diff --git a/.gitignore b/.gitignore index cb931287b..5d5eb57db 100644 --- a/.gitignore +++ b/.gitignore @@ -15,6 +15,7 @@ dump.rdb .tox .cache/ .idea/ +.vscode/ db.sqlite3 config.py config.yml diff --git a/README.md b/README.md index b8e86a2c7..3a3d4d47c 100644 --- a/README.md +++ b/README.md @@ -245,6 +245,7 @@ JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向 - [极速安装](https://docs.jumpserver.org/zh/master/install/setup_by_fast/) - [完整文档](https://docs.jumpserver.org) - [演示视频](https://www.bilibili.com/video/BV1ZV41127GB) +- [手动安装](https://github.com/jumpserver/installer) ## 组件项目 - [Lina](https://github.com/jumpserver/lina) JumpServer Web UI 项目 diff --git a/apps/common/drf/metadata.py b/apps/common/drf/metadata.py index cc2903d2f..afd7389bb 100644 --- a/apps/common/drf/metadata.py +++ b/apps/common/drf/metadata.py @@ -18,7 +18,7 @@ from rest_framework.request import clone_request class SimpleMetadataWithFilters(SimpleMetadata): """Override SimpleMetadata, adding info about filters""" - methods = {"PUT", "POST", "GET"} + methods = {"PUT", "POST", "GET", "PATCH"} attrs = [ 'read_only', 'label', 'help_text', 'min_length', 'max_length', @@ -32,6 +32,9 @@ class SimpleMetadataWithFilters(SimpleMetadata): """ actions = {} for method in self.methods & set(view.allowed_methods): + if hasattr(view, 'action_map'): + view.action = view.action_map.get(method.lower(), view.action) + view.request = clone_request(request, method) try: # Test global permissions diff --git a/apps/common/drf/parsers/base.py b/apps/common/drf/parsers/base.py index acffcfef8..32f93a1bf 100644 --- a/apps/common/drf/parsers/base.py +++ b/apps/common/drf/parsers/base.py @@ -94,7 +94,7 @@ class BaseFileParser(BaseParser): new_row_data = {} serializer_fields = self.serializer_fields for k, v in row_data.items(): - if isinstance(v, list) or isinstance(v, dict) or isinstance(v, str) and k.strip() and v.strip(): + if type(v) in [list, dict, int] or (isinstance(v, str) and k.strip() and v.strip()): # 解决类似disk_info为字符串的'{}'的问题 if not isinstance(v, str) and isinstance(serializer_fields[k], serializers.CharField): v = str(v) diff --git a/apps/jumpserver/settings/base.py b/apps/jumpserver/settings/base.py index 4a2e59062..1d4b2f995 100644 --- a/apps/jumpserver/settings/base.py +++ b/apps/jumpserver/settings/base.py @@ -48,6 +48,7 @@ INSTALLED_APPS = [ 'applications.apps.ApplicationsConfig', 'tickets.apps.TicketsConfig', 'acls.apps.AclsConfig', + 'notifications', 'common.apps.CommonConfig', 'jms_oidc_rp', 'rest_framework', diff --git a/apps/jumpserver/urls.py b/apps/jumpserver/urls.py index 687b7f2ae..510654048 100644 --- a/apps/jumpserver/urls.py +++ b/apps/jumpserver/urls.py @@ -23,6 +23,7 @@ api_v1 = [ path('applications/', include('applications.urls.api_urls', namespace='api-applications')), path('tickets/', include('tickets.urls.api_urls', namespace='api-tickets')), path('acls/', include('acls.urls.api_urls', namespace='api-acls')), + path('notifications/', include('notifications.urls', namespace='api-notifications')), path('prometheus/metrics/', api.PrometheusMetricsApi.as_view()), ] diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index b3bde6600..53adc1239 100644 Binary files a/apps/locale/zh/LC_MESSAGES/django.mo and b/apps/locale/zh/LC_MESSAGES/django.mo differ diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index a64dde7cd..8f5f38858 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2021-05-21 11:08+0800\n" +"POT-Creation-Date: 2021-05-22 16:56+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -99,7 +99,7 @@ msgstr "动作" #: terminal/backends/command/models.py:18 #: terminal/backends/command/serializers.py:12 terminal/models/session.py:38 #: tickets/models/comment.py:17 users/models/user.py:176 -#: users/models/user.py:738 users/models/user.py:764 +#: users/models/user.py:740 users/models/user.py:766 #: users/serializers/group.py:20 #: users/templates/users/user_asset_permission.html:38 #: users/templates/users/user_asset_permission.html:64 @@ -184,7 +184,7 @@ msgstr "格式为逗号分隔的字符串, * 表示匹配所有. " #: users/templates/users/_select_user_modal.html:14 #: xpack/plugins/change_auth_plan/models.py:47 #: xpack/plugins/change_auth_plan/models.py:278 -#: xpack/plugins/cloud/serializers.py:65 +#: xpack/plugins/cloud/serializers.py:51 msgid "Username" msgstr "用户名" @@ -285,7 +285,7 @@ msgid "Cluster" msgstr "集群" #: applications/serializers/attrs/application_category/db.py:11 -#: ops/models/adhoc.py:146 xpack/plugins/cloud/serializers.py:63 +#: ops/models/adhoc.py:146 xpack/plugins/cloud/serializers.py:49 msgid "Host" msgstr "主机" @@ -295,7 +295,7 @@ msgstr "主机" #: applications/serializers/attrs/application_type/oracle.py:11 #: applications/serializers/attrs/application_type/pgsql.py:11 #: assets/models/asset.py:188 assets/models/domain.py:53 -#: xpack/plugins/cloud/serializers.py:64 +#: xpack/plugins/cloud/serializers.py:50 msgid "Port" msgstr "端口" @@ -325,7 +325,7 @@ msgstr "目标URL" #: xpack/plugins/change_auth_plan/models.py:68 #: xpack/plugins/change_auth_plan/models.py:190 #: xpack/plugins/change_auth_plan/models.py:285 -#: xpack/plugins/cloud/serializers.py:67 +#: xpack/plugins/cloud/serializers.py:53 msgid "Password" msgstr "密码" @@ -407,7 +407,7 @@ msgstr "激活" #: assets/models/asset.py:196 assets/models/cluster.py:19 #: assets/models/user.py:66 templates/_nav.html:44 -#: xpack/plugins/cloud/models.py:92 xpack/plugins/cloud/serializers.py:160 +#: xpack/plugins/cloud/models.py:92 xpack/plugins/cloud/serializers.py:146 msgid "Admin user" msgstr "管理用户" @@ -497,7 +497,7 @@ msgstr "创建者" #: assets/models/label.py:25 common/db/models.py:72 common/mixins/models.py:50 #: ops/models/adhoc.py:38 ops/models/command.py:29 orgs/models.py:25 #: orgs/models.py:420 perms/models/base.py:56 users/models/group.py:18 -#: users/models/user.py:765 xpack/plugins/cloud/models.py:107 +#: users/models/user.py:767 xpack/plugins/cloud/models.py:107 msgid "Date created" msgstr "创建日期" @@ -569,7 +569,7 @@ msgid "Default" msgstr "默认" #: assets/models/cluster.py:36 assets/models/label.py:14 -#: users/models/user.py:750 +#: users/models/user.py:752 msgid "System" msgstr "系统" @@ -678,7 +678,7 @@ msgstr "ssh私钥" #: users/templates/users/user_asset_permission.html:41 #: users/templates/users/user_asset_permission.html:73 #: users/templates/users/user_asset_permission.html:158 -#: xpack/plugins/cloud/models.py:89 xpack/plugins/cloud/serializers.py:161 +#: xpack/plugins/cloud/models.py:89 xpack/plugins/cloud/serializers.py:147 msgid "Node" msgstr "节点" @@ -2100,8 +2100,8 @@ msgid "" msgstr "应用列表中包含与授权类型不同的应用。