From a43f7b0f35e4bbd3c49b18c9d3b58d06256333e0 Mon Sep 17 00:00:00 2001 From: Apex Liu Date: Mon, 2 Dec 2019 19:50:55 +0800 Subject: [PATCH] .temp. --- server/www/teleport/webroot/app/base/db.py | 11 ++-- .../www/teleport/webroot/app/model/account.py | 50 ++++++++-------- server/www/teleport/webroot/app/model/host.py | 60 ++++++++++++------- .../www/teleport/webroot/app/model/syslog.py | 12 ++-- 4 files changed, 78 insertions(+), 55 deletions(-) diff --git a/server/www/teleport/webroot/app/base/db.py b/server/www/teleport/webroot/app/base/db.py index c065312..5b481f4 100644 --- a/server/www/teleport/webroot/app/base/db.py +++ b/server/www/teleport/webroot/app/base/db.py @@ -366,18 +366,21 @@ class TPDatabasePool: return False if self._get_connect() is None else True def query(self, sql, args): + log.d('SQL-QUERY: ', sql, ' args=', args, '\n') _conn = self._get_connect() if _conn is None: return None return self._do_query(_conn, sql, args) def exec(self, sql, args): + log.d('SQL-EXEC: ', sql, ' args=', args, '\n') _conn = self._get_connect() if _conn is None: return False return self._do_exec(_conn, sql, args) def transaction(self, sql_list): + log.d('SQL-TRANS:', sql_list, '\n') _conn = self._get_connect() if _conn is None: return False @@ -611,7 +614,7 @@ class TPMysqlPool(TPDatabasePool): try: conn.begin() for item in sql_list: - conn.execute(item['s'], item['v']) + cursor.execute(item['s'], item['v']) conn.commit() return True except pymysql.err.OperationalError as e: @@ -870,7 +873,7 @@ class SQL: if self._limit is not None: sql = self._make_sql_counter_string() # log.d(sql, '\n') - db_ret = self._db.query(sql) + db_ret = self._db.query(sql, vars) if db_ret is None or 0 == len(db_ret): self._ret_page_index = 0 return TPE_OK @@ -893,10 +896,10 @@ class SQL: return TPE_OK - def exec(self): + def exec(self, vars=None): sql = self._make_sql_delete_string() # log.d(sql, '\n') - if not self._db.exec(sql): + if not self._db.exec(sql, vars): return TPE_DATABASE else: return TPE_OK diff --git a/server/www/teleport/webroot/app/model/account.py b/server/www/teleport/webroot/app/model/account.py index cc5b6aa..591411a 100644 --- a/server/www/teleport/webroot/app/model/account.py +++ b/server/www/teleport/webroot/app/model/account.py @@ -9,20 +9,21 @@ from app.base.stats import tp_stats def get_account_info(acc_id): - s = SQL(get_db()) + db = get_db() + s = SQL(db) # s.select_from('acc', ['id', 'password', 'pri_key', 'state', 'host_ip', 'router_ip', 'router_port', 'protocol_type', 'protocol_port', 'auth_type', 'username'], alt_name='a') s.select_from('acc', ['id', 'password', 'pri_key', 'state', 'host_id', 'protocol_type', 'protocol_port', 'auth_type', 'username', 'username_prompt', 'password_prompt'], alt_name='a') - s.where('a.id={}'.format(acc_id)) - err = s.query() + s.where('a.id={ph}'.format(ph=db.place_holder)) + err = s.query((acc_id, )) if err != TPE_OK: return err, None if len(s.recorder) != 1: return TPE_DATABASE, None - sh = SQL(get_db()) + sh = SQL(db) sh.select_from('host', ['id', 'name', 'ip', 'router_ip', 'router_port', 'state'], alt_name='h') - sh.where('h.id={}'.format(s.recorder[0].host_id)) - err = sh.query() + sh.where('h.id={ph}'.format(ph=db.place_holder)) + err = sh.query((s.recorder[0].host_id, )) if err != TPE_OK: return err, None if len(s.recorder) != 1: @@ -35,14 +36,15 @@ def get_account_info(acc_id): def get_host_accounts(host_id): # 获取指定主机的所有账号 - s = SQL(get_db()) + db = get_db() + s = SQL(db) # s.select_from('acc', ['id', 'state', 'host_ip', 'router_ip', 'router_port', 'protocol_type', 'protocol_port', 'auth_type', 'username', 'pri_key'], alt_name='a') s.select_from('acc', ['id', 'state', 'protocol_type', 'protocol_port', 'auth_type', 'username', 'username_prompt', 'password_prompt'], alt_name='a') - s.where('a.host_id={}'.format(host_id)) + s.where('a.host_id={ph}'.format(ph=db.place_holder)) s.order_by('a.username', True) - err = s.query() + err = s.query((host_id, )) return err, s.recorder @@ -251,18 +253,18 @@ def add_account(handler, host_id, args): operator = handler.get_current_user() # 1. 判断是否已经存在了 - sql = 'SELECT id FROM {}acc WHERE host_id={} AND protocol_port={} AND username="{}" AND auth_type={};'.format(db.table_prefix, host_id, args['protocol_port'], args['username'], args['auth_type']) - db_ret = db.query(sql) + sql = 'SELECT `id` FROM `{tp}acc` WHERE `host_id`={ph} AND `protocol_port`={ph} AND `username`={ph} AND `auth_type`={ph};'.format(tp=db.table_prefix, ph=db.place_holder) + db_ret = db.query(sql, (host_id, args['protocol_port'], args['username'], args['auth_type'])) if db_ret is not None and len(db_ret) > 0: return TPE_EXISTS, 0 - sql = 'INSERT INTO `{}acc` (host_id, host_ip, router_ip, router_port, protocol_type, protocol_port, state, auth_type, username, username_prompt, password_prompt, password, pri_key, creator_id, create_time) VALUES ' \ - '({host_id}, "{host_ip}", "{router_ip}", {router_port}, {protocol_type}, {protocol_port}, {state}, {auth_type}, "{username}", "{username_prompt}", "{password_prompt}", "{password}", "{pri_key}", {creator_id}, {create_time});' \ - ''.format(db.table_prefix, - host_id=host_id, host_ip=args['host_ip'], router_ip=args['router_ip'], router_port=args['router_port'], - protocol_type=args['protocol_type'], protocol_port=args['protocol_port'], state=TP_STATE_NORMAL, - auth_type=args['auth_type'], username=args['username'], username_prompt=args['username_prompt'], password_prompt=args['password_prompt'], - password=args['password'], pri_key=args['pri_key'], creator_id=operator['id'], create_time=_time_now) + sql_s = 'INSERT INTO `{tp}acc` (`host_id`,`host_ip`,`router_ip`,`router_port`,`protocol_type`,`protocol_port`,' \ + '`state`,`auth_type`,`username`,`username_prompt`,`password_prompt`,`password`,`pri_key`,`creator_id`,`create_time`) VALUES ' \ + '({ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph}, {ph});' \ + ''.format(tp=db.table_prefix, ph=db.place_holder) + sql_v = (host_id, args['host_ip'], args['router_ip'], args['router_port'], args['protocol_type'], args['protocol_port'], + TP_STATE_NORMAL, args['auth_type'], args['username'], args['username_prompt'], args['password_prompt'], + args['password'], args['pri_key'], operator['id'], _time_now) # sql = 'INSERT INTO `{}acc` (host_id, protocol_type, protocol_port, state, auth_type, username, password, pri_key, creator_id, create_time) VALUES ' \ # '({host_id}, {protocol_type}, {protocol_port}, {state}, {auth_type}, "{username}", "{password}", "{pri_key}", {creator_id}, {create_time});' \ @@ -271,7 +273,7 @@ def add_account(handler, host_id, args): # protocol_type=args['protocol_type'], protocol_port=args['protocol_port'], state=TP_STATE_NORMAL, # auth_type=args['auth_type'], username=args['username'], password=args['password'], pri_key=args['pri_key'], # creator_id=operator['id'], create_time=_time_now) - db_ret = db.exec(sql) + db_ret = db.exec(sql_s, sql_v) if not db_ret: return TPE_DATABASE, 0 @@ -283,9 +285,9 @@ def add_account(handler, host_id, args): syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "创建账号:{}".format(acc_name)) # 更新主机相关账号数量 - sql = 'UPDATE `{}host` SET acc_count=acc_count+1 WHERE id={host_id};' \ - ''.format(db.table_prefix, host_id=host_id) - db_ret = db.exec(sql) + sql = 'UPDATE `{tp}host` SET `acc_count`=`acc_count`+1 WHERE `id`={ph};' \ + ''.format(tp=db.table_prefix, ph=db.place_holder) + db.exec(sql, (host_id, )) # if not db_ret: # return TPE_DATABASE, 0 @@ -301,8 +303,8 @@ def update_account(handler, host_id, acc_id, args): db = get_db() # 1. 判断是否存在 - sql = 'SELECT `id`, `host_ip`, `router_ip`, `router_port` FROM `{}acc` WHERE `host_id`={host_id} AND `id`={acc_id};'.format(db.table_prefix, host_id=host_id, acc_id=acc_id) - db_ret = db.query(sql) + sql = 'SELECT `id`,`host_ip`,`router_ip`,`router_port` FROM `{tp}acc` WHERE `host_id`={ph} AND `id`={ph};'.format(tp=db.table_prefix, ph=db.place_holder) + db_ret = db.query(sql, (host_id, acc_id)) if db_ret is None or len(db_ret) == 0: return TPE_NOT_EXISTS diff --git a/server/www/teleport/webroot/app/model/host.py b/server/www/teleport/webroot/app/model/host.py index bb6fc2d..08e851b 100644 --- a/server/www/teleport/webroot/app/model/host.py +++ b/server/www/teleport/webroot/app/model/host.py @@ -25,41 +25,58 @@ def get_host_info(host_id): def get_hosts(sql_filter, sql_order, sql_limit, sql_restrict, sql_exclude): + db = get_db() + _tp = db.table_prefix + _ph = db.place_holder s = SQL(get_db()) s.select_from('host', ['id', 'type', 'os_type', 'os_ver', 'name', 'ip', 'router_ip', 'router_port', 'state', 'acc_count', 'cid', 'desc'], alt_name='h') str_where = '' _where = list() + _sql_v = list() if len(sql_restrict) > 0: for k in sql_restrict: if k == 'group_id': - _where.append('h.id IN (SELECT mid FROM {}group_map WHERE type={} AND gid={})'.format(get_db().table_prefix, TP_GROUP_HOST, sql_restrict[k])) + _where.append('h.id IN (SELECT `mid` FROM `{tp}group_map` WHERE `type`={ph} AND gid={ph})'.format(tp=_tp, ph=_ph)) + _sql_v.append(TP_GROUP_HOST) + _sql_v.append(sql_restrict[k]) else: log.w('unknown restrict field: {}\n'.format(k)) if len(sql_exclude) > 0: for k in sql_exclude: if k == 'group_id': - _where.append('h.id NOT IN (SELECT mid FROM {}group_map WHERE type={} AND gid={})'.format(get_db().table_prefix, TP_GROUP_HOST, sql_exclude[k])) + _where.append('h.id NOT IN (SELECT `mid` FROM `{tp}group_map` WHERE `gid`={ph} AND `type`={ph})'.format(tp=_tp, ph=_ph)) + _sql_v.append(sql_exclude[k]) + _sql_v.append(TP_GROUP_HOST) elif k == 'ops_policy_id': - _where.append('h.id NOT IN (SELECT rid FROM {dbtp}ops_auz WHERE policy_id={pid} AND rtype={rtype})'.format(dbtp=get_db().table_prefix, pid=sql_exclude[k], rtype=TP_HOST)) + _where.append('h.id NOT IN (SELECT `rid` FROM `{tp}ops_auz` WHERE `policy_id`={ph} AND `rtype`={ph})'.format(tp=_tp, ph=_ph)) + _sql_v.append(sql_exclude[k]) + _sql_v.append(TP_HOST) elif k == 'auditee_policy_id': - _where.append('h.id NOT IN (SELECT rid FROM {dbtp}audit_auz WHERE policy_id={pid} AND `type`={ptype} AND rtype={rtype})'.format(dbtp=get_db().table_prefix, pid=sql_exclude[k], ptype=TP_POLICY_ASSET, rtype=TP_HOST)) + _where.append('h.id NOT IN (SELECT `rid` FROM `{tp}audit_auz` WHERE `policy_id`={ph} AND `type`={ph} AND `rtype`={ph})'.format(tp=_tp, ph=_ph)) + _sql_v.append(sql_exclude[k]) + _sql_v.append(TP_POLICY_ASSET) + _sql_v.append(TP_HOST) else: log.w('unknown exclude field: {}\n'.format(k)) if len(sql_filter) > 0: for k in sql_filter: if k == 'state': - _where.append('h.state={}'.format(sql_filter[k])) + _where.append('h.state={ph}'.format(ph=_ph)) + _sql_v.append(sql_filter[k]) elif k == 'search': - _where.append('(h.name LIKE "%{filter}%" OR h.ip LIKE "%{filter}%" OR h.router_ip LIKE "%{filter}%" OR h.desc LIKE "%{filter}%" OR h.cid LIKE "%{filter}%")'.format(filter=sql_filter[k])) + # _where.append('(h.name LIKE "%{filter}%" OR h.ip LIKE "%{filter}%" OR h.router_ip LIKE "%{filter}%" OR h.desc LIKE "%{filter}%" OR h.cid LIKE "%{filter}%")'.format(filter=sql_filter[k])) + _where.append('(h.name LIKE {ph} OR h.ip LIKE {ph} OR h.router_ip LIKE {ph} OR h.desc LIKE {ph} OR h.cid LIKE {ph})'.format(ph=_ph)) + _f = '%{filter}%'.format(filter=sql_filter[k]) + _sql_v.extend([_f, ] * 5) elif k == 'host_group': - shg = SQL(get_db()) + shg = SQL(db) shg.select_from('group_map', ['mid'], alt_name='g') - shg.where('g.type={} AND g.gid={}'.format(TP_GROUP_HOST, sql_filter[k])) - err = shg.query() + shg.where('g.type={ph} AND g.gid={ph}'.format(ph=_ph)) + err = shg.query((TP_GROUP_HOST, sql_filter[k])) if err != TPE_OK: return err, 0, 1, [] if len(shg.recorder) == 0: @@ -91,7 +108,7 @@ def get_hosts(sql_filter, sql_order, sql_limit, sql_restrict, sql_exclude): if len(sql_limit) > 0: s.limit(sql_limit['page_index'], sql_limit['per_page']) - err = s.query() + err = s.query(_sql_v) return err, s.total_count, s.page_index, s.recorder @@ -100,24 +117,27 @@ def add_host(handler, args): 添加一个远程主机 """ db = get_db() + _tp = db.table_prefix + _ph = db.place_holder _time_now = tp_timestamp_sec() # 1. 判断此主机是否已经存在了 if len(args['router_ip']) > 0: - sql = 'SELECT id FROM {}host WHERE ip="{}" OR (router_ip="{}" AND router_port={});'.format(db.table_prefix, args['ip'], args['router_ip'], args['router_port']) + sql_s = 'SELECT `id` FROM `{tp}host` WHERE `ip`={ph} OR (`router_ip`={ph} AND `router_port`={ph});'.format(tp=_tp, ph=_ph) + sql_v = (args['ip'], args['router_ip'], args['router_port']) else: - sql = 'SELECT id FROM {}host WHERE ip="{}";'.format(db.table_prefix, args['ip']) - db_ret = db.query(sql) + sql_s = 'SELECT `id` FROM `{tp}host` WHERE `ip`={ph};'.format(tp=_tp, ph=_ph) + sql_v = (args['ip'], ) + db_ret = db.query(sql_s, sql_v) if db_ret is not None and len(db_ret) > 0: return TPE_EXISTS, 0 - sql = 'INSERT INTO `{}host` (`type`, `os_type`, `name`, `ip`, `router_ip`, `router_port`, `state`, `creator_id`, `create_time`, `cid`, `desc`) VALUES ' \ - '(1, {os_type}, "{name}", "{ip}", "{router_ip}", {router_port}, {state}, {creator_id}, {create_time}, "{cid}", "{desc}");' \ - ''.format(db.table_prefix, - os_type=args['os_type'], name=args['name'], ip=args['ip'], router_ip=args['router_ip'], router_port=args['router_port'], - state=TP_STATE_NORMAL, creator_id=handler.get_current_user()['id'], create_time=_time_now, - cid=args['cid'], desc=args['desc']) - db_ret = db.exec(sql) + sql_s = 'INSERT INTO `{tp}host` (`type`,`os_type`,`name`,`ip`,`router_ip`,`router_port`,`state`,`creator_id`,`create_time`,`cid`,`desc`) VALUES ' \ + '({ph},{ph},{ph},{ph},{ph},{ph},{ph},{ph},{ph},{ph},{ph});' \ + ''.format(tp=_tp, ph=_ph) + sql_v = (1, args['os_type'], args['name'], args['ip'], args['router_ip'], args['router_port'], + TP_STATE_NORMAL, handler.get_current_user()['id'], _time_now, args['cid'], args['desc']) + db_ret = db.exec(sql_s, sql_v) if not db_ret: return TPE_DATABASE, 0 diff --git a/server/www/teleport/webroot/app/model/syslog.py b/server/www/teleport/webroot/app/model/syslog.py index 77ab6b4..9bdab86 100644 --- a/server/www/teleport/webroot/app/model/syslog.py +++ b/server/www/teleport/webroot/app/model/syslog.py @@ -9,14 +9,12 @@ from app.base.utils import tp_timestamp_sec def sys_log(operator, client_ip, code, message=""): try: db = get_db() - sql = 'INSERT INTO `{}syslog` (user_name,user_surname,client_ip,code,log_time,message) ' \ - 'VALUES ("{user_name}","{user_surname}","{client_ip}",{code},{log_time},"{message}")' \ - ';'.format(db.table_prefix, - user_name=operator['username'], user_surname=operator['surname'], client_ip=client_ip, code=code, - log_time=tp_timestamp_sec(), message=message - ) + sql_s = 'INSERT INTO `{tp}syslog` (`user_name`,`user_surname`,`client_ip`,`code`,`log_time`,`message`) ' \ + 'VALUES ({ph},{ph},{ph},{ph},{ph},{ph})' \ + ';'.format(tp=db.table_prefix, ph=db.place_holder) + sql_v = (operator['username'], operator['surname'], client_ip, code, tp_timestamp_sec(), message) - ret = db.exec(sql) + ret = db.exec(sql_s, sql_v) if not ret: return TPE_DATABASE