Skip to content

M
micro-remote
Commit 55ade2f1 authored by BH's avatar BH
Browse files
Options

远程出金3期,容器打包脚本

parent fa6e8a60
Expand all Show whitespace changes
Inline Side-by-side
Showing with 321 additions and 238 deletions
server/www/teleport/webroot/app/app_env.py
View file @ 55ade2f1
......@@ -44,9 +44,10 @@ if _ext_path not in sys.path:
sys.path.append(_ext_path)
# 确定一些路径
if os.path.exists(os.path.join(os.path.dirname(sys.executable), 'dev_mode')):
# 开发调试模式
PATH_DATA = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', '..', 'share'))
else:
PATH_DATA = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', '..', 'data'))
PATH_DATA = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', '..', 'share'))
# if os.path.exists(os.path.join(os.path.dirname(sys.executable), 'dev_mode')):
# # 开发调试模式
# PATH_DATA = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', '..', 'share'))
#
# else:
# PATH_DATA = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', '..', 'data'))
server/www/teleport/webroot/app/controller/plugin.py
View file @ 55ade2f1
......@@ -589,8 +589,8 @@ class BindPayAccountHandler(TPBasePluginHandler):
self.parse = reqparse.RequestParser()
self.parse.add_argument("comp_id", type=int, required=True, help='', )
self.parse.add_argument("host_id", type=int, required=True, help='', )
self.parse.add_argument("mch_no", type=str, help='', )
self.parse.add_argument("biz_id", type=int, help='', )
# self.parse.add_argument("mch_no", type=str, help='', )
# self.parse.add_argument("biz_id", type=int, help='', )
self.parse.add_argument("account", type=str, required=True, help='', )
self.parse.add_argument("password", type=str, required=True, help='', )
# 绑定账户类型
......
server/www/teleport/webroot/app/plugin/demo_alipay.py deleted 100644 → 0
View file @ fa6e8a60
# coding: utf-8
import os
from selenium import webdriver
options = webdriver.ChromeOptions()
options.add_argument("--no-sandbox")
# options.add_argument('--disable-dev-shm-usage')
options.add_experimental_option("excludeSwitches", ['enable-automation'])
# options.add_argument("--remote-debugging-port=9222")
# options.headless = True
command_executor = "http://localhost:4444/wd/hub"
driver = webdriver.Remote(command_executor, desired_capabilities=options.to_capabilities())
import time
# time.sleep(5)
driver.get("https://b.alipay.com/index2.htm")
driver.get_screenshot_as_file('screenshot1.png')
import random
def do_tool(k):
os.system("xdotool key {}".format(k))
time.sleep(random.randint(1, 10) * 0.1)
[do_tool(k) for k in '18826140775']
do_tool("Tab")
[do_tool(k) for k in 'v4f8169l']
do_tool("Tab")
do_tool("Tab")
do_tool("Tab")
do_tool("Shift+Tab")
do_tool("Shift+Tab")
# 获取截图
driver.get_screenshot_as_file('screenshot.png')
import cv2
def crop_code(img_path):
img = cv2.pyrDown(cv2.imread(img_path, cv2.IMREAD_UNCHANGED))
img2 = cv2.imread(img_path)
ret, thresh = cv2.threshold(cv2.cvtColor(img.copy(), cv2.COLOR_BGR2GRAY), 127, 255, cv2.THRESH_BINARY)
contours, hier = cv2.findContours(thresh, cv2.RETR_EXTERNAL, cv2.CHAIN_APPROX_SIMPLE)
for c in contours:
x, y, w, h = cv2.boundingRect(c)
if w < 30 or h < 20 or w * h > 1000:
continue
cv2.rectangle(img, (x, y), (x + w, y + h), (0, 255, 0), 2)
cropImg = img2[y * 2:(y + h) * 2, x * 2:(x + w) * 2]
cv2.imwrite("code.png", cropImg)
return "code.png"
path = crop_code("screenshot0.png")
from example import FateadmApi
pd_id = "122334"
pd_key = "CvSAzmpNTCk953nPqrciORQ5LaMmwsSZ"
app_id = "322334"
app_key = "ZVZG1lpunkJrrGA0xPJJgfRHHa384ycQ"
pred_type = "30400"
# 初始化api接口
other_api = FateadmApi(app_id, app_key, pd_id, pd_key)
rsp = other_api.PredictFromFile("30400", "code.png", "demo")
code = rsp.pred_rsp.value
print(code)
[do_tool(k) for k in code]
do_tool("KP_Enter")
server/www/teleport/webroot/app/plugin/docker_build/Dockerfile
View file @ 55ade2f1
......@@ -20,6 +20,7 @@ RUN mkdir -p /run/systemd \
&& echo 'docker' > /run/systemd/container
CMD ["/bin/bash"]
ENV HOME=/root
#ENV DEBIAN_FRONTEND=noninteractive
#ENV LC_ALL=C.UTF-8
#ENV LANG=zh_CN.UTF-8
......@@ -58,6 +59,7 @@ RUN mkdir -p /root/.config/fcitx && \
RUN mkdir -p /etc/opt
COPY google-chrome-stable_current_amd64.deb /etc/opt/google-chrome-stable_current_amd64.deb
RUN apt install -fy /etc/opt/google-chrome-stable_current_amd64.deb
#RUN wget http://172.30.20.148:8888/google-chrome-stable_current_amd64.deb && apt install -fy google-chrome-stable_current_amd64.deb
RUN apt-get autoclean
WORKDIR /root
......@@ -106,8 +108,8 @@ ENV CHROME_DRIVER_BASE="chromedriver.storage.googleapis.com" \
ENV CHROME_DRIVER_FILE="chromedriver_linux${CPU_ARCH}.zip"
ENV CHROME_DRIVER_URL="https://${CHROME_DRIVER_BASE}/${CHROME_DRIVER_VERSION}/${CHROME_DRIVER_FILE}"
# Gets latest chrome driver version. Or you can hard-code it, e.g. 2.15
RUN wget -nv -O chromedriver_linux${CPU_ARCH}.zip ${CHROME_DRIVER_URL}
#RUN wget -nv -O chromedriver_linux${CPU_ARCH}.zip ${CHROME_DRIVER_URL}
COPY chromedriver_linux64.zip /root/chromedriver_linux64.zip
RUN unzip chromedriver_linux${CPU_ARCH}.zip
RUN rm chromedriver_linux${CPU_ARCH}.zip \
&& mv chromedriver \
......@@ -159,22 +161,28 @@ RUN apt-get update && apt-get install -y \
ruby \
zlib1g \
zlib1g.dev
ARG LOCALIP
RUN cd /root &&wget https://openresty.org/download/openresty-1.13.6.2.tar.gz && tar xzvf openresty-1.13.6.2.tar.gz \
COPY openresty-1.13.6.2.tar.gz /root/openresty-1.13.6.2.tar.gz
#RUN cd /root &&wget https://openresty.org/download/openresty-1.13.6.2.tar.gz && tar xzvf openresty-1.13.6.2.tar.gz \
RUN cd /root && tar xzvf openresty-1.13.6.2.tar.gz \
&& cd openresty-1.13.6.2/ \
&& ./configure \
&& make \
&& make install \
&& ln /usr/local/openresty/nginx/sbin/nginx /usr/bin/nginx \
&& var=" lua_package_path '/usr/local/openresty/nginx/mylua/?.lua;;';" \
&& sed -i "/gzip on;/ a\\$var" /usr/local/openresty/nginx/conf/nginx.conf \
&& var=" include /usr/local/openresty/nginx/conf/conf.d/*.conf;" \
&& sed -i "/gzip on;/ a\\$var" /usr/local/openresty/nginx/conf/nginx.conf \
&& var=" lua_shared_dict my_cache 64m;" \
&& sed -i "/gzip on;/ a\\$var" /usr/local/openresty/nginx/conf/nginx.conf \
&& var=" set \$client_ip '${LOCALIP}';" \
&& sed -i "/charset koi8-r;/ a\\$var" /usr/local/openresty/nginx/conf/nginx.conf \
&& mkdir -p /usr/local/openresty/nginx/conf/conf.d \
&& mkdir -p /var/log/nginx
COPY api-redir.conf /usr/local/openresty/nginx/conf/conf.d/api-redir.conf
COPY cache-redir.conf /usr/local/openresty/nginx/conf/conf.d/cache-redir.conf
#==================
# xdotool 自动化工具
......@@ -182,15 +190,14 @@ COPY cache-redir.conf /usr/local/openresty/nginx/conf/conf.d/cache-redir.conf
RUN apt-get update && apt-get install -y \
xdotool \
cmake
RUN pip3 install scikit-build && pip3 install opencv-python requests flask rsa
#todo 优化安装 opencv-python pycryptodome
