-
Notifications
You must be signed in to change notification settings - Fork 2
/
openvpn-auth.py
executable file
·72 lines (58 loc) · 2.15 KB
/
openvpn-auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import os,sys,time
import logging
import traceback
import django
logging.basicConfig(level=logging.WARNING, filename='/var/log/nginx/openvpn-auth.log', filemode='a') # 'a'为追加模式,'w'为覆盖写
def return_auth_failed():
sys.exit(1) # 认证未通过
def return_auth_passed():
sys.exit(0) # 认证通过
try:
# 将项目路径添加到系统搜寻路径当中,查找方式为从当前脚本开始,找到要调用的django项目的路径
sys.path.append(os.path.dirname(os.path.abspath(__file__)))
# 设置项目的配置文件 不做修改的话就是 settings 文件
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "webserver.settings")
django.setup() # 加载项目配置
except Exception as e:
msg = traceback.format_exc()
logging.error(msg)
return_auth_failed()
from django.contrib.auth import get_user_model
User = get_user_model()
def auth(username, raw_password):
'''
:param username:
:param raw_password:
:return:
True -> auth passed
False -> not passed
'''
# 验证用户
try:
user = User.objects.filter(username=username).first()
except Exception as e:
msg = traceback.format_exc()
logging.error(msg)
return False
if not user:
return False
vpn = user.vpn_auth
if vpn.check_password(raw_password):
return True
return False
if __name__ == '__main__':
username = os.environ.get('username', None)
password = os.environ.get('password', None)
time_string = time.strftime( '%Y-%m-%d %H:%M:%S',time.localtime(time.time()))
if username is None or password is None:
logging.error(f'time: {time_string},error!username={username}, password={password}.')
return_auth_failed()
#logging.warning(f'username={username}, password={password}.')
if not auth(username=username, raw_password=password):
logging.warning(f'time: {time_string},auth failed.username={username}')
return_auth_failed() # 认证未通过
else:
logging.warning(f'time: {time_string},auth OK!username={username}')
return_auth_passed()