perf: change some field to encrypt field (#15842)

* perf: conn token add remote addr

* perf: change some field to encrypt field

---------

Co-authored-by: ibuler <ibuler@qq.com>

apps/authentication/backends/base.py

@@ -61,7 +61,8 @@ class JMSBaseAuthBackend:
 
 
 class JMSModelBackend(JMSBaseAuthBackend, ModelBackend):
-    pass
+     def user_can_authenticate(self, user):
+        return True
 
 
 class BaseAuthCallbackClientView(View):

apps/authentication/migrations/0007_connectiontoken_remote_addr.py

@@ -0,0 +1,20 @@
+# Generated by Django 4.1.13 on 2025-08-04 06:20
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentication", "0006_connectiontoken_type"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="connectiontoken",
+            name="remote_addr",
+            field=models.CharField(
+                blank=True, max_length=128, null=True, verbose_name="Remote addr"
+            ),
+        ),
+    ]

apps/authentication/migrations/0008_alter_accesskey_secret_alter_temptoken_secret.py

@@ -0,0 +1,30 @@
+# Generated by Django 4.1.13 on 2025-08-14 06:39
+
+import authentication.models.access_key
+import common.db.fields
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentication", "0007_connectiontoken_remote_addr"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="accesskey",
+            name="secret",
+            field=common.db.fields.EncryptTextField(
+                default=authentication.models.access_key.default_secret,
+                verbose_name="AccessKeySecret",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="temptoken",
+            name="secret",
+            field=common.db.fields.EncryptTextField(
+                verbose_name="Secret"
+            ),
+        ),
+    ]

apps/authentication/models/access_key.py

@@ -4,6 +4,7 @@ from django.conf import settings
 from django.db import models
 from django.utils.translation import gettext_lazy as _
 
+from common.db.fields import EncryptTextField
 import common.db.models
 
 from common.db.utils import default_ip_group
@@ -16,7 +17,7 @@ def default_secret():
 
 class AccessKey(models.Model):
     id = models.UUIDField(verbose_name='AccessKeyID', primary_key=True, default=uuid.uuid4, editable=False)
-    secret = models.CharField(verbose_name='AccessKeySecret', default=default_secret, max_length=36)
+    secret = EncryptTextField(verbose_name='AccessKeySecret', default=default_secret)
     ip_group = models.JSONField(default=default_ip_group, verbose_name=_('IP group'))
     user = models.ForeignKey(settings.AUTH_USER_MODEL, verbose_name='User',
                              on_delete=common.db.models.CASCADE_SIGNAL_SKIP, related_name='access_keys')

apps/authentication/models/connection_token.py

@@ -57,6 +57,9 @@ class ConnectionToken(JMSOrgBaseModel):
     )
     face_monitor_token = models.CharField(max_length=128, null=True, blank=True, verbose_name=_("Face monitor token"))
     is_active = models.BooleanField(default=True, verbose_name=_("Active"))
+    remote_addr = models.CharField(
+        max_length=128, verbose_name=_("Remote addr"), blank=True, null=True
+    )
 
     type = models.CharField(
         max_length=16, choices=ConnectionTokenType.choices,

apps/authentication/models/temp_token.py

@@ -3,11 +3,12 @@ from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 
 from common.db.models import JMSBaseModel
+from common.db.fields import EncryptTextField
 
 
 class TempToken(JMSBaseModel):
     username = models.CharField(max_length=128, verbose_name=_("Username"))
-    secret = models.CharField(max_length=64, verbose_name=_("Secret"))
+    secret = EncryptTextField(verbose_name=_("Secret"))
     verified = models.BooleanField(default=False, verbose_name=_("Verified"))
     date_verified = models.DateTimeField(null=True, verbose_name=_("Date verified"))
     date_expired = models.DateTimeField(verbose_name=_("Date expired"))

apps/authentication/serializers/connection_token.py

@@ -1,6 +1,7 @@
 from django.utils.translation import gettext_lazy as _
 from rest_framework import serializers
 
+from common.utils import get_request_ip
 from common.serializers import CommonModelSerializer
 from common.serializers.fields import EncryptedField
 from perms.serializers.permission import ActionChoicesField
@@ -29,6 +30,7 @@ class ConnectionTokenSerializer(CommonModelSerializer):
             'is_active', 'is_reusable', 'from_ticket', 'from_ticket_info',
             'date_expired', 'date_created', 'date_updated', 'created_by',
             'updated_by', 'org_id', 'org_name', 'face_monitor_token',
+            'remote_addr',
         ]
         read_only_fields = [
             # 普通 Token 不支持指定 user
@@ -52,6 +54,12 @@ class ConnectionTokenSerializer(CommonModelSerializer):
     def get_user(self, attrs):
         return self.get_request_user()
 
+    def create(self, validated_data):
+        request = self.context.get('request')
+        if request:
+            validated_data['remote_addr'] = get_request_ip(request)
+        return super().create(validated_data)
+
     def get_from_ticket_info(self, instance):
         if not instance.from_ticket:
             return {}

apps/i18n/luna/en.json

@@ -205,7 +205,7 @@
     "SelectCommand": "Please select the command to execute.",
     "Send command": "Send command",
     "Send text to all ssh terminals": "Send text to all ssh terminals",
-    "SendCommandPlaceholder": "Input command here..., Enter for new line, Ctrl+Enter to send",
+    "SendCommandPlaceholder": "Input command here, Enter for new line, Ctrl+Enter to send",
     "Session": "Session",
     "SessionIsBeingMonitored": "Session is being monitored",
     "SessionShare": "Session share",