mirror of
https://github.com/jumpserver/jumpserver.git
synced 2025-12-15 00:25:16 +00:00
Compare commits
13 Commits
revert-162
...
v3.9.3
| Author | SHA1 | Date | |
|---|---|---|---|
|
96dfb8ddf1 | ||
|
b10ee436e8 | ||
|
24987c7f60 | ||
|
73bed4d33d | ||
|
|
4c389c05c1 | ||
|
|
e744c4c8af | ||
|
|
06d1c9f420 | ||
|
|
a92023840a | ||
|
2d1bf866fa | ||
|
c606c3eb21 | ||
|
|
dabbb45f6e | ||
|
ce24c1c3fd | ||
|
|
3c54c82ce9 |
@@ -44,8 +44,8 @@ ARG TOOLS=" \
|
||||
wget"
|
||||
|
||||
ARG APT_MIRROR=http://mirrors.ustc.edu.cn
|
||||
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
|
||||
--mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \
|
||||
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core-apt \
|
||||
--mount=type=cache,target=/var/lib/apt,sharing=locked,id=core-apt \
|
||||
sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
|
||||
&& rm -f /etc/apt/apt.conf.d/docker-clean \
|
||||
&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
|
||||
@@ -63,9 +63,9 @@ RUN --mount=type=cache,target=/root/.cache \
|
||||
--mount=type=bind,source=pyproject.toml,target=/opt/jumpserver/pyproject.toml \
|
||||
set -ex \
|
||||
&& python3 -m venv /opt/py3 \
|
||||
&& . /opt/py3/bin/activate \
|
||||
&& pip install poetry -i ${PIP_MIRROR} \
|
||||
&& poetry config virtualenvs.create false \
|
||||
&& . /opt/py3/bin/activate \
|
||||
&& poetry install
|
||||
|
||||
FROM python:3.11-slim-bullseye
|
||||
@@ -75,8 +75,8 @@ ENV LANG=zh_CN.UTF-8 \
|
||||
|
||||
ARG DEPENDENCIES=" \
|
||||
libjpeg-dev \
|
||||
libxmlsec1-openssl \
|
||||
libx11-dev"
|
||||
libx11-dev \
|
||||
libxmlsec1-openssl"
|
||||
|
||||
ARG TOOLS=" \
|
||||
ca-certificates \
|
||||
@@ -94,8 +94,8 @@ ARG TOOLS=" \
|
||||
wget"
|
||||
|
||||
ARG APT_MIRROR=http://mirrors.ustc.edu.cn
|
||||
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core \
|
||||
--mount=type=cache,target=/var/lib/apt,sharing=locked,id=core \
|
||||
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked,id=core-apt \
|
||||
--mount=type=cache,target=/var/lib/apt,sharing=locked,id=core-apt \
|
||||
sed -i "s@http://.*.debian.org@${APT_MIRROR}@g" /etc/apt/sources.list \
|
||||
&& rm -f /etc/apt/apt.conf.d/docker-clean \
|
||||
&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
|
||||
@@ -118,7 +118,6 @@ ARG VERSION
|
||||
ENV VERSION=$VERSION
|
||||
|
||||
VOLUME /opt/jumpserver/data
|
||||
VOLUME /opt/jumpserver/logs
|
||||
|
||||
EXPOSE 8080
|
||||
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
vars:
|
||||
ansible_python_interpreter: /opt/py3/bin/python
|
||||
db_name: "{{ jms_asset.spec_info.db_name }}"
|
||||
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
|
||||
tasks:
|
||||
- name: Test MySQL connection
|
||||
@@ -11,10 +12,10 @@
|
||||
login_password: "{{ jms_account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ omit if not jms_asset.spec_info.use_ssl else jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
|
||||
filter: version
|
||||
register: db_info
|
||||
|
||||
@@ -28,10 +29,10 @@
|
||||
login_password: "{{ jms_account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ omit if not jms_asset.spec_info.use_ssl else jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
|
||||
name: "{{ account.username }}"
|
||||
password: "{{ account.secret }}"
|
||||
host: "%"
|
||||
@@ -45,8 +46,8 @@
|
||||
login_password: "{{ account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ omit if not jms_asset.spec_info.use_ssl else jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
|
||||
filter: version
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
gather_facts: no
|
||||
vars:
|
||||
ansible_python_interpreter: /opt/py3/bin/python
|
||||
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
|
||||
tasks:
|
||||
- name: Get info
|
||||
@@ -10,10 +11,10 @@
|
||||
login_password: "{{ jms_account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ omit if not jms_asset.spec_info.use_ssl else jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
|
||||
filter: users
|
||||
register: db_info
|
||||
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
vars:
|
||||
ansible_python_interpreter: /opt/py3/bin/python
|
||||
db_name: "{{ jms_asset.spec_info.db_name }}"
|
||||
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
|
||||
tasks:
|
||||
- name: Test MySQL connection
|
||||
@@ -11,10 +12,10 @@
|
||||
login_password: "{{ jms_account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ omit if not jms_asset.spec_info.use_ssl else jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
|
||||
filter: version
|
||||
register: db_info
|
||||
|
||||
@@ -28,10 +29,10 @@
|
||||
login_password: "{{ jms_account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ omit if not jms_asset.spec_info.use_ssl else jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
|
||||
name: "{{ account.username }}"
|
||||
password: "{{ account.secret }}"
|
||||
host: "%"
|
||||
@@ -45,8 +46,8 @@
|
||||
login_password: "{{ account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ omit if not jms_asset.spec_info.use_ssl else jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
|
||||
filter: version
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
gather_facts: no
|
||||
vars:
|
||||
ansible_python_interpreter: /opt/py3/bin/python
|
||||
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
|
||||
tasks:
|
||||
- name: Verify account
|
||||
@@ -10,8 +11,8 @@
|
||||
login_password: "{{ account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ omit if not jms_asset.spec_info.use_ssl else jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
|
||||
filter: version
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
gather_facts: no
|
||||
vars:
|
||||
ansible_python_interpreter: /opt/py3/bin/python
|
||||
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
|
||||
tasks:
|
||||
- name: Get info
|
||||
@@ -10,10 +11,10 @@
|
||||
login_password: "{{ jms_account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ omit if not jms_asset.spec_info.use_ssl else jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
|
||||
filter: version
|
||||
register: db_info
|
||||
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
gather_facts: no
|
||||
vars:
|
||||
ansible_python_interpreter: /opt/py3/bin/python
|
||||
check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
|
||||
|
||||
tasks:
|
||||
- name: Test MySQL connection
|
||||
@@ -10,8 +11,8 @@
|
||||
login_password: "{{ jms_account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
check_hostname: "{{ omit if not jms_asset.spec_info.use_ssl else jms_asset.spec_info.allow_invalid_cert }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) }}"
|
||||
check_hostname: "{{ check_ssl if check_ssl else omit }}"
|
||||
ca_cert: "{{ jms_asset.secret_info.ca_cert | default(omit) if check_ssl else omit }}"
|
||||
client_cert: "{{ jms_asset.secret_info.client_cert | default(omit) if check_ssl else omit }}"
|
||||
client_key: "{{ jms_asset.secret_info.client_key | default(omit) if check_ssl else omit }}"
|
||||
filter: version
|
||||
|
||||
@@ -8,7 +8,7 @@ from django.utils.translation import gettext as _
|
||||
from rest_framework import authentication, exceptions
|
||||
|
||||
from common.auth import signature
|
||||
from common.decorators import delay_run
|
||||
from common.decorators import merge_delay_run
|
||||
from common.utils import get_object_or_none, get_request_ip_or_data, contains_ip
|
||||
from ..models import AccessKey, PrivateToken
|
||||
|
||||
@@ -17,22 +17,24 @@ def date_more_than(d, seconds):
|
||||
return d is None or (timezone.now() - d).seconds > seconds
|
||||
|
||||
|
||||
@delay_run(ttl=60)
|
||||
def update_token_last_used(token):
|
||||
token.date_last_used = timezone.now()
|
||||
token.save(update_fields=['date_last_used'])
|
||||
@merge_delay_run(ttl=60)
|
||||
def update_token_last_used(tokens=()):
|
||||
for token in tokens:
|
||||
token.date_last_used = timezone.now()
|
||||
token.save(update_fields=['date_last_used'])
|
||||
|
||||
|
||||
@delay_run(ttl=60)
|
||||
def update_user_last_used(user):
|
||||
user.date_api_key_last_used = timezone.now()
|
||||
user.save(update_fields=['date_api_key_last_used'])
|
||||
@merge_delay_run(ttl=60)
|
||||
def update_user_last_used(users=()):
|
||||
for user in users:
|
||||
user.date_api_key_last_used = timezone.now()
|
||||
user.save(update_fields=['date_api_key_last_used'])
|
||||
|
||||
|
||||
def after_authenticate_update_date(user, token=None):
|
||||
update_user_last_used(user)
|
||||
update_user_last_used(users=(user,))
|
||||
if token:
|
||||
update_token_last_used(token)
|
||||
update_token_last_used(tokens=(token,))
|
||||
|
||||
|
||||
class AccessTokenAuthentication(authentication.BaseAuthentication):
|
||||
|
||||
@@ -73,6 +73,7 @@ executor = ThreadPoolExecutor(
|
||||
)
|
||||
_loop_debouncer_func_task_cache = {}
|
||||
_loop_debouncer_func_args_cache = {}
|
||||
_loop_debouncer_func_task_time_cache = {}
|
||||
|
||||
|
||||
def get_loop():
|
||||
@@ -92,6 +93,17 @@ def cancel_or_remove_debouncer_task(cache_key):
|
||||
def run_debouncer_func(cache_key, org, ttl, func, *args, **kwargs):
|
||||
cancel_or_remove_debouncer_task(cache_key)
|
||||
run_func_partial = functools.partial(_run_func_with_org, cache_key, org, func)
|
||||
|
||||
current = time.time()
|
||||
first_run_time = _loop_debouncer_func_task_time_cache.get(cache_key, None)
|
||||
if first_run_time is None:
|
||||
_loop_debouncer_func_task_time_cache[cache_key] = current
|
||||
first_run_time = current
|
||||
|
||||
if current - first_run_time > ttl:
|
||||
executor.submit(run_func_partial, *args, **kwargs)
|
||||
return
|
||||
|
||||
loop = _loop_thread.get_loop()
|
||||
_debouncer = Debouncer(run_func_partial, lambda: True, ttl, loop=loop, executor=executor)
|
||||
task = asyncio.run_coroutine_threadsafe(_debouncer(*args, **kwargs), loop=loop)
|
||||
@@ -130,6 +142,7 @@ def _run_func_with_org(key, org, func, *args, **kwargs):
|
||||
logger.error('delay run error: %s' % e)
|
||||
_loop_debouncer_func_task_cache.pop(key, None)
|
||||
_loop_debouncer_func_args_cache.pop(key, None)
|
||||
_loop_debouncer_func_task_time_cache.pop(key, None)
|
||||
|
||||
|
||||
def delay_run(ttl=5, key=None):
|
||||
@@ -142,6 +155,9 @@ def delay_run(ttl=5, key=None):
|
||||
|
||||
def inner(func):
|
||||
suffix_key_func = key if key else default_suffix_key
|
||||
sigs = inspect.signature(func)
|
||||
if len(sigs.parameters) != 0:
|
||||
raise ValueError('Merge delay run must not arguments: %s' % func.__name__)
|
||||
|
||||
@functools.wraps(func)
|
||||
def wrapper(*args, **kwargs):
|
||||
@@ -186,12 +202,11 @@ def merge_delay_run(ttl=5, key=None):
|
||||
for k, v in kwargs.items():
|
||||
if not isinstance(v, (tuple, list, set)):
|
||||
raise ValueError('func kwargs value must be list or tuple: %s %s' % (func.__name__, v))
|
||||
v = set(v)
|
||||
if k not in cache_kwargs:
|
||||
cache_kwargs[k] = v
|
||||
elif isinstance(v, set):
|
||||
cache_kwargs[k] = cache_kwargs[k].union(v)
|
||||
else:
|
||||
cache_kwargs[k] = list(cache_kwargs[k]) + list(v)
|
||||
cache_kwargs[k] = cache_kwargs[k].union(v)
|
||||
_loop_debouncer_func_args_cache[cache_key] = cache_kwargs
|
||||
run_debouncer_func(cache_key, org, ttl, func, *args, **cache_kwargs)
|
||||
|
||||
@@ -201,8 +216,8 @@ def merge_delay_run(ttl=5, key=None):
|
||||
|
||||
|
||||
@delay_run(ttl=5)
|
||||
def test_delay_run(username):
|
||||
print("Hello, %s, now is %s" % (username, time.time()))
|
||||
def test_delay_run():
|
||||
print("Hello, now is %s" % time.time())
|
||||
|
||||
|
||||
@merge_delay_run(ttl=5, key=lambda users=(): users[0][0])
|
||||
|
||||
@@ -8,7 +8,7 @@ __all__ = ['BASE_DIR', 'PROJECT_DIR', 'VERSION', 'CONFIG']
|
||||
|
||||
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
||||
PROJECT_DIR = os.path.dirname(BASE_DIR)
|
||||
VERSION = '2.0.0'
|
||||
VERSION = 'v3.9.3'
|
||||
CONFIG = ConfigManager.load_user_config()
|
||||
|
||||
|
||||
|
||||
@@ -1,6 +1,13 @@
|
||||
from django.conf import settings
|
||||
from django.core.exceptions import FieldError
|
||||
from rest_framework.pagination import LimitOffsetPagination
|
||||
|
||||
|
||||
class MaxLimitOffsetPagination(LimitOffsetPagination):
|
||||
max_limit = settings.MAX_LIMIT_PER_PAGE
|
||||
|
||||
def get_count(self, queryset):
|
||||
try:
|
||||
return queryset.values_list('id').order_by().count()
|
||||
except (AttributeError, TypeError, FieldError):
|
||||
return len(queryset)
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
import os
|
||||
from urllib.parse import urlencode
|
||||
|
||||
from .base import (
|
||||
REDIS_SSL_CA, REDIS_SSL_CERT, REDIS_SSL_KEY, REDIS_SSL_REQUIRED, REDIS_USE_SSL,
|
||||
@@ -88,7 +87,6 @@ REDIS_LAYERS_HOST = {
|
||||
REDIS_LAYERS_SSL_PARAMS = {}
|
||||
if REDIS_USE_SSL:
|
||||
REDIS_LAYERS_SSL_PARAMS.update({
|
||||
'ssl': REDIS_USE_SSL,
|
||||
'ssl_cert_reqs': REDIS_SSL_REQUIRED,
|
||||
"ssl_keyfile": REDIS_SSL_KEY,
|
||||
"ssl_certfile": REDIS_SSL_CERT,
|
||||
@@ -116,8 +114,7 @@ else:
|
||||
host=CONFIG.REDIS_HOST, port=CONFIG.REDIS_PORT, db=CONFIG.REDIS_DB_WS
|
||||
)
|
||||
REDIS_LAYERS_SSL_PARAMS.pop('ssl', None)
|
||||
REDIS_LAYERS_HOST['address'] = '{}?{}'.format(REDIS_LAYERS_ADDRESS,
|
||||
urlencode(REDIS_LAYERS_SSL_PARAMS))
|
||||
REDIS_LAYERS_HOST['address'] = REDIS_LAYERS_ADDRESS
|
||||
|
||||
CHANNEL_LAYERS = {
|
||||
'default': {
|
||||
|
||||
@@ -320,7 +320,6 @@ class JobExecution(JMSOrgBaseModel):
|
||||
"login_password={{login_password}} " \
|
||||
"login_port={{login_port}} " \
|
||||
"%s={{login_db}}" % login_db_token
|
||||
print(login_args)
|
||||
shell = "{} {}=\"{}\" ".format(login_args, query_token, self.current_job.args)
|
||||
return module, shell
|
||||
|
||||
|
||||
@@ -53,7 +53,7 @@ def subscribe_orgs_mapping_expire(sender, **kwargs):
|
||||
|
||||
|
||||
@delay_run(ttl=5)
|
||||
def expire_user_orgs(*args):
|
||||
def expire_user_orgs():
|
||||
User.expire_users_rbac_perms_cache()
|
||||
|
||||
|
||||
|
||||
@@ -281,3 +281,10 @@ class ReplayStorageSerializer(BaseStorageSerializer):
|
||||
extra_kwargs = {
|
||||
'name': {'validators': [UniqueValidator(queryset=ReplayStorage.objects.all())]}
|
||||
}
|
||||
|
||||
def validate_is_default(self, value):
|
||||
if self.initial_data.get('type') == const.ReplayStorageType.sftp.value:
|
||||
# sftp不能设置为默认存储
|
||||
return False
|
||||
else:
|
||||
return value
|
||||
|
||||
@@ -88,8 +88,8 @@ def check_unused_users():
|
||||
uncommon_users_ttl = settings.SECURITY_UNCOMMON_USERS_TTL
|
||||
seconds_to_subtract = uncommon_users_ttl * 24 * 60 * 60
|
||||
t = timezone.now() - timedelta(seconds=seconds_to_subtract)
|
||||
last_login_q = Q(last_login__lte=t) | Q(last_login__isnull=True)
|
||||
api_key_q = Q(date_api_key_last_used__lte=t) | Q(date_api_key_last_used__isnull=True)
|
||||
last_login_q = Q(last_login__lte=t) | (Q(last_login__isnull=True) & Q(date_joined__lte=t))
|
||||
api_key_q = Q(date_api_key_last_used__lte=t) | (Q(date_api_key_last_used__isnull=True) & Q(date_joined__lte=t))
|
||||
|
||||
users = User.objects \
|
||||
.filter(date_joined__lt=t) \
|
||||
@@ -99,6 +99,7 @@ def check_unused_users():
|
||||
|
||||
if not users:
|
||||
return
|
||||
|
||||
print("Some users are not used for a long time, and they will be disabled.")
|
||||
resource_ids = []
|
||||
for user in users:
|
||||
|
||||
Reference in New Issue
Block a user