({})" #: perms/serializers/asset/permission.py:45 -#: perms/serializers/asset/permission.py:69 users/serializers/user.py:34 -#: users/serializers/user.py:82 +#: perms/serializers/asset/permission.py:69 users/serializers/user.py:33 +#: users/serializers/user.py:81 msgid "Is expired" msgstr "是否过期" @@ -2121,7 +2121,7 @@ msgstr "资产名称" msgid "System users name" msgstr "系统用户名称" -#: perms/serializers/asset/permission.py:70 users/serializers/user.py:81 +#: perms/serializers/asset/permission.py:70 users/serializers/user.py:80 msgid "Is valid" msgstr "账户是否有效" @@ -3897,11 +3897,15 @@ msgstr "用户来源" msgid "Date password last updated" msgstr "最后更新密码日期" -#: users/models/user.py:746 +#: users/models/user.py:603 +msgid "Need update password" +msgstr "需要更新密码" + +#: users/models/user.py:748 msgid "Administrator" msgstr "管理员" -#: users/models/user.py:749 +#: users/models/user.py:751 msgid "Administrator is the super user of system" msgstr "Administrator是初始的超级管理员" @@ -3909,7 +3913,7 @@ msgstr "Administrator是初始的超级管理员" msgid "The old password is incorrect" msgstr "旧密码错误" -#: users/serializers/profile.py:36 users/serializers/user.py:125 +#: users/serializers/profile.py:36 users/serializers/user.py:126 msgid "Password does not match security rules" msgstr "密码不满足安全规则" @@ -3921,76 +3925,76 @@ msgstr "新密码不能是最近 {} 次的密码" msgid "The newly set password is inconsistent" msgstr "两次密码不一致" -#: users/serializers/profile.py:119 users/serializers/user.py:80 +#: users/serializers/profile.py:119 users/serializers/user.py:79 msgid "Is first login" msgstr "首次登录" -#: users/serializers/user.py:20 +#: users/serializers/user.py:22 msgid "Reset link will be generated and sent to the user" msgstr "生成重置密码链接,通过邮件发送给用户" -#: users/serializers/user.py:21 +#: users/serializers/user.py:23 msgid "Set password" msgstr "设置密码" -#: users/serializers/user.py:28 xpack/plugins/change_auth_plan/models.py:61 +#: users/serializers/user.py:27 xpack/plugins/change_auth_plan/models.py:61 #: xpack/plugins/change_auth_plan/serializers.py:30 msgid "Password strategy" msgstr "密码策略" -#: users/serializers/user.py:30 +#: users/serializers/user.py:29 msgid "MFA enabled" msgstr "是否开启多因子认证" -#: users/serializers/user.py:31 +#: users/serializers/user.py:30 msgid "MFA force enabled" msgstr "强制启用多因子认证" -#: users/serializers/user.py:32 +#: users/serializers/user.py:31 msgid "MFA level for display" msgstr "多因子认证等级(显示名称)" -#: users/serializers/user.py:33 +#: users/serializers/user.py:32 msgid "Login blocked" msgstr "登录被阻塞" -#: users/serializers/user.py:35 +#: users/serializers/user.py:34 msgid "Can update" msgstr "是否可更新" -#: users/serializers/user.py:36 +#: users/serializers/user.py:35 msgid "Can delete" msgstr "是否可删除" -#: users/serializers/user.py:39 users/serializers/user.py:87 +#: users/serializers/user.py:38 users/serializers/user.py:86 msgid "Organization role name" msgstr "组织角色名称" -#: users/serializers/user.py:83 +#: users/serializers/user.py:82 msgid "Avatar url" msgstr "头像路径" -#: users/serializers/user.py:85 +#: users/serializers/user.py:84 msgid "Groups name" msgstr "用户组名" -#: users/serializers/user.py:86 +#: users/serializers/user.py:85 msgid "Source name" msgstr "用户来源名" -#: users/serializers/user.py:88 +#: users/serializers/user.py:87 msgid "Super role name" msgstr "超级角色名称" -#: users/serializers/user.py:89 +#: users/serializers/user.py:88 msgid "Total role name" msgstr "汇总角色名称" -#: users/serializers/user.py:113 +#: users/serializers/user.py:112 msgid "Role limit to {}" msgstr "角色只能为 {}" -#: users/serializers/user.py:210 +#: users/serializers/user.py:211 msgid "name not unique" msgstr "名称重复" @@ -3999,7 +4003,7 @@ msgid "Security token validation" msgstr "安全令牌验证" #: users/templates/users/_base_otp.html:14 xpack/plugins/cloud/models.py:78 -#: xpack/plugins/cloud/serializers.py:159 +#: xpack/plugins/cloud/serializers.py:145 msgid "Account" msgstr "账户" @@ -4740,7 +4744,7 @@ msgstr "云服务商" msgid "Cloud account" msgstr "云账号" -#: xpack/plugins/cloud/models.py:81 xpack/plugins/cloud/serializers.py:140 +#: xpack/plugins/cloud/models.py:81 xpack/plugins/cloud/serializers.py:126 msgid "Regions" msgstr "地域" @@ -4748,7 +4752,7 @@ msgstr "地域" msgid "Hostname strategy" msgstr "主机名策略" -#: xpack/plugins/cloud/models.py:95 xpack/plugins/cloud/serializers.py:163 +#: xpack/plugins/cloud/models.py:95 xpack/plugins/cloud/serializers.py:149 msgid "Always update" msgstr "总是更新" @@ -4940,24 +4944,20 @@ msgstr "" msgid "Subscription ID" msgstr "" -#: xpack/plugins/cloud/serializers.py:49 -msgid "This field is required" -msgstr "这个字段是必填项" - -#: xpack/plugins/cloud/serializers.py:138 +#: xpack/plugins/cloud/serializers.py:124 msgid "History count" msgstr "执行次数" -#: xpack/plugins/cloud/serializers.py:139 +#: xpack/plugins/cloud/serializers.py:125 msgid "Instance count" msgstr "实例个数" -#: xpack/plugins/cloud/serializers.py:162 +#: xpack/plugins/cloud/serializers.py:148 #: xpack/plugins/gathered_user/serializers.py:20 msgid "Periodic display" msgstr "定时执行" -#: xpack/plugins/cloud/utils.py:65 +#: xpack/plugins/cloud/utils.py:64 msgid "Account unavailable" msgstr "账户无效" @@ -5045,6 +5045,9 @@ msgstr "旗舰版" msgid "Community edition" msgstr "社区版" +#~ msgid "This field is required" +#~ msgstr "这个字段是必填项" + #~ msgid "{} is required" #~ msgstr "{} 字段是必填项" diff --git a/apps/notifications/__init__.py b/apps/notifications/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/apps/notifications/api/__init__.py b/apps/notifications/api/__init__.py new file mode 100644 index 000000000..bde5ef849 --- /dev/null +++ b/apps/notifications/api/__init__.py @@ -0,0 +1,2 @@ +from .notifications import * +from .site_msgs import * diff --git a/apps/notifications/api/notifications.py b/apps/notifications/api/notifications.py new file mode 100644 index 000000000..7d176e7ae --- /dev/null +++ b/apps/notifications/api/notifications.py @@ -0,0 +1,72 @@ +from django.http import Http404 +from rest_framework.mixins import ListModelMixin, UpdateModelMixin +from rest_framework.views import APIView +from rest_framework.response import Response +from rest_framework import status + +from common.drf.api import JmsGenericViewSet +from notifications.notifications import system_msgs +from notifications.models import SystemMsgSubscription +from notifications.backends import BACKEND +from notifications.serializers import ( + SystemMsgSubscriptionSerializer, SystemMsgSubscriptionByCategorySerializer +) + +__all__ = ('BackendListView', 'SystemMsgSubscriptionViewSet') + + +class BackendListView(APIView): + def get(self, request): + data = [ + { + 'name': backend, + 'name_display': backend.label + } + for backend in BACKEND + if backend.is_enable + ] + return Response(data=data) + + +class SystemMsgSubscriptionViewSet(ListModelMixin, + UpdateModelMixin, + JmsGenericViewSet): + lookup_field = 'message_type' + queryset = SystemMsgSubscription.objects.all() + serializer_classes = { + 'list': SystemMsgSubscriptionByCategorySerializer, + 