Merge branch 'jlog' of https://git.coding.net/jumpserver/jumpserver into NormalUserPageLZ

# Conflicts: # jumpserver/views.py # juser/models.py # juser/views.py # templates/jperm/perm_apply.html

Merge branch 'jlog' of https://git.coding.net/jumpserver/jumpserver into NormalUserPageLZ
# Conflicts: # jumpserver/views.py # juser/models.py # juser/views.py # templates/jperm/perm_apply.html
d369d4b5 · liuzheng712 · 6897d063 · 01d6f751 · 6897d063 · d369d4b5
Commit d369d4b5 authored Nov 07, 2015 by liuzheng712
79 changed files
--- a/.DS_Store
+++ b/.DS_Store
--- a/.gitignore
+++ b/.gitignore
@@ -42,3 +42,5 @@ logs
 keys
 jumpserver.conf
 nohup.out
+tmp/*
+db.sqlite3
--- a/connect.py
+++ b/connect.py
--- a/jasset/models.py
+++ b/jasset/models.py
 import datetime
 from django.db import models
-from juser.models import User, UserGroup
+# from juser.models import User, UserGroup


 class AssetGroup(models.Model):
@@ -14,48 +14,48 @@ class AssetGroup(models.Model):
    def __unicode__(self):
        return self.name

-    def get_asset(self):
-        return self.asset_set.all()
-
-    def get_asset_info(self, printable=False):
-        assets = self.get_asset()
-        ip_comment = {}
-        for asset in assets:
-            ip_comment[asset.ip] = asset.comment
-
-        for ip in sorted(ip_comment):
-            if ip_comment[ip]:
-                print '%-15s -- %s' % (ip, ip_comment[ip])
-            else:
-                print '%-15s' % ip
-        print ''
-
-    def get_asset_num(self):
-        return len(self.get_asset())
-
-    def get_user_group(self):
-        perm_list = self.perm_set.all()
-        user_group_list = []
-        for perm in perm_list:
-            user_group_list.append(perm.user_group)
-        return user_group_list
-
-    def get_user(self):
-        user_list = []
-        user_group_list = self.get_user_group()
-        for user_group in user_group_list:
-            user_list.extend(user_group.user_set.all())
-        return user_list
-
-    def is_permed(self, user=None, user_group=None):
-        if user:
-            if user in self.get_user():
-                return True
-
-        if user_group:
-            if user_group in self.get_user_group():
-                return True
-        return False
+    # def get_asset(self):
+    #     return self.asset_set.all()
+    #
+    # def get_asset_info(self, printable=False):
+    #     assets = self.get_asset()
+    #     ip_comment = {}
+    #     for asset in assets:
+    #         ip_comment[asset.ip] = asset.comment
+    #
+    #     for ip in sorted(ip_comment):
+    #         if ip_comment[ip]:
+    #             print '%-15s -- %s' % (ip, ip_comment[ip])
+    #         else:
+    #             print '%-15s' % ip
+    #     print ''
+    #
+    # def get_asset_num(self):
+    #     return len(self.get_asset())
+    #
+    # def get_user_group(self):
+    #     perm_list = self.perm_set.all()
+    #     user_group_list = []
+    #     for perm in perm_list:
+    #         user_group_list.append(perm.user_group)
+    #     return user_group_list
+    #
+    # def get_user(self):
+    #     user_list = []
+    #     user_group_list = self.get_user_group()
+    #     for user_group in user_group_list:
+    #         user_list.extend(user_group.user_set.all())
+    #     return user_list
+    #
+    # def is_permed(self, user=None, user_group=None):
+    #     if user:
+    #         if user in self.get_user():
+    #             return True
+    #
+    #     if user_group:
+    #         if user_group in self.get_user_group():
+    #             return True
+    #     return False


 class Asset(models.Model):
@@ -72,27 +72,28 @@ class Asset(models.Model):
    def __unicode__(self):
        return self.ip

-    def get_user(self):
-        perm_list = []
-        asset_group_all = self.bis_group.all()
-        for asset_group in asset_group_all:
-            perm_list.extend(asset_group.perm_set.all())
-
-        user_group_list = []
-        for perm in perm_list:
-            user_group_list.append(perm.user_group)
-
-        user_permed_list = []
-        for user_group in user_group_list:
-            user_permed_list.extend(user_group.user_set.all())
-        user_permed_list = list(set(user_permed_list))
-        return user_permed_list
+    # def get_user(self):
+    #     perm_list = []
+    #     asset_group_all = self.bis_group.all()
+    #     for asset_group in asset_group_all:
+    #         perm_list.extend(asset_group.perm_set.all())
+    #
+    #     user_group_list = []
+    #     for perm in perm_list:
+    #         user_group_list.append(perm.user_group)
+    #
+    #     user_permed_list = []
+    #     for user_group in user_group_list:
+    #         user_permed_list.extend(user_group.user_set.all())
+    #     user_permed_list = list(set(user_permed_list))
+    #     return user_permed_list


 class AssetAlias(models.Model):
-    user = models.ForeignKey(User)
-    asset = models.ForeignKey(Asset)
-    alias = models.CharField(max_length=100, blank=True, null=True)
-
-    def __unicode__(self):
-        return self.alias
+    pass
+#     user = models.ForeignKey(User)
+#     asset = models.ForeignKey(Asset)
+#     alias = models.CharField(max_length=100, blank=True, null=True)
+#
+#     def __unicode__(self):
+#         return self.alias
--- a/jasset/views.py
+++ b/jasset/views.py
--- a/jlog/log_api.py
+++ b/jlog/log_api.py
+# coding: utf-8
+
+
+from argparse import ArgumentParser, FileType
+from contextlib import closing
+from codecs import open as copen
+from json import dumps
+from math import ceil
+from os.path import basename, dirname, exists, join
+from struct import unpack
+from subprocess import Popen
+from sys import platform, prefix, stderr
+from tempfile import NamedTemporaryFile
+
+from jinja2 import FileSystemLoader, Template
+from jinja2.environment import Environment
+
+from jumpserver.api import BASE_DIR
+
+
+DEFAULT_TEMPLATE = join(BASE_DIR, 'templates', 'jlog', 'static.jinja2')
+
+
+def escapeString(string):
+    string = string.encode('unicode_escape').decode('utf-8')
+    string = string.replace("'", "\\'")
+    string = '\'' + string + '\''
+    return string
+
+
+def getTiming(timef):
+    timing = None
+    with closing(timef):
+        timing = [l.strip().split(' ') for l in timef]
+        timing = [(int(ceil(float(r[0]) * 1000)), int(r[1])) for r in timing]
+    return timing
+
+
+def scriptToJSON(scriptf, timing=None):
+    ret = []
+
+    with closing(scriptf):
+        scriptf.readline()  # ignore first header line from script file
+        offset = 0
+        for t in timing:
+            data = escapeString(scriptf.read(t[1]))
+            offset += t[0]
+            ret.append((data, offset))
+    return dumps(ret)
+
+
+def renderTemplate(script_path, time_file_path, dimensions=(24, 80), templatename=DEFAULT_TEMPLATE):
+    with copen(script_path, encoding='utf-8', errors='replace') as scriptf:
+        with open(time_file_path) as timef:
+            timing = getTiming(timef)
+            json = scriptToJSON(scriptf, timing)
+
+    fsl = FileSystemLoader(dirname(templatename), 'utf-8')
+    e = Environment()
+    e.loader = fsl
+
+    templatename = basename(templatename)
+    rendered = e.get_template(templatename).render(json=json,
+                                                   dimensions=dimensions)
+
+    return rendered
+
+
--- a/jlog/models.py
+++ b/jlog/models.py
@@ -5,12 +5,10 @@ class Log(models.Model):
    user = models.CharField(max_length=20, null=True)
    host = models.CharField(max_length=20, null=True)
    remote_ip = models.CharField(max_length=100)
-    dept_name = models.CharField(max_length=20)
    log_path = models.CharField(max_length=100)
    start_time = models.DateTimeField(null=True)
    pid = models.IntegerField()
    is_finished = models.BooleanField(default=False)
-    handle_finished = models.BooleanField(default=False)
    end_time = models.DateTimeField(null=True)

    def __unicode__(self):
@@ -21,3 +19,10 @@ class Alert(models.Model):
    msg = models.CharField(max_length=20)
    time = models.DateTimeField(null=True)
    is_finished = models.BigIntegerField(default=False)
+
+
+class TtyLog(models.Model):
+    log = models.ForeignKey(Log)
+    datetime = models.DateTimeField()
+    cmd = models.CharField(max_length=200)
+
--- a/jlog/urls.py
+++ b/jlog/urls.py
@@ -5,7 +5,8 @@ from jlog.views import *
 urlpatterns = patterns('',
                       url(r'^$', log_list),
                       url(r'^log_list/(\w+)/$', log_list),
-    url(r'^log_kill/', log_kill),
                       url(r'^history/$', log_history),
-    url(r'^search/$', log_search),
-)
\ No newline at end of file
+                       url(r'^log_kill/', log_kill),
+                       url(r'^record/$', log_record),
+                       url(r'^web_terminal/$', web_terminal),
+                      )
\ No newline at end of file
--- a/jlog/views.py
+++ b/jlog/views.py
@@ -4,75 +4,61 @@ from django.template import RequestContext
 from django.shortcuts import render_to_response

 from jumpserver.api import *
-from jasset.views import httperror
 from django.http import HttpResponseNotFound
+from jlog.log_api import renderTemplate
+
 from models import Log
 from jumpserver.settings import web_socket_host

-def get_user_info(request, offset):
-    """ 获取用户信息及环境 """
-    env_dic = {'online': 0, 'offline': 1}
-    env = env_dic[offset]
-    keyword = request.GET.get('keyword', '')
-    user_info = get_session_user_info(request)
-    user_id, username = user_info[0:2]
-    dept_id, dept_name = user_info[3:5]
-    ret = [request, keyword, env, username, dept_name]
-
-    return ret
-
-
-def get_user_log(ret_list):
-    """ 获取不同类型用户日志记录 """
-    request, keyword, env, username, dept_name = ret_list
-    post_all = Log.objects.filter(is_finished=env).order_by('-start_time')
-    post_keyword_all = Log.objects.filter(Q(user__contains=keyword) |
-                                          Q(host__contains=keyword)) \
-        .filter(is_finished=env).order_by('-start_time')
-
-    if is_super_user(request):
-        if keyword:
-            posts = post_keyword_all
-        else:
-            posts = post_all

-    elif is_group_admin(request):
-        if keyword:
-            posts = post_keyword_all.filter(dept_name=dept_name)
+@require_role('admin')
+def log_list(request, offset):
+    """ 显示日志 """
+    header_title, path1 = u'审计', u'操作审计'
+    date_seven_day = request.GET.get('start', '')
+    date_now_str = request.GET.get('end', '')
+    username_list = request.GET.getlist('username', [])
+    host_list = request.GET.getlist('host', [])
+    cmd = request.GET.get('cmd', '')
+    print date_seven_day, date_now_str
+    if offset == 'online':
+        posts = Log.objects.filter(is_finished=False).order_by('-start_time')
    else:
-            posts = post_all.filter(dept_name=dept_name)
-
-    elif is_common_user(request):
-        if keyword:
-            posts = post_keyword_all.filter(user=username)
+        posts = Log.objects.filter(is_finished=True).order_by('-start_time')
+        username_all = set([log.user for log in Log.objects.all()])
+        ip_all = set([log.host for log in Log.objects.all()])
+
+        if date_seven_day and date_now_str:
+            datetime_start = datetime.datetime.strptime(date_seven_day + ' 00:00:01', '%m/%d/%Y %H:%M:%S')
+            datetime_end = datetime.datetime.strptime(date_now_str + ' 23:59:59', '%m/%d/%Y %H:%M:%S')
+            posts = posts.filter(start_time__gte=datetime_start).filter(start_time__lte=datetime_end)
+
+        if username_list:
+            posts = posts.filter(user__in=username_list)
+
+        if host_list:
+            posts = posts.filter(host__in=host_list)
+        if cmd:
+            log_id_list = set([log.log_id for log in TtyLog.objects.filter(cmd__contains=cmd)])
+            posts = posts.filter(id__in=log_id_list)
        else:
-            posts = post_all.filter(user=username)
+            date_now = datetime.datetime.now()
+            date_now_str = date_now.strftime('%m/%d/%Y')
+            date_seven_day = (date_now + datetime.timedelta(days=-7)).strftime('%m/%d/%Y')

-    return posts
-
-
-@require_login
-def log_list(request, offset):
-    """ 显示日志 """
-    header_title, path1, path2 = u'查看日志', u'查看日志', u'在线用户'
-    keyword = request.GET.get('keyword', '')
-    posts = get_user_log(get_user_info(request, offset))
    contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)

+    web_monitor_uri = '%s/monitor' % web_socket_host
    return render_to_response('jlog/log_%s.html' % offset, locals(), context_instance=RequestContext(request))


-@require_admin
+@require_role('admin')
 def log_kill(request):
    """ 杀掉connect进程 """
    pid = request.GET.get('id', '')
    log = Log.objects.filter(pid=pid)
    if log:
        log = log[0]
-        dept_name = log.dept_name
-        deptname = get_session_user_info(request)[4]
-        if is_group_admin(request) and dept_name != deptname:
-            return httperror(request, u'Kill失败, 您无权操作!')
        try:
            os.kill(int(pid), 9)
        except OSError:
@@ -83,35 +69,40 @@ def log_kill(request):
        return HttpResponseNotFound(u'没有此进程!')


-@require_login
+@require_role('admin')
 def log_history(request):
    """ 命令历史记录 """
+    log_id = request.GET.get('id', 0)
+    log = Log.objects.filter(id=log_id)
+    if log:
+        log = log[0]
+        tty_logs = log.ttylog_set.all()
+
+        if tty_logs:
+            content = ''
+            for tty_log in tty_logs:
+                content += '%s: %s\n' % (tty_log.datetime.strftime('%Y-%m-%d %H:%M:%S'), tty_log.cmd)
+            return HttpResponse(content)
+
+    return HttpResponse('无日志记录, 请查看日志处理脚本是否开启!')
+
+
+@require_role('admin')
+def log_record(request):
    log_id = request.GET.get('id', 0)
    log = Log.objects.filter(id=int(log_id))
    if log:
        log = log[0]
-        dept_name = log.dept_name
-        deptname = get_session_user_info(request)[4]
-        if is_group_admin(request) and dept_name != deptname:
-            return httperror(request, '查看失败, 您无权查看!')
-
-        elif is_common_user(request):
-            return httperror(request, '查看失败, 您无权查看!')
-
-        log_his = "%s.his" % log.log_path
-        if os.path.isfile(log_his):
-            f = open(log_his)
-            content = f.read()
+        log_file = log.log_path + '.log'
+        log_time = log.log_path + '.time'
+        if os.path.isfile(log_file) and os.path.isfile(log_time):
+            content = renderTemplate(log_file, log_time)
            return HttpResponse(content)
        else:
-            return httperror(request, '无日志记录, 请查看日志处理脚本是否开启!')
+            return HttpResponse('无日志记录, 请查看日志处理脚本是否开启!')


