From 24f7946b7b407a846e5c3e08f4f2206005206a3e Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Thu, 14 Aug 2025 15:05:18 +0800 Subject: [PATCH] perf: change some field to encrypt field (#15842) * perf: conn token add remote addr * perf: change some field to encrypt field --------- Co-authored-by: ibuler --- apps/authentication/backends/base.py | 3 +- .../0007_connectiontoken_remote_addr.py | 20 +++++++++++++ ...accesskey_secret_alter_temptoken_secret.py | 30 +++++++++++++++++++ apps/authentication/models/access_key.py | 3 +- .../authentication/models/connection_token.py | 3 ++ apps/authentication/models/temp_token.py | 3 +- .../serializers/connection_token.py | 8 +++++ apps/i18n/luna/en.json | 4 +-- 8 files changed, 69 insertions(+), 5 deletions(-) create mode 100644 apps/authentication/migrations/0007_connectiontoken_remote_addr.py create mode 100644 apps/authentication/migrations/0008_alter_accesskey_secret_alter_temptoken_secret.py diff --git a/apps/authentication/backends/base.py b/apps/authentication/backends/base.py index 89458b975..f4c0e09f6 100644 --- a/apps/authentication/backends/base.py +++ b/apps/authentication/backends/base.py @@ -61,7 +61,8 @@ class JMSBaseAuthBackend: class JMSModelBackend(JMSBaseAuthBackend, ModelBackend): - pass + def user_can_authenticate(self, user): + return True class BaseAuthCallbackClientView(View): diff --git a/apps/authentication/migrations/0007_connectiontoken_remote_addr.py b/apps/authentication/migrations/0007_connectiontoken_remote_addr.py new file mode 100644 index 000000000..2bb429e96 --- /dev/null +++ b/apps/authentication/migrations/0007_connectiontoken_remote_addr.py @@ -0,0 +1,20 @@ +# Generated by Django 4.1.13 on 2025-08-04 06:20 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentication", "0006_connectiontoken_type"), + ] + + operations = [ + migrations.AddField( + model_name="connectiontoken", + name="remote_addr", + field=models.CharField( + blank=True, max_length=128, null=True, verbose_name="Remote addr" + ), + ), + ] diff --git a/apps/authentication/migrations/0008_alter_accesskey_secret_alter_temptoken_secret.py b/apps/authentication/migrations/0008_alter_accesskey_secret_alter_temptoken_secret.py new file mode 100644 index 000000000..7adf3c2eb --- /dev/null +++ b/apps/authentication/migrations/0008_alter_accesskey_secret_alter_temptoken_secret.py @@ -0,0 +1,30 @@ +# Generated by Django 4.1.13 on 2025-08-14 06:39 + +import authentication.models.access_key +import common.db.fields +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentication", "0007_connectiontoken_remote_addr"), + ] + + operations = [ + migrations.AlterField( + model_name="accesskey", + name="secret", + field=common.db.fields.EncryptTextField( + default=authentication.models.access_key.default_secret, + verbose_name="AccessKeySecret", + ), + ), + migrations.AlterField( + model_name="temptoken", + name="secret", + field=common.db.fields.EncryptTextField( + verbose_name="Secret" + ), + ), + ] diff --git a/apps/authentication/models/access_key.py b/apps/authentication/models/access_key.py index f02744140..7db636b13 100644 --- a/apps/authentication/models/access_key.py +++ b/apps/authentication/models/access_key.py @@ -4,6 +4,7 @@ from django.conf import settings from django.db import models from django.utils.translation import gettext_lazy as _ +from common.db.fields import EncryptTextField import common.db.models from common.db.utils import default_ip_group @@ -16,7 +17,7 @@ def default_secret(): class AccessKey(models.Model): id = models.UUIDField(verbose_name='AccessKeyID', primary_key=True, default=uuid.uuid4, editable=False) - secret = models.CharField(verbose_name='AccessKeySecret', default=default_secret, max_length=36) + secret = EncryptTextField(verbose_name='AccessKeySecret', default=default_secret) ip_group = models.JSONField(default=default_ip_group, verbose_name=_('IP group')) user = models.ForeignKey(settings.AUTH_USER_MODEL, verbose_name='User', on_delete=common.db.models.CASCADE_SIGNAL_SKIP, related_name='access_keys') diff --git a/apps/authentication/models/connection_token.py b/apps/authentication/models/connection_token.py index 95e0c3d7e..278eedc5a 100644 --- a/apps/authentication/models/connection_token.py +++ b/apps/authentication/models/connection_token.py @@ -57,6 +57,9 @@ class ConnectionToken(JMSOrgBaseModel): ) face_monitor_token = models.CharField(max_length=128, null=True, blank=True, verbose_name=_("Face monitor token")) is_active = models.BooleanField(default=True, verbose_name=_("Active")) + remote_addr = models.CharField( + max_length=128, verbose_name=_("Remote addr"), blank=True, null=True + ) type = models.CharField( max_length=16, choices=ConnectionTokenType.choices, diff --git a/apps/authentication/models/temp_token.py b/apps/authentication/models/temp_token.py index 33d86cbc1..59938a5e7 100644 --- a/apps/authentication/models/temp_token.py +++ b/apps/authentication/models/temp_token.py @@ -3,11 +3,12 @@ from django.utils import timezone from django.utils.translation import gettext_lazy as _ from common.db.models import JMSBaseModel +from common.db.fields import EncryptTextField class TempToken(JMSBaseModel): username = models.CharField(max_length=128, verbose_name=_("Username")) - secret = models.CharField(max_length=64, verbose_name=_("Secret")) + secret = EncryptTextField(verbose_name=_("Secret")) verified = models.BooleanField(default=False, verbose_name=_("Verified")) date_verified = models.DateTimeField(null=True, verbose_name=_("Date verified")) date_expired = models.DateTimeField(verbose_name=_("Date expired")) diff --git a/apps/authentication/serializers/connection_token.py b/apps/authentication/serializers/connection_token.py index 3c176f57c..f2459be51 100644 --- a/apps/authentication/serializers/connection_token.py +++ b/apps/authentication/serializers/connection_token.py @@ -1,6 +1,7 @@ from django.utils.translation import gettext_lazy as _ from rest_framework import serializers +from common.utils import get_request_ip from common.serializers import CommonModelSerializer from common.serializers.fields import EncryptedField from perms.serializers.permission import ActionChoicesField @@ -29,6 +30,7 @@ class ConnectionTokenSerializer(CommonModelSerializer): 'is_active', 'is_reusable', 'from_ticket', 'from_ticket_info', 'date_expired', 'date_created', 'date_updated', 'created_by', 'updated_by', 'org_id', 'org_name', 'face_monitor_token', + 'remote_addr', ] read_only_fields = [ # 普通 Token 不支持指定 user @@ -52,6 +54,12 @@ class ConnectionTokenSerializer(CommonModelSerializer): def get_user(self, attrs): return self.get_request_user() + def create(self, validated_data): + request = self.context.get('request') + if request: + validated_data['remote_addr'] = get_request_ip(request) + return super().create(validated_data) + def get_from_ticket_info(self, instance): if not instance.from_ticket: return {} diff --git a/apps/i18n/luna/en.json b/apps/i18n/luna/en.json index 4ab3b946e..93770951c 100644 --- a/apps/i18n/luna/en.json +++ b/apps/i18n/luna/en.json @@ -205,7 +205,7 @@ "SelectCommand": "Please select the command to execute.", "Send command": "Send command", "Send text to all ssh terminals": "Send text to all ssh terminals", - "SendCommandPlaceholder": "Input command here..., Enter for new line, Ctrl+Enter to send", + "SendCommandPlaceholder": "Input command here, Enter for new line, Ctrl+Enter to send", "Session": "Session", "SessionIsBeingMonitored": "Session is being monitored", "SessionShare": "Session share", @@ -283,4 +283,4 @@ "success": "Success", "system user": "System user", "user": "User" -} \ No newline at end of file +}