jumpserver/apps/terminal/api/terminal.py

# -*- coding: utf-8 -*-
#
from collections import OrderedDict
import logging
import uuid

from django.core.cache import cache
from django.shortcuts import get_object_or_404
from rest_framework import viewsets
from rest_framework.views import APIView, Response
from rest_framework.permissions import AllowAny

from common.drf.api import JMSBulkModelViewSet
from common.utils import get_object_or_none
from common.permissions import IsAppUser, IsOrgAdminOrAppUser, IsSuperUser
from ..models import Terminal, Status, Session
from .. import serializers
from .. import exceptions

__all__ = [
    'TerminalViewSet', 'TerminalTokenApi', 'StatusViewSet', 'TerminalConfig',
]
logger = logging.getLogger(__file__)


class TerminalViewSet(JMSBulkModelViewSet):
    queryset = Terminal.objects.filter(is_deleted=False)
    serializer_class = serializers.TerminalSerializer
    permission_classes = (IsSuperUser,)
    filterset_fields = ['name', 'remote_addr', 'type']

    def create(self, request, *args, **kwargs):
        if isinstance(request.data, list):
            raise exceptions.BulkCreateNotSupport()

        name = request.data.get('name')
        remote_ip = request.META.get('REMOTE_ADDR')
        x_real_ip = request.META.get('X-Real-IP')
        remote_addr = x_real_ip or remote_ip

        terminal = get_object_or_none(Terminal, name=name, is_deleted=False)
        if terminal:
            msg = 'Terminal name %s already used' % name
            return Response({'msg': msg}, status=409)

        serializer = self.serializer_class(data={
            'name': name, 'remote_addr': remote_addr
        })

        if serializer.is_valid():
            terminal = serializer.save()

            # App should use id, token get access key, if accepted
            token = uuid.uuid4().hex
            cache.set(token, str(terminal.id), 3600)
            data = {"id": str(terminal.id), "token": token, "msg": "Need accept"}
            return Response(data, status=201)
        else:
            data = serializer.errors
            logger.error("Register terminal error: {}".format(data))
            return Response(data, status=400)

    def filter_queryset(self, queryset):
        queryset = super().filter_queryset(queryset)
        status = self.request.query_params.get('status')
        if not status:
            return queryset
        filtered_queryset_id = [str(q.id) for q in queryset if q.status == status]
        queryset = queryset.filter(id__in=filtered_queryset_id)
        return queryset

    def get_permissions(self):
        if self.action == "create":
            self.permission_classes = (AllowAny,)
        return super().get_permissions()


class TerminalTokenApi(APIView):
    permission_classes = (AllowAny,)
    queryset = Terminal.objects.filter(is_deleted=False)

    def get(self, request, *args, **kwargs):
        try:
            terminal = self.queryset.get(id=kwargs.get('terminal'))
        except Terminal.DoesNotExist:
            terminal = None

        token = request.query_params.get("token")

        if terminal is None:
            return Response('May be reject by administrator', status=401)

        if token is None or cache.get(token, "") != str(terminal.id):
            return Response('Token is not valid', status=401)

        if not terminal.is_accepted:
            return Response("Terminal was not accepted yet", status=400)

        if not terminal.user or not terminal.user.access_key:
            return Response("No access key generate", status=401)

        access_key = terminal.user.access_key()
        data = OrderedDict()
        data['access_key'] = {'id': access_key.id, 'secret': access_key.secret}
        return Response(data, status=200)


class StatusViewSet(viewsets.ModelViewSet):
    queryset = Status.objects.all()
    serializer_class = serializers.StatusSerializer
    permission_classes = (IsOrgAdminOrAppUser,)
    session_serializer_class = serializers.SessionSerializer
    task_serializer_class = serializers.TaskSerializer

    def create(self, request, *args, **kwargs):
        self.handle_sessions()
        tasks = self.request.user.terminal.task_set.filter(is_finished=False)
        serializer = self.task_serializer_class(tasks, many=True)
        return Response(serializer.data, status=201)

    def handle_sessions(self):
        sessions_id = self.request.data.get('sessions', [])
        # guacamole 上报的 session 是字符串
        # "[53cd3e47-210f-41d8-b3c6-a184f3, 53cd3e47-210f-41d8-b3c6-a184f4]"
        if isinstance(sessions_id, str):
            sessions_id = sessions_id[1:-1].split(',')
            sessions_id = [sid.strip() for sid in sessions_id if sid.strip()]
        Session.set_sessions_active(sessions_id)

    def get_queryset(self):
        terminal_id = self.kwargs.get("terminal", None)
        if terminal_id:
            terminal = get_object_or_404(Terminal, id=terminal_id)
            self.queryset = terminal.status_set.all()
        return self.queryset

    def perform_create(self, serializer):
        serializer.validated_data["terminal"] = self.request.user.terminal
        return super().perform_create(serializer)

    def get_permissions(self):
        if self.action == "create":
            self.permission_classes = (IsAppUser,)
        return super().get_permissions()


class TerminalConfig(APIView):
    permission_classes = (IsAppUser,)

    def get(self, request):
        user = request.user
        terminal = user.terminal
        configs = terminal.config
        return Response(configs, status=200)
服务账号注册机制更改 (#2079) * [Update] 服务账号注册 * [Update] 修改settings配置 * [Update] 修改settings * [Update] 整理terminal api * [Update] 修改terminal api * [Update] 修改terminal注册机制 6 years ago			`# -- coding: utf-8 --`
			`#`
			`from collections import OrderedDict`
			`import logging`
			`import uuid`

			`from django.core.cache import cache`
feat(terminal): 终端管理添加批量更新接口 4 years ago			`from django.shortcuts import get_object_or_404`
服务账号注册机制更改 (#2079) * [Update] 服务账号注册 * [Update] 修改settings配置 * [Update] 修改settings * [Update] 整理terminal api * [Update] 修改terminal api * [Update] 修改terminal注册机制 6 years ago			`from rest_framework import viewsets`
			`from rest_framework.views import APIView, Response`
			`from rest_framework.permissions import AllowAny`

feat(terminal): 终端管理添加批量更新接口 4 years ago			`from common.drf.api import JMSBulkModelViewSet`
服务账号注册机制更改 (#2079) * [Update] 服务账号注册 * [Update] 修改settings配置 * [Update] 修改settings * [Update] 整理terminal api * [Update] 修改terminal api * [Update] 修改terminal注册机制 6 years ago			`from common.utils import get_object_or_none`
			`from common.permissions import IsAppUser, IsOrgAdminOrAppUser, IsSuperUser`
Bugfix (#2506) * [Update] 增加清理celery日志 * [Update] 修复两周前会话命令数量系那是问题 * [Update] 修复两周前会话命令数量系那是问题 * [Update] 修改结构 * [Update] 添加datatable失败的日志 * [Update] 转换配置文件格式 * [Update] 添加traceback 6 years ago			`from ..models import Terminal, Status, Session`
			`from .. import serializers`
feat(terminal): 终端管理添加批量更新接口 4 years ago			`from .. import exceptions`
服务账号注册机制更改 (#2079) * [Update] 服务账号注册 * [Update] 修改settings配置 * [Update] 修改settings * [Update] 整理terminal api * [Update] 修改terminal api * [Update] 修改terminal注册机制 6 years ago
			`__all__ = [`
			`'TerminalViewSet', 'TerminalTokenApi', 'StatusViewSet', 'TerminalConfig',`
			`]`
			`logger = logging.getLogger(__file__)`


