jumpserver/apps/terminal/api.py

373 lines
13 KiB
Python
Raw Normal View History

2016-10-16 14:12:13 +00:00
# -*- coding: utf-8 -*-
2017-11-14 01:44:16 +00:00
#
from collections import OrderedDict
2017-11-22 02:54:59 +00:00
import logging
import os
2017-12-25 04:22:49 +00:00
import uuid
from django.core.cache import cache
2017-12-18 10:38:30 +00:00
from django.shortcuts import get_object_or_404, redirect
2017-11-14 01:44:16 +00:00
from django.utils import timezone
2017-12-18 10:38:30 +00:00
from django.core.files.storage import default_storage
2018-05-22 10:22:06 +00:00
from django.http.response import HttpResponseRedirectBase
2017-12-18 10:38:30 +00:00
from django.http import HttpResponseNotFound
from django.conf import settings
2018-03-12 02:30:40 +00:00
import jms_storage
from rest_framework import viewsets
2018-03-07 03:28:42 +00:00
from rest_framework.views import APIView, Response
from rest_framework.permissions import AllowAny
from rest_framework_bulk import BulkModelViewSet
2016-10-16 14:12:13 +00:00
from common.utils import get_object_or_none, is_uuid
from .hands import SystemUser
from .models import Terminal, Status, Session, Task
from .serializers import TerminalSerializer, StatusSerializer, \
2017-12-18 10:38:30 +00:00
SessionSerializer, TaskSerializer, ReplaySerializer
2018-07-25 09:21:13 +00:00
from common.permissions import IsAppUser, IsOrgAdminOrAppUser
2018-05-22 10:22:06 +00:00
from .backends import get_command_storage, get_multi_command_storage, \
2018-01-21 09:27:27 +00:00
SessionCommandSerializer
2017-11-22 02:54:59 +00:00
logger = logging.getLogger(__file__)
2016-10-16 14:12:13 +00:00
2017-10-31 03:34:20 +00:00
class TerminalViewSet(viewsets.ModelViewSet):
2017-11-14 01:44:16 +00:00
queryset = Terminal.objects.filter(is_deleted=False)
serializer_class = TerminalSerializer
2018-07-25 09:21:13 +00:00
permission_classes = (AllowAny,)
def create(self, request, *args, **kwargs):
2017-10-31 03:34:20 +00:00
name = request.data.get('name')
remote_ip = request.META.get('REMOTE_ADDR')
x_real_ip = request.META.get('X-Real-IP')
remote_addr = x_real_ip or remote_ip
2017-12-25 04:22:49 +00:00
terminal = get_object_or_none(Terminal, name=name, is_deleted=False)
2017-10-31 03:34:20 +00:00
if terminal:
msg = 'Terminal name %s already used' % name
return Response({'msg': msg}, status=409)
2016-12-25 09:44:39 +00:00
2017-10-31 03:34:20 +00:00
serializer = self.serializer_class(data={
'name': name, 'remote_addr': remote_addr
})
2016-12-25 09:44:39 +00:00
if serializer.is_valid():
terminal = serializer.save()
2017-12-25 04:22:49 +00:00
# App should use id, token get access key, if accepted
token = uuid.uuid4().hex
cache.set(token, str(terminal.id), 3600)
data = {"id": str(terminal.id), "token": token, "msg": "Need accept"}
2016-12-25 09:44:39 +00:00
return Response(data, status=201)
else:
2017-10-31 03:34:20 +00:00
data = serializer.errors
2018-01-29 03:53:49 +00:00
logger.error("Register terminal error: {}".format(data))
2016-12-27 16:28:52 +00:00
return Response(data, status=400)
2017-10-31 03:34:20 +00:00
def get_permissions(self):
if self.action == "create":
self.permission_classes = (AllowAny,)
2017-11-14 01:44:16 +00:00
return super().get_permissions()
2017-12-25 04:22:49 +00:00
class TerminalTokenApi(APIView):
permission_classes = (AllowAny,)
queryset = Terminal.objects.filter(is_deleted=False)
def get(self, request, *args, **kwargs):
try:
terminal = self.queryset.get(id=kwargs.get('terminal'))
except Terminal.DoesNotExist:
terminal = None
token = request.query_params.get("token")
if terminal is None:
return Response('May be reject by administrator', status=401)
if token is None or cache.get(token, "") != str(terminal.id):
return Response('Token is not valid', status=401)
if not terminal.is_accepted:
return Response("Terminal was not accepted yet", status=400)
if not terminal.user or not terminal.user.access_key.all():
return Response("No access key generate", status=401)
access_key = terminal.user.access_key.first()
data = OrderedDict()
data['access_key'] = {'id': access_key.id, 'secret': access_key.secret}
return Response(data, status=200)
class StatusViewSet(viewsets.ModelViewSet):
2018-07-14 16:55:05 +00:00
queryset = Status.objects.all()
serializer_class = StatusSerializer
2018-07-23 04:55:13 +00:00
permission_classes = (IsOrgAdminOrAppUser,)
session_serializer_class = SessionSerializer
task_serializer_class = TaskSerializer
2017-11-14 01:44:16 +00:00
def create(self, request, *args, **kwargs):
2018-05-24 05:30:15 +00:00
from_gua = self.request.query_params.get("from_guacamole", None)
if not from_gua:
self.handle_sessions()
super().create(request, *args, **kwargs)
tasks = self.request.user.terminal.task_set.filter(is_finished=False)
serializer = self.task_serializer_class(tasks, many=True)
return Response(serializer.data, status=201)
2017-11-22 02:54:59 +00:00
def handle_sessions(self):
2017-11-14 01:44:16 +00:00
sessions_active = []
for session_data in self.request.data.get("sessions", []):
self.create_or_update_session(session_data)
2017-11-22 02:54:59 +00:00
if not session_data["is_finished"]:
sessions_active.append(session_data["id"])
2017-11-14 01:44:16 +00:00
sessions_in_db_active = Session.objects.filter(
is_finished=False,
terminal=self.request.user.terminal.id
2017-11-14 01:44:16 +00:00
)
2016-10-17 09:28:07 +00:00
2017-11-14 01:44:16 +00:00
for session in sessions_in_db_active:
if str(session.id) not in sessions_active:
2017-11-14 01:44:16 +00:00
session.is_finished = True
session.date_end = timezone.now()
session.save()
def create_or_update_session(self, session_data):
session_data["terminal"] = self.request.user.terminal.id
_id = session_data["id"]
session = get_object_or_none(Session, id=_id)
if session:
serializer = SessionSerializer(
data=session_data, instance=session
)
else:
serializer = SessionSerializer(data=session_data)
if serializer.is_valid():
session = serializer.save()
return session
else:
2018-01-16 01:58:33 +00:00
msg = "session data is not valid {}: {}".format(
serializer.errors, str(serializer.data)
)
logger.error(msg)
return None
2017-11-14 01:44:16 +00:00
def get_queryset(self):
terminal_id = self.kwargs.get("terminal", None)
if terminal_id:
terminal = get_object_or_404(Terminal, id=terminal_id)
self.queryset = terminal.status_set.all()
2017-11-14 01:44:16 +00:00
return self.queryset
def perform_create(self, serializer):
serializer.validated_data["terminal"] = self.request.user.terminal
return super().perform_create(serializer)
def get_permissions(self):
if self.action == "create":
self.permission_classes = (IsAppUser,)
2017-10-31 03:34:20 +00:00
return super().get_permissions()
2016-10-24 11:32:53 +00:00
class SessionViewSet(viewsets.ModelViewSet):
2018-07-14 16:55:05 +00:00
queryset = Session.objects.all()
serializer_class = SessionSerializer
2018-07-23 04:55:13 +00:00
permission_classes = (IsOrgAdminOrAppUser,)
2017-02-11 11:49:15 +00:00
2017-11-14 01:44:16 +00:00
def get_queryset(self):
terminal_id = self.kwargs.get("terminal", None)
if terminal_id:
terminal = get_object_or_404(Terminal, id=terminal_id)
2018-02-25 14:36:42 +00:00
self.queryset = terminal.session_set.all()
2017-11-14 01:44:16 +00:00
return self.queryset
2016-10-24 11:32:53 +00:00
2018-04-23 03:32:46 +00:00
def perform_create(self, serializer):
if hasattr(self.request.user, 'terminal'):
2018-04-23 03:32:46 +00:00
serializer.validated_data["terminal"] = self.request.user.terminal
sid = serializer.validated_data["system_user"]
if is_uuid(sid):
_system_user = SystemUser.get_system_user_by_id_or_cached(sid)
if _system_user:
serializer.validated_data["system_user"] = _system_user.name
2018-04-23 03:32:46 +00:00
return super().perform_create(serializer)
2016-11-13 14:34:38 +00:00
2018-03-07 03:28:42 +00:00
class TaskViewSet(BulkModelViewSet):
2018-07-14 16:55:05 +00:00
queryset = Task.objects.all()
serializer_class = TaskSerializer
2018-07-23 04:55:13 +00:00
permission_classes = (IsOrgAdminOrAppUser,)
2017-11-14 01:44:16 +00:00
2017-11-29 11:27:04 +00:00
2018-03-07 03:28:42 +00:00
class KillSessionAPI(APIView):
2018-07-23 04:55:13 +00:00
permission_classes = (IsOrgAdminOrAppUser,)
2018-03-07 03:28:42 +00:00
model = Task
def post(self, request, *args, **kwargs):
validated_session = []
for session_id in request.data:
session = get_object_or_none(Session, id=session_id)
if session and not session.is_finished:
validated_session.append(session_id)
self.model.objects.create(
name="kill_session", args=session.id,
terminal=session.terminal,
)
return Response({"ok": validated_session})
class CommandViewSet(viewsets.ViewSet):
2017-11-29 11:27:04 +00:00
"""接受app发送来的command log, 格式如下
{
"user": "admin",
"asset": "localhost",
"system_user": "web",
"session": "xxxxxx",
"input": "whoami",
"output": "d2hvbWFp", # base64.b64encode(s)
"timestamp": 1485238673.0
}
"""
2018-05-22 10:22:06 +00:00
command_store = get_command_storage()
multi_command_storage = get_multi_command_storage()
2017-11-29 11:27:04 +00:00
serializer_class = SessionCommandSerializer
2018-07-23 04:55:13 +00:00
permission_classes = (IsOrgAdminOrAppUser,)
2017-11-29 11:27:04 +00:00
def get_queryset(self):
2017-12-18 10:38:30 +00:00
self.command_store.filter(**dict(self.request.query_params))
2017-11-29 11:27:04 +00:00
def create(self, request, *args, **kwargs):
serializer = self.serializer_class(data=request.data, many=True)
if serializer.is_valid():
ok = self.command_store.bulk_save(serializer.validated_data)
if ok:
return Response("ok", status=201)
else:
2017-12-04 08:41:00 +00:00
return Response("Save error", status=500)
2017-11-29 11:27:04 +00:00
else:
2018-07-25 09:21:13 +00:00
msg = "Command not valid: {}".format(serializer.errors)
2017-12-04 12:15:47 +00:00
logger.error(msg)
return Response({"msg": msg}, status=401)
2017-11-29 11:27:04 +00:00
def list(self, request, *args, **kwargs):
2018-01-21 09:27:27 +00:00
queryset = self.multi_command_storage.filter()
2017-11-29 11:27:04 +00:00
serializer = self.serializer_class(queryset, many=True)
return Response(serializer.data)
2017-12-18 10:38:30 +00:00
class SessionReplayViewSet(viewsets.ViewSet):
serializer_class = ReplaySerializer
2018-07-23 04:55:13 +00:00
permission_classes = (IsOrgAdminOrAppUser,)
2017-12-18 10:38:30 +00:00
session = None
upload_to = 'replay' # 仅添加到本地存储中
def get_session_path(self, version=2):
"""
获取session日志的文件路径
:param version: 原来后缀是 .gz为了统一新版本改为 .replay.gz
:return:
"""
suffix = '.replay.gz'
if version == 1:
suffix = '.gz'
2017-12-18 10:38:30 +00:00
date = self.session.date_start.strftime('%Y-%m-%d')
return os.path.join(date, str(self.session.id) + suffix)
def get_local_path(self, version=2):
session_path = self.get_session_path(version=version)
if version == 2:
local_path = os.path.join(self.upload_to, session_path)
else:
local_path = session_path
return local_path
def save_to_storage(self, f):
local_path = self.get_local_path()
try:
name = default_storage.save(local_path, f)
return name, None
except OSError as e:
return None, e
2017-12-18 10:38:30 +00:00
def create(self, request, *args, **kwargs):
session_id = kwargs.get('pk')
self.session = get_object_or_404(Session, id=session_id)
serializer = self.serializer_class(data=request.data)
if serializer.is_valid():
file = serializer.validated_data['file']
name, err = self.save_to_storage(file)
if not name:
msg = "Failed save replay `{}`: {}".format(session_id, err)
logger.error(msg)
return Response({'msg': str(err)}, status=400)
url = default_storage.url(name)
return Response({'url': url}, status=201)
2017-12-18 10:38:30 +00:00
else:
msg = 'Upload data invalid: {}'.format(serializer.errors)
logger.error(msg)
2017-12-18 10:38:30 +00:00
return Response({'msg': serializer.errors}, status=401)
def retrieve(self, request, *args, **kwargs):
session_id = kwargs.get('pk')
self.session = get_object_or_404(Session, id=session_id)
# 新版本和老版本的文件后缀不同
session_path = self.get_session_path() # 存在外部存储上的路径
local_path = self.get_local_path()
local_path_v1 = self.get_local_path(version=1)
# 去default storage中查找
for _local_path in (local_path, local_path_v1, session_path):
if default_storage.exists(_local_path):
url = default_storage.url(_local_path)
return redirect(url)
# 去定义的外部storage查找
configs = settings.TERMINAL_REPLAY_STORAGE
configs = {k: v for k, v in configs.items() if v['TYPE'] != 'server'}
if not configs:
return HttpResponseNotFound()
target_path = os.path.join(default_storage.base_location, local_path) # 保存到storage的路径
target_dir = os.path.dirname(target_path)
if not os.path.isdir(target_dir):
os.makedirs(target_dir, exist_ok=True)
storage = jms_storage.get_multi_object_storage(configs)
ok, err = storage.download(session_path, target_path)
if not ok:
logger.error("Failed download replay file: {}".format(err))
return HttpResponseNotFound()
return redirect(default_storage.url(local_path))
2018-03-07 09:17:31 +00:00
2018-01-20 14:22:09 +00:00
2018-05-07 11:28:01 +00:00
class SessionReplayV2ViewSet(SessionReplayViewSet):
serializer_class = ReplaySerializer
2018-07-23 04:55:13 +00:00
permission_classes = (IsOrgAdminOrAppUser,)
session = None
def retrieve(self, request, *args, **kwargs):
2018-05-22 10:22:06 +00:00
response = super().retrieve(request, *args, **kwargs)
2018-05-07 11:28:01 +00:00
data = {
'type': 'guacamole' if self.session.protocol == 'rdp' else 'json',
'src': '',
}
2018-05-22 10:22:06 +00:00
if isinstance(response, HttpResponseRedirectBase):
data['src'] = response.url
2018-05-07 11:28:01 +00:00
return Response(data)
return HttpResponseNotFound()
2018-01-21 07:12:59 +00:00
class TerminalConfig(APIView):
2018-01-20 14:22:09 +00:00
permission_classes = (IsAppUser,)
def get(self, request):
2018-01-21 07:12:59 +00:00
user = request.user
terminal = user.terminal
configs = terminal.config
return Response(configs, status=200)