'update': SystemMsgSubscriptionSerializer, + 'partial_update': SystemMsgSubscriptionSerializer + } + + def list(self, request, *args, **kwargs): + data = [] + category_children_mapper = {} + + subscriptions = self.get_queryset() + msgtype_sub_mapper = {} + for sub in subscriptions: + msgtype_sub_mapper[sub.message_type] = sub + + for msg in system_msgs: + message_type = msg['message_type'] + message_type_label = msg['message_type_label'] + category = msg['category'] + category_label = msg['category_label'] + + if category not in category_children_mapper: + children = [] + + data.append({ + 'category': category, + 'category_label': category_label, + 'children': children + }) + category_children_mapper[category] = children + + sub = msgtype_sub_mapper[message_type] + sub.message_type_label = message_type_label + category_children_mapper[category].append(sub) + + serializer = self.get_serializer(data, many=True) + return Response(data=serializer.data) diff --git a/apps/notifications/api/site_msgs.py b/apps/notifications/api/site_msgs.py new file mode 100644 index 000000000..e64ac23e2 --- /dev/null +++ b/apps/notifications/api/site_msgs.py @@ -0,0 +1,59 @@ +from rest_framework.response import Response +from rest_framework.mixins import ListModelMixin, RetrieveModelMixin +from rest_framework.decorators import action + +from common.permissions import IsValidUser +from common.const.http import GET, PATCH, POST +from common.drf.api import JmsGenericViewSet +from ..serializers import ( + SiteMessageListSerializer, SiteMessageRetrieveSerializer, SiteMessageIdsSerializer, + SiteMessageSendSerializer, +) +from ..site_msg import SiteMessage + +__all__ = ('SiteMessageViewSet', ) + + +class SiteMessageViewSet(ListModelMixin, RetrieveModelMixin, JmsGenericViewSet): + permission_classes = (IsValidUser,) + serializer_classes = { + 'retrieve': SiteMessageRetrieveSerializer, + 'unread': SiteMessageListSerializer, + 'list': SiteMessageListSerializer, + 'mark_as_read': SiteMessageIdsSerializer, + 'send': SiteMessageSendSerializer, + } + + def get_queryset(self): + user = self.request.user + msgs = SiteMessage.get_user_all_msgs(user.id) + return msgs + + @action(methods=[GET], detail=False) + def unread(self, request, **kwargs): + user = request.user + msgs = SiteMessage.get_user_unread_msgs(user.id) + msgs = self.filter_queryset(msgs) + return self.get_paginated_response_with_query_set(msgs) + + @action(methods=[GET], detail=False, url_path='unread-total') + def unread_total(self, request, **kwargs): + user = request.user + msgs = SiteMessage.get_user_unread_msgs(user.id) + return Response(data={'total': msgs.count()}) + + @action(methods=[PATCH], detail=False) + def mark_as_read(self, request, **kwargs): + user = request.user + seri = self.get_serializer(data=request.data) + seri.is_valid(raise_exception=True) + ids = seri.validated_data['ids'] + SiteMessage.mark_msgs_as_read(user.id, ids) + return Response({'detail': 'ok'}) + + @action(methods=[POST], detail=False) + def send(self, request, **kwargs): + seri = self.get_serializer(data=request.data) + seri.is_valid(raise_exception=True) + SiteMessage.send_msg(**seri.validated_data, sender=request.user) + return Response({'detail': 'ok'}) diff --git a/apps/notifications/apps.py b/apps/notifications/apps.py new file mode 100644 index 000000000..9c260e0b1 --- /dev/null +++ b/apps/notifications/apps.py @@ -0,0 +1,5 @@ +from django.apps import AppConfig + + +class NotificationsConfig(AppConfig): + name = 'notifications' diff --git a/apps/notifications/backends/__init__.py b/apps/notifications/backends/__init__.py new file mode 100644 index 000000000..4e2633072 --- /dev/null +++ b/apps/notifications/backends/__init__.py @@ -0,0 +1,36 @@ +from django.utils.translation import gettext_lazy as _ +from django.db import models + +from .dingtalk import DingTalk +from .email import Email +from .site_msg import SiteMessage +from .wecom import WeCom + + +class BACKEND(models.TextChoices): + EMAIL = 'email', _('Email') + WECOM = 'wecom', _('WeCom') + DINGTALK = 'dingtalk', _('DingTalk') + SITE_MSG = 'site_msg', _('Site message') + + @property + def client(self): + client = { + self.EMAIL: Email, + self.WECOM: WeCom, + self.DINGTALK: DingTalk, + self.SITE_MSG: SiteMessage + }[self] + return client + + def get_account(self, user): + return self.client.get_account(user) + + @property + def is_enable(self): + return self.client.is_enable() + + @classmethod + def filter_enable_backends(cls, backends): + enable_backends = [b for b in backends if cls(b).is_enable] + return enable_backends diff --git a/apps/notifications/backends/base.py b/apps/notifications/backends/base.py new file mode 100644 index 000000000..67a2d5b03 --- /dev/null +++ b/apps/notifications/backends/base.py @@ -0,0 +1,32 @@ +from django.conf import settings + + +class BackendBase: + # User 表中的字段 + account_field = None + + # Django setting 中的字段名 + is_enable_field_in_settings = None + + def get_accounts(self, users): + accounts = [] + unbound_users = [] + account_user_mapper = {} + + for user in users: + account = getattr(user, self.account_field, None) + if account: + account_user_mapper[account] = user + accounts.append(account) + else: + unbound_users.append(user) + return accounts, unbound_users, account_user_mapper + + @classmethod + def get_account(cls, user): + return getattr(user, cls.account_field) + + @classmethod + def is_enable(cls): + enable = getattr(settings, cls.is_enable_field_in_settings) + return bool(enable) diff --git a/apps/notifications/backends/dingtalk.py b/apps/notifications/backends/dingtalk.py new file mode 100644 index 000000000..ef5e9a9c6 --- /dev/null +++ b/apps/notifications/backends/dingtalk.py @@ -0,0 +1,20 @@ +from django.conf import settings + +from common.message.backends.dingtalk import DingTalk as Client +from .base import BackendBase + + +class DingTalk(BackendBase): + account_field = 'dingtalk_id' + is_enable_field_in_settings = 'AUTH_DINGTALK' + + def __init__(self): + self.dingtalk = Client( + appid=settings.DINGTALK_APPKEY, + appsecret=settings.DINGTALK_APPSECRET, + agentid=settings.DINGTALK_AGENTID + ) + + def send_msg(self, users, msg): + accounts, __, __ = self.get_accounts(users) + return self.dingtalk.send_text(accounts, msg) diff --git a/apps/notifications/backends/email.py b/apps/notifications/backends/email.py new file mode 100644 index 000000000..b1cdec755 --- /dev/null +++ b/apps/notifications/backends/email.py @@ -0,0 +1,14 @@ +from django.conf import settings +from django.core.mail import send_mail + +from .base import BackendBase + + +class Email(BackendBase): + account_field = 'email' + is_enable_field_in_settings = 'EMAIL_HOST_USER' + + def send_msg(self, users, subject, message): + from_email = settings.EMAIL_FROM or settings.EMAIL_HOST_USER + accounts, __, __ = self.get_accounts(users) + send_mail(subject, message, from_email, accounts) diff --git a/apps/notifications/backends/site_msg.py b/apps/notifications/backends/site_msg.py new file mode 100644 index 000000000..33032843a --- /dev/null +++ b/apps/notifications/backends/site_msg.py @@ -0,0 +1,14 @@ +from notifications.site_msg import SiteMessage as Client +from .base import BackendBase + + +class SiteMessage(BackendBase): + account_field = 'id' + + def send_msg(self, users, subject, message): + accounts, __, __ = self.get_accounts(users) + Client.send_msg(subject, message, user_ids=accounts) + + @classmethod + def is_enable(cls): + return True diff --git a/apps/notifications/backends/wecom.py b/apps/notifications/backends/wecom.py new file mode 100644 index 000000000..80b6f1a22 --- /dev/null +++ b/apps/notifications/backends/wecom.py @@ -0,0 +1,20 @@ +from django.conf import settings + +from common.message.backends.wecom import WeCom as Client +from .base import BackendBase + + +class WeCom(BackendBase): + account_field = 'wecom_id' + is_enable_field_in_settings = 'AUTH_WECOM' + + def __init__(self): + self.wecom = Client( + corpid=settings.WECOM_CORPID, + corpsecret=settings.WECOM_SECRET, + agentid=settings.WECOM_AGENTID + ) + + def send_msg(self, users, msg): + accounts, __, __ = self.get_accounts(users) + return self.wecom.send_text(accounts, msg) diff --git a/apps/notifications/migrations/0001_initial.py b/apps/notifications/migrations/0001_initial.py new file mode 100644 index 000000000..ebe79f304 --- /dev/null +++ b/apps/notifications/migrations/0001_initial.py @@ -0,0 +1,92 @@ +# Generated by Django 3.1 on 2021-05-31 08:59 + +from django.conf import settings +from django.db import migrations, models +import django.db.models.deletion +import uuid + + +class Migration(migrations.Migration): + + initial = True + + dependencies = [ + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ('users', '0035_auto_20210526_1100'), + ] + + operations = [ + migrations.CreateModel( + name='SiteMessage', + fields=[ + ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')), + ('updated_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Updated by')), + ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')), + ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')), + ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)), + ('subject', models.CharField(max_length=1024)), + ('message', models.TextField()), + ('is_broadcast', models.BooleanField(default=False)), + ('groups', models.ManyToManyField(to='users.UserGroup')), + ('sender', models.ForeignKey(db_constraint=False, default=None, null=True, on_delete=django.db.models.deletion.DO_NOTHING, related_name='send_site_message', to=settings.AUTH_USER_MODEL)), + ], + options={ + 'abstract': False, + }, + ), + migrations.CreateModel( + name='UserMsgSubscription', + fields=[ + ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')), + ('updated_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Updated by')), + ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')), + ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')), + ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)), + ('message_type', models.CharField(max_length=128)), + ('receive_backends', models.JSONField(default=list)), + ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='user_msg_subscriptions', to=settings.AUTH_USER_MODEL)), + ], + options={ + 'abstract': False, + }, + ), + migrations.CreateModel( + name='SystemMsgSubscription', + fields=[ + ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')), + ('updated_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Updated by')), + ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')), + ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')), + ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)), + ('message_type', models.CharField(max_length=128, unique=True)), + ('receive_backends', models.JSONField(default=list)), + ('groups', models.ManyToManyField(related_name='system_msg_subscriptions', to='users.UserGroup')), + ('users', models.ManyToManyField(related_name='system_msg_subscriptions', to=settings.AUTH_USER_MODEL)), + ], + options={ + 'abstract': False, + }, + ), + migrations.CreateModel( + name='SiteMessageUsers', + fields=[ + ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')), + ('updated_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Updated by')), + ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')), + ('date_updated', models.DateTimeField(auto_now=True, verbose_name='Date updated')), + ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)), + ('has_read', models.BooleanField(default=False)), + ('read_at', models.DateTimeField(default=None, null=True)), + ('sitemessage', models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.CASCADE, related_name='m2m_sitemessageusers', to='notifications.sitemessage')), + ('user', models.ForeignKey(db_constraint=False, on_delete=django.db.models.deletion.CASCADE, related_name='m2m_sitemessageusers', to=settings.AUTH_USER_MODEL)), + ], + options={ + 'abstract': False, + }, + ), + migrations.AddField( + model_name='sitemessage', + name='users', + field=models.ManyToManyField(related_name='recv_site_messages', through='notifications.SiteMessageUsers', to=settings.AUTH_USER_MODEL), + ), + ] diff --git a/apps/notifications/migrations/__init__.py b/apps/notifications/migrations/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/apps/notifications/models/__init__.py b/apps/notifications/models/__init__.py new file mode 100644 index 000000000..dede7511d --- /dev/null +++ b/apps/notifications/models/__init__.py @@ -0,0 +1,2 @@ +from .notification import * +from .site_msg import * diff --git a/apps/notifications/models/notification.py b/apps/notifications/models/notification.py new file mode 100644 index 000000000..94bd1ad7d --- /dev/null +++ b/apps/notifications/models/notification.py @@ -0,0 +1,50 @@ +from django.db import models + +from common.db.models import JMSModel + +__all__ = ('SystemMsgSubscription', 'UserMsgSubscription') + + +class UserMsgSubscription(JMSModel): + message_type = models.CharField(max_length=128) + user = models.ForeignKey('users.User', related_name='user_msg_subscriptions', on_delete=models.CASCADE) + receive_backends = models.JSONField(default=list) + + def __str__(self): + return f'{self.message_type}' + + +class SystemMsgSubscription(JMSModel): + message_type = models.CharField(max_length=128, unique=True) + users = models.ManyToManyField('users.User', related_name='system_msg_subscriptions') + groups = models.ManyToManyField('users.UserGroup', related_name='system_msg_subscriptions') + receive_backends = models.JSONField(default=list) + + message_type_label = '' + + def __str__(self): + return f'{self.message_type}' + + def __repr__(self): + return self.