CMDB硬件信息管理系统开发(三)

 

完成任务:

  1、API验证。

import json
from django.shortcuts import render, HttpResponse
from django.views.decorators.csrf import csrf_exempt
from .plugins import PluginManger
from datetime import date
from repository import models
from django.db.models import Q
import hashlib
import time


def md5(arg):
    hs = hashlib.md5()
    hs.update(arg.encode('utf-8'))
    return hs.hexdigest()


key = "asdasodoquqwejqweo"
visited_keys = {
}


def api_auth(func):
    def inner(request, *args, **kwargs):
        server_float_ctime = time.time()
        auth_header_val = request.META.get('HTTP_AUTH_API')
        # 841770f74ef3b7867d90be37c5b4adfc|1506571253.9937866
        client_md5_str, client_ctime = auth_header_val.split('|', maxsplit=1)
        client_float_ctime = float(client_ctime)

        # 第一关
        if (client_float_ctime + 20) < server_float_ctime:
            return HttpResponse('时间验证超时,你的手速还不够快')

        # 第二关:
        server_md5_str = md5("%s|%s" % (key, client_ctime,))
        if server_md5_str != client_md5_str:
            return HttpResponse('验证不成功')

        # 第三关:
        if visited_keys.get(client_md5_str):
            return HttpResponse('有人已经来过了')

        visited_keys[client_md5_str] = client_float_ctime
        return func(request, *args, **kwargs)

    return inner


@csrf_exempt  # 不再验证csrf
def server(request):
    if request.method == "GET":
        current_date = date.today()
        # 获取今日未采集的主机列表
        host_list = models.Server.objects.filter(
            Q(Q(latest_date=None) | Q(latest_date__date__lt=current_date)) & Q(server_status_id=2)
        ).values('hostname')
        host_list = list(host_list)
        print(host_list)
        return HttpResponse(json.dumps(host_list))
    if request.method == "POST":
        # 客服端提交的最新资产数据
        server_dict = json.loads(request.body.decode('utf-8'))

        if not server_dict['basic']['status']:
            return HttpResponse("臣妾做不到啊")

        manager = PluginManger()
        response = manager.exec(server_dict)

        return HttpResponse(json.dumps(response))


@api_auth
def test(request):
    return HttpResponse('正常用户')
CMDB_server/views.py

 

# -*- coding: utf-8 -*-
# __author__ = "maple"
import requests
import time
import hashlib


def md5(arg):
    hs = hashlib.md5()
    hs.update(arg.encode('utf-8'))
    return hs.hexdigest()


key = "asdasodoquqwejqweo"
ctime = str(time.time())
new_key = "%s|%s" % (key, ctime,)   # 随机字符串|时间戳
md5_str = md5(new_key) # md5加密

auth_header_val = "%s|%s" % (md5_str, ctime,)

response = requests.get('http://127.0.0.1:8000/api/test.html', headers={'auth-api': auth_header_val})
print(response.text)
CMDB_client/test.py

 

posted @ 2019-06-26 14:03  7411  阅读(113)  评论(0)    收藏  举报