远程出金3期，容器打包脚本

server/www/teleport/webroot/app/app_env.py

@@ -44,9 +44,10 @@ if _ext_path not in sys.path:
     sys.path.append(_ext_path)
 
 # 确定一些路径
-if os.path.exists(os.path.join(os.path.dirname(sys.executable), 'dev_mode')):
-    # 开发调试模式
-    PATH_DATA = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', '..', 'share'))
-
-else:
-    PATH_DATA = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', '..', 'data'))
+PATH_DATA = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', '..', 'share'))
+# if os.path.exists(os.path.join(os.path.dirname(sys.executable), 'dev_mode')):
+#     # 开发调试模式
+#     PATH_DATA = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', '..', 'share'))
+#
+# else:
+#     PATH_DATA = os.path.abspath(os.path.join(PATH_APP_ROOT, '..', '..', 'data'))

server/www/teleport/webroot/app/controller/plugin.py

@@ -589,8 +589,8 @@ class BindPayAccountHandler(TPBasePluginHandler):
         self.parse = reqparse.RequestParser()
         self.parse.add_argument("comp_id", type=int, required=True, help='', )
         self.parse.add_argument("host_id", type=int, required=True, help='', )
-        self.parse.add_argument("mch_no", type=str, help='', )
-        self.parse.add_argument("biz_id", type=int, help='', )
+        # self.parse.add_argument("mch_no", type=str, help='', )
+        # self.parse.add_argument("biz_id", type=int, help='', )
         self.parse.add_argument("account", type=str, required=True, help='', )
         self.parse.add_argument("password", type=str, required=True, help='', )
         # 绑定账户类型

server/www/teleport/webroot/app/plugin/demo_alipay.py

-# coding: utf-8
-import os
-
-from selenium import webdriver
-
-options = webdriver.ChromeOptions()
-options.add_argument("--no-sandbox")
-# options.add_argument('--disable-dev-shm-usage')
-options.add_experimental_option("excludeSwitches", ['enable-automation'])
-# options.add_argument("--remote-debugging-port=9222")
-# options.headless = True
-command_executor = "http://localhost:4444/wd/hub"
-driver = webdriver.Remote(command_executor, desired_capabilities=options.to_capabilities())
-import time
-
-# time.sleep(5)
-driver.get("https://b.alipay.com/index2.htm")
-
-driver.get_screenshot_as_file('screenshot1.png')
-import random
-
-
-def do_tool(k):
-    os.system("xdotool key {}".format(k))
-    time.sleep(random.randint(1, 10) * 0.1)
-
-
-[do_tool(k) for k in '18826140775']
-do_tool("Tab")
-[do_tool(k) for k in 'v4f8169l']
-do_tool("Tab")
-do_tool("Tab")
-do_tool("Tab")
-do_tool("Shift+Tab")
-do_tool("Shift+Tab")
-
-# 获取截图
-driver.get_screenshot_as_file('screenshot.png')
-
-import cv2
-
-
-def crop_code(img_path):
-    img = cv2.pyrDown(cv2.imread(img_path, cv2.IMREAD_UNCHANGED))
-    img2 = cv2.imread(img_path)
-
-    ret, thresh = cv2.threshold(cv2.cvtColor(img.copy(), cv2.COLOR_BGR2GRAY), 127, 255, cv2.THRESH_BINARY)
-    contours, hier = cv2.findContours(thresh, cv2.RETR_EXTERNAL, cv2.CHAIN_APPROX_SIMPLE)
-    for c in contours:
-        x, y, w, h = cv2.boundingRect(c)
-        if w < 30 or h < 20 or w * h > 1000:
-            continue
-        cv2.rectangle(img, (x, y), (x + w, y + h), (0, 255, 0), 2)
-        cropImg = img2[y * 2:(y + h) * 2, x * 2:(x + w) * 2]
-        cv2.imwrite("code.png", cropImg)
-        return "code.png"
-
-
-path = crop_code("screenshot0.png")
-
-from example import FateadmApi
-
-pd_id = "122334"
-pd_key = "CvSAzmpNTCk953nPqrciORQ5LaMmwsSZ"
-app_id = "322334"
-app_key = "ZVZG1lpunkJrrGA0xPJJgfRHHa384ycQ"
-pred_type = "30400"
-# 初始化api接口
-other_api = FateadmApi(app_id, app_key, pd_id, pd_key)
-
-rsp = other_api.PredictFromFile("30400", "code.png", "demo")
-code = rsp.pred_rsp.value
-print(code)
-[do_tool(k) for k in code]
-do_tool("KP_Enter")

server/www/teleport/webroot/app/plugin/docker_build/Dockerfile

@@ -20,6 +20,7 @@ RUN mkdir -p /run/systemd \
     && echo 'docker' > /run/systemd/container
 CMD ["/bin/bash"]
 ENV HOME=/root
+
 #ENV DEBIAN_FRONTEND=noninteractive
 #ENV LC_ALL=C.UTF-8
 #ENV LANG=zh_CN.UTF-8
@@ -58,6 +59,7 @@ RUN mkdir -p /root/.config/fcitx && \
 RUN mkdir -p /etc/opt
 COPY google-chrome-stable_current_amd64.deb /etc/opt/google-chrome-stable_current_amd64.deb
 RUN apt install  -fy /etc/opt/google-chrome-stable_current_amd64.deb
+#RUN wget http://172.30.20.148:8888/google-chrome-stable_current_amd64.deb && apt install  -fy google-chrome-stable_current_amd64.deb
 
 RUN apt-get autoclean
 WORKDIR /root
@@ -106,8 +108,8 @@ ENV CHROME_DRIVER_BASE="chromedriver.storage.googleapis.com" \
 ENV CHROME_DRIVER_FILE="chromedriver_linux${CPU_ARCH}.zip"
 ENV CHROME_DRIVER_URL="https://${CHROME_DRIVER_BASE}/${CHROME_DRIVER_VERSION}/${CHROME_DRIVER_FILE}"
 # Gets latest chrome driver version. Or you can hard-code it, e.g. 2.15
-RUN  wget -nv -O chromedriver_linux${CPU_ARCH}.zip ${CHROME_DRIVER_URL}
-
+#RUN  wget -nv -O chromedriver_linux${CPU_ARCH}.zip ${CHROME_DRIVER_URL}
+COPY chromedriver_linux64.zip /root/chromedriver_linux64.zip
 RUN unzip chromedriver_linux${CPU_ARCH}.zip
 RUN rm chromedriver_linux${CPU_ARCH}.zip \
   && mv chromedriver \
@@ -159,22 +161,28 @@ RUN apt-get update && apt-get install -y \
     ruby \
     zlib1g \
     zlib1g.dev
+ARG LOCALIP
 
-RUN cd /root &&wget https://openresty.org/download/openresty-1.13.6.2.tar.gz && tar xzvf openresty-1.13.6.2.tar.gz \
+COPY openresty-1.13.6.2.tar.gz /root/openresty-1.13.6.2.tar.gz
+#RUN cd /root &&wget https://openresty.org/download/openresty-1.13.6.2.tar.gz && tar xzvf openresty-1.13.6.2.tar.gz \
+RUN cd /root && tar xzvf openresty-1.13.6.2.tar.gz \
     && cd openresty-1.13.6.2/ \
     && ./configure \
     && make \
     && make install \
     && ln /usr/local/openresty/nginx/sbin/nginx /usr/bin/nginx \
+    && var="    lua_package_path '/usr/local/openresty/nginx/mylua/?.lua;;';" \
+    && sed -i "/gzip  on;/ a\\$var" /usr/local/openresty/nginx/conf/nginx.conf \
     && var="    include  /usr/local/openresty/nginx/conf/conf.d/*.conf;" \
     && sed -i "/gzip  on;/ a\\$var" /usr/local/openresty/nginx/conf/nginx.conf \
     && var="    lua_shared_dict my_cache 64m;" \
     && sed -i "/gzip  on;/ a\\$var" /usr/local/openresty/nginx/conf/nginx.conf \
+    && var="        set \$client_ip '${LOCALIP}';" \
+    && sed -i "/charset koi8-r;/ a\\$var" /usr/local/openresty/nginx/conf/nginx.conf \
     && mkdir -p /usr/local/openresty/nginx/conf/conf.d \
     && mkdir -p /var/log/nginx
 