-@require_login
-def log_search(request):
-    """ 日志搜索 """
-    offset = request.GET.get('env', '')
-    keyword = request.GET.get('keyword', '')
-    posts = get_user_log(get_user_info(request, offset))
-    contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
-    return render_to_response('jlog/log_search.html', locals(), context_instance=RequestContext(request))
+def web_terminal(request):
+    web_terminal_uri = '%s/terminal' % web_socket_host
+    return render_to_response('jlog/web_terminal.html', locals())
+
--- a/jperm/models.py
+++ b/jperm/models.py
@@ -5,56 +5,17 @@ from juser.models import User, UserGroup
 from jasset.models import Asset, AssetGroup


-class UserPerm(models.Model):
-    user = models.ForeignKey(User)
-    asset = models.ForeignKey(Asset, null=True)
-    asset_group = models.ForeignKey(AssetGroup, null=True)
+class PermLog(models.Model):
+    datetime = models.DateTimeField(auto_now_add=True)
+    action = models.CharField(max_length=100, null=True, blank=True, default='')
+    results = models.CharField(max_length=1000, null=True, blank=True, default='')
+    is_success = models.BooleanField(default=False)
+    is_finish = models.BooleanField(default=False)

-    def __unicode__(self):
-        return self.user.name

+class SysUser(models.Model):
+    username = models.CharField(max_length=100)
+    password = models.CharField(max_length=100)
+    comment = models.CharField(max_length=100, null=True, blank=True, default='')

-class GroupPerm(models.Model):
-    user_group = models.ForeignKey(UserGroup)
-    asset = models.ForeignKey(Asset, null=True)
-    asset_group = models.ForeignKey(AssetGroup, null=True)

-    def __unicode__(self):
-        return self.user.name
-
-
-# class CmdGroup(models.Model):
-#     name = models.CharField(max_length=50, unique=True)
-#     cmd = models.CharField(max_length=999)
-#     comment = models.CharField(blank=True, null=True, max_length=50)
-#
-#     def __unicode__(self):
-#         return self.name
-#
-#
-# class SudoPerm(models.Model):
-#     user_group = models.ForeignKey(UserGroup)
-#     user_runas = models.CharField(max_length=100)
-#     asset_group = models.ManyToManyField(AssetGroup)
-#     cmd_group = models.ManyToManyField(CmdGroup)
-#     comment = models.CharField(max_length=30, null=True, blank=True)
-#
-#     def __unicode__(self):
-#         return self.user_group.name
-#
-#
-# class Apply(models.Model):
-#     uuid = UUIDField(auto=True)
-#     applyer = models.CharField(max_length=20)
-#     admin = models.CharField(max_length=20)
-#     approver = models.CharField(max_length=20)
-#     bisgroup = models.CharField(max_length=500)
-#     asset = models.CharField(max_length=500)
-#     comment = models.TextField(blank=True, null=True)
-#     status = models.IntegerField(max_length=2)
-#     date_add = models.DateTimeField(null=True)
-#     date_end = models.DateTimeField(null=True)
-#     read = models.IntegerField(max_length=2)
-#
-#     def __unicode__(self):
-#         return self.applyer
--- a/jperm/perm_api.py
+++ b/jperm/perm_api.py
+# coding: utf-8
+
+from jasset.models import *
+from jumpserver.api import *
+import uuid
+import re
+from jumpserver.tasks import playbook_run
+
+from jumpserver.models import Setting
+from jperm.models import PermLog
+
+
+def get_object_list(model, id_list):
+    """根据id列表获取对象列表"""
+    object_list = []
+    for object_id in id_list:
+        if object_id:
+            object_list.extend(model.objects.filter(id=int(object_id)))
+
+    return object_list
+
+
+def get_rand_file_path(base_dir=os.path.join(BASE_DIR, 'tmp')):
+    """获取随机文件路径"""
+    filename = uuid.uuid1().hex
+    return os.path.join(base_dir, filename)
+
+
+def get_inventory(host_group):
+    """生成资产表库存清单"""
+    path = get_rand_file_path()
+    f = open(path, 'w')
+    for group, host_list in host_group.items():
+        f.write('[%s]\n' % group)
+        for ip in host_list:
+            asset = get_object(Asset, ip=ip)
+            if asset.use_default:
+                f.write('%s\n' % ip)
+            else:
+                f.write('%s ansible_ssh_port=%s ansible_ssh_user=%s ansible_ssh_pass=%s\n' %
+                        (ip, asset.port, asset.username, CRYPTOR.decrypt(asset.password)))
+    f.close()
+    return path
+
+
+def get_playbook(template, var):
+    """根据playbook模板，生成playbook"""
+    str_playbook = open(template).read()
+    for k, v in var.items():
+        str_playbook = re.sub(r'%s' % k, v, str_playbook)  # 正则来替换传入的字符
+    path = get_rand_file_path()
+    f = open(path, 'w')
+    f.write(str_playbook)
+    return path
+
+
+def perm_user_api(perm_info):
+    """
+    用户授权api，通过调用ansible API完成用户新建等,传入参数必须如下,列表中可以是对象，也可以是用户名和ip
+    perm_info = {'del': {'users': [],
+                         'assets': [],
+                        },
+                 'new': {'users': [],
+                         'assets': []}}
+    """
+    log = PermLog(action=perm_info.get('action', ''))
+    try:
+        new_users = perm_info.get('new', {}).get('users', [])
+        new_assets = perm_info.get('new', {}).get('assets', [])
+        del_users = perm_info.get('del', {}).get('users', [])
+        del_assets = perm_info.get('del', {}).get('assets', [])
+        print new_users, new_assets
+    except IndexError:
+        raise ServerError("Error: function perm_user_api传入参数错误")
+
+    try:
+        new_ip = [asset.ip for asset in new_assets if isinstance(asset, Asset)]
+        del_ip = [asset.ip for asset in del_assets if isinstance(asset, Asset)]
+        new_username = [user.username for user in new_users]
+        del_username = [user.username for user in del_users]
+    except IndexError:
+        raise ServerError("Error: function perm_user_api传入参数类型错误")
+
+    host_group = {'new': new_ip, 'del': del_ip}
+    inventory = get_inventory(host_group)
+
+    the_new_users = ','.join(new_username)
+    the_del_users = ','.join(del_username)
+
+    playbook = get_playbook(os.path.join(BASE_DIR, 'playbook', 'user_perm.yaml'),
+                            {'the_new_group': 'new', 'the_del_group': 'del',
+                             'the_new_users': the_new_users, 'the_del_users': the_del_users,
+                             'KEY_DIR': os.path.join(SSH_KEY_DIR, 'sysuser')})
+
+    print playbook, inventory
+
+    settings = get_object(Setting, name='default')
+    results = playbook_run(inventory, playbook, settings)
+    if not results.get('failures', 1) and not results.get('unreachable', ''):
+        is_success = True
+    else:
+        is_success = False
+
+    log.results = results
+    log.is_finish = True
+    log.is_success = is_success
+    log.save()
+    return results
+
+
+def user_group_permed(user_group):
+    assets = user_group.asset.all()
+    asset_groups = user_group.asset_group.all()
+
+    for asset_group in asset_groups:
+        assets.extend(asset_group.asset.all())
+
+    return {'assets': assets, 'asset_groups': asset_groups}
+
+
+def user_permed(user):
+    asset_groups = []
+    assets = []
+    user_groups = user.group.all()
+    asset_groups.extend(user.asset_group.all())
+    assets.extend(user.asset.all())
+
+    for user_group in user_groups:
+        asset_groups.extend(user_group_permed(user_group).get('assets', []))
+        assets.extend((user_group_permed(user_group).get('asset_groups', [])))
+
+    return {'assets': assets, 'asset_groups': asset_groups}
+
+
+def _public_perm_api(info):
+    """
+    公用的用户，用户组，主机，主机组编辑修改新建调用的api，用来完成授权
+    info like that:
+    {
+      'type': 'new_user',
+      'user': 'a',
+      'group': ['A', 'B']
+    }
+
+    {
+      'type': 'edit_user',
+      'user': 'a',
+      'group': {'new': ['A'], 'del': []}
+    }
+
+    {
+      'type': 'del_user',
+      'user': ['a', 'b']
+    }
+
+    {
+      'type': 'edit_user_group',
+      'group': 'A',
+      'user': {'del': ['a', 'b'], 'new': ['c', 'd']}
+    }
+
+    {
+      'type': 'del_user_group',
+      'group': ['A']
+    }
+
+    {
+      'type': 'new_asset',
+      'asset': 'a',
+      'group': ['A', 'B']
+    }
+
+    {
+      'type': 'edit_asset',
+      'asset': 'a',
+      'group': {
+          'del': ['A', ['B'],
+          'new': ['C', ['D']]
+      }
+    }
+
+    {
+      'type': 'del_asset',
+      'asset': ['a', 'b']
+    }
+
+    {
+      'type': 'edit_asset_group',
+      'group': 'A',
+      'asset': {'new': ['a', 'b'], 'del': ['c', 'd']}
+    }
+
+    {
+      'type': 'del_asset_group',
+      'group': ['A', 'B']
+    }
+    """
+
+    if info.get('type') == 'new_user':
+        new_assets = []
+        user = info.get('user')
+        user_groups = info.get('group')
+        for user_group in user_groups:
+            new_assets.extend(user_group_permed(user_group).get('assets', []))
+
+        perm_info = {
+            'action': 'new user: ' + user.name,
+            'new': {'users': [user], 'assets': new_assets}
+        }
+    elif info.get('type') == 'edit_user':
+        new_assets = []
+        del_assets = []
+        user = info.get('user')
+        new_group = info.get('group').get('new')
+        del_group = info.get('group').get('del')
+
+        for user_group in new_group:
+            new_assets.extend(user_group_permed(user_group).get('assets', []))
+
+        for user_group in del_group:
+            del_assets.extend((user_group_permed(user_group).get('assets', [])))
+
+        perm_info = {
+            'action': 'edit user: ' + user.name,
+            'del': {'users': [user], 'assets': del_assets},
+            'new': {'users': [user], 'assets': new_assets}
+        }
+
+    elif info.get('type') == 'del_user':
+        user = info.get('user')
+        del_assets = user_permed(user).get('assets', [])
+        perm_info = {
+            'action': 'del user: ' + user.name, 'del': {'users': [user], 'assets': del_assets},
+        }
+
+    elif info.get('type') == 'edit_user_group':
+        user_group = info.get('group')
+        new_users = info.get('user').get('new')
+        del_users = info.get('user').get('del')
+        assets = user_group_permed(user_group).get('assets', [])
+
+        perm_info = {
+            'action': 'edit user group: ' + user_group.name,
+            'new': {'users': new_users, 'assets': assets},
+            'del': {'users': del_users, 'assets': assets}
+        }
+
+    elif info.get('type') == 'del_user_group':
+        user_group = info.get('group', [])
+        del_users = user_group.user_set.all()
+        assets = user_group_permed(user_group).get('assets', [])
+
+        perm_info = {
+            'action': "del user group: " + user_group.name, 'del': {'users': del_users, 'assets': assets}
+        }
+    else:
+        return
+
+    try:
+        results = perm_user_api(perm_info)  # 通过API授权或回收
+    except ServerError, e:
+        return e
+    else:
+        return results
+
+
+def push_user(user, asset_groups_id):
+    assets = []
+    if not user:
+        return {'error': '没有该用户'}
+    for group_id in asset_groups_id:
+        asset_group = get_object(AssetGroup, id=group_id)
+        if asset_group:
+            assets.extend(asset_group.asset_set.all())
+    perm_info = {
+        'action': 'Push user:' + user.username,
+        'new': {'users': [user], 'assets': assets}
+    }
+
+    results = perm_user_api(perm_info)
+    return results
+
+
+
+
+
+
+
+
+
--- a/jperm/urls.py
+++ b/jperm/urls.py
@@ -2,30 +2,13 @@ from django.conf.urls import patterns, include, url
 from jperm.views import *

 urlpatterns = patterns('jperm.views',
-    # Examples:
-    (r'^user/$', user_perm),
-    # (r'^dept_perm_edit/$', 'dept_perm_edit'),
-    # (r'^perm_list/$', view_splitter, {'su': perm_list, 'adm': perm_list_adm}),
-    # (r'^dept_perm_list/$', 'dept_perm_list'),
-    # (r'^perm_user_detail/$', 'perm_user_detail'),
-    # (r'^perm_detail/$', 'perm_detail'),
-    # (r'^perm_del/$', 'perm_del'),
-    # (r'^perm_asset_detail/$', 'perm_asset_detail'),
-    # (r'^sudo_list/$', view_splitter, {'su': sudo_list, 'adm': sudo_list_adm}),
-    # (r'^sudo_del/$', 'sudo_del'),
-    # (r'^sudo_edit/$', view_splitter, {'su': sudo_edit, 'adm': sudo_edit_adm}),
-    # (r'^sudo_refresh/$', 'sudo_refresh'),
-    # (r'^sudo_detail/$', 'sudo_detail'),
-    # (r'^cmd_add/$', view_splitter, {'su': cmd_add, 'adm': cmd_add_adm}),
-    # (r'^cmd_list/$', 'cmd_list'),
-    # (r'^cmd_del/$', 'cmd_del'),
-    # (r'^cmd_edit/$', 'cmd_edit'),
-    # (r'^cmd_detail/$', 'cmd_detail'),
-    # (r'^apply/$', 'perm_apply'),
-    # (r'^apply_show/(\w+)/$', 'perm_apply_log'),
-    # (r'^apply_exec/$', 'perm_apply_exec'),
-    # (r'^apply_info/$', 'perm_apply_info'),
-    # (r'^apply_del/$', 'perm_apply_del'),
-    # (r'^apply_search/$', 'perm_apply_search'),
-
-)
+                       (r'^user/$', perm_user_list),
+                       (r'^perm_user_edit/$', perm_user_edit),
+                       (r'^group/$', perm_group_list),
+                       (r'^perm_group_edit/$', perm_group_edit),
+                       (r'^log/$', log),
+                       (r'^sys_user_add/$', sys_user_add),
+                       (r'^sys_user_list/$', sys_user_list),
+                       (r'^sys_user_del/$', sys_user_del),
+                       (r'^sys_user_edit/$', sys_user_edit),
+                       )
--- a/jperm/views.py
+++ b/jperm/views.py
--- a/jumpserver.conf
+++ b/jumpserver.conf
@@ -23,7 +23,7 @@ root_pw = secret234


 [websocket]
-web_socket_host = 192.168.40.140:3000
+web_socket_host = ws://192.168.244.129:3000


 [mail]

--- a/jumpserver/api.py
+++ b/jumpserver/api.py
--- a/jumpserver/models.py
+++ b/jumpserver/models.py
+# coding: utf-8
+
+from django.db import models
+
+
+class Setting(models.Model):
+    name = models.CharField(max_length=100)
+    default_user = models.CharField(max_length=100, null=True, blank=True)
+    default_port = models.IntegerField(max_length=10, null=True, blank=True)
+    default_pri_key_path = models.CharField(max_length=100, null=True, blank=True)
+
+    class Meta:
+        db_table = u'setting'
--- a/jumpserver/settings.py
+++ b/jumpserver/settings.py
@@ -44,9 +44,7 @@ URL = config.get('base', 'url')
 MAIL_ENABLE = config.get('mail', 'mail_enable')
 MAIL_FROM = config.get('mail', 'email_host_user')
 log_dir = os.path.join(BASE_DIR, 'logs')
-
 log_level = config.get('base', 'log')
-
 web_socket_host = config.get('websocket', 'web_socket_host')

 # Quick-start development settings - unsuitable for production
@@ -62,7 +60,6 @@ TEMPLATE_DEBUG = True

 ALLOWED_HOSTS = ['0.0.0.0/8']

