github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

[Docs] 添加api dockers

pull/508/merge
ibuler 2017-07-10 10:26:17 +08:00
parent e120fd56a6
commit 4e67749eef
11 changed files with 99 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
apps/applications/api.py
View File

@ -2,9 +2,6 @@
# #
from collections import OrderedDict from collections import OrderedDict
from django.core.cache import cache
from django.conf import settings
from django.utils import timezone
import copy import copy
from rest_framework.generics import ListCreateAPIView from rest_framework.generics import ListCreateAPIView
from rest_framework import viewsets from rest_framework import viewsets

1
apps/assets/api.py
View File

@ -191,6 +191,7 @@ class AssetAdminUserTestView(AssetRefreshHardwareView):
class AssetGroupPushSystemUserView(generics.UpdateAPIView): class AssetGroupPushSystemUserView(generics.UpdateAPIView):
queryset = AssetGroup.objects.all() queryset = AssetGroup.objects.all()
permission_classes = (IsSuperUser,) permission_classes = (IsSuperUser,)
serializer_class = serializers.AssetSerializer
def patch(self, request, *args, **kwargs): def patch(self, request, *args, **kwargs):
asset_group = self.get_object() asset_group = self.get_object()

10
apps/assets/urls/api_urls.py
View File

@ -8,14 +8,14 @@ app_name = 'assets'
router = BulkRouter() router = BulkRouter()
router.register(r'v1/asset-groups', api.AssetGroupViewSet, 'asset-group') router.register(r'v1/groups', api.AssetGroupViewSet, 'asset-group')
router.register(r'v1/assets', api.AssetViewSet, 'asset') router.register(r'v1/assets', api.AssetViewSet, 'asset')
router.register(r'v1/idc', api.IDCViewSet, 'idc') router.register(r'v1/idc', api.IDCViewSet, 'idc')
router.register(r'v1/admin-user', api.AdminUserViewSet, 'admin-user') router.register(r'v1/admin-user', api.AdminUserViewSet, 'admin-user')
router.register(r'v1/system-user', api.SystemUserViewSet, 'system-user') router.register(r'v1/system-user', api.SystemUserViewSet, 'system-user')
urlpatterns = [ urlpatterns = [
url(r'^v1/assets_bulk/$', api.AssetListUpdateApi.as_view(), name='asset-bulk-update'), url(r'^v1/assets-bulk/$', api.AssetListUpdateApi.as_view(), name='asset-bulk-update'),
url(r'^v1/system-user/(?P<pk>[0-9]+)/auth-info/', api.SystemUserAuthInfoApi.as_view(), url(r'^v1/system-user/(?P<pk>[0-9]+)/auth-info/', api.SystemUserAuthInfoApi.as_view(),
name='system-user-auth-info'), name='system-user-auth-info'),
url(r'^v1/assets/(?P<pk>\d+)/groups/$', url(r'^v1/assets/(?P<pk>\d+)/groups/$',
@ -29,14 +29,14 @@ urlpatterns = [
url(r'^v1/assets/(?P<pk>\d+)/system-users/$', url(r'^v1/assets/(?P<pk>\d+)/system-users/$',
api.SystemUserUpdateApi.as_view(), name='asset-update-system-users'), api.SystemUserUpdateApi.as_view(), name='asset-update-system-users'),
url(r'^v1/asset-groups/(?P<pk>\d+)/push-system-user/$', url(r'^v1/groups/(?P<pk>\d+)/push-system-user/$',
api.AssetGroupPushSystemUserView.as_view(), name='asset-group-push-system-user'), api.AssetGroupPushSystemUserView.as_view(), name='asset-group-push-system-user'),
# update the system users, which add and delete the asset to the system user # update the system users, which add and delete the asset to the system user
url(r'^v1/system_user/(?P<pk>\d+)/assets/$', url(r'^v1/system-user/(?P<pk>\d+)/assets/$',
api.SystemUserUpdateAssetsApi.as_view(), name='systemuser-update-assets'), api.SystemUserUpdateAssetsApi.as_view(), name='systemuser-update-assets'),
url(r'^v1/system_user/(?P<pk>\d+)/groups/$', url(r'^v1/system-user/(?P<pk>\d+)/groups/$',
api.SystemUserUpdateAssetGroupApi.as_view(), name='systemuser-update-assetgroups'), api.SystemUserUpdateAssetGroupApi.as_view(), name='systemuser-update-assetgroups'),
# update the asset group, which add or delete the asset to the group # update the asset group, which add or delete the asset to the group

21
apps/jumpserver/settings.py
View File

@ -59,6 +59,8 @@ INSTALLED_APPS = [
'common.apps.CommonConfig', 'common.apps.CommonConfig',
'applications.apps.ApplicationsConfig', 'applications.apps.ApplicationsConfig',
'rest_framework', 'rest_framework',
'rest_framework_swagger',
'django_filters',
'bootstrap3', 'bootstrap3',
'captcha', 'captcha',
'django.contrib.auth', 'django.contrib.auth',
@ -289,12 +291,29 @@ REST_FRAMEWORK = {
'users.authentication.PrivateTokenAuthentication', 'users.authentication.PrivateTokenAuthentication',
'users.authentication.SessionAuthentication', 'users.authentication.SessionAuthentication',
), ),
# 'DEFAULT_FILTER_BACKENDS': ('django_filters.rest_framework.DjangoFilterBackend',), 'DEFAULT_FILTER_BACKENDS': ('django_filters.rest_framework.DjangoFilterBackend',),
} }
AUTHENTICATION_BACKENDS = [
'django_auth_ldap.backend.LDAPBackend',
'django.contrib.auth.backends.ModelBackend',
]
# Custom User Auth model # Custom User Auth model
AUTH_USER_MODEL = 'users.User' AUTH_USER_MODEL = 'users.User'
# Auth LDAP settings
if CONFIG.AUTH_LDAP:
AUTHENTICATION_BACKENDS.insert(0, 'django_auth_ldap.backend.LDAPBackend')
AUTH_LDAP_SERVER_URI = CONFIG.AUTH_LDAP_SERVER_URI
AUTH_LDAP_BIND_DN = CONFIG.AUTH_LDAP_BIND_DN
AUTH_LDAP_BIND_PASSWORD = CONFIG.AUTH_LDAP_BIND_PASSWORD
AUTH_LDAP_USER_DN_TEMPLATE = CONFIG.AUTH_LDAP_USER_DN_TEMPLATE
AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS
AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP
# Celery using redis as broker # Celery using redis as broker
BROKER_URL = 'redis://%(password)s%(host)s:%(port)s/3' % { BROKER_URL = 'redis://%(password)s%(host)s:%(port)s/3' % {
'password': CONFIG.REDIS_PASSWORD + ':' if CONFIG.REDIS_PASSWORD else '', 'password': CONFIG.REDIS_PASSWORD + ':' if CONFIG.REDIS_PASSWORD else '',

25
apps/jumpserver/urls.py
View File

@ -1,30 +1,17 @@
# ~*~ coding: utf-8 ~*~ # ~*~ coding: utf-8 ~*~
from __future__ import unicode_literals from __future__ import unicode_literals
"""jumpserver URL Configuration
The `urlpatterns` list routes URLs to views. For more information please see:
https://docs.djangoproject.com/en/1.10/topics/http/urls/
Examples:
Function views
1. Add an import: from my_app import views
2. Add a URL to urlpatterns: url(r'^$', views.home, name='home')
Class-based views
1. Add an import: from other_app.views import Home
2. Add a URL to urlpatterns: url(r'^$', Home.as_view(), name='home')
Including another URLconf
1. Import the include() function: from django.conf.urls import url, include
2. Add a URL to urlpatterns: url(r'^blog/', include('blog.urls'))
"""
from django.conf.urls import url, include from django.conf.urls import url, include
from django.conf import settings from django.conf import settings
from django.conf.urls.static import static from django.conf.urls.static import static
from rest_framework.schemas import get_schema_view
from rest_framework_swagger.renderers import SwaggerUIRenderer, OpenAPIRenderer
from .views import IndexView from .views import IndexView
schema_view = get_schema_view(title='Users API', renderer_classes=[OpenAPIRenderer, SwaggerUIRenderer])
urlpatterns = [ urlpatterns = [
url(r'^captcha/', include('captcha.urls')),
url(r'^$', IndexView.as_view(), name='index'), url(r'^$', IndexView.as_view(), name='index'),
url(r'^users/', include('users.urls.views_urls', namespace='users')), url(r'^users/', include('users.urls.views_urls', namespace='users')),
url(r'^assets/', include('assets.urls.views_urls', namespace='assets')), url(r'^assets/', include('assets.urls.views_urls', namespace='assets')),
@ -40,10 +27,14 @@ urlpatterns = [
url(r'^api/audits/', include('audits.urls.api_urls', namespace='api-audits')), url(r'^api/audits/', include('audits.urls.api_urls', namespace='api-audits')),
url(r'^api/applications/', include('applications.urls.api_urls', namespace='api-applications')), url(r'^api/applications/', include('applications.urls.api_urls', namespace='api-applications')),
url(r'^api/ops/', include('ops.urls.api_urls', namespace='api-ops')), url(r'^api/ops/', include('ops.urls.api_urls', namespace='api-ops')),
url(r'^captcha/', include('captcha.urls')),
] ]
if settings.DEBUG: if settings.DEBUG:
urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT) urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT)
urlpatterns += [
url(r'^docs/', schema_view, name="docs"),
]

10
apps/jumpserver/views.py
View File

@ -4,8 +4,6 @@ from django.db.models import Count
from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.mixins import LoginRequiredMixin
from django.shortcuts import redirect from django.shortcuts import redirect
from users.utils import AdminUserRequiredMixin
from users.models import User from users.models import User
from assets.models import Asset from assets.models import Asset
from audits.models import ProxyLog from audits.models import ProxyLog
@ -26,10 +24,10 @@ class IndexView(LoginRequiredMixin, TemplateView):
proxy_log_month = ProxyLog.objects.filter(date_start__gt=month_ago, is_failed=False) proxy_log_month = ProxyLog.objects.filter(date_start__gt=month_ago, is_failed=False)
month_dates = proxy_log_month.dates('date_start', 'day') month_dates = proxy_log_month.dates('date_start', 'day')
month_total_visit = [ProxyLog.objects.filter(date_start__date=d) for d in month_dates] month_total_visit = [ProxyLog.objects.filter(date_start__date=d) for d in month_dates]
month_str = [d.strftime('%m-%d') for d in month_dates] month_str = [d.strftime('%m-%d') for d in month_dates] or ['0']
month_total_visit_count = [p.count() for p in month_total_visit] month_total_visit_count = [p.count() for p in month_total_visit] or [0]
month_user = [p.values('user').distinct().count() for p in month_total_visit] month_user = [p.values('user').distinct().count() for p in month_total_visit] or [0]
month_asset = [p.values('asset').distinct().count() for p in month_total_visit] month_asset = [p.values('asset').distinct().count() for p in month_total_visit] or [0]
month_user_active = User.objects.filter(last_login__gt=month_ago).count() month_user_active = User.objects.filter(last_login__gt=month_ago).count()
month_user_inactive = User.objects.filter(last_login__lt=month_ago).count() month_user_inactive = User.objects.filter(last_login__lt=month_ago).count()
month_user_disabled = User.objects.filter(is_active=False).count() month_user_disabled = User.objects.filter(is_active=False).count()

32
apps/users/api.py
View File

@ -4,7 +4,9 @@ from rest_framework import generics
from rest_framework.permissions import AllowAny from rest_framework.permissions import AllowAny
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework.views import APIView from rest_framework.views import APIView
from rest_framework import viewsets
from rest_framework_bulk import BulkModelViewSet from rest_framework_bulk import BulkModelViewSet
from django_filters.rest_framework import DjangoFilterBackend
from . import serializers from . import serializers
from .hands import write_login_log_async from .hands import write_login_log_async
@ -18,11 +20,37 @@ from common.utils import get_logger
logger = get_logger(__name__) logger = get_logger(__name__)
class UserViewSet(IDInFilterMixin, BulkModelViewSet): # class UserListView(generics.ListAPIView):
# queryset = User.objects.all()
# serializer_class = serializers.UserSerializer
# filter_fields = ('username', 'email', 'name', 'id')
class UserViewSet(viewsets.ModelViewSet):
# class UserViewSet(IDInFilterMixin, BulkModelViewSet):
"""
retrieve:
Return a user instance .
list:
Return all users except app user, ordered by most recently joined.
create:
Create a new user.
delete:
Remove an existing user.
partial_update:
Update one or more fields on an existing user.
update:
Update a user.
"""
queryset = User.objects.all() queryset = User.objects.all()
# queryset = User.objects.all().exclude(role="App").order_by("date_joined")
serializer_class = serializers.UserSerializer serializer_class = serializers.UserSerializer
permission_classes = (IsSuperUser,) permission_classes = (IsSuperUser,)
# filter_backends = (DjangoFilterBackend,)
filter_fields = ('username', 'email', 'name', 'id') filter_fields = ('username', 'email', 'name', 'id')

2
apps/users/templates/users/user_list.html
View File

@ -14,12 +14,10 @@
{% endblock %} {% endblock %}
{% block table_container %} {% block table_container %}
<div class="uc pull-left m-l-5 m-r-5"><a href="{% url "users:user-create" %}" class="btn btn-sm btn-primary"> {% trans "Create user" %} </a></div> <div class="uc pull-left m-l-5 m-r-5"><a href="{% url "users:user-create" %}" class="btn btn-sm btn-primary"> {% trans "Create user" %} </a></div>
{#<div class="uc pull-left"><a href="javascript:void(0);" class="btn btn-sm btn-primary" data-toggle="modal" data-target="#user_import_modal"> {% trans "Import user" %} </a></div>#}
<table class="table table-striped table-bordered table-hover " id="user_list_table" > <table class="table table-striped table-bordered table-hover " id="user_list_table" >
<thead> <thead>
<tr> <tr>
<th class="text-center"> <th class="text-center">
{# <div><input id="" type="checkbox" class="ipt_check_all"><label></label></div>#}
<input id="" type="checkbox" class="ipt_check_all"> <input id="" type="checkbox" class="ipt_check_all">
</th> </th>
<th class="text-center">{% trans 'Name' %}</th> <th class="text-center">{% trans 'Name' %}</th>

9
apps/users/urls/api_urls.py
View File

@ -11,22 +11,23 @@ app_name = 'users'
router = BulkRouter() router = BulkRouter()
router.register(r'v1/users', api.UserViewSet, 'user') router.register(r'v1/users', api.UserViewSet, 'user')
router.register(r'v1/user-groups', api.UserGroupViewSet, 'user-group') router.register(r'v1/groups', api.UserGroupViewSet, 'user-group')
urlpatterns = [ urlpatterns = [
# url(r'', api.UserListView.as_view()),
url(r'^v1/token/$', api.UserToken.as_view(), name='user-token'), url(r'^v1/token/$', api.UserToken.as_view(), name='user-token'),
url(r'^v1/profile/$', api.UserProfile.as_view(), name='user-profile'), url(r'^v1/profile/$', api.UserProfile.as_view(), name='user-profile'),
url(r'^v1/auth/$', api.UserAuthApi.as_view(), name='user-auth'), url(r'^v1/auth/$', api.UserAuthApi.as_view(), name='user-auth'),
url(r'^v1/users/(?P<pk>\d+)/password/reset/$', url(r'^v1/users/(?P<pk>\d+)/password/reset/$',
api.UserResetPasswordApi.as_view(), name='user-reset-password'), api.UserResetPasswordApi.as_view(), name='user-reset-password'),
url(r'^v1/users/(?P<pk>\d+)/public-key/reset/$', url(r'^v1/users/(?P<pk>\d+)/pubkey/reset/$',
api.UserResetPKApi.as_view(), name='user-public-key-reset'), api.UserResetPKApi.as_view(), name='user-public-key-reset'),
url(r'^v1/users/(?P<pk>\d+)/public-key/update/$', url(r'^v1/users/(?P<pk>\d+)/pubkey/update/$',
api.UserUpdatePKApi.as_view(), name='user-public-key-update'), api.UserUpdatePKApi.as_view(), name='user-public-key-update'),
url(r'^v1/users/(?P<pk>\d+)/groups/$', url(r'^v1/users/(?P<pk>\d+)/groups/$',
api.UserUpdateGroupApi.as_view(), name='user-update-group'), api.UserUpdateGroupApi.as_view(), name='user-update-group'),
url(r'^v1/user-groups/(?P<pk>\d+)/users/$', url(r'^v1/groups/(?P<pk>\d+)/users/$',
api.UserGroupUpdateUserApi.as_view(), name='user-group-update-user'), api.UserGroupUpdateUserApi.as_view(), name='user-group-update-user'),
] ]

22
apps/users/views/user.py
View File

@ -20,8 +20,9 @@ from django.utils.decorators import method_decorator
from django.views import View from django.views import View
from django.views.generic import ListView from django.views.generic import ListView
from django.views.generic.base import TemplateView from django.views.generic.base import TemplateView
from django.views.generic.edit import (CreateView, UpdateView, FormMixin, from django.views.generic.edit import (
FormView) CreateView, UpdateView, FormMixin, FormView
)
from django.views.generic.detail import DetailView, SingleObjectMixin from django.views.generic.detail import DetailView, SingleObjectMixin
from django.views.decorators.csrf import csrf_exempt from django.views.decorators.csrf import csrf_exempt
from django.contrib.auth import logout as auth_logout from django.contrib.auth import logout as auth_logout
@ -33,13 +34,14 @@ from common.mixins import JSONResponseMixin
from common.utils import get_logger, get_object_or_none from common.utils import get_logger, get_object_or_none
from perms.models import AssetPermission from perms.models import AssetPermission
__all__ = ['UserListView', 'UserCreateView', 'UserDetailView', __all__ = [
'UserUpdateView', 'UserAssetPermissionCreateView', 'UserListView', 'UserCreateView', 'UserDetailView',
'UserAssetPermissionView', 'UserGrantedAssetView', 'UserUpdateView', 'UserAssetPermissionCreateView',
'UserExportView', 'UserBulkImportView', 'UserProfileView', 'UserAssetPermissionView', 'UserGrantedAssetView',
'UserProfileUpdateView', 'UserPasswordUpdateView', 'UserExportView', 'UserBulkImportView', 'UserProfileView',
'UserPublicKeyUpdateView', 'UserBulkUpdateView', 'UserProfileUpdateView', 'UserPasswordUpdateView',
] 'UserPublicKeyUpdateView', 'UserBulkUpdateView',
]
logger = get_logger(__name__) logger = get_logger(__name__)
@ -52,8 +54,6 @@ class UserListView(AdminUserRequiredMixin, TemplateView):
context.update({ context.update({
'app': _('Users'), 'app': _('Users'),
'action': _('User list'), 'action': _('User list'),
'groups': UserGroup.objects.all(),
'form': forms.UserBulkUpdateForm(),
}) })
return context return context

15
config_example.py
View File

@ -8,6 +8,8 @@
:license: GPL v2, see LICENSE for more details. :license: GPL v2, see LICENSE for more details.
""" """
import os import os
import ldap
from django_auth_ldap.config import LDAPSearch
BASE_DIR = os.path.dirname(os.path.abspath(__file__)) BASE_DIR = os.path.dirname(os.path.abspath(__file__))
LOG_DIR = os.path.join(BASE_DIR, 'logs') LOG_DIR = os.path.join(BASE_DIR, 'logs')
@ -93,6 +95,19 @@ class Config:
# You can set jumpserver usage url here, that when user submit wizard redirect to # You can set jumpserver usage url here, that when user submit wizard redirect to
USER_GUIDE_URL = '' USER_GUIDE_URL = ''
# LDAP Auth settings
AUTH_LDAP = False
AUTH_LDAP_SERVER_URI = 'ldap://localhost:389'
AUTH_LDAP_BIND_DN = 'cn=admin,dc=jumpserver,dc=org'
AUTH_LDAP_BIND_PASSWORD = ''
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=people,dc=jumpserver,dc=org"
AUTH_LDAP_USER_ATTR_MAP = {
"username": "cn",
"name": "sn",
"email": "mail"
}
AUTH_LDAP_START_TLS = False
def __init__(self): def __init__(self):
pass pass