github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

webscoket授权

pull/26/head
ibuler 2015-11-23 15:34:28 +08:00
parent 12f33176bf
commit f49a92e742
4 changed files with 55 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
connect.py
View File

@ -19,9 +19,10 @@ import struct, fcntl, signal, socket, select
os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings' os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings'
if django.get_version() != '1.6': if django.get_version() != '1.6':
django.setup() django.setup()
from django.contrib.sessions.models import Session
from jumpserver.api import ServerError, User, Asset, PermRole, AssetGroup, get_object, mkdir, get_asset_info, get_role from jumpserver.api import ServerError, User, Asset, PermRole, AssetGroup, get_object, mkdir, get_asset_info, get_role
from jumpserver.api import logger, Log, TtyLog, get_role_key from jumpserver.api import logger, Log, TtyLog, get_role_key
from jperm.perm_api import gen_resource, get_group_asset_perm, get_group_user_perm from jperm.perm_api import gen_resource, get_group_asset_perm, get_group_user_perm, user_have_perm
from jumpserver.settings import LOG_DIR from jumpserver.settings import LOG_DIR
from jperm.ansible_api import Command from jperm.ansible_api import Command

7
jlog/views.py
View File

@ -104,10 +104,7 @@ def log_record(request):
def web_terminal(request): def web_terminal(request):
#username = get_session.get('username', '') asset_id = 15
token = request.COOKIES.get('sessionid') web_terminal_uri = 'ws://%s/terminal?asset_id=%s' % (WEB_SOCKET_HOST, asset_id)
username = request.user.username
asset_name = '127.0.0.1'
web_terminal_uri = 'ws://%s/terminal?username=%s&asset_name=%s&token=%s' % (WEB_SOCKET_HOST, username, asset_name, token)
return render_to_response('jlog/web_terminal.html', locals()) return render_to_response('jlog/web_terminal.html', locals())

9
jperm/perm_api.py
View File

@ -132,6 +132,15 @@ def get_group_asset_perm(ob):
return perm return perm
def user_have_perm(user, asset):
user_perm_all = get_group_user_perm(user)
user_assets = user_perm_all.get('asset').keys()
if asset in user_assets:
return user_perm_all.get('asset').get(asset).get('role')
else:
return False
def gen_resource(ob, ex='', perm=None): def gen_resource(ob, ex='', perm=None):
""" """
ob为用户或资产列表或资产queryset, 如果同时输入用户和资产则获取用户在这些资产上的信息 ob为用户或资产列表或资产queryset, 如果同时输入用户和资产则获取用户在这些资产上的信息

55
run_websocket.py
View File

@ -23,7 +23,7 @@ from pyinotify import WatchManager, Notifier, ProcessEvent, IN_DELETE, IN_CREATE
import select import select
from connect import Tty, User, Asset, PermRole from connect import Tty, User, Asset, PermRole
from connect import TtyLog, Log from connect import TtyLog, Log, Session, user_have_perm
try: try:
import simplejson as json import simplejson as json
@ -37,14 +37,44 @@ define("host", default='0.0.0.0', help="run port on", type=str)
def require_auth(func): def require_auth(func):
def _deco(request, *args, **kwargs): def _deco(request, *args, **kwargs):
username = request.get_argument('username', '') if request.get_cookie('sessionid'):
asset_name = request.get_argument('asset_name', '') session_key = request.get_cookie('sessionid')
token = request.get_argument('token', '') else:
print username, asset_name, token session_key = request.get_secure_cookie('sessionid')
client = tornado.httpclient.HTTPClient()
# response = client.fetch('http://some/url') + urllib.urlencode({'username': username, print "session: " + session_key
# 'asset_name': asset_name, 'token': token})
# return request.close() if not session_key:
print('Auth Failed')
request.close()
session = Session.objects.filter(session_key=session_key)
if not session:
print('Auth Failed')
request.close()
else:
session = session[0]
uid = session.get_decoded().get('_auth_user_id')
user = User.objects.filter(id=uid)
asset_id = request.get_argument('asset_id', 9999)
asset = Asset.objects.filter(id=asset_id)
if asset:
asset = asset[0]
request.asset = asset
role = user_have_perm(user, asset)
request.role = role
else:
role = ''
if user:
user = user[0]
request.user = user
else:
print("No session user.")
request.close()
return func(request, *args, **kwargs) return func(request, *args, **kwargs)
return _deco return _deco
@ -200,6 +230,8 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
self.log_time_f = None self.log_time_f = None
self.log = None self.log = None
self.id = 0 self.id = 0
self.asset = None
self.user = None
super(WebTerminalHandler, self).__init__(*args, **kwargs) super(WebTerminalHandler, self).__init__(*args, **kwargs)
def check_origin(self, origin): def check_origin(self, origin):
@ -207,10 +239,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
@require_auth @require_auth
def open(self): def open(self):
asset_name = self.get_argument('asset_name', '') print self.user, self.asset
username = self.get_argument('username', '')
token = self.get_argument('token', '')
print asset_name, username, token
user = User.objects.get(username='lastimac') user = User.objects.get(username='lastimac')
asset = Asset.objects.get(ip='192.168.244.129') asset = Asset.objects.get(ip='192.168.244.129')
role = PermRole.objects.get(name='dev') role = PermRole.objects.get(name='dev')