import json import logging from django.http import JsonResponse from django.views import View from django.utils.decorators import method_decorator from django.views.decorators.csrf import csrf_exempt from django.db import transaction from ..models import SecurityConfig, User from ..utils.auth import jwt_auth_required logger = logging.getLogger('apps') @method_decorator(csrf_exempt, name='dispatch') class SecurityConfigView(View): @method_decorator(jwt_auth_required) def get(self, request): """获取安全配置""" try: # 获取或创建安全配置 security_config, created = SecurityConfig.objects.get_or_create( id=1, defaults={ 'min_password_length': 8, 'password_complexity': ['lowercase', 'number'], 'session_timeout': 120, 'max_login_attempts': 5, 'lockout_duration': 30, 'enable_2fa': False } ) return JsonResponse({ 'code': 200, 'message': '获取安全配置成功', 'data': { 'min_password_length': security_config.min_password_length, 'password_complexity': security_config.password_complexity, 'session_timeout': security_config.session_timeout, 'max_login_attempts': security_config.max_login_attempts, 'lockout_duration': security_config.lockout_duration, 'enable_2fa': security_config.enable_2fa, 'update_time': security_config.update_time.strftime('%Y-%m-%d %H:%M:%S') if security_config.update_time else None } }) except Exception as e: logger.error(f'获取安全配置失败: {str(e)}', exc_info=True) return JsonResponse({ 'code': 500, 'message': f'服务器错误: {str(e)}' }) @method_decorator(jwt_auth_required) def put(self, request): """更新安全配置""" try: with transaction.atomic(): data = json.loads(request.body) min_password_length = data.get('min_password_length') password_complexity = data.get('password_complexity') session_timeout = data.get('session_timeout') max_login_attempts = data.get('max_login_attempts') lockout_duration = data.get('lockout_duration') enable_2fa = data.get('enable_2fa') # 验证输入数据 if min_password_length is not None: if not isinstance(min_password_length, int) or min_password_length < 6 or min_password_length > 20: return JsonResponse({ 'code': 400, 'message': '密码最小长度必须在6-20之间' }) if password_complexity is not None: if not isinstance(password_complexity, list): return JsonResponse({ 'code': 400, 'message': '密码复杂度要求格式错误' }) valid_complexity = ['uppercase', 'lowercase', 'number', 'special'] for item in password_complexity: if item not in valid_complexity: return JsonResponse({ 'code': 400, 'message': f'无效的密码复杂度要求: {item}' }) if session_timeout is not None: if not isinstance(session_timeout, int) or session_timeout < 10 or session_timeout > 1440: return JsonResponse({ 'code': 400, 'message': '会话超时时间必须在10-1440分钟之间' }) if max_login_attempts is not None: if not isinstance(max_login_attempts, int) or max_login_attempts < 3 or max_login_attempts > 10: return JsonResponse({ 'code': 400, 'message': '最大登录尝试次数必须在3-10次之间' }) if lockout_duration is not None: if not isinstance(lockout_duration, int) or lockout_duration < 5 or lockout_duration > 60: return JsonResponse({ 'code': 400, 'message': '账户锁定时间必须在5-60分钟之间' }) # 获取或创建安全配置 security_config, created = SecurityConfig.objects.get_or_create(id=1) # 更新配置 if min_password_length is not None: security_config.min_password_length = min_password_length if password_complexity is not None: security_config.password_complexity = password_complexity if session_timeout is not None: security_config.session_timeout = session_timeout if max_login_attempts is not None: security_config.max_login_attempts = max_login_attempts if lockout_duration is not None: security_config.lockout_duration = lockout_duration if enable_2fa is not None: security_config.enable_2fa = enable_2fa security_config.save() # 记录操作日志 user = User.objects.get(user_id=request.user_id) logger.info(f'用户[{user.username}]更新了安全配置') return JsonResponse({ 'code': 200, 'message': '安全配置更新成功' }) except Exception as e: logger.error(f'更新安全配置失败: {str(e)}', exc_info=True) return JsonResponse({ 'code': 500, 'message': f'服务器错误: {str(e)}' })