feat(terminal): 终端管理添加批量更新接口 4 years ago			`class TerminalViewSet(JMSBulkModelViewSet):`
服务账号注册机制更改 (#2079) * [Update] 服务账号注册 * [Update] 修改settings配置 * [Update] 修改settings * [Update] 整理terminal api * [Update] 修改terminal api * [Update] 修改terminal注册机制 6 years ago			`queryset = Terminal.objects.filter(is_deleted=False)`
			`serializer_class = serializers.TerminalSerializer`
			`permission_classes = (IsSuperUser,)`
perf(api): filter_fields被filterset_fields取代 https://django-filter.readthedocs.io/en/stable/guide/migration.html 4 years ago			`filterset_fields = ['name', 'remote_addr', 'type']`
服务账号注册机制更改 (#2079) * [Update] 服务账号注册 * [Update] 修改settings配置 * [Update] 修改settings * [Update] 整理terminal api * [Update] 修改terminal api * [Update] 修改terminal注册机制 6 years ago
			`def create(self, request, args, *kwargs):`
feat(terminal): 终端管理添加批量更新接口 4 years ago			`if isinstance(request.data, list):`
			`raise exceptions.BulkCreateNotSupport()`

服务账号注册机制更改 (#2079) * [Update] 服务账号注册 * [Update] 修改settings配置 * [Update] 修改settings * [Update] 整理terminal api * [Update] 修改terminal api * [Update] 修改terminal注册机制 6 years ago			`name = request.data.get('name')`
			`remote_ip = request.META.get('REMOTE_ADDR')`
			`x_real_ip = request.META.get('X-Real-IP')`
			`remote_addr = x_real_ip or remote_ip`

			`terminal = get_object_or_none(Terminal, name=name, is_deleted=False)`
			`if terminal:`
			`msg = 'Terminal name %s already used' % name`
			`return Response({'msg': msg}, status=409)`

			`serializer = self.serializer_class(data={`
			`'name': name, 'remote_addr': remote_addr`
			`})`

			`if serializer.is_valid():`
			`terminal = serializer.save()`

			`# App should use id, token get access key, if accepted`
			`token = uuid.uuid4().hex`
			`cache.set(token, str(terminal.id), 3600)`
			`data = {"id": str(terminal.id), "token": token, "msg": "Need accept"}`
			`return Response(data, status=201)`
			`else:`
			`data = serializer.errors`
			`logger.error("Register terminal error: {}".format(data))`
			`return Response(data, status=400)`

feat: 添加组件监控;TerminalModel添加type字段; (#5206) * feat: 添加组件监控;TerminalModel添加type字段; * feat: Terminal序列类添加type字段 * feat: Terminal序列类添加type字段为只读 * feat: 修改组件status文案 * feat: 取消上传组件状态序列类count字段 * reactor: 修改termina/models目录结构 * feat: 修改ComponentTypeChoices * feat: 取消考虑CoreComponent类型 * feat: 修改Terminal status判断逻辑 * feat: 终端列表添加status过滤; 组件状态序列类添加default值 * feat: 添加PrometheusMetricsAPI * feat: 修改PrometheusMetricsAPI Co-authored-by: Bai <bugatti_it@163.com> 4 years ago			`def filter_queryset(self, queryset):`
			`queryset = super().filter_queryset(queryset)`
			`status = self.request.query_params.get('status')`
			`if not status:`
			`return queryset`
			`filtered_queryset_id = [str(q.id) for q in queryset if q.status == status]`
			`queryset = queryset.filter(id__in=filtered_queryset_id)`
			`return queryset`

服务账号注册机制更改 (#2079) * [Update] 服务账号注册 * [Update] 修改settings配置 * [Update] 修改settings * [Update] 整理terminal api * [Update] 修改terminal api * [Update] 修改terminal注册机制 6 years ago			`def get_permissions(self):`
			`if self.action == "create":`
			`self.permission_classes = (AllowAny,)`
			`return super().get_permissions()`


			`class TerminalTokenApi(APIView):`
			`permission_classes = (AllowAny,)`
			`queryset = Terminal.objects.filter(is_deleted=False)`

			`def get(self, request, args, *kwargs):`
			`try:`
			`terminal = self.queryset.get(id=kwargs.get('terminal'))`
			`except Terminal.DoesNotExist:`
			`terminal = None`

			`token = request.query_params.get("token")`

			`if terminal is None:`
			`return Response('May be reject by administrator', status=401)`

			`if token is None or cache.get(token, "") != str(terminal.id):`
			`return Response('Token is not valid', status=401)`

