diff --git a/apps/audits/api.py b/apps/audits/api.py index 33186e0cc..7a86156f0 100644 --- a/apps/audits/api.py +++ b/apps/audits/api.py @@ -7,16 +7,42 @@ from rest_framework import generics import serializers from .models import ProxyLog +from .hands import IsSuperUserOrTerminalUser, Terminal class ProxyLogListCreateApi(generics.ListCreateAPIView): + """User proxy to backend server need call this api. + + params: { + "username": "", + "name": "", + "hostname": "", + "ip": "", + "terminal", "", + "login_type": "", + "system_user": "", + "was_failed": "", + "date_start": "" + } + + some params we need generate: { + "log_file", "", # No use now, may be think more about monitor and record + } + """ + queryset = ProxyLog.objects.all() serializer_class = serializers.ProxyLogSerializer + permission_classes = (IsSuperUserOrTerminalUser,) + + def perform_create(self, serializer): + # Todo: May be save log_file + super(ProxyLogListCreateApi, self).perform_create(serializer) class ProxyLogDetailApi(generics.RetrieveUpdateDestroyAPIView): queryset = ProxyLog.objects.all() serializer_class = serializers.ProxyLogSerializer + permission_classes = (IsSuperUserOrTerminalUser,) class CommandLogCreateApi(generics.CreateAPIView): diff --git a/apps/audits/hands.py b/apps/audits/hands.py new file mode 100644 index 000000000..f530b5e78 --- /dev/null +++ b/apps/audits/hands.py @@ -0,0 +1,5 @@ +# ~*~ coding: utf-8 ~*~ +# + +from users.backends import IsSuperUserOrTerminalUser +from terminal.models import Terminal diff --git a/apps/audits/models.py b/apps/audits/models.py index 2a920e55d..76d086810 100644 --- a/apps/audits/models.py +++ b/apps/audits/models.py @@ -17,6 +17,7 @@ class LoginLog(models.Model): username = models.CharField(max_length=20, verbose_name=_('Username')) name = models.CharField(max_length=20, blank=True, verbose_name=_('Name')) login_type = models.CharField(choices=LOGIN_TYPE_CHOICE, max_length=2, verbose_name=_('Login type')) + terminal = models.CharField(max_length=32, verbose_name=_('Terminal')) login_ip = models.GenericIPAddressField(verbose_name=_('Login ip')) login_city = models.CharField(max_length=100, blank=True, null=True, verbose_name=_('Login city')) user_agent = models.CharField(max_length=100, blank=True, null=True, verbose_name=_('User agent')) @@ -31,8 +32,8 @@ class LoginLog(models.Model): class ProxyLog(models.Model): LOGIN_TYPE_CHOICE = ( - ('S', 'ssh'), - ('W', 'web'), + ('S', 'SSH Terminal'), + ('WT', 'Web Terminal'), ) username = models.CharField(max_length=20, verbose_name=_('Username')) @@ -40,11 +41,13 @@ class ProxyLog(models.Model): hostname = models.CharField(max_length=128, blank=True, verbose_name=_('Hostname')) ip = models.GenericIPAddressField(max_length=32, verbose_name=_('IP')) system_user = models.CharField(max_length=20, verbose_name=_('System user')) - login_type = models.CharField(choices=LOGIN_TYPE_CHOICE, max_length=1, verbose_name=_('Login type')) + login_type = models.CharField(choices=LOGIN_TYPE_CHOICE, max_length=2, blank=True, + null=True, verbose_name=_('Login type')) + terminal = models.CharField(max_length=32, blank=True, null=True, verbose_name=_('Terminal')) log_file = models.CharField(max_length=1000, blank=True, null=True) was_failed = models.BooleanField(default=False, verbose_name=_('Did connect failed')) is_finished = models.BooleanField(default=False, verbose_name=_('Is finished')) - date_start = models.DateTimeField(auto_now_add=True, verbose_name=_('Date start')) + date_start = models.DateTimeField(verbose_name=_('Date start')) date_finished = models.DateTimeField(null=True, verbose_name=_('Date finished')) def __unicode__(self): diff --git a/apps/common/utils.py b/apps/common/utils.py index a5af4f66c..352903097 100644 --- a/apps/common/utils.py +++ b/apps/common/utils.py @@ -15,7 +15,6 @@ from django.core import signing from django.utils import timezone SECRET_KEY = settings.SECRET_KEY -SIGNER = TimestampSigner(SECRET_KEY) def reverse(view_name, urlconf=None, args=None, kwargs=None, current_app=None, external=False): @@ -48,15 +47,17 @@ def decrypt(*args, **kwargs): return '' -def sign(value): - return SIGNER.sign(value) +def sign(value, secret_key=SECRET_KEY): + signer = TimestampSigner(secret_key) + return signer.sign(value) -def unsign(value, max_age=3600): +def unsign(value, max_age=3600, secret_key=SECRET_KEY): + signer = TimestampSigner(secret_key) try: - return SIGNER.unsign(value, max_age=max_age) + return signer.unsign(value, max_age=max_age) except (BadSignature, SignatureExpired): - return None + return '' def date_expired_default(): diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py index d81880e7b..0b2adfa0c 100644 --- a/apps/jumpserver/settings.py +++ b/apps/jumpserver/settings.py @@ -33,7 +33,7 @@ except ImportError: # See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = CONFIG.SECRET_KEY or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x' +SECRET_KEY = CONFIG.SECRET_KEY # SECURITY WARNING: don't run with debug turned on in production! DEBUG = CONFIG.DEBUG or False diff --git a/apps/terminal/api.py b/apps/terminal/api.py index dae1dea17..b5c80a839 100644 --- a/apps/terminal/api.py +++ b/apps/terminal/api.py @@ -27,7 +27,7 @@ class TerminalApi(ListCreateAPIView): else: return Response(data={'data': {'name': name, 'ip': terminal.ip}, 'msg': 'Need admin accept or active it'}, - status=204) + status=203) else: ip = request.META.get('X-Real-IP') or request.META.get('REMOTE_ADDR') diff --git a/apps/terminal/models.py b/apps/terminal/models.py index efc47edf5..881f8cb26 100644 --- a/apps/terminal/models.py +++ b/apps/terminal/models.py @@ -34,10 +34,6 @@ class Terminal(models.Model): def is_terminal(self): return True - @property - def is_authenticated(self): - return False - class Meta: db_table = 'terminal' ordering = ['name']