20201229 linux 添加 vnc 远程

server/www/teleport/webroot/app/base/plugin.py

@@ -206,12 +206,12 @@ class StoreDBBase(object):
 
     def execute(self, sql):
         session = self.get_session(self.engine)
+        cursor = session.execute(sql)
         try:
-            # self.logger.info('execute sql:{}'.format(str(sql)))
-            session.execute(sql)
-        except:
-            log.e("execute sql error:{}".format(traceback.format_exc()))
+            fields = cursor._metadata.keys
+            return [dict(zip(fields, item)) for item in cursor.fetchall()]
         finally:
+            cursor.close()
             session.close()
 
 

server/www/teleport/webroot/app/controller/__init__.py

@@ -291,22 +291,24 @@ controllers = [
     (r'/plugin/free_host', plugin.FreeHostHandler),
     # 服务器远程信息
     (r'/plugin/session_info', plugin.GetSessionInfoHandler),
+    # VNC服务器远程信息
+    (r'/plugin/vnc_session', plugin.GetVNCInfoHandler),
     # 绑定支付宝账户
     (r'/plugin/bind_list', plugin.BindAccountListHandler),
     # 绑定支付宝账户
     (r'/plugin/bind_pay_account', plugin.BindPayAccountHandler),
+    # 密码修改
+    (r'/plugin/password_update', plugin.PasswordUpdateHandler),
     # 账户状态
     (r'/plugin/account_status', plugin.AccountStatusHandler),
     # 主机监控状态
     (r'/plugin/host_monitor', plugin.HostMonitorHandler),
-    # 账户账户密码获取
+    # 账户密码获取
     (r'/plugin/account_info', plugin.AccountInfoHandler),
     # 商城狀態查詢
     (r'/plugin/shop_info', plugin.ShopInfoHandler),
     # 商城綁定接口
     (r'/plugin/shop_bind', plugin.ShopBindHandler),
-    # 密码修改
-    (r'/plugin/password_update', plugin.PasswordUpdateHandler),
     # 下载地址获取接口
     (r'/plugin/bat_download_url', plugin.BatDownloadHandler),
     # token 获取

server/www/teleport/webroot/app/controller/script.py

@@ -35,7 +35,7 @@ def update_shop_info(site, webname, host_id=0, status=2, **kwargs):
 
 
 def install_shop(ssh, site, ip, webname, sub=""):
-    stdin, stdout, stderr = ssh.exec_command("sh /root/install-shop.sh {} {} {} '{}'".format(site, ip, webname, sub))
+    stdin, stdout, stderr = ssh.exec_command("sh /root/install-shop_build.sh {} {} {} '{}'".format(site, ip, webname, sub))
 
     # 获取命令结果
     res, err = stdout.read(), stderr.read()
@@ -71,7 +71,7 @@ def push_file(ip, username, password):
     try:
         p.put('{}/install-bt.sh'.format(path), '/root/install-bt.sh')  # 上传文件到远程机
         p.put('{}/auto_install.py'.format(path), '/root/auto_install.py')  # 上传文件到远程机
-        p.put('{}/install-shop.sh'.format(path), '/root/install-shop.sh')  # 上传文件到远程机
+        p.put('{}/install-shop_build.sh'.format(path), '/root/install-shop_build.sh')  # 上传文件到远程机
     finally:
         nimei.close()
         p.close()

server/www/teleport/webroot/app/model/plugin.py

@@ -24,7 +24,7 @@ def get_host_list(sql_limit, os_type, ip, search, status):
     s = SQL(get_db())
     s.select_from('remote_host',
                   ['id', 'assets_num', 'os_type', 'ip', 'status', 'username', 'password', 'name', 'remark',
-                   'create_time'],
+                   'create_time', 'bind_status', 'bind_remark'],
                   alt_name='h')
 
     str_where = ''
@@ -186,27 +186,6 @@ def add_account_host_bind(handler, args):
     _time_now = tp_timestamp_utc_now()
     operator = handler.get_current_user()
 
-    # 1. 判断账户是否已经存在了
-    # 1.1 todo 禁用主机可以重新绑定
-    if args.get("account", ""):
-        sql = 'SELECT id FROM tp_remote_account_host_bind WHERE account="{}" '.format(args['account'])
-        db_ret = db.query(sql)
-        if db_ret is not None and len(db_ret) > 0:
-            return TPE_EXISTS, 0
-
-    # 2. 判断host_id 是否存在
-    sql = 'SELECT id FROM tp_remote_host WHERE id="{}"'.format(args['host_id'])
-    db_ret = db.query(sql)
-    if not db_ret:
-        return TPE_NOT_EXISTS, 0
-
-    # 3. 是否已经存在不同资质公司
-    sql = 'SELECT comp_id FROM tp_remote_account_host_bind WHERE host_id={}'.format(args['host_id'])
-    db_ret = db.query(sql)
-    comp_id = args.get('comp_id')
-    if db_ret and (comp_id,) not in db_ret:
-        return TPE_FAILED, 0
-
     sql = 'INSERT INTO `tp_remote_account_host_bind` (biz_id,mch_no, comp_id, host_id, host_assigned, account_source, account, password, login_status, mch_name, create_time, create_by, update_time, update_by) VALUES ' \
           '({biz_id},"{mch_no}", {comp_id}, {host_id}, {host_assigned}, {account_source}, "{account}", "{password}", {login_status},"{mch_name}", "{create_time}", "{create_by}", "{update_time}", "{update_by}");' \
           ''.format(mch_no=args.get("mch_no", ""), comp_id=args.get("comp_id", 0), host_id=args.get("host_id", 0),
@@ -231,57 +210,6 @@ def add_account_host_bind(handler, args):
     return TPE_OK, _id
 
