Skip to content

M
micro-remote
Commit 55ade2f1 authored by BH's avatar BH
Browse files
Options

远程出金3期,容器打包脚本

parent fa6e8a60
Hide whitespace changes
Inline Side-by-side
Showing with 2099 additions and 241 deletions
server/www/teleport/webroot/app/app_env.py
View file @ 55ade2f1
...@@ -44,9 +44,10 @@ if _ext_path not in sys.path: ...@@ -44,9 +44,10 @@ if _ext_path not in sys.path:
sys.path.append(_ext_path) sys.path.append(_ext_path)
# 确定一些路径 # 确定一些路径
if os.path.exists(os.path.join(os.path.dirname(sys.executable), 'dev_mode')): PATH_DATA = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', '..', 'share'))
# 开发调试模式 # if os.path.exists(os.path.join(os.path.dirname(sys.executable), 'dev_mode')):
PATH_DATA = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', '..', 'share')) # # 开发调试模式
# PATH_DATA = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', '..', 'share'))
else: #
PATH_DATA = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', '..', 'data')) # else:
# PATH_DATA = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', '..', 'data'))
server/www/teleport/webroot/app/controller/plugin.py
View file @ 55ade2f1
...@@ -589,8 +589,8 @@ class BindPayAccountHandler(TPBasePluginHandler): ...@@ -589,8 +589,8 @@ class BindPayAccountHandler(TPBasePluginHandler):
self.parse = reqparse.RequestParser() self.parse = reqparse.RequestParser()
self.parse.add_argument("comp_id", type=int, required=True, help='', ) self.parse.add_argument("comp_id", type=int, required=True, help='', )
self.parse.add_argument("host_id", type=int, required=True, help='', ) self.parse.add_argument("host_id", type=int, required=True, help='', )
self.parse.add_argument("mch_no", type=str, help='', ) # self.parse.add_argument("mch_no", type=str, help='', )
self.parse.add_argument("biz_id", type=int, help='', ) # self.parse.add_argument("biz_id", type=int, help='', )
self.parse.add_argument("account", type=str, required=True, help='', ) self.parse.add_argument("account", type=str, required=True, help='', )
self.parse.add_argument("password", type=str, required=True, help='', ) self.parse.add_argument("password", type=str, required=True, help='', )
# 绑定账户类型 # 绑定账户类型
......
server/www/teleport/webroot/app/plugin/demo_alipay.py deleted 100644 → 0
View file @ fa6e8a60
# coding: utf-8
import os
from selenium import webdriver
options = webdriver.ChromeOptions()
options.add_argument("--no-sandbox")
# options.add_argument('--disable-dev-shm-usage')
options.add_experimental_option("excludeSwitches", ['enable-automation'])
# options.add_argument("--remote-debugging-port=9222")
# options.headless = True
command_executor = "http://localhost:4444/wd/hub"
driver = webdriver.Remote(command_executor, desired_capabilities=options.to_capabilities())
import time
# time.sleep(5)
driver.get("https://b.alipay.com/index2.htm")
driver.get_screenshot_as_file('screenshot1.png')
import random
def do_tool(k):
os.system("xdotool key {}".format(k))
time.sleep(random.randint(1, 10) * 0.1)
[do_tool(k) for k in '18826140775']
do_tool("Tab")
[do_tool(k) for k in 'v4f8169l']
do_tool("Tab")
do_tool("Tab")
do_tool("Tab")
do_tool("Shift+Tab")
do_tool("Shift+Tab")
# 获取截图
driver.get_screenshot_as_file('screenshot.png')
import cv2
def crop_code(img_path):
img = cv2.pyrDown(cv2.imread(img_path, cv2.IMREAD_UNCHANGED))
img2 = cv2.imread(img_path)
ret, thresh = cv2.threshold(cv2.cvtColor(img.copy(), cv2.COLOR_BGR2GRAY), 127, 255, cv2.THRESH_BINARY)
contours, hier = cv2.findContours(thresh, cv2.RETR_EXTERNAL, cv2.CHAIN_APPROX_SIMPLE)
for c in contours:
x, y, w, h = cv2.boundingRect(c)
if w < 30 or h < 20 or w * h > 1000:
continue
cv2.rectangle(img, (x, y), (x + w, y + h), (0, 255, 0), 2)
cropImg = img2[y * 2:(y + h) * 2, x * 2:(x + w) * 2]
cv2.imwrite("code.png", cropImg)
return "code.png"
path = crop_code("screenshot0.png")
from example import FateadmApi
pd_id = "122334"
pd_key = "CvSAzmpNTCk953nPqrciORQ5LaMmwsSZ"
app_id = "322334"
app_key = "ZVZG1lpunkJrrGA0xPJJgfRHHa384ycQ"
pred_type = "30400"
# 初始化api接口
other_api = FateadmApi(app_id, app_key, pd_id, pd_key)
rsp = other_api.PredictFromFile("30400", "code.png", "demo")
code = rsp.pred_rsp.value
print(code)
[do_tool(k) for k in code]
do_tool("KP_Enter")
server/www/teleport/webroot/app/plugin/docker_build/Dockerfile
View file @ 55ade2f1
...@@ -20,6 +20,7 @@ RUN mkdir -p /run/systemd \ ...@@ -20,6 +20,7 @@ RUN mkdir -p /run/systemd \
&& echo 'docker' > /run/systemd/container && echo 'docker' > /run/systemd/container
CMD ["/bin/bash"] CMD ["/bin/bash"]
ENV HOME=/root ENV HOME=/root
#ENV DEBIAN_FRONTEND=noninteractive #ENV DEBIAN_FRONTEND=noninteractive
#ENV LC_ALL=C.UTF-8 #ENV LC_ALL=C.UTF-8
#ENV LANG=zh_CN.UTF-8 #ENV LANG=zh_CN.UTF-8
...@@ -58,6 +59,7 @@ RUN mkdir -p /root/.config/fcitx && \ ...@@ -58,6 +59,7 @@ RUN mkdir -p /root/.config/fcitx && \
RUN mkdir -p /etc/opt RUN mkdir -p /etc/opt
COPY google-chrome-stable_current_amd64.deb /etc/opt/google-chrome-stable_current_amd64.deb COPY google-chrome-stable_current_amd64.deb /etc/opt/google-chrome-stable_current_amd64.deb
RUN apt install -fy /etc/opt/google-chrome-stable_current_amd64.deb RUN apt install -fy /etc/opt/google-chrome-stable_current_amd64.deb
#RUN wget http://172.30.20.148:8888/google-chrome-stable_current_amd64.deb && apt install -fy google-chrome-stable_current_amd64.deb
RUN apt-get autoclean RUN apt-get autoclean
WORKDIR /root WORKDIR /root
...@@ -106,8 +108,8 @@ ENV CHROME_DRIVER_BASE="chromedriver.storage.googleapis.com" \ ...@@ -106,8 +108,8 @@ ENV CHROME_DRIVER_BASE="chromedriver.storage.googleapis.com" \
ENV CHROME_DRIVER_FILE="chromedriver_linux${CPU_ARCH}.zip" ENV CHROME_DRIVER_FILE="chromedriver_linux${CPU_ARCH}.zip"
ENV CHROME_DRIVER_URL="https://${CHROME_DRIVER_BASE}/${CHROME_DRIVER_VERSION}/${CHROME_DRIVER_FILE}" ENV CHROME_DRIVER_URL="https://${CHROME_DRIVER_BASE}/${CHROME_DRIVER_VERSION}/${CHROME_DRIVER_FILE}"
# Gets latest chrome driver version. Or you can hard-code it, e.g. 2.15 # Gets latest chrome driver version. Or you can hard-code it, e.g. 2.15
RUN wget -nv -O chromedriver_linux${CPU_ARCH}.zip ${CHROME_DRIVER_URL} #RUN wget -nv -O chromedriver_linux${CPU_ARCH}.zip ${CHROME_DRIVER_URL}
COPY chromedriver_linux64.zip /root/chromedriver_linux64.zip
RUN unzip chromedriver_linux${CPU_ARCH}.zip RUN unzip chromedriver_linux${CPU_ARCH}.zip
RUN rm chromedriver_linux${CPU_ARCH}.zip \ RUN rm chromedriver_linux${CPU_ARCH}.zip \
&& mv chromedriver \ && mv chromedriver \
...@@ -159,22 +161,28 @@ RUN apt-get update && apt-get install -y \ ...@@ -159,22 +161,28 @@ RUN apt-get update && apt-get install -y \
ruby \ ruby \
zlib1g \ zlib1g \
zlib1g.dev zlib1g.dev
ARG LOCALIP
RUN cd /root &&wget https://openresty.org/download/openresty-1.13.6.2.tar.gz && tar xzvf openresty-1.13.6.2.tar.gz \ COPY openresty-1.13.6.2.tar.gz /root/openresty-1.13.6.2.tar.gz
#RUN cd /root &&wget https://openresty.org/download/openresty-1.13.6.2.tar.gz && tar xzvf openresty-1.13.6.2.tar.gz \
RUN cd /root && tar xzvf openresty-1.13.6.2.tar.gz \
&& cd openresty-1.13.6.2/ \ && cd openresty-1.13.6.2/ \
&& ./configure \ && ./configure \
&& make \ && make \
&& make install \ && make install \
&& ln /usr/local/openresty/nginx/sbin/nginx /usr/bin/nginx \ && ln /usr/local/openresty/nginx/sbin/nginx /usr/bin/nginx \
&& var=" lua_package_path '/usr/local/openresty/nginx/mylua/?.lua;;';" \
&& sed -i "/gzip on;/ a\\$var" /usr/local/openresty/nginx/conf/nginx.conf \
&& var=" include /usr/local/openresty/nginx/conf/conf.d/*.conf;" \ && var=" include /usr/local/openresty/nginx/conf/conf.d/*.conf;" \
&& sed -i "/gzip on;/ a\\$var" /usr/local/openresty/nginx/conf/nginx.conf \ && sed -i "/gzip on;/ a\\$var" /usr/local/openresty/nginx/conf/nginx.conf \
&& var=" lua_shared_dict my_cache 64m;" \ && var=" lua_shared_dict my_cache 64m;" \
&& sed -i "/gzip on;/ a\\$var" /usr/local/openresty/nginx/conf/nginx.conf \ && sed -i "/gzip on;/ a\\$var" /usr/local/openresty/nginx/conf/nginx.conf \
&& var=" set \$client_ip '${LOCALIP}';" \
&& sed -i "/charset koi8-r;/ a\\$var" /usr/local/openresty/nginx/conf/nginx.conf \
&& mkdir -p /usr/local/openresty/nginx/conf/conf.d \ && mkdir -p /usr/local/openresty/nginx/conf/conf.d \
&& mkdir -p /var/log/nginx && mkdir -p /var/log/nginx
COPY api-redir.conf /usr/local/openresty/nginx/conf/conf.d/api-redir.conf COPY api-redir.conf /usr/local/openresty/nginx/conf/conf.d/api-redir.conf
COPY cache-redir.conf /usr/local/openresty/nginx/conf/conf.d/cache-redir.conf
#================== #==================
# xdotool 自动化工具 # xdotool 自动化工具
...@@ -182,15 +190,14 @@ COPY cache-redir.conf /usr/local/openresty/nginx/conf/conf.d/cache-redir.conf ...@@ -182,15 +190,14 @@ COPY cache-redir.conf /usr/local/openresty/nginx/conf/conf.d/cache-redir.conf
RUN apt-get update && apt-get install -y \ RUN apt-get update && apt-get install -y \
xdotool \ xdotool \
cmake cmake
#todo 优化安装 opencv-python pycryptodome
RUN pip3 install scikit-build && pip3 install opencv-python requests flask rsa RUN pip3 install scikit-build && pip3 install requests flask pycrypto -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com
COPY vnc-redir.conf /usr/local/openresty/nginx/conf/conf.d/vnc-redir.conf COPY vnc-redir.conf /usr/local/openresty/nginx/conf/conf.d/vnc-redir.conf
RUN mkdir -p /root/main RUN mkdir -p /root/main
COPY public.pem /root/main/public.pem COPY public.pem /root/main/public.pem
COPY small_web.py /root/main/small_web.py COPY small_web.py /root/main/small_web.py
RUN pip3 install pyDes
#================== #==================
# 调试用工具 # 调试用工具
...@@ -199,6 +206,11 @@ RUN apt-get update && apt-get install -y \ ...@@ -199,6 +206,11 @@ RUN apt-get update && apt-get install -y \
lsof \ lsof \
vim vim
RUN mkdir -p /usr/local/openresty/nginx/mylua/resty
COPY token_check.lua /usr/local/openresty/nginx/mylua/token_check.lua
COPY http.lua /usr/local/openresty/nginx/mylua/resty/http.lua
COPY http_headers.lua /usr/local/openresty/nginx/mylua/resty/http_headers.lua
ENV \ ENV \
# 時區 # 時區
...@@ -215,7 +227,7 @@ ENV \ ...@@ -215,7 +227,7 @@ ENV \
DISPLAY=:0 \ DISPLAY=:0 \
SCREEN_RESOLUTION=1280x900 SCREEN_RESOLUTION=1280x900
COPY private.pem /root/main/private.pem
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
ENV DISPLAY=:0 ENV DISPLAY=:0
...@@ -237,3 +249,4 @@ CMD ["/usr/bin/supervisord"] ...@@ -237,3 +249,4 @@ CMD ["/usr/bin/supervisord"]
#/usr/local/bin/x11vnc #/usr/local/bin/x11vnc
#/usr/bin/x11vnc #/usr/bin/x11vnc
#docker run -d -p 8083:8083 -p 5900:5900 oldiy/chrome-novnc:latest #docker run -d -p 8083:8083 -p 5900:5900 oldiy/chrome-novnc:latest
#docker build -t sandbox .
\ No newline at end of file
server/www/teleport/webroot/app/plugin/docker_build/api-redir.conf
View file @ 55ade2f1
...@@ -9,9 +9,9 @@ server { ...@@ -9,9 +9,9 @@ server {
server_name _; server_name _;
# 开启gzip压缩输出 # 开启gzip压缩输出
gzip on; gzip on;
# 定义本虚拟主机的访问日志 # 定义本虚拟主机的访问日志
access_log /var/log/nginx/api_access.log combined buffer=1k; access_log /var/log/nginx/api_access.log combined buffer=1k;
error_log /var/log/nginx/api_error.log info; error_log /var/log/nginx/api_error.log info;
...@@ -20,7 +20,7 @@ server { ...@@ -20,7 +20,7 @@ server {
log_not_found off; log_not_found off;
access_log off; access_log off;
} }
# 防爬 # 防爬
location /robots.txt { location /robots.txt {
return 200 'User-agent: *\nDisallow: /'; return 200 'User-agent: *\nDisallow: /';
...@@ -34,34 +34,8 @@ server { ...@@ -34,34 +34,8 @@ server {
break; break;
} }
# 对 / 访问进行控制
location /token {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Referer $http_referer;
proxy_set_header Host $http_host;
proxy_buffers 256 4k;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / { location / {
access_by_lua ' access_by_lua_file mylua/token_check.lua;
local cache_ngx = ngx.shared.my_cache
local token = ngx.var.cookie_token
if not token then
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(token)
ngx.exit(200)
end
local token2 = cache_ngx:get(token)
if not token2 then
local errs = "requests check fail"
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(errs)
ngx.exit(200)
end
return
';
proxy_pass http://127.0.0.1:8000; proxy_pass http://127.0.0.1:8000;
proxy_set_header Referer $http_referer; proxy_set_header Referer $http_referer;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
......
server/www/teleport/webroot/app/plugin/docker_build/cache-redir.conf deleted 100644 → 0
View file @ fa6e8a60
server {
listen 10086;
charset utf-8;
server_name _;
gzip on;
location /set {
access_by_lua '
local cache_ngx = ngx.shared.my_cache
local args = ngx.req.get_headers();
local token1 = args["appid"];
cache_ngx:set(token1, token1, 30 * 60)
local msg = "ok"
ngx.say(msg)
ngx.exit(200)
return
';
}
location /check {
access_by_lua '
local cache_ngx = ngx.shared.my_cache
local args = ngx.req.get_headers();
local token1 = args["appid"];
local token2 = cache_ngx:get(token1)
local errs = "oh,Only token1 Request will be Processe"
if not token1 then
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(errs)
ngx.exit(200)
end
local errs = "oh,Only token2 Request will be Processe"
if not token2 then
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(errs)
ngx.exit(200)
end
local errs = "oh,Only token Request will be Processe"
if token1 ~= token2 then
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(errs)
ngx.exit(200)
else
return
end
';
}
}
server/www/teleport/webroot/app/plugin/docker_build/http.lua 0 → 100644
View file @ 55ade2f1
local http_headers = require "resty.http_headers"
local ngx = ngx
local ngx_socket_tcp = ngx.socket.tcp
local ngx_req = ngx.req
local ngx_req_socket = ngx_req.socket
local ngx_req_get_headers = ngx_req.get_headers
local ngx_req_get_method = ngx_req.get_method
local str_lower = string.lower
local str_upper = string.upper
local str_find = string.find
local str_sub = string.sub
local tbl_concat = table.concat
local tbl_insert = table.insert
local ngx_encode_args = ngx.encode_args
local ngx_re_match = ngx.re.match
local ngx_re_gmatch = ngx.re.gmatch
local ngx_re_sub = ngx.re.sub
local ngx_re_gsub = ngx.re.gsub
local ngx_re_find = ngx.re.find
local ngx_log = ngx.log
local ngx_DEBUG = ngx.DEBUG
local ngx_ERR = ngx.ERR
local ngx_var = ngx.var
local ngx_print = ngx.print
local ngx_header = ngx.header
local co_yield = coroutine.yield
local co_create = coroutine.create
local co_status = coroutine.status
local co_resume = coroutine.resume
local setmetatable = setmetatable
local tonumber = tonumber
local tostring = tostring
local unpack = unpack
local rawget = rawget
local select = select
local ipairs = ipairs
local pairs = pairs
local pcall = pcall
local type = type
-- http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.5.1
local HOP_BY_HOP_HEADERS = {
["connection"] = true,
["keep-alive"] = true,
["proxy-authenticate"] = true,
["proxy-authorization"] = true,
["te"] = true,
["trailers"] = true,
["transfer-encoding"] = true,
["upgrade"] = true,
["content-length"] = true, -- Not strictly hop-by-hop, but Nginx will deal
-- with this (may send chunked for example).
}
local EXPECTING_BODY = {
POST = true,
PUT = true,
PATCH = true,
}
-- Reimplemented coroutine.wrap, returning "nil, err" if the coroutine cannot
-- be resumed. This protects user code from infinite loops when doing things like
-- repeat
-- local chunk, err = res.body_reader()
-- if chunk then -- <-- This could be a string msg in the core wrap function.
-- ...
-- end
-- until not chunk
local co_wrap = function(func)
local co = co_create(func)
if not co then
return nil, "could not create coroutine"
else
return function(...)
if co_status(co) == "suspended" then
return select(2, co_resume(co, ...))
else
return nil, "can't resume a " .. co_status(co) .. " coroutine"
end
end
end
end
-- Returns a new table, recursively copied from the one given.
--
-- @param table table to be copied
-- @return table
local function tbl_copy(orig)
local orig_type = type(orig)
local copy
if orig_type == "table" then
copy = {}
for orig_key, orig_value in next, orig, nil do
copy[tbl_copy(orig_key)] = tbl_copy(orig_value)
end
else -- number, string, boolean, etc
copy = orig
end
return copy
end
local _M = {
_VERSION = '0.14',
}
_M._USER_AGENT = "lua-resty-http/" .. _M._VERSION .. " (Lua) ngx_lua/" .. ngx.config.ngx_lua_version
local mt = { __index = _M }
local HTTP = {
[1.0] = " HTTP/1.0\r\n",
[1.1] = " HTTP/1.1\r\n",
}
local DEFAULT_PARAMS = {
method = "GET",
path = "/",
version = 1.1,
}
local DEBUG = false
function _M.new(_)
local sock, err = ngx_socket_tcp()
if not sock then
return nil, err
end
return setmetatable({ sock = sock, keepalive = true }, mt)
end
function _M.debug(d)
DEBUG = (d == true)
end
function _M.set_timeout(self, timeout)
local sock = self.sock
if not sock then
return nil, "not initialized"
end
return sock:settimeout(timeout)
end
function _M.set_timeouts(self, connect_timeout, send_timeout, read_timeout)
local sock = self.sock
if not sock then
return nil, "not initialized"
end
return sock:settimeouts(connect_timeout, send_timeout, read_timeout)
end
function _M.ssl_handshake(self, ...)
local sock = self.sock
if not sock then
return nil, "not initialized"
end
self.ssl = true
return sock:sslhandshake(...)
end
function _M.connect(self, ...)
local sock = self.sock
if not sock then
return nil, "not initialized"
end
self.host = select(1, ...)
self.port = select(2, ...)
-- If port is not a number, this is likely a unix domain socket connection.
if type(self.port) ~= "number" then
self.port = nil
end
self.keepalive = true
return sock:connect(...)
end
function _M.set_keepalive(self, ...)
local sock = self.sock
if not sock then
return nil, "not initialized"
end
if self.keepalive == true then
return sock:setkeepalive(...)
else
-- The server said we must close the connection, so we cannot setkeepalive.
-- If close() succeeds we return 2 instead of 1, to differentiate between
-- a normal setkeepalive() failure and an intentional close().
local res, err = sock:close()
if res then
return 2, "connection must be closed"
else
return res, err
end
end
end
function _M.get_reused_times(self)
local sock = self.sock
if not sock then
return nil, "not initialized"
end
return sock:getreusedtimes()
end
function _M.close(self)
local sock = self.sock
if not sock then
return nil, "not initialized"
end
return sock:close()
end
local function _should_receive_body(method, code)
if method == "HEAD" then return nil end
if code == 204 or code == 304 then return nil end
if code >= 100 and code < 200 then return nil end
return true
end
function _M.parse_uri(_, uri, query_in_path)
if query_in_path == nil then query_in_path = true end
local m, err = ngx_re_match(uri, [[^(?:(http[s]?):)?//([^:/\?]+)(?::(\d+))?([^\?]*)\??(.*)]], "jo")
if not m then
if err then
return nil, "failed to match the uri: " .. uri .. ", " .. err
end
return nil, "bad uri: " .. uri
else
-- If the URI is schemaless (i.e. //example.com) try to use our current
-- request scheme.
if not m[1] then
local scheme = ngx_var.scheme
if scheme == "http" or scheme == "https" then
m[1] = scheme
else
return nil, "schemaless URIs require a request context: " .. uri
end
end
if m[3] then
m[3] = tonumber(m[3])
else
if m[1] == "https" then
m[3] = 443
else
m[3] = 80
end
end
if not m[4] or "" == m[4] then m[4] = "/" end
if query_in_path and m[5] and m[5] ~= "" then
m[4] = m[4] .. "?" .. m[5]
m[5] = nil
end
return m, nil
end
end
local function _format_request(params)
local version = params.version
local headers = params.headers or {}
local query = params.query or ""
if type(query) == "table" then
query = "?" .. ngx_encode_args(query)
elseif query ~= "" and str_sub(query, 1, 1) ~= "?" then
query = "?" .. query
end
-- Initialize request
local req = {
str_upper(params.method),
" ",
params.path,
query,
HTTP[version],
-- Pre-allocate slots for minimum headers and carriage return.
true,
true,
true,
}
local c = 6 -- req table index it's faster to do this inline vs table.insert
-- Append headers
for key, values in pairs(headers) do
key = tostring(key)
if type(values) == "table" then
for _, value in pairs(values) do
req[c] = key .. ": " .. tostring(value) .. "\r\n"
c = c + 1
end
else
req[c] = key .. ": " .. tostring(values) .. "\r\n"
c = c + 1
end
end
-- Close headers
req[c] = "\r\n"
return tbl_concat(req)
end
local function _receive_status(sock)
local line, err = sock:receive("*l")
if not line then
return nil, nil, nil, err
end
return tonumber(str_sub(line, 10, 12)), tonumber(str_sub(line, 6, 8)), str_sub(line, 14)
end
local function _receive_headers(sock)
local headers = http_headers.new()
repeat
local line, err = sock:receive("*l")
if not line then
return nil, err
end
local m, err = ngx_re_match(line, "([^:\\s]+):\\s*(.*)", "jo")
if err then ngx_log(ngx_ERR, err) end
if not m then
break
end
local key = m[1]
local val = m[2]
if headers[key] then
if type(headers[key]) ~= "table" then
headers[key] = { headers[key] }
end
tbl_insert(headers[key], tostring(val))
else
headers[key] = tostring(val)
end
until ngx_re_find(line, "^\\s*$", "jo")
return headers, nil
end
local function _chunked_body_reader(sock, default_chunk_size)
return co_wrap(function(max_chunk_size)
local remaining = 0
local length
max_chunk_size = max_chunk_size or default_chunk_size
repeat
-- If we still have data on this chunk
if max_chunk_size and remaining > 0 then
if remaining > max_chunk_size then
-- Consume up to max_chunk_size
length = max_chunk_size
remaining = remaining - max_chunk_size
else
-- Consume all remaining
length = remaining
remaining = 0
end
else -- This is a fresh chunk
-- Receive the chunk size
local str, err = sock:receive("*l")
if not str then
co_yield(nil, err)
end
length = tonumber(str, 16)
if not length then
co_yield(nil, "unable to read chunksize")
end
if max_chunk_size and length > max_chunk_size then
-- Consume up to max_chunk_size
remaining = length - max_chunk_size
length = max_chunk_size
end
end
if length > 0 then
local str, err = sock:receive(length)
if not str then
co_yield(nil, err)
end
max_chunk_size = co_yield(str) or default_chunk_size
-- If we're finished with this chunk, read the carriage return.
if remaining == 0 then
sock:receive(2) -- read \r\n
end
else
-- Read the last (zero length) chunk's carriage return
sock:receive(2) -- read \r\n
end
until length == 0
end)
end
local function _body_reader(sock, content_length, default_chunk_size)
return co_wrap(function(max_chunk_size)
max_chunk_size = max_chunk_size or default_chunk_size
if not content_length and max_chunk_size then
-- We have no length, but wish to stream.
-- HTTP 1.0 with no length will close connection, so read chunks to the end.
repeat
local str, err, partial = sock:receive(max_chunk_size)
if not str and err == "closed" then
co_yield(partial, err)
end
max_chunk_size = tonumber(co_yield(str) or default_chunk_size)
if max_chunk_size and max_chunk_size < 0 then max_chunk_size = nil end
if not max_chunk_size then
ngx_log(ngx_ERR, "Buffer size not specified, bailing")
break
end
until not str
elseif not content_length then
-- We have no length but don't wish to stream.
-- HTTP 1.0 with no length will close connection, so read to the end.
co_yield(sock:receive("*a"))
elseif not max_chunk_size then
-- We have a length and potentially keep-alive, but want everything.
co_yield(sock:receive(content_length))
else
-- We have a length and potentially a keep-alive, and wish to stream
-- the response.
local received = 0
repeat
local length = max_chunk_size
if received + length > content_length then
length = content_length - received
end
if length > 0 then
local str, err = sock:receive(length)
if not str then
co_yield(nil, err)
end
received = received + length
max_chunk_size = tonumber(co_yield(str) or default_chunk_size)
if max_chunk_size and max_chunk_size < 0 then max_chunk_size = nil end
if not max_chunk_size then
ngx_log(ngx_ERR, "Buffer size not specified, bailing")
break
end
end
until length == 0
end
end)
end
local function _no_body_reader()
return nil
end
local function _read_body(res)
local reader = res.body_reader
if not reader then
-- Most likely HEAD or 304 etc.
return nil, "no body to be read"
end
local chunks = {}
local c = 1
local chunk, err
repeat
chunk, err = reader()
if err then
return nil, err, tbl_concat(chunks) -- Return any data so far.
end
if chunk then
chunks[c] = chunk
c = c + 1
end
until not chunk
return tbl_concat(chunks)
end
local function _trailer_reader(sock)
return co_wrap(function()
co_yield(_receive_headers(sock))
end)
end
local function _read_trailers(res)
local reader = res.trailer_reader
if not reader then
return nil, "no trailers"
end
local trailers = reader()
setmetatable(res.headers, { __index = trailers })
end
local function _send_body(sock, body)
if type(body) == 'function' then
repeat
local chunk, err, partial = body()
if chunk then
local ok, err = sock:send(chunk)
if not ok then
return nil, err
end
elseif err ~= nil then
return nil, err, partial
end
until chunk == nil
elseif body ~= nil then
local bytes, err = sock:send(body)
if not bytes then
return nil, err
end
end
return true, nil
end
local function _handle_continue(sock, body)
local status, version, reason, err = _receive_status(sock) --luacheck: no unused
if not status then
return nil, nil, err
end
-- Only send body if we receive a 100 Continue
if status == 100 then
local ok, err = sock:receive("*l") -- Read carriage return
if not ok then
return nil, nil, err
end
_send_body(sock, body)
end
return status, version, err
end
function _M.send_request(self, params)
-- Apply defaults
setmetatable(params, { __index = DEFAULT_PARAMS })
local sock = self.sock
local body = params.body
local headers = http_headers.new()
local params_headers = params.headers
if params_headers then
-- We assign one by one so that the metatable can handle case insensitivity
-- for us. You can blame the spec for this inefficiency.
for k, v in pairs(params_headers) do
headers[k] = v
end
end
-- Ensure minimal headers are set
if not headers["Content-Length"] then
if type(body) == 'string' then
headers["Content-Length"] = #body
elseif body == nil and EXPECTING_BODY[str_upper(params.method)] then
headers["Content-Length"] = 0
end
end
if not headers["Host"] then
if (str_sub(self.host, 1, 5) == "unix:") then
return nil, "Unable to generate a useful Host header for a unix domain socket. Please provide one."
end
-- If we have a port (i.e. not connected to a unix domain socket), and this
-- port is non-standard, append it to the Host header.
if self.port then
if self.ssl and self.port ~= 443 then
headers["Host"] = self.host .. ":" .. self.port
elseif not self.ssl and self.port ~= 80 then
headers["Host"] = self.host .. ":" .. self.port
else
headers["Host"] = self.host
end
else
headers["Host"] = self.host
end
end
if not headers["User-Agent"] then
headers["User-Agent"] = _M._USER_AGENT
end
if params.version == 1.0 and not headers["Connection"] then
headers["Connection"] = "Keep-Alive"
end
params.headers = headers
-- Format and send request
local req = _format_request(params)
if DEBUG then ngx_log(ngx_DEBUG, "\n", req) end
local bytes, err = sock:send(req)
if not bytes then
return nil, err
end
-- Send the request body, unless we expect: continue, in which case
-- we handle this as part of reading the response.
if headers["Expect"] ~= "100-continue" then
local ok, err, partial = _send_body(sock, body)
if not ok then
return nil, err, partial
end
end
return true
end
function _M.read_response(self, params)
local sock = self.sock
local status, version, reason, err
-- If we expect: continue, we need to handle this, sending the body if allowed.
-- If we don't get 100 back, then status is the actual status.
if params.headers["Expect"] == "100-continue" then
local _status, _version, _err = _handle_continue(sock, params.body)
if not _status then
return nil, _err
elseif _status ~= 100 then
status, version, err = _status, _version, _err -- luacheck: no unused
end
end
-- Just read the status as normal.
if not status then
status, version, reason, err = _receive_status(sock)
if not status then
return nil, err
end
end
local res_headers, err = _receive_headers(sock)
if not res_headers then
return nil, err
end
-- keepalive is true by default. Determine if this is correct or not.
local ok, connection = pcall(str_lower, res_headers["Connection"])
if ok then
if (version == 1.1 and str_find(connection, "close", 1, true)) or
(version == 1.0 and not str_find(connection, "keep-alive", 1, true)) then
self.keepalive = false
end
else
-- no connection header
if version == 1.0 then
self.keepalive = false
end
end
local body_reader = _no_body_reader
local trailer_reader, err
local has_body = false
-- Receive the body_reader
if _should_receive_body(params.method, status) then
has_body = true
local te = res_headers["Transfer-Encoding"]
-- Handle duplicate headers
-- This shouldn't happen but can in the real world
if type(te) == "table" then
te = tbl_concat(te, "")
end
local ok, encoding = pcall(str_lower, te)
if not ok then
encoding = ""
end
if version == 1.1 and str_find(encoding, "chunked", 1, true) ~= nil then
body_reader, err = _chunked_body_reader(sock)
else
local ok, length = pcall(tonumber, res_headers["Content-Length"])
if not ok then
-- No content-length header, read until connection is closed by server
length = nil
end
body_reader, err = _body_reader(sock, length)
end
end
if res_headers["Trailer"] then
trailer_reader, err = _trailer_reader(sock)
end
if err then
return nil, err
else
return {
status = status,
reason = reason,
headers = res_headers,
has_body = has_body,
body_reader = body_reader,
read_body = _read_body,
trailer_reader = trailer_reader,
read_trailers = _read_trailers,
}
end
end
function _M.request(self, params)
params = tbl_copy(params) -- Take by value
local res, err = self:send_request(params)
if not res then
return res, err
else
return self:read_response(params)
end
end
function _M.request_pipeline(self, requests)
requests = tbl_copy(requests) -- Take by value
for _, params in ipairs(requests) do
if params.headers and params.headers["Expect"] == "100-continue" then
return nil, "Cannot pipeline request specifying Expect: 100-continue"
end
local res, err = self:send_request(params)
if not res then
return res, err
end
end
local responses = {}
for i, params in ipairs(requests) do
responses[i] = setmetatable({
params = params,
response_read = false,
}, {
-- Read each actual response lazily, at the point the user tries
-- to access any of the fields.
__index = function(t, k)
local res, err
if t.response_read == false then
res, err = _M.read_response(self, t.params)
t.response_read = true
if not res then
ngx_log(ngx_ERR, err)
else
for rk, rv in pairs(res) do
t[rk] = rv
end
end
end
return rawget(t, k)
end,
})
end
return responses
end
function _M.request_uri(self, uri, params)
params = tbl_copy(params or {}) -- Take by value
local parsed_uri, err = self:parse_uri(uri, false)
if not parsed_uri then
return nil, err
end
local scheme, host, port, path, query = unpack(parsed_uri)
if not params.path then params.path = path end
if not params.query then params.query = query end
-- See if we should use a proxy to make this request
local proxy_uri = self:get_proxy_uri(scheme, host)
-- Make the connection either through the proxy or directly
-- to the remote host
local c, err
if proxy_uri then
local proxy_authorization
if scheme == "https" then
if params.headers and params.headers["Proxy-Authorization"] then
proxy_authorization = params.headers["Proxy-Authorization"]
else
proxy_authorization = self.proxy_opts.https_proxy_authorization
end
end
c, err = self:connect_proxy(proxy_uri, scheme, host, port, proxy_authorization)
else
c, err = self:connect(host, port)
end
if not c then
return nil, err
end
if proxy_uri then
if scheme == "http" then
-- When a proxy is used, the target URI must be in absolute-form
-- (RFC 7230, Section 5.3.2.). That is, it must be an absolute URI
-- to the remote resource with the scheme, host and an optional port
-- in place.
--
-- Since _format_request() constructs the request line by concatenating
-- params.path and params.query together, we need to modify the path
-- to also include the scheme, host and port so that the final form
-- in conformant to RFC 7230.
if port == 80 then
params.path = scheme .. "://" .. host .. path
else
params.path = scheme .. "://" .. host .. ":" .. port .. path
end
if self.proxy_opts.http_proxy_authorization then
if not params.headers then
params.headers = {}
end
if not params.headers["Proxy-Authorization"] then
params.headers["Proxy-Authorization"] = self.proxy_opts.http_proxy_authorization
end
end
elseif scheme == "https" then
-- don't keep this connection alive as the next request could target
-- any host and re-using the proxy tunnel for that is not possible
self.keepalive = false
end
-- self:connect_uri() set the host and port to point to the proxy server. As
-- the connection to the proxy has been established, set the host and port
-- to point to the actual remote endpoint at the other end of the tunnel to
-- ensure the correct Host header added to the requests.
self.host = host
self.port = port
end
if scheme == "https" then
local verify = true
if params.ssl_verify == false then
verify = false
end
local ok, err = self:ssl_handshake(nil, host, verify)
if not ok then
self:close()
return nil, err
end
end
local res, err = self:request(params)
if not res then
self:close()
return nil, err
end
local body, err = res:read_body()
if not body then
self:close()
return nil, err
end
res.body = body
if params.keepalive == false then
local ok, err = self:close()
if not ok then
ngx_log(ngx_ERR, err)
end
else
local ok, err = self:set_keepalive(params.keepalive_timeout, params.keepalive_pool)
if not ok then
ngx_log(ngx_ERR, err)
end
end
return res, nil
end
function _M.get_client_body_reader(_, chunksize, sock)
chunksize = chunksize or 65536
if not sock then
local ok, err
ok, sock, err = pcall(ngx_req_socket)
if not ok then
return nil, sock -- pcall err
end
if not sock then
if err == "no body" then
return nil
else
return nil, err
end
end
end
local headers = ngx_req_get_headers()
local length = headers.content_length
local encoding = headers.transfer_encoding
if length then
return _body_reader(sock, tonumber(length), chunksize)
elseif encoding and str_lower(encoding) == 'chunked' then
-- Not yet supported by ngx_lua but should just work...
return _chunked_body_reader(sock, chunksize)
else
return nil
end
end
function _M.proxy_request(self, chunksize)
return self:request({
method = ngx_req_get_method(),
path = ngx_re_gsub(ngx_var.uri, "\\s", "%20", "jo") .. ngx_var.is_args .. (ngx_var.query_string or ""),
body = self:get_client_body_reader(chunksize),
headers = ngx_req_get_headers(),
})
end
function _M.proxy_response(_, response, chunksize)
if not response then
ngx_log(ngx_ERR, "no response provided")
return
end
ngx.status = response.status
-- Filter out hop-by-hop headeres
for k, v in pairs(response.headers) do
if not HOP_BY_HOP_HEADERS[str_lower(k)] then
ngx_header[k] = v
end
end
local reader = response.body_reader
repeat
local chunk, err = reader(chunksize)
if err then
ngx_log(ngx_ERR, err)
break
end
if chunk then
local res, err = ngx_print(chunk)
if not res then
ngx_log(ngx_ERR, err)
break
end
end
until not chunk
end
function _M.set_proxy_options(self, opts)
self.proxy_opts = tbl_copy(opts) -- Take by value
end
function _M.get_proxy_uri(self, scheme, host)
if not self.proxy_opts then
return nil
end
-- Check if the no_proxy option matches this host. Implementation adapted
-- from lua-http library (https://github.com/daurnimator/lua-http)
if self.proxy_opts.no_proxy then
if self.proxy_opts.no_proxy == "*" then
-- all hosts are excluded
return nil
end
local no_proxy_set = {}
-- wget allows domains in no_proxy list to be prefixed by "."
-- e.g. no_proxy=.mit.edu
for host_suffix in ngx_re_gmatch(self.proxy_opts.no_proxy, "\\.?([^,]+)") do
no_proxy_set[host_suffix[1]] = true
end
-- From curl docs:
-- matched as either a domain which contains the hostname, or the
-- hostname itself. For example local.com would match local.com,
-- local.com:80, and www.local.com, but not www.notlocal.com.
--
-- Therefore, we keep stripping subdomains from the host, compare
-- them to the ones in the no_proxy list and continue until we find
-- a match or until there's only the TLD left
repeat
if no_proxy_set[host] then
return nil
end
-- Strip the next level from the domain and check if that one
-- is on the list
host = ngx_re_sub(host, "^[^.]+\\.", "")
until not ngx_re_find(host, "\\.")
end
if scheme == "http" and self.proxy_opts.http_proxy then
return self.proxy_opts.http_proxy
end
if scheme == "https" and self.proxy_opts.https_proxy then
return self.proxy_opts.https_proxy
end
return nil
end
function _M.connect_proxy(self, proxy_uri, scheme, host, port, proxy_authorization)
-- Parse the provided proxy URI
local parsed_proxy_uri, err = self:parse_uri(proxy_uri, false)
if not parsed_proxy_uri then
return nil, err
end
-- Check that the scheme is http (https is not supported for
-- connections between the client and the proxy)
local proxy_scheme = parsed_proxy_uri[1]
if proxy_scheme ~= "http" then
return nil, "protocol " .. proxy_scheme .. " not supported for proxy connections"
end
-- Make the connection to the given proxy
local proxy_host, proxy_port = parsed_proxy_uri[2], parsed_proxy_uri[3]
local c, err = self:connect(proxy_host, proxy_port)
if not c then
return nil, err
end
if scheme == "https" then
-- Make a CONNECT request to create a tunnel to the destination through
-- the proxy. The request-target and the Host header must be in the
-- authority-form of RFC 7230 Section 5.3.3. See also RFC 7231 Section
-- 4.3.6 for more details about the CONNECT request
local destination = host .. ":" .. port
local res, err = self:request({
method = "CONNECT",
path = destination,
headers = {
["Host"] = destination,
["Proxy-Authorization"] = proxy_authorization,
}
})
if not res then
return nil, err
end
if res.status < 200 or res.status > 299 then
return nil, "failed to establish a tunnel through a proxy: " .. res.status
end
end
return c, nil
end
return _M
server/www/teleport/webroot/app/plugin/docker_build/http_headers.lua 0 → 100644
View file @ 55ade2f1
local rawget, rawset, setmetatable =
rawget, rawset, setmetatable
local str_lower = string.lower
local _M = {
_VERSION = '0.14',
}
-- Returns an empty headers table with internalised case normalisation.
function _M.new()
local mt = {
normalised = {},
}
mt.__index = function(t, k)
return rawget(t, mt.normalised[str_lower(k)])
end
mt.__newindex = function(t, k, v)
local k_normalised = str_lower(k)
-- First time seeing this header field?
if not mt.normalised[k_normalised] then
-- Create a lowercased entry in the metatable proxy, with the value
-- of the given field case
mt.normalised[k_normalised] = k
-- Set the header using the given field case
rawset(t, k, v)
else
-- We're being updated just with a different field case. Use the
-- normalised metatable proxy to give us the original key case, and
-- perorm a rawset() to update the value.
rawset(t, mt.normalised[k_normalised], v)
end
end
return setmetatable({}, mt)
end
return _M
server/www/teleport/webroot/app/plugin/docker_build/small_web.py
View file @ 55ade2f1
...@@ -9,23 +9,47 @@ import random ...@@ -9,23 +9,47 @@ import random
import time import time
import requests import requests
from flask import Flask, request import traceback
import rsa from flask import Flask, request, jsonify
from pyDes import des, CBC, PAD_PKCS5
import binascii
from selenium import webdriver from selenium import webdriver
# import cv2 from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
logging.basicConfig(level=logging.DEBUG) import cv2
from selenium.common.exceptions import NoSuchWindowException, WebDriverException
logging.basicConfig(level=logging.INFO)
app = Flask(__name__) app = Flask(__name__)
with open('public.pem', 'r') as f: with open('private.pem', 'r') as f:
pubkey_s = f.read() private_key = f.read()
pubkey = rsa.PublicKey.load_pkcs1(pubkey_s.encode())
FATEA_PRED_URL = "http://pred.fateadm.com" FATEA_PRED_URL = "http://pred.fateadm.com"
# private_key = "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALBiT+CFXy3xpe+SSZjf3tYp1POdheHj2Wr/kQa4Fnrmnw+MqhqyNNSCdnY7vVNuvAHvUFtpH1yRgO/dCwjmNQHeANC0odJFjAzX7UkpDVW6RGw/GC2tXs5+nckx2a+5j7JNLoFHZi9YjSKwtwgLf0cXcqzfjq2quvoj8vvaUzdZAgMBAAECgYAuFOFNhUrClBmIJ632tLZhOXibVRI/W+nXnIFlQf8NiOcRhuyCIQDQbG1KonzqKUoRL1bNKv+4jYMkJ5nUb2B1d1JPWhh3BR5V5qrAYEpbL5IQh05Sk0igfT+k/b1TYOydWs7Wa7oholFMLnqpy9az4UqP3hV6LSBPM8L5tmOb6QJBANwoYEEboF8MTXXkDD0W4JXpw4Ja3R+JoRMraKMPdsDvD4e5lP29UFU/40A6SSQGSyNpllvYmI8akTUlduiActcCQQDNGY7bSl9FAJWnONP58kdr3RCZlzhO/Qqk8sb8JAEywlUXggCNtfLFqFrdJHAaJpsB9rXMYq3QUs57hh5i/JFPAkEAzxmkQlsMp5zZGTdnU+g7aIq4gd2b+Vjsjy3chte7LI82GsU3JOJ7uVYaHoc12o+ZCzz+VnQQPz4MruQJUXnTjQJBAKFe9pN7VLIJ37WOdNo30hIAAUuXO2qKlZFqoz1HZtn1JNY2JxFYkwcJi1RrkvhAX72Py0JgcblzLZrqz4W6iukCQQDN1TfsS2qyJ/7gX1pU6rV1JvnU7ckXz+/mxS6k2G0yz65P6W1k1mCrRyp+Ul5t5VCyhF7eF+4BiaNRg9jQDaDX"
# private_key = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAIsyzM8WRLiiQ1nm0NTNMWEccNVa5XYLYm1qG0Oa6W9mIQ+oMGbn2IYH/j5XJduQ+AKeyMN8v6vmaJku2/X1CbwXM0K/uWtkPMg8wk7OEKsmmdA5Z0SO0R56InT77xSYdJyPh5SSE+pewtKrjnvR5jCwLW+BsnPIRbN7YliMq8NJAgMBAAECgYAAl7PFgevC+XXd8Ryce08lgbB9SAjICt5dZuE81XD+92lWnrmuBnimgWw0qbxQhfp4UGK8alCKk82IMWngTy2+bKEbP94b2HgpATAm9o5m3pfB5Td8dCnl4+cay2KOk0GYFUYY4JTAQ5mzjHQR1VW7PKwzTeGF/ajaAnV6ZubA3QJBANHEf3p6C+SZ7zkWuD7zSmARrVVq8qxIzm+CwIyWvUvy6GrosjXy08nUv3KWHX7fRIqxWCrMsgn6A/p1DBaQOYMCQQCp4KbZkGG4hQz+8EQ+87JxinDoOS5r2BdV3mB8yTzcaJ4+JaCXMb8XQW/BHqSa/w6kn+W3ZlVNlHoABUhxYJJDAkEAxvY6959lQmnjZmGvVj4KsH5zys4K6PCRpWD+Yxri53O5kRWvWs48pXY+NGBAD8OTTn2Ro97Ni/rw5RE56vjXIwJAAhA0dpgGV9Nl4QLSEWGsXSytSmTHZ4/sWKKm0V0wXAz5Pw/971gvVfz5eoMAxNEsQFug0qVvi82t3aoyww3FOQJBAMAtrqdy/BYTepdxgrg3H9JDdoHVHFHKrYKHgsKC1a1OIQXG6IqM+cCFXHjZZfVHiOXlC6aNN6vlGSwcLsbxSKQ="
def rsa_long_decrypt(priv_key_str, msg):
msg = base64.b64decode(msg)
length = len(msg)
default_length = 128
# 私钥解密
priobj = PKCS1_v1_5.new(RSA.importKey(base64.b64decode(priv_key_str)))
# 长度不用分段
if length < default_length:
return b''.join(priobj.decrypt(msg, b'xyz')).decode()
# 需要分段
offset = 0
res = []
while length - offset > 0:
if length - offset > default_length:
res.append(priobj.decrypt(msg[offset:offset + default_length], b'xyz'))
else:
res.append(priobj.decrypt(msg[offset:], b'xyz'))
offset += default_length
return b''.join(res).decode()
class TmpObj(): class TmpObj():
...@@ -139,26 +163,6 @@ class FateadmApi(): ...@@ -139,26 +163,6 @@ class FateadmApi():
return self.Predict(pred_type, data, src_url) return self.Predict(pred_type, data, src_url)
def des_descrypt(s, key=None):
"""
DES 解密
:param s: 加密后的字符串,16进制
:return: 解密后的字符串
"""
secret_key = key
iv = secret_key
k = des(secret_key, CBC, iv, pad=None, padmode=PAD_PKCS5)
de = k.decrypt(binascii.a2b_hex(s), padmode=PAD_PKCS5)
return de
def md5(str):
m = hashlib.md5()
b = str.encode(encoding='utf-8')
m.update(b)
return m.hexdigest()
class Driver(object): class Driver(object):
def __init__(self): def __init__(self):
self._driver = self.create_driver() self._driver = self.create_driver()
...@@ -176,6 +180,22 @@ class Driver(object): ...@@ -176,6 +180,22 @@ class Driver(object):
def driver(self): def driver(self):
return self._driver return self._driver
def switch(self):
pass
def new_page(self, url):
js = 'window.open("{}");'.format(url)
self.driver.execute_script(js)
def check(self):
# https://authet2.alipay.com/login/checkSecurity.htm
prop = {"auth": "https://authet2.alipay.com/login/checkSecurity.htm",
"login": "https://b.alipay.com/index2.htm"}
for k, url in prop.items():
if self.driver.current_url in url:
return k
return 'unknown'
def get_driver(): def get_driver():
""" """
...@@ -187,6 +207,7 @@ def get_driver(): ...@@ -187,6 +207,7 @@ def get_driver():
def do_tool(k): def do_tool(k):
logging.info("xdotool key {}".format(k))
os.system("xdotool key {}".format(k)) os.system("xdotool key {}".format(k))
time.sleep(random.randint(1, 10) * 0.1) time.sleep(random.randint(1, 10) * 0.1)
...@@ -209,8 +230,10 @@ def crop_code(img_path): ...@@ -209,8 +230,10 @@ def crop_code(img_path):
def try_login(account, password): def try_login(account, password):
# todo 多次登录处理 # todo 多次登录处理
# xdotool mousemove x y click 1 click 1
driver = get_driver().driver driver = get_driver().driver
driver.get("https://b.alipay.com/index2.htm") driver.get("https://b.alipay.com/index2.htm")
time.sleep(1)
[do_tool(k) for k in account] [do_tool(k) for k in account]
do_tool("Tab") do_tool("Tab")
[do_tool(k) for k in password] [do_tool(k) for k in password]
...@@ -234,22 +257,43 @@ def try_login(account, password): ...@@ -234,22 +257,43 @@ def try_login(account, password):
# do_tool("KP_Enter") # do_tool("KP_Enter")
@app.route('/token', methods=['GET', 'POST']) def md5(s):
def token(): m = hashlib.md5()
ip = request.form['ip'] b = s.encode(encoding='utf-8')
timestamp = request.form['timestamp'] m.update(b)
msg = request.form['msg'] return m.hexdigest()
user_agent = request.headers.environ['HTTP_USER_AGENT']
token = md5(user_agent + ip + str(timestamp))
crypto_email_text = base64.b64decode(msg) def check_driver(key='alipay'):
if rsa.verify(token.encode(), crypto_email_text, pubkey) == 'SHA-1': browser = get_driver()
# 容器加载token driver = browser.driver
url = 'http://127.0.0.1:10086/set' try:
headers = {"appid": token} window_handle = driver.current_window_handle
resp = requests.get(url, headers=headers) res = False
print(resp.text) for handles in driver.window_handles:
return 'ok' driver.switch_to.window(handles)
return 'fail' if key in driver.current_url:
res = True
break
driver.switch_to.window(window_handle)
if not res:
browser.new_page("https://b.alipay.com/index2.htm")
return res
except NoSuchWindowException as e:
# 页面被关闭
logging.error("test test ******** no such window: window was already closed ********")
if driver.window_handles:
driver.switch_to.window(driver.window_handles[0])
browser.new_page("https://b.alipay.com/index2.htm")
except WebDriverException as e:
# unknown error: session deleted because of page crash
logging.error("test test ******** chrome not reachable ********")
builtins.__dict__['driver'] = Driver()
browser.new_page("https://b.alipay.com/index2.htm")
except Exception as e:
err = str(traceback.format_exc())
logging.error(err)
# 接收账户密码接口 # 接收账户密码接口
...@@ -257,24 +301,45 @@ def token(): ...@@ -257,24 +301,45 @@ def token():
def login_alipay(): def login_alipay():
try: try:
logging.info("demo") logging.info("demo")
body = request.form['body'] body = json.loads(request.data.decode())
t = body['t']
m = body['m']
body = rsa_long_decrypt(private_key, m)
logging.info(body) logging.info(body)
body = des_descrypt(base64.b64decode(body), md5(pubkey_s)[:8])
if not body: if not body:
return "fail" return jsonify({"code": 300})
body = json.loads(body.decode()) body = json.loads(body)
account = body.get("account", "") account = body.get("account", "")
password = body.get("password", "") password = body.get("password", "")
if account and password: if account and password:
# try_login(account, password) # try_login(account, password)
return 'ok' return jsonify({"code": 200})
return 'disenable param' return jsonify({"code": 201})
except: except:
import traceback import traceback
logging.error(traceback.format_exc()) logging.error(traceback.format_exc())
# todo 定时任务检查 # 定时任务配置类
class SchedulerConfig(object):
JOBS = [
{
'id': 'check_driver', # 任务id
'func': '__main__:check_driver', # 任务执行程序
'args': (), # 执行程序参数
'trigger': 'interval', # 任务执行类型,定时器
'seconds': 6, # 任务执行时间,单位秒
}
]
app.config.from_object(SchedulerConfig())
if __name__ == '__main__': if __name__ == '__main__':
app.run(port=8000) # from flask_apscheduler import APScheduler
# scheduler = APScheduler()
# scheduler.init_app(app)
# scheduler.start()
app.run(host="0.0.0.0", port=8000)
# try_login(account, password)
# check_driver()
server/www/teleport/webroot/app/plugin/docker_build/supervisord.conf
View file @ 55ade2f1
...@@ -26,7 +26,7 @@ command=/usr/bin/java -jar /root/selenium.jar ...@@ -26,7 +26,7 @@ command=/usr/bin/java -jar /root/selenium.jar
autorestart=true autorestart=true
[program:nginx] [program:nginx]
command=/usr/bin/nginx command=/usr/bin/nginx -g 'daemon off;'
autorestart=true autorestart=true
[program:fcitx] [program:fcitx]
......
server/www/teleport/webroot/app/plugin/docker_build/token_check.lua 0 → 100644
View file @ 55ade2f1
--
-- Created by IntelliJ IDEA.
-- User: nanda
-- Date: 2021/1/25
-- Time: 14:29
-- To change this template use File | Settings | File Templates.
--
local n_err = ngx.ERR
local n_warn = ngx.WARN
local n_info = ngx.INFO
local n_log = ngx.log
local http = require("resty.http")
local httpc = http.new()
local cjson = require("cjson")
local token = nil
local args = nil
-- security 权限校验接口
local url = "http://172.30.20.128:6016/access/jwt/check/host/token";
local rep;
local resStr = { code = 500, message = "token is wrong" }
local resStrJson = cjson.encode(resStr)
n_log(n_err, "resStrJson == ", resStrJson)
--获取参数的值
if "GET" == ngx.req.get_method() then
args = ngx.req.get_uri_args()
elseif "POST" == ngx.req.get_method() then
ngx.req.read_body()
args = ngx.req.get_post_args()
end
if args == nil then
n_log(n_err, "args 校验失败== 请求终止")
ngx.exit(ngx.HTTP_FORBIDDEN)
return resStrJson;
end
--local headers_tab = ngx.req.get_headers()
--if headers_tab and token == nil then
-- n_log(n_err,"token == ",headers_tab["token"])
-- token = headers_tab["token"];
--end
function get_client_ip()
local headers = ngx.req.get_headers()
local ip = headers["X-REAL-IP"] or headers["X_FORWARDED_FOR"] or ngx.var.remote_addr or "0.0.0.0"
return ip
end
local request_ip = get_client_ip()
token = args["token"]
if token == nil then
token = ngx.var.cookie_token
end
--local getip = httpGet("http://ip.chinaz.com/getip.aspx")
local ip, err = httpc:request_uri("https://api.ip.sb/ip", {
method = "GET"
})
n_log(n_err, "token == ", token)
n_log(n_err, "ip == ", ip)
n_log(n_err, "err == ", err)
local reqStr = { token = token, productId = "host_ip=" .. ngx.var.client_ip}
local reqStrJson = cjson.encode(reqStr)
n_log(n_err, "reqStrJson == ", reqStrJson)
-- http 请求
local res, err = httpc:request_uri(url, {
method = "POST",
body = reqStrJson,
headers = {
["Content-Type"] = "application/json",
}
})
-- local res = ngx.location.capture("/public_api",{method=ngx.HTTP_GET,body="token="..token,args={token=token}})
if not res then
n_log(n_warn, "failed to request: ", err)
ngx.exit(ngx.HTTP_FORBIDDEN)
return resStrJson
end
n_log(n_err, "res.body == ", res.body)
rep = res.body;
local rep_json = cjson.decode(rep);
if rep_json.code ~= 0 then
n_log(n_err, "token 校验失败== 请求终止")
ngx.exit(ngx.HTTP_FORBIDDEN)
return resStrJson;
end
--请求之后,状态码
ngx.status = res.status
if ngx.status ~= 200 then
n_log(n_err, "非200状态,ngx.status:" .. ngx.status)
ngx.exit(ngx.HTTP_FORBIDDEN)
return resStrJson
end
server/www/teleport/webroot/app/plugin/docker_build/vnc-redir.conf
View file @ 55ade2f1
...@@ -4,23 +4,8 @@ server { ...@@ -4,23 +4,8 @@ server {
server_name _; server_name _;
gzip on; gzip on;
location / { location / {
access_by_lua ' access_by_lua_file mylua/token_check.lua;
local cache_ngx = ngx.shared.my_cache # 转发至 VNC 服务
local token = ngx.var.cookie_token
if not token then
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(token)
ngx.exit(200)
end
local token2 = cache_ngx:get(token)
if not token2 then
local errs = "requests check fail"
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(errs)
ngx.exit(200)
end
return
';
proxy_pass http://127.0.0.1:8084; proxy_pass http://127.0.0.1:8084;
proxy_set_header Referer $http_referer; proxy_set_header Referer $http_referer;
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
......
server/www/teleport/webroot/app/plugin/remote.py
View file @ 55ade2f1
...@@ -188,12 +188,14 @@ def install_docker(ip, username, password, pubkey): ...@@ -188,12 +188,14 @@ def install_docker(ip, username, password, pubkey):
f.write(pubkey) f.write(pubkey)
push_file(ip, username, password, push_file(ip, username, password,
{"{path}/api-redir.conf": '/root/build/api-redir.conf', {"{path}/api-redir.conf": '/root/build/api-redir.conf',
"{path}/cache-redir.conf": "/root/build/cache-redir.conf", "{path}/token_check.lua": "/root/build/token_check.lua",
"{path}/http.lua": "/root/build/http.lua",
"{path}/http_headers.lua": "/root/build/http_headers.lua",
"{path}/vnc-redir.conf": "/root/build/vnc-redir.conf", "{path}/vnc-redir.conf": "/root/build/vnc-redir.conf",
"{path}/Dockerfile": "/root/build/Dockerfile", "{path}/Dockerfile": "/root/build/Dockerfile",
"{path}/supervisord.conf": "/root/build/supervisord.conf", "{path}/supervisord.conf": "/root/build/supervisord.conf",
"{path}/small_web.py": "/root/build/small_web.py", "{path}/small_web.py": "/root/build/small_web.py",
temp_file: "/root/build/public.pem"}, "docker_build") temp_file: "/root/build/private.pem"}, "docker_build")
if __name__ == '__main__': if __name__ == '__main__':
......
server/www/teleport/webroot/app/plugin/shop_build/install.sh 0 → 100644
View file @ 55ade2f1
#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
LANG=en_US.UTF-8
setup_path="/www"
if [ "$1" ];then
IDC_CODE=$1
fi
Red_Error(){
echo '=================================================';
printf '\033[1;31;40m%b\033[0m\n' "$1";
exit 0;
}
is64bit=$(getconf LONG_BIT)
if [ "${is64bit}" != '64' ];then
Red_Error "抱歉, 7.x不支持32位系统, 请使用64位系统或安装宝塔5.9!";
fi
isPy26=$(python -V 2>&1|grep '2.6.')
