修正：潜在安全问题，批量导入时上传的文件在服务端未删除。

server/www/teleport/view/asset/host-list.mako

@@ -366,8 +366,9 @@
                 </div>
                 <div class="modal-body">
 
-                    <div style="text-align:center;margin:10px;">
-                        请点击图标，选择要上传的文件！
+                    <div style="text-align:center;margin:10px 0 20px 0;">
+                        <p>请点击图标，选择要上传的文件！</p>
+                        <p><a href="/static/download/teleport-example-asset.csv"><i class="fa fa-download fa-fw"></i>下载资产信息文件模板</a>。</p>
                     </div>
                     <div style="text-align:center;">
                         <i id="btn-select-file" class="upload-button fa fa-file-text-o fa-fw"></i>

server/www/teleport/view/user/user-list.mako

@@ -333,8 +333,9 @@
                 </div>
                 <div class="modal-body">
 
-                    <div style="text-align:center;margin:10px;">
-                        请点击图标，选择要上传的文件！
+                    <div style="text-align:center;margin:10px 0 20px 0;">
+                        <p>请点击图标，选择要上传的文件！</p>
+                        <p><a href="/static/download/teleport-example-user.csv"><i class="fa fa-download fa-fw"></i>下载用户信息文件模板</a>。</p>
                     </div>
                     <div style="text-align:center;">
                         <i id="btn-select-file" class="upload-button fa fa-file-text-o fa-fw"></i>

server/www/teleport/webroot/app/controller/host.py

@@ -291,6 +291,7 @@ class DoImportHandler(TPBaseHandler):
                             _router_port = 0
 
                         _host = dict()
+                        _host['_line'] = line
                         _host['ip'] = _ip
                         _host['os'] = _host_os
                         _host['name'] = csv_recorder[self.IDX_NAME].strip()
@@ -364,6 +365,7 @@ class DoImportHandler(TPBaseHandler):
                         all_acc.append(_acc_info)
 
                         _acc = dict()
+                        _acc['_line'] = line
                         _acc['username'] = _username
                         _acc['protocol_type'] = _protocol
                         _acc['protocol_port'] = _protocol_port
@@ -376,6 +378,9 @@ class DoImportHandler(TPBaseHandler):
 
                         hosts[last_ip]['acc'].append(_acc)
 
+            if os.path.exists(csv_filename):
+                os.remove(csv_filename)
+
             # 如果解析过程中发生问题，则不再继续
             if len(failed) > 0:
                 ret['code'] = TPE_FAILED
@@ -445,7 +450,11 @@ class DoImportHandler(TPBaseHandler):
                 args['desc'] = hosts[ip]['desc']
                 err, host_id = host.add_host(self, args)
                 if err != TPE_OK:
-                    failed.append({'line': 0, 'error': '增加主机{}失败，数据库操作失败。'.format(ip)})
+                    hosts[ip]['host_id'] = 0
+                    if err == TPE_EXISTS:
+                        failed.append({'line': hosts[ip]['_line'], 'error': '增加主机{}失败，此主机已经存在。'.format(ip)})
+                    else:
+                        failed.append({'line': hosts[ip]['_line'], 'error': '增加主机{}失败，数据库操作失败。'.format(ip)})
                     continue
                 hosts[ip]['host_id'] = host_id
 
@@ -468,9 +477,11 @@ class DoImportHandler(TPBaseHandler):
                         args['pri_key'] = hosts[ip]['acc'][i]['secret']
 
                     err, acc_id = account.add_account(self, host_id, args)
-                    if err != TPE_OK:
-                        failed.append({'line': 0, 'error': '增加账号{}@{}失败，数据库操作失败。'.format(args['username'], ip)})
+                    if err == TPE_EXISTS:
+                        failed.append({'line': hosts[ip]['acc']['_line'], 'error': '增加账号{}@{}失败，账号已经存在。'.format(args['username'], ip)})
                         continue
+                    elif err != TPE_OK:
+                        failed.append({'line': hosts[ip]['acc']['_line'], 'error': '增加账号{}@{}失败，数据库操作失败。'.format(args['username'], ip)})
 
                     hosts[ip]['acc'][i]['acc_id'] = acc_id
 
@@ -546,10 +557,6 @@ class DoImportHandler(TPBaseHandler):
                 ret['data'] = failed
             return self.write(json.dumps(ret).encode('utf8'))
 
-        finally:
-            if os.path.exists(csv_filename):
-                os.remove(csv_filename)
-
 
 class DoUpdateHostHandler(TPBaseJsonHandler):
     def post(self):

server/www/teleport/webroot/app/controller/user.py

@@ -427,6 +427,9 @@ class DoImportHandler(TPBaseHandler):
 
                     user_list.append(u)
 
+            if os.path.exists(csv_filename):
+                os.remove(csv_filename)
+
             # 检查一下
             if len(user_list) == 0:
                 ret['code'] = TPE_FAILED
@@ -513,10 +516,6 @@ class DoImportHandler(TPBaseHandler):
             ret['data'] = failed
             return self.write(json.dumps(ret).encode('utf8'))
 
-        finally:
-            if os.path.exists(csv_filename):
-                os.remove(csv_filename)
-
 
 class DoUpdateUserHandler(TPBaseJsonHandler):
     @tornado.gen.coroutine

server/www/teleport/webroot/app/model/account.py

@@ -253,21 +253,21 @@ def add_account(handler, host_id, args):
     if db_ret is not None and len(db_ret) > 0:
         return TPE_EXISTS, 0
 
-    # sql = 'INSERT INTO `{}acc` (host_id, host_ip, router_ip, router_port, protocol_type, protocol_port, state, auth_type, username, password, pri_key, creator_id, create_time) VALUES ' \
-    #       '({host_id}, "{host_ip}", "{router_ip}", {router_port}, {protocol_type}, {protocol_port}, {state}, {auth_type}, "{username}", "{password}", "{pri_key}", {creator_id}, {create_time});' \
-    #       ''.format(db.table_prefix,
-    #                 host_id=host_id, host_ip=args['host_ip'], router_ip=args['router_ip'], router_port=args['router_port'],
-    #                 protocol_type=args['protocol_type'], protocol_port=args['protocol_port'], state=TP_STATE_NORMAL,
-    #                 auth_type=args['auth_type'], username=args['username'], password=args['password'], pri_key=args['pri_key'],
-    #                 creator_id=operator['id'], create_time=_time_now)
-
-    sql = 'INSERT INTO `{}acc` (host_id, protocol_type, protocol_port, state, auth_type, username, password, pri_key, creator_id, create_time) VALUES ' \
-          '({host_id}, {protocol_type}, {protocol_port}, {state}, {auth_type}, "{username}", "{password}", "{pri_key}", {creator_id}, {create_time});' \
+    sql = 'INSERT INTO `{}acc` (host_id, host_ip, router_ip, router_port, protocol_type, protocol_port, state, auth_type, username, password, pri_key, creator_id, create_time) VALUES ' \
+          '({host_id}, "{host_ip}", "{router_ip}", {router_port}, {protocol_type}, {protocol_port}, {state}, {auth_type}, "{username}", "{password}", "{pri_key}", {creator_id}, {create_time});' \
           ''.format(db.table_prefix,
-                    host_id=host_id,
+                    host_id=host_id, host_ip=args['host_ip'], router_ip=args['router_ip'], router_port=args['router_port'],
                     protocol_type=args['protocol_type'], protocol_port=args['protocol_port'], state=TP_STATE_NORMAL,
                     auth_type=args['auth_type'], username=args['username'], password=args['password'], pri_key=args['pri_key'],
                     creator_id=operator['id'], create_time=_time_now)
+
+    # sql = 'INSERT INTO `{}acc` (host_id, protocol_type, protocol_port, state, auth_type, username, password, pri_key, creator_id, create_time) VALUES ' \
+    #       '({host_id}, {protocol_type}, {protocol_port}, {state}, {auth_type}, "{username}", "{password}", "{pri_key}", {creator_id}, {create_time});' \
+    #       ''.format(db.table_prefix,
+    #                 host_id=host_id,
+    #                 protocol_type=args['protocol_type'], protocol_port=args['protocol_port'], state=TP_STATE_NORMAL,
+    #                 auth_type=args['auth_type'], username=args['username'], password=args['password'], pri_key=args['pri_key'],
+    #                 creator_id=operator['id'], create_time=_time_now)
     db_ret = db.exec(sql)
     if not db_ret:
         return TPE_DATABASE, 0