FilesExpand file tree

 dev

/

utils.py

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

72 lines (57 loc) · 2.36 KB

 dev

/

utils.py

Top

File metadata and controls

• Code
• Blame

72 lines (57 loc) · 2.36 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

# -*- coding: utf-8 -*-

#

import base64

from Cryptodome.PublicKey import RSA

from Cryptodome.Cipher import PKCS1_v1_5

from Cryptodome import Random

from django.conf import settings

from .notifications import DifferentCityLoginMessage

from audits.models import UserLoginLog

from audits.const import DEFAULT_CITY

from common.utils import get_request_ip

from common.utils import validate_ip, get_ip_city

from common.utils import get_logger

logger = get_logger(__file__)

def gen_key_pair():

""" 生成加密key

用于登录页面提交用户名/密码时，对密码进行加密（前端）/解密（后端）

"""

random_generator = Random.new().read

rsa = RSA.generate(1024, random_generator)

rsa_private_key = rsa.exportKey().decode()

rsa_public_key = rsa.publickey().exportKey().decode()

return rsa_private_key, rsa_public_key

def rsa_encrypt(message, rsa_public_key):

""" 加密登录密码 """

key = RSA.importKey(rsa_public_key)

cipher = PKCS1_v1_5.new(key)

cipher_text = base64.b64encode(cipher.encrypt(message.encode())).decode()

return cipher_text

def rsa_decrypt(cipher_text, rsa_private_key=None):

""" 解密登录密码 """

if rsa_private_key is None:

# rsa_private_key 为 None，可以能是API请求认证，不需要解密

return cipher_text

key = RSA.importKey(rsa_private_key)

cipher = PKCS1_v1_5.new(key)

cipher_decoded = base64.b64decode(cipher_text.encode())

# Todo: 弄明白为何要以下这么写，https://xbuba.com/questions/57035263

if len(cipher_decoded) == 127:

hex_fixed = '00' + cipher_decoded.hex()

cipher_decoded = base64.b16decode(hex_fixed.upper())

message = cipher.decrypt(cipher_decoded, b'error').decode()

return message

def check_different_city_login_if_need(user, request):

if not settings.SECURITY_CHECK_DIFFERENT_CITY_LOGIN:

return

ip = get_request_ip(request) or '0.0.0.0'

if not (ip and validate_ip(ip)):

city = DEFAULT_CITY

else:

city = get_ip_city(ip) or DEFAULT_CITY

city_white = ['LAN', ]

if city not in city_white:

last_user_login = UserLoginLog.objects.exclude(city__in=city_white) \

.filter(username=user.username, status=True).first()

if last_user_login and last_user_login.city != city:

DifferentCityLoginMessage(user, ip, city).publish_async()