RUN pip3 install scikit-build && pip3 install requests flask pycrypto -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com
COPY vnc-redir.conf /usr/local/openresty/nginx/conf/conf.d/vnc-redir.conf
RUN mkdir -p /root/main
COPY public.pem /root/main/public.pem
COPY small_web.py /root/main/small_web.py
RUN pip3 install pyDes
#==================
# 调试用工具
......@@ -199,6 +206,11 @@ RUN apt-get update && apt-get install -y \
lsof \
vim
RUN mkdir -p /usr/local/openresty/nginx/mylua/resty
COPY token_check.lua /usr/local/openresty/nginx/mylua/token_check.lua
COPY http.lua /usr/local/openresty/nginx/mylua/resty/http.lua
COPY http_headers.lua /usr/local/openresty/nginx/mylua/resty/http_headers.lua
ENV \
# 時區
......@@ -215,7 +227,7 @@ ENV \
DISPLAY=:0 \
SCREEN_RESOLUTION=1280x900
COPY private.pem /root/main/private.pem
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
ENV DISPLAY=:0
......@@ -237,3 +249,4 @@ CMD ["/usr/bin/supervisord"]
#/usr/local/bin/x11vnc
#/usr/bin/x11vnc
#docker run -d -p 8083:8083 -p 5900:5900 oldiy/chrome-novnc:latest
#docker build -t sandbox .
\ No newline at end of file
server/www/teleport/webroot/app/plugin/docker_build/api-redir.conf
View file @ 55ade2f1
......@@ -34,34 +34,8 @@ server {
break;
}
# 对 / 访问进行控制
location /token {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Referer $http_referer;
proxy_set_header Host $http_host;
proxy_buffers 256 4k;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
access_by_lua '
local cache_ngx = ngx.shared.my_cache
local token = ngx.var.cookie_token
if not token then
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(token)
ngx.exit(200)
end
local token2 = cache_ngx:get(token)
if not token2 then
local errs = "requests check fail"
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(errs)
ngx.exit(200)
end
return
';
access_by_lua_file mylua/token_check.lua;
proxy_pass http://127.0.0.1:8000;
proxy_set_header Referer $http_referer;
proxy_set_header Host $http_host;
......
server/www/teleport/webroot/app/plugin/docker_build/cache-redir.conf deleted 100644 → 0
View file @ fa6e8a60
server {
listen 10086;
charset utf-8;
server_name _;
gzip on;
location /set {
access_by_lua '
local cache_ngx = ngx.shared.my_cache
local args = ngx.req.get_headers();
local token1 = args["appid"];
cache_ngx:set(token1, token1, 30 * 60)
local msg = "ok"
ngx.say(msg)
ngx.exit(200)
return
';
}
location /check {
access_by_lua '
local cache_ngx = ngx.shared.my_cache
local args = ngx.req.get_headers();
local token1 = args["appid"];
local token2 = cache_ngx:get(token1)
local errs = "oh,Only token1 Request will be Processe"
if not token1 then
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(errs)
ngx.exit(200)
end
local errs = "oh,Only token2 Request will be Processe"
if not token2 then
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(errs)
ngx.exit(200)
end
local errs = "oh,Only token Request will be Processe"
if token1 ~= token2 then
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(errs)
ngx.exit(200)
else
return
end
';
}
}
server/www/teleport/webroot/app/plugin/docker_build/http.lua 0 → 100644
View file @ 55ade2f1
This diff is collapsed.
server/www/teleport/webroot/app/plugin/docker_build/http_headers.lua 0 → 100644
View file @ 55ade2f1
local rawget, rawset, setmetatable =
rawget, rawset, setmetatable
local str_lower = string.lower
local _M = {
_VERSION = '0.14',
}
-- Returns an empty headers table with internalised case normalisation.
