perf: update connection token

This commit is contained in:
ibuler 2025-04-09 11:00:14 +08:00 committed by Bryan
parent a317549a01
commit 528f9045d0
2 changed files with 25 additions and 9 deletions

View File

@ -16,7 +16,7 @@ from assets.const.host import GATEWAY_NAME
from authentication.const import ConnectionTokenType from authentication.const import ConnectionTokenType
from common.db.fields import EncryptTextField from common.db.fields import EncryptTextField
from common.exceptions import JMSException from common.exceptions import JMSException
from common.utils import lazyproperty, pretty_string, bulk_get from common.utils import lazyproperty, pretty_string, bulk_get, is_uuid
from common.utils.timezone import as_current_tz from common.utils.timezone import as_current_tz
from orgs.mixins.models import JMSOrgBaseModel from orgs.mixins.models import JMSOrgBaseModel
from orgs.utils import tmp_to_org from orgs.utils import tmp_to_org
@ -127,6 +127,22 @@ class ConnectionToken(JMSOrgBaseModel):
.validate_permission(account_alias, protocol) .validate_permission(account_alias, protocol)
return permed_account return permed_account
@classmethod
def get_asset_accounts_by_alias(cls, asset, alias):
"""
获取资产下的账号
:param alias: 账号别名
:return: 账号对象
"""
if is_uuid(alias):
kwargs = {'id': alias}
else:
kwargs = {'name': alias}
with tmp_to_org(asset.org_id):
account = asset.all_valid_accounts.filter(**kwargs).first()
return account
def get_permed_account(self): def get_permed_account(self):
return self.get_user_permed_account(self.user, self.asset, self.account, self.protocol) return self.get_user_permed_account(self.user, self.asset, self.account, self.protocol)
@ -207,7 +223,7 @@ class ConnectionToken(JMSOrgBaseModel):
'alternate shell:s': app, 'alternate shell:s': app,
'remoteapplicationcmdline:s': cmdline_b64, 'remoteapplicationcmdline:s': cmdline_b64,
'disableconnectionsharing:i': '1', 'disableconnectionsharing:i': '1',
'bitmapcachepersistenable:i': '0', # 图缓存相关设置,便于录像审计 'bitmapcachepersistenable:i': '0', # 图缓存相关设置,便于录像审计
'bitmapcachesize:i': '1500', 'bitmapcachesize:i': '1500',
} }
return options return options
@ -278,7 +294,7 @@ class ConnectionToken(JMSOrgBaseModel):
input_secret=self.input_secret, from_permed=False input_secret=self.input_secret, from_permed=False
) )
else: else:
account = self.asset.all_valid_accounts.filter(id=self.account).first() account = self.get_asset_accounts_by_alias(self.asset, self.account)
if not account.secret and self.input_secret: if not account.secret and self.input_secret:
account.secret = self.input_secret account.secret = self.input_secret
self.set_ad_domain_if_need(account) self.set_ad_domain_if_need(account)
@ -352,14 +368,14 @@ class AdminConnectionToken(ConnectionToken):
return super().is_valid() return super().is_valid()
@classmethod @classmethod
def get_user_permed_account(cls, user, asset, account_name, protocol): def get_user_permed_account(cls, user, asset, account_alias, protocol):
""" """
管理员 token 可以访问所有资产的账号 管理员 token 可以访问所有资产的账号
""" """
with tmp_to_org(asset.org_id): account = cls.get_asset_accounts_by_alias(asset, account_alias)
account = asset.accounts.filter(name=account_name).first() if not account:
if not account: return None
return None
account.actions = ActionChoices.all() account.actions = ActionChoices.all()
account.date_expired = timezone.now() + timezone.timedelta(days=5) account.date_expired = timezone.now() + timezone.timedelta(days=5)
return account return account

View File

@ -100,7 +100,7 @@ class PermAssetDetailUtil:
def map_alias_to_accounts(cls, alias_action_bit_mapper, alias_date_expired_mapper, asset, user): def map_alias_to_accounts(cls, alias_action_bit_mapper, alias_date_expired_mapper, asset, user):
username_accounts_mapper = defaultdict(list) username_accounts_mapper = defaultdict(list)
cleaned_accounts_expired = defaultdict(list) cleaned_accounts_expired = defaultdict(list)
asset_accounts = asset.all_valid_accounts asset_accounts = asset.all_valid_accounts.all()
# 用户名 -> 账号 # 用户名 -> 账号
for account in asset_accounts: for account in asset_accounts: