webscoket授权

2015-11-23 15:34:28 +08:00 · 2015-11-23 15:34:28 +08:00 · f49a92e742
parent 12f33176bf
commit f49a92e742
4 changed files with 55 additions and 19 deletions
--- a/connect.py
+++ b/connect.py
@ -19,9 +19,10 @@ import struct, fcntl, signal, socket, select
 os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings'
 if django.get_version() != '1.6':
    django.setup()
+from django.contrib.sessions.models import Session
 from jumpserver.api import ServerError, User, Asset, PermRole, AssetGroup, get_object, mkdir, get_asset_info, get_role
 from jumpserver.api import logger, Log, TtyLog, get_role_key
-from jperm.perm_api import gen_resource, get_group_asset_perm, get_group_user_perm
+from jperm.perm_api import gen_resource, get_group_asset_perm, get_group_user_perm, user_have_perm
 from jumpserver.settings import LOG_DIR
 from jperm.ansible_api import Command

--- a/jlog/views.py
+++ b/jlog/views.py
@ -104,10 +104,7 @@ def log_record(request):


 def web_terminal(request):
-    #username = get_session.get('username', '')
-    token = request.COOKIES.get('sessionid')
-    username = request.user.username
-    asset_name = '127.0.0.1'
-    web_terminal_uri = 'ws://%s/terminal?username=%s&asset_name=%s&token=%s' % (WEB_SOCKET_HOST, username, asset_name, token)
+    asset_id = 15
+    web_terminal_uri = 'ws://%s/terminal?asset_id=%s' % (WEB_SOCKET_HOST, asset_id)
    return render_to_response('jlog/web_terminal.html', locals())

--- a/jperm/perm_api.py
+++ b/jperm/perm_api.py
@ -132,6 +132,15 @@ def get_group_asset_perm(ob):
    return perm


+def user_have_perm(user, asset):
+    user_perm_all = get_group_user_perm(user)
+    user_assets = user_perm_all.get('asset').keys()
+    if asset in user_assets:
+        return user_perm_all.get('asset').get(asset).get('role')
+    else:
+        return False
+
+
 def gen_resource(ob, ex='', perm=None):
    """
    ob为用户或资产列表或资产queryset, 如果同时输入用户和资产，则获取用户在这些资产上的信息
--- a/run_websocket.py
+++ b/run_websocket.py
@ -23,7 +23,7 @@ from pyinotify import WatchManager, Notifier, ProcessEvent, IN_DELETE, IN_CREATE
 import select

 from connect import Tty, User, Asset, PermRole
-from connect import TtyLog, Log
+from connect import TtyLog, Log, Session, user_have_perm

 try:
    import simplejson as json
@ -37,14 +37,44 @@ define("host", default='0.0.0.0', help="run port on", type=str)

 def require_auth(func):
    def _deco(request, *args, **kwargs):
-        username = request.get_argument('username', '')
-        asset_name = request.get_argument('asset_name', '')
-        token = request.get_argument('token', '')
-        print username, asset_name, token
-        client = tornado.httpclient.HTTPClient()
-        # response = client.fetch('http://some/url') + urllib.urlencode({'username': username,
-        #                                                                'asset_name': asset_name, 'token': token})
-        # return request.close()
+        if request.get_cookie('sessionid'):
+            session_key = request.get_cookie('sessionid')
+        else:
+            session_key = request.get_secure_cookie('sessionid')
+
+        print "session: " + session_key
+
+        if not session_key:
+            print('Auth Failed')
+            request.close()
+
+        session = Session.objects.filter(session_key=session_key)
+        if not session:
+            print('Auth Failed')
+            request.close()
+        else:
+            session = session[0]
+        uid = session.get_decoded().get('_auth_user_id')
+        user = User.objects.filter(id=uid)
+        asset_id = request.get_argument('asset_id', 9999)
+
+        asset = Asset.objects.filter(id=asset_id)
+        if asset:
+            asset = asset[0]
+            request.asset = asset
+            role = user_have_perm(user, asset)
+            request.role = role
+        else:
+            role = ''
+
+        if user:
+            user = user[0]
+            request.user = user
+
+        else:
+            print("No session user.")
+            request.close()
+
        return func(request, *args, **kwargs)
    return _deco

@ -200,6 +230,8 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
        self.log_time_f = None
        self.log = None
        self.id = 0
+        self.asset = None
+        self.user = None
        super(WebTerminalHandler, self).__init__(*args, **kwargs)

    def check_origin(self, origin):
@ -207,10 +239,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):

    @require_auth
    def open(self):
-        asset_name = self.get_argument('asset_name', '')
-        username = self.get_argument('username', '')
-        token = self.get_argument('token', '')
-        print asset_name, username, token
+        print self.user, self.asset
        user = User.objects.get(username='lastimac')
        asset = Asset.objects.get(ip='192.168.244.129')
        role = PermRole.objects.get(name='dev')