2019-02-27 00:45:00 +00:00
|
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
#
|
2020-06-30 09:12:38 +00:00
|
|
|
|
import base64
|
2021-01-22 07:57:29 +00:00
|
|
|
|
from Cryptodome.PublicKey import RSA
|
|
|
|
|
from Cryptodome.Cipher import PKCS1_v1_5
|
|
|
|
|
from Cryptodome import Random
|
2021-09-27 11:06:26 +00:00
|
|
|
|
|
2021-11-08 07:12:12 +00:00
|
|
|
|
from django.conf import settings
|
2021-09-27 11:06:26 +00:00
|
|
|
|
from .notifications import DifferentCityLoginMessage
|
|
|
|
|
from audits.models import UserLoginLog
|
|
|
|
|
from audits.const import DEFAULT_CITY
|
|
|
|
|
from common.utils import get_request_ip
|
|
|
|
|
from common.utils import validate_ip, get_ip_city
|
2020-06-30 09:12:38 +00:00
|
|
|
|
from common.utils import get_logger
|
|
|
|
|
|
|
|
|
|
logger = get_logger(__file__)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def gen_key_pair():
|
|
|
|
|
""" 生成加密key
|
|
|
|
|
用于登录页面提交用户名/密码时,对密码进行加密(前端)/解密(后端)
|
|
|
|
|
"""
|
|
|
|
|
random_generator = Random.new().read
|
|
|
|
|
rsa = RSA.generate(1024, random_generator)
|
|
|
|
|
rsa_private_key = rsa.exportKey().decode()
|
|
|
|
|
rsa_public_key = rsa.publickey().exportKey().decode()
|
|
|
|
|
return rsa_private_key, rsa_public_key
|
|
|
|
|
|
|
|
|
|
|
2020-06-30 10:35:01 +00:00
|
|
|
|
def rsa_encrypt(message, rsa_public_key):
|
|
|
|
|
""" 加密登录密码 """
|
|
|
|
|
key = RSA.importKey(rsa_public_key)
|
|
|
|
|
cipher = PKCS1_v1_5.new(key)
|
|
|
|
|
cipher_text = base64.b64encode(cipher.encrypt(message.encode())).decode()
|
|
|
|
|
return cipher_text
|
|
|
|
|
|
|
|
|
|
|
2020-06-30 09:12:38 +00:00
|
|
|
|
def rsa_decrypt(cipher_text, rsa_private_key=None):
|
|
|
|
|
""" 解密登录密码 """
|
|
|
|
|
if rsa_private_key is None:
|
|
|
|
|
# rsa_private_key 为 None,可以能是API请求认证,不需要解密
|
|
|
|
|
return cipher_text
|
2020-08-19 13:22:28 +00:00
|
|
|
|
|
2020-06-30 09:12:38 +00:00
|
|
|
|
key = RSA.importKey(rsa_private_key)
|
|
|
|
|
cipher = PKCS1_v1_5.new(key)
|
2020-08-19 13:22:28 +00:00
|
|
|
|
cipher_decoded = base64.b64decode(cipher_text.encode())
|
|
|
|
|
# Todo: 弄明白为何要以下这么写,https://xbuba.com/questions/57035263
|
|
|
|
|
if len(cipher_decoded) == 127:
|
|
|
|
|
hex_fixed = '00' + cipher_decoded.hex()
|
|
|
|
|
cipher_decoded = base64.b16decode(hex_fixed.upper())
|
|
|
|
|
message = cipher.decrypt(cipher_decoded, b'error').decode()
|
2020-06-30 09:12:38 +00:00
|
|
|
|
return message
|
2021-09-27 11:06:26 +00:00
|
|
|
|
|
|
|
|
|
|
2021-11-08 07:12:12 +00:00
|
|
|
|
def check_different_city_login_if_need(user, request):
|
|
|
|
|
if not settings.SECURITY_CHECK_DIFFERENT_CITY_LOGIN:
|
|
|
|
|
return
|
|
|
|
|
|
2021-09-27 11:06:26 +00:00
|
|
|
|
ip = get_request_ip(request) or '0.0.0.0'
|
|
|
|
|
|
|
|
|
|
if not (ip and validate_ip(ip)):
|
|
|
|
|
city = DEFAULT_CITY
|
|
|
|
|
else:
|
|
|
|
|
city = get_ip_city(ip) or DEFAULT_CITY
|
|
|
|
|
|
2021-11-02 07:41:25 +00:00
|
|
|
|
city_white = ['LAN', ]
|
|
|
|
|
if city not in city_white:
|
|
|
|
|
last_user_login = UserLoginLog.objects.exclude(city__in=city_white) \
|
|
|
|
|
.filter(username=user.username, status=True).first()
|
|
|
|
|
|
|
|
|
|
if last_user_login and last_user_login.city != city:
|
|
|
|
|
DifferentCityLoginMessage(user, ip, city).publish_async()
|