修改上传包的下载路径加密的接口

Ansjer/urls.py

@@ -100,6 +100,8 @@ urlpatterns = [
     url(r'^OTA/getNewVer', OTAEquipment.getNewVerInterface),
     url(r'^OTA/uploadsPack$', OTAEquipment.uploadOTAInterfaceView.as_view()),
     url(r'^OTA/downloadsPack/(?P<fullPath>[0-9\w/.\-]+)', OTAEquipment.downloadOTAInterface),
+    url(r'^dlotapack/(?P<fullPath>[0-9\w/.\-]+)', OTAEquipment.downloadOTAInterfaceV2),
+
     # h获取验证码    # v2接口
     url(r'^v2/account/authcode$', UserController.v2authCodeView.as_view()),
     url(r'^v2/account/register$', UserController.v2registerView.as_view()),

Controller/EquipmentManager.py

@@ -616,12 +616,20 @@ def uid_status(request):
     response.lang = tko.lang
     if tko.code != 0:
         return response.json(tko.code)
+
     if not uid:
         qs = UID_App.objects.filter(userID_id=tko.userID).values('uid', 'status')
     else:
         qs = UID_App.objects.filter(uid=uid, userID_id=tko.userID).values('uid', 'status')
     data = {}
-
     for q in qs:
-        data[q['uid']]= {'push_status': q['status'],'cloudVod':[]}
+        dvqs = UID_Bucket.objects.filter(uid=q['uid'])
+        dvdict = CommonService.qs_to_dict(dvqs)
+        cloudVod = []
+        for p in dvdict['datas']:
+            # p['fields']['vod'] = []
+            cloudVod = p['fields']
+            print (p['fields'])
+        data[q['uid']]= {'push_status': q['status'],'cloudVod':cloudVod}
+
     return response.json(0, data)

Controller/EquipmentOTA.py

@@ -1,4 +1,5 @@
 import os
+import base64
 import simplejson as json
 import time
 from django.utils import timezone
@@ -10,8 +11,10 @@ from Ansjer.config import BASE_DIR, SERVER_DOMAIN
 from Model.models import Equipment_Version
 from Object.ResponseObject import ResponseObject
 from Object.TokenObject import TokenObject
+from Object.UrlTokenObject import UrlTokenObject
 from Service.CommonService import CommonService
 from Service.ModelService import ModelService
+from Object.base64Object import base64Object
 
 '''
 http://192.168.136.45:8077/equipment/OTA?token=test&operation=query&page=1&line=10
@@ -159,7 +162,9 @@ class EquipmentVersionView(View):
         if operation is None:
             return response.json(444, 'error path')
         elif operation == 'checkVer':
-            return self.do_check_ver(request_dict, response)
+            return self.do_check_value(request_dict, response)
+            # return self.do_check_ver(request_dict, response)
+
         token = request_dict.get('token', None)
         # 设备主键uid
         tko = TokenObject(token)
@@ -195,7 +200,7 @@ class EquipmentVersionView(View):
             path = file_path.replace('static/Upgrade/', '').replace('\\', '/')
             url = SERVER_DOMAIN + 'OTA/downloads/' + path + '?time=' + str(time.time())
         elif file_path.find('static/otapack') != -1:
-            url = SERVER_DOMAIN + 'OTA/downloadsPack/' + file_path + '?time=' + str(time.time())
+            url = SERVER_DOMAIN + 'OTA/downloadsPack/' +file_path+ '?time=' + str(time.time())
         else:
             return response.json(900, '2')
         res = {
@@ -205,6 +210,56 @@ class EquipmentVersionView(View):
             "softwareVersion": eqs[0].softwareVersion
         }
         return response.json(0, res)
+    # 修改加密的路径
+    def do_check_value(self, request_dict, response):
+        code = request_dict.get('code', None)
+        ov = request_dict.get('ov', None)
+        uid = request_dict.get('uid', '')
+        if not code:
+            return response.json(444, 'code')
+        eqs = Equipment_Version.objects.filter(code=uid, status=1, lang='en').order_by('-data_joined')
+
+        if not eqs.exclude():
+            eqs = Equipment_Version.objects.filter(code=code, status=1, lang='en').order_by('-data_joined')
+        if not eqs.exists():
+            return response.json(900)
+        if ov is not None:
+            # 判断大小
+            if ov > eqs[0].softwareVersion:
+                return response.json(0, {'softwareVersion': ov})
+        file_path = eqs[0].filePath
+        if file_path.find('static/Upgrade/') != -1:
+            path = file_path.replace('static/Upgrade/', '').replace('\\', '/')
+            # base64Object加密
+            # path = base64Object.generate_token(key="ansjer/"+CommonService.RandomStr(6) +"/"+path)
+
+            # 创建url的token
+            tko = UrlTokenObject()
+            path = tko.generate(data={'Url': "ansjer/"+CommonService.RandomStr(6) +"/"+ file_path})
+
+            url = SERVER_DOMAIN + 'OTA/downloads/' + path
+        elif file_path.find('static/otapack') != -1:
+            file_path = file_path
+            # base64Object加密
+            # file_path = base64Object.generate_token(key= "ansjer/"+CommonService.RandomStr(6) +"/"+ file_path)
+
+            # 创建url的token
+            tko = UrlTokenObject()
+            file_path = tko.generate(data={'Url': "ansjer/"+CommonService.RandomStr(6) +"/"+ file_path})
+
+            url = SERVER_DOMAIN + 'dlotapack/' +file_path
+        else:
+            return response.json(900, '2')
+
+
+        res = {
+            "url": url,
+            "fileSize": eqs[0].fileSize,
+            "Description": eqs[0].Description,
+            "softwareVersion": eqs[0].softwareVersion
+        }
+        print (url)
+        return response.json(0, res)
 
     def do_query(self, request_dict, response):
         mci = request_dict.get('mci', None)
@@ -222,6 +277,7 @@ class EquipmentVersionView(View):
         if code is not None:
             cv_qs = cv_qs.filter(code__contains=code)
         cv_qs = cv_qs.order_by('code').values_list('code', flat=True).distinct()
+        print (cv_qs)
         count = cv_qs.count()
         cv_qs = list(cv_qs[(page - 1) * line:page * line])
         # return response.json(0, cv_qs)

Controller/OTAEquipment.py

@@ -1,3 +1,5 @@
+import base64
+from Object.base64Object import base64Object
 from zlib import crc32
 from django.core import serializers
 from wsgiref.util import FileWrapper
@@ -13,6 +15,7 @@ from Service.CommonService import CommonService
 import time, os, simplejson as json
 from Object.ResponseObject import ResponseObject
 from Object.TokenObject import TokenObject
+from Object.UrlTokenObject import UrlTokenObject
 from django.http import HttpResponse
 from Ansjer.config import BASE_DIR
 
@@ -562,3 +565,49 @@ def downloadOTAInterface(request, fullPath, *callback_args, **callback_kwargs):
             return res.json(907)
     else:
         return res.json(444, 'fullPath')
+# ota包下载
+@csrf_exempt
+def downloadOTAInterfaceV2(request, fullPath, *callback_args, **callback_kwargs):
+    res = ResponseObject()
+    print('fullPath:')
+    print(fullPath)
+    # 解密base64的url的值
+    # try:
+    #     fp = base64Object.get_certify_token(token=fullPath+'==')
+    #     print("解密结果：", fp)
+    #     user_de = base64Object.certify_token(key=fp, token=fullPath+'==')
+    #     if user_de:
+    #         print("验证结果：", user_de)
+    #     else:
+    #         return res.json(907)
+    # except Exception as e:
+    #     return res.json(906, repr(e))
+
+    # 解密url的token
+    url_token = UrlTokenObject(fullPath)
+    if ( '' == url_token.Url):
+        print('过期了')
+        return res.json(907)
+    else:
+        print (url_token.Url)
+        fp = url_token.Url
+    fullPath = fp[14:]
+    if fullPath:
+        if os.path.isfile(fullPath):
+            try:
+                wrapper = FileWrapper(open(fullPath, 'rb'))
+                response = HttpResponse(wrapper, content_type="application/octet-stream")
+                response['Content-Length'] = os.path.getsize(fullPath)
+                response['Content-Disposition'] = 'attachment; filename=%s' % os.path.basename(fullPath)
+                response['Content-MD5'] = getMD5orSHA265(fullPath)
+                # 校验文件md5值
+                response['Content-SHA265'] = getMD5orSHA265(fullPath, 'SHA265')
+                response['Content-CRC32'] = getMD5orSHA265(fullPath, 'CRC32')
+                response['Content-Error'] = res.formal(0)
+                return response
+            except Exception as e:
+                return res.json(906, repr(e))
+        else:
+            return res.json(907)
+    else:
+        return res.json(444, 'fullPath')

Controller/UidappController.py

@@ -18,7 +18,7 @@ http://192.168.136.39:8000/uidApp/adminQuery?token=local&page=1&line=10
   管理员删除信息
 http://192.168.136.39:8000/uidApp/adminDelete?token=local&id=2
   管理员添加信息
-http://192.168.136.39:8000/uidApp/adminAdd?token=local&uid=321&appBundleId=com.ansjer.accloud&app_type=2&token_val=ertewtwetrewrt
+http://192.168.136.39:8000/uidApp/adminAdd?token=local&uid=JW3684H8BSHG9TTM111A&appBundleId=com.ansjer.accloud&app_type=2&token_val=ertewtwetrewrt
   管理员编辑信息
 http://192.168.136.39:8000/uidApp/adminEdit?token=local&id=6&content={"token_val":"9999"}
 '''
@@ -92,9 +92,10 @@ class UidappView(View):
             if not omqs.exists():
                 return response.json(0, [])
             count = omqs.count()
-            order_ql = omqs[(page - 1) * line:page * line]. \
-                values("id", "uid", "app_type", "token_val", "addTime", "updTime", "app__id", "app__appName")
+            order_ql = omqs[(page - 1) * line:page * line].values("id", "uid", "app_type","appBundleId","push_type", "token_val", "addTime", "updTime","status", "userID__username")
+
             order_list = list(order_ql)
+            print (order_list)
             return response.json(0, {'data': order_list, 'count': count})
 
         else:

Controller/VodBucket.py

@@ -238,3 +238,4 @@ class UidBucketView(View):
                 'count': ubqs.count()
             }
             return response.json(0, res)
+

Model/models.py

@@ -568,7 +568,7 @@ class UID_App(models.Model):
     userID = models.ForeignKey(Device_User, to_field='userID', on_delete=models.CASCADE)
     uid = models.CharField(max_length=20, verbose_name='设备UID')
     appBundleId = models.CharField(blank=True, max_length=32, verbose_name=u'appID')
-    app_type = models.IntegerField(default=0, verbose_name=u'app类型')
+    app_type = models.IntegerField(default=0, verbose_name=u'app类型 1:ios,2:安卓')
     push_type = models.IntegerField(default=0, verbose_name=u'推送类型')  # 0,apns 1,安卓gcm 2,激光
     token_val = models.CharField(default='', max_length=160, verbose_name=u'设备验证令牌')
     status = models.SmallIntegerField(default=0, verbose_name='状态[0:关闭,1:开启,2:用户解绑]')

Object/UrlTokenObject.py

@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""
+@Copyright (C) ansjer cop Video Technology Co.,Ltd.All rights reserved.
+@AUTHOR: ASJRD019
+@NAME: AnsjerFormal
+@software: PyCharm
+@DATE: 2019/4/17 11:46
+@Version: python3.6
+@MODIFY DECORD:ansjer dev
+@file: UidTokenObject.py
+@Contact:
+"""
+from Ansjer.config import UID_TOKEN_KEY
+import jwt, time
+
+
+class UrlTokenObject:
+
+    def __init__(self, token=None):
+        self.token = token
+        self.Url = ''
+        self.flag = self.valid()
+
+    def valid(self):
+        try:
+            token = self.token
+            if self.token is None:
+                return False
+            res = jwt.decode(token, '12345', algorithms='HS256')
+            # print(res)
+            Url = res.get('Url', None)
+            if Url is None:
+                return False
+            self.Url = Url
+        except jwt.ExpiredSignatureError as e:
+            # print('过期')
+            return False
+
+    def generate(self, data={}):
+        now_stamp = int(time.time())
+        # print (now_stamp)
+        data['exp'] = 300 + now_stamp
+        token = jwt.encode(data, '12345', algorithm='HS256').decode('utf-8')
+        self.token=token
+        return token

Object/base64Object.py

@@ -0,0 +1,90 @@
+# -*- coding: utf-8 -*-
+import hashlib
+
+# 待加密内容
+# strdata = "xiaojingjiaaseafe16516506ng"
+#
+# h1 = hashlib.md5()
+# h1.update(strdata.encode(encoding='utf-8'))
+#
+# strdata_tomd5 = h1.hexdigest()
+#
+# print("原始内容：", strdata, ",加密后：", strdata_tomd5)
+
+import time
+import base64
+
+class base64Object:
+    # 生产token
+    def generate_token(key, expire=300):
+        '''
+            @Args:
+                key: str (用户给定的key，需要用户保存以便之后验证token,每次产生token时的key 都可以是同一个key)
+                expire: int(最大有效时间，单位为s)
+            @Return:
+                state: str
+        '''
+        ts_str = str(time.time() + expire)
+        token = ts_str + ':' + key
+        b64_token = base64.urlsafe_b64encode(token.encode("utf-8"))
+        return b64_token.decode("utf-8")
+
+
+    # 解密token
+    def get_certify_token(token):
+        '''
+            @Args:
+                key: str
+                token: str
+            @Returns:
+                boolean
+        '''
+        token_str = base64.urlsafe_b64decode(token).decode('utf-8')
+        token_list = token_str.split(':')
+        if len(token_list) != 2:
+            return '长度不对'
+        known_sha1_tsstr = token_list[1]
+        return known_sha1_tsstr
+
+    # 验证token
+    def certify_token(key, token):
+        '''
+            @Args:
+                key: str
+                token: str
+            @Returns:
+                boolean
+        '''
+        token_str = base64.urlsafe_b64decode(token).decode('utf-8')
+        token_list = token_str.split(':')
+        if len(token_list) != 2:
+            return False
+        ts_str = token_list[0]
+        print (float(ts_str))
+        print (time.time())
+        print (float(ts_str) < time.time())
+        if float(ts_str) < time.time():
+            # token expired
+            return False
+
+        known_sha1_tsstr = token_list[1]
+        print (66666666666666)
+        print (known_sha1_tsstr != key)
+        if known_sha1_tsstr != key:
+            # token certification failed
+            return False
+        # token certification success
+        return True
+
+    #
+    # key = "xiaojingjing"
+    # print("key：", key)
+    # user_token = generate_token(key=key)
+    #
+    # print("加密后：", user_token)
+    # user_de = certify_token(key=key, token=user_token)
+    # print("验证结果：", user_de)
+    #
+    # key = "xiaoqingqing"
+    # user_de = certify_token(key=key, token=user_token)
+    # print("验证结果：",user_de)