| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340 |
- #!/usr/bin/env python3
- # -*- coding: utf-8 -*-
- import os
- import hashlib
- import json
- import time
- import uuid
- import boto3
- import requests
- from django.views import View
- from Ansjer.config import BASE_DIR, AWS_IOT_GETS3_PULL_CHINA_ID, AWS_IOT_GETS3_PULL_CHINA_SECRET, \
- AWS_IOT_GETS3_PULL_FOREIGN_ID, AWS_IOT_GETS3_PULL_FOREIGN_SECRET, AWS_ARN, AWS_IOT_SES_ACCESS_CHINA_REGION, \
- AWS_IOT_SES_ACCESS_FOREIGN_REGION_ASIA, AWS_IOT_SES_ACCESS_FOREIGN_REGION_EUROPE, \
- AWS_IOT_SES_ACCESS_FOREIGN_REGION_AMERICA
- from base64 import b64encode, encodebytes
- from Controller.DeviceConfirmRegion import Device_Region
- from Model.models import Device_User, Device_Info, iotdeviceInfoModel, UIDCompanySerialModel, \
- SerialNumberModel
- from Object.IOTCore.IotObject import IOTClient
- from Object.ResponseObject import ResponseObject
- from Object.TokenObject import TokenObject
- from Service.CommonService import CommonService
- import OpenSSL.crypto as ct
- class IotCoreView(View):
- def get(self, request, *args, **kwargs):
- request.encoding = 'utf-8'
- request_dict = request.GET
- operation = kwargs.get('operation', None)
- return self.validate(operation, request_dict, request)
- def post(self, request, *args, **kwargs):
- request.encoding = 'utf-8'
- request_dict = request.POST
- operation = kwargs.get('operation', None)
- return self.validate(operation, request_dict, request)
- def validate(self, operation, request_dict, request):
- response = ResponseObject()
- lang = request_dict.get('lang', 'en')
- response.lang = lang
- if operation == 'createKeysAndCertificate':
- return self.create_keys_and_certificate(request_dict, response, request)
- elif operation == 'requestPublishMessage':
- return self.request_publish_message(request_dict, response, request)
- elif operation == 'getS3PullKey':
- return self.get_s3_pull_key(request_dict, response, request)
- elif operation == 'thingRegroup':
- return self.thing_regroup(request_dict, response, request)
- else:
- token = TokenObject(request_dict.get('token', None))
- if token.code != 0:
- return response.json(token.code)
- response.lang = token.lang
- if operation == 'clearIotCerm':
- return self.clear_Iot_Cerm(request_dict, response)
- else:
- return response.json(404)
- # CVM注册 :正使用
- def create_keys_and_certificate(self, request_dict, response, request):
- uid = request_dict.get('uid', '')
- token = request_dict.get('token', None)
- uid_code = request_dict.get('uid_code', None)
- language = request_dict.get('language', None)
- time_stamp = request_dict.get('time_stamp', None)
- device_version = request_dict.get('device_version', None).replace('.', '_') # 物品组命名不能包含'.'
- if not all([token, time_stamp, device_version, language]):
- return response.json(444, {'param': 'token, uid_code, time_stamp, device_version, language'})
- # token时间戳校验
- token = int(CommonService.decode_data(token))
- time_stamp = int(time_stamp)
- now_time = int(time.time())
- distance = now_time - time_stamp
- if token != time_stamp or distance > 60000 or distance < -60000: # 为了全球化时间控制在一天内
- return response.json(404)
- if not uid:
- # 使用序列号
- serial_number = request_dict.get('serial_number', None)
- serial_number_code = request_dict.get('serial_number_code', None)
- if not all([serial_number, serial_number_code]):
- return response.json(444, {'param': 'serial_number, serial_number_code'})
- # 序列号编码解码校验
- serial_number_code = CommonService.decode_data(serial_number_code)
- if serial_number != serial_number_code:
- return response.json(404)
- serial = serial_number[0:6]
- try:
- SerialNumberModel.objects.get(serial_number=serial)
- except:
- return response.json(444)
- ThingNameSuffix = serial_number # 物品名后缀
- iotdeviceInfo_qs = iotdeviceInfoModel.objects.filter(serial_number=serial)
- else:
- # 使用uid
- # uid编码解码校验
- uid_code = CommonService.decode_data(uid_code)
- if uid != uid_code:
- return response.json(404)
- serial = '' # iot_deviceInfo表写入serial_number为''
- ThingNameSuffix = uid # 物品名后缀
- iotdeviceInfo_qs = iotdeviceInfoModel.objects.filter(uid=uid)
- # 判断设备是否已注册证书
- if not iotdeviceInfo_qs.exists():
- thingGroup = device_version + '_' + language
- ip = CommonService.get_ip_address(request)
- region_id = Device_Region().get_device_region(ip)
- iotClient = IOTClient(region_id)
- res = iotClient.create_keys_and_certificate(ThingNameSuffix, thingGroup, response)
- token_iot_number = hashlib.md5((str(uuid.uuid1()) + str(now_time)).encode('utf-8')).hexdigest()
- iotdeviceInfoModel.objects.create(uid=uid,
- serial_number=serial,
- endpoint=res[0]['endpoint'],
- certificate_id=res[0]['certificateId'],
- certificate_pem=res[0]['certificatePem'],
- public_key=res[0]['publicKey'],
- private_key=res[0]['privateKey'],
- thing_name=res[1]['ThingName'],
- thing_groups=res[1]['thingGroupName'],
- token_iot_number=token_iot_number
- )
- res = {
- 'certificateId': res[0]['certificateId'],
- 'certificatePem': res[0]['certificatePem'],
- 'publicKey': res[0]['publicKey'],
- 'privateKey': res[0]['privateKey'],
- 'endpoint': res[0]['endpoint']
- }
- return response.json(0, {'res': res})
- else:
- iot = iotdeviceInfo_qs[0]
- res = {
- 'certificateId': iot.certificate_id,
- 'certificatePem': iot.certificate_pem,
- 'publicKey': iot.public_key,
- 'privateKey': iot.private_key,
- 'endpoint': iot.endpoint
- }
- # print('此设备已注册证书')
- return response.json(0, {'res': res})
- def thing_regroup(self, request_dict, response, request):
- # 物品重新分组
- uid = request_dict.get('uid', '')
- token = request_dict.get('token', None)
- language = request_dict.get('language', None)
- time_stamp = request_dict.get('time_stamp', None)
- device_version = request_dict.get('device_version', None)
- if not all([token, language, time_stamp, device_version]):
- return response.json(444, {'param: token, language, time_stamp, device_version'})
- # 封装token认证
- token = int(CommonService.decode_data(token))
- time_stamp = int(time_stamp)
- now_time = int(time.time())
- distance = now_time - time_stamp
- if token != time_stamp or distance > 60000 or distance < -60000: # 为了全球化时间控制在一天内
- return response.json(404)
- ip = CommonService.get_ip_address(request)
- region_id = Device_Region().get_device_region(ip)
- iotClient = IOTClient(region_id)
- ThingNameSuffix = uid
- if not uid:
- # 使用序列号
- serial_number = request_dict.get('serial_number', None)
- if not serial_number:
- return response.json(444)
- ThingNameSuffix = serial_number
- thingName = 'Ansjer_Device_' + ThingNameSuffix
- new_thingGroupName = (device_version + '_' + language).replace('.', '_') # 物品组命名不能包含'.'
- try:
- # 获取旧物品组
- list_groups_res = iotClient.client.list_thing_groups_for_thing(thingName=thingName, maxResults=1)
- old_thingGroupName = list_groups_res['thingGroups'][0]['groupName']
- # 没有新物品组则创建
- list_thing_groups_res = iotClient.client.list_thing_groups(namePrefixFilter=new_thingGroupName
- , maxResults=1, recursive=False)
- if not list_thing_groups_res['thingGroups']:
- attributes = {
- "update_time": "0"
- }
- thingGroupProperties = {
- "thingGroupDescription": "OTA",
- "attributePayload": {
- "attributes": attributes,
- "merge": False # 更新时覆盖掉而不是合并
- }
- }
- iotClient.client.create_thing_group(thingGroupName=new_thingGroupName
- , thingGroupProperties=thingGroupProperties)
- iotClient.client.update_thing_groups_for_thing(thingName=thingName
- , thingGroupsToAdd=[new_thingGroupName]
- , thingGroupsToRemove=[old_thingGroupName])
- # 更新设备版本信息
- if uid:
- Device_Info.objects.filter(UID=uid).update(version=device_version)
- else:
- Device_Info.objects.filter(serial_number=serial_number).update(version=device_version)
- return response.json(0)
- except Exception as e:
- print(e)
- return response.json(500, repr(e))
- def clear_Iot_Cerm(self, userID, request_dict, response):
- serial_number = request_dict.get('serial_number', None)
- if serial_number:
- iot = iotdeviceInfoModel.objects.filter(thing_name="Ansjer_Device_" + serial_number)
- if iot.exists():
- iot.delete()
- return response.json(0)
- else:
- return response.json(444)
- def request_publish_message(self, request_dict, response, request):
- # Alexa请求IoT Core下发MQTT消息通知设备开始或停止推流,或唤醒设备
- UID = request_dict.get('UID', None)
- MSG = request_dict.get('MSG', None)
- if not all([UID, MSG]):
- return response.json(444)
- try:
- # 获取设备的物品名后缀
- device_info_qs = Device_Info.objects.filter(UID=UID).values('UID', 'serial_number')
- if not device_info_qs.exists():
- return response.json(10043)
- uid = device_info_qs[0]['UID']
- serial_number = device_info_qs[0]['serial_number']
- # 如果device_info表的serial_number不为空,物品名为'Ansjer_Device_序列号'
- thing_name_suffix = serial_number if serial_number != '' else uid
- # 获取数据组织将要请求的url
- iot = iotdeviceInfoModel.objects.filter(thing_name__contains=thing_name_suffix).values('thing_name',
- 'endpoint',
- 'token_iot_number')
- if not iot.exists():
- return response.json(10043)
- thing_name = iot[0]['thing_name'][14:] # IoT core上的物品名: Ansjer_Device_ + 序列号+企业编码/uid
- endpoint = iot[0]['endpoint']
- Token = iot[0]['token_iot_number']
- # Token = '297a601b3925e04daab5a60280650e09'
- topic_suffix = '_power_topic' if 'Turn' in MSG else '_rtsp_topic'
- topic_name = thing_name + topic_suffix # MQTT主题
- # api doc: https://docs.aws.amazon.com/zh_cn/iot/latest/developerguide/http.html
- # url: https://IoT_data_endpoint/topics/url_encoded_topic_name?qos=1
- # post请求url来发布MQTT消息
- url = 'https://{}/topics/{}'.format(endpoint, topic_name)
- authorizer_name = 'Ansjer_Iot_Auth'
- signature = CommonService.rsa_sign(Token) # Token签名
- headers = {'x-amz-customauthorizer-name': authorizer_name, 'Token': Token,
- 'x-amz-customauthorizer-signature': signature}
- params = {'command': MSG}
- r = requests.post(url=url, headers=headers, json=params, timeout=2)
- if r.status_code == 200:
- res = r.json()
- if res['message'] == 'OK':
- return response.json(0)
- return response.json(10044)
- else:
- # print('发布失败')
- return response.json(10044)
- except Exception as e:
- # print(e)
- return response.json(500, repr(e))
- def get_s3_pull_key(self, request_dict, response, request):
- # 通用发布主题通知
- UID = request_dict.get('UID', None)
- if not all([UID]):
- return response.json(444)
- try:
- # 获取检查uid的序列号,如果没有序列号,不使用MQTT下发消息
- device_info_qs = Device_Info.objects.filter(UID=UID).values('UID', 'serial_number')
- if not device_info_qs.exists():
- return response.json(10043)
- uid = device_info_qs[0]['UID']
- serial_number = device_info_qs[0]['serial_number']
- # 如果device_info表的serial_number不为空,物品名为'Ansjer_Device_序列号'
- thing_name_suffix = serial_number if serial_number != '' else uid
- # 获取数据组织将要请求的url
- iot = iotdeviceInfoModel.objects.filter(thing_name__contains=thing_name_suffix).values('thing_name',
- 'endpoint',
- 'token_iot_number')
- if not iot.exists():
- return response.json(10043)
- endpoint = iot[0]['endpoint']
- MSG = self.get_s3_key_return_msg(endpoint)
- return response.json(0,MSG)
- except Exception as e:
- # print(e)
- return response.json(500, repr(e))
- def get_s3_key_return_msg(self,endpoint):
- MSG = {}
- if 'cn-northwest-1' in endpoint :
- key = AWS_IOT_GETS3_PULL_CHINA_ID
- secret = AWS_IOT_GETS3_PULL_CHINA_SECRET
- arn = AWS_ARN[0]
- region_name = AWS_IOT_SES_ACCESS_CHINA_REGION
- else:
- key = AWS_IOT_GETS3_PULL_FOREIGN_ID
- secret = AWS_IOT_GETS3_PULL_FOREIGN_SECRET
- arn = AWS_ARN[1]
- if 'ap-southeast-1' in endpoint :
- region_name = AWS_IOT_SES_ACCESS_FOREIGN_REGION_ASIA
- if 'eu-west-1' in endpoint :
- region_name = AWS_IOT_SES_ACCESS_FOREIGN_REGION_EUROPE
- if 'us-east-1' in endpoint :
- region_name = AWS_IOT_SES_ACCESS_FOREIGN_REGION_AMERICA
- MSG['AccessKeyId'] = key
- MSG['AccessKeySecret'] = secret
- MSG['bucket_name'] = 'asj-log'
- MSG['arn'] = arn
- MSG['region_name'] = region_name
- return MSG
|