 
-def update_account_host_bind(handler, args):
-    db = get_db()
-    _time_now = tp_timestamp_utc_now()
-    operator = handler.get_current_user()
-
-    # 1. 判断账户是否已经存在了
-    sql = 'SELECT comp_id FROM tp_remote_account_host_bind WHERE host_id="{}"'.format(args['host_id'])
-    db_ret = db.query(sql)
-
-    if not db_ret:
-        return TPE_NOT_EXISTS
-
-    # 不允许修改公司资质
-    if str(db_ret[0][0]) != str(args['comp_id']):
-        return TPE_FAILED
-
-    # 2. 判断host_id 是否存在
-    sql = 'SELECT id FROM tp_remote_account_host_bind WHERE host_id="{}" and mch_no = "{}"'.format(args['host_id'],
-                                                                                                   args['mch_no'])
-    db_ret = db.query(sql)
-    if not db_ret:
-        return TPE_NOT_EXISTS
-
-    id = db_ret[0][0]
-    sql = 'UPDATE `tp_remote_account_host_bind` SET ' \
-          '`mch_no`="{mch_no}", `comp_id`={comp_id}, `host_id`="{host_id}", ' \
-          '`host_assigned`={host_assigned}, `account_source`="{account_source}", `account`="{account}",  ' \
-          '`login_status`="{login_status}", `mch_name`="{mch_name}", `update_time`="{update_time}", `update_by`="{update_by}" WHERE `id`={id};' \
-        .format(mch_no=args.get("mch_no", ""), comp_id=args.get("comp_id", 0), host_id=args.get("host_id", 0),
-                host_assigned=args.get("host_assigned", 0), account_source=args.get("account_source", 1),
-                account=args.get("account", ""), password=args.get("password", ""),
-                login_status=args.get("login_status", 0), mch_name=args.get("mch_name", ""),
-                update_time=_time_now, update_by=operator['id'], id=id)
-
-    db_ret = db.exec(sql)
-    if not db_ret:
-        return TPE_DATABASE
-
-    if args.get("password"):
-        sql = 'UPDATE `tp_remote_account_host_bind` SET `password` = "{password}" WHERE `id`={id};' \
-            .format(password=args.get("password", ""), id=id)
-        db_ret = db.exec(sql)
-        if not db_ret:
-            return TPE_DATABASE
-
-    # operator = handler.get_current_user()
-    # syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "更新用户信息：{}".format(args['username']))
-
-    return TPE_OK
-
-
 def get_session_info(host_id, mch_no, ip):
     db = get_db()
 
@@ -403,3 +331,28 @@ def add_shop_bind(handler, args):
 
     # 更新主机相关账号数量
     return TPE_OK, _id
+
+
+def add_rsa_key(handler, host_id, pubkey, privkey):
+    db = get_db()
+    _time_now = tp_timestamp_utc_now()
+    operator = handler.get_current_user()
+
+    sql = 'INSERT INTO `tp_remote_host_key` (host_id, pubkey, privkey, type, status,create_time, create_by, update_time, update_by) VALUES ' \
+          '({host_id}, "{pubkey}", "{privkey}", "{type}", {status},{create_time}, "{create_by}", {update_time}, "{update_by}");' \
+          ''.format(host_id=host_id, pubkey=pubkey, privkey=privkey, type="RSA", status=1, create_time=_time_now,
+                    create_by=operator['id'], update_time=_time_now, update_by=operator['id'])
+
+    db_ret = db.exec(sql)
+    if not db_ret:
+        return TPE_DATABASE, 0
+
+    _id = db.last_insert_id()
+
+    # acc_name = '{}@{}'.format(args['username'], args['host_ip'])
+    # if len(args['router_ip']) > 0:
+    #     acc_name += '（由{}:{}路由）'.format(args['router_ip'], args['router_port'])
+    # syslog.sys_log(operator, handler.request.remote_ip, TPE_OK, "创建账号：{}".format(acc_name))
+
+    # 更新主机相关账号数量
+    return TPE_OK, _id

server/www/teleport/webroot/app/plugin/const.py

+# coding: utf-8
+
+code_comp = {
+    0: "成功",
+    2: "失败",
+    1001: "传入不符合接口规范",  # 可自填
+    2001: "主机信息异常",
+    2002: "账户信息异常",
+    2003: "企业信息异常"
+}

server/www/teleport/webroot/app/plugin/demo_alipay.py

+# coding: utf-8
+import os
+
+from selenium import webdriver
+
+options = webdriver.ChromeOptions()
+options.add_argument("--no-sandbox")
+# options.add_argument('--disable-dev-shm-usage')
+options.add_experimental_option("excludeSwitches", ['enable-automation'])
+# options.add_argument("--remote-debugging-port=9222")
+# options.headless = True
+command_executor = "http://localhost:4444/wd/hub"
+driver = webdriver.Remote(command_executor, desired_capabilities=options.to_capabilities())
+import time
+
+# time.sleep(5)
+driver.get("https://b.alipay.com/index2.htm")
+
+driver.get_screenshot_as_file('screenshot1.png')
+import random
+
+
+def do_tool(k):
+    os.system("xdotool key {}".format(k))
+    time.sleep(random.randint(1, 10) * 0.1)
+
+
+[do_tool(k) for k in '18826140775']
+do_tool("Tab")
+[do_tool(k) for k in 'v4f8169l']
+do_tool("Tab")
+do_tool("Tab")
+do_tool("Tab")
+do_tool("Shift+Tab")
+do_tool("Shift+Tab")
+
+# 获取截图
+driver.get_screenshot_as_file('screenshot.png')
+
+import cv2
+
+
+def crop_code(img_path):
+    img = cv2.pyrDown(cv2.imread(img_path, cv2.IMREAD_UNCHANGED))
+    img2 = cv2.imread(img_path)
+
+    ret, thresh = cv2.threshold(cv2.cvtColor(img.copy(), cv2.COLOR_BGR2GRAY), 127, 255, cv2.THRESH_BINARY)
+    contours, hier = cv2.findContours(thresh, cv2.RETR_EXTERNAL, cv2.CHAIN_APPROX_SIMPLE)
+    for c in contours:
+        x, y, w, h = cv2.boundingRect(c)
+        if w < 30 or h < 20 or w * h > 1000:
+            continue
+        cv2.rectangle(img, (x, y), (x + w, y + h), (0, 255, 0), 2)
+        cropImg = img2[y * 2:(y + h) * 2, x * 2:(x + w) * 2]
+        cv2.imwrite("code.png", cropImg)
+        return "code.png"
+
+
+path = crop_code("screenshot0.png")
+
+from example import FateadmApi
+
+pd_id = "122334"
+pd_key = "CvSAzmpNTCk953nPqrciORQ5LaMmwsSZ"
+app_id = "322334"
+app_key = "ZVZG1lpunkJrrGA0xPJJgfRHHa384ycQ"
+pred_type = "30400"
+# 初始化api接口
+other_api = FateadmApi(app_id, app_key, pd_id, pd_key)
+
+rsp = other_api.PredictFromFile("30400", "code.png", "demo")
+code = rsp.pred_rsp.value
+print(code)
+[do_tool(k) for k in code]
+do_tool("KP_Enter")

server/www/teleport/webroot/app/plugin/docker_build/Dockerfile

+FROM ubuntu:18.04
+
+RUN set -xe          \
+    && echo '#!/bin/sh' > /usr/sbin/policy-rc.d         \
+    && echo 'exit 101' >> /usr/sbin/policy-rc.d         \
+    && chmod +x /usr/sbin/policy-rc.d           \
+    && dpkg-divert --local --rename --add /sbin/initctl         \
+    && cp -a /usr/sbin/policy-rc.d /sbin/initctl        \
+    && sed -i 's/^exit.*/exit 0/' /sbin/initctl                 \
+    && echo 'force-unsafe-io' > /etc/dpkg/dpkg.cfg.d/docker-apt-speedup                 \
+    && echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > /etc/apt/apt.conf.d/docker-clean       \
+    && echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> /etc/apt/apt.conf.d/docker-clean  \
+    && echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> /etc/apt/apt.conf.d/docker-clean          \
+    && echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/docker-no-languages              \
+    && echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/docker-gzip-indexes           \
+    && echo 'Apt::AutoRemove::SuggestsImportant "false";' > /etc/apt/apt.conf.d/docker-autoremove-suggests
+
+RUN rm -rf /var/lib/apt/lists/*
+RUN mkdir -p /run/systemd \
+    && echo 'docker' > /run/systemd/container
+CMD ["/bin/bash"]
+ENV HOME=/root
+#ENV DEBIAN_FRONTEND=noninteractive
+#ENV LC_ALL=C.UTF-8
+#ENV LANG=zh_CN.UTF-8
+#ENV LANGUAGE=zh_CN.UTF-8
+ENV TZ=Asia/Shanghai
+#ENV SCREEN_RESOLUTION=1280x900
+
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime \
+    && echo $TZ > /etc/timezone
+
+RUN sed -i "s@http://deb.debian.org@http://mirrors.aliyun.com@g" /etc/apt/sources.list && rm -Rf /var/lib/apt/lists/*
+
+RUN apt-get update \
+    && apt-get -y install       xvfb    x11vnc  supervisor      fluxbox         git-core        git     ttf-wqy-microhei        ttf-wqy-zenhei  xfonts-wqy      wget    gnupg  unzip  fcitx-bin  fcitx-table  fcitx-pinyin
+
+
+#
+# 設定輸入法預設切換熱鍵 SHIFT-SPACE
+#
+RUN mkdir -p /root/.config/fcitx && \
+	echo [Hotkey] > /root/.config/fcitx/config && \
+	echo TriggerKey=SHIFT_SPACE >> /root/.config/fcitx/config \
+	echo SwitchKey=Disabled >> /root/.config/fcitx/config \
+	echo IMSwitchKey=False >> /root/.config/fcitx/config
+#http://dl.google.com/linux/chrome/deb/
+#https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
+#https://dl.google.com/linux/direct/google-chrome-stable_current_i386.deb
+#RUN echo "deb http://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list \
+#    &&  wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - \
+#    &&  apt-get update \
+#    &&  apt-get install google-chrome-stable -y \
+#    &&  apt-get install -fy
+#===============
+# Google Chrome
+#===============
+RUN mkdir -p /etc/opt
+COPY google-chrome-stable_current_amd64.deb /etc/opt/google-chrome-stable_current_amd64.deb
+RUN apt install  -fy /etc/opt/google-chrome-stable_current_amd64.deb
+
+RUN apt-get autoclean
+WORKDIR /root
+RUN git clone https://github.com/novnc/noVNC.git \
+    && ln -s /root/noVNC/vnc_auto.html /root/noVNC/index.html
+
+#==============================
+# Java8 - OpenJDK JRE headless
+# Minimal runtime used for executing non GUI Java programs
+#==============================
+# Regarding urandom see
+#  http://stackoverflow.com/q/26021181/511069
+#  https://github.com/SeleniumHQ/docker-selenium/issues/14#issuecomment-67414070
+
+RUN apt -qqy update \
+  && apt -qqy install \
+    openjdk-8-jre-headless \
+  && sed -i '/securerandom.source=/ s|/dev/u?random|/dev/./urandom|g' \
+       /etc/java-*/security/java.security \
+  && apt -qyy autoremove \
+  && rm -rf /var/lib/apt/lists/* \
+  && apt -qyy clean
+
+
+#=================
+# Selenium latest
+#=================
+ARG SEL_DIRECTORY="3.14"
+ENV SEL_VER="3.141.59"
+
+RUN wget -nv "https://github.com/dosel/selenium/releases/download/selenium-3.141.59-patch-d47e74d6f2/selenium.jar" \
+  && ln -s "selenium.jar" \
+           "selenium-server-standalone-${SEL_VER}.jar" \
+  && ln -s "selenium.jar" \
+           "selenium-server-standalone-3.jar"
+
+
+
+#==================
+# Chrome webdriver
+#==================
+# How to get cpu arch dynamically: $(lscpu | grep Architecture | sed "s/^.*_//")
+ARG CHROME_DRIVER_VERSION="78.0.3904.70"
+ENV CHROME_DRIVER_BASE="chromedriver.storage.googleapis.com" \
+    CPU_ARCH="64"
+ENV CHROME_DRIVER_FILE="chromedriver_linux${CPU_ARCH}.zip"
+ENV CHROME_DRIVER_URL="https://${CHROME_DRIVER_BASE}/${CHROME_DRIVER_VERSION}/${CHROME_DRIVER_FILE}"
+# Gets latest chrome driver version. Or you can hard-code it, e.g. 2.15
+RUN  wget -nv -O chromedriver_linux${CPU_ARCH}.zip ${CHROME_DRIVER_URL}
+
+RUN unzip chromedriver_linux${CPU_ARCH}.zip
+RUN rm chromedriver_linux${CPU_ARCH}.zip \
+  && mv chromedriver \
+        chromedriver-${CHROME_DRIVER_VERSION} \
+  && chmod 755 chromedriver-${CHROME_DRIVER_VERSION} \
+  && ln -s chromedriver-${CHROME_DRIVER_VERSION} \
+           chromedriver \
+  && ln -s /root/chromedriver /usr/bin
+
+
+RUN apt-get update && apt-get install -y \
+    autoconf \
+    automake \
+    libtool \
+    libffi-dev \
+    git \
+    libssl-dev \
+    xorg-dev \
+    libvncserver-dev \
+    dbus-x11
+
+
+# download  source code
+RUN cd /root && mkdir src && cd src && git clone https://github.com/LibVNC/x11vnc
+
+# compile and install , default install path /usr/local/bin/x11vnc
+RUN apt-get remove -y x11vnc \
+    && cd /root/src/x11vnc \
+    && autoreconf -fiv \
+    && ./configure \
+    && make \
+    && make install
+
+#==================
+# python3
+#==================
+RUN apt-get update && apt-get install -y \
+    python3 \
+    python3-pip \
+    && pip3 install selenium selenium-requests
+
+
+#==================
+# nginx
+#==================
+RUN apt-get update && apt-get install -y \
+    libpcre3-dev \
+    openssl \
+    ruby \
+    zlib1g \
+    zlib1g.dev
+
+RUN cd /root &&wget https://openresty.org/download/openresty-1.13.6.2.tar.gz && tar xzvf openresty-1.13.6.2.tar.gz \
+    && cd openresty-1.13.6.2/ \
+    && ./configure \
+    && make \
+    && make install \
+    && ln /usr/local/openresty/nginx/sbin/nginx /usr/bin/nginx \
+    && var="    include  /usr/local/openresty/nginx/conf/conf.d/*.conf;" \
+    && sed -i "/gzip  on;/ a\\$var" /usr/local/openresty/nginx/conf/nginx.conf \
+    && var="    lua_shared_dict my_cache 64m;" \
+    && sed -i "/gzip  on;/ a\\$var" /usr/local/openresty/nginx/conf/nginx.conf \
+    && mkdir -p /usr/local/openresty/nginx/conf/conf.d \
+    && mkdir -p /var/log/nginx
+
+COPY api-redir.conf /usr/local/openresty/nginx/conf/conf.d/api-redir.conf
+COPY cache-redir.conf /usr/local/openresty/nginx/conf/conf.d/cache-redir.conf
+
+#==================
+# xdotool 自动化工具
+#==================
+RUN apt-get update && apt-get install -y \
+    xdotool \
+    cmake
+
+RUN pip3 install scikit-build && pip3 install opencv-python requests flask rsa
+
+
+COPY vnc-redir.conf /usr/local/openresty/nginx/conf/conf.d/vnc-redir.conf
+RUN mkdir -p /root/main
+COPY public.pem /root/main/public.pem
+COPY small_web.py /root/main/small_web.py
+RUN pip3 install pyDes
+
+#==================
+# 调试用工具
+#==================
+RUN apt-get update && apt-get install -y \
+    lsof \
+    vim
+
+
+ENV \
+	# 時區
+	TZ=Asia/Shanghai \
+	# 系統語系
+	LANG=zh_CN.UTF-8 \
+	LANGUAGE=zh_CN \
+	LC_ALL=zh_CN.UTF-8 \
+	# 輸入法
+	XMODIFIERS="@im=fcitx" \
+	GTK_IM_MODULE=fcitx \
+	QT_IM_MODULE=fcitx \
+	#
+	DISPLAY=:0 \
+	SCREEN_RESOLUTION=1280x900
+
+
+COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+
+ENV DISPLAY=:0
+EXPOSE 5900
+EXPOSE 8083
+EXPOSE 8080
+
+VOLUME ["/cfg"]
+CMD ["/usr/bin/supervisord"]
+
+
+#docker run -d --name firefox -p 8083:8083 -p 5900:5900 -p 4444:4444 oldiy/chrome-novnc:latest
+
+#docker run -d -p 8083:8083 -p 5900:5900 -p 8080:8080 demo
+#docker run -d  -p 28083:8083 -p 25900:5900 -p 28080:8080 novnc
+#docker run -d -p 5900:5900  -p 5800:5800 docker.io/raykuo/chrome-jdownloader2
+#docker run  -e LANG=zh_CN -e LANGUAGE=zh_CN -e LC_ALL=zh_CN -p 5900:5900  -p 5800:5800 docker.io/raykuo/chrome-jdownloader2
+#/usr/bin/x11vnc -nobell
+#/usr/local/bin/x11vnc
+#/usr/bin/x11vnc
+#docker run -d -p 8083:8083 -p 5900:5900 oldiy/chrome-novnc:latest