__str__() + + @property + def receivers(self): + from notifications.backends import BACKEND + + users = [user for user in self.users.all()] + + for group in self.groups.all(): + for user in group.users.all(): + users.append(user) + + receive_backends = self.receive_backends + receviers = [] + + for user in users: + recevier = {'name': str(user), 'id': user.id} + for backend in receive_backends: + recevier[backend] = bool(BACKEND(backend).get_account(user)) + receviers.append(recevier) + + return receviers diff --git a/apps/notifications/models/site_msg.py b/apps/notifications/models/site_msg.py new file mode 100644 index 000000000..3e3c09baa --- /dev/null +++ b/apps/notifications/models/site_msg.py @@ -0,0 +1,29 @@ +from django.db import models + +from common.db.models import JMSModel + +__all__ = ('SiteMessageUsers', 'SiteMessage') + + +class SiteMessageUsers(JMSModel): + sitemessage = models.ForeignKey('notifications.SiteMessage', on_delete=models.CASCADE, db_constraint=False, related_name='m2m_sitemessageusers') + user = models.ForeignKey('users.User', on_delete=models.CASCADE, db_constraint=False, related_name='m2m_sitemessageusers') + has_read = models.BooleanField(default=False) + read_at = models.DateTimeField(default=None, null=True) + + +class SiteMessage(JMSModel): + subject = models.CharField(max_length=1024) + message = models.TextField() + users = models.ManyToManyField( + 'users.User', through=SiteMessageUsers, related_name='recv_site_messages' + ) + groups = models.ManyToManyField('users.UserGroup') + is_broadcast = models.BooleanField(default=False) + sender = models.ForeignKey( + 'users.User', db_constraint=False, on_delete=models.DO_NOTHING, null=True, default=None, + related_name='send_site_message' + ) + + has_read = False + read_at = None diff --git a/apps/notifications/notifications.py b/apps/notifications/notifications.py new file mode 100644 index 000000000..8563fd214 --- /dev/null +++ b/apps/notifications/notifications.py @@ -0,0 +1,141 @@ +from typing import Iterable +import traceback +from itertools import chain + +from django.db.utils import ProgrammingError +from celery import shared_task + +from notifications.backends import BACKEND +from .models import SystemMsgSubscription + +__all__ = ('SystemMessage', 'UserMessage') + + +system_msgs = [] +user_msgs = [] + + +class MessageType(type): + def __new__(cls, name, bases, attrs: dict): + clz = type.__new__(cls, name, bases, attrs) + + if 'message_type_label' in attrs \ + and 'category' in attrs \ + and 'category_label' in attrs: + message_type = clz.get_message_type() + + msg = { + 'message_type': message_type, + 'message_type_label': attrs['message_type_label'], + 'category': attrs['category'], + 'category_label': attrs['category_label'], + } + if issubclass(clz, SystemMessage): + system_msgs.append(msg) + try: + if not SystemMsgSubscription.objects.filter(message_type=message_type).exists(): + sub = SystemMsgSubscription.objects.create(message_type=message_type) + clz.post_insert_to_db(sub) + except ProgrammingError as e: + if e.args[0] == 1146: + # 表不存在 + pass + else: + raise + elif issubclass(clz, UserMessage): + user_msgs.append(msg) + + return clz + + +@shared_task +def publish_task(msg): + msg.publish() + + +class Message(metaclass=MessageType): + """ + 这里封装了什么? + 封装不同消息的模板,提供统一的发送消息的接口 + - publish 该方法的实现与消息订阅的表结构有关 + - send_msg + """ + + message_type_label: str + category: str + category_label: str + + @classmethod + def get_message_type(cls): + return cls.__name__ + + def publish_async(self): + return publish_task.delay(self) + + def publish(self): + raise NotImplementedError + + def send_msg(self, users: Iterable, backends: Iterable = BACKEND): + for backend in backends: + try: + backend = BACKEND(backend) + + get_msg_method = getattr(self, f'get_{backend}_msg', self.get_common_msg) + msg = get_msg_method() + client = backend.client() + + if isinstance(msg, dict): + client.send_msg(users, **msg) + else: + client.send_msg(users, msg) + except: + traceback.print_exc() + + def get_common_msg(self) -> str: + raise NotImplementedError + + def get_dingtalk_msg(self) -> str: + return self.get_common_msg() + + def get_wecom_msg(self) -> str: + return self.get_common_msg() + + def get_email_msg(self) -> dict: + msg = self.get_common_msg() + return { + 'subject': msg, + 'message': msg + } + + def get_site_msg_msg(self) -> dict: + msg = self.get_common_msg() + return { + 'subject': msg, + 'message': msg + } + + +class SystemMessage(Message): + def publish(self): + subscription = SystemMsgSubscription.objects.get( + message_type=self.get_message_type() + ) + + # 只发送当前有效后端 + receive_backends = subscription.receive_backends + receive_backends = BACKEND.filter_enable_backends(receive_backends) + + users = [ + *subscription.users.all(), + *chain(*[g.users.all() for g in subscription.groups.all()]) + ] + + self.send_msg(users, receive_backends) + + @classmethod + def post_insert_to_db(cls, subscription: SystemMsgSubscription): + pass + + +class UserMessage(Message): + pass diff --git a/apps/notifications/serializers/__init__.py b/apps/notifications/serializers/__init__.py new file mode 100644 index 000000000..bde5ef849 --- /dev/null +++ b/apps/notifications/serializers/__init__.py @@ -0,0 +1,2 @@ +from .notifications import * +from .site_msgs import * diff --git a/apps/notifications/serializers/notifications.py b/apps/notifications/serializers/notifications.py new file mode 100644 index 000000000..7415d46f7 --- /dev/null +++ b/apps/notifications/serializers/notifications.py @@ -0,0 +1,29 @@ +from rest_framework import serializers + +from common.drf.serializers import BulkModelSerializer +from notifications.models import SystemMsgSubscription + + +class SystemMsgSubscriptionSerializer(BulkModelSerializer): + receive_backends = serializers.ListField(child=serializers.CharField()) + + class Meta: + model = SystemMsgSubscription + fields = ( + 'message_type', 'message_type_label', + 'users', 'groups', 'receive_backends', 'receivers' + ) + read_only_fields = ( + 'message_type', 'message_type_label', 'receivers' + ) + extra_kwargs = { + 'users': {'allow_empty': True}, + 'groups': {'allow_empty': True}, + 'receive_backends': {'required': True} + } + + +class SystemMsgSubscriptionByCategorySerializer(serializers.Serializer): + category = serializers.CharField() + category_label = serializers.CharField() + children = SystemMsgSubscriptionSerializer(many=True) diff --git a/apps/notifications/serializers/site_msgs.py b/apps/notifications/serializers/site_msgs.py