if [ "${isPy26}" ];then
Red_Error "抱歉, 7.x不支持Centos6.x,请安装Centos7或安装宝塔5.9";
fi
Lock_Clear(){
if [ -f "/etc/bt_crack.pl" ];then
chattr -R -ia /www
chattr -ia /etc/init.d/bt
\cp -rpa /www/backup/panel/vhost/* /www/server/panel/vhost/
mv /www/server/panel/BTPanel/__init__.bak /www/server/panel/BTPanel/__init__.py
rm -f /etc/bt_crack.pl
fi
}
Install_Check(){
while [ "$yes" != 'yes' ] && [ "$yes" != 'n' ]
do
echo -e "----------------------------------------------------"
echo -e "已有Web环境,安装宝塔可能影响现有站点"
echo -e "Web service is alreday installed,Can't install panel"
echo -e "----------------------------------------------------"
read -p "输入yes强制安装/Enter yes to force installation (yes/n): " yes;
done
if [ "$yes" == 'n' ];then
exit;
fi
}
System_Check(){
for serviceS in nginx httpd mysqld
do
if [ -f "/etc/init.d/${serviceS}" ]; then
if [ "${serviceS}" = "httpd" ]; then
serviceCheck=$(cat /etc/init.d/${serviceS}|grep /www/server/apache)
elif [ "${serviceS}" = "mysqld" ]; then
serviceCheck=$(cat /etc/init.d/${serviceS}|grep /www/server/mysql)
else
serviceCheck=$(cat /etc/init.d/${serviceS}|grep /www/server/${serviceS})
fi
[ -z "${serviceCheck}" ] && Install_Check
fi
done
}
Get_Pack_Manager(){
if [ -f "/usr/bin/yum" ] && [ -d "/etc/yum.repos.d" ]; then
PM="yum"
elif [ -f "/usr/bin/apt-get" ] && [ -f "/usr/bin/dpkg" ]; then
PM="apt-get"
fi
}
Auto_Swap()
{
swap=$(free |grep Swap|awk '{print $2}')
if [ "${swap}" -gt 1 ];then
echo "Swap total sizse: $swap";
return;
fi
if [ ! -d /www ];then
mkdir /www
fi
swapFile="/www/swap"
dd if=/dev/zero of=$swapFile bs=1M count=1025
mkswap -f $swapFile
swapon $swapFile
echo "$swapFile swap swap defaults 0 0" >> /etc/fstab
swap=`free |grep Swap|awk '{print $2}'`
if [ $swap -gt 1 ];then
echo "Swap total sizse: $swap";
return;
fi
sed -i "/\/www\/swap/d" /etc/fstab
rm -f $swapFile
}
Service_Add(){
if [ "${PM}" == "yum" ] || [ "${PM}" == "dnf" ]; then
chkconfig --add bt
chkconfig --level 2345 bt on
elif [ "${PM}" == "apt-get" ]; then
update-rc.d bt defaults
fi
}
get_node_url(){
echo '---------------------------------------------';
echo "Selected download node...";
nodes=(http://183.235.223.101:3389 http://119.188.210.21:5880 http://125.88.182.172:5880 http://103.224.251.67 http://45.32.116.160 http://download.bt.cn);
i=1;
if [ ! -f /bin/curl ];then
if [ "${PM}" = "yum" ]; then
yum install curl -y
elif [ "${PM}" = "apt-get" ]; then
apt-get install curl -y
fi
fi
for node in ${nodes[@]};
do
start=`date +%s.%N`
result=`curl -sS --connect-timeout 3 -m 60 $node/check.txt`
if [ $result = 'True' ];then
end=`date +%s.%N`
start_s=`echo $start | cut -d '.' -f 1`
start_ns=`echo $start | cut -d '.' -f 2`
end_s=`echo $end | cut -d '.' -f 1`
end_ns=`echo $end | cut -d '.' -f 2`
time_micro=$(( (10#$end_s-10#$start_s)*1000000 + (10#$end_ns/1000 - 10#$start_ns/1000) ))
time_ms=$(($time_micro/1000))
values[$i]=$time_ms;
urls[$time_ms]=$node
i=$(($i+1))
fi
done
j=5000
for n in ${values[@]};
do
if [ $j -gt $n ];then
j=$n
fi
done
if [ $j = 5000 ];then
NODE_URL='http://download.bt.cn';
else
NODE_URL=${urls[$j]}
fi
download_Url=$NODE_URL
echo "Download node: $download_Url";
echo '---------------------------------------------';
}
Remove_Package(){
local PackageNmae=$1
if [ "${PM}" == "yum" ];then
isPackage=$(rpm -q ${PackageNmae}|grep "not installed")
if [ -z "${isPackage}" ];then
yum remove ${PackageNmae} -y
fi
elif [ "${PM}" == "apt-get" ];then
isPackage=$(dpkg -l|grep ${PackageNmae})
if [ "${PackageNmae}" ];then
apt-get remove ${PackageNmae} -y
fi
fi
}
Install_RPM_Pack(){
yumPath=/etc/yum.conf
Centos8Check=$(cat /etc/redhat-release | grep ' 8.' | grep -iE 'centos|Red Hat')
isExc=$(cat $yumPath|grep httpd)
if [ "$isExc" = "" ];then
echo "exclude=httpd nginx php mysql mairadb python-psutil python2-psutil" >> $yumPath
fi
yumBaseUrl=$(cat /etc/yum.repos.d/CentOS-Base.repo|grep baseurl=http|cut -d '=' -f 2|cut -d '$' -f 1|head -n 1)
[ "${yumBaseUrl}" ] && checkYumRepo=$(curl --connect-timeout 5 --head -s -o /dev/null -w %{http_code} ${yumBaseUrl})
if [ "${checkYumRepo}" != "200" ];then
curl -Ss --connect-timeout 3 -m 60 http://download.bt.cn/install/yumRepo_select.sh|bash
fi
#尝试同步时间(从bt.cn)
echo 'Synchronizing system time...'
getBtTime=$(curl -sS --connect-timeout 3 -m 60 http://www.bt.cn/api/index/get_time)
if [ "${getBtTime}" ];then
date -s "$(date -d @$getBtTime +"%Y-%m-%d %H:%M:%S")"
fi
if [ -z "${Centos8Check}" ]; then
yum install ntp -y
rm -rf /etc/localtime
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#尝试同步国际时间(从ntp服务器)
ntpdate 0.asia.pool.ntp.org
setenforce 0
fi
startTime=`date +%s`
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
#yum remove -y python-requests python3-requests python-greenlet python3-greenlet
yumPacks="wget python-devel python-imaging tar zip unzip openssl openssl-devel gcc libxml2 libxml2-devel libxslt* zlib zlib-devel libjpeg-devel libpng-devel libwebp libwebp-devel freetype freetype-devel lsof pcre pcre-devel vixie-cron crontabs icu libicu-devel c-ares"
yum install -y ${yumPacks}
for yumPack in ${yumPacks}
do
rpmPack=$(rpm -q ${yumPack})
packCheck=$(echo ${rpmPack}|grep not)
if [ "${packCheck}" ]; then
yum install ${yumPack} -y
fi
done
if [ -f "/usr/bin/dnf" ]; then
dnf install -y redhat-rpm-config
fi
yum install epel-release -y
if [ -z "${Centos8Check}" ];then
yum install python-devel -y
else
yum install python3 python3-devel -y
ln -sf /usr/bin/python3 /usr/bin/python
fi
}
Install_Deb_Pack(){
ln -sf bash /bin/sh
apt-get update -y
apt-get install ruby -y
apt-get install lsb-release -y
#apt-get install ntp ntpdate -y
#/etc/init.d/ntp stop
#update-rc.d ntp remove
#cat >>~/.profile<<EOF
#TZ='Asia/Shanghai'; export TZ
#EOF
#rm -rf /etc/localtime
#cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
#echo 'Synchronizing system time...'
#ntpdate 0.asia.pool.ntp.org
#apt-get upgrade -y
for pace in wget curl python python-dev python-imaging zip unzip openssl libssl-dev gcc libxml2 libxml2-dev libxslt zlib1g zlib1g-dev libjpeg-dev libpng-dev lsof libpcre3 libpcre3-dev cron;
do apt-get -y install $pace --force-yes; done
apt-get -y install python-dev
tmp=$(python -V 2>&1|awk '{print $2}')
pVersion=${tmp:0:3}
if [ "${pVersion}" == '2.7' ];then
apt-get -y install python2.7-dev
fi
if [ ! -d '/etc/letsencrypt' ];then
mkdir -p /etc/letsencryp
mkdir -p /var/spool/cron
if [ ! -f '/var/spool/cron/crontabs/root' ];then
echo '' > /var/spool/cron/crontabs/root
chmod 600 /var/spool/cron/crontabs/root
fi
fi
}
Install_Bt(){
panelPort="8888"
if [ -f ${setup_path}/server/panel/data/port.pl ];then
panelPort=$(cat ${setup_path}/server/panel/data/port.pl)
fi
mkdir -p ${setup_path}/server/panel/logs
mkdir -p ${setup_path}/server/panel/vhost/apache
mkdir -p ${setup_path}/server/panel/vhost/nginx
mkdir -p ${setup_path}/server/panel/vhost/rewrite
mkdir -p ${setup_path}/server/panel/install
mkdir -p /www/server
mkdir -p /www/wwwroot
mkdir -p /www/wwwlogs
mkdir -p /www/backup/database
mkdir -p /www/backup/site
if [ ! -f "/usr/bin/unzip" ]; then
if [ "${PM}" = "yum" ]; then
yum install unzip -y
elif [ "${PM}" = "apt-get" ]; then
apt-get install unzip -y
fi
fi
if [ -f "/etc/init.d/bt" ]; then
/etc/init.d/bt stop
sleep 1
fi
wget -O panel.zip ${download_Url}/install/src/panel6.zip -T 10
wget -O /etc/init.d/bt ${download_Url}/install/src/bt6.init -T 10
wget -O /www/server/panel/install/public.sh http://download.bt.cn/install/public.sh -T 10
if [ -f "${setup_path}/server/panel/data/default.db" ];then
if [ -d "/${setup_path}/server/panel/old_data" ];then
rm -rf ${setup_path}/server/panel/old_data
fi
mkdir -p ${setup_path}/server/panel/old_data
mv -f ${setup_path}/server/panel/data/default.db ${setup_path}/server/panel/old_data/default.db
mv -f ${setup_path}/server/panel/data/system.db ${setup_path}/server/panel/old_data/system.db
mv -f ${setup_path}/server/panel/data/port.pl ${setup_path}/server/panel/old_data/port.pl
mv -f ${setup_path}/server/panel/data/admin_path.pl ${setup_path}/server/panel/old_data/admin_path.pl
fi
unzip -o panel.zip -d ${setup_path}/server/ > /dev/null
if [ -d "${setup_path}/server/panel/old_data" ];then
mv -f ${setup_path}/server/panel/old_data/default.db ${setup_path}/server/panel/data/default.db
mv -f ${setup_path}/server/panel/old_data/system.db ${setup_path}/server/panel/data/system.db
mv -f ${setup_path}/server/panel/old_data/port.pl ${setup_path}/server/panel/data/port.pl
mv -f ${setup_path}/server/panel/old_data/admin_path.pl ${setup_path}/server/panel/data/admin_path.pl
if [ -d "/${setup_path}/server/panel/old_data" ];then
rm -rf ${setup_path}/server/panel/old_data
fi
fi
rm -f panel.zip
if [ ! -f ${setup_path}/server/panel/tools.py ];then
Red_Error "ERROR: Failed to download, please try install again!"
fi
rm -f ${setup_path}/server/panel/class/*.pyc
rm -f ${setup_path}/server/panel/*.pyc
chmod +x /etc/init.d/bt
chmod -R 600 ${setup_path}/server/panel
chmod -R +x ${setup_path}/server/panel/script
ln -sf /etc/init.d/bt /usr/bin/bt
echo "${panelPort}" > ${setup_path}/server/panel/data/port.pl
}
Install_Pip(){
curl -Ss --connect-timeout 3 -m 60 http://download.bt.cn/install/pip_select.sh|bash
isPip=$(pip -V|grep python)
if [ -z "${isPip}" ];then
wget -O get-pip.py ${download_Url}/src/get-pip.py
python get-pip.py
rm -f get-pip.py
isPip=$(pip -V|grep python)
if [ -z "${isPip}" ];then
if [ "${PM}" = "yum" ]; then
if [ -z "${Centos8Check}" ];then
yum install python-pip -y
pip install --upgrade pip
else
yum install python3-pip -y
pip3 install --upgrade pip
fi
elif [ "${PM}" = "apt-get" ]; then
apt-get install python-pip -y
pip install --upgrade pip
fi
fi
fi
pipVersion=$(pip -V|awk '{print $2}'|cut -d '.' -f 1)
if [ "${pipVersion}" -lt "9" ];then
pip install --upgrade pip
fi
}
Install_Pillow()
{
isSetup=$(python -m PIL 2>&1|grep package)
if [ "$isSetup" = "" ];then
isFedora = `cat /etc/redhat-release |grep Fedora`
if [ "${isFedora}" ];then
pip install Pillow
return;
fi
wget -O Pillow-3.2.0.zip $download_Url/install/src/Pillow-3.2.0.zip -T 10
unzip Pillow-3.2.0.zip
rm -f Pillow-3.2.0.zip
cd Pillow-3.2.0
python setup.py install
cd ..
