fix: 修改获取org时，thread_local缓存问题

fix: 修复 celery 等日志文件的访问漏洞 (#5474 )
Co-authored-by: xinwen <coderWen@126.com>
2025-12-15 16:42:34 +00:00 · 2021-03-01 17:55:44 +08:00 · 2021-01-19 14:36:35 +08:00 · 2021-01-14 10:35:16 +08:00 · 2021-01-11 10:29:32 +08:00 · 2020-12-22 17:19:15 +08:00
9 changed files with 35 additions and 18 deletions
--- a/apps/assets/tasks/common.py
+++ b/apps/assets/tasks/common.py
@@ -3,10 +3,13 @@

 from celery import shared_task

+from orgs.utils import tmp_to_root_org
+
 __all__ = ['add_nodes_assets_to_system_users']


@shared_task
+@tmp_to_root_org()
 def add_nodes_assets_to_system_users(nodes_keys, system_users):
    from ..models import Node
    assets = Node.get_nodes_all_assets(nodes_keys).values_list('id', flat=True)
--- a/apps/audits/tasks.py
+++ b/apps/audits/tasks.py
@@ -40,6 +40,6 @@ def clean_ftp_log_period():
@register_as_period_task(interval=3600*24)
@shared_task
 def clean_audits_log_period():
-    clean_audits_log_period()
+    clean_login_log_period()
    clean_operation_log_period()
    clean_ftp_log_period()
--- a/apps/authentication/api/auth.py
+++ b/apps/authentication/api/auth.py
@@ -54,12 +54,3 @@ class UserConnectionTokenApi(RootOrgViewMixin, APIView):
            return Response(value)
        else:
            return Response({'user': value['user']})
-
-    def get_permissions(self):
-        if self.request.query_params.get('user-only', None):
-            self.permission_classes = (AllowAny,)
-        return super().get_permissions()
-
-
-
-
--- a/apps/common/drf/parsers/base.py
+++ b/apps/common/drf/parsers/base.py
@@ -1,6 +1,7 @@
 import abc
 import json
 import codecs
+from rest_framework import serializers
 from django.utils.translation import ugettext_lazy as _
 from rest_framework.parsers import BaseParser
 from rest_framework import status
@@ -83,14 +84,17 @@ class BaseFileParser(BaseParser):
            new_row.append(col)
        return new_row

-    @staticmethod
-    def process_row_data(row_data):
+    def process_row_data(self, row_data):
        """
        构建json数据后的行数据处理
        """
        new_row_data = {}
+        serializer_fields = self.serializer_cls().fields
        for k, v in row_data.items():
            if isinstance(v, list) or isinstance(v, dict) or isinstance(v, str) and k.strip() and v.strip():
+                # 解决类似disk_info为字符串的'{}'的问题
+                if not isinstance(v, str) and isinstance(serializer_fields[k], serializers.CharField):
+                    v = str(v)
                new_row_data[k] = v
        return new_row_data

--- a/apps/ops/celery/utils.py
+++ b/apps/ops/celery/utils.py
@@ -2,6 +2,7 @@
 #
 import json
 import os
+import uuid

 import redis_lock
 import redis
@@ -103,6 +104,10 @@ def get_celery_periodic_task(task_name):

 def get_celery_task_log_path(task_id):
    task_id = str(task_id)
+    try:
+        uuid.UUID(task_id)
+    except:
+        return
    rel_path = os.path.join(task_id[0], task_id[1], task_id + '.log')
    path = os.path.join(settings.CELERY_LOG_DIR, rel_path)
    os.makedirs(os.path.dirname(path), exist_ok=True)
--- a/apps/ops/ws.py
+++ b/apps/ops/ws.py
@@ -15,7 +15,11 @@ class CeleryLogWebsocket(JsonWebsocketConsumer):
    disconnected = False

    def connect(self):
-        self.accept()
+        user = self.scope["user"]
+        if user.is_authenticated:
+            self.accept()
+        else:
+            self.close()

    def receive(self, text_data=None, bytes_data=None, **kwargs):
        data = json.loads(text_data)
--- a/apps/orgs/utils.py
+++ b/apps/orgs/utils.py
@@ -84,16 +84,26 @@ def set_org_mapper(org_mapper):

 def get_org_mapper():
    org_mapper = _find('org_mapper')
-    if org_mapper is None:
-        org_mapper = construct_org_mapper()
-        set_org_mapper(org_mapper)
+    return org_mapper
+
+
+def update_org_mapper():
+    org_mapper = construct_org_mapper()
+    set_org_mapper(org_mapper)
    return org_mapper


 def get_org_by_id(org_id):
    org_id = str(org_id)
    org_mapper = get_org_mapper()
+    if not org_mapper:
+        org_mapper = update_org_mapper()
+
    org = org_mapper.get(org_id)
+    if not org:
+        # 解决celery缓存org_mapper问题
+        org_mapper = update_org_mapper()
+        org = org_mapper.get(org_id)
    return org


--- a/apps/settings/serializers/settings.py
+++ b/apps/settings/serializers/settings.py
@@ -62,7 +62,7 @@ class TerminalSettingSerializer(serializers.Serializer):
    )
    TERMINAL_PASSWORD_AUTH = serializers.BooleanField(required=False)
    TERMINAL_PUBLIC_KEY_AUTH = serializers.BooleanField(required=False)
-    TERMINAL_HEARTBEAT_INTERVAL = serializers.IntegerField(min_value=5, max_value=99999, required=True)
+    TERMINAL_HEARTBEAT_INTERVAL = serializers.IntegerField(min_value=5, max_value=99999, required=False)
    TERMINAL_ASSET_LIST_SORT_BY = serializers.ChoiceField(SORT_BY_CHOICES, required=False)
    TERMINAL_ASSET_LIST_PAGE_SIZE = serializers.ChoiceField(PAGE_SIZE_CHOICES, required=False)
    TERMINAL_SESSION_KEEP_DURATION = serializers.IntegerField(min_value=1, max_value=99999, required=True)
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -77,7 +77,7 @@ drf-nested-routers==0.91
 aliyun-python-sdk-core-v3==2.9.1    
 aliyun-python-sdk-ecs==4.10.1   
 rest_condition==1.0.3
-python-ldap==3.1.0
+python-ldap==3.3.1
 tencentcloud-sdk-python==3.0.40
 django-radius==1.4.0
 ipip-ipdb==1.2.1
Author	SHA1	Message	Date
Bai	e9652d56ff	fix: 修改获取org时，thread_local缓存问题	2021-03-01 17:55:44 +08:00
fit2bot	97262645be	fix: 修复 celery 等日志文件的访问漏洞 (#5474 ) Co-authored-by: xinwen <coderWen@126.com>	2021-01-19 14:36:35 +08:00
ibuler	82077a3ae1	fix: bug	2021-01-14 10:35:16 +08:00
Bai	d2760b98f6	fix: 修复celery日志清除问题	2021-01-11 10:29:32 +08:00
Bai	5f47a072b6	perf: 升级依赖 python-ldap==3.3.1	2020-12-22 17:19:15 +08:00
xinwen	25201e295d	fix: 将节点的资产添加到系统用户时固定组织	2020-12-22 15:14:26 +08:00
Bai	a802fb792f	fix: 修复资产导入携带disk_info信息时失败的问题	2020-12-21 17:11:20 +08:00
Bai	1646f9b27b	fix: 修复提交系统设置失败的问题	2020-12-21 14:29:48 +08:00