Skip to content

J
jumpserver
Switch branch/tag
Find file
BlameHistoryPermalink
  • 老广's avatar
    Bugfix (#2831) · 58875d9a
    老广 authored 
    * [Update] 修改小问题

* [Update] 添加重传guacamole的脚本

* [Update] 添加debug

* [Update] 优化可连接性

* [Update] 修改connectivity

* [Update] 更改查看认证需要的MFA时间间隔

* [Update] 修改表结构

* [Update] 修改users public_key等字段

* [Update] 修改用户表结构

* [Update] 修改assets users api

* [Update] 修改org mixin

* [Update] 解决连接windows资产出现幽灵会话的问题

* [Update] 优化树结构

* [Update] 修改Permission

* Stash

* [Update] 修改serializer

* [Update] 修改用户有权限的资产

* [Update] 修改upgrouped_node key的获取(解决操作日志中出现coco/gua的问题)

* [Update] 修改一些bug

* [Update] Debug cache

* [Bugfix] 修复用户页面不走cache的bug

* ipython

* [Update] 修改action

* [Bugfix] 修改校验系统用户资产动作权限的API逻辑

* [Update] 去掉原来批量的view

* [Bugfix] 会话/命令列表中获取用户列表排除app用户

* [Update] 修改用户授权资产API返回的queryset

* [Update] 修正migrations

* [Bugfix] 解决进入授权详情页的资产管理页面bug

* [Update] 修改Minxs

* [Update] 修改migrations

* [Update] 资产授权Model模块添加导入

* [Update] 优化命令记录列表

* [Update] 修改command列表

* [Update] 解决用户授权资产/节点为空时,前端构建资产授权树的bug (#2874)

* [Update] 解决用户授权资产/节点为空时,前端构建资产授权树的bug

* [Update] 如果用户授权节点为空,返回时添加空节点

* [Update] 修改command导出和搜索

* [Update] 修改session

* [Update] 修改Permission响应层缓存key

* [Update] 准备优化 asset user

* [Update] 修改去掉一些print

* [Bugfix] 修复initDataTable表格搜索栏位置错乱的问题,显示不友好问题 (#2880)

* [Bugfix] 修复创建用户的View,使用密码创建用户时没有校验密码规则 (#2877)

* [Bugfix] 修复创建用户的View,使用密码创建用户时没有校验密码规则

* [Bugfix]修复小问题

* [Update] 优化创建用户和更新用户密码的校验

* [Update] 优化用户表单校验password逻辑

* [Update] 小问题

* [Update] 修改command搜索

* [Update] 修改user group serialzier

* [Update] 优化资产

* [Update] 优化节点

* [Update] 优化用户组列表用户显示问题 (#2882)

* [Update] 解决select_for_update的错误

* [update] 修改Node无法被删除的bug

* [Update] 添加翻译

* [update] 修改资产导出的permssions

* [Bugfix] 修复删除节点bug (#2883)

* [update] 修改一些性能问题
    Unverified
    58875d9a
session.py 4.74 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 
# -*- coding: utf-8 -*-
#
import os

from django.shortcuts import get_object_or_404
from django.core.files.storage import default_storage
from django.http import HttpResponseNotFound
from django.conf import settings
from rest_framework.pagination import LimitOffsetPagination
from rest_framework import viewsets
from rest_framework.response import Response
from rest_framework.generics import GenericAPIView
import jms_storage

from common.utils import is_uuid, get_logger
from common.permissions import IsOrgAdminOrAppUser, IsAuditor
from common.filters import DatetimeRangeFilter
from orgs.mixins import OrgBulkModelViewSet
from ..hands import SystemUser
from ..models import Session
from .. import serializers


__all__ = ['SessionViewSet', 'SessionReplayViewSet',]
logger = get_logger(__name__)


class SessionViewSet(OrgBulkModelViewSet):
    queryset = Session.objects.all()
    serializer_class = serializers.SessionSerializer
    pagination_class = LimitOffsetPagination
    permission_classes = (IsOrgAdminOrAppUser | IsAuditor, )
    filter_fields = [
        "user", "asset", "system_user", "remote_addr",
        "protocol", "terminal", "is_finished",
    ]
    date_range_filter_fields = [
        ('date_start', ('date_from', 'date_to'))
    ]

    def filter_queryset(self, queryset):
        queryset = super().filter_queryset(queryset)
        # 解决guacamole更新session时并发导致幽灵会话的问题
        if self.request.method in ('PATCH',):
            queryset = queryset.select_for_update()
        return queryset

    @property
    def filter_backends(self):
        backends = list(GenericAPIView.filter_backends)
        backends.append(DatetimeRangeFilter)
        return backends

    def perform_create(self, serializer):
        if hasattr(self.request.user, 'terminal'):
            serializer.validated_data["terminal"] = self.request.user.terminal
        sid = serializer.validated_data["system_user"]
        # guacamole提交的是id
        if is_uuid(sid):
            _system_user = get_object_or_404(SystemUser, id=sid)
            serializer.validated_data["system_user"] = _system_user.name
        return super().perform_create(serializer)


class SessionReplayViewSet(viewsets.ViewSet):
    serializer_class = serializers.ReplaySerializer
    permission_classes = (IsOrgAdminOrAppUser | IsAuditor,)
    session = None

    def create(self, request, *args, **kwargs):
        session_id = kwargs.get('pk')
        session = get_object_or_404(Session, id=session_id)
        serializer = self.serializer_class(data=request.data)

        if serializer.is_valid():
            file = serializer.validated_data['file']
            name, err = session.save_to_storage(file)
            if not name:
                msg = "Failed save replay `{}`: {}".format(session_id, err)
                logger.error(msg)
                return Response({'msg': str(err)}, status=400)
            url = default_storage.url(name)
            return Response({'url': url}, status=201)
        else:
            msg = 'Upload data invalid: {}'.format(serializer.errors)
            logger.error(msg)
            return Response({'msg': serializer.errors}, status=401)

    def retrieve(self, request, *args, **kwargs):
        session_id = kwargs.get('pk')
        session = get_object_or_404(Session, id=session_id)

        tp = 'json'
        if session.protocol in ('rdp', 'vnc'):
            tp = 'guacamole'

        data = {'type': tp, 'src': ''}

        # 新版本和老版本的文件后缀不同
        session_path = session.get_rel_replay_path()  # 存在外部存储上的路径
        local_path = session.get_local_path()
        local_path_v1 = session.get_local_path(version=1)

        # 去default storage中查找
        for _local_path in (local_path, local_path_v1, session_path):
            if default_storage.exists(_local_path):
                url = default_storage.url(_local_path)
                data['src'] = url
                return Response(data)

        # 去定义的外部storage查找
        configs = settings.TERMINAL_REPLAY_STORAGE
        configs = {k: v for k, v in configs.items() if v['TYPE'] != 'server'}
        if not configs:
            return HttpResponseNotFound()

        target_path = os.path.join(default_storage.base_location, local_path)   # 保存到storage的路径
        target_dir = os.path.dirname(target_path)
        if not os.path.isdir(target_dir):
            os.makedirs(target_dir, exist_ok=True)
        storage = jms_storage.get_multi_object_storage(configs)
        ok, err = storage.download(session_path, target_path)
        if not ok:
            logger.error("Failed download replay file: {}".format(err))
            return HttpResponseNotFound()
        data['src'] = default_storage.url(local_path)
        return Response(data)