jumpserver/apps/accounts/api/account/application.py

import os

from django.utils.translation import gettext_lazy as _
from django.conf import settings
from django.utils import translation
from rest_framework.decorators import action
from rest_framework.response import Response

from accounts import serializers
from accounts.models import IntegrationApplication
from audits.models import IntegrationApplicationLog
from authentication.permissions import UserConfirmation, ConfirmType
from common.exceptions import JMSException
from common.permissions import IsValidUser
from common.utils import get_request_ip
from orgs.mixins.api import OrgBulkModelViewSet
from rbac.permissions import RBACPermission


class IntegrationApplicationViewSet(OrgBulkModelViewSet):
    model = IntegrationApplication
    search_fields = ('name', 'comment')
    serializer_classes = {
        'default': serializers.IntegrationApplicationSerializer,
        'get_account_secret': serializers.IntegrationAccountSecretSerializer
    }
    rbac_perms = {
        'get_once_secret': 'accounts.change_integrationapplication',
        'get_account_secret': 'view_integrationapplication',
    }

    @action(
        ['GET'], detail=False, url_path='sdks',
        permission_classes=[IsValidUser]
    )
    def get_sdks_info(self, request, *args, **kwargs):
        readme = ''
        sdk_language = self.request.query_params.get('language', 'python')
        filename = f'readme.{translation.get_language()}.md'
        readme_path = os.path.join(
            settings.APPS_DIR, 'accounts', 'demos', sdk_language, filename
        )
        if os.path.exists(readme_path):
            with open(readme_path, 'r') as f:
                readme = f.read()
        return Response(data={'readme': readme })

    @action(
        ['GET'], detail=True, url_path='secret',
        permission_classes=[RBACPermission, UserConfirmation.require(ConfirmType.MFA)]
    )
    def get_once_secret(self, request, *args, **kwargs):
        instance = self.get_object()
        secret = instance.get_secret()
        return Response(data={'id': instance.id, 'secret': secret})

    @action(['GET'], detail=False, url_path='account-secret')
    def get_account_secret(self, request, *args, **kwargs):
        serializer = self.get_serializer(data=request.query_params)
        if not serializer.is_valid():
            return Response({'error': serializer.errors}, status=400)

        service = request.user
        account = service.get_account(**serializer.data)
        if not account:
            msg = _('Account not found')
            raise JMSException(code='Not found', detail='%s' % msg)
        asset = account.asset
        IntegrationApplicationLog.objects.create(
            remote_addr=get_request_ip(request), service=service.name, service_id=service.id,
            account=f'{account.name}({account.username})', asset=f'{asset.name}({asset.address})',
        )
        return Response(data={'id': request.user.id, 'secret': account.secret})
feat: PAM Service (#14552) * feat: PAM Service * perf: import package name --------- Co-authored-by: jiangweidong <1053570670@qq.com> 2024-12-02 02:32:52 +00:00			`import os`

			`from django.utils.translation import gettext_lazy as _`
			`from django.conf import settings`
			`from django.utils import translation`
			`from rest_framework.decorators import action`
			`from rest_framework.response import Response`

			`from accounts import serializers`
perf: update service to application 2024-12-04 10:32:49 +00:00			`from accounts.models import IntegrationApplication`
			`from audits.models import IntegrationApplicationLog`
feat: PAM Service (#14552) * feat: PAM Service * perf: import package name --------- Co-authored-by: jiangweidong <1053570670@qq.com> 2024-12-02 02:32:52 +00:00			`from authentication.permissions import UserConfirmation, ConfirmType`
			`from common.exceptions import JMSException`
			`from common.permissions import IsValidUser`
			`from common.utils import get_request_ip`
			`from orgs.mixins.api import OrgBulkModelViewSet`
			`from rbac.permissions import RBACPermission`


perf: update service to application 2024-12-04 10:32:49 +00:00			`class IntegrationApplicationViewSet(OrgBulkModelViewSet):`
			`model = IntegrationApplication`
feat: PAM Service (#14552) * feat: PAM Service * perf: import package name --------- Co-authored-by: jiangweidong <1053570670@qq.com> 2024-12-02 02:32:52 +00:00			`search_fields = ('name', 'comment')`
			`serializer_classes = {`
perf: update service to application 2024-12-04 10:32:49 +00:00			`'default': serializers.IntegrationApplicationSerializer,`
			`'get_account_secret': serializers.IntegrationAccountSecretSerializer`
feat: PAM Service (#14552) * feat: PAM Service * perf: import package name --------- Co-authored-by: jiangweidong <1053570670@qq.com> 2024-12-02 02:32:52 +00:00			`}`
			`rbac_perms = {`
perf: update service to application 2024-12-04 10:32:49 +00:00			`'get_once_secret': 'accounts.change_integrationapplication',`
			`'get_account_secret': 'view_integrationapplication',`
feat: PAM Service (#14552) * feat: PAM Service * perf: import package name --------- Co-authored-by: jiangweidong <1053570670@qq.com> 2024-12-02 02:32:52 +00:00			`}`

			`@action(`
			`['GET'], detail=False, url_path='sdks',`
			`permission_classes=[IsValidUser]`
			`)`
			`def get_sdks_info(self, request, args, *kwargs):`
			`readme = ''`
			`sdk_language = self.request.query_params.get('language', 'python')`
			`filename = f'readme.{translation.get_language()}.md'`
			`readme_path = os.path.join(`
			`settings.APPS_DIR, 'accounts', 'demos', sdk_language, filename`
			`)`
			`if os.path.exists(readme_path):`
			`with open(readme_path, 'r') as f:`
			`readme = f.read()`
			`return Response(data={'readme': readme })`

			`@action(`
			`['GET'], detail=True, url_path='secret',`
			`permission_classes=[RBACPermission, UserConfirmation.require(ConfirmType.MFA)]`
			`)`
			`def get_once_secret(self, request, args, *kwargs):`
			`instance = self.get_object()`
			`secret = instance.get_secret()`
			`return Response(data={'id': instance.id, 'secret': secret})`

			`@action(['GET'], detail=False, url_path='account-secret')`
			`def get_account_secret(self, request, args, *kwargs):`
			`serializer = self.get_serializer(data=request.query_params)`
			`if not serializer.is_valid():`
			`return Response({'error': serializer.errors}, status=400)`

			`service = request.user`
			`account = service.get_account(**serializer.data)`
			`if not account:`
			`msg = _('Account not found')`
			`raise JMSException(code='Not found', detail='%s' % msg)`
			`asset = account.asset`
perf: update service to application 2024-12-04 10:32:49 +00:00			`IntegrationApplicationLog.objects.create(`
feat: PAM Service (#14552) * feat: PAM Service * perf: import package name --------- Co-authored-by: jiangweidong <1053570670@qq.com> 2024-12-02 02:32:52 +00:00			`remote_addr=get_request_ip(request), service=service.name, service_id=service.id,`
			`account=f'{account.name}({account.username})', asset=f'{asset.name}({asset.address})',`
			`)`
			`return Response(data={'id': request.user.id, 'secret': account.secret})`