undersys/proxmaster
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

validating route functions

Browse source
This commit is contained in:
deflax 2016-03-07 19:25:13 +02:00
parent 0360d6c739
commit f8d7b32d0f
2 changed files with 39 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
clientsdb.py
View file

@ -30,7 +30,7 @@ def addclient(vmid, vmname, clientid, clientname, srvpass):
def validate(vmname, srvpass):
""" return true or false if credentials match something in clientdb. useful for authing extrnal admin panels """
""" return vmid or false if credentials match something in clientdb. useful for authing extrnal admin panels """
try:
clientsdb = readclientsdb()
path = utils.find_key(clientsdb, vmname)
@ -43,13 +43,14 @@ def validate(vmname, srvpass):
#double check
if query != vmname:
return False
return None
else:
#try to capture the encrypted password
try:
encpass = clientsdb[c_id][v_id]['encpasswd']
except:
return False
#cant query password
return None
#compare it with the requested password
b_srvpass = srvpass.encode('utf-8')
@ -57,11 +58,15 @@ def validate(vmname, srvpass):
if (hmac.compare_digest(bcrypt.hashpw(b_srvpass, b_encpass), b_encpass)):
#login successful
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) was validated successfully!'.format(query, c_id, v_id))
print('the gates are open!')
return True
print('boo.')
return False
#TODO: generate ticket for double check
generated_ticket = 'TODO'
response = { 'vpsid':v_id, 'ticket':generated_ticket }
return response
else:
ioconfig.logger.warning('clients> {} (clientid: {}, vmid: {}) ACCESS DENIED!'.format(query, c_id, v_id)
#cant compare password
return None
return None
def setencpasswd(vmname, newpass):
@ -72,9 +77,9 @@ def setencpasswd(vmname, newpass):
try:
clientsdb = readclientsdb()
print(clientsdb)
#print(clientsdb)
path = utils.find_key(clientsdb, vmname)
print(path)
#print(path)
c_id = str(path[0])
v_id = str(path[1])
#check the returned path with forward query
@ -86,8 +91,9 @@ def setencpasswd(vmname, newpass):
raise
else:
clientsdb[c_id][v_id]['encpasswd'] = encpasswd
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) got its password changed!'.format(query, c_id, v_id))
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) got its management password changed!'.format(query, c_id, v_id))
writeclientsdb(clientsdb)
#TODO: change lxc container password
def vmowner(vmid, vmname, verbose):

22
proxmaster.py
View file

@ -14,6 +14,7 @@ import urllib.parse
import ioconfig
import grid
import plugin
import clientsdb
config = ioconfig.parser
logger = ioconfig.logger
@ -43,6 +44,23 @@ def apicheck(params):
return (status, response)
#API methods
class Validate(object):
def on_post(self, req, resp):
""" get domain name and mgmt pass and compare it with the client db and returns an authed object ID """
domain = req.params['domain']
passwd = req.params['password']
logger.info('grid> access requested for {} with {}'.format(domain, passwd))
#apicheck_stat, apicheck_resp = apicheck(req.params)
response = clientsdb.validate(domain, passwd)
if response is not None:
resp.status = falcon.HTTP_200
resp.body = response
else:
resp.status = falcon.HTTP_403
resp.body = 'ERR'
class ClusterResource(object):
def on_get(self, req, resp):
"""TEST ONLY. List cluster nodes. TEST ONLY"""
@ -92,6 +110,7 @@ class StatusResource(object):
resp.status = falcon.HTTP_403
resp.body = apicheck_resp
class DeleteResource(object):
def on_post(self, req, resp, vmid):
""" delete machine completely"""
@ -240,6 +259,9 @@ welcome()
#grid.sync()
# setup routes
res_validate = Validate()
api.add_route('/instance/auth', res_validate)
res_cluster = ClusterResource()
api.add_route('/instance', res_cluster)