function _M.new()
local mt = {
normalised = {},
}
mt.__index = function(t, k)
return rawget(t, mt.normalised[str_lower(k)])
end
mt.__newindex = function(t, k, v)
local k_normalised = str_lower(k)
-- First time seeing this header field?
if not mt.normalised[k_normalised] then
-- Create a lowercased entry in the metatable proxy, with the value
-- of the given field case
mt.normalised[k_normalised] = k
-- Set the header using the given field case
rawset(t, k, v)
else
-- We're being updated just with a different field case. Use the
-- normalised metatable proxy to give us the original key case, and
-- perorm a rawset() to update the value.
rawset(t, mt.normalised[k_normalised], v)
end
end
return setmetatable({}, mt)
end
return _M
server/www/teleport/webroot/app/plugin/docker_build/small_web.py
View file @ 55ade2f1
......@@ -9,23 +9,47 @@ import random
import time
import requests
from flask import Flask, request
import rsa
from pyDes import des, CBC, PAD_PKCS5
import binascii
import traceback
from flask import Flask, request, jsonify
from selenium import webdriver
# import cv2
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
logging.basicConfig(level=logging.DEBUG)
import cv2
from selenium.common.exceptions import NoSuchWindowException, WebDriverException
logging.basicConfig(level=logging.INFO)
app = Flask(__name__)
with open('public.pem', 'r') as f:
pubkey_s = f.read()
pubkey = rsa.PublicKey.load_pkcs1(pubkey_s.encode())
with open('private.pem', 'r') as f:
private_key = f.read()
FATEA_PRED_URL = "http://pred.fateadm.com"
# private_key = "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALBiT+CFXy3xpe+SSZjf3tYp1POdheHj2Wr/kQa4Fnrmnw+MqhqyNNSCdnY7vVNuvAHvUFtpH1yRgO/dCwjmNQHeANC0odJFjAzX7UkpDVW6RGw/GC2tXs5+nckx2a+5j7JNLoFHZi9YjSKwtwgLf0cXcqzfjq2quvoj8vvaUzdZAgMBAAECgYAuFOFNhUrClBmIJ632tLZhOXibVRI/W+nXnIFlQf8NiOcRhuyCIQDQbG1KonzqKUoRL1bNKv+4jYMkJ5nUb2B1d1JPWhh3BR5V5qrAYEpbL5IQh05Sk0igfT+k/b1TYOydWs7Wa7oholFMLnqpy9az4UqP3hV6LSBPM8L5tmOb6QJBANwoYEEboF8MTXXkDD0W4JXpw4Ja3R+JoRMraKMPdsDvD4e5lP29UFU/40A6SSQGSyNpllvYmI8akTUlduiActcCQQDNGY7bSl9FAJWnONP58kdr3RCZlzhO/Qqk8sb8JAEywlUXggCNtfLFqFrdJHAaJpsB9rXMYq3QUs57hh5i/JFPAkEAzxmkQlsMp5zZGTdnU+g7aIq4gd2b+Vjsjy3chte7LI82GsU3JOJ7uVYaHoc12o+ZCzz+VnQQPz4MruQJUXnTjQJBAKFe9pN7VLIJ37WOdNo30hIAAUuXO2qKlZFqoz1HZtn1JNY2JxFYkwcJi1RrkvhAX72Py0JgcblzLZrqz4W6iukCQQDN1TfsS2qyJ/7gX1pU6rV1JvnU7ckXz+/mxS6k2G0yz65P6W1k1mCrRyp+Ul5t5VCyhF7eF+4BiaNRg9jQDaDX"
# private_key = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAIsyzM8WRLiiQ1nm0NTNMWEccNVa5XYLYm1qG0Oa6W9mIQ+oMGbn2IYH/j5XJduQ+AKeyMN8v6vmaJku2/X1CbwXM0K/uWtkPMg8wk7OEKsmmdA5Z0SO0R56InT77xSYdJyPh5SSE+pewtKrjnvR5jCwLW+BsnPIRbN7YliMq8NJAgMBAAECgYAAl7PFgevC+XXd8Ryce08lgbB9SAjICt5dZuE81XD+92lWnrmuBnimgWw0qbxQhfp4UGK8alCKk82IMWngTy2+bKEbP94b2HgpATAm9o5m3pfB5Td8dCnl4+cay2KOk0GYFUYY4JTAQ5mzjHQR1VW7PKwzTeGF/ajaAnV6ZubA3QJBANHEf3p6C+SZ7zkWuD7zSmARrVVq8qxIzm+CwIyWvUvy6GrosjXy08nUv3KWHX7fRIqxWCrMsgn6A/p1DBaQOYMCQQCp4KbZkGG4hQz+8EQ+87JxinDoOS5r2BdV3mB8yTzcaJ4+JaCXMb8XQW/BHqSa/w6kn+W3ZlVNlHoABUhxYJJDAkEAxvY6959lQmnjZmGvVj4KsH5zys4K6PCRpWD+Yxri53O5kRWvWs48pXY+NGBAD8OTTn2Ro97Ni/rw5RE56vjXIwJAAhA0dpgGV9Nl4QLSEWGsXSytSmTHZ4/sWKKm0V0wXAz5Pw/971gvVfz5eoMAxNEsQFug0qVvi82t3aoyww3FOQJBAMAtrqdy/BYTepdxgrg3H9JDdoHVHFHKrYKHgsKC1a1OIQXG6IqM+cCFXHjZZfVHiOXlC6aNN6vlGSwcLsbxSKQ="
def rsa_long_decrypt(priv_key_str, msg):
msg = base64.b64decode(msg)
length = len(msg)
default_length = 128
# 私钥解密
priobj = PKCS1_v1_5.new(RSA.importKey(base64.b64decode(priv_key_str)))
# 长度不用分段
if length < default_length:
return b''.join(priobj.decrypt(msg, b'xyz')).decode()
# 需要分段
offset = 0
res = []
while length - offset > 0:
if length - offset > default_length:
res.append(priobj.decrypt(msg[offset:offset + default_length], b'xyz'))
else:
res.append(priobj.decrypt(msg[offset:], b'xyz'))
offset += default_length
return b''.join(res).decode()
class TmpObj():
......@@ -139,26 +163,6 @@ class FateadmApi():
return self.Predict(pred_type, data, src_url)
def des_descrypt(s, key=None):
"""
DES 解密
:param s: 加密后的字符串,16进制
:return: 解密后的字符串
"""
secret_key = key
iv = secret_key
k = des(secret_key, CBC, iv, pad=None, padmode=PAD_PKCS5)
de = k.decrypt(binascii.a2b_hex(s), padmode=PAD_PKCS5)
return de
def md5(str):
m = hashlib.md5()
b = str.encode(encoding='utf-8')
m.update(b)
return m.hexdigest()
class Driver(object):
def __init__(self):
self._driver = self.create_driver()
......@@ -176,6 +180,22 @@ class Driver(object):
def driver(self):
return self._driver
def switch(self):
pass
def new_page(self, url):
js = 'window.open("{}");'.format(url)
self.driver.execute_script(js)
def check(self):
# https://authet2.alipay.com/login/checkSecurity.htm
prop = {"auth": "https://authet2.alipay.com/login/checkSecurity.htm",
"login": "https://b.alipay.com/index2.htm"}
for k, url in prop.items():
if self.driver.current_url in url:
return k
return 'unknown'
def get_driver():
"""
......@@ -187,6 +207,7 @@ def get_driver():
def do_tool(k):
logging.info("xdotool key {}".format(k))
os.system("xdotool key {}".format(k))
time.sleep(random.randint(1, 10) * 0.1)
......@@ -209,8 +230,10 @@ def crop_code(img_path):
def try_login(account, password):
# todo 多次登录处理
# xdotool mousemove x y click 1 click 1
driver = get_driver().driver
driver.get("https://b.alipay.com/index2.htm")
time.sleep(1)
[do_tool(k) for k in account]
do_tool("Tab")
[do_tool(k) for k in password]
......@@ -234,22 +257,43 @@ def try_login(account, password):
# do_tool("KP_Enter")
@app.route('/token', methods=['GET', 'POST'])
def token():
ip = request.form['ip']
timestamp = request.form['timestamp']
msg = request.form['msg']
user_agent = request.headers.environ['HTTP_USER_AGENT']
token = md5(user_agent + ip + str(timestamp))
crypto_email_text = base64.b64decode(msg)
if rsa.verify(token.encode(), crypto_email_text, pubkey) == 'SHA-1':
# 容器加载token
url = 'http://127.0.0.1:10086/set'