-
 # Application definition

 INSTALLED_APPS = (
@@ -98,23 +95,23 @@ WSGI_APPLICATION = 'jumpserver.wsgi.application'
 # Database
 # https://docs.djangoproject.com/en/1.7/ref/settings/#databases

-# DATABASES = {
-#     'default': {
-#         'ENGINE': 'django.db.backends.mysql',
-#         'NAME': DB_DATABASE,
-#         'USER': DB_USER,
-#         'PASSWORD': DB_PASSWORD,
-#         'HOST': DB_HOST,
-#         'PORT': DB_PORT,
-#     }
-# }
-
 DATABASES = {
    'default': {
-        'ENGINE': 'django.db.backends.sqlite3',
-        'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
+        'ENGINE': 'django.db.backends.mysql',
+        'NAME': DB_DATABASE,
+        'USER': DB_USER,
+        'PASSWORD': DB_PASSWORD,
+        'HOST': DB_HOST,
+        'PORT': DB_PORT,
    }
 }
+
+# DATABASES = {
+#     'default': {
+#         'ENGINE': 'django.db.backends.sqlite3',
+#         'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
+#     }
+# }
 TEMPLATE_CONTEXT_PROCESSORS = (
    'django.contrib.auth.context_processors.auth',
    'django.core.context_processors.debug',

--- a/jumpserver/tasks.py
+++ b/jumpserver/tasks.py
+# coding: utf-8
+
+from ansible.playbook import PlayBook
+from ansible import callbacks, utils
+
+
+def playbook_run(inventory, playbook, default_user=None, default_port=None, default_pri_key_path=None):
+    stats = callbacks.AggregateStats()
+    playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY)
+    runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY)
+    # run the playbook
+    print default_user, default_port, default_pri_key_path, inventory, playbook
+    if default_user and default_port and default_pri_key_path:
+        playbook = PlayBook(host_list=inventory,
+                            playbook=playbook,
+                            forks=5,
+                            remote_user=default_user,
+                            remote_port=default_port,
+                            private_key_file=default_pri_key_path,
+                            callbacks=playbook_cb,
+                            runner_callbacks=runner_cb,
+                            stats=stats,
+                            become=True,
+                            become_user='root')
+    else:
+        playbook = PlayBook(host_list=inventory,
+                            playbook=playbook,
+                            forks=5,
+                            callbacks=playbook_cb,
+                            runner_callbacks=runner_cb,
+                            stats=stats,
+                            become=True,
+                            become_user='root')
+    results = playbook.run()
+    print results
+    results_r = {'unreachable': [], 'failures': [], 'success': []}
+    for hostname, result in results.items():
+        if result.get('unreachable', 2):
+            results_r['unreachable'].append(hostname)
+            print "%s >>> unreachable" % hostname
+        elif result.get('failures', 2):
+            results_r['failures'].append(hostname)
+            print "%s >>> Failed" % hostname
+        else:
+            results_r['success'].append(hostname)
+            print "%s >>> Success" % hostname
+    return results_r
\ No newline at end of file
--- a/jumpserver/templatetags/mytags.py
+++ b/jumpserver/templatetags/mytags.py
--- a/jumpserver/urls.py
+++ b/jumpserver/urls.py
@@ -12,10 +12,11 @@ urlpatterns = patterns('',
    (r'^logout/$', 'jumpserver.views.Logout'),
    (r'^file/upload/$', 'jumpserver.views.upload'),
    (r'^file/download/$', 'jumpserver.views.download'),
+    (r'^setting', 'jumpserver.views.setting'),
    (r'^error/$', 'jumpserver.views.httperror'),
    (r'^juser/', include('juser.urls')),
    (r'^jasset/', include('jasset.urls')),
-    # (r'^jlog/', include('jlog.urls')),
+    (r'^jlog/', include('jlog.urls')),
    (r'^jperm/', include('jperm.urls')),
    (r'^node_auth/', 'jumpserver.views.node_auth'),
    (r'download/(\d{4}/\d\d/\d\d/.*)', 'jumpserver.views.download_file')

--- a/jumpserver/views.py
+++ b/jumpserver/views.py
@@ -12,11 +12,13 @@ from django.http import HttpResponse
 # from jperm.models import Apply
 import paramiko
 from jumpserver.api import *
+from jumpserver.models import Setting
 from django.contrib.auth import authenticate, login, logout
 from django.contrib.auth.decorators import login_required
 from settings import BASE_DIR
 from jlog.models import Log

+
 def getDaysByNum(num):
    today = datetime.date.today()
    oneday = datetime.timedelta(days=1)
@@ -196,6 +198,7 @@ def is_latest():

 def Login(request):
    """登录界面"""
+    error = ''
    if request.user.is_authenticated():
        return HttpResponseRedirect('/')
    if request.method == 'GET':
@@ -240,6 +243,33 @@ def Logout(request):
    logout(request)
    return HttpResponseRedirect('/login/')

+
+def setting(request):
+    header_title, path1 = '项目设置', '设置'
+    setting_r = get_object(Setting, name='default')
+
+    if request.method == "POST":
+        username = request.POST.get('username', '')
+        port = request.POST.get('port', '')
+        private_key = request.POST.get('key', '')
+
+        if '' in [username, port, private_key]:
+            return HttpResponse('所填内容不能为空')
+        else:
+            settings = get_object(Setting, id=1)
+            private_key_path = os.path.join(BASE_DIR, 'keys', 'default', 'default_private_key.pem')
+            with open(private_key_path, 'w') as f:
+                    f.write(private_key)
+            os.chmod(private_key_path, 0600)
+            if settings:
+                Setting.objects.filter(name='default').update(default_user=username, default_port=port,
+                                                              default_pri_key_path=private_key_path)
+            else:
+                setting_r = Setting(name='default', default_user=username, default_port=port,
+                                    default_pri_key_path=private_key_path).save()
+
+            msg = "设置成功"
+    return my_render('setting.html', locals(), request)
 #
 # def filter_ajax_api(request):
 #     attr = request.GET.get('attr', 'user')

--- a/juser/models.py
+++ b/juser/models.py
@@ -3,22 +3,18 @@
 from django.db import models
 from django.contrib.auth.models import AbstractUser
 import time
+from jasset.models import Asset, AssetGroup
+

 class UserGroup(models.Model):
    name = models.CharField(max_length=80, unique=True)
    comment = models.CharField(max_length=160, blank=True, null=True)
+    asset = models.ManyToManyField(Asset)
+    asset_group = models.ManyToManyField(AssetGroup)

    def __unicode__(self):
        return self.name

-    def get_user(self):
-        return self.user_set.all()
-
-    def update(self, **kwargs):
-        for key, value in kwargs.items():
-            self.__setattr__(key, value)
-            self.save()
-

 class User(AbstractUser):
    USER_ROLE_CHOICES = (
@@ -35,83 +31,6 @@ class User(AbstractUser):
    def __unicode__(self):
        return self.username

-    def get_asset_group(self):
-        """
-        Get user host_groups.
-        获取用户有权限的主机组
-        """
-        host_group_list = []
-        perm_list = []
-        # user_group_all = self.group.all()
-        # for user_group in user_group_all:
-        #     perm_list.extend(user_group.perm_set.all())
-        # for perm in perm_list:
-        #     host_group_list.append(perm.asset_group)
-        return host_group_list
-
-    def get_asset_group_info(self, printable=False):
-        """
-        Get or print asset group info
-        获取或打印用户授权资产组
-        """
-        asset_groups_info = {}
-        asset_groups = self.get_asset_group()
-        for asset_group in asset_groups:
-            asset_groups_info[asset_group.id] = [asset_group.name, asset_group.comment]
-        if printable:
-            for group_id in asset_groups_info:
-                if asset_groups_info[group_id][1]:
-                    print "[%3s] %s -- %s" % (group_id,
-                                              asset_groups_info[group_id][0],
-                                              asset_groups_info[group_id][1])
-                else:
-                    print "[%3s] %s" % (group_id, asset_groups_info[group_id][0])
-                print ''
-        else:
-            return asset_groups_info
-
-    def get_asset(self):
-        """
-        Get the assets of under the user control.
-        获取主机列表
-        """
-        assets = []
-        asset_groups = self.get_asset_group()
-        for asset_group in asset_groups:
-            assets.extend(asset_group.asset_set.all())
-        return assets
-
-    def get_asset_info(self, printable=False):
-        """
-        Get or print the user asset info
-        获取或打印用户资产信息
-        """
-        from jasset.models import AssetAlias
-        assets_info = {}
-        assets = self.get_asset()
-        for asset in assets:
-            asset_alias = AssetAlias.objects.filter(user=self, asset=asset)
-            if asset_alias and asset_alias[0].alias != '':
-                assets_info[asset.ip] = [asset.id, asset.ip, str(asset_alias[0].alias)]
-            else:
-                assets_info[asset.ip] = [asset.id, asset.ip, str(asset.comment)]
-        if printable:
-            ips = assets_info.keys()
-            ips.sort()
-            for ip in ips:
-                if assets_info[ip][2]:
-                    print '%-15s -- %s' % (ip, assets_info[ip][2])
-                else:
-                    print '%-15s' % ip
-            print ''
-        else:
-            return assets_info
-
-    def update(self, **kwargs):
-        for key, value in kwargs.items():
-            self.__setattr__(key, value)
-            self.save()
-

 class AdminGroup(models.Model):
    """

--- a/juser/user_api.py
+++ b/juser/user_api.py
 # coding: utf-8

 from Crypto.PublicKey import RSA
+from subprocess import call

 from juser.models import AdminGroup
 from jumpserver.api import *
 from jumpserver.settings import BASE_DIR

+
 def group_add_user(group, user_id=None, username=None):
    """
    用户组中添加用户
@@ -118,30 +120,27 @@ def db_del_user(username):
        user.delete()


-def gen_ssh_key(username, password=None, length=2048):
+def gen_ssh_key(username, password='',
+                key_dir=os.path.join(BASE_DIR, 'keys/user/'),
+                authorized_keys=True, home="/home", length=2048):
    """
    generate a user ssh key in a property dir
    生成一个用户ssh密钥对
    """
-    print "gen_ssh_key" + str(time.time())
-    private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/')
-    private_key_file = os.path.join(private_key_dir, username+".pem")
-    public_key_dir = '/home/%s/.ssh/' % username
-    public_key_file = os.path.join(public_key_dir, 'authorized_keys')
-    is_dir(private_key_dir)
-    is_dir(public_key_dir, username, mode=0700)
-
-    key = RSA.generate(length)
-    with open(private_key_file, 'w') as pri_f:
-        pri_f.write(key.exportKey('PEM', password))
-    os.chmod(private_key_file, 0600)
-    print "gen_ssh_pub_key" + str(time.time())
-    pub_key = key.publickey()
-    with open(public_key_file, 'w') as pub_f:
-        pub_f.write(pub_key.exportKey('OpenSSH'))
-    os.chmod(public_key_file, 0600)
-    bash('chown %s:%s %s' % (username, username, public_key_file))
-    print "gen_ssh_key_end" + str(time.time())
+    private_key_file = os.path.join(key_dir, username)
+    if os.path.isfile(private_key_file):
+        os.unlink(private_key_file)
+    ret = bash('ssh-keygen -t rsa -f %s -b %s -P "%s"' % (private_key_file, length, password))
+
+    if authorized_keys:
+        auth_key_dir = os.path.join(home, username, '.ssh')
+        is_dir(auth_key_dir, username, mode=0700)
+        authorized_key_file = os.path.join(auth_key_dir, 'authorized_keys')
+        with open(private_key_file+'.pub') as pub_f:
+            with open(authorized_key_file, 'w') as auth_f:
+                auth_f.write(pub_f.read())
+        os.chmod(authorized_key_file, 0600)
+        bash('chown %s:%s %s' % (username, username, authorized_key_file))


 def server_add_user(username, password, ssh_key_pwd, ssh_key_login_need):

--- a/juser/views.py
+++ b/juser/views.py
--- a/playbook/user_perm.yaml
+++ b/playbook/user_perm.yaml
+- hosts: the_del_group
+  tasks:
+    - name: del user
+      user: name={{ item }} state=absent remove=yes
+      with_items: [ the_del_users ]
+
+- hosts: the_new_group
+  tasks:
+    - name: add user
+      user: name={{ item }} state=present
+      with_items: [ the_new_users ]
+    - name: .ssh direcotory
+      file: name=/home/{{ item }}/.ssh mode=700 owner={{ item }} group={{ item }} state=directory
+      with_items: [ the_new_users ]
+    - name: set authorizied_file
+      copy: src=KEY_DIR/{{ item }}.pub dest=/home/{{ item }}/.ssh/authorizied_keys owner={{ item }} group={{ item }} mode=600
+      with_items: [ the_new_users ]
--- a/run_websocket.py
+++ b/run_websocket.py
+# coding: utf-8
+
+import time
+import json
+import os
+import sys
+import os.path
+import threading
+
+import tornado.ioloop
+import tornado.options
+import tornado.web
+import tornado.websocket
+import tornado.httpserver
+import tornado.gen
+from tornado.websocket import WebSocketClosedError
+
+from tornado.options import define, options
+from pyinotify import WatchManager, Notifier, ProcessEvent, IN_DELETE, IN_CREATE, IN_MODIFY, AsyncNotifier
+
+# from gevent import monkey
+# monkey.patch_all()
+# import gevent
+from gevent.socket import wait_read, wait_write
+
+import paramiko
+
+try:
+    import simplejson as json
+except ImportError:
+    import json
+
+
+define("port", default=3000, help="run on the given port", type=int)
+define("host", default='0.0.0.0', help="run port on", type=str)
+
+
+class MyThread(threading.Thread):
+    def __init__(self, *args, **kwargs):
+        super(MyThread, self).__init__(*args, **kwargs)
+
+    def run(self):
+        try:
+            super(MyThread, self).run()
+        except WebSocketClosedError:
+            pass
+
+
+class EventHandler(ProcessEvent):
+    def __init__(self, client=None):
+        self.client = client
+
+    def process_IN_CREATE(self, event):
+        print "Create file:%s." % os.path.join(event.path, event.name)
+
+    def process_IN_DELETE(self, event):
+        print "Delete file:%s." % os.path.join(event.path, event.name)
+
+    def process_IN_MODIFY(self, event):
+        print "Modify file:%s." % os.path.join(event.path, event.name)
+        self.client.write_message(f.read())
+
+
+def file_monitor(path='.', client=None):
+    wm = WatchManager()
+    mask = IN_DELETE | IN_CREATE | IN_MODIFY
+    notifier = AsyncNotifier(wm, EventHandler(client))
+    wm.add_watch(path, mask, auto_add=True, rec=True)
+    if not os.path.isfile(path):
+        print "You should monitor a file"
+        sys.exit(3)
+    else:
+        print "now starting monitor %s." % path
+        global f
+        f = open(path, 'r')
+        st_size = os.stat(path)[6]
+        f.seek(st_size)
+
+    while True:
+        try:
+            notifier.process_events()
+            if notifier.check_events():
+                notifier.read_events()
+        except KeyboardInterrupt:
+            print "keyboard Interrupt."
+            notifier.stop()
+            break
+
+
+class Application(tornado.web.Application):
+    def __init__(self):
+        handlers = [
+            (r'/monitor', MonitorHandler),
+            (r'/terminal', WebTerminalHandler),
+        ]
+
+        setting = {
+            'cookie_secret': 'DFksdfsasdfkasdfFKwlwfsdfsa1204mx',
+            'template_path': os.path.join(os.path.dirname(__file__), 'templates'),
+            'static_path': os.path.join(os.path.dirname(__file__), 'static'),
+            'debug': True,
+        }
+
+        tornado.web.Application.__init__(self, handlers, **setting)
+
+
+class MonitorHandler(tornado.websocket.WebSocketHandler):
+    clients = []
+    threads = []
+
+    def __init__(self, *args, **kwargs):
+        self.file_path = None
+        super(self.__class__, self).__init__(*args, **kwargs)
+
+    def check_origin(self, origin):
+        return True
+
+    def open(self):
+        # 获取监控的path
+        self.file_path = self.get_argument('file_path', '')
+        MonitorHandler.clients.append(self)
+        thread = MyThread(target=file_monitor, args=('%s.log' % self.file_path, self))
+        MonitorHandler.threads.append(thread)
+        self.stream.set_nodelay(True)
+
+        print len(MonitorHandler.threads), len(MonitorHandler.clients)
+
+    def on_message(self, message):
+        self.write_message('Connect WebSocket Success. <br/>')
+        # 监控日志，发生变动发向客户端
+
+        try:
+            for t in MonitorHandler.threads:
+                if t.is_alive():
+                    continue
+                t.setDaemon(True)
+                t.start()
+
+        except WebSocketClosedError:
+            client_index = MonitorHandler.clients.index(self)
+            MonitorHandler.threads[client_index].stop()
+            MonitorHandler.clients.remove(self)
+            MonitorHandler.threads.remove(MonitorHandler.threads[client_index])
+
+    def on_close(self):
+        # 客户端主动关闭
+        # self.close()
+
+        print "Close websocket."
+        client_index = MonitorHandler.clients.index(self)
+        MonitorHandler.clients.remove(self)
+        MonitorHandler.threads.remove(MonitorHandler.threads[client_index])
+
+
+class WebTerminalHandler(tornado.websocket.WebSocketHandler):
+    tasks = []
+
+    def __init__(self, *args, **kwargs):
+        self.chan = None
+        self.ssh = None
+        super(WebTerminalHandler, self).__init__(*args, **kwargs)
+
+    def check_origin(self, origin):
+        return True
+
+    def open(self):
+        self.ssh = paramiko.SSHClient()
+        self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+        try:
+            self.ssh.connect('127.0.0.1', 22, 'root', 'redhat')
+        except:
+            self.write_message(json.loads({'data': 'Connect server Error'}))
+            self.close()
+
+        self.chan = self.ssh.invoke_shell(term='xterm')
+        WebTerminalHandler.tasks.append(threading.Thread(target=self._forward_outbound))
+
+        for t in WebTerminalHandler.tasks:
+            if t.is_alive():
+                continue
+            t.setDaemon(True)
+            t.start()
+
+    def on_message(self, message):
+        data = json.loads(message)
+        if not data:
+            return
+        if 'resize' in data:
+            self.chan.resize_pty(
+                data['resize'].get('width', 80),
+                data['resize'].get('height', 24))
+        if 'data' in data:
+            self.chan.send(data['data'])
+
+    def on_close(self):
+        self.write_message(json.dumps({'data': 'close websocket'}))
+
+    def _forward_outbound(self):
+        """ Forward outbound traffic (ssh -> websockets) """
+        try:
+            data = ''
+            while True:
+                wait_read(self.chan.fileno())
+                recv = self.chan.recv(1024)
+                if not len(recv):
+                    return
+                data += recv
+                try:
+                    self.write_message(json.dumps({'data': data}))
+                    data = ''
+                except UnicodeDecodeError:
+                    pass
+        finally:
+            self.close()
+
+
+if __name__ == '__main__':
+    tornado.options.parse_command_line()
+    app = Application()
+    server = tornado.httpserver.HTTPServer(app)
+    server.bind(options.port, options.host)
+    # server.listen(options.port)
+    server.start(num_processes=1)
+    tornado.ioloop.IOLoop.instance().start()
--- a/static/css/plugins/bootstrap.min.css
+++ b/static/css/plugins/bootstrap.min.css
--- a/static/css/plugins/chosen/chosen-sprite.png
+++ b/static/css/plugins/chosen/chosen-sprite.png
--- a/static/css/plugins/chosen/chosen-sprite@2x.png
+++ b/static/css/plugins/chosen/chosen-sprite@2x.png
--- a/static/css/plugins/chosen/chosen.css
+++ b/static/css/plugins/chosen/chosen.css
--- a/static/css/plugins/datapicker/datepicker3.css
+++ b/static/css/plugins/datapicker/datepicker3.css
--- a/static/js/base.js
+++ b/static/js/base.js
@@ -16,6 +16,13 @@ function check_all(form) {
    }
 }

+function checkAll(){
+    // 选择该页面所有checkbox
+    $('input[type=checkbox]').each(function(){
+        $(this).attr('checked', true)
+    })
+}
+
 //提取指定行的数据，JSON格式
 function GetRowData(row){
    var rowData = {};
@@ -89,22 +96,31 @@ function move(from, to, from_o, to_o) {
 //}
 //

+//function selectAllOption(){
+//         var checklist = document.getElementsByName ("selected");
+//            if(document.getElementById("select_all").checked)
+//            {
+//            for(var i=0;i<checklist.length;i++)
+//            {
+//              checklist[i].checked = 1;
+//            }
+//            }else{
+//            for(var j=0;j<checklist.length;j++)
+//            {
+//             checklist[j].checked = 0;
+//            }
+//            }
+//
+//        }
+
+
 function selectAll(){
-         var checklist = document.getElementsByName ("selected");
-            if(document.getElementById("select_all").checked)
-            {
-            for(var i=0;i<checklist.length;i++)
-            {
-              checklist[i].checked = 1;
-            }
-            }else{
-            for(var j=0;j<checklist.length;j++)
-            {
-             checklist[j].checked = 0;
-            }
-            }
+    // 选择该页面所有option
+    $('option').each(function(){
+        $(this).attr('selected', true)
+    })
+}

-        }

 //
 //function move_all(from, to){

--- a/static/js/cropper/cropper.min.js
+++ b/static/js/cropper/cropper.min.js
--- a/static/js/datapicker/bootstrap-datepicker.js
+++ b/static/js/datapicker/bootstrap-datepicker.js
--- a/static/js/plugins/chosen/chosen.jquery.js
+++ b/static/js/plugins/chosen/chosen.jquery.js
--- a/static/js/term.js
+++ b/static/js/term.js
--- a/static/js/wssh.js
+++ b/static/js/wssh.js
+/*
+WSSH Javascript Client
+
+Usage:
+
+var client = new WSSHClient();
+
+client.connect({
+    // Connection and authentication parameters
+    username: 'root',
+    hostname: 'localhost',
+    authentication_method: 'password', // can either be password or private_key
+    password: 'secretpassword', // do not provide when using private_key
+    key_passphrase: 'secretpassphrase', // *may* be provided if the private_key is encrypted
+
+    // Callbacks
+    onError: function(error) {
+        // Called upon an error
+        console.error(error);
+    },
+    onConnect: function() {
+        // Called after a successful connection to the server
+        console.debug('Connected!');
+
+        client.send('ls\n'); // You can send data back to the server by using WSSHClient.send()
+    },
+    onClose: function() {
+        // Called when the remote closes the connection
+        console.debug('Connection Reset By Peer');
+    },
+    onData: function(data) {
+        // Called when data is received from the server
+        console.debug('Received: ' + data);
+    }
+});
+
+*/
+
+function WSSHClient() {
+}
+
+WSSHClient.prototype._generateEndpoint = function(options) {
+    console.log(options);
+    if (window.location.protocol == 'https:') {
+        var protocol = 'wss://';
+    } else {
+        var protocol = 'ws://';
+    }
+
+    var endpoint = protocol + window.location.host + ':8080' + '/terminal';
+    return endpoint;
+};
+
+WSSHClient.prototype.connect = function(options) {
+    var endpoint = this._generateEndpoint(options);
+
+    if (window.WebSocket) {
+        this._connection = new WebSocket(endpoint);
+    }
+    else if (window.MozWebSocket) {
+        this._connection = MozWebSocket(endpoint);
+    }
+    else {
+        options.onError('WebSocket Not Supported');
+        return ;
+    }
+
+    this._connection.onopen = function() {
+        options.onConnect();
+    };
+
+    this._connection.onmessage = function (evt) {
+        var data = JSON.parse(evt.data.toString());
+        if (data.error !== undefined) {
+            options.onError(data.error);
+        }
+        else {
+            options.onData(data.data);
+        }
+    };
+
+    this._connection.onclose = function(evt) {
+        options.onClose();
+    };
+};
+
+WSSHClient.prototype.send = function(data) {
+    this._connection.send(JSON.stringify({'data': data}));
+};
--- a/templates/head_script.html
+++ b/templates/head_script.html
@@ -8,4 +8,5 @@
 <!-- validator js -->
 <script src="/static/js/validator/jquery.validator.js"></script>
 <script src="/static/js/validator/zh_CN.js"></script>
+<script src="/static/js/datapicker/bootstrap-datepicker.js"></script>