new file mode 100644 index 000000000..8d76205e1 --- /dev/null +++ b/apps/notifications/serializers/site_msgs.py @@ -0,0 +1,28 @@ +from rest_framework.serializers import ModelSerializer +from rest_framework import serializers + +from ..models import SiteMessage + + +class SiteMessageListSerializer(ModelSerializer): + class Meta: + model = SiteMessage + fields = ['id', 'subject', 'has_read', 'read_at'] + + +class SiteMessageRetrieveSerializer(ModelSerializer): + class Meta: + model = SiteMessage + fields = ['id', 'subject', 'message', 'has_read', 'read_at'] + + +class SiteMessageIdsSerializer(serializers.Serializer): + ids = serializers.ListField(child=serializers.UUIDField()) + + +class SiteMessageSendSerializer(serializers.Serializer): + subject = serializers.CharField() + message = serializers.CharField() + user_ids = serializers.ListField(child=serializers.UUIDField(), required=False) + group_ids = serializers.ListField(child=serializers.UUIDField(), required=False) + is_broadcast = serializers.BooleanField(default=False) diff --git a/apps/notifications/site_msg.py b/apps/notifications/site_msg.py new file mode 100644 index 000000000..944a8ea3c --- /dev/null +++ b/apps/notifications/site_msg.py @@ -0,0 +1,84 @@ +from django.db.models import F + +from common.utils.timezone import now +from users.models import User +from .models import SiteMessage as SiteMessageModel, SiteMessageUsers + + +class SiteMessage: + + @classmethod + def send_msg(cls, subject, message, user_ids=(), group_ids=(), sender=None, is_broadcast=False): + if not any((user_ids, group_ids, is_broadcast)): + raise ValueError('No recipient is specified') + + site_msg = SiteMessageModel.objects.create( + subject=subject, message=message, + is_broadcast=is_broadcast, sender=sender + ) + + if is_broadcast: + user_ids = User.objects.all().values_list('id', flat=True) + else: + if group_ids: + site_msg.groups.add(*group_ids) + + user_ids_from_group = User.groups.through.objects.filter( + usergroup_id__in=group_ids + ).values_list('user_id', flat=True) + + user_ids = [*user_ids, *user_ids_from_group] + + site_msg.users.add(*user_ids) + + @classmethod + def get_user_all_msgs(cls, user_id): + site_msgs = SiteMessageModel.objects.filter( + m2m_sitemessageusers__user_id=user_id + ).distinct().annotate( + has_read=F('m2m_sitemessageusers__has_read'), + read_at=F('m2m_sitemessageusers__read_at') + ).order_by('-date_created') + + return site_msgs + + @classmethod + def get_user_all_msgs_count(cls, user_id): + site_msgs_count = SiteMessageModel.objects.filter( + m2m_sitemessageusers__user_id=user_id + ).distinct().count() + return site_msgs_count + + @classmethod + def get_user_unread_msgs(cls, user_id): + site_msgs = SiteMessageModel.objects.filter( + m2m_sitemessageusers__user_id=user_id, + m2m_sitemessageusers__has_read=False + ).distinct().annotate( + has_read=F('m2m_sitemessageusers__has_read'), + read_at=F('m2m_sitemessageusers__read_at') + ).order_by('-date_created') + + return site_msgs + + @classmethod + def get_user_unread_msgs_count(cls, user_id): + site_msgs_count = SiteMessageModel.objects.filter( + m2m_sitemessageusers__user_id=user_id, + m2m_sitemessageusers__has_read=False + ).distinct().count() + return site_msgs_count + + @classmethod + def mark_msgs_as_read(cls, user_id, msg_ids): + sitemsg_users = SiteMessageUsers.objects.filter( + user_id=user_id, sitemessage_id__in=msg_ids, + has_read=False + ) + + for sitemsg_user in sitemsg_users: + sitemsg_user.has_read = True + sitemsg_user.read_at = now() + + SiteMessageUsers.objects.bulk_update( + sitemsg_users, fields=('has_read', 'read_at')) diff --git a/apps/notifications/tests.py b/apps/notifications/tests.py new file mode 100644 index 000000000..7ce503c2d --- /dev/null +++ b/apps/notifications/tests.py @@ -0,0 +1,3 @@ +from django.test import TestCase + +# Create your tests here. diff --git a/apps/notifications/urls.py b/apps/notifications/urls.py new file mode 100644 index 000000000..ad05c4aca --- /dev/null +++ b/apps/notifications/urls.py @@ -0,0 +1,15 @@ + +from rest_framework_bulk.routes import BulkRouter +from django.urls import path + +from . import api + +app_name = 'notifications' + +router = BulkRouter() +router.register('system-msg-subscription', api.SystemMsgSubscriptionViewSet, 'system-msg-subscription') +router.register('site-message', api.SiteMessageViewSet, 'site-message') + +urlpatterns = [ + path('backends/', api.BackendListView.as_view(), name='backends') +] + router.urls diff --git a/apps/ops/apps.py b/apps/ops/apps.py index 8bdc04ce8..5133c6655 100644 --- a/apps/ops/apps.py +++ b/apps/ops/apps.py @@ -13,4 +13,5 @@ class OpsConfig(AppConfig): from orgs.utils import set_current_org set_current_org(Organization.root()) from .celery import signal_handler + from . import notifications super().ready() diff --git a/apps/ops/models/command.py b/apps/ops/models/command.py index 0a2012e73..e89520390 100644 --- a/apps/ops/models/command.py +++ b/apps/ops/models/command.py @@ -9,7 +9,7 @@ from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext from django.db import models -from terminal.utils import send_command_execution_alert_mail +from terminal.notifications import CommandExecutionAlert from common.utils import lazyproperty from orgs.models import Organization from orgs.mixins.models import OrgModelMixin @@ -99,12 +99,12 @@ class CommandExecution(OrgModelMixin): else: msg = _("Command `{}` is forbidden ........").format(self.command) print('\033[31m' + msg + '\033[0m') - send_command_execution_alert_mail({ + CommandExecutionAlert({ 'input': self.command, 'assets': self.hosts.all(), 'user': str(self.user), 'risk_level': 5, - }) + }).publish_async() self.result = {"error": msg} self.org_id = self.run_as.org_id self.is_finished = True diff --git a/apps/ops/notifications.py b/apps/ops/notifications.py new file mode 100644 index 000000000..61e9d5630 --- /dev/null +++ b/apps/ops/notifications.py @@ -0,0 +1,26 @@ +from django.utils.translation import gettext_lazy as _ + +from notifications.notifications import SystemMessage +from notifications.models import SystemMsgSubscription +from users.models import User + +__all__ = ('ServerPerformanceMessage',) + + +class ServerPerformanceMessage(SystemMessage): + category = 'Operations' + category_label = _('Operations') + message_type_label = _('Server performance') + + def __init__(self, path, usage): + self.path = path + self.usage = usage + + def get_common_msg(self): + msg = _("Disk used more than 80%: {} => {}").format(self.path, self.usage.percent) + return msg + + @classmethod + def post_insert_to_db(cls, subscription: SystemMsgSubscription): + admins = User.objects.filter(role=User.ROLE.ADMIN) + subscription.users.add(*admins) diff --git a/apps/ops/tasks.py b/apps/ops/tasks.py index 02cc9290e..60f639668 100644 --- a/apps/ops/tasks.py +++ b/apps/ops/tasks.py @@ -20,7 +20,7 @@ from .celery.utils import ( disable_celery_periodic_task, delete_celery_periodic_task ) from .models import Task, CommandExecution, CeleryTask -from .utils import send_server_performance_mail +from .notifications import ServerPerformanceMessage logger = get_logger(__file__) @@ -143,7 +143,7 @@ def check_server_performance_period(): if path.startswith(uncheck_path): need_check = False if need_check and usage.percent > 80: - send_server_performance_mail(path, usage, usages) + ServerPerformanceMessage(path=path, usage=usage).publish() @shared_task(queue="ansible") diff --git a/apps/ops/utils.py b/apps/ops/utils.py index 5ce4494a6..9993ea2cb 100644 --- a/apps/ops/utils.py +++ b/apps/ops/utils.py @@ -69,16 +69,6 @@ def update_or_create_ansible_task( return task, created -def send_server_performance_mail(path, usage, usages): - from users.models import User - subject = _("Disk used more than 80%: {} => {}").format(path, usage.percent) - message = subject - admins = User.objects.filter(role=User.ROLE.ADMIN) - recipient_list = [u.email for u in admins if u.email] - logger.info(subject) - send_mail_async(subject, message, recipient_list, html_message=message) - - def get_task_log_path(base_path, task_id, level=2): task_id = str(task_id) try: diff --git a/apps/terminal/api/command.py b/apps/terminal/api/command.py index 497e40fbe..b43910e26 100644 --- a/apps/terminal/api/command.py +++ b/apps/terminal/api/command.py @@ -4,28 +4,24 @@ import time from django.conf import settings from django.utils import timezone from django.shortcuts import HttpResponse -from rest_framework import viewsets from rest_framework import generics from rest_framework.fields import DateTimeField from rest_framework.response import Response -from rest_framework.decorators import action from django.template import loader -from common.http import is_true -from terminal.models import CommandStorage, Command +from terminal.models import CommandStorage from terminal.filters import CommandFilter from orgs.utils import current_org from common.permissions import IsOrgAdminOrAppUser, IsOrgAuditor, IsAppUser -from common.const.http import GET from common.drf.api import JMSBulkModelViewSet from common.utils import get_logger -from terminal.utils import send_command_alert_mail from terminal.serializers import InsecureCommandAlertSerializer from terminal.exceptions import StorageInvalid from ..backends import ( get_command_storage, get_multi_command_storage, SessionCommandSerializer, ) +from ..notifications import CommandAlertMessage logger = get_logger(__name__) __all__ = ['CommandViewSet', 'CommandExportApi', 'InsecureCommandAlertAPI'] @@ -211,5 +207,5 @@ class InsecureCommandAlertAPI(generics.CreateAPIView): if command['risk_level'] >= settings.SECURITY_INSECURE_COMMAND_LEVEL and \ settings.SECURITY_INSECURE_COMMAND and \ settings.SECURITY_INSECURE_COMMAND_EMAIL_RECEIVER: - send_command_alert_mail(command) + CommandAlertMessage(command).publish_async() return Response() diff --git a/apps/terminal/apps.py b/apps/terminal/apps.py index f0cb05bf2..edaa38cef 100644 --- a/apps/terminal/apps.py +++ b/apps/terminal/apps.py @@ -10,4 +10,5 @@ class TerminalConfig(AppConfig): def ready(self): from . import signals_handler + from . import notifications return super().ready() diff --git a/apps/terminal/models/session.py b/apps/terminal/models/session.py index 86843433e..b3202a9d9 100644 --- a/apps/terminal/models/session.py +++ b/apps/terminal/models/session.py @@ -109,8 +109,11 @@ class Session(OrgModelMixin): _PROTOCOL = self.PROTOCOL if self.is_finished: return False + if self.login_from == self.LOGIN_FROM.RT: + return False if self.protocol in [ - _PROTOCOL.SSH, _PROTOCOL.VNC, _PROTOCOL.RDP, _PROTOCOL.TELNET, _PROTOCOL.K8S + _PROTOCOL.SSH, _PROTOCOL.VNC, _PROTOCOL.RDP, + _PROTOCOL.TELNET, _PROTOCOL.K8S ]: return True else: diff --git a/apps/terminal/notifications.py b/apps/terminal/notifications.py new file mode 100644 index 000000000..fb70e3535 --- /dev/null +++ b/apps/terminal/notifications.py @@ -0,0 +1,142 @@ +from django.utils.translation import gettext_lazy as _ +from django.conf import settings + +from users.models import User +from common.utils import get_logger, reverse +from notifications.notifications import SystemMessage +from terminal.models import Session, Command +from notifications.models import SystemMsgSubscription + +logger = get_logger(__name__) + +__all__ = ('CommandAlertMessage', 'CommandExecutionAlert') + +CATEGORY = 'terminal' +CATEGORY_LABEL = _('Terminal') + + +class CommandAlertMixin: + @classmethod + def post_insert_to_db(cls, subscription: SystemMsgSubscription): + """ + 兼容操作,试图用 `settings.SECURITY_INSECURE_COMMAND_EMAIL_RECEIVER` 的邮件地址找到 + 用户,把用户设置为默认接收者 + """ + emails = settings.SECURITY_INSECURE_COMMAND_EMAIL_RECEIVER.split(',') + emails = [email.strip() for email in emails] + + users = User.objects.filter(email__in=emails) + subscription.users.add(*users) + + +class CommandAlertMessage(CommandAlertMixin, SystemMessage): + category = CATEGORY + category_label = CATEGORY_LABEL + message_type_label = _('Terminal command alert') + + def __init__(self, command): + self.command = command + + def _get_message(self): + command = self.command + session_obj = Session.objects.get(id=command['session']) + + message = _(""" + Command: %(command)s +
+ Asset: %(host_name)s (%(host_ip)s) +
+ User: %(user)s +
+ Level: %(risk_level)s +
+ Session: session detail +
+ """) % { + 'command': command['input'], + 'host_name': command['asset'], + 'host_ip': session_obj.asset_obj.ip, + 'user': command['user'], + 'risk_level': Command.get_risk_level_str(command['risk_level']), + 'session_detail_url': reverse('api-terminal:session-detail', + kwargs={'pk': command['session']}, + external=True, api_to_ui=True), + } + + return message + + def get_common_msg(self): + return self._get_message() + + def get_email_msg(self): + command = self.command + session_obj = Session.objects.get(id=command['session']) + + input = command['input'] + if isinstance(input, str): + input = input.replace('\r\n', ' ').replace('\r', ' ').replace('\n', ' ') + + subject = _("Insecure Command Alert: [%(name)s->%(login_from)s@%(remote_addr)s] $%(command)s") % { + 'name': command['user'], + 'login_from': session_obj.get_login_from_display(), + 'remote_addr': session_obj.remote_addr, + 'command': input + } + + message = self._get_message(command) + + return { + 'subject': subject, + 'message': message + } + + +class CommandExecutionAlert(CommandAlertMixin, SystemMessage): + category = CATEGORY + category_label = CATEGORY_LABEL + message_type_label = _('Batch command alert') + + def __init__(self, command): + self.command = command + + def _get_message(self): + command = self.command + input = command['input'] + input = input.replace('\n', '
') + + assets = ', '.join([str(asset) for asset in command['assets']]) + message = _(""" +
+ Assets: %(assets)s +
+ User: %(user)s +
+ Level: %(risk_level)s +
+ + ----------------- Commands ----------------
+ %(command)s
+ ----------------- Commands ----------------
+ """) % { + 'command': input, + 'assets': assets, + 'user': command['user'], + 'risk_level': Command.get_risk_level_str(command['risk_level']), + } + return message + + def get_common_msg(self): + return self._get_message() + + def get_email_msg(self): + command = self.command + + subject = _("Insecure Web Command Execution Alert: [%(name)s]") % { + 'name': command['user'], + } + message = self._get_message(command) + + return { + 'subject': subject, + 'message': message + } diff --git a/apps/terminal/utils.py b/apps/terminal/utils.py index b13383fba..68b09bcd0 100644 --- a/apps/terminal/utils.py +++ b/apps/terminal/utils.py @@ -68,78 +68,6 @@ def get_session_replay_url(session): return local_path, url -def send_command_alert_mail(command): - session_obj = Session.objects.get(id=command['session']) - - input = command['input'] - if isinstance(input, str): - input = input.replace('\r\n', ' ').replace('\r', ' ').replace('\n', ' ') - - subject = _("Insecure Command Alert: [%(name)s->%(login_from)s@%(remote_addr)s] $%(command)s") % { - 'name': command['user'], - 'login_from': session_obj.get_login_from_display(), - 'remote_addr': session_obj.remote_addr, - 'command': input - } - - recipient_list = settings.SECURITY_INSECURE_COMMAND_EMAIL_RECEIVER.split(',') - message = _(""" - Command: %(command)s -
- Asset: %(host_name)s (%(host_ip)s) -
- User: %(user)s -
- Level: %(risk_level)s -
- Session: session detail -
- """) % { - 'command': command['input'], - 'host_name': command['asset'], - 'host_ip': session_obj.asset_obj.ip, - 'user': command['user'], - 'risk_level': Command.get_risk_level_str(command['risk_level']), - 'session_detail_url': reverse('api-terminal:session-detail', - kwargs={'pk': command['session']}, - external=True, api_to_ui=True), - } - logger.debug(message) - - send_mail_async.delay(subject, message, recipient_list, html_message=message) - - -def send_command_execution_alert_mail(command): - subject = _("Insecure Web Command Execution Alert: [%(name)s]") % { - 'name': command['user'], - } - input = command['input'] - input = input.replace('\n', '
') - recipient_list = settings.SECURITY_INSECURE_COMMAND_EMAIL_RECEIVER.split(',') - - assets = ', '.join([str(asset) for asset in command['assets']]) - message = _(""" -
- Assets: %(assets)s -
- User: %(user)s -
- Level: %(risk_level)s -
- - ----------------- Commands ----------------
- %(command)s
- ----------------- Commands ----------------
- """) % { - 'command': input, - 'assets': assets, - 'user': command['user'], - 'risk_level': Command.get_risk_level_str(command['risk_level']), - } - - send_mail_async.delay(subject, message, recipient_list, html_message=message) - - class ComputeStatUtil: # system status @staticmethod diff --git a/apps/users/migrations/0035_auto_20210526_1100.py b/apps/users/migrations/0035_auto_20210526_1100.py new file mode 100644 index 000000000..4d4357a2b --- /dev/null +++ b/apps/users/migrations/0035_auto_20210526_1100.py @@ -0,0 +1,18 @@ +# Generated by Django 3.1 on 2021-05-26 03:00 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('users', '0034_auto_20210506_1448'), + ] + + operations = [ + migrations.AlterField( + model_name='user', + name='need_update_password', + field=models.BooleanField(default=False, verbose_name='Need update password'), + ), + ] diff --git a/apps/users/models/user.py b/apps/users/models/user.py index 97a9e3d6d..f362e60ac 100644 --- a/apps/users/models/user.py +++ b/apps/users/models/user.py @@ -599,13 +599,21 @@ class User(AuthMixin, TokenMixin, RoleMixin, MFAMixin, AbstractUser): auto_now_add=True, blank=True, null=True, verbose_name=_('Date password last updated') ) - need_update_password = models.BooleanField(default=False) + need_update_password = models.BooleanField( + default=False, verbose_name=_('Need update password') + ) wecom_id = models.CharField(null=True, default=None, unique=True, max_length=128) dingtalk_id = models.CharField(null=True, default=None, unique=True, max_length=128) def __str__(self): return '{0.name}({0.username})'.format(self) + @classmethod + def get_group_ids_by_user_id(cls, user_id): + group_ids = cls.groups.through.objects.filter(user_id=user_id).distinct().values_list('usergroup_id', flat=True) + group_ids = list(group_ids) + return group_ids + @property def is_wecom_bound(self): return bool(self.wecom_id) diff --git a/apps/users/serializers/user.py b/apps/users/serializers/user.py index d7591360b..46e4ca64a 100644 --- a/apps/users/serializers/user.py +++ b/apps/users/serializers/user.py @@ -2,6 +2,7 @@ # from django.core.cache import cache from django.utils.translation import ugettext_lazy as _ +from django.db.models import TextChoices from rest_framework import serializers from common.mixins import CommonBulkSerializerMixin @@ -17,15 +18,13 @@ __all__ = [ class UserSerializer(CommonBulkSerializerMixin, serializers.ModelSerializer): - EMAIL_SET_PASSWORD = _('Reset link will be generated and sent to the user') - CUSTOM_PASSWORD = _('Set password') - PASSWORD_STRATEGY_CHOICES = ( - (0, EMAIL_SET_PASSWORD), - (1, CUSTOM_PASSWORD) - ) + class PasswordStrategy(TextChoices): + email = 'email', _('Reset link will be generated and sent to the user') + custom = 'custom', _('Set password') + password_strategy = serializers.ChoiceField( - choices=PASSWORD_STRATEGY_CHOICES, required=False, - label=_('Password strategy'), write_only=True, default=0 + choices=PasswordStrategy.choices, default=PasswordStrategy.email, required=False, + write_only=True, label=_('Password strategy') ) mfa_enabled = serializers.BooleanField(read_only=True, label=_('MFA enabled')) mfa_force_enabled = serializers.BooleanField(read_only=True, label=_('MFA force enabled')) @@ -117,9 +116,11 @@ class UserSerializer(CommonBulkSerializerMixin, serializers.ModelSerializer): def validate_password(self, password): from ..utils import check_password_rules password_strategy = self.initial_data.get('password_strategy') - if password_strategy == '0': + if self.instance is None and password_strategy != self.PasswordStrategy.custom: + # 创建用户,使用邮件设置密码 return - if password_strategy is None and not password: + if self.instance and not password: + # 更新用户, 未设置密码 return if not check_password_rules(password): msg = _('Password does not match security rules')