour," \
"cron.day_of_week,cron.day_of_month,cron.month_of_year,task.id,task.enabled" \
" FROM django_celery_beat_periodictask AS task" \
" INNER JOIN django_celery_beat_crontabschedule AS cron" \
" ON task.crontab_id=cron.id" \
" WHERE task.task='tasks.snapshot'"
cursor.execute(sql)
items = cursor.fetchall()
datas = list()
for item in items:
data = dict()
data["name"] = item[0]
data["description"] = item[1]
args = json.loads(item[2])
data["start_url"] = args[0]
data["exist_time"] = args[1]
data["depth"] = args[2]
data["max_num"] = args[3]
data["expires"] = item[3]
data["crontab"] = item[4] + " " + item[5] + " " + item[6] \
+ " " + item[7] + " " + item[8]
data["id"] = item[9]
data["enabled"] = item[10]
datas.append(data)
result = json_result("success", "查询成功", data=datas)
return HttpResponse(result,
content_type="application/json;charset=utf-8")
elif oper == "edit":
try:
task_id = request.GET.get("task_id")
task_name = request.GET.get("task_name")
start_url = request.GET.get("start_url")
exist_time = request.GET.get("exist_time")
depth = request.GET.get("depth")
max_num = request.GET.get("max_num")
expires = request.GET.get("expires") if request.GET.get(
"expires") is not "" else None
enabled = int(request.GET.get("enabled"))
description = request.GET.get("description")
minute = request.GET.get("minute")
hour = request.GET.get("hour")
day_of_week = request.GET.get("day_of_week")
day_of_month = request.GET.get("day_of_month")
month_of_year = request.GET.get("month_of_year")
now = time.strftime('%Y-%m-%d %H:%M:%S',
time.localtime(time.time()))
with connection.cursor() as cursor:
sql = "INSERT INTO django_celery_beat_crontabschedule(minute,hour,day_of_week,day_of_month,month_of_year)" \
" VALUE (%s,%s,%s,%s,%s);"
cursor.execute(
sql,
(minute, hour, day_of_week, day_of_month, month_of_year))
with connection.cursor() as cursor:
sql = "SELECT LAST_INSERT_ID() as id;"
cursor.execute(sql)
result = cursor.fetchone()
cron_id = result[0]
task_args = json.dumps([start_url, exist_time, depth, max_num])
with connection.cursor() as cursor:
sql = "UPDATE django_celery_beat_periodictask SET name=%s,args=%s,expires=%s,enabled=%s," \
"date_changed=%s,description=%s,crontab_id=%s WHERE id=%s;"
cursor.execute(sql, (task_name, task_args, expires, enabled,
now, description, cron_id, task_id))
result = json_result("success", "任务更新成功")
except Exception as e:
raise e
logging.error("Error %s occurred" % (e.__class__, ))
result = json_result("error", "任务更新失败")
return HttpResponse(result,
content_type="application/json;charset=utf-8")
else:
return render(request, 'isadmin/error/error-404.html')