headers = {"appid": token}
resp = requests.get(url, headers=headers)
print(resp.text)
return 'ok'
return 'fail'
def md5(s):
m = hashlib.md5()
b = s.encode(encoding='utf-8')
m.update(b)
return m.hexdigest()
def check_driver(key='alipay'):
browser = get_driver()
driver = browser.driver
try:
window_handle = driver.current_window_handle
res = False
for handles in driver.window_handles:
driver.switch_to.window(handles)
if key in driver.current_url:
res = True
break
driver.switch_to.window(window_handle)
if not res:
browser.new_page("https://b.alipay.com/index2.htm")
return res
except NoSuchWindowException as e:
# 页面被关闭
logging.error("test test ******** no such window: window was already closed ********")
if driver.window_handles:
driver.switch_to.window(driver.window_handles[0])
browser.new_page("https://b.alipay.com/index2.htm")
except WebDriverException as e:
# unknown error: session deleted because of page crash
logging.error("test test ******** chrome not reachable ********")
builtins.__dict__['driver'] = Driver()
browser.new_page("https://b.alipay.com/index2.htm")
except Exception as e:
err = str(traceback.format_exc())
logging.error(err)
# 接收账户密码接口
......@@ -257,24 +301,45 @@ def token():
def login_alipay():
try:
logging.info("demo")
body = request.form['body']
body = json.loads(request.data.decode())
t = body['t']
m = body['m']
body = rsa_long_decrypt(private_key, m)
logging.info(body)
body = des_descrypt(base64.b64decode(body), md5(pubkey_s)[:8])
if not body:
return "fail"
body = json.loads(body.decode())
return jsonify({"code": 300})
body = json.loads(body)
account = body.get("account", "")
password = body.get("password", "")
if account and password:
# try_login(account, password)
return 'ok'
return 'disenable param'
return jsonify({"code": 200})
return jsonify({"code": 201})
except:
import traceback
logging.error(traceback.format_exc())
# todo 定时任务检查
# 定时任务配置类
class SchedulerConfig(object):
JOBS = [
{
'id': 'check_driver', # 任务id
'func': '__main__:check_driver', # 任务执行程序
'args': (), # 执行程序参数
'trigger': 'interval', # 任务执行类型,定时器
'seconds': 6, # 任务执行时间,单位秒
}
]
app.config.from_object(SchedulerConfig())
if __name__ == '__main__':
app.run(port=8000)
# from flask_apscheduler import APScheduler
# scheduler = APScheduler()
# scheduler.init_app(app)
# scheduler.start()
app.run(host="0.0.0.0", port=8000)
# try_login(account, password)
# check_driver()
server/www/teleport/webroot/app/plugin/docker_build/supervisord.conf
View file @ 55ade2f1
......@@ -26,7 +26,7 @@ command=/usr/bin/java -jar /root/selenium.jar
autorestart=true
[program:nginx]
command=/usr/bin/nginx
command=/usr/bin/nginx -g 'daemon off;'
autorestart=true
[program:fcitx]
......
server/www/teleport/webroot/app/plugin/docker_build/token_check.lua 0 → 100644
View file @ 55ade2f1
--
-- Created by IntelliJ IDEA.
-- User: nanda
-- Date: 2021/1/25
-- Time: 14:29
-- To change this template use File | Settings | File Templates.
--
local n_err = ngx.ERR
local n_warn = ngx.WARN
local n_info = ngx.INFO
local n_log = ngx.log
local http = require("resty.http")
local httpc = http.new()
local cjson = require("cjson")
local token = nil
local args = nil
-- security 权限校验接口
local url = "http://172.30.20.128:6016/access/jwt/check/host/token";
local rep;
local resStr = { code = 500, message = "token is wrong" }
local resStrJson = cjson.encode(resStr)
n_log(n_err, "resStrJson == ", resStrJson)
--获取参数的值
if "GET" == ngx.req.get_method() then
args = ngx.req.get_uri_args()
elseif "POST" == ngx.req.get_method() then
ngx.req.read_body()
args = ngx.req.get_post_args()
end
if args == nil then
n_log(n_err, "args 校验失败== 请求终止")
ngx.exit(ngx.HTTP_FORBIDDEN)
return resStrJson;
end
--local headers_tab = ngx.req.get_headers()
--if headers_tab and token == nil then
-- n_log(n_err,"token == ",headers_tab["token"])
-- token = headers_tab["token"];
--end
function get_client_ip()
local headers = ngx.req.get_headers()
local ip = headers["X-REAL-IP"] or headers["X_FORWARDED_FOR"] or ngx.var.remote_addr or "0.0.0.0"
return ip
end
local request_ip = get_client_ip()
token = args["token"]
if token == nil then
token = ngx.var.cookie_token
end
--local getip = httpGet("http://ip.chinaz.com/getip.aspx")
local ip, err = httpc:request_uri("https://api.ip.sb/ip", {
method = "GET"
})
n_log(n_err, "token == ", token)
n_log(n_err, "ip == ", ip)
n_log(n_err, "err == ", err)
local reqStr = { token = token, productId = "host_ip=" .. ngx.var.client_ip}
local reqStrJson = cjson.encode(reqStr)
n_log(n_err, "reqStrJson == ", reqStrJson)
-- http 请求
local res, err = httpc:request_uri(url, {
method = "POST",
body = reqStrJson,
headers = {
["Content-Type"] = "application/json",
}
})
-- local res = ngx.location.capture("/public_api",{method=ngx.HTTP_GET,body="token="..token,args={token=token}})
if not res then
n_log(n_warn, "failed to request: ", err)
ngx.exit(ngx.HTTP_FORBIDDEN)
return resStrJson
end
n_log(n_err, "res.body == ", res.body)
rep = res.body;
local rep_json = cjson.decode(rep);
if rep_json.code ~= 0 then
n_log(n_err, "token 校验失败== 请求终止")
ngx.exit(ngx.HTTP_FORBIDDEN)
return resStrJson;
end
--请求之后,状态码
ngx.status = res.status
if ngx.status ~= 200 then
n_log(n_err, "非200状态,ngx.status:" .. ngx.status)
ngx.exit(ngx.HTTP_FORBIDDEN)
return resStrJson
end
server/www/teleport/webroot/app/plugin/docker_build/vnc-redir.conf
View file @ 55ade2f1
......@@ -4,23 +4,8 @@ server {
server_name _;
gzip on;
location / {
access_by_lua '
local cache_ngx = ngx.shared.my_cache
local token = ngx.var.cookie_token
if not token then
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(token)
ngx.exit(200)
end
local token2 = cache_ngx:get(token)
if not token2 then
local errs = "requests check fail"
ngx.status = ngx.HTTP_FORBIDDEN
ngx.say(errs)
ngx.exit(200)
end
return
';
access_by_lua_file mylua/token_check.lua;
# 转发至 VNC 服务
proxy_pass http://127.0.0.1:8084;
proxy_set_header Referer $http_referer;
proxy_set_header Host $http_host;
......
server/www/teleport/webroot/app/plugin/remote.py
View file @ 55ade2f1
......@@ -188,12 +188,14 @@ def install_docker(ip, username, password, pubkey):
f.write(pubkey)
push_file(ip, username, password,
{"{path}/api-redir.conf": '/root/build/api-redir.conf',
"{path}/cache-redir.conf": "/root/build/cache-redir.conf",
"{path}/token_check.lua": "/root/build/token_check.lua",
"{path}/http.lua": "/root/build/http.lua",
"{path}/http_headers.lua": "/root/build/http_headers.lua",
"{path}/vnc-redir.conf": "/root/build/vnc-redir.conf",
"{path}/Dockerfile": "/root/build/Dockerfile",
"{path}/supervisord.conf": "/root/build/supervisord.conf",
"{path}/small_web.py": "/root/build/small_web.py",
temp_file: "/root/build/public.pem"}, "docker_build")
temp_file: "/root/build/private.pem"}, "docker_build")
if __name__ == '__main__':
......
server/www/teleport/webroot/app/plugin/shop_build/install.sh 0 → 100644
View file @ 55ade2f1
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment