From a7a030feddda9a24c128d817e94bd4e7441ee392 Mon Sep 17 00:00:00 2001 From: ibuler Date: Mon, 23 Nov 2015 23:07:58 +0800 Subject: [PATCH] fix bug --- jumpserver/context_processors.py | 8 +- run_websocket.py | 130 +++++++++++++++++-------------- templates/jasset/asset_list.html | 4 +- templates/jlog/log_online.html | 20 ++--- 4 files changed, 81 insertions(+), 81 deletions(-) diff --git a/jumpserver/context_processors.py b/jumpserver/context_processors.py index 35c656c25..e84cc60ec 100644 --- a/jumpserver/context_processors.py +++ b/jumpserver/context_processors.py @@ -5,16 +5,12 @@ from jumpserver.api import * def name_proc(request): user_id = request.user.id - # role_id = request.session.get('role_id') - role_id = {'SU':2,'GA':1,'CU':0}.get(request.user.role,0) - # if role_id == 2: + role_id = {'SU': 2, 'GA': 1, 'CU': 0}.get(request.user.role, 0) + # role_id = 'SU' user_total_num = User.objects.all().count() user_active_num = User.objects.filter().count() host_total_num = Asset.objects.all().count() host_active_num = Asset.objects.filter(is_active=True).count() - # else: - # pass - request.session.set_expiry(3600) info_dic = {'session_user_id': user_id, diff --git a/run_websocket.py b/run_websocket.py index 58e9e796a..6963c1701 100644 --- a/run_websocket.py +++ b/run_websocket.py @@ -7,6 +7,7 @@ import os import sys import os.path import threading +import datetime import urllib import tornado.ioloop @@ -22,7 +23,7 @@ from tornado.options import define, options from pyinotify import WatchManager, Notifier, ProcessEvent, IN_DELETE, IN_CREATE, IN_MODIFY, AsyncNotifier import select -from connect import Tty, User, Asset, PermRole +from connect import Tty, User, Asset, PermRole, logger, get_object from connect import TtyLog, Log, Session, user_have_perm try: @@ -35,45 +36,49 @@ define("port", default=3000, help="run on the given port", type=int) define("host", default='0.0.0.0', help="run port on", type=str) -def require_auth(func): - def _deco(request, *args, **kwargs): - if request.get_cookie('sessionid'): - session_key = request.get_cookie('sessionid') - else: - session_key = request.get_secure_cookie('sessionid') +def require_auth(role='user'): + def _deco(func): + def _deco(request, *args, **kwargs): + if request.get_cookie('sessionid'): + session_key = request.get_cookie('sessionid') + else: + session_key = request.get_secure_cookie('sessionid') - print "session: " + session_key + logger.debug('Websocket: session_key: ' + session_key) - if not session_key: - print('Auth Failed') + if session_key: + session = get_object(Session, session_key=session_key) + if session and datetime.datetime.now() > session.expire_date: + user_id = session.get_decoded().get('_auth_user_id') + user = get_object(User, id=user_id) + if user: + logger.debug('Websocket: user [ %s ] request websocket' % user.username) + request.user = user + if role == 'admin': + if user.role in ['SU', 'GA']: + return func(request, *args, **kwargs) + logger.debug('Websocket: user [ %s ] is not admin.' % user.username) + else: + return func(request, *args, **kwargs) request.close() - - session = Session.objects.filter(session_key=session_key) - if not session: - print('Auth Failed') - request.close() - else: - session = session[0] - uid = session.get_decoded().get('_auth_user_id') - user = User.objects.filter(id=uid) - asset_id = int(request.get_argument('id', 9999)) - print asset_id - asset = Asset.objects.filter(id=asset_id) - if asset: - asset = asset[0] - request.asset = asset - else: - request.close() - - if user: - user = user[0] - request.user = user - - else: - print("No session user.") - request.close() - - return func(request, *args, **kwargs) + logger.warning('Websocket: Request auth failed.') + # asset_id = int(request.get_argument('id', 9999)) + # print asset_id + # asset = Asset.objects.filter(id=asset_id) + # if asset: + # asset = asset[0] + # request.asset = asset + # else: + # request.close() + # + # if user: + # user = user[0] + # request.user = user + # + # else: + # print("No session user.") + # request.close() + return _deco return _deco @@ -109,10 +114,10 @@ def file_monitor(path='.', client=None): notifier = AsyncNotifier(wm, EventHandler(client)) wm.add_watch(path, mask, auto_add=True, rec=True) if not os.path.isfile(path): - print "You should monitor a file" + logger.debug("File %s does not exist." % path) sys.exit(3) else: - print "now starting monitor %s." % path + logger.debug("Now starting monitor file %s." % path) global f f = open(path, 'r') st_size = os.stat(path)[6] @@ -158,7 +163,7 @@ class MonitorHandler(tornado.websocket.WebSocketHandler): def check_origin(self, origin): return True - @require_auth + @require_auth('admin') def open(self): # 获取监控的path self.file_path = self.get_argument('file_path', '') @@ -180,7 +185,8 @@ class MonitorHandler(tornado.websocket.WebSocketHandler): MonitorHandler.clients.remove(self) MonitorHandler.threads.remove(MonitorHandler.threads[client_index]) - print len(MonitorHandler.threads), len(MonitorHandler.clients) + logger.debug("Websocket: Monitor client num: %s, thread num: %s" % (len(MonitorHandler.clients), + len(MonitorHandler.threads))) def on_message(self, message): # 监控日志,发生变动发向客户端 @@ -190,10 +196,13 @@ class MonitorHandler(tornado.websocket.WebSocketHandler): # 客户端主动关闭 # self.close() - print "Close websocket." - client_index = MonitorHandler.clients.index(self) - MonitorHandler.clients.remove(self) - MonitorHandler.threads.remove(MonitorHandler.threads[client_index]) + logger.debug("Websocket: Monitor client close request") + try: + client_index = MonitorHandler.clients.index(self) + MonitorHandler.clients.remove(self) + MonitorHandler.threads.remove(MonitorHandler.threads[client_index]) + except ValueError: + pass class WebTty(Tty): @@ -206,6 +215,7 @@ class WebTty(Tty): class WebTerminalKillHandler(tornado.web.RequestHandler): + @require_auth('admin') def get(self): ws_id = self.get_argument('id') Log.objects.filter(id=ws_id).update(is_finished=True) @@ -228,7 +238,6 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler): self.log_time_f = None self.log = None self.id = 0 - self.asset = None self.user = None super(WebTerminalHandler, self).__init__(*args, **kwargs) @@ -237,19 +246,22 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler): @require_auth def open(self): - print self.user, self.asset - role_name = self.get_argument('role', 'root') - roles = user_have_perm(self.user, self.asset) - login_role = '' - for role in roles: - if role.name == role_name: - login_role = role - break - print login_role - if not login_role: - print "no role" - self.close() - return + role_name = self.get_argument('role', 'sb') + asset_id = self.get_argument('id', 9999) + asset = get_object(Asset, id=asset_id) + if asset: + roles = user_have_perm(self.user, asset) + login_role = '' + for role in roles: + if role.name == role_name: + login_role = role + break + if not login_role: + logger.warning('Websocket: Not that Role %s for Host: %s User: %s ' % (role_name, asset.name, + self.user.username)) + self.close() + return + logger.debug('Websocket: request web terminal Host: %s User: %s Role: %s' % ()) # Todo: 判断 self.term = WebTty(self.user, self.asset, login_role) self.term.get_connection() diff --git a/templates/jasset/asset_list.html b/templates/jasset/asset_list.html index d684e7c41..e6a12567d 100644 --- a/templates/jasset/asset_list.html +++ b/templates/jasset/asset_list.html @@ -179,10 +179,10 @@ url: url, data: {}, success: function(data){ - console.log(data); var dataArray = data.split(','); if (dataArray.length == 1 && data != 'error'){ - window.open(new_url + data, '播放', 'height=400, width=600, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,resizeable=no,location=no,status=no'); + console.log('one'); + window.open(new_url + data, '', 'height=400, width=600, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,resizeable=no,location=no,status=no'); } else if (dataArray.length == '1' && data == 'error'){ layer.alert('没有授权角色') } else { diff --git a/templates/jlog/log_online.html b/templates/jlog/log_online.html index 96d8a9d07..42ea11a38 100644 --- a/templates/jlog/log_online.html +++ b/templates/jlog/log_online.html @@ -79,11 +79,9 @@ 用户名 登录主机 来源IP - {% ifnotequal session_role_id 0 %} - 统计命令 - 实时监控 - 阻断 - {% endifnotequal %} + 统计命令 + 实时监控 + 阻断 登录时间 @@ -94,11 +92,9 @@ {{ post.user }} {{ post.host }} {{ post.remote_ip }} - {% ifnotequal session_role_id 0 %} - 命令统计 - 监控 - - {% endifnotequal %} + 命令统计 + 监控 + {{ post.start_time|date:"Y-m-d H:i:s" }} {% endfor %} @@ -188,10 +184,6 @@ }}); return false; }); - - $('#test_connect').click(function(){ - window.open('/jlog/web_terminal/?asset_name="hello', '播放', 'height=400, width=600, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,resizeable=no,location=no,status=no'); - }); }); {# function log_search(){#}