perf: 协议端口校验

2023-02-03 16:03:34 +08:00 · 2023-02-03 16:03:34 +08:00 · 470d2703f4
parent ef3a1e399d
commit 470d2703f4
5 changed files with 659 additions and 399 deletions
--- a/apps/assets/api/asset/asset.py
+++ b/apps/assets/api/asset/asset.py
@ -2,6 +2,7 @@
 #
 import django_filters
 from django.db.models import Q
+from django.utils.translation import gettext as _
 from rest_framework.decorators import action
 from rest_framework.response import Response

@ -109,6 +110,11 @@ class AssetViewSet(SuggestionMixin, NodeFilterMixin, OrgBulkModelViewSet):
            gateways = asset.domain.gateways
        return self.get_paginated_response_from_queryset(gateways)

+    def create(self, request, *args, **kwargs):
+        if request.path.find('/api/v1/assets/assets/') > -1:
+            return Response({'error': _('Cannot create asset directly, you should create a host or other')}, status=400)
+        return super().create(request, *args, **kwargs)
+

 class AssetsTaskMixin:
    def perform_assets_task(self, serializer):
--- a/apps/assets/serializers/asset/common.py
+++ b/apps/assets/serializers/asset/common.py
@ -57,6 +57,7 @@ class AssetAccountSerializer(
    template = serializers.BooleanField(
        default=False, label=_("Template"), write_only=True
    )
+    name = serializers.CharField(max_length=128, required=False, label=_("Name"))

    class Meta:
        model = Account
@ -193,6 +194,12 @@ class AssetSerializer(BulkOrgResourceModelSerializer, WritableNestedModelSeriali
        protocols_default = [p for p in platform_protocols if p.default]
        protocols_required = [p for p in platform_protocols if p.required or p.primary]

+        for p in protocols_data:
+            port = p.get('port', 0)
+            if port < 1 or port > 65535:
+                error = p.get('name') + ': ' + _("port out of range (1-65535)")
+                raise serializers.ValidationError(error)
+
        if not protocols_data_map:
            protocols_data_map = {
                p.name: {'name': p.name, 'port': p.port}
--- a/apps/authentication/api/connection_token.py
+++ b/apps/authentication/api/connection_token.py
@ -15,10 +15,10 @@ from rest_framework.response import Response
 from rest_framework.serializers import ValidationError

 from common.api import JMSModelViewSet
-from common.utils.http import is_true
+from common.exceptions import JMSException
 from common.utils import random_string
 from common.utils.django import get_request_os
-from common.exceptions import JMSException
+from common.utils.http import is_true
 from orgs.mixins.api import RootOrgViewMixin
 from perms.models import ActionChoices
 from terminal.connect_methods import NativeClient, ConnectMethodUtil
@ -264,7 +264,7 @@ class ConnectionTokenViewSet(ExtraActionApiMixin, RootOrgViewMixin, JMSModelView
            msg = _('Account not found')
            raise JMSException(code='perm_account_invalid', detail=msg)
        if account.date_expired < timezone.now():
-            msg = _('Permission Expired')
+            msg = _('Permission expired')
            raise JMSException(code='perm_expired', detail=msg)
        return account

--- a/apps/locale/ja/LC_MESSAGES/django.po
+++ b/apps/locale/ja/LC_MESSAGES/django.po
--- a/apps/locale/zh/LC_MESSAGES/django.po
+++ b/apps/locale/zh/LC_MESSAGES/django.po