validating route functions
This commit is contained in:
parent
0360d6c739
commit
f8d7b32d0f
28
clientsdb.py
28
clientsdb.py
|
|
@ -30,7 +30,7 @@ def addclient(vmid, vmname, clientid, clientname, srvpass):
|
||||||
|
|
||||||
|
|
||||||
def validate(vmname, srvpass):
|
def validate(vmname, srvpass):
|
||||||
""" return true or false if credentials match something in clientdb. useful for authing extrnal admin panels """
|
""" return vmid or false if credentials match something in clientdb. useful for authing extrnal admin panels """
|
||||||
try:
|
try:
|
||||||
clientsdb = readclientsdb()
|
clientsdb = readclientsdb()
|
||||||
path = utils.find_key(clientsdb, vmname)
|
path = utils.find_key(clientsdb, vmname)
|
||||||
|
|
@ -43,13 +43,14 @@ def validate(vmname, srvpass):
|
||||||
|
|
||||||
#double check
|
#double check
|
||||||
if query != vmname:
|
if query != vmname:
|
||||||
return False
|
return None
|
||||||
else:
|
else:
|
||||||
#try to capture the encrypted password
|
#try to capture the encrypted password
|
||||||
try:
|
try:
|
||||||
encpass = clientsdb[c_id][v_id]['encpasswd']
|
encpass = clientsdb[c_id][v_id]['encpasswd']
|
||||||
except:
|
except:
|
||||||
return False
|
#cant query password
|
||||||
|
return None
|
||||||
|
|
||||||
#compare it with the requested password
|
#compare it with the requested password
|
||||||
b_srvpass = srvpass.encode('utf-8')
|
b_srvpass = srvpass.encode('utf-8')
|
||||||
|
|
@ -57,11 +58,15 @@ def validate(vmname, srvpass):
|
||||||
if (hmac.compare_digest(bcrypt.hashpw(b_srvpass, b_encpass), b_encpass)):
|
if (hmac.compare_digest(bcrypt.hashpw(b_srvpass, b_encpass), b_encpass)):
|
||||||
#login successful
|
#login successful
|
||||||
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) was validated successfully!'.format(query, c_id, v_id))
|
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) was validated successfully!'.format(query, c_id, v_id))
|
||||||
print('the gates are open!')
|
#TODO: generate ticket for double check
|
||||||
return True
|
generated_ticket = 'TODO'
|
||||||
|
response = { 'vpsid':v_id, 'ticket':generated_ticket }
|
||||||
print('boo.')
|
return response
|
||||||
return False
|
else:
|
||||||
|
ioconfig.logger.warning('clients> {} (clientid: {}, vmid: {}) ACCESS DENIED!'.format(query, c_id, v_id)
|
||||||
|
#cant compare password
|
||||||
|
return None
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
def setencpasswd(vmname, newpass):
|
def setencpasswd(vmname, newpass):
|
||||||
|
|
@ -72,9 +77,9 @@ def setencpasswd(vmname, newpass):
|
||||||
|
|
||||||
try:
|
try:
|
||||||
clientsdb = readclientsdb()
|
clientsdb = readclientsdb()
|
||||||
print(clientsdb)
|
#print(clientsdb)
|
||||||
path = utils.find_key(clientsdb, vmname)
|
path = utils.find_key(clientsdb, vmname)
|
||||||
print(path)
|
#print(path)
|
||||||
c_id = str(path[0])
|
c_id = str(path[0])
|
||||||
v_id = str(path[1])
|
v_id = str(path[1])
|
||||||
#check the returned path with forward query
|
#check the returned path with forward query
|
||||||
|
|
@ -86,8 +91,9 @@ def setencpasswd(vmname, newpass):
|
||||||
raise
|
raise
|
||||||
else:
|
else:
|
||||||
clientsdb[c_id][v_id]['encpasswd'] = encpasswd
|
clientsdb[c_id][v_id]['encpasswd'] = encpasswd
|
||||||
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) got its password changed!'.format(query, c_id, v_id))
|
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) got its management password changed!'.format(query, c_id, v_id))
|
||||||
writeclientsdb(clientsdb)
|
writeclientsdb(clientsdb)
|
||||||
|
#TODO: change lxc container password
|
||||||
|
|
||||||
|
|
||||||
def vmowner(vmid, vmname, verbose):
|
def vmowner(vmid, vmname, verbose):
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ import urllib.parse
|
||||||
import ioconfig
|
import ioconfig
|
||||||
import grid
|
import grid
|
||||||
import plugin
|
import plugin
|
||||||
|
import clientsdb
|
||||||
|
|
||||||
config = ioconfig.parser
|
config = ioconfig.parser
|
||||||
logger = ioconfig.logger
|
logger = ioconfig.logger
|
||||||
|
|
@ -43,6 +44,23 @@ def apicheck(params):
|
||||||
return (status, response)
|
return (status, response)
|
||||||
|
|
||||||
#API methods
|
#API methods
|
||||||
|
class Validate(object):
|
||||||
|
def on_post(self, req, resp):
|
||||||
|
""" get domain name and mgmt pass and compare it with the client db and returns an authed object ID """
|
||||||
|
domain = req.params['domain']
|
||||||
|
passwd = req.params['password']
|
||||||
|
logger.info('grid> access requested for {} with {}'.format(domain, passwd))
|
||||||
|
#apicheck_stat, apicheck_resp = apicheck(req.params)
|
||||||
|
response = clientsdb.validate(domain, passwd)
|
||||||
|
if response is not None:
|
||||||
|
resp.status = falcon.HTTP_200
|
||||||
|
resp.body = response
|
||||||
|
else:
|
||||||
|
resp.status = falcon.HTTP_403
|
||||||
|
resp.body = 'ERR'
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class ClusterResource(object):
|
class ClusterResource(object):
|
||||||
def on_get(self, req, resp):
|
def on_get(self, req, resp):
|
||||||
"""TEST ONLY. List cluster nodes. TEST ONLY"""
|
"""TEST ONLY. List cluster nodes. TEST ONLY"""
|
||||||
|
|
@ -92,6 +110,7 @@ class StatusResource(object):
|
||||||
resp.status = falcon.HTTP_403
|
resp.status = falcon.HTTP_403
|
||||||
resp.body = apicheck_resp
|
resp.body = apicheck_resp
|
||||||
|
|
||||||
|
|
||||||
class DeleteResource(object):
|
class DeleteResource(object):
|
||||||
def on_post(self, req, resp, vmid):
|
def on_post(self, req, resp, vmid):
|
||||||
""" delete machine completely"""
|
""" delete machine completely"""
|
||||||
|
|
@ -240,6 +259,9 @@ welcome()
|
||||||
#grid.sync()
|
#grid.sync()
|
||||||
|
|
||||||
# setup routes
|
# setup routes
|
||||||
|
res_validate = Validate()
|
||||||
|
api.add_route('/instance/auth', res_validate)
|
||||||
|
|
||||||
res_cluster = ClusterResource()
|
res_cluster = ClusterResource()
|
||||||
api.add_route('/instance', res_cluster)
|
api.add_route('/instance', res_cluster)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue