Acquisition of the CMDB Project today no asset list and API validation

Get the list of assets not collected today:

Points:

1. Add two fields to server table: Latest_date (can be empty); Server status information;

2. What conditions will be obtained to the non-capture server information?

①latest_date is empty, such as initial creation of assets not yet reported;

② has not been collected today, note latest_date__date__lt<current_date, double underline plus date means only the date of the month and day part.

③ Server Status is online

3, the server updates the asset when set Current_date=datetime.datetime.now ();

4. Get_host_list function:

Note: The content is placed in the Response.text section (Response=request.get (URL))

Code area:

############## #服务端 ############### @csrf_exemptdef Server (Request):    '    requests cannot send dictionary type data, Throughout the form that we learn to submit data,    Ajax sends data that does not support the sending of dictionary type data.    specific reasons Baidu know.    :p Aram Request:     : return:     '    if Request.method = = ' Get ':        # Get the list of hosts not collected today [latest_ Date is None or latest_date is not today and the server status is online]        current_date = Date.today ()        host_list = models. Server.objects.filter (            q (latest_date=none) | Q (latest_date__date__lt=current_date)) & Q (server_status_id=2)). VALUES (' hostname ') '        [' hostname ' : ' c1.com '        host_list = List (host_list)        print (host_list)        return HttpResponse (Json.dumps ( Host_list))

############ #客户端 ############ #class sshsaltclient (baseclient):    def get_host_list (self):        response= Requests.get (SELF.API) #<response [200]>        # Print (response.text)    # [{"hostname": "c1.com"}] Note this usage        Return Json.loads (Response.text)

API validation

Important: Over San Guan

First off: Time limit (the time between client time and service side, our team requests to make restrictions)

Second level: Encryption rule restrictions (mainly applied MD5 encryption)

Third level: For the encrypted str that has been accessed, we set the visited list, normal users can not hold this access to the data request server again, if there is no str in the list, prove that the normal user access, remember to add the data to the visited list.

This will be more and more large and will actually be applied to memcache and Redis.

Finally this San Guan basically can achieve the effect of anti-hacker attack, but do not rule out the hacker speed faster than our speed, may wish to send the data to do a layer of encryption, and then the hacker's Internet speed early submitted to the server, also can not?

Code area:

############# #客户端 ############# #import requestsimport timeimport hashlibdef MD5 (ARG):    MD5 = HASHLIB.MD5 ()    Md5.update (Arg.encode (' Utf-8 '))    return md5.hexdigest () key = ' asdfghjklmnbvcxz ' CTime = str (time.time ()) Client_ str = '%s|%s '% (key, ctime) CLIENT_MD5_STR = MD5 (client_str) client_header_str = '%s|%s '% (client_md5_str, CTime) print (CLI ENT_HEADER_STR) response = Requests.get (url= ' http://127.0.0.1:8000/api/tests.html ', headers={' auth-api ': ' cae76146bfa06482cfee7e4f899cc414|1506956350.973326 '}) print (Response.text)

############# #服务端 ############# #def MD5 (ARG):    MD5 = HASHLIB.MD5 ()    md5.update (Arg.encode (' Utf-8 '))    return md5.hexdigest () key = ' ASDFGHJKLMNBVCXZ ' vistied_str_dict={}def Tests (Request):    CLIENT_HEADER_STR = Request . Meta.get (' Http_auth_api ')    print (CLIENT_HEADER_STR)    client_md5_str, client_ctime = Client_header_str.split (' | ', maxsplit=1)    Client_float_ctime = float (client_ctime)    server_float_ctime = float (time.time ())    # First off    if (client_float_ CTime + < server_float_ctime:        return HttpResponse ("Too Slow")    # second off    server_str = '%s|%s '% (key, Client_ CTime)    server_md5_str = MD5 (SERVER_STR)    if client_md5_str! = Server_md5_str:        return HttpResponse (' No "    # Third off    if Vistied_str_dict.get (client_md5_str):        return HttpResponse (' Give It Up ')    else:        VISTIED_STR_DICT[CLIENT_MD5_STR] = Client_ctime        return HttpResponse (' You Got Me Now ')

Finally, without the adorner, add it tomorrow.

Acquisition of CMDB items today's collection of asset lists and API validation