undersys/proxmaster
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

validating route functions

Browse source
This commit is contained in:
deflax 2016-03-07 19:25:13 +02:00
parent 0360d6c739
commit f8d7b32d0f
2 changed files with 39 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
clientsdb.py
View file

@ -30,7 +30,7 @@ def addclient(vmid, vmname, clientid, clientname, srvpass):
def validate(vmname, srvpass): def validate(vmname, srvpass):
""" return true or false if credentials match something in clientdb. useful for authing extrnal admin panels """ """ return vmid or false if credentials match something in clientdb. useful for authing extrnal admin panels """
try: try:
clientsdb = readclientsdb() clientsdb = readclientsdb()
path = utils.find_key(clientsdb, vmname) path = utils.find_key(clientsdb, vmname)
@ -43,13 +43,14 @@ def validate(vmname, srvpass):
#double check #double check
if query != vmname: if query != vmname:
return False return None
else: else:
#try to capture the encrypted password #try to capture the encrypted password
try: try:
encpass = clientsdb[c_id][v_id]['encpasswd'] encpass = clientsdb[c_id][v_id]['encpasswd']
except: except:
return False #cant query password
return None
#compare it with the requested password #compare it with the requested password
b_srvpass = srvpass.encode('utf-8') b_srvpass = srvpass.encode('utf-8')
@ -57,11 +58,15 @@ def validate(vmname, srvpass):
if (hmac.compare_digest(bcrypt.hashpw(b_srvpass, b_encpass), b_encpass)): if (hmac.compare_digest(bcrypt.hashpw(b_srvpass, b_encpass), b_encpass)):
#login successful #login successful
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) was validated successfully!'.format(query, c_id, v_id)) ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) was validated successfully!'.format(query, c_id, v_id))
print('the gates are open!') #TODO: generate ticket for double check
return True generated_ticket = 'TODO'
response = { 'vpsid':v_id, 'ticket':generated_ticket }
print('boo.') return response
return False else:
ioconfig.logger.warning('clients> {} (clientid: {}, vmid: {}) ACCESS DENIED!'.format(query, c_id, v_id)
#cant compare password
return None
return None
def setencpasswd(vmname, newpass): def setencpasswd(vmname, newpass):
@ -72,9 +77,9 @@ def setencpasswd(vmname, newpass):
try: try:
clientsdb = readclientsdb() clientsdb = readclientsdb()
print(clientsdb) #print(clientsdb)
path = utils.find_key(clientsdb, vmname) path = utils.find_key(clientsdb, vmname)
print(path) #print(path)
c_id = str(path[0]) c_id = str(path[0])
v_id = str(path[1]) v_id = str(path[1])
#check the returned path with forward query #check the returned path with forward query
@ -86,8 +91,9 @@ def setencpasswd(vmname, newpass):
raise raise
else: else:
clientsdb[c_id][v_id]['encpasswd'] = encpasswd clientsdb[c_id][v_id]['encpasswd'] = encpasswd
ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) got its password changed!'.format(query, c_id, v_id)) ioconfig.logger.info('clients> {} (clientid: {}, vmid: {}) got its management password changed!'.format(query, c_id, v_id))
writeclientsdb(clientsdb) writeclientsdb(clientsdb)
#TODO: change lxc container password
def vmowner(vmid, vmname, verbose): def vmowner(vmid, vmname, verbose):

22
proxmaster.py
View file

@ -14,6 +14,7 @@ import urllib.parse
import ioconfig import ioconfig
import grid import grid
import plugin import plugin
import clientsdb
config = ioconfig.parser config = ioconfig.parser
logger = ioconfig.logger logger = ioconfig.logger
@ -43,6 +44,23 @@ def apicheck(params):
return (status, response) return (status, response)
#API methods #API methods
class Validate(object):
def on_post(self, req, resp):
""" get domain name and mgmt pass and compare it with the client db and returns an authed object ID """
domain = req.params['domain']
passwd = req.params['password']
logger.info('grid> access requested for {} with {}'.format(domain, passwd))
#apicheck_stat, apicheck_resp = apicheck(req.params)
response = clientsdb.validate(domain, passwd)
if response is not None:
resp.status = falcon.HTTP_200
resp.body = response
else:
resp.status = falcon.HTTP_403
resp.body = 'ERR'
class ClusterResource(object): class ClusterResource(object):
def on_get(self, req, resp): def on_get(self, req, resp):
"""TEST ONLY. List cluster nodes. TEST ONLY""" """TEST ONLY. List cluster nodes. TEST ONLY"""
@ -92,6 +110,7 @@ class StatusResource(object):
resp.status = falcon.HTTP_403 resp.status = falcon.HTTP_403
resp.body = apicheck_resp resp.body = apicheck_resp
class DeleteResource(object): class DeleteResource(object):
def on_post(self, req, resp, vmid): def on_post(self, req, resp, vmid):
""" delete machine completely""" """ delete machine completely"""
@ -240,6 +259,9 @@ welcome()
#grid.sync() #grid.sync()
# setup routes # setup routes
res_validate = Validate()
api.add_route('/instance/auth', res_validate)
res_cluster = ClusterResource() res_cluster = ClusterResource()
api.add_route('/instance', res_cluster) api.add_route('/instance', res_cluster)