perf: modify url

apps/terminal/api/component/terminal.py

@@ -1,24 +1,26 @@
 # -*- coding: utf-8 -*-
 #
 import logging
-from django.db.models import Q
+
 from django.conf import settings
+from django.db.models import Q
 from django.utils.translation import gettext_lazy as _
+from django_filters import rest_framework as filters
 from rest_framework import generics
 from rest_framework import status
 from rest_framework.views import APIView, Response
-from django_filters import rest_framework as filters
 
-from common.drf.filters import BaseFilterSet
 from common.api import JMSBulkModelViewSet
+from common.drf.filters import BaseFilterSet
 from common.exceptions import JMSException
-from common.permissions import WithBootstrapToken
+from common.permissions import WithBootstrapToken, IsServiceAccount
+from jumpserver.conf import ConfigCrypto
 from terminal import serializers
 from terminal.models import Terminal
 
 __all__ = [
     'TerminalViewSet', 'TerminalConfig',
-    'TerminalRegistrationApi',
+    'TerminalRegistrationApi', 'EncryptedTerminalConfig'
 ]
 logger = logging.getLogger(__file__)
 
@@ -89,3 +91,17 @@ class TerminalRegistrationApi(generics.CreateAPIView):
             return Response(data=data, status=status.HTTP_400_BAD_REQUEST)
         return super().create(request, *args, **kwargs)
 
+
+class EncryptedTerminalConfig(generics.CreateAPIView):
+    serializer_class = serializers.EncryptedConfigSerializer
+    permission_classes = [IsServiceAccount]
+    http_method_names = ['post']
+
+    def post(self, request, *args, **kwargs):
+        serializer = self.serializer_class(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        encrypt_key = serializer.validated_data['secret_encrypt_key']
+        encrypted_value = serializer.validated_data['encrypted_value']
+        config_crypto = ConfigCrypto(encrypt_key)
+        value = config_crypto.decrypt(encrypted_value)
+        return Response(data={'value': value}, status=200)

apps/terminal/connect_methods.py

@@ -253,8 +253,9 @@ class ConnectMethodUtil:
     def _filter_disable_protocols_connect_methods(cls, methods):
         # 过滤一些特殊的协议方式
         if not getattr(settings, 'TERMINAL_KOKO_SSH_ENABLED'):
-            protocol = Protocol.ssh
-            methods[protocol] = [m for m in methods[protocol] if m['type'] != 'native']
+            disable_ssh_client_protocols = [Protocol.ssh, Protocol.sftp, Protocol.telnet]
+            for protocol in disable_ssh_client_protocols:
+                methods[protocol] = [m for m in methods[protocol] if m['type'] != 'native']
         return methods
 
     @classmethod

apps/terminal/serializers/terminal.py

@@ -147,3 +147,8 @@ class ConnectMethodSerializer(serializers.Serializer):
     type = serializers.CharField(max_length=128)
     endpoint_protocol = serializers.CharField(max_length=128)
     component = serializers.CharField(max_length=128)
+
+
+class EncryptedConfigSerializer(serializers.Serializer):
+    secret_encrypt_key = serializers.CharField(max_length=128)
+    encrypted_value = serializers.CharField(max_length=128)

apps/terminal/urls/api_urls.py

@@ -54,6 +54,7 @@ urlpatterns = [
     # components
     path('components/metrics/', api.ComponentsMetricsAPIView.as_view(), name='components-metrics'),
     path('components/connect-methods/', api.ConnectMethodListApi.as_view(), name='connect-methods'),
+    path('encrypted-config/', api.EncryptedTerminalConfig.as_view(), name='encrypted-terminal-config'),
 ]
 
 urlpatterns += router.urls