			`if not terminal.is_accepted:`
			`return Response("Terminal was not accepted yet", status=400)`

[Bugfix] 修复accekt的错误 6 years ago			`if not terminal.user or not terminal.user.access_key:`
服务账号注册机制更改 (#2079) * [Update] 服务账号注册 * [Update] 修改settings配置 * [Update] 修改settings * [Update] 整理terminal api * [Update] 修改terminal api * [Update] 修改terminal注册机制 6 years ago			`return Response("No access key generate", status=401)`

[Update] 优化资产选择 (#2267) * [Update] 优化资产选择 * [Update] 优化资产任务 6 years ago			`access_key = terminal.user.access_key()`
服务账号注册机制更改 (#2079) * [Update] 服务账号注册 * [Update] 修改settings配置 * [Update] 修改settings * [Update] 整理terminal api * [Update] 修改terminal api * [Update] 修改terminal注册机制 6 years ago			`data = OrderedDict()`
			`data['access_key'] = {'id': access_key.id, 'secret': access_key.secret}`
			`return Response(data, status=200)`


			`class StatusViewSet(viewsets.ModelViewSet):`
			`queryset = Status.objects.all()`
			`serializer_class = serializers.StatusSerializer`
			`permission_classes = (IsOrgAdminOrAppUser,)`
			`session_serializer_class = serializers.SessionSerializer`
			`task_serializer_class = serializers.TaskSerializer`

			`def create(self, request, args, *kwargs):`
Bugfix (#2346) * [Update] 修改command Post导致的output错误和定时任务创建问题 * [Update] 修改celery 日志 * [Update] 修改task日志方式 * [Update] 修改Docker file 6 years ago			`self.handle_sessions()`
服务账号注册机制更改 (#2079) * [Update] 服务账号注册 * [Update] 修改settings配置 * [Update] 修改settings * [Update] 整理terminal api * [Update] 修改terminal api * [Update] 修改terminal注册机制 6 years ago			`tasks = self.request.user.terminal.task_set.filter(is_finished=False)`
			`serializer = self.task_serializer_class(tasks, many=True)`
			`return Response(serializer.data, status=201)`

			`def handle_sessions(self):`
Bugfix (#2346) * [Update] 修改command Post导致的output错误和定时任务创建问题 * [Update] 修改celery 日志 * [Update] 修改task日志方式 * [Update] 修改Docker file 6 years ago			`sessions_id = self.request.data.get('sessions', [])`
[Bugfix] 处理心跳时guacamole上报的session为str处理为list 5 years ago			`# guacamole 上报的 session 是字符串`
			`# "[53cd3e47-210f-41d8-b3c6-a184f3, 53cd3e47-210f-41d8-b3c6-a184f4]"`
			`if isinstance(sessions_id, str):`
			`sessions_id = sessions_id[1:-1].split(',')`
			`sessions_id = [sid.strip() for sid in sessions_id if sid.strip()]`
[Update] 修改一些terminal storage (#2357) 6 years ago			`Session.set_sessions_active(sessions_id)`
服务账号注册机制更改 (#2079) * [Update] 服务账号注册 * [Update] 修改settings配置 * [Update] 修改settings * [Update] 整理terminal api * [Update] 修改terminal api * [Update] 修改terminal注册机制 6 years ago
			`def get_queryset(self):`
			`terminal_id = self.kwargs.get("terminal", None)`
			`if terminal_id:`
			`terminal = get_object_or_404(Terminal, id=terminal_id)`
			`self.queryset = terminal.status_set.all()`
			`return self.queryset`

			`def perform_create(self, serializer):`
			`serializer.validated_data["terminal"] = self.request.user.terminal`
			`return super().perform_create(serializer)`

			`def get_permissions(self):`
			`if self.action == "create":`
			`self.permission_classes = (IsAppUser,)`
			`return super().get_permissions()`


			`class TerminalConfig(APIView):`
			`permission_classes = (IsAppUser,)`

			`def get(self, request):`
			`user = request.user`
			`terminal = user.terminal`
			`configs = terminal.config`
			`return Response(configs, status=200)`