From 2c873b5c8badb17d2e1a40ecbc24af0312747903 Mon Sep 17 00:00:00 2001 From: yang_feida Date: Tue, 12 Aug 2025 15:09:47 +0800 Subject: [PATCH 1/2] =?UTF-8?q?django=E5=AE=89=E5=85=A8=E9=85=8D=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- omniadvisor/pyproject.toml | 1 + omniadvisor/src/common/constant.py | 18 +++++++++-- omniadvisor/src/server/engine/settings.py | 38 ++++++++++++++++++----- 3 files changed, 47 insertions(+), 10 deletions(-) diff --git a/omniadvisor/pyproject.toml b/omniadvisor/pyproject.toml index 3dd09bc05..7e9565521 100755 --- a/omniadvisor/pyproject.toml +++ b/omniadvisor/pyproject.toml @@ -21,6 +21,7 @@ smac = "~2.2.0" colorlog = "~6.9.0" requests = "^2.32.3" python-dateutil = "2.9.0.post0" +django-sslserver = "0.22" [tool.poetry.group.test.dependencies] pytest = "^7.4.4" diff --git a/omniadvisor/src/common/constant.py b/omniadvisor/src/common/constant.py index 9d3304a14..8e56a4517 100644 --- a/omniadvisor/src/common/constant.py +++ b/omniadvisor/src/common/constant.py @@ -3,7 +3,7 @@ import os import configparser -def load_common_config(config_path: str): +def load_cfg_config(config_path: str): """ 使用configparser库加载common_config @@ -13,12 +13,24 @@ def load_common_config(config_path: str): if not os.path.exists(config_path): raise FileNotFoundError(f"{config_path} does not exist") - common_config = configparser.ConfigParser() + common_config = configparser.ConfigParser(interpolation=None) common_config.read(config_path, encoding='utf-8') return common_config +def write_cfg_config(config_path, key, value): + """ + 写入全新的 key, value配置 到 config_path中 + """ + new_config = configparser.ConfigParser(interpolation=None) + new_config[key] = value + + # 直接写入(无需读取) + with open(config_path, 'w', encoding='utf-8') as configfile: + new_config.write(configfile) + + def check_oa_conf(): """ 校验OA_CONF中参数是否正确 @@ -100,7 +112,7 @@ class OmniAdvisorConf: all = [hijacking, backend] # 输入配置解析 - _common_config = load_common_config(config_path=common_config_path) + _common_config = load_cfg_config(config_path=common_config_path) # 配置罗列 # common页 tuning_retest_times = _common_config.getint('common', 'tuning.retest.times') diff --git a/omniadvisor/src/server/engine/settings.py b/omniadvisor/src/server/engine/settings.py index ac376cfb2..360aabe9a 100644 --- a/omniadvisor/src/server/engine/settings.py +++ b/omniadvisor/src/server/engine/settings.py @@ -9,27 +9,50 @@ https://docs.djangoproject.com/en/4.2/topics/settings/ For the full list of settings and their values, see https://docs.djangoproject.com/en/4.2/ref/settings/ """ - +import os from pathlib import Path -from common.constant import OA_CONF +from django.core.management.utils import get_random_secret_key + +from common.constant import OA_CONF, load_cfg_config, write_cfg_config # Build paths inside the project like this: BASE_DIR / 'subdir'. BASE_DIR = Path(__file__).resolve().parent.parent - # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = 'django-insecure-no@z!_@jyd1w6!497ewxgm3h2n-0^oaz@9go9w5b%y_9%tv2c%' +# SECRET_KEY = "y[ol;ZK2H:Xq;g:m+XeH8lj3y!:f`0}%3r>E%:g~+G+xwt-O!Y" + +ENV_PATH = BASE_DIR / "secret_key.cfg" + +# 一旦生成这个随机变量之后,就不再变化 +if os.path.isfile(str(ENV_PATH)): + secret_key_config = load_cfg_config(str(ENV_PATH)) + SECRET_KEY = secret_key_config.get('DEFAULT', 'secret_key') +else: + SECRET_KEY = get_random_secret_key() + write_cfg_config(str(ENV_PATH), 'DEFAULT', {'secret_key': SECRET_KEY}) # SECURITY WARNING: don't run with debug turned on in production! -DEBUG = True +DEBUG = False + +# 开启 HTTP Strict Transport Security (HSTS),告诉浏览器在一定时间内(这里是一年)只能通过 HTTPS 访问你的网站 +SECURE_HSTS_SECONDS = 31536000 +# 配合 HSTS 使用,告诉浏览器所有子域名也必须强制 HTTPS。 +SECURE_HSTS_INCLUDE_SUBDOMAINS = True +# 让 CSRF 的 cookie 只能通过 HTTPS 发送,防止在 HTTP 传输中被窃取 +CSRF_COOKIE_SECURE = True +# 同样是让 session cookie 只能通过 HTTPS 发送 +SESSION_COOKIE_SECURE = True +# 强制将所有非 HTTPS(明文 HTTP)的请求自动重定向到 HTTPS(加密连接) +SECURE_SSL_REDIRECT = True +# 为了确保 Django 能正确判断请求是否是通过 HTTPS 发起的,它需要一个指示正确协议的头部。 +SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') ALLOWED_HOSTS = ['*'] - # Application definition INSTALLED_APPS = [ @@ -39,7 +62,8 @@ INSTALLED_APPS = [ 'django.contrib.sessions', 'django.contrib.messages', 'django.contrib.staticfiles', - 'server.app' + 'server.app', + 'sslserver' ] MIDDLEWARE = [ -- Gitee From c5b9c223dd720abd30f3eaa1847639c0b6c420cf Mon Sep 17 00:00:00 2001 From: yang_feida Date: Mon, 18 Aug 2025 14:19:44 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E8=AF=84=E5=AE=A1=E6=84=8F=E8=A7=81?= =?UTF-8?q?=E4=BF=AE=E6=94=B9=20&=20=E4=BB=A3=E7=A0=81=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- omniadvisor/src/common/constant.py | 15 +++++++++++---- omniadvisor/src/server/engine/settings.py | 21 +++++++++------------ 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/omniadvisor/src/common/constant.py b/omniadvisor/src/common/constant.py index 73866cfa8..3dd94e341 100644 --- a/omniadvisor/src/common/constant.py +++ b/omniadvisor/src/common/constant.py @@ -3,7 +3,7 @@ import os import configparser -def load_cfg_config(config_path: str) -> configparser.ConfigParser: +def load_ini_config(config_path: str) -> configparser.ConfigParser: """ 使用configparser库加载common_config @@ -19,9 +19,14 @@ def load_cfg_config(config_path: str) -> configparser.ConfigParser: return common_config -def write_cfg_config(config_path, key, value) -> None: +def write_ini_config(config_path: str, key: str, value: dict) -> None: """ - 写入全新的 key, value配置 到 config_path中 + 以覆盖形式写入全新的 key, value配置 到 config_path中 + + :param config_path: 配置文件路径 + :param key: 键 + :param value: 值 + :return: None """ new_config = configparser.ConfigParser(interpolation=None) new_config[key] = value @@ -93,6 +98,8 @@ class OmniAdvisorConf: common_config_path = f'{config_dir}/common_config.cfg' # 数据存储目录 data_dir = f'{project_base_dir}/data' + # secret_key路径 + django_secret_key_path = f'{project_base_dir}/src/server/secret_key' # 任务执行状态 class ExecStatus: @@ -130,7 +137,7 @@ class OmniAdvisorConf: all = [hijacking, backend] # 输入配置解析 - _common_config = load_cfg_config(config_path=common_config_path) + _common_config = load_ini_config(config_path=common_config_path) # 配置罗列 # common页 tuning_retest_times = _common_config.getint('common', 'tuning.retest.times') diff --git a/omniadvisor/src/server/engine/settings.py b/omniadvisor/src/server/engine/settings.py index 360aabe9a..65082c541 100644 --- a/omniadvisor/src/server/engine/settings.py +++ b/omniadvisor/src/server/engine/settings.py @@ -11,29 +11,26 @@ https://docs.djangoproject.com/en/4.2/ref/settings/ """ import os from pathlib import Path - from django.core.management.utils import get_random_secret_key -from common.constant import OA_CONF, load_cfg_config, write_cfg_config +from common.constant import OA_CONF, load_ini_config, write_ini_config -# Build paths inside the project like this: BASE_DIR / 'subdir'. -BASE_DIR = Path(__file__).resolve().parent.parent +BASE_DIR = Path(__file__).resolve().parent.parent # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/4.2/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! -# SECRET_KEY = "y[ol;ZK2H:Xq;g:m+XeH8lj3y!:f`0}%3r>E%:g~+G+xwt-O!Y" - -ENV_PATH = BASE_DIR / "secret_key.cfg" +_KEY_STR = 'django.secretkey' +_DEFAULT_STR = 'default' # 一旦生成这个随机变量之后,就不再变化 -if os.path.isfile(str(ENV_PATH)): - secret_key_config = load_cfg_config(str(ENV_PATH)) - SECRET_KEY = secret_key_config.get('DEFAULT', 'secret_key') +if os.path.isfile(OA_CONF.django_server_path): + secret_key_config = load_ini_config(OA_CONF.django_server_path) + secret_key = secret_key_config.get(_DEFAULT_STR, _KEY_STR) else: - SECRET_KEY = get_random_secret_key() - write_cfg_config(str(ENV_PATH), 'DEFAULT', {'secret_key': SECRET_KEY}) + secret_key = get_random_secret_key() + write_ini_config(OA_CONF.django_server_path, _DEFAULT_STR, {_KEY_STR: secret_key}) # SECURITY WARNING: don't run with debug turned on in production! DEBUG = False -- Gitee