server/www/teleport/webroot/app/plugin/docker_build/api-redir.conf

+server {
+    # ===> 监听端口
+    listen    8080;
+
+    # 编码
+    charset   utf-8;
+
+    # ===> 域名可以有多个，用空格隔开，本地测试先修改/etc/hosts
+    server_name _;
+
+    # 开启gzip压缩输出
+    gzip on; 
+
+    
+    # 定义本虚拟主机的访问日志
+    access_log /var/log/nginx/api_access.log combined buffer=1k;
+    error_log /var/log/nginx/api_error.log info;
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+	
+    # 防爬
+    location /robots.txt {
+        return 200 'User-agent: *\nDisallow: /';
+    }
+
+    # 日志
+    location ~/logs/.*\.(log|txt|zip)$ {
+        expires 1d;
+
+        root /;
+        break;
+    }
+
+    # 对 / 访问进行控制
+    location /token {
+        proxy_pass http://127.0.0.1:8000;
+        proxy_set_header Referer $http_referer;
+        proxy_set_header Host $http_host;
+        proxy_buffers   256 4k;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    location / {
+		access_by_lua '
+		local cache_ngx = ngx.shared.my_cache
+        local token = ngx.var.cookie_token
+        if not token then
+            ngx.status = ngx.HTTP_FORBIDDEN
+            ngx.say(token)
+            ngx.exit(200)
+        end
+        local token2 = cache_ngx:get(token)
+        if not token2 then
+            local errs = "requests check fail"
+            ngx.status = ngx.HTTP_FORBIDDEN
+            ngx.say(errs)
+            ngx.exit(200)
+        end
+        return
+        ';
+        proxy_pass http://127.0.0.1:8000;
+        proxy_set_header Referer $http_referer;
+        proxy_set_header Host $http_host;
+        proxy_buffers   256 4k;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}

server/www/teleport/webroot/app/plugin/docker_build/cache-redir.conf

+server {
+    listen    10086;
+    charset   utf-8;
+    server_name _;
+    gzip on;
+    location /set {
+                access_by_lua '
+                        local cache_ngx = ngx.shared.my_cache
+                local args = ngx.req.get_headers();
+                local token1 = args["appid"];
+                cache_ngx:set(token1, token1, 30 * 60)
+                local msg = "ok"
+                ngx.say(msg)
+                ngx.exit(200)
+                return
+                ';
+    }
+
+    location /check {
+                access_by_lua '
+                local cache_ngx = ngx.shared.my_cache
+                local args = ngx.req.get_headers();
+                local token1 = args["appid"];
+                local token2 = cache_ngx:get(token1)
+                local errs = "oh,Only token1 Request will be Processe"
+                if not token1 then
+                        ngx.status = ngx.HTTP_FORBIDDEN
+                        ngx.say(errs)
+                        ngx.exit(200)
+                end
+                local errs = "oh,Only token2 Request will be Processe"
+                if not token2 then
+                        ngx.status = ngx.HTTP_FORBIDDEN
+                        ngx.say(errs)
+                        ngx.exit(200)
+                end
+                local errs = "oh,Only token Request will be Processe"
+                if token1 ~= token2 then
+                        ngx.status = ngx.HTTP_FORBIDDEN
+                        ngx.say(errs)
+                        ngx.exit(200)
+                else
+                        return
+                end
+                ';
+    }
+}

server/www/teleport/webroot/app/plugin/docker_build/small_web.py

+# coding: utf-8
+import base64
+import builtins
+import hashlib
+import json
+import logging
+import os
+import random
+import time
+
+import requests
+from flask import Flask, request
+import rsa
+from pyDes import des, CBC, PAD_PKCS5
+import binascii
+from selenium import webdriver
+
+# import cv2
+
+logging.basicConfig(level=logging.DEBUG)
+
+app = Flask(__name__)
+
+with open('public.pem', 'r') as f:
+    pubkey_s = f.read()
+    pubkey = rsa.PublicKey.load_pkcs1(pubkey_s.encode())
+
+FATEA_PRED_URL = "http://pred.fateadm.com"
+
+
+class TmpObj():
+    def __init__(self):
+        self.init = True
+        self.value = None
+
+
+class Rsp():
+    def __init__(self):
+        self.ret_code = -1
+        self.cust_val = 0.0
+        self.err_msg = "succ"
+        self.pred_rsp = TmpObj()
+
+    def ParseJsonRsp(self, rsp_data):
+        if rsp_data is None:
+            self.err_msg = "http request failed, get rsp Nil data"
+            return
+        jrsp = json.loads(rsp_data)
+        self.ret_code = int(jrsp.get("RetCode", -1))
+        # {"RetCode":"0","ErrMsg":"","RequestId":"20200427130030715a606a00050d8cb0","RspData":"{\\"result\\": \\"gp5p\\"}"}
+        self.err_msg = jrsp.get("ErrMsg", 'succ')
+        self.request_id = jrsp.get("RequestId", '')
+        if self.ret_code == 0:
+            rslt_data = jrsp.get('RspData', "{}")
+            if rslt_data is not None and rslt_data != "":
+                jrsp_ext = json.loads(rslt_data)
+                if 'cust_val' in jrsp_ext.keys():
+                    data = jrsp_ext["cust_val"]
+                    self.cust_val = float(data)
+                if 'result' in jrsp_ext.keys():
+                    data = jrsp_ext["result"]
+                    self.pred_rsp.value = data
+
+
+def CalcSign(pd_id, passwd, timestamp):
+    md5 = hashlib.md5()
+    md5.update((timestamp + passwd).encode())
+    csign = md5.hexdigest()
+
+    md5 = hashlib.md5()
+    md5.update((pd_id + timestamp + csign).encode())
+    csign = md5.hexdigest()
+    return csign
+
+
+def PostFile(url, data, img_data):
+    rsp = Rsp()
+    files = {'img_data': ('img_data', img_data)}
+    headers = {"User-Agent": "Mozilla/5.0"}
+    r = requests.post(url, data=data, files=files, headers=headers)
+    # '{"RetCode":"0","ErrMsg":"","RequestId":"20200427130030715a606a00050d8cb0","RspData":"{\\"result\\": \\"gp5p\\"}"}'
+    rsp.ParseJsonRsp(r.text)
+    return rsp
+
+
+class FateadmApi():
+    # API接口调用类
+    # 参数（appID，appKey，pdID，pdKey）
+    def __init__(self, app_id, app_key, pd_id, pd_key):
+        self.app_id = app_id
+        if app_id is None:
+            self.app_id = ""
+        self.app_key = app_key
+        self.pd_id = pd_id
+        self.pd_key = pd_key
+        self.host = FATEA_PRED_URL
+
+    #
+    # 识别验证码
+    # 参数：pred_type:识别类型  img_data:图片的数据
+    # 返回值：
+    #   rsp.ret_code：正常返回0
+    #   rsp.request_id：唯一订单号
+    #   rsp.pred_rsp.value：识别结果
+    #   rsp.err_msg：异常时返回异常详情
+    #
+    def Predict(self, pred_type, img_data, src_url=''):
+        tm = str(int(time.time()))
+        sign = CalcSign(self.pd_id, self.pd_key, tm)
+        param = {
+            "user_id": self.pd_id,
+            "timestamp": tm,
+            "sign": sign,
+            "predict_type": pred_type,
+            "up_type": "mt",
+            "src_url": src_url
+        }
+        if self.app_id != "":
+            #
+            asign = CalcSign(self.app_id, self.app_key, tm)
+            param["appid"] = self.app_id
+            param["asign"] = asign
+        url = self.host + "/api/capreg"
+        files = img_data
+        rsp = PostFile(url, param, files)
+        if rsp.ret_code == 0:
+            logging.info("predict succ ret: {} request_id: {} pred: {} err: {}".format(rsp.ret_code, rsp.request_id,
+                                                                                       rsp.pred_rsp.value, rsp.err_msg))
+        else:
+            logging.info("predict failed ret: {} err: {}".format(rsp.ret_code, rsp.err_msg))
+            if rsp.ret_code == 4003:
+                # lack of money
+                logging.info("cust_val <= 0 lack of money, please charge immediately")
+        return rsp
+
+    def PredictFromFile(self, pred_type, file_name, src_url=''):
+        with open(file_name, "rb") as f:
+            data = f.read()
+        return self.Predict(pred_type, data, src_url)
+
+
+def des_descrypt(s, key=None):
+    """
+    DES 解密
+    :param s: 加密后的字符串，16进制
+    :return:  解密后的字符串
+    """
+    secret_key = key
+    iv = secret_key
+    k = des(secret_key, CBC, iv, pad=None, padmode=PAD_PKCS5)
+    de = k.decrypt(binascii.a2b_hex(s), padmode=PAD_PKCS5)
+    return de
+
+
+def md5(str):
+    m = hashlib.md5()
+    b = str.encode(encoding='utf-8')
+    m.update(b)
+    return m.hexdigest()
+
+
+class Driver(object):
+    def __init__(self):
+        self._driver = self.create_driver()
+
+    @staticmethod
+    def create_driver():
+        options = webdriver.ChromeOptions()
+        options.add_argument("--no-sandbox")
+        options.add_experimental_option("excludeSwitches", ['enable-automation'])
+        # command_executor = "http://localhost:4444/wd/hub"
+        # driver = webdriver.Remote(command_executor, desired_capabilities=options.to_capabilities())
+        return webdriver.Chrome(options=options)
+
+    @property
+    def driver(self):
+        return self._driver
+
+
+def get_driver():
+    """
+    :rtype : Driver
+    """
+    if 'driver' not in builtins.__dict__:
+        builtins.__dict__['driver'] = Driver()
+    return builtins.__dict__['driver']
+
+
+def do_tool(k):
+    os.system("xdotool key {}".format(k))
+    time.sleep(random.randint(1, 10) * 0.1)
+
+
+def crop_code(img_path):
+    img = cv2.pyrDown(cv2.imread(img_path, cv2.IMREAD_UNCHANGED))
+    img2 = cv2.imread(img_path)
+
+    ret, thresh = cv2.threshold(cv2.cvtColor(img.copy(), cv2.COLOR_BGR2GRAY), 127, 255, cv2.THRESH_BINARY)
+    contours, hier = cv2.findContours(thresh, cv2.RETR_EXTERNAL, cv2.CHAIN_APPROX_SIMPLE)
+    for c in contours:
+        x, y, w, h = cv2.boundingRect(c)
+        if w < 30 or h < 20 or w * h > 1000:
+            continue
+        cv2.rectangle(img, (x, y), (x + w, y + h), (0, 255, 0), 2)
+        cropImg = img2[y * 2:(y + h) * 2, x * 2:(x + w) * 2]
+        cv2.imwrite("code.png", cropImg)
+        return "code.png"
+
+
+def try_login(account, password):
+    # todo 多次登录处理
+    driver = get_driver().driver
+    driver.get("https://b.alipay.com/index2.htm")
+    [do_tool(k) for k in account]
+    do_tool("Tab")
+    [do_tool(k) for k in password]
+    do_tool("Tab")
+    do_tool("Tab")
+    do_tool("Tab")
+    do_tool("Shift+Tab")
+    do_tool("Shift+Tab")
+    driver.get_screenshot_as_file('screenshot.png')
+    path = crop_code("screenshot.png")
+    pd_id = "122334"
+    pd_key = "CvSAzmpNTCk953nPqrciORQ5LaMmwsSZ"
+    app_id = "322334"
+    app_key = "ZVZG1lpunkJrrGA0xPJJgfRHHa384ycQ"
+
+    # 初始化api接口
+    other_api = FateadmApi(app_id, app_key, pd_id, pd_key)
+    rsp = other_api.PredictFromFile("30400", "code.png", "demo")
+    code = rsp.pred_rsp.value
+    [do_tool(k) for k in code]
+    # do_tool("KP_Enter")
+
+
+@app.route('/token', methods=['GET', 'POST'])
+def token():
+    ip = request.form['ip']
+    timestamp = request.form['timestamp']
+    msg = request.form['msg']
+    user_agent = request.headers.environ['HTTP_USER_AGENT']
+    token = md5(user_agent + ip + str(timestamp))
+    crypto_email_text = base64.b64decode(msg)
+    if rsa.verify(token.encode(), crypto_email_text, pubkey) == 'SHA-1':
+        # 容器加载token
+        url = 'http://127.0.0.1:10086/set'
+        headers = {"appid": token}
+        resp = requests.get(url, headers=headers)
+        print(resp.text)
+        return 'ok'
+    return 'fail'
+
+
+# 接收账户密码接口
+@app.route('/login', methods=['GET', 'POST'])
+def login_alipay():
+    try:
+        logging.info("demo")
+        body = request.form['body']
+        logging.info(body)
+        body = des_descrypt(base64.b64decode(body), md5(pubkey_s)[:8])
+        if not body:
+            return "fail"
+        body = json.loads(body.decode())
+        account = body.get("account", "")
+        password = body.get("password", "")
+        if account and password:
+            # try_login(account, password)
+            return 'ok'
+        return 'disenable param'
+    except:
+        import traceback
+        logging.error(traceback.format_exc())
+
+
+# todo 定时任务检查
+
+if __name__ == '__main__':
+    app.run(port=8000)

server/www/teleport/webroot/app/plugin/docker_build/supervisord.conf

+[supervisord]
+nodaemon=true
+
+[program:X11]
+command=/usr/bin/Xvfb :0 -screen 0 1024x768x24
+autorestart=true
+
+[program:x11vnc]
+command=/usr/local/bin/x11vnc
+autorestart=true
+
+[program:fluxbox]
+command=/usr/bin/startfluxbox
+autorestart=true
+
+[program:novnc]
+command=/root/noVNC/utils/launch.sh --vnc localhost:5900 --listen 8084
+autorestart=true
+
+#[program:chrome]
+#command=bash -c 'sleep 5 && /usr/bin/google-chrome-stable --no-sandbox --lang=zh-CN'
+#autorestart=true
+
+[program:selenium]
+command=/usr/bin/java -jar /root/selenium.jar
+autorestart=true
+
+[program:nginx]
+command=/usr/bin/nginx
+autorestart=true
+
+[program:fcitx]
+command=/usr/bin/fcitx
+autorestart=true
\ No newline at end of file

server/www/teleport/webroot/app/plugin/docker_build/vnc-redir.conf

+server {
+    listen    8083;
+    charset   utf-8;
+    server_name _;
+    gzip on;
+    location / {
+		access_by_lua '
+		local cache_ngx = ngx.shared.my_cache
+        local token = ngx.var.cookie_token
+        if not token then
+            ngx.status = ngx.HTTP_FORBIDDEN
+            ngx.say(token)
+            ngx.exit(200)
+        end
+        local token2 = cache_ngx:get(token)
+        if not token2 then
+            local errs = "requests check fail"
+            ngx.status = ngx.HTTP_FORBIDDEN
+            ngx.say(errs)
+            ngx.exit(200)
+        end
+        return
+        ';
+        proxy_pass http://127.0.0.1:8084;
+        proxy_set_header Referer $http_referer;
+        proxy_set_header Host $http_host;
+        proxy_buffers   256 4k;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}