 COPY api-redir.conf /usr/local/openresty/nginx/conf/conf.d/api-redir.conf
-COPY cache-redir.conf /usr/local/openresty/nginx/conf/conf.d/cache-redir.conf
 
 #==================
 # xdotool 自动化工具
@@ -182,15 +190,14 @@ COPY cache-redir.conf /usr/local/openresty/nginx/conf/conf.d/cache-redir.conf
 RUN apt-get update && apt-get install -y \
     xdotool \
     cmake
-
-RUN pip3 install scikit-build && pip3 install opencv-python requests flask rsa
+#todo 优化安装 opencv-python pycryptodome
+RUN pip3 install scikit-build && pip3 install requests flask pycrypto  -i http://mirrors.aliyun.com/pypi/simple/ --trusted-host mirrors.aliyun.com
 
 
 COPY vnc-redir.conf /usr/local/openresty/nginx/conf/conf.d/vnc-redir.conf
 RUN mkdir -p /root/main
 COPY public.pem /root/main/public.pem
 COPY small_web.py /root/main/small_web.py
-RUN pip3 install pyDes
 
 #==================
 # 调试用工具
@@ -199,6 +206,11 @@ RUN apt-get update && apt-get install -y \
     lsof \
     vim
 
+RUN mkdir -p /usr/local/openresty/nginx/mylua/resty
+
+COPY token_check.lua /usr/local/openresty/nginx/mylua/token_check.lua
+COPY http.lua /usr/local/openresty/nginx/mylua/resty/http.lua
+COPY http_headers.lua /usr/local/openresty/nginx/mylua/resty/http_headers.lua
 
 ENV \
 	# 時區
@@ -215,7 +227,7 @@ ENV \
 	DISPLAY=:0 \
 	SCREEN_RESOLUTION=1280x900
 
-
+COPY private.pem /root/main/private.pem
 COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
 
 ENV DISPLAY=:0
@@ -237,3 +249,4 @@ CMD ["/usr/bin/supervisord"]
 #/usr/local/bin/x11vnc
 #/usr/bin/x11vnc
 #docker run -d -p 8083:8083 -p 5900:5900 oldiy/chrome-novnc:latest
+#docker build -t sandbox .
\ No newline at end of file

server/www/teleport/webroot/app/plugin/docker_build/api-redir.conf

@@ -9,9 +9,9 @@ server {
     server_name _;
 
     # 开启gzip压缩输出
-    gzip on; 
+    gzip on;
+
 
-    
     # 定义本虚拟主机的访问日志
     access_log /var/log/nginx/api_access.log combined buffer=1k;
     error_log /var/log/nginx/api_error.log info;
@@ -20,7 +20,7 @@ server {
         log_not_found off;
         access_log off;
     }
-	
+
     # 防爬
     location /robots.txt {
         return 200 'User-agent: *\nDisallow: /';
@@ -34,34 +34,8 @@ server {
         break;
     }
 
-    # 对 / 访问进行控制
-    location /token {
-        proxy_pass http://127.0.0.1:8000;
-        proxy_set_header Referer $http_referer;
-        proxy_set_header Host $http_host;
-        proxy_buffers   256 4k;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-    }
-
     location / {
-		access_by_lua '
-		local cache_ngx = ngx.shared.my_cache
-        local token = ngx.var.cookie_token
-        if not token then
-            ngx.status = ngx.HTTP_FORBIDDEN
-            ngx.say(token)
-            ngx.exit(200)
-        end
-        local token2 = cache_ngx:get(token)
-        if not token2 then
-            local errs = "requests check fail"
-            ngx.status = ngx.HTTP_FORBIDDEN
-            ngx.say(errs)
-            ngx.exit(200)
-        end
-        return
-        ';
+		access_by_lua_file  mylua/token_check.lua;
         proxy_pass http://127.0.0.1:8000;
         proxy_set_header Referer $http_referer;
         proxy_set_header Host $http_host;

