Add proxy log api

17ade287 · ibuler · 75134743 · 17ade287 · 17ade287 · 17ade287
Commit 17ade287 authored Oct 18, 2016 by ibuler
7 changed files
--- a/apps/audits/api.py
+++ b/apps/audits/api.py
@@ -7,16 +7,42 @@ from rest_framework import generics
 import serializers

 from .models import ProxyLog
+from .hands import IsSuperUserOrTerminalUser, Terminal


 class ProxyLogListCreateApi(generics.ListCreateAPIView):
+    """User proxy to backend server need call this api.
+
+    params: {
+        "username": "",
+        "name": "",
+        "hostname": "",
+        "ip": "",
+        "terminal", "",
+        "login_type": "",
+        "system_user": "",
+        "was_failed": "",
+        "date_start": ""
+    }
+
+    some params we need generate:  {
+        "log_file", "", # No use now, may be think more about monitor and record
+    }
+    """
+
    queryset = ProxyLog.objects.all()
    serializer_class = serializers.ProxyLogSerializer
+    permission_classes = (IsSuperUserOrTerminalUser,)
+
+    def perform_create(self, serializer):
+        # Todo: May be save log_file
+        super(ProxyLogListCreateApi, self).perform_create(serializer)


 class ProxyLogDetailApi(generics.RetrieveUpdateDestroyAPIView):
    queryset = ProxyLog.objects.all()
    serializer_class = serializers.ProxyLogSerializer
+    permission_classes = (IsSuperUserOrTerminalUser,)


 class CommandLogCreateApi(generics.CreateAPIView):

--- a/apps/audits/hands.py
+++ b/apps/audits/hands.py
+# ~*~ coding: utf-8 ~*~
+#
+
+from users.backends import IsSuperUserOrTerminalUser
+from terminal.models import Terminal
--- a/apps/audits/models.py
+++ b/apps/audits/models.py
@@ -17,6 +17,7 @@ class LoginLog(models.Model):
    username = models.CharField(max_length=20, verbose_name=_('Username'))
    name = models.CharField(max_length=20, blank=True, verbose_name=_('Name'))
    login_type = models.CharField(choices=LOGIN_TYPE_CHOICE, max_length=2, verbose_name=_('Login type'))
+    terminal = models.CharField(max_length=32, verbose_name=_('Terminal'))
    login_ip = models.GenericIPAddressField(verbose_name=_('Login ip'))
    login_city = models.CharField(max_length=100, blank=True, null=True, verbose_name=_('Login city'))
    user_agent = models.CharField(max_length=100, blank=True, null=True, verbose_name=_('User agent'))
@@ -31,8 +32,8 @@ class LoginLog(models.Model):

 class ProxyLog(models.Model):
    LOGIN_TYPE_CHOICE = (
-        ('S', 'ssh'),
-        ('W', 'web'),
+        ('S', 'SSH Terminal'),
+        ('WT', 'Web Terminal'),
    )

    username = models.CharField(max_length=20,  verbose_name=_('Username'))
@@ -40,11 +41,13 @@ class ProxyLog(models.Model):
    hostname = models.CharField(max_length=128, blank=True, verbose_name=_('Hostname'))
    ip = models.GenericIPAddressField(max_length=32, verbose_name=_('IP'))
    system_user = models.CharField(max_length=20, verbose_name=_('System user'))
-    login_type = models.CharField(choices=LOGIN_TYPE_CHOICE, max_length=1, verbose_name=_('Login type'))
+    login_type = models.CharField(choices=LOGIN_TYPE_CHOICE, max_length=2, blank=True,
+                                  null=True, verbose_name=_('Login type'))
+    terminal = models.CharField(max_length=32, blank=True, null=True, verbose_name=_('Terminal'))
    log_file = models.CharField(max_length=1000, blank=True, null=True)
    was_failed = models.BooleanField(default=False, verbose_name=_('Did connect failed'))
    is_finished = models.BooleanField(default=False, verbose_name=_('Is finished'))
-    date_start = models.DateTimeField(auto_now_add=True, verbose_name=_('Date start'))
+    date_start = models.DateTimeField(verbose_name=_('Date start'))
    date_finished = models.DateTimeField(null=True, verbose_name=_('Date finished'))

    def __unicode__(self):

--- a/apps/common/utils.py
+++ b/apps/common/utils.py
@@ -15,7 +15,6 @@ from django.core import signing
 from django.utils import timezone

 SECRET_KEY = settings.SECRET_KEY
-SIGNER = TimestampSigner(SECRET_KEY)


 def reverse(view_name, urlconf=None, args=None, kwargs=None, current_app=None, external=False):
@@ -48,15 +47,17 @@ def decrypt(*args, **kwargs):
        return ''


-def sign(value):
-    return SIGNER.sign(value)
+def sign(value, secret_key=SECRET_KEY):
+    signer = TimestampSigner(secret_key)
+    return signer.sign(value)


-def unsign(value, max_age=3600):
+def unsign(value, max_age=3600, secret_key=SECRET_KEY):
+    signer = TimestampSigner(secret_key)
    try:
-        return SIGNER.unsign(value, max_age=max_age)
+        return signer.unsign(value, max_age=max_age)
    except (BadSignature, SignatureExpired):
-        return None
+        return ''


 def date_expired_default():

--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -33,7 +33,7 @@ except ImportError:
 # See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/

 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = CONFIG.SECRET_KEY or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
+SECRET_KEY = CONFIG.SECRET_KEY

 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = CONFIG.DEBUG or False

--- a/apps/terminal/api.py
+++ b/apps/terminal/api.py
@@ -27,7 +27,7 @@ class TerminalApi(ListCreateAPIView):
                else:
                    return Response(data={'data': {'name': name, 'ip': terminal.ip},
                                          'msg': 'Need admin accept or active it'},
-                                    status=204)
+                                    status=203)

            else:
                ip = request.META.get('X-Real-IP') or request.META.get('REMOTE_ADDR')

--- a/apps/terminal/models.py
+++ b/apps/terminal/models.py
@@ -34,10 +34,6 @@ class Terminal(models.Model):
    def is_terminal(self):
        return True

-    @property
-    def is_authenticated(self):
-        return False
-
    class Meta:
        db_table = 'terminal'
        ordering = ['name']