jumpserver/apps/applications/api.py

# -*- coding: utf-8 -*-
#
from collections import OrderedDict
import copy
import logging

import os
from rest_framework import viewsets, serializers
from rest_framework.views import APIView, Response
from rest_framework.permissions import AllowAny
from django.shortcuts import get_object_or_404
from django.utils import timezone
from django.conf import settings

from .models import Terminal, TerminalStatus, TerminalSession, TerminalTask
from .serializers import TerminalSerializer, TerminalStatusSerializer, \
    TerminalSessionSerializer, TerminalTaskSerializer
from .hands import IsSuperUserOrAppUser, IsAppUser, ProxyLog, \
    IsSuperUserOrAppUserOrUserReadonly
from common.utils import get_object_or_none

logger = logging.getLogger(__file__)


class TerminalViewSet(viewsets.ModelViewSet):
    queryset = Terminal.objects.filter(is_deleted=False)
    serializer_class = TerminalSerializer
    permission_classes = (IsSuperUserOrAppUserOrUserReadonly,)

    def create(self, request, *args, **kwargs):
        name = request.data.get('name')
        remote_ip = request.META.get('REMOTE_ADDR')
        x_real_ip = request.META.get('X-Real-IP')
        remote_addr = x_real_ip or remote_ip

        terminal = get_object_or_none(Terminal, name=name)
        if terminal:
            msg = 'Terminal name %s already used' % name
            return Response({'msg': msg}, status=409)

        serializer = self.serializer_class(data={
            'name': name, 'remote_addr': remote_addr
        })

        if serializer.is_valid():
            terminal = serializer.save()
            app_user, access_key = terminal.create_app_user()
            data = OrderedDict()
            data['terminal'] = copy.deepcopy(serializer.data)
            data['user'] = app_user.to_json()
            data['access_key'] = {'id': access_key.id,
                                  'secret': access_key.secret}
            return Response(data, status=201)
        else:
            data = serializer.errors
            return Response(data, status=400)

    def get_permissions(self):
        if self.action == "create":
            self.permission_classes = (AllowAny,)
        return super().get_permissions()


class TerminalStatusViewSet(viewsets.ModelViewSet):
    queryset = TerminalStatus.objects.all()
    serializer_class = TerminalStatusSerializer
    permission_classes = (IsSuperUserOrAppUser,)
    session_serializer_class = TerminalSessionSerializer

    def create(self, request, *args, **kwargs):
        self.handle_sessions()
        return super().create(request, *args, **kwargs)

    def handle_sessions(self):
        sessions_active = []
        for session_data in self.request.data.get("sessions", []):
            session_data["terminal"] = self.request.user.terminal.id
            _id = session_data["id"]
            session = get_object_or_none(TerminalSession, id=_id)
            if session:
                serializer = TerminalSessionSerializer(data=session_data,
                                                       instance=session)
            else:
                serializer = TerminalSessionSerializer(data=session_data)

            if serializer.is_valid():
                serializer.save()
            else:
                logger.error("session serializer is not valid {}".format(
                    serializer.errors))

            if not session_data["is_finished"]:
                sessions_active.append(session_data["id"])

        sessions_in_db_active = TerminalSession.objects.filter(
            is_finished=False, terminal=self.request.user.terminal.id
        )

        for session in sessions_in_db_active:
            if str(session.id) not in sessions_active:
                session.is_finished = True
                session.date_end = timezone.now()
                session.save()

    def get_queryset(self):
        terminal_id = self.kwargs.get("terminal", None)
        if terminal_id:
            terminal = get_object_or_404(Terminal, id=terminal_id)
            self.queryset = terminal.terminalstatus_set.all()
        return self.queryset

    def perform_create(self, serializer):
        serializer.validated_data["terminal"] = self.request.user.terminal
        return super().perform_create(serializer)

    def get_permissions(self):
        if self.action == "create":
            self.permission_classes = (IsAppUser,)
        return super().get_permissions()


class TerminalSessionViewSet(viewsets.ModelViewSet):
    queryset = TerminalSession.objects.all()
    serializers_class = TerminalSessionSerializer
    permission_classes = (IsSuperUserOrAppUser,)

    def get_queryset(self):
        terminal_id = self.kwargs.get("terminal", None)
        if terminal_id:
            terminal = get_object_or_404(Terminal, id=terminal_id)
            self.queryset = terminal.terminalstatus_set.all()
        return self.queryset


class TerminalTaskViewSet(viewsets.ModelViewSet):
    queryset = TerminalTask.objects.all()
    serializer_class = TerminalTaskSerializer
    permission_classes = (IsSuperUserOrAppUser,)

    def get_queryset(self):
        terminal_id = self.kwargs.get("terminal", None)
        if terminal_id:
            terminal = get_object_or_404(Terminal, id=terminal_id)
            self.queryset = terminal.terminalstatus_set.all()

        if hasattr(self.request.user, "terminal"):
            terminal = self.request.user.terminal
            self.queryset = terminal.terminalstatus_set.all()
        return self.queryset


class SessionReplayAPI(APIView):
    permission_classes = (IsSuperUserOrAppUser,)

    def post(self, request, **kwargs):
        session_id = kwargs.get("pk", None)
        session = get_object_or_404(TerminalSession, id=session_id)
        record_dir = settings.CONFIG.SESSION_RECORDE_DIR
        date = session.date_start.strftime("%Y-%m-%d")
        record_dir = os.path.join(record_dir, date)
        record_filename = os.path.join(record_dir, str(session.id))

        if not os.path.exists(record_dir):
            os.makedirs(record_dir)

        archive_stream = request.data.get("archive")
        if not archive_stream:
            return Response("None file upload", status=400)

        with open(record_filename, 'wb') as f:
            for chunk in archive_stream.chunks():
                f.write(chunk)
        session.has_replay = True
        session.save()
        return Response({"session_id": session.id}, status=201)
may be some wrong 2016-10-16 14:12:13 +00:00			`# -- coding: utf-8 --`
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`#`
[Fixture] 添加command log backends, 未来支持es 2017-02-06 15:13:27 +00:00			`from collections import OrderedDict`
update terminal regist 2016-12-25 09:44:39 +00:00			`import copy`
[Feature] 增加上传replay log的api 2017-11-22 02:54:59 +00:00			`import logging`

			`import os`
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`from rest_framework import viewsets, serializers`
Finish terminal app 2016-10-17 09:28:07 +00:00			`from rest_framework.views import APIView, Response`
			`from rest_framework.permissions import AllowAny`
[Stash] 删除结束会话之前 2017-02-11 11:49:15 +00:00			`from django.shortcuts import get_object_or_404`
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`from django.utils import timezone`
[Feature] 增加上传replay log的api 2017-11-22 02:54:59 +00:00			`from django.conf import settings`
may be some wrong 2016-10-16 14:12:13 +00:00
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`from .models import Terminal, TerminalStatus, TerminalSession, TerminalTask`
			`from .serializers import TerminalSerializer, TerminalStatusSerializer, \`
			`TerminalSessionSerializer, TerminalTaskSerializer`
[Fixture] 添加用户连接终端 2017-03-31 03:25:25 +00:00			`from .hands import IsSuperUserOrAppUser, IsAppUser, ProxyLog, \`
			`IsSuperUserOrAppUserOrUserReadonly`
update terminal regist 2016-12-25 09:44:39 +00:00			`from common.utils import get_object_or_none`
修改token获取，拆分认证文件和权限文件 2016-12-19 17:19:50 +00:00
[Feature] 增加上传replay log的api 2017-11-22 02:54:59 +00:00			`logger = logging.getLogger(__file__)`

may be some wrong 2016-10-16 14:12:13 +00:00
Update terminal api 2017-10-31 03:34:20 +00:00			`class TerminalViewSet(viewsets.ModelViewSet):`
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`queryset = Terminal.objects.filter(is_deleted=False)`
Add private token and change user group 2016-12-21 16:36:31 +00:00			`serializer_class = TerminalSerializer`
Update terminal api 2017-10-31 03:34:20 +00:00			`permission_classes = (IsSuperUserOrAppUserOrUserReadonly,)`
Add private token and change user group 2016-12-21 16:36:31 +00:00
			`def create(self, request, args, *kwargs):`
Update terminal api 2017-10-31 03:34:20 +00:00			`name = request.data.get('name')`
			`remote_ip = request.META.get('REMOTE_ADDR')`
			`x_real_ip = request.META.get('X-Real-IP')`
			`remote_addr = x_real_ip or remote_ip`

			`terminal = get_object_or_none(Terminal, name=name)`
			`if terminal:`
			`msg = 'Terminal name %s already used' % name`
			`return Response({'msg': msg}, status=409)`
update terminal regist 2016-12-25 09:44:39 +00:00
Update terminal api 2017-10-31 03:34:20 +00:00			`serializer = self.serializer_class(data={`
			`'name': name, 'remote_addr': remote_addr`
			`})`
update terminal regist 2016-12-25 09:44:39 +00:00
			`if serializer.is_valid():`
			`terminal = serializer.save()`
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`app_user, access_key = terminal.create_app_user()`
[Fixture] 添加command log backends, 未来支持es 2017-02-06 15:13:27 +00:00			`data = OrderedDict()`
[Fix] 修改一些api bug 2017-01-20 05:59:53 +00:00			`data['terminal'] = copy.deepcopy(serializer.data)`
update terminal regist 2016-12-25 09:44:39 +00:00			`data['user'] = app_user.to_json()`
Update terminal api 2017-10-31 03:34:20 +00:00			`data['access_key'] = {'id': access_key.id,`
			`'secret': access_key.secret}`
update terminal regist 2016-12-25 09:44:39 +00:00			`return Response(data, status=201)`
			`else:`
Update terminal api 2017-10-31 03:34:20 +00:00			`data = serializer.errors`
Update some api 2016-12-27 16:28:52 +00:00			`return Response(data, status=400)`
Add private token and change user group 2016-12-21 16:36:31 +00:00
Update terminal api 2017-10-31 03:34:20 +00:00			`def get_permissions(self):`
			`if self.action == "create":`
			`self.permission_classes = (AllowAny,)`
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`return super().get_permissions()`


			`class TerminalStatusViewSet(viewsets.ModelViewSet):`
			`queryset = TerminalStatus.objects.all()`
			`serializer_class = TerminalStatusSerializer`
			`permission_classes = (IsSuperUserOrAppUser,)`
			`session_serializer_class = TerminalSessionSerializer`

			`def create(self, request, args, *kwargs):`
[Feature] 增加上传replay log的api 2017-11-22 02:54:59 +00:00			`self.handle_sessions()`
			`return super().create(request, args, *kwargs)`

			`def handle_sessions(self):`
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`sessions_active = []`
[Feature] 增加上传replay log的api 2017-11-22 02:54:59 +00:00			`for session_data in self.request.data.get("sessions", []):`
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`session_data["terminal"] = self.request.user.terminal.id`
			`_id = session_data["id"]`
			`session = get_object_or_none(TerminalSession, id=_id)`
			`if session:`
[Feature] 增加上传replay log的api 2017-11-22 02:54:59 +00:00			`serializer = TerminalSessionSerializer(data=session_data,`
			`instance=session)`
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`else:`
			`serializer = TerminalSessionSerializer(data=session_data)`

			`if serializer.is_valid():`
			`serializer.save()`
[Feature] 增加上传replay log的api 2017-11-22 02:54:59 +00:00			`else:`
			`logger.error("session serializer is not valid {}".format(`
			`serializer.errors))`
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00
[Feature] 增加上传replay log的api 2017-11-22 02:54:59 +00:00			`if not session_data["is_finished"]:`
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`sessions_active.append(session_data["id"])`

			`sessions_in_db_active = TerminalSession.objects.filter(`
			`is_finished=False, terminal=self.request.user.terminal.id`
			`)`
Finish terminal app 2016-10-17 09:28:07 +00:00
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`for session in sessions_in_db_active:`
[Feature] 增加上传replay log的api 2017-11-22 02:54:59 +00:00			`if str(session.id) not in sessions_active:`
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`session.is_finished = True`
			`session.date_end = timezone.now()`
			`session.save()`

			`def get_queryset(self):`
			`terminal_id = self.kwargs.get("terminal", None)`
			`if terminal_id:`
			`terminal = get_object_or_404(Terminal, id=terminal_id)`
			`self.queryset = terminal.terminalstatus_set.all()`
			`return self.queryset`

			`def perform_create(self, serializer):`
			`serializer.validated_data["terminal"] = self.request.user.terminal`
			`return super().perform_create(serializer)`

			`def get_permissions(self):`
			`if self.action == "create":`
			`self.permission_classes = (IsAppUser,)`
Update terminal api 2017-10-31 03:34:20 +00:00			`return super().get_permissions()`
Update some bug 2016-10-24 11:32:53 +00:00
[Bugfix] 和Master分支合并后，修复冲突，DRF 新版本要求 fields和exclude 2017-01-08 05:35:59 +00:00
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`class TerminalSessionViewSet(viewsets.ModelViewSet):`
			`queryset = TerminalSession.objects.all()`
			`serializers_class = TerminalSessionSerializer`
			`permission_classes = (IsSuperUserOrAppUser,)`
[Stash] 删除结束会话之前 2017-02-11 11:49:15 +00:00
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`def get_queryset(self):`
			`terminal_id = self.kwargs.get("terminal", None)`
			`if terminal_id:`
			`terminal = get_object_or_404(Terminal, id=terminal_id)`
			`self.queryset = terminal.terminalstatus_set.all()`
			`return self.queryset`
Update some bug 2016-10-24 11:32:53 +00:00
Update heatbeat 2016-11-13 14:34:38 +00:00
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`class TerminalTaskViewSet(viewsets.ModelViewSet):`
			`queryset = TerminalTask.objects.all()`
			`serializer_class = TerminalTaskSerializer`
			`permission_classes = (IsSuperUserOrAppUser,)`

			`def get_queryset(self):`
			`terminal_id = self.kwargs.get("terminal", None)`
			`if terminal_id:`
			`terminal = get_object_or_404(Terminal, id=terminal_id)`
			`self.queryset = terminal.terminalstatus_set.all()`
[Stash] 删除结束会话之前 2017-02-11 11:49:15 +00:00
修改 terminal上报接口和api 2017-11-14 01:44:16 +00:00			`if hasattr(self.request.user, "terminal"):`
			`terminal = self.request.user.terminal`
			`self.queryset = terminal.terminalstatus_set.all()`
			`return self.queryset`
[Feature] 增加上传replay log的api 2017-11-22 02:54:59 +00:00

			`class SessionReplayAPI(APIView):`
			`permission_classes = (IsSuperUserOrAppUser,)`

			`def post(self, request, **kwargs):`
			`session_id = kwargs.get("pk", None)`
			`session = get_object_or_404(TerminalSession, id=session_id)`
			`record_dir = settings.CONFIG.SESSION_RECORDE_DIR`
			`date = session.date_start.strftime("%Y-%m-%d")`
			`record_dir = os.path.join(record_dir, date)`
			`record_filename = os.path.join(record_dir, str(session.id))`

			`if not os.path.exists(record_dir):`
			`os.makedirs(record_dir)`

			`archive_stream = request.data.get("archive")`
			`if not archive_stream:`
			`return Response("None file upload", status=400)`

			`with open(record_filename, 'wb') as f:`
			`for chunk in archive_stream.chunks():`
			`f.write(chunk)`
			`session.has_replay = True`
			`session.save()`
			`return Response({"session_id": session.id}, status=201)`