--- a/templates/jasset/asset_add.html
+++ b/templates/jasset/asset_add.html
--- a/templates/jasset/asset_edit.html
+++ b/templates/jasset/asset_edit.html
@@ -50,21 +50,21 @@
                                            <div class="col-sm-1">
                                                <div class="radio i-checks">
                                                    <label>
-                                                        <input type="checkbox" {% ifequal asset.use_default_auth 1 %} checked="" {% endifequal %} value="1" id="use_default_auth" name="use_default_auth">
+                                                        <input type="checkbox" {% ifequal asset.use_default 1 %} checked="" {% endifequal %} value="1" id="use_default" name="use_default">
                                                    </label>
                                                </div>
                                            </div>
                                        </div>

-                                        <div class="form-group" id="admin_account" {% ifequal asset.use_default_auth 1 %} style="display: none" {% endifequal %}>
+                                        <div class="form-group" id="admin_account" {% ifequal asset.use_default 1 %} style="display: none" {% endifequal %}>
                                            <label class="col-sm-2 control-label"> 管理用户名<span class="red-fonts">*</span> </label>
                                            <div class="col-sm-3">
-                                                <input type="text" {% ifnotequal asset.use_default_auth 1 %} value="{{ asset.username }}" {% endifnotequal %} name="username" class="form-control">
+                                                <input type="text" {% ifnotequal asset.use_default 1 %} value="{{ asset.username }}" {% endifnotequal %} name="username" class="form-control">
                                            </div>

                                            <label class="col-sm-1 control-label"> 密码<span class="red-fonts">*</span> </label>
                                            <div class="col-sm-4">
-                                                <input type="password" {% ifnotequal asset.use_default_auth 1 %} value="{{ asset.password }}" {% endifnotequal %}  name="password" class="form-control">
+                                                <input type="password" {% ifnotequal asset.use_default 1 %} value="{{ asset.password }}" {% endifnotequal %}  name="password" class="form-control">
                                            </div>
                                        </div>

@@ -123,7 +123,7 @@
 <script>

 $('document').ready(function(){
-    $('#use_default_auth').click(function(){
+    $('#use_default').click(function(){
        if ($(this).is(':checked')){
            $('#admin_account').css('display', 'none')
        }

--- a/templates/jlog/base.jinja2
+++ b/templates/jlog/base.jinja2
--- a/templates/jlog/dynamic.jinja2
+++ b/templates/jlog/dynamic.jinja2
+{% extends "base.jinja2" %}
+{% block head %}
+        <script src='term.js'></script>
+        <link href='http://fonts.googleapis.com/css?family=Ubuntu+Mono' rel='stylesheet' type='text/css'>
+        <style>
+            body {
+                    font-family: 'Ubuntu Mono', Courier, monospace;
+                    font-size:  14pt;
+                 }
+        </style>
+{% endblock %}
--- a/templates/jlog/log_filter.html
+++ b/templates/jlog/log_filter.html
--- a/templates/jlog/log_monitor.html
+++ b/templates/jlog/log_monitor.html
--- a/templates/jlog/log_offline.html
+++ b/templates/jlog/log_offline.html
--- a/templates/jlog/log_online.html
+++ b/templates/jlog/log_online.html
--- a/templates/jlog/static.jinja2
+++ b/templates/jlog/static.jinja2
--- a/templates/jlog/web_terminal.html
+++ b/templates/jlog/web_terminal.html
--- a/templates/jperm/dept_perm_edit.html
+++ b/templates/jperm/dept_perm_edit.html
--- a/templates/jperm/perm_apply.html
+++ b/templates/jperm/perm_apply.html
--- a/templates/jperm/perm_apply_exec.html
+++ b/templates/jperm/perm_apply_exec.html
--- a/templates/jperm/perm_apply_info.html
+++ b/templates/jperm/perm_apply_info.html
--- a/templates/jperm/perm_apply_search.html
+++ b/templates/jperm/perm_apply_search.html
--- a/templates/jperm/perm_asset_detail.html
+++ b/templates/jperm/perm_asset_detail.html
--- a/templates/jperm/perm_detail.html
+++ b/templates/jperm/perm_detail.html
--- a/templates/jperm/perm_edit_bak.html
+++ b/templates/jperm/perm_edit_bak.html
--- a/templates/jperm/user_perm.html
+++ b/templates/jperm/user_perm.html
--- a/templates/jperm/perm_list.html
+++ b/templates/jperm/perm_list.html
--- a/templates/jperm/perm_list_ajax.html
+++ b/templates/jperm/perm_list_ajax.html
--- a/templates/jperm/perm_log.html
+++ b/templates/jperm/perm_log.html
--- a/templates/jperm/perm_log_offline.html
+++ b/templates/jperm/perm_log_offline.html
--- a/templates/jperm/perm_log_online.html
+++ b/templates/jperm/perm_log_online.html
--- a/templates/jperm/perm_user_detail.html
+++ b/templates/jperm/perm_user_detail.html
--- a/templates/jperm/perm_edit.html
+++ b/templates/jperm/perm_edit.html
--- a/templates/jperm/dept_perm_list.html
+++ b/templates/jperm/dept_perm_list.html
--- a/templates/jperm/sudo_add.html
+++ b/templates/jperm/sudo_add.html
--- a/templates/jperm/sudo_cmd_add.html
+++ b/templates/jperm/sudo_cmd_add.html
--- a/templates/jperm/sudo_cmd_detail.html
+++ b/templates/jperm/sudo_cmd_detail.html
--- a/templates/jperm/sudo_cmd_list.html
+++ b/templates/jperm/sudo_cmd_list.html
--- a/templates/jperm/sudo_detail.html
+++ b/templates/jperm/sudo_detail.html
--- a/templates/jperm/sudo_edit.html
+++ b/templates/jperm/sudo_edit.html
--- a/templates/jperm/sys_user_add.html
+++ b/templates/jperm/sys_user_add.html
--- a/templates/jperm/sudo_list.html
+++ b/templates/jperm/sudo_list.html
--- a/templates/juser/user_list.html
+++ b/templates/juser/user_list.html
--- a/templates/log_watch.html
+++ b/templates/log_watch.html
--- a/templates/nav.html
+++ b/templates/nav.html
--- a/templates/setting.html
+++ b/templates/setting.html
--- a/templates/test.html
+++ b/templates/test.html
--- a/templates/test2.html
+++ b/templates/test2.html