mirror of
https://github.com/jumpserver/jumpserver.git
synced 2025-07-02 09:42:05 +00:00
fix websocket授权
This commit is contained in:
parent
17ccac92ee
commit
30fe9f5236
@ -138,7 +138,7 @@ def user_have_perm(user, asset):
|
|||||||
if asset in user_assets:
|
if asset in user_assets:
|
||||||
return user_perm_all.get('asset').get(asset).get('role')
|
return user_perm_all.get('asset').get(asset).get('role')
|
||||||
else:
|
else:
|
||||||
return False
|
return []
|
||||||
|
|
||||||
|
|
||||||
def gen_resource(ob, ex='', perm=None):
|
def gen_resource(ob, ex='', perm=None):
|
||||||
|
@ -38,17 +38,17 @@ define("host", default='0.0.0.0', help="run port on", type=str)
|
|||||||
|
|
||||||
def require_auth(role='user'):
|
def require_auth(role='user'):
|
||||||
def _deco(func):
|
def _deco(func):
|
||||||
def _deco(request, *args, **kwargs):
|
def _deco2(request, *args, **kwargs):
|
||||||
if request.get_cookie('sessionid'):
|
if request.get_cookie('sessionid'):
|
||||||
session_key = request.get_cookie('sessionid')
|
session_key = request.get_cookie('sessionid')
|
||||||
else:
|
else:
|
||||||
session_key = request.get_secure_cookie('sessionid')
|
session_key = request.get_secure_cookie('sessionid')
|
||||||
|
|
||||||
logger.debug('Websocket: session_key: ' + session_key)
|
logger.debug('Websocket: session_key: %s' % session_key)
|
||||||
|
|
||||||
if session_key:
|
if session_key:
|
||||||
session = get_object(Session, session_key=session_key)
|
session = get_object(Session, session_key=session_key)
|
||||||
if session and datetime.datetime.now() > session.expire_date:
|
logger.debug('Websocket: session: %s' % session)
|
||||||
|
if session and datetime.datetime.now() < session.expire_date:
|
||||||
user_id = session.get_decoded().get('_auth_user_id')
|
user_id = session.get_decoded().get('_auth_user_id')
|
||||||
user = get_object(User, id=user_id)
|
user = get_object(User, id=user_id)
|
||||||
if user:
|
if user:
|
||||||
@ -60,6 +60,8 @@ def require_auth(role='user'):
|
|||||||
logger.debug('Websocket: user [ %s ] is not admin.' % user.username)
|
logger.debug('Websocket: user [ %s ] is not admin.' % user.username)
|
||||||
else:
|
else:
|
||||||
return func(request, *args, **kwargs)
|
return func(request, *args, **kwargs)
|
||||||
|
else:
|
||||||
|
logger.debug('Websocket: session expired: %s' % session_key)
|
||||||
request.close()
|
request.close()
|
||||||
logger.warning('Websocket: Request auth failed.')
|
logger.warning('Websocket: Request auth failed.')
|
||||||
# asset_id = int(request.get_argument('id', 9999))
|
# asset_id = int(request.get_argument('id', 9999))
|
||||||
@ -78,7 +80,7 @@ def require_auth(role='user'):
|
|||||||
# else:
|
# else:
|
||||||
# print("No session user.")
|
# print("No session user.")
|
||||||
# request.close()
|
# request.close()
|
||||||
return _deco
|
return _deco2
|
||||||
return _deco
|
return _deco
|
||||||
|
|
||||||
|
|
||||||
@ -244,13 +246,15 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
|
|||||||
def check_origin(self, origin):
|
def check_origin(self, origin):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
@require_auth
|
@require_auth('user')
|
||||||
def open(self):
|
def open(self):
|
||||||
|
logger.debug('Websocket: Open request')
|
||||||
role_name = self.get_argument('role', 'sb')
|
role_name = self.get_argument('role', 'sb')
|
||||||
asset_id = self.get_argument('id', 9999)
|
asset_id = self.get_argument('id', 9999)
|
||||||
asset = get_object(Asset, id=asset_id)
|
asset = get_object(Asset, id=asset_id)
|
||||||
if asset:
|
if asset:
|
||||||
roles = user_have_perm(self.user, asset)
|
roles = user_have_perm(self.user, asset)
|
||||||
|
logger.debug(roles)
|
||||||
login_role = ''
|
login_role = ''
|
||||||
for role in roles:
|
for role in roles:
|
||||||
if role.name == role_name:
|
if role.name == role_name:
|
||||||
@ -267,7 +271,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
|
|||||||
return
|
return
|
||||||
logger.debug('Websocket: request web terminal Host: %s User: %s Role: %s' % (asset.hostname, self.user.username,
|
logger.debug('Websocket: request web terminal Host: %s User: %s Role: %s' % (asset.hostname, self.user.username,
|
||||||
login_role.name))
|
login_role.name))
|
||||||
self.term = WebTty(self.user, self.asset, login_role)
|
self.term = WebTty(self.user, asset, login_role)
|
||||||
self.term.get_connection()
|
self.term.get_connection()
|
||||||
self.term.channel = self.term.ssh.invoke_shell(term='xterm')
|
self.term.channel = self.term.ssh.invoke_shell(term='xterm')
|
||||||
WebTerminalHandler.tasks.append(MyThread(target=self.forward_outbound))
|
WebTerminalHandler.tasks.append(MyThread(target=self.forward_outbound))
|
||||||
@ -302,7 +306,7 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
|
|||||||
self.term.channel.send(data['data'])
|
self.term.channel.send(data['data'])
|
||||||
|
|
||||||
def on_close(self):
|
def on_close(self):
|
||||||
print 'On_close'
|
logger.debug('Websocket: Close request')
|
||||||
if self in WebTerminalHandler.clients:
|
if self in WebTerminalHandler.clients:
|
||||||
WebTerminalHandler.clients.remove(self)
|
WebTerminalHandler.clients.remove(self)
|
||||||
try:
|
try:
|
||||||
|
Loading…
Reference in New Issue
Block a user