API 文档

API 文档默认已经集成在代码里面,部署完成后可以通过下面的方式进行访问

API 访问

VersionAccess methodexample
< 2.0.0http://<url>/docshttp://192.168.244.144/docs
>=2.0.0http://<url>/api/docs/http://192.168.244.144/api/docs/
>=2.6.0http://<url>/api/docs/http://192.168.244.144/api/docs/

版本小于 v2.6 需要打开 debug 模式

  1. vi config.yml
  1. ...
  2. # 如果版本更低的话,配置文件是 config.py
  3. # Debug = true
  4. DEBUG: true

api_swagger

API 认证

JumpServer API 支持的认证有以下几种方式

  1. Session         登录后可以直接使用 session_id 作为认证方式
  2. Token           获取一次性 Token,该 Token 有有效期, 过期作废
  3. Private Token   永久 Token
  4. Access Key       Http Header 进行签名

Session

用户通过页面后登录,cookie 中会存在 sessionid,请求时同样把 sessionid 放到 cookie 中

Token

  1. curl -X POST http://localhost/api/v1/authentication/auth/ \
  2.      -H 'Content-Type: application/json' \
  3.      -d '{"username": "admin", "password": "admin"}'

Python

  1. # Python 示例
  2. # pip install requests
  3. import requests, json
  5. def get_token(jms_url, username, password):
  6.     url = jms_url + '/api/v1/authentication/auth/'
  7.     query_args = {
  8.         "username": username,
  9.         "password": password
  10.     }
  11.     response = requests.post(url, data=query_args)
  12.     return json.loads(response.text)['token']
  14. def get_user_info(jms_url, token):
  15.     url = jms_url + '/api/v1/users/users/'
  16.     headers = {
  17.         "Authorization": 'Bearer ' + token,
  18.         'X-JMS-ORG': '00000000-0000-0000-0000-000000000002'
  19.     }
  20.     response = requests.get(url, headers=headers)
  21.     print(json.loads(response.text))
  23. if __name__ == '__main__':
  24.     jms_url = 'https://demo.jumpserver.org'
  25.     username = 'admin'
  26.     password = 'admin'
  27.     token = get_token(jms_url, username, password)
  28.     get_user_info(jms_url, token)

Golang

  1. // Golang 示例
  2. package main
  4. import (
  5.     "encoding/json"
  6.     "fmt"
  7.     "io/ioutil"
  8.     "log"
  9.     "net/http"
  10.     "strings"
  11. )
  13. const (
  14.     JmsServerURL = "https://demo.jumpserver.org"
  15.     UserName = "admin"
  16.     Password = "password"
  17. )
  19. func GetToken(jmsurl, username, password string) (string, error) {
  20.     url := jmsurl + "/api/v1/authentication/auth/"
  21.     query_args := strings.NewReader(`{
  22.         "username": "`+username+`",
  23.         "password": "`+password+`"
  24.     }`)
  25.     client := &http.Client{}
  26.     req, err := http.NewRequest("POST", url, query_args)
  27.     req.Header.Add("Content-Type", "application/json")
  28.     resp, err := client.Do(req)
  29.     if err != nil {
  30.         log.Fatal(err)
  31.     }
  32.     defer resp.Body.Close()
  33.     body, err := ioutil.ReadAll(resp.Body)
  34.     if err != nil {
  35.         log.Fatal(err)
  36.     }
  37.     response := map[string]interface{}{}
  38.     json.Unmarshal(body, &response)
  39.     return response["token"].(string), nil
  40. }
  42. func GetUserInfo(jmsurl, token string) {
  43.     url := jmsurl + "/api/v1/users/users/"
  44.     client := &http.Client{}
  45.     req, err := http.NewRequest("GET", url, nil)
  46.     req.Header.Add("Authorization", "Bearer "+token)
  47.     req.Header.Add("X-JMS-ORG", "00000000-0000-0000-0000-000000000002")
  48.     resp, err := client.Do(req)
  49.     if err != nil {
  50.         log.Fatal(err)
  51.     }
  52.     defer resp.Body.Close()
  53.     body, err := ioutil.ReadAll(resp.Body)
  54.     if err != nil {
  55.         log.Fatal(err)
  56.     }
  57.     fmt.Println(string(body))
  58. }
  60. func main() {
  61.     token, err := GetToken(JmsServerURL, UserName, Password)
  62.     if err != nil {
  63.         log.Fatal(err)
  64.     }
  65.     GetUserInfo(JmsServerURL, token)
  66. }

Private Token

  1. docker exec -it jms_core /bin/bash
  2. cd /opt/jumpserver/apps
  3. python manage.py shell
  4. from users.models import User
  5. u = User.objects.get(username='admin')
  6. u.create_private_token()

已经存在 private_token,可以直接获取即可

  1. u.private_token

以 PrivateToken: 937b38011acf499eb474e2fecb424ab3 为例:

  1. curl http://demo.jumpserver.org/api/v1/users/users/ \
  2.      -H 'Authorization: Token 937b38011acf499eb474e2fecb424ab3' \
  3.      -H 'Content-Type: application/json' \
  4.      -H 'X-JMS-ORG: 00000000-0000-0000-0000-000000000002'

Python

  1. # Python 示例
  2. # pip install requests
  3. import requests, json
  5. def get_user_info(jms_url, token):
  6.     url = jms_url + '/api/v1/users/users/'
  7.     headers = {
  8.         "Authorization": 'Token ' + token,
  9.         'X-JMS-ORG': '00000000-0000-0000-0000-000000000002'
  10.     }
  11.     response = requests.get(url, headers=headers)
  12.     print(json.loads(response.text))
  14. if __name__ == '__main__':
  15.     jms_url = 'https://demo.jumpserver.org'
  16.     token = '937b38011acf499eb474e2fecb424ab3'
  17.     get_user_info(jms_url, token)

Golang

  1. // Golang 示例
  2. package main
  4. import (
  5.     "encoding/json"
  6.     "fmt"
  7.     "io/ioutil"
  8.     "log"
  9.     "net/http"
  10.     "strings"
  11. )
  13. const (
  14.     JmsServerURL = "https://demo.jumpserver.org"
  15.     JMSToken = "adminToken"
  16. )
  18. func GetUserInfo(jmsurl, token string) {
  19.     url := jmsurl + "/api/v1/users/users/"
  20.     client := &http.Client{}
  21.     req, err := http.NewRequest("GET", url, nil)
  22.     req.Header.Add("Authorization", "Token "+token)
  23.     req.Header.Add("X-JMS-ORG", "00000000-0000-0000-0000-000000000002")
  24.     resp, err := client.Do(req)
  25.     if err != nil {
  26.         log.Fatal(err)
  27.     }
  28.     defer resp.Body.Close()
  29.     body, err := ioutil.ReadAll(resp.Body)
  30.     if err != nil {
  31.         log.Fatal(err)
  32.     }
  33.     fmt.Println(string(body))
  34. }
  36. func main() {
  37.     GetUserInfo(JmsServerURL, JMSToken)
  38. }

Access Key

在 Web 页面 API Key 列表创建或获取 AccessKeyID AccessKeySecret

Python

  1. # Python 示例
  2. # pip install requests drf-httpsig
  3. import requests, datetime, json
  4. from httpsig.requests_auth import HTTPSignatureAuth
  6. def get_auth(KeyID, SecretID):
  7.     signature_headers = ['(request-target)', 'accept', 'date']
  8.     auth = HTTPSignatureAuth(key_id=KeyID, secret=SecretID, algorithm='hmac-sha256', headers=signature_headers)
  9.     return auth
  11. def get_user_info(jms_url, auth):
  12.     url = jms_url + '/api/v1/users/users/'
  13.     gmt_form = '%a, %d %b %Y %H:%M:%S GMT'
  14.     headers = {
  15.         'Accept': 'application/json',
  16.         'X-JMS-ORG': '00000000-0000-0000-0000-000000000002',
  17.         'Date': datetime.datetime.utcnow().strftime(gmt_form)
  18.     }
  20.     response = requests.get(url, auth=auth, headers=headers)
  21.     print(json.loads(response.text))
  23. if __name__ == '__main__':
  24.     jms_url = 'https://demo.jumpserver.org'
  25.     KeyID = 'AccessKeyID'
  26.     SecretID = 'AccessKeySecret'
  27.     auth = get_auth(KeyID, SecretID)
  28.     get_user_info(jms_url, auth)

Golang

  1. // Golang 示例
  2. package main
  4. import (
  5.     "fmt"
  6.     "io/ioutil"
  7.     "log"
  8.     "net/http"
  9.     "time"
  10.     "gopkg.in/twindagger/httpsig.v1"
  11. )
  13. const (
  14.     JmsServerURL = "https://demo.jumpserver.org"
  15.     AccessKeyID = "f7373851-ea61-47bb-8357-xxxxxxxxxxx"
  16.     AccessKeySecret = "d6ed1a06-66f7-4584-af18-xxxxxxxxxxxx"
  17. )
  19. type SigAuth struct {
  20.     KeyID    string
  21.     SecretID string
  22. }
  24. func (auth *SigAuth) Sign(r *http.Request) error {
  25.     headers := []string{"(request-target)", "date"}
  26.     signer, err := httpsig.NewRequestSigner(auth.KeyID, auth.SecretID, "hmac-sha256")
  27.     if err != nil {
  28.         return err
  29.     }
  30.     return signer.SignRequest(r, headers, nil)
  31. }
  33. func GetUserInfo(jmsurl string, auth *SigAuth) {
  34.     url := jmsurl + "/api/v1/users/users/"
  35.     gmtFmt := "Mon, 02 Jan 2006 15:04:05 GMT"
  36.     client := &http.Client{}
  37.     req, err := http.NewRequest("GET", url, nil)
  38.     req.Header.Add("Date", time.Now().Format(gmtFmt))
  39.     req.Header.Add("Accept", "application/json")
  40.     req.Header.Add("X-JMS-ORG", "00000000-0000-0000-0000-000000000002")
  41.     if err != nil {
  42.         log.Fatal(err)
  43.     }
  44.     if err := auth.Sign(req); err != nil {
  45.         log.Fatal(err)
  46.     }
  47.     resp, err := client.Do(req)
  48.     if err != nil {
  49.         log.Fatal(err)
  50.     }
  51.     defer resp.Body.Close()
  52.     body, err := ioutil.ReadAll(resp.Body)
  53.     if err != nil {
  54.         log.Fatal(err)
  55.     }
  56.     json.MarshalIndent(body, "", "    ")
  57.     fmt.Println(string(body))
  58. }
  60. func main() {
  61.     auth := SigAuth{
  62.         KeyID:    AccessKeyID,
  63.         SecretID: AccessKeySecret,
  64.     }
  65.     GetUserInfo(JmsServerURL, &auth)
  66. }