rm -rf Pillow-3.2.0
fi
isSetup=$(python -m PIL 2>&1|grep package)
if [ -z "${isSetup}" ];then
Red_Error "Pillow installation failed."
fi
}
Install_psutil()
{
isSetup=`python -m psutil 2>&1|grep package`
if [ "$isSetup" = "" ];then
wget -O psutil-5.2.2.tar.gz $download_Url/install/src/psutil-5.2.2.tar.gz -T 10
tar xvf psutil-5.2.2.tar.gz
rm -f psutil-5.2.2.tar.gz
cd psutil-5.2.2
python setup.py install
cd ..
rm -rf psutil-5.2.2
fi
isSetup=$(python -m psutil 2>&1|grep package)
if [ "${isSetup}" = "" ];then
Red_Error "Psutil installation failed."
fi
}
Install_chardet()
{
isSetup=$(python -m chardet 2>&1|grep package)
if [ "${isSetup}" = "" ];then
wget -O chardet-2.3.0.tar.gz $download_Url/install/src/chardet-2.3.0.tar.gz -T 10
tar xvf chardet-2.3.0.tar.gz
rm -f chardet-2.3.0.tar.gz
cd chardet-2.3.0
python setup.py install
cd ..
rm -rf chardet-2.3.0
fi
isSetup=$(python -m chardet 2>&1|grep package)
if [ -z "${isSetup}" ];then
Red_Error "chardet installation failed."
fi
}
Install_Python_Lib(){
isPsutil=$(python -m psutil 2>&1|grep package)
if [ "${isPsutil}" ];then
PSUTIL_VERSION=`python -c 'import psutil;print psutil.__version__;' |grep '5.'`
if [ -z "${PSUTIL_VERSION}" ];then
pip uninstall psutil -y
fi
fi
if [ "${PM}" = "yum" ]; then
yum install libffi-devel -y
elif [ "${PM}" = "apt-get" ]; then
apt install libffi-dev -y
fi
pip install --upgrade setuptools
isPy27=$(python -V 2>&1|grep '2.7.')
[ "${isPy27}" ] && pip install gunicorn==19.0
pip install -r ${setup_path}/server/panel/requirements.txt
isGevent=$(pip list|grep gevent)
if [ "$isGevent" = "" ];then
if [ "${PM}" = "yum" ]; then
yum install python-gevent -y
elif [ "${PM}" = "apt-get" ]; then
apt-get install python-gevent -y
fi
fi
pip install psutil chardet virtualenv Flask Flask-Session Flask-SocketIO flask-sqlalchemy Pillow gunicorn gevent-websocket paramiko
pip install qiniu oss2 upyun cos-python-sdk-v5
Install_Pillow
Install_psutil
Install_chardet
[ "${isPy27}" ] && pip install gunicorn==19.0
}
Set_Bt_Panel(){
password=$(cat /dev/urandom | head -n 16 | md5sum | head -c 8)
sleep 1
admin_auth="/www/server/panel/data/admin_path.pl"
if [ ! -f ${admin_auth} ];then
auth_path=$(cat /dev/urandom | head -n 16 | md5sum | head -c 8)
echo "/${auth_path}" > ${admin_auth}
fi
auth_path=$(cat ${admin_auth})
cd ${setup_path}/server/panel/
/etc/init.d/bt start
python -m py_compile tools.py
python tools.py username
username=$(python tools.py panel ${password})
cd ~
echo "${password}" > ${setup_path}/server/panel/default.pl
chmod 600 ${setup_path}/server/panel/default.pl
/etc/init.d/bt restart
sleep 3
isStart=$(ps aux |grep 'BT-Panel'|grep -v grep|awk '{print $2}')
if [ -z "${isStart}" ];then
Red_Error "ERROR: The BT-Panel service startup failed."
fi
}
Set_Firewall(){
sshPort=$(cat /etc/ssh/sshd_config | grep 'Port '|awk '{print $2}')
if [ "${PM}" = "apt-get" ]; then
apt-get install -y ufw
if [ -f "/usr/sbin/ufw" ];then
ufw allow 888,20,21,22,80,${panelPort},${sshPort}/tcp
ufw allow 39000:40000/tcp
ufw_status=`ufw status`
echo y|ufw enable
ufw default deny
ufw reload
fi
else
if [ -f "/etc/init.d/iptables" ];then
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport ${panelPort} -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport ${sshPort} -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 39000:40000 -j ACCEPT
#iptables -I INPUT -p tcp -m state --state NEW -m udp --dport 39000:40000 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
iptables -A INPUT -s localhost -d localhost -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P INPUT DROP
service iptables save
sed -i "s#IPTABLES_MODULES=\"\"#IPTABLES_MODULES=\"ip_conntrack_netbios_ns ip_conntrack_ftp ip_nat_ftp\"#" /etc/sysconfig/iptables-config
iptables_status=$(service iptables status | grep 'not running')
if [ "${iptables_status}" == '' ];then
service iptables restart
fi
else
AliyunCheck=$(cat /etc/redhat-release|grep "Aliyun Linux")
[ "${AliyunCheck}" ] && return
yum install firewalld -y
[ "${Centos8Check}" ] && yum reinstall python3-six -y
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --set-default-zone=public > /dev/null 2>&1
firewall-cmd --permanent --zone=public --add-port=20/tcp > /dev/null 2>&1
firewall-cmd --permanent --zone=public --add-port=21/tcp > /dev/null 2>&1
firewall-cmd --permanent --zone=public --add-port=22/tcp > /dev/null 2>&1
firewall-cmd --permanent --zone=public --add-port=80/tcp > /dev/null 2>&1
firewall-cmd --permanent --zone=public --add-port=${panelPort}/tcp > /dev/null 2>&1
firewall-cmd --permanent --zone=public --add-port=${sshPort}/tcp > /dev/null 2>&1
firewall-cmd --permanent --zone=public --add-port=39000-40000/tcp > /dev/null 2>&1
#firewall-cmd --permanent --zone=public --add-port=39000-40000/udp > /dev/null 2>&1
firewall-cmd --reload
fi
fi
}
Get_Ip_Address(){
getIpAddress=""
getIpAddress=$(curl -sS --connect-timeout 10 -m 60 https://www.bt.cn/Api/getIpAddress)
if [ -z "${getIpAddress}" ] || [ "${getIpAddress}" = "0.0.0.0" ]; then
isHosts=$(cat /etc/hosts|grep 'www.bt.cn')
if [ -z "${isHosts}" ];then
echo "" >> /etc/hosts
echo "103.224.251.67 www.bt.cn" >> /etc/hosts
getIpAddress=$(curl -sS --connect-timeout 10 -m 60 https://www.bt.cn/Api/getIpAddress)
if [ -z "${getIpAddress}" ];then
sed -i "/bt.cn/d" /etc/hosts
fi
fi
fi
ipv4Check=$(python -c "import re; print(re.match('^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$','${getIpAddress}'))")
if [ "${ipv4Check}" == "None" ];then
ipv6Address=$(echo ${getIpAddress}|tr -d "[]")
ipv6Check=$(python -c "import re; print(re.match('^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}$','${ipv6Address}'))")
if [ "${ipv6Check}" == "None" ]; then
getIpAddress="SERVER_IP"
else
echo "True" > ${setup_path}/server/panel/data/ipv6.pl
sleep 1
/etc/init.d/bt restart
fi
fi
if [ "${getIpAddress}" != "SERVER_IP" ];then
echo "${getIpAddress}" > ${setup_path}/server/panel/data/iplist.txt
fi
}
Setup_Count(){
curl -sS --connect-timeout 10 -m 60 https://www.bt.cn/Api/SetupCount?type=Linux\&o=$1 > /dev/null 2>&1
if [ "$1" != "" ];then
echo $1 > /www/server/panel/data/o.pl
cd /www/server/panel
python tools.py o
fi
echo /www > /var/bt_setupPath.conf
}
Install_Main(){
Lock_Clear
System_Check
Get_Pack_Manager
get_node_url
#Auto_Swap
startTime=`date +%s`
if [ "${PM}" = "yum" ]; then
Install_RPM_Pack
elif [ "${PM}" = "apt-get" ]; then
Install_Deb_Pack
fi
Install_Bt
Install_Pip
Install_Python_Lib
Set_Bt_Panel
Service_Add
Set_Firewall
Get_Ip_Address
Setup_Count ${IDC_CODE}
}
echo "
+----------------------------------------------------------------------
| Bt-WebPanel 7.0 FOR CentOS/Ubuntu/Debian
+----------------------------------------------------------------------
| Copyright © 2015-2099 BT-SOFT(http://www.bt.cn) All rights reserved.
+----------------------------------------------------------------------
| The WebPanel URL will be http://SERVER_IP:8888 when installed.
+----------------------------------------------------------------------
"
while [ "$go" != 'y' ] && [ "$go" != 'n' ]
do
read -p "Do you want to install Bt-Panel to the $setup_path directory now?(y/n): " go;
done
if [ "$go" == 'n' ];then
exit;
fi
Install_Main
echo -e "=================================================================="
echo -e "\033[32mCongratulations! Installed successfully!\033[0m"
echo -e "=================================================================="
echo "Bt-Panel: http://${getIpAddress}:${panelPort}$auth_path"
echo -e "username: $username"
echo -e "password: $password"
echo -e "\033[33mWarning:\033[0m"
echo -e "\033[33mIf you cannot access the panel, \033[0m"
echo -e "\033[33mrelease the following port (8888|888|80|443|20|21) in the security group\033[0m"
echo -e "=================================================================="
endTime=`date +%s`
((outTime=($endTime-$startTime)/60))
echo -e "Time consumed:\033[32m $outTime \033[0mMinute!"
rm -f new_install.sh
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment