jumpserver/apps/terminal/api.py

275 lines
9.4 KiB
Python
Raw Normal View History

2016-10-16 14:12:13 +00:00
# -*- coding: utf-8 -*-
2017-11-14 01:44:16 +00:00
#
from collections import OrderedDict
2017-11-22 02:54:59 +00:00
import logging
import os
2017-12-25 04:22:49 +00:00
import uuid
2017-11-14 01:44:16 +00:00
from rest_framework import viewsets, serializers
2016-10-17 09:28:07 +00:00
from rest_framework.views import APIView, Response
from rest_framework.permissions import AllowAny
2017-12-25 04:22:49 +00:00
from django.core.cache import cache
2017-12-18 10:38:30 +00:00
from django.shortcuts import get_object_or_404, redirect
2017-11-14 01:44:16 +00:00
from django.utils import timezone
2017-12-18 10:38:30 +00:00
from django.core.files.storage import default_storage
from django.http import HttpResponseNotFound
2016-10-16 14:12:13 +00:00
2017-11-29 11:27:04 +00:00
from common.utils import get_object_or_none
from .models import Terminal, Status, Session, Task
from .serializers import TerminalSerializer, StatusSerializer, \
2017-12-18 10:38:30 +00:00
SessionSerializer, TaskSerializer, ReplaySerializer
2017-12-04 12:15:47 +00:00
from .hands import IsSuperUserOrAppUser, IsAppUser, \
2017-03-31 03:25:25 +00:00
IsSuperUserOrAppUserOrUserReadonly
2018-01-21 09:27:27 +00:00
from .backends import get_command_store, get_multi_command_store, \
SessionCommandSerializer
2017-11-22 02:54:59 +00:00
logger = logging.getLogger(__file__)
2016-10-16 14:12:13 +00:00
2017-10-31 03:34:20 +00:00
class TerminalViewSet(viewsets.ModelViewSet):
2017-11-14 01:44:16 +00:00
queryset = Terminal.objects.filter(is_deleted=False)
serializer_class = TerminalSerializer
2017-10-31 03:34:20 +00:00
permission_classes = (IsSuperUserOrAppUserOrUserReadonly,)
def create(self, request, *args, **kwargs):
2017-10-31 03:34:20 +00:00
name = request.data.get('name')
remote_ip = request.META.get('REMOTE_ADDR')
x_real_ip = request.META.get('X-Real-IP')
remote_addr = x_real_ip or remote_ip
2017-12-25 04:22:49 +00:00
terminal = get_object_or_none(Terminal, name=name, is_deleted=False)
2017-10-31 03:34:20 +00:00
if terminal:
msg = 'Terminal name %s already used' % name
return Response({'msg': msg}, status=409)
2016-12-25 09:44:39 +00:00
2017-10-31 03:34:20 +00:00
serializer = self.serializer_class(data={
'name': name, 'remote_addr': remote_addr
})
2016-12-25 09:44:39 +00:00
if serializer.is_valid():
terminal = serializer.save()
2017-12-25 04:22:49 +00:00
# App should use id, token get access key, if accepted
token = uuid.uuid4().hex
cache.set(token, str(terminal.id), 3600)
data = {"id": str(terminal.id), "token": token, "msg": "Need accept"}
2016-12-25 09:44:39 +00:00
return Response(data, status=201)
else:
2017-10-31 03:34:20 +00:00
data = serializer.errors
2018-01-29 03:53:49 +00:00
logger.error("Register terminal error: {}".format(data))
2016-12-27 16:28:52 +00:00
return Response(data, status=400)
2017-10-31 03:34:20 +00:00
def get_permissions(self):
if self.action == "create":
self.permission_classes = (AllowAny,)
2017-11-14 01:44:16 +00:00
return super().get_permissions()
2017-12-25 04:22:49 +00:00
class TerminalTokenApi(APIView):
permission_classes = (AllowAny,)
queryset = Terminal.objects.filter(is_deleted=False)
def get(self, request, *args, **kwargs):
try:
terminal = self.queryset.get(id=kwargs.get('terminal'))
except Terminal.DoesNotExist:
terminal = None
token = request.query_params.get("token")
if terminal is None:
return Response('May be reject by administrator', status=401)
if token is None or cache.get(token, "") != str(terminal.id):
return Response('Token is not valid', status=401)
if not terminal.is_accepted:
return Response("Terminal was not accepted yet", status=400)
if not terminal.user or not terminal.user.access_key.all():
return Response("No access key generate", status=401)
access_key = terminal.user.access_key.first()
data = OrderedDict()
data['access_key'] = {'id': access_key.id, 'secret': access_key.secret}
return Response(data, status=200)
class StatusViewSet(viewsets.ModelViewSet):
queryset = Status.objects.all()
serializer_class = StatusSerializer
2017-11-14 01:44:16 +00:00
permission_classes = (IsSuperUserOrAppUser,)
session_serializer_class = SessionSerializer
task_serializer_class = TaskSerializer
2017-11-14 01:44:16 +00:00
def create(self, request, *args, **kwargs):
2017-11-22 02:54:59 +00:00
self.handle_sessions()
super().create(request, *args, **kwargs)
tasks = self.request.user.terminal.task_set.filter(is_finished=False)
serializer = self.task_serializer_class(tasks, many=True)
return Response(serializer.data, status=201)
2017-11-22 02:54:59 +00:00
def handle_sessions(self):
2017-11-14 01:44:16 +00:00
sessions_active = []
for session_data in self.request.data.get("sessions", []):
self.create_or_update_session(session_data)
2017-11-22 02:54:59 +00:00
if not session_data["is_finished"]:
sessions_active.append(session_data["id"])
2017-11-14 01:44:16 +00:00
sessions_in_db_active = Session.objects.filter(
is_finished=False,
terminal=self.request.user.terminal.id
2017-11-14 01:44:16 +00:00
)
2016-10-17 09:28:07 +00:00
2017-11-14 01:44:16 +00:00
for session in sessions_in_db_active:
if str(session.id) not in sessions_active:
2017-11-14 01:44:16 +00:00
session.is_finished = True
session.date_end = timezone.now()
session.save()
def create_or_update_session(self, session_data):
session_data["terminal"] = self.request.user.terminal.id
_id = session_data["id"]
session = get_object_or_none(Session, id=_id)
if session:
serializer = SessionSerializer(
data=session_data, instance=session
)
else:
serializer = SessionSerializer(data=session_data)
if serializer.is_valid():
session = serializer.save()
return session
else:
2018-01-16 01:58:33 +00:00
msg = "session data is not valid {}: {}".format(
serializer.errors, str(serializer.data)
)
logger.error(msg)
return None
2017-11-14 01:44:16 +00:00
def get_queryset(self):
terminal_id = self.kwargs.get("terminal", None)
if terminal_id:
terminal = get_object_or_404(Terminal, id=terminal_id)
self.queryset = terminal.status_set.all()
2017-11-14 01:44:16 +00:00
return self.queryset
def perform_create(self, serializer):
serializer.validated_data["terminal"] = self.request.user.terminal
return super().perform_create(serializer)
def get_permissions(self):
if self.action == "create":
self.permission_classes = (IsAppUser,)
2017-10-31 03:34:20 +00:00
return super().get_permissions()
2016-10-24 11:32:53 +00:00
class SessionViewSet(viewsets.ModelViewSet):
queryset = Session.objects.all()
serializer_class = SessionSerializer
2017-11-14 01:44:16 +00:00
permission_classes = (IsSuperUserOrAppUser,)
2017-02-11 11:49:15 +00:00
2017-11-14 01:44:16 +00:00
def get_queryset(self):
terminal_id = self.kwargs.get("terminal", None)
if terminal_id:
terminal = get_object_or_404(Terminal, id=terminal_id)
self.queryset = terminal.status_set.all()
2017-11-14 01:44:16 +00:00
return self.queryset
2016-10-24 11:32:53 +00:00
2016-11-13 14:34:38 +00:00
class TaskViewSet(viewsets.ModelViewSet):
queryset = Task.objects.all()
serializer_class = TaskSerializer
2017-11-14 01:44:16 +00:00
permission_classes = (IsSuperUserOrAppUser,)
2017-11-29 11:27:04 +00:00
class CommandViewSet(viewsets.ViewSet):
2017-11-29 11:27:04 +00:00
"""接受app发送来的command log, 格式如下
{
"user": "admin",
"asset": "localhost",
"system_user": "web",
"session": "xxxxxx",
"input": "whoami",
"output": "d2hvbWFp", # base64.b64encode(s)
"timestamp": 1485238673.0
}
"""
command_store = get_command_store()
2018-01-21 09:27:27 +00:00
multi_command_storage = get_multi_command_store()
2017-11-29 11:27:04 +00:00
serializer_class = SessionCommandSerializer
permission_classes = (IsSuperUserOrAppUser,)
def get_queryset(self):
2017-12-18 10:38:30 +00:00
self.command_store.filter(**dict(self.request.query_params))
2017-11-29 11:27:04 +00:00
def create(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data, many=True)
if serializer.is_valid():
ok = self.command_store.bulk_save(serializer.validated_data)
if ok:
return Response("ok", status=201)
else:
2017-12-04 08:41:00 +00:00
return Response("Save error", status=500)
2017-11-29 11:27:04 +00:00
else:
2017-12-04 12:15:47 +00:00
msg = "Not valid: {}".format(serializer.errors)
logger.error(msg)
return Response({"msg": msg}, status=401)
2017-11-29 11:27:04 +00:00
def list(self, request, *args, **kwargs):
2018-01-21 09:27:27 +00:00
queryset = self.multi_command_storage.filter()
2017-11-29 11:27:04 +00:00
serializer = self.serializer_class(queryset, many=True)
return Response(serializer.data)
2017-12-18 10:38:30 +00:00
class SessionReplayViewSet(viewsets.ViewSet):
serializer_class = ReplaySerializer
permission_classes = ()
session = None
def gen_session_path(self):
date = self.session.date_start.strftime('%Y-%m-%d')
return os.path.join(date, str(self.session.id)+'.gz')
def create(self, request, *args, **kwargs):
session_id = kwargs.get('pk')
self.session = get_object_or_404(Session, id=session_id)
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
file = serializer.validated_data['file']
file_path = self.gen_session_path()
try:
default_storage.save(file_path, file)
return Response({'url': default_storage.url(file_path)},
status=201)
except IOError:
return Response("Save error", status=500)
else:
logger.error(
'Update load data invalid: {}'.format(serializer.errors))
return Response({'msg': serializer.errors}, status=401)
def retrieve(self, request, *args, **kwargs):
session_id = kwargs.get('pk')
self.session = get_object_or_404(Session, id=session_id)
path = self.gen_session_path()
if default_storage.exists(path):
url = default_storage.url(path)
return redirect(url)
else:
return HttpResponseNotFound()
2018-01-20 14:22:09 +00:00
2018-01-21 07:12:59 +00:00
class TerminalConfig(APIView):
2018-01-20 14:22:09 +00:00
permission_classes = (IsAppUser,)
def get(self, request):
2018-01-21 07:12:59 +00:00
user = request.user
terminal = user.terminal
configs = terminal.config
return Response(configs, status=200)