server/www/teleport/webroot/app/plugin/encry.py

+# coding: utf-8
+import base64
+
+import rsa
+
+# # 生成密钥
+# (pubkey, privkey) = rsa.newkeys(1024)
+#
+# # 保存密钥
+# with open('public.pem', 'w+') as f:
+#     f.write(pubkey.save_pkcs1().decode())
+#
+# with open('private.pem', 'w+') as f:
+#     f.write(privkey.save_pkcs1().decode())
+
+# 导入密钥
+with open('public.pem', 'r') as f:
+    pubkey = rsa.PublicKey.load_pkcs1(f.read().encode())
+
+with open('private.pem', 'r') as f:
+    privkey = rsa.PrivateKey.load_pkcs1(f.read().encode())
+
+# # 明文：业务员发现的商机
+# message = '这是商机：...'
+#
+# # 业务员用公司经理事先给的公钥对明文加密，得到密文
+# crypto_email_text = rsa.encrypt(message.encode(), pubkey)
+#
+# # 然后，业务员用email发送密文
+# # 。。。
+#
+#
+# # email在网络传输中 。。。（各种数据被抓包、邮箱密码泄露）
+# # 没办法，还是被有心人看到了这封email:
+# print(crypto_email_text)  # 什么鬼？看不懂啊！
+#
+# # 最后，公司经理也收到了业务员们发了的email。打开，也只看到一堆奇怪的字符！
+# # 没问题，公司经理用自己的私钥对收到的密文进行解密，就可得到明文
+# message = rsa.decrypt(crypto_email_text, privkey).decode()
+#
+# # 然后，就可以看到重要的商机信息了
+# print(message)
+#
+# # =================================
+# # 场景二：身份确认问题
+# # 为了开拓市场，公司经理分派了一群业务员到各地考察商机。
+# # 在这过程中，公司经理常常通过email向业务员下达重要指令
+# # 然而，网络是及其不安全的！譬如：数据包被修改、邮箱密码泄露...
+# # 商业竞争对手可以通过各种手段伪造/修改公司经理的重要指令！
+# #
+# # 话说这天早上，业务员照常打开邮箱，发现公司经理的一封email：命令他马上回国。
+# # 不对啊。昨天说要在这边扩大业务，怎么今天就变了？
+# # 这封email是公司经理本人发的吗？
+# # 怎么办？
+# #
+# # 没错！聪明的您一定也想到了：签名。
+# # =================================
+#
+# # 明文：公司经理的指令
+message = '这是重要指令：...'
+
+# 公司经理私钥签名
+crypto_email_text = rsa.sign(message.encode(), privkey, 'SHA-1')
+print(base64.b64encode(crypto_email_text).decode())
+# 业务员同时收到指令明文、密文，然后用公钥验证，进行身份确认
+print(rsa.verify(message.encode(), crypto_email_text, pubkey))

server/www/teleport/webroot/app/plugin/remote.py

+# coding: utf-8
+import datetime
+import json
+import os
+import time
+import traceback
+from concurrent.futures import ThreadPoolExecutor
+
+import paramiko
+import requests
+from paramiko import AuthenticationException
+
+from base.logger import log
+
+executor = ThreadPoolExecutor(max_workers=100)
+
+
+def between(source, begin_str, end_str, start=''):
+    start_index = source.find(start)
+    start_index = start_index + len(start) if start_index else 0
+    b = source.find(begin_str, start_index)
+    if end_str:
+        e = source.find(end_str, b + len(begin_str))
+    else:
+        e = len(source)
+    return source[b + len(begin_str):e]
+
+
+def ssh_command(ssh, command):
+    stdin, stdout, stderr = ssh.exec_command(command)
+    res, err = stdout.read(), stderr.read()
+    result = res if res else err
+    return result.decode()
+
+
+def create_ssh(ip, username, password):
+    transport = paramiko.Transport((ip, 22))
+    transport.connect(username=username, password=password)
+
+    # 创建SSH对象,SSHClient是定义怎么传输命令、怎么交互文件
+    ssh = paramiko.SSHClient()
+    ssh._transport = transport
+    return ssh
+
+
+def create_sftpc(ip, username, password):
+    nimei = paramiko.Transport((ip, 22))
+    nimei.connect(username=username, password=password)
+    p = paramiko.SFTPClient.from_transport(nimei)
+    return p
+
+
+def update_shop_info(site, webname, host_id=0, status=2, **kwargs):
+    url = "http://127.0.0.1:7190/plugin/shop_info"
+    data = {"domain": site, "name": webname, "host_id": host_id, "status": status}
+    if kwargs:
+        data = dict(data, **kwargs)
+        print(data)
+    # url = "http://172.30.10.204:7190/plugin/shop_info"
+    executor.submit(requests.put, url=url, json=data, )
+
+
+def update_docker_info(ip, status, remark, **kwargs):
+    url = "http://127.0.0.1:7190/plugin/push_status"
+    data = {"module": "linux_docker", "unique_id": ip, "status": status, "remark": remark}
+    if kwargs:
+        data = dict(data, **kwargs)
+        print(data)
+    # url = "http://172.30.10.204:7190/plugin/shop_info"
+    executor.submit(requests.post, url=url, json=data, )
+
+
+def install_shop(ssh, site, ip, webname, sub=""):
+    return ssh_command(ssh, "sh /root/install-shop_build.sh {} {} {} '{}'".format(site, ip, webname, sub))
+
+
+def install_bt(ssh):
+    return ssh_command(ssh, "sh /root/install-bt.sh")
+
+
+def get_bt_info(ssh):
+    result = ssh_command(ssh, "/etc/init.d/bt default")
+    url = between(result, "Bt-Panel-URL: ", "username").replace("username", "").strip()
+    username = between(result, "username: ", "password").replace("password", "").strip()
+    password = between(result, "password: ", "Warning")[:8]
+    return url, username, password
+
+
+def push_file(ip, username, password, push, local_dir=''):
+    p = create_sftpc(ip, username, password)
+    path = "{}/{}".format(os.path.dirname(__file__), local_dir)
+    try:
+        for local_path, remote_path in push.items():
+            p.put(local_path.format(path=path), remote_path)  # 上传文件到远程机
+    finally:
+        p.close()
+
+
+def auto_install_bt(ip, username, password, site, webname, sub="", host_id=0):
+    transport = paramiko.Transport((ip, 22))
+    try:
+        print('****************************开始操作：{}************************'.format(
+            datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')))
+        push_file(ip, username, password,
+                  {"{path}/install-bt.sh": '/root/install-bt.sh',
+                   "{path}/auto_install.py": "/root/auto_install.py",
+                   "{path}/install-shop_build.sh": "/root/install-shop_build.sh"}, "shop_build")
+
+        transport.connect(username=username, password=password)
+
+        # 创建SSH对象,SSHClient是定义怎么传输命令、怎么交互文件
+        ssh = paramiko.SSHClient()
+        ssh._transport = transport
+        # 执行命令，不要执行top之类的在不停的刷新的命令
+        webname = webname or "DBShop电子商务系统"
+        update_shop_info(site, webname, remark="开始下载宝塔")
+        result = install_bt(ssh)
+        url, username, password = get_bt_info(ssh)
+        update_shop_info(site, webname, remark="宝塔初始化完成", url=url, username=username, password=password)
+        print("install_bt", result)
+        i = 0
+        for i in range(2):
+            result = install_shop(ssh, site, ip, webname, sub)
+            if "商城已存在" in result:
+                print("商城已存在")
+                update_shop_info(site, webname, host_id, status=1, remark="商城已存在", url=url, username=username,
+                                 password=password)
+                break
+
+        ssl_remark, ssl_status = "", 0
+        if "配置商城成功" in result or "商城已存在" in result:
+            print("更新商城信息")
+            if "申请HTTPS证书成功" in result or "HTTPS证书已存在" in result:
+                ssl_remark = "申请HTTPS证书成功"
+                ssl_status = 1
+            elif "申请HTTPS证书失败" in result:
+                ssl_remark = between(result, "new ssl response:[", "]\n")
+                ssl_remark = json.loads(ssl_remark)['msg'][0]
+                ssl_status = 2
+
+            update_shop_info(site, webname, host_id, status=1, remark="商城部署成功", url=url, username=username,
+                             password=password, ssl_remark=ssl_remark, ssl_status=ssl_status)
+        else:
+            update_shop_info(site, webname, host_id, status=3, remark="商城部署失败,请重试", url=url, username=username,
+                             password=password)
+    except AuthenticationException as err:
+        update_shop_info(site, webname, host_id, status=3, remark="连接失败，请检查远程信息")
+    except Exception as err:
+        print(traceback.format_exc())
+        update_shop_info(site, webname, host_id, status=3, remark="商城部署异常，请重试")
+    finally:
+        # 关闭服务器连接
+        transport.close()
+
+
+def install_docker(ip, username, password, pubkey):
+    ssh = create_ssh(ip, username, password)
+    # todo yum 正在允许会阻塞进程
+    log.i()
+    res = ssh_command(ssh, "yum install -y docker")
+    if "Complete!" in res or "already installed" in res or '完毕！' in res:
+        update_docker_info(ip, 0, "完成 docker 安装")
+    res = ssh_command(ssh, "systemctl start docker")
+    if not res:
+        update_docker_info(ip, 0, "启动 docker 服务")
+    # 生成 rsa 公私钥，保存
+    res = ssh_command(ssh, "mkdir -p /root/build")
+    temp_file = '/tmp/{}.pem'.format(int(time.time()))
+    with open(temp_file.format(ip), 'w+') as f:
+        f.write(pubkey)
+    push_file(ip, username, password,
+              {"{path}/api-redir.conf": '/root/build/api-redir.conf',
+               "{path}/cache-redir.conf": "/root/build/cache-redir.conf",
+               "{path}/vnc-redir.conf": "/root/build/vnc-redir.conf",
+               "{path}/Dockerfile": "/root/build/Dockerfile",
+               "{path}/supervisord.conf": "/root/build/supervisord.conf",
+               "{path}/small_web.py": "/root/build/small_web.py",
+               temp_file: "/root/build/public.pem"}, "docker_build")
+
+
+if __name__ == '__main__':
+    # install_docker("42.194.224.77", "root", "!QAZ2wsx#EDCbnm")
+    install_docker("172.30.20.120", "root", "rootroot", """-----BEGIN RSA PUBLIC KEY-----
+MIGJAoGBAIr7A14mHoube/cO318GjcTHhSGuSGPfrPf3+2+6sx9dKgCpTAyhpMaD
+kTMhDd911ShIY4useo95zGV98uD6FLKfINvJ2YdKNRLCod1aVBfb3fxMr4RFn/Ci
+GCYRU9XdjW5Xj30oOkbFc6t3Q1AmS0vmZ0e1+H1D9U5ha7Qap8eZAgMBAAE=
+-----END RSA PUBLIC KEY-----""")

server/www/teleport/webroot/app/plugin/utils.py

+# coding: utf-8
+import re
+import socket
+
+import requests
+import binascii
+import hashlib
+import rsa
+from pyDes import des, CBC, PAD_PKCS5
+
+
+def current_ip():
+    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    s.connect(("8.8.8.8", 80))
+    ip = s.getsockname()[0]
+    s.close()
+    return ip
+
+
+def network_ip():
+    req = requests.get("http://txt.go.sohu.com/ip/soip")
+    ip = re.findall(r'\d+.\d+.\d+.\d+', req.text)[0]
+    return ip
+
+
+# 秘钥
+KEY = 'mHAxsLYz'
+
+
+def des_encrypt(s, key=None):
+    """
+    DES 加密
+    :param s: 原始字符串
+    :return: 加密后字符串，16进制
+    """
+    secret_key = key or KEY
+    iv = secret_key
+    k = des(secret_key, CBC, iv, pad=None, padmode=PAD_PKCS5)
+    en = k.encrypt(s, padmode=PAD_PKCS5)
+    return binascii.b2a_hex(en)
+
+
+def des_descrypt(s, key=None):
+    """
+    DES 解密
+    :param s: 加密后的字符串，16进制
+    :return:  解密后的字符串
+    """
+    secret_key = key or KEY
+    iv = secret_key
+    k = des(secret_key, CBC, iv, pad=None, padmode=PAD_PKCS5)
+    de = k.decrypt(binascii.a2b_hex(s), padmode=PAD_PKCS5)
+    return de
+
+
+def md5(str):
+    m = hashlib.md5()
+    b = str.encode(encoding='utf-8')
+    m.update(b)
+    return m.hexdigest()
+
+
+def is_domain(domain):
+    domain_regex = re.compile(
+        r'(?:[A-Z0-9_](?:[A-Z0-9-_]{0,247}[A-Z0-9])?\.)+(?:[A-Z]{2,6}|[A-Z0-9-]{2,}(?<!-))\Z',
+        re.IGNORECASE)
+    return True if domain_regex.match(domain) else False
+
+
+def is_ipv4(address):
+    ipv4_regex = re.compile(
+        r'(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)(?:\.(?:25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}',
+        re.IGNORECASE)
+    return True if ipv4_regex.match(address) else False
+
+
+def new_keys():
+    (pubkey, privkey) = rsa.newkeys(1024)
+    return pubkey.save_pkcs1().decode(), privkey.save_pkcs1().decode()
+
+
+if __name__ == '__main__':
+    print(new_keys())