perf: aks encrypt

apps/audits/tasks.py

@@ -2,15 +2,14 @@
 #
 import datetime
 import os
-import subprocess
 
 from celery import shared_task
 from django.conf import settings
 from django.core.files.storage import default_storage
 from django.db import transaction
 from django.utils import timezone
-from django.utils.translation import gettext_lazy as _
 from django.utils._os import safe_join
+from django.utils.translation import gettext_lazy as _
 
 from common.const.crontab import CRONTAB_AT_AM_TWO
 from common.storage.ftp_file import FTPFileStorageHandler
@@ -79,7 +78,7 @@ def clean_celery_tasks_period():
     command = "find %s -mtime +%s -name '*.log' -type f -exec rm -f {} \\;"
     safe_run_cmd(command, (settings.CELERY_LOG_DIR, expire_days))
     celery_log_path = safe_join(settings.LOG_DIR, 'celery.log')
-    command = "echo > {}".format(celery_log_path)
+    command = "echo > %s"
     safe_run_cmd(command, (celery_log_path,))
 
 

apps/authentication/migrations/0008_alter_accesskey_secret_alter_temptoken_secret.py

@@ -4,6 +4,25 @@ import authentication.models.access_key
 import common.db.fields
 from django.db import migrations
 
+old_access_key_secrets_mapper = {}
+
+def fetch_access_key_secrets(apps, schema_editor):
+    AccessKey = apps.get_model("authentication", "AccessKey")
+
+    for id, secret in AccessKey.objects.all().values_list('id', 'secret'):
+        old_access_key_secrets_mapper[str(id)] = secret
+
+
+def save_access_key_secrets(apps, schema_editor):
+    AccessKey = apps.get_model("authentication", "AccessKey")
+    aks = AccessKey.objects.filter(id__in=list(old_access_key_secrets_mapper.keys()))
+    for ak in aks:
+        old_value = old_access_key_secrets_mapper.get(str(ak.id))
+        if not old_value:
+            continue
+        ak.secret = old_value
+        ak.save(update_fields=["secret"])
+
 
 class Migration(migrations.Migration):
 
@@ -12,6 +31,7 @@ class Migration(migrations.Migration):
     ]
 
     operations = [
+        migrations.RunPython(fetch_access_key_secrets),
         migrations.AlterField(
             model_name="accesskey",
             name="secret",
@@ -27,4 +47,5 @@ class Migration(migrations.Migration):
                 verbose_name="Secret"
             ),
         ),
+        migrations.RunPython(save_access_key_secrets),
     ]

apps/common/db/fields.py

@@ -144,6 +144,7 @@ class EncryptMixin:
             return value
 
         plain_value = Encryptor(value).decrypt()
+
         # 可能和Json mix，所以要先解密，再json
         sp = super()
         if hasattr(sp, "from_db_value"):
@@ -166,9 +167,6 @@ class EncryptMixin:
 class EncryptTextField(EncryptMixin, models.TextField):
     description = _("Encrypt field using Secret Key")
 
-    def __init__(self, *args, **kwargs):
-        super().__init__(*args, **kwargs)
-
 
 class EncryptCharField(EncryptMixin, models.CharField):
     @staticmethod

apps/common/utils/safe.py

@@ -1,9 +1,8 @@
-import re
-import subprocess
 import shlex
+import subprocess
 
 
 def safe_run_cmd(cmd_str, cmd_args=(), shell=True):
-    cmd_args = [shlex.quote(arg) for arg in cmd_args]
+    cmd_args = [shlex.quote(str(arg)) for arg in cmd_args]
     cmd = cmd_str % tuple(cmd_args)
     return subprocess.run(cmd, shell=shell)

apps/jumpserver/settings/base.py

@@ -87,7 +87,7 @@ ALLOWED_DOMAINS.extend(DEBUG_HOST_PORTS)
 # for host in ALLOWED_DOMAINS:
 #     print('  - ' + host.lstrip('.'))
 
-ALLOWED_HOSTS = []
+ALLOWED_HOSTS = ['*']
 
 # https://docs.djangoproject.com/en/4.1/ref/settings/#std-setting-CSRF_TRUSTED_ORIGINS
 CSRF_TRUSTED_ORIGINS = []