160 lines
5.8 KiB
Python
160 lines
5.8 KiB
Python
import json
|
||
import os
|
||
import sys
|
||
from datetime import datetime
|
||
|
||
if "/www/server/panel/class" not in sys.path:
|
||
sys.path.insert(0, "/www/server/panel/class")
|
||
|
||
os.chdir("/www/server/panel")
|
||
import public
|
||
|
||
|
||
class SSHbase:
|
||
def __init__(self):
|
||
pass
|
||
|
||
@staticmethod
|
||
def return_area(result, key):
|
||
"""
|
||
@name 格式化返回带IP归属地的数组
|
||
@param result<list> 数据数组
|
||
@param key<str> ip所在字段
|
||
@return list
|
||
"""
|
||
if not result:
|
||
return result
|
||
|
||
# 添加IP查询缓存
|
||
ip_cache_file = 'data/ip_location_cache.json'
|
||
ip_cache = {}
|
||
|
||
# 确保缓存目录存在
|
||
cache_dir = os.path.dirname(ip_cache_file)
|
||
if not os.path.exists(cache_dir):
|
||
os.makedirs(cache_dir, exist_ok=True)
|
||
|
||
# 读取IP缓存
|
||
try:
|
||
if os.path.exists(ip_cache_file):
|
||
ip_cache = json.loads(public.readFile(ip_cache_file))
|
||
except Exception as e:
|
||
public.print_log('Failed to read IP cache: {}'.format(str(e)))
|
||
ip_cache = {}
|
||
|
||
# 只查询未缓存的IP
|
||
new_ips = set()
|
||
for data in result:
|
||
ip = data.get(key)
|
||
if not ip or public.is_ipv6(ip):
|
||
continue
|
||
if ip not in ip_cache:
|
||
new_ips.add(ip)
|
||
|
||
# 批量查询新IP
|
||
for ip in new_ips:
|
||
try:
|
||
if "127.0.0" in ip:
|
||
ip_cache[ip] = {"info": "Local address (e.g. left terminal)"}
|
||
continue
|
||
|
||
ip_area = public.get_ip_location(ip)
|
||
if not ip_area:
|
||
ip_cache[ip] = {"info": "unknown area"}
|
||
continue
|
||
|
||
ip_area = ip_area.raw
|
||
country = ip_area.get("country", {})
|
||
ip_area["info"] = "{} {} {}".format(
|
||
country.get('country', 'unknown'),
|
||
country.get('province', 'unknown'),
|
||
country.get('city', 'unknown')
|
||
) if country else "unknown area"
|
||
ip_cache[ip] = ip_area
|
||
except Exception as e:
|
||
public.print_log('Query IP {} Failed: {}'.format(ip, str(e)))
|
||
ip_cache[ip] = {"info": "unknown area"}
|
||
|
||
# 只有当有新IP被查询时才更新缓存文件
|
||
if new_ips:
|
||
try:
|
||
public.writeFile(ip_cache_file, json.dumps(ip_cache))
|
||
except Exception as e:
|
||
public.print_log('Failed to update IP cache: {}'.format(str(e)))
|
||
pass
|
||
|
||
# 使用缓存数据,确保不修改原始数据
|
||
result_with_area = []
|
||
for data in result:
|
||
data_copy = data.copy() # 创建数据副本
|
||
ip = data_copy.get(key, '')
|
||
data_copy['area'] = ip_cache.get(ip, {"info": "unknown area"})
|
||
result_with_area.append(data_copy)
|
||
|
||
return result_with_area
|
||
|
||
@staticmethod
|
||
def journalctl_system():
|
||
try:
|
||
if os.path.exists('/etc/os-release'):
|
||
f = public.readFile('/etc/os-release')
|
||
f = f.split('\n')
|
||
ID = ''
|
||
VERSION_ID = 0
|
||
for line in f:
|
||
if line.startswith('VERSION_ID'):
|
||
VERSION_ID = int(line.split('=')[1].split('.')[0].strip('"'))
|
||
if line.startswith('ID'):
|
||
if ID != '': continue
|
||
ID = line.strip().split('=')[1].strip('"')
|
||
try:
|
||
ID = ID.split('.')[0]
|
||
except:
|
||
pass
|
||
if (ID.lower() == 'debian' and VERSION_ID >= 11) or (ID.lower() == 'ubuntu' and VERSION_ID >= 20):
|
||
return True
|
||
return False
|
||
except:
|
||
return False
|
||
|
||
@staticmethod
|
||
def parse_login_entry(parts, year):
|
||
"""解析登录条目"""
|
||
try:
|
||
# 判断日志格式类型
|
||
if 'T' in parts[0]: # centos7以外的格式
|
||
# 解析ISO格式时间戳
|
||
dt = datetime.fromisoformat(parts[0].replace('Z', '+00:00'))
|
||
user_index = parts.index('user') + 1 if 'user' in parts else parts.index('for') + 1
|
||
ip_index = parts.index('from') + 1
|
||
port_index = parts.index('port') + 1 if 'port' in parts else -1
|
||
else:
|
||
# 解析传统格式时间
|
||
month = parts[0]
|
||
day = parts[1]
|
||
time_str = parts[2]
|
||
# 如果月份大于当前月,说明年份不对,直接把year修改成1970年
|
||
if datetime.strptime("{} {}".format(month, day), "%b %d").month > datetime.now().month:
|
||
year = "1970"
|
||
dt_str = "{} {} {} {}".format(month, day, year, time_str)
|
||
dt = datetime.strptime(dt_str, "%b %d %Y %H:%M:%S")
|
||
user_index = parts.index('for') + 1 if "invalid" not in parts else -6
|
||
ip_index = parts.index('from') + 1
|
||
port_index = parts.index('port') + 1 if 'port' in parts else -1
|
||
|
||
entry = {
|
||
"timestamp": int(dt.timestamp()),
|
||
"time": dt.strftime("%Y-%m-%d %H:%M:%S"),
|
||
"type": "success" if ("Accepted" in parts) else "failed",
|
||
"status": 1 if ("Accepted" in parts) else 0,
|
||
"user": parts[user_index],
|
||
"address": parts[ip_index],
|
||
"port": parts[port_index] if port_index != -1 else "",
|
||
"deny_status": 0,
|
||
"login_type": "publickey" if "publickey" in parts else "password" # 添加登录类型
|
||
}
|
||
return entry
|
||
except Exception as e:
|
||
public.print_log(public.get_error_info())
|
||
return None
|