From dddfc66efdbf6af5966f0b29a5618732bc04c806 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Wed, 11 Dec 2024 11:34:09 +0800 Subject: [PATCH] perf: add encrypted configuration API (#14632) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * perf: 添加加密配置API * perf: modify url --------- Co-authored-by: Eric --- apps/terminal/api/component/terminal.py | 26 ++++++++++++++++++++----- apps/terminal/serializers/terminal.py | 5 +++++ apps/terminal/urls/api_urls.py | 1 + 3 files changed, 27 insertions(+), 5 deletions(-) diff --git a/apps/terminal/api/component/terminal.py b/apps/terminal/api/component/terminal.py index 6d4c141d1..defe33773 100644 --- a/apps/terminal/api/component/terminal.py +++ b/apps/terminal/api/component/terminal.py @@ -1,24 +1,26 @@ # -*- coding: utf-8 -*- # import logging -from django.db.models import Q + from django.conf import settings +from django.db.models import Q from django.utils.translation import gettext_lazy as _ +from django_filters import rest_framework as filters from rest_framework import generics from rest_framework import status from rest_framework.views import APIView, Response -from django_filters import rest_framework as filters -from common.drf.filters import BaseFilterSet from common.api import JMSBulkModelViewSet +from common.drf.filters import BaseFilterSet from common.exceptions import JMSException -from common.permissions import WithBootstrapToken +from common.permissions import WithBootstrapToken, IsServiceAccount +from jumpserver.conf import ConfigCrypto from terminal import serializers from terminal.models import Terminal __all__ = [ 'TerminalViewSet', 'TerminalConfig', - 'TerminalRegistrationApi', + 'TerminalRegistrationApi', 'EncryptedTerminalConfig' ] logger = logging.getLogger(__file__) @@ -89,3 +91,17 @@ class TerminalRegistrationApi(generics.CreateAPIView): return Response(data=data, status=status.HTTP_400_BAD_REQUEST) return super().create(request, *args, **kwargs) + +class EncryptedTerminalConfig(generics.CreateAPIView): + serializer_class = serializers.EncryptedConfigSerializer + permission_classes = [IsServiceAccount] + http_method_names = ['post'] + + def post(self, request, *args, **kwargs): + serializer = self.serializer_class(data=request.data) + serializer.is_valid(raise_exception=True) + encrypt_key = serializer.validated_data['secret_encrypt_key'] + encrypted_value = serializer.validated_data['encrypted_value'] + config_crypto = ConfigCrypto(encrypt_key) + value = config_crypto.decrypt(encrypted_value) + return Response(data={'value': value}, status=200) diff --git a/apps/terminal/serializers/terminal.py b/apps/terminal/serializers/terminal.py index a80e2ad84..c9b658040 100644 --- a/apps/terminal/serializers/terminal.py +++ b/apps/terminal/serializers/terminal.py @@ -147,3 +147,8 @@ class ConnectMethodSerializer(serializers.Serializer): type = serializers.CharField(max_length=128) endpoint_protocol = serializers.CharField(max_length=128) component = serializers.CharField(max_length=128) + + +class EncryptedConfigSerializer(serializers.Serializer): + secret_encrypt_key = serializers.CharField(max_length=128) + encrypted_value = serializers.CharField(max_length=128) diff --git a/apps/terminal/urls/api_urls.py b/apps/terminal/urls/api_urls.py index 7f43f4f31..e941acd21 100644 --- a/apps/terminal/urls/api_urls.py +++ b/apps/terminal/urls/api_urls.py @@ -55,6 +55,7 @@ urlpatterns = [ path('components/metrics/', api.ComponentsMetricsAPIView.as_view(), name='components-metrics'), path('components/connect-methods/', api.ConnectMethodListApi.as_view(), name='connect-methods'), path('loki/logs/', api.LokiLogAPI.as_view(), name='loki-logs'), + path('encrypted-config/', api.EncryptedTerminalConfig.as_view(), name='encrypted-terminal-config'), ] urlpatterns += router.urls