server/www/teleport/webroot/app/plugin/docker_build/cache-redir.conf

-server {
-    listen    10086;
-    charset   utf-8;
-    server_name _;
-    gzip on;
-    location /set {
-                access_by_lua '
-                        local cache_ngx = ngx.shared.my_cache
-                local args = ngx.req.get_headers();
-                local token1 = args["appid"];
-                cache_ngx:set(token1, token1, 30 * 60)
-                local msg = "ok"
-                ngx.say(msg)
-                ngx.exit(200)
-                return
-                ';
-    }
-
-    location /check {
-                access_by_lua '
-                local cache_ngx = ngx.shared.my_cache
-                local args = ngx.req.get_headers();
-                local token1 = args["appid"];
-                local token2 = cache_ngx:get(token1)
-                local errs = "oh,Only token1 Request will be Processe"
-                if not token1 then
-                        ngx.status = ngx.HTTP_FORBIDDEN
-                        ngx.say(errs)
-                        ngx.exit(200)
-                end
-                local errs = "oh,Only token2 Request will be Processe"
-                if not token2 then
-                        ngx.status = ngx.HTTP_FORBIDDEN
-                        ngx.say(errs)
-                        ngx.exit(200)
-                end
-                local errs = "oh,Only token Request will be Processe"
-                if token1 ~= token2 then
-                        ngx.status = ngx.HTTP_FORBIDDEN
-                        ngx.say(errs)
-                        ngx.exit(200)
-                else
-                        return
-                end
-                ';
-    }
-}

server/www/teleport/webroot/app/plugin/docker_build/http_headers.lua

+local rawget, rawset, setmetatable =
+    rawget, rawset, setmetatable
+
+local str_lower = string.lower
+
+local _M = {
+    _VERSION = '0.14',
+}
+
+
+-- Returns an empty headers table with internalised case normalisation.
+function _M.new()
+    local mt = {
+        normalised = {},
+    }
+
+    mt.__index = function(t, k)
+        return rawget(t, mt.normalised[str_lower(k)])
+    end
+
+    mt.__newindex = function(t, k, v)
+        local k_normalised = str_lower(k)
+
+        -- First time seeing this header field?
+        if not mt.normalised[k_normalised] then
+            -- Create a lowercased entry in the metatable proxy, with the value
+            -- of the given field case
+            mt.normalised[k_normalised] = k
+
+            -- Set the header using the given field case
+            rawset(t, k, v)
+        else
+            -- We're being updated just with a different field case. Use the
+            -- normalised metatable proxy to give us the original key case, and
+            -- perorm a rawset() to update the value.
+            rawset(t, mt.normalised[k_normalised], v)
+        end
+    end
+
+    return setmetatable({}, mt)
+end
+
+
+return _M

server/www/teleport/webroot/app/plugin/docker_build/small_web.py

@@ -9,23 +9,47 @@ import random
 import time
 
 import requests
-from flask import Flask, request
-import rsa
-from pyDes import des, CBC, PAD_PKCS5
-import binascii
+import traceback
+from flask import Flask, request, jsonify
 from selenium import webdriver
 
-# import cv2
+from Crypto.PublicKey import RSA
+from Crypto.Cipher import PKCS1_v1_5
 
-logging.basicConfig(level=logging.DEBUG)
+import cv2
+from selenium.common.exceptions import NoSuchWindowException, WebDriverException
+
+logging.basicConfig(level=logging.INFO)
 
 app = Flask(__name__)
 
-with open('public.pem', 'r') as f:
-    pubkey_s = f.read()
-    pubkey = rsa.PublicKey.load_pkcs1(pubkey_s.encode())
+with open('private.pem', 'r') as f:
+    private_key = f.read()
 
 FATEA_PRED_URL = "http://pred.fateadm.com"
+# private_key = "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBALBiT+CFXy3xpe+SSZjf3tYp1POdheHj2Wr/kQa4Fnrmnw+MqhqyNNSCdnY7vVNuvAHvUFtpH1yRgO/dCwjmNQHeANC0odJFjAzX7UkpDVW6RGw/GC2tXs5+nckx2a+5j7JNLoFHZi9YjSKwtwgLf0cXcqzfjq2quvoj8vvaUzdZAgMBAAECgYAuFOFNhUrClBmIJ632tLZhOXibVRI/W+nXnIFlQf8NiOcRhuyCIQDQbG1KonzqKUoRL1bNKv+4jYMkJ5nUb2B1d1JPWhh3BR5V5qrAYEpbL5IQh05Sk0igfT+k/b1TYOydWs7Wa7oholFMLnqpy9az4UqP3hV6LSBPM8L5tmOb6QJBANwoYEEboF8MTXXkDD0W4JXpw4Ja3R+JoRMraKMPdsDvD4e5lP29UFU/40A6SSQGSyNpllvYmI8akTUlduiActcCQQDNGY7bSl9FAJWnONP58kdr3RCZlzhO/Qqk8sb8JAEywlUXggCNtfLFqFrdJHAaJpsB9rXMYq3QUs57hh5i/JFPAkEAzxmkQlsMp5zZGTdnU+g7aIq4gd2b+Vjsjy3chte7LI82GsU3JOJ7uVYaHoc12o+ZCzz+VnQQPz4MruQJUXnTjQJBAKFe9pN7VLIJ37WOdNo30hIAAUuXO2qKlZFqoz1HZtn1JNY2JxFYkwcJi1RrkvhAX72Py0JgcblzLZrqz4W6iukCQQDN1TfsS2qyJ/7gX1pU6rV1JvnU7ckXz+/mxS6k2G0yz65P6W1k1mCrRyp+Ul5t5VCyhF7eF+4BiaNRg9jQDaDX"
+# private_key = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAIsyzM8WRLiiQ1nm0NTNMWEccNVa5XYLYm1qG0Oa6W9mIQ+oMGbn2IYH/j5XJduQ+AKeyMN8v6vmaJku2/X1CbwXM0K/uWtkPMg8wk7OEKsmmdA5Z0SO0R56InT77xSYdJyPh5SSE+pewtKrjnvR5jCwLW+BsnPIRbN7YliMq8NJAgMBAAECgYAAl7PFgevC+XXd8Ryce08lgbB9SAjICt5dZuE81XD+92lWnrmuBnimgWw0qbxQhfp4UGK8alCKk82IMWngTy2+bKEbP94b2HgpATAm9o5m3pfB5Td8dCnl4+cay2KOk0GYFUYY4JTAQ5mzjHQR1VW7PKwzTeGF/ajaAnV6ZubA3QJBANHEf3p6C+SZ7zkWuD7zSmARrVVq8qxIzm+CwIyWvUvy6GrosjXy08nUv3KWHX7fRIqxWCrMsgn6A/p1DBaQOYMCQQCp4KbZkGG4hQz+8EQ+87JxinDoOS5r2BdV3mB8yTzcaJ4+JaCXMb8XQW/BHqSa/w6kn+W3ZlVNlHoABUhxYJJDAkEAxvY6959lQmnjZmGvVj4KsH5zys4K6PCRpWD+Yxri53O5kRWvWs48pXY+NGBAD8OTTn2Ro97Ni/rw5RE56vjXIwJAAhA0dpgGV9Nl4QLSEWGsXSytSmTHZ4/sWKKm0V0wXAz5Pw/971gvVfz5eoMAxNEsQFug0qVvi82t3aoyww3FOQJBAMAtrqdy/BYTepdxgrg3H9JDdoHVHFHKrYKHgsKC1a1OIQXG6IqM+cCFXHjZZfVHiOXlC6aNN6vlGSwcLsbxSKQ="
+
+
+def rsa_long_decrypt(priv_key_str, msg):
+    msg = base64.b64decode(msg)
+    length = len(msg)
+    default_length = 128
+    # 私钥解密
+    priobj = PKCS1_v1_5.new(RSA.importKey(base64.b64decode(priv_key_str)))
+    # 长度不用分段
+    if length < default_length:
+        return b''.join(priobj.decrypt(msg, b'xyz')).decode()
+    # 需要分段
+    offset = 0
+    res = []
+    while length - offset > 0:
+        if length - offset > default_length:
+            res.append(priobj.decrypt(msg[offset:offset + default_length], b'xyz'))
+        else:
+            res.append(priobj.decrypt(msg[offset:], b'xyz'))
+        offset += default_length
+    return b''.join(res).decode()
 
 
 class TmpObj():
@@ -139,26 +163,6 @@ class FateadmApi():
         return self.Predict(pred_type, data, src_url)
 
 
-def des_descrypt(s, key=None):
-    """
-    DES 解密
-    :param s: 加密后的字符串，16进制
-    :return:  解密后的字符串
-    """
-    secret_key = key
-    iv = secret_key
-    k = des(secret_key, CBC, iv, pad=None, padmode=PAD_PKCS5)
-    de = k.decrypt(binascii.a2b_hex(s), padmode=PAD_PKCS5)
-    return de
-
-
-def md5(str):
-    m = hashlib.md5()
-    b = str.encode(encoding='utf-8')
-    m.update(b)
-    return m.hexdigest()
-
-
 class Driver(object):
     def __init__(self):
         self._driver = self.create_driver()
@@ -176,6 +180,22 @@ class Driver(object):
     def driver(self):
         return self._driver
 
+    def switch(self):
+        pass
+
+    def new_page(self, url):
+        js = 'window.open("{}");'.format(url)
+        self.driver.execute_script(js)
+
+    def check(self):
+        # https://authet2.alipay.com/login/checkSecurity.htm
+        prop = {"auth": "https://authet2.alipay.com/login/checkSecurity.htm",
+                "login": "https://b.alipay.com/index2.htm"}
+        for k, url in prop.items():
+            if self.driver.current_url in url:
+                return k
+        return 'unknown'
+
 
 def get_driver():
     """
@@ -187,6 +207,7 @@ def get_driver():
 
 
 def do_tool(k):
+    logging.info("xdotool key {}".format(k))
     os.system("xdotool key {}".format(k))
     time.sleep(random.randint(1, 10) * 0.1)
 
@@ -209,8 +230,10 @@ def crop_code(img_path):
 
 def try_login(account, password):
     # todo 多次登录处理
+    # xdotool mousemove x y click 1 click 1
     driver = get_driver().driver
     driver.get("https://b.alipay.com/index2.htm")
+    time.sleep(1)
     [do_tool(k) for k in account]
     do_tool("Tab")
     [do_tool(k) for k in password]
@@ -234,22 +257,43 @@ def try_login(account, password):
     # do_tool("KP_Enter")
 
 
-@app.route('/token', methods=['GET', 'POST'])
-def token():
-    ip = request.form['ip']
-    timestamp = request.form['timestamp']
-    msg = request.form['msg']
-    user_agent = request.headers.environ['HTTP_USER_AGENT']
-    token = md5(user_agent + ip + str(timestamp))
-    crypto_email_text = base64.b64decode(msg)
-    if rsa.verify(token.encode(), crypto_email_text, pubkey) == 'SHA-1':
-        # 容器加载token
-        url = 'http://127.0.0.1:10086/set'
-        headers = {"appid": token}
-        resp = requests.get(url, headers=headers)
-        print(resp.text)
-        return 'ok'
-    return 'fail'
+def md5(s):
+    m = hashlib.md5()
+    b = s.encode(encoding='utf-8')
+    m.update(b)
+    return m.hexdigest()
+
+
+def check_driver(key='alipay'):
+    browser = get_driver()
+    driver = browser.driver
+    try:
+        window_handle = driver.current_window_handle
+        res = False
+        for handles in driver.window_handles:
+            driver.switch_to.window(handles)
+            if key in driver.current_url:
+                res = True
+                break
+        driver.switch_to.window(window_handle)
+        if not res:
+            browser.new_page("https://b.alipay.com/index2.htm")
+        return res
+
+    except NoSuchWindowException as e:
+        # 页面被关闭
+        logging.error("test test ******** no such window: window was already closed ********")
+        if driver.window_handles:
+            driver.switch_to.window(driver.window_handles[0])
+            browser.new_page("https://b.alipay.com/index2.htm")
+    except WebDriverException as e:
+        # unknown error: session deleted because of page crash
+        logging.error("test test ******** chrome not reachable ********")
+        builtins.__dict__['driver'] = Driver()
+        browser.new_page("https://b.alipay.com/index2.htm")
+    except Exception as e:
+        err = str(traceback.format_exc())
+        logging.error(err)
 
 
 # 接收账户密码接口
@@ -257,24 +301,45 @@ def token():
 def login_alipay():
     try:
         logging.info("demo")
-        body = request.form['body']
+        body = json.loads(request.data.decode())
+        t = body['t']
+        m = body['m']
+        body = rsa_long_decrypt(private_key, m)
         logging.info(body)
-        body = des_descrypt(base64.b64decode(body), md5(pubkey_s)[:8])
         if not body:
-            return "fail"
-        body = json.loads(body.decode())
+            return jsonify({"code": 300})
+        body = json.loads(body)
         account = body.get("account", "")
         password = body.get("password", "")
         if account and password:
             # try_login(account, password)
-            return 'ok'
-        return 'disenable param'
+            return jsonify({"code": 200})
+        return jsonify({"code": 201})
     except:
         import traceback
         logging.error(traceback.format_exc())
 
 
-# todo 定时任务检查
+# 定时任务配置类
+class SchedulerConfig(object):
+    JOBS = [
+        {
+            'id': 'check_driver',  # 任务id
+            'func': '__main__:check_driver',  # 任务执行程序
+            'args': (),  # 执行程序参数
+            'trigger': 'interval',  # 任务执行类型，定时器
+            'seconds': 6,  # 任务执行时间，单位秒
+        }
+    ]
+
+
+app.config.from_object(SchedulerConfig())
 
 if __name__ == '__main__':
-    app.run(port=8000)
+    # from flask_apscheduler import APScheduler
+    # scheduler = APScheduler()
+    # scheduler.init_app(app)
+    # scheduler.start()
+    app.run(host="0.0.0.0", port=8000)
+    # try_login(account, password)
+    # check_driver()

server/www/teleport/webroot/app/plugin/docker_build/supervisord.conf

@@ -26,7 +26,7 @@ command=/usr/bin/java -jar /root/selenium.jar
 autorestart=true
 
 [program:nginx]
-command=/usr/bin/nginx
+command=/usr/bin/nginx -g 'daemon off;'
 autorestart=true
 
 [program:fcitx]

server/www/teleport/webroot/app/plugin/docker_build/token_check.lua

+--
+-- Created by IntelliJ IDEA.
+-- User: nanda
+-- Date: 2021/1/25
+-- Time: 14:29
+-- To change this template use File | Settings | File Templates.
+--
+
+local n_err = ngx.ERR
+local n_warn = ngx.WARN
+local n_info = ngx.INFO
+local n_log = ngx.log
+local http = require("resty.http")
+local httpc = http.new()
+local cjson = require("cjson")
+local token = nil
+local args = nil
+
+
+
+-- security 权限校验接口
+local url = "http://172.30.20.128:6016/access/jwt/check/host/token";
+local rep;
+
+local resStr = { code = 500, message = "token is wrong" }
+local resStrJson = cjson.encode(resStr)
+
+
+
+n_log(n_err, "resStrJson == ", resStrJson)
+
+--获取参数的值
+if "GET" == ngx.req.get_method() then
+    args = ngx.req.get_uri_args()
+elseif "POST" == ngx.req.get_method() then
+    ngx.req.read_body()
+    args = ngx.req.get_post_args()
+end
+
+if args == nil then
+    n_log(n_err, "args 校验失败==  请求终止")
+    ngx.exit(ngx.HTTP_FORBIDDEN)
+    return resStrJson;
+end
+
+--local headers_tab = ngx.req.get_headers()
+--if headers_tab and token == nil then
+--    n_log(n_err,"token == ",headers_tab["token"])
+--    token = headers_tab["token"];
+--end
+
+function get_client_ip()
+    local headers = ngx.req.get_headers()
+    local ip = headers["X-REAL-IP"] or headers["X_FORWARDED_FOR"] or ngx.var.remote_addr or "0.0.0.0"
+    return ip
+end
+
+local request_ip = get_client_ip()
+
+token = args["token"]
+
+if token == nil then
+    token = ngx.var.cookie_token
+end
+
+
+
+
+
+--local getip = httpGet("http://ip.chinaz.com/getip.aspx")
+local ip, err = httpc:request_uri("https://api.ip.sb/ip", {
+    method = "GET"
+})
+
+n_log(n_err, "token ==  ", token)
+n_log(n_err, "ip ==  ", ip)
+n_log(n_err, "err ==  ", err)
+local reqStr = { token = token, productId = "host_ip=" .. ngx.var.client_ip}
+local reqStrJson = cjson.encode(reqStr)
+n_log(n_err, "reqStrJson == ", reqStrJson)
+
+
+
+
+-- http 请求
+local res, err = httpc:request_uri(url, {
+    method = "POST",
+    body = reqStrJson,
+    headers = {
+        ["Content-Type"] = "application/json",
+    }
+})
+
+-- local res = ngx.location.capture("/public_api",{method=ngx.HTTP_GET,body="token="..token,args={token=token}})
+
+if not res then
+    n_log(n_warn, "failed to request: ", err)
+    ngx.exit(ngx.HTTP_FORBIDDEN)
+    return resStrJson
+end
+
+n_log(n_err, "res.body == ", res.body)
+rep = res.body;
+local rep_json = cjson.decode(rep);
+
+
+if rep_json.code ~= 0 then
+    n_log(n_err, "token 校验失败==  请求终止")
+    ngx.exit(ngx.HTTP_FORBIDDEN)
+    return resStrJson;
+end
+
+--请求之后，状态码
+ngx.status = res.status
+if ngx.status ~= 200 then
+    n_log(n_err, "非200状态，ngx.status:" .. ngx.status)
+    ngx.exit(ngx.HTTP_FORBIDDEN)
+    return resStrJson
+end
+

server/www/teleport/webroot/app/plugin/docker_build/vnc-redir.conf

@@ -4,23 +4,8 @@ server {
     server_name _;
     gzip on;
     location / {
-		access_by_lua '
-		local cache_ngx = ngx.shared.my_cache
-        local token = ngx.var.cookie_token
-        if not token then
-            ngx.status = ngx.HTTP_FORBIDDEN
-            ngx.say(token)
-            ngx.exit(200)
-        end
-        local token2 = cache_ngx:get(token)
-        if not token2 then
-            local errs = "requests check fail"
-            ngx.status = ngx.HTTP_FORBIDDEN
-            ngx.say(errs)
-            ngx.exit(200)
-        end
-        return
-        ';
+		access_by_lua_file  mylua/token_check.lua;
+        # 转发至 VNC 服务
         proxy_pass http://127.0.0.1:8084;
         proxy_set_header Referer $http_referer;
         proxy_set_header Host $http_host;

server/www/teleport/webroot/app/plugin/remote.py

@@ -188,12 +188,14 @@ def install_docker(ip, username, password, pubkey):
         f.write(pubkey)
     push_file(ip, username, password,
               {"{path}/api-redir.conf": '/root/build/api-redir.conf',
-               "{path}/cache-redir.conf": "/root/build/cache-redir.conf",
+               "{path}/token_check.lua": "/root/build/token_check.lua",
+               "{path}/http.lua": "/root/build/http.lua",
+               "{path}/http_headers.lua": "/root/build/http_headers.lua",
                "{path}/vnc-redir.conf": "/root/build/vnc-redir.conf",
                "{path}/Dockerfile": "/root/build/Dockerfile",
                "{path}/supervisord.conf": "/root/build/supervisord.conf",
                "{path}/small_web.py": "/root/build/small_web.py",
-               temp_file: "/root/build/public.pem"}, "docker_build")
+               temp_file: "/root/build/private.pem"}, "docker_build")
 
 
 if __name__ == '__main__':