Merge branch 'dev' into pr@dev@change_import (#11815)

* perf: 修改获取 ip * perf: 修改导入 --------- Co-authored-by: ibuler <ibuler@qq.com>
1 year ago · 9f042cfa04
parent ce63ea7528
commit 9f042cfa04
16 changed files with 85 additions and 67 deletions
--- a/apps/accounts/api/account/account.py
+++ b/apps/accounts/api/account/account.py
@ -9,8 +9,9 @@ from accounts.filters import AccountFilterSet
 from accounts.mixins import AccountRecordViewLogMixin
 from accounts.models import Account
 from assets.models import Asset, Node
+from authentication.permissions import UserConfirmation, ConfirmType
 from common.api.mixin import ExtraFilterFieldsMixin
-from common.permissions import UserConfirmation, ConfirmType, IsValidUser
+from common.permissions import IsValidUser
 from orgs.mixins.api import OrgBulkModelViewSet
 from rbac.permissions import RBACPermission

--- a/apps/accounts/api/account/template.py
+++ b/apps/accounts/api/account/template.py
@ -8,8 +8,8 @@ from accounts.mixins import AccountRecordViewLogMixin
 from accounts.models import AccountTemplate
 from accounts.tasks import template_sync_related_accounts
 from assets.const import Protocol
+from authentication.permissions import UserConfirmation, ConfirmType
 from common.drf.filters import BaseFilterSet
-from common.permissions import UserConfirmation, ConfirmType
 from orgs.mixins.api import OrgBulkModelViewSet
 from rbac.permissions import RBACPermission

--- a/apps/authentication/api/access_key.py
+++ b/apps/authentication/api/access_key.py
@ -5,8 +5,8 @@ from django.utils.translation import gettext as _
 from rest_framework import serializers
 from rest_framework.response import Response

+from authentication.permissions import UserConfirmation
 from common.api import JMSModelViewSet
-from common.permissions import UserConfirmation
 from rbac.permissions import RBACPermission
 from ..const import ConfirmType
 from ..serializers import AccessKeySerializer
--- a/apps/authentication/api/confirm.py
+++ b/apps/authentication/api/confirm.py
@ -7,7 +7,8 @@ from rest_framework import status
 from rest_framework.generics import RetrieveAPIView, CreateAPIView
 from rest_framework.response import Response

-from common.permissions import IsValidUser, UserConfirmation
+from authentication.permissions import UserConfirmation
+from common.permissions import IsValidUser
 from ..const import ConfirmType
 from ..serializers import ConfirmSerializer

--- a/apps/authentication/api/dingtalk.py
+++ b/apps/authentication/api/dingtalk.py
@ -4,8 +4,9 @@ from rest_framework.views import APIView

 from authentication import errors
 from authentication.const import ConfirmType
+from authentication.permissions import UserConfirmation
 from common.api import RoleUserMixin, RoleAdminMixin
-from common.permissions import UserConfirmation, IsValidUser
+from common.permissions import IsValidUser
 from common.utils import get_logger
 from users.models import User

--- a/apps/authentication/api/feishu.py
+++ b/apps/authentication/api/feishu.py
@ -4,12 +4,13 @@ from rest_framework.views import APIView

 from authentication import errors
 from authentication.const import ConfirmType
+from authentication.permissions import UserConfirmation
 from common.api import RoleUserMixin, RoleAdminMixin
-from common.permissions import UserConfirmation, IsValidUser
+from common.permissions import IsValidUser
 from common.utils import get_logger
 from users.models import User

-logger = get_logger(__file__)
+logger = get_logger(__name__)


 class FeiShuQRUnBindBase(APIView):
--- a/apps/authentication/api/wecom.py
+++ b/apps/authentication/api/wecom.py
@ -4,8 +4,9 @@ from rest_framework.views import APIView

 from authentication import errors
 from authentication.const import ConfirmType
+from authentication.permissions import UserConfirmation
 from common.api import RoleUserMixin, RoleAdminMixin
-from common.permissions import UserConfirmation, IsValidUser
+from common.permissions import IsValidUser
 from common.utils import get_logger
 from users.models import User

--- a/apps/authentication/permissions.py
+++ b/apps/authentication/permissions.py
@ -0,0 +1,58 @@
+import time
+
+from django.conf import settings
+from rest_framework import permissions
+
+from authentication.const import ConfirmType
+from authentication.models import ConnectionToken
+from common.exceptions import UserConfirmRequired
+from common.permissions import IsValidUser
+from common.utils import get_object_or_none
+from orgs.utils import tmp_to_root_org
+
+
+class UserConfirmation(permissions.BasePermission):
+    ttl = 60 * 5
+    min_level = 1
+    confirm_type = 'relogin'
+
+    def has_permission(self, request, view):
+        if not settings.SECURITY_VIEW_AUTH_NEED_MFA:
+            return True
+
+        confirm_level = request.session.get('CONFIRM_LEVEL')
+        confirm_time = request.session.get('CONFIRM_TIME')
+        ttl = self.get_ttl()
+        if not confirm_level or not confirm_time or \
+                confirm_level < self.min_level or \
+                confirm_time < time.time() - ttl:
+            raise UserConfirmRequired(code=self.confirm_type)
+        return True
+
+    def get_ttl(self):
+        if self.confirm_type == ConfirmType.MFA:
+            ttl = settings.SECURITY_MFA_VERIFY_TTL
+        else:
+            ttl = self.ttl
+        return ttl
+
+    @classmethod
+    def require(cls, confirm_type=ConfirmType.RELOGIN, ttl=60 * 5):
+        min_level = ConfirmType.values.index(confirm_type) + 1
+        name = 'UserConfirmationLevel{}TTL{}'.format(min_level, ttl)
+        return type(name, (cls,), {'min_level': min_level, 'ttl': ttl, 'confirm_type': confirm_type})
+
+
+class IsValidUserOrConnectionToken(IsValidUser):
+    def has_permission(self, request, view):
+        return super().has_permission(request, view) \
+            or self.is_valid_connection_token(request)
+
+    @staticmethod
+    def is_valid_connection_token(request):
+        token_id = request.query_params.get('token')
+        if not token_id:
+            return False
+        with tmp_to_root_org():
+            token = get_object_or_none(ConnectionToken, id=token_id)
+        return token and token.is_valid
--- a/apps/authentication/views/dingtalk.py
+++ b/apps/authentication/views/dingtalk.py
@ -13,7 +13,7 @@ from authentication import errors
 from authentication.const import ConfirmType
 from authentication.mixins import AuthMixin
 from authentication.notifications import OAuthBindMessage
-from common.permissions import UserConfirmation
+from authentication.permissions import UserConfirmation
 from common.sdk.im.dingtalk import URL, DingTalk
 from common.utils import get_logger
 from common.utils.common import get_request_ip
--- a/apps/authentication/views/feishu.py
+++ b/apps/authentication/views/feishu.py
@ -11,7 +11,7 @@ from rest_framework.permissions import AllowAny, IsAuthenticated

 from authentication.const import ConfirmType
 from authentication.notifications import OAuthBindMessage
-from common.permissions import UserConfirmation
+from authentication.permissions import UserConfirmation
 from common.sdk.im.feishu import URL, FeiShu
 from common.utils import get_logger
 from common.utils.common import get_request_ip
--- a/apps/authentication/views/wecom.py
+++ b/apps/authentication/views/wecom.py
@ -13,7 +13,7 @@ from authentication import errors
 from authentication.const import ConfirmType
 from authentication.mixins import AuthMixin
 from authentication.notifications import OAuthBindMessage
-from common.permissions import UserConfirmation
+from authentication.permissions import UserConfirmation
 from common.sdk.im.wecom import URL
 from common.sdk.im.wecom import WeCom
 from common.utils import get_logger
--- a/apps/common/permissions.py
+++ b/apps/common/permissions.py
@ -5,12 +5,6 @@ import time
 from django.conf import settings
 from rest_framework import permissions

-from authentication.const import ConfirmType
-from authentication.models import ConnectionToken
-from common.exceptions import UserConfirmRequired
-from common.utils import get_object_or_none
-from orgs.utils import tmp_to_root_org
-

 class IsValidUser(permissions.IsAuthenticated):
    """Allows access to valid user, is active and not expired"""
@ -20,21 +14,6 @@ class IsValidUser(permissions.IsAuthenticated):
            and request.user.is_valid


-class IsValidUserOrConnectionToken(IsValidUser):
-    def has_permission(self, request, view):
-        return super().has_permission(request, view) \
-            or self.is_valid_connection_token(request)
-
-    @staticmethod
-    def is_valid_connection_token(request):
-        token_id = request.query_params.get('token')
-        if not token_id:
-            return False
-        with tmp_to_root_org():
-            token = get_object_or_none(ConnectionToken, id=token_id)
-        return token and token.is_valid
-
-
 class OnlySuperUser(IsValidUser):
    def has_permission(self, request, view):
        return super().has_permission(request, view) \
@ -56,38 +35,6 @@ class WithBootstrapToken(permissions.BasePermission):
        return settings.BOOTSTRAP_TOKEN == request_bootstrap_token


-class UserConfirmation(permissions.BasePermission):
-    ttl = 60 * 5
-    min_level = 1
-    confirm_type = ConfirmType.RELOGIN
-
-    def has_permission(self, request, view):
-        if not settings.SECURITY_VIEW_AUTH_NEED_MFA:
-            return True
-
-        confirm_level = request.session.get('CONFIRM_LEVEL')
-        confirm_time = request.session.get('CONFIRM_TIME')
-        ttl = self.get_ttl()
-        if not confirm_level or not confirm_time or \
-                confirm_level < self.min_level or \
-                confirm_time < time.time() - ttl:
-            raise UserConfirmRequired(code=self.confirm_type)
-        return True
-
-    def get_ttl(self):
-        if self.confirm_type == ConfirmType.MFA:
-            ttl = settings.SECURITY_MFA_VERIFY_TTL
-        else:
-            ttl = self.ttl
-        return ttl
-
-    @classmethod
-    def require(cls, confirm_type=ConfirmType.RELOGIN, ttl=60 * 5):
-        min_level = ConfirmType.values.index(confirm_type) + 1
-        name = 'UserConfirmationLevel{}TTL{}'.format(min_level, ttl)
-        return type(name, (cls,), {'min_level': min_level, 'ttl': ttl, 'confirm_type': confirm_type})
-
-
 class ServiceAccountSignaturePermission(permissions.BasePermission):
    def has_permission(self, request, view):
        from authentication.models import AccessKey
--- a/apps/settings/api/public.py
+++ b/apps/settings/api/public.py
@ -2,7 +2,7 @@ from django.conf import settings
 from rest_framework import generics
 from rest_framework.permissions import AllowAny

-from common.permissions import IsValidUserOrConnectionToken
+from authentication.permissions import IsValidUserOrConnectionToken
 from common.utils import get_logger, lazyproperty
 from common.utils.timezone import local_now
 from jumpserver.utils import has_valid_xpack_license, get_xpack_license_info
--- a/apps/terminal/api/component/endpoint.py
+++ b/apps/terminal/api/component/endpoint.py
@ -6,8 +6,8 @@ from rest_framework.request import Request
 from rest_framework.response import Response

 from assets.models import Asset
+from authentication.permissions import IsValidUserOrConnectionToken
 from common.api import JMSBulkModelViewSet
-from common.permissions import IsValidUserOrConnectionToken
 from orgs.utils import tmp_to_root_org
 from terminal import serializers
 from terminal.models import Session, Endpoint, EndpointRule
--- a/apps/users/api/profile.py
+++ b/apps/users/api/profile.py
@ -5,7 +5,7 @@ from rest_framework import generics
 from rest_framework.permissions import IsAuthenticated

 from authentication.models import ConnectionToken
-from common.permissions import IsValidUserOrConnectionToken
+from authentication.permissions import IsValidUserOrConnectionToken
 from common.utils import get_object_or_none
 from orgs.utils import tmp_to_root_org
 from users.notifications import (
--- a/utils/add_china_db_platform.py
+++ b/utils/add_china_db_platform.py
@ -0,0 +1,8 @@
+#!/usr/bin/python
+#
+databases = [
+    {
+        'name': 'TiDB',
+        'type': 